Wireshark · Ethereal-dev: Re: [Ethereal-dev] Novell NDS decodes

["Greg Morris" <GMORRIS@xxxxxxxxxx>]

Guy,

 

Unfortunately this was acurate until NDS version 10. In the case of NDS version 10 there are additional flags in the request packet. These flags have to be trapped in order to correctly dissect the reply packet. This was the reason for the additional decodes after the func, subfunc disection for NDS ping packets.

 

 

Greg Morris
gmorris@xxxxxxxxxx
Novell Technical Support (WSS/GRT Client)
Novell, Inc., the leading provider of Net services software

>>> Guy Harris <gharris@xxxxxxxxx> 10/09/02 08:58PM >>>
On Fri, Sep 20, 2002 at 10:59:47AM -0600, Greg Morris wrote:
> Please see attached diffs for most NDS decodes. I am still working on
> the rest but I wanted to get my work to date submitted for review. I
> know there is more then likely a lot of cleanup that can be done but I
> haven't taken the time yet. Please let me know what you think,
>
> Index: packet-ncp.c
> ===================================================================
> RCS file: /cvsroot/ethereal/packet-ncp.c,v
> retrieving revision 1.68
> diff -r1.68 packet-ncp.c

    ...

> 405,417c435,458
> <         if (tvb_get_guint8(tvb, commhdr+6) == 0x68) {
> <             ncp_nds_verb = tvb_get_ntohl(tvb, commhdr+4);
> <             if (tvb_get_guint8(tvb, commhdr+7) == 0x02) {  /* NDS Packet to decode */
> <                 dissect_nds_request(next_tvb, pinfo, nw_connection,
> <                     header.sequence, header.type, ncp_tree);
> <             } else {
> <                 dissect_ncp_request(next_tvb, pinfo, nw_connection,
> <                     header.sequence, header.type, ncp_tree);
> <             }
> <         } else {
> <             dissect_ncp_request(next_tvb, pinfo, nw_connection,
> <                 header.sequence, header.type, ncp_tree);
> <         }
> ---
> >         if (tvb_get_guint8(tvb, commhdr+6)==0x68) {
> >             ncp_nds_verb = tvb_get_ntohl(tvb, commhdr+4);
> >             if (tvb_get_guint8(tvb, commhdr+7)==0x02) {  /* NDS Frag Packet to decode */
> >                 dissect_nds_request(next_tvb, pinfo, nw_connection,
> >                     header.sequence, header.type, ncp_tree);
> >             }
> >             else
> >             {
> >                 if(tvb_get_guint8(tvb, commhdr+7)==0x01) { /* NDS Ping */
> >                     dissect_ping_req(next_tvb, pinfo, nw_connection,
> >                         header.sequence, header.type, ncp_tree);
> >                 }
> >                 else
> >                 {
> >                     dissect_ncp_request(next_tvb, pinfo, nw_connection,
> >                         header.sequence, header.type, ncp_tree);
> >                 }
> >             }
> >         }
> >         else
> >         {
> >         dissect_ncp_request(next_tvb, pinfo, nw_connection,
> >             header.sequence, header.type, ncp_tree);
> >         }

According to the page at

    http://developer.novell.com/ndk/doc/ncp/index.html?page=/ndk/doc/ncp/ncp__enu/data/a1wfz7x.html

an NDS Ping request's request header doesn't have anything in it other
than a function code, a subfunction code, and 3 reserved bytes.

According to at least one capture I've seen, that page is correct -
there *isn't* anything in the NDS Ping after the subfunction code.

"dissect_ping_req()" assumes there's a pile of additional stuff in the
packet, but that stuff doesn't appear to be there, so it doesn't look as
if it's correct to call "dissect_ping_req()" in that case.