Wireshark · Ethereal-dev: Re: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format

Ethereal-dev: Re: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format_text

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>

Date: Fri, 23 Jan 2004 22:35:09 +1100

----- Original Message ----- 
From: "Guy Harris"
To: "Anders Broman (TN/EAB)"
Sent: Friday, January 23, 2004 8:23 PM
Subject: Re: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format_text

> On Fri, Jan 23, 2004 at 10:21:22AM +0100, Anders Broman (TN/EAB) wrote:
> > Is there any reason why the preference to let sub dissectors do TCP
> > reasembly shouldn't be default on ?
>
> It'd be OK with me.
>
> Ronnie?  What do you think?

It would be ok with me as well.
Actually this is one item i have been thinking of for a reasonably long time
(months) but been too
busy with other stuff to do anything about.

I think it would make a lot of sense if someone did a patch to change
TCP offser reassembly   :  to default to on
and change all subdissector requesting tcp reassembly to off.

I am all for it.

Im am not completely dead eventhouh ive been busy and distracted so much it
is not funny.
I am now working on a packet-ber.c helper (dissect BER constructs,
tabledriven and similar to packet-per.c) to be used to
dissect asn1/ber encoded data using ethereal native code so that we can
easily operate and act on the data in ber encoded packets.
the ber thing is probably ~40% complete as far as x.690 goes and 80%
complete as far as the requirements of kerberos and ldap goes.

I have also converted ~30% of packet-kerberos.c into this new api/helpers.

Why?
using the external library to decode the data makes it "difficult" to
operate on and act on the content of the fields.
using native code will make it easier and make it relatively easy to do
things I would really like to have myself such as

1, copy kerberos keytab file to the private, nonnetworked machine where
ethereal lives.
2, use ethereal + keytab to open also encrypted portions of kerberos blobs
and extract session keys.
3, use session keys to verify hash and decrypt signed/encrypted pdus.

i also belive this functionality added to kerberos and thus cifs
authentication/privacy would make it much easier for
those poor sods that have to reverse engineers the dcerpc interfaces of
cifs. a work if it can be made easier will benefit all.

i also have hope that people i have helped recently with dcerpc interfaces
will find the time is right to contribute the code to ethereal.

Follow-Ups:
- Re: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format_text
  - From: Guy Harris

References:
- RE: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format_text
  - From: Anders Broman (TN/EAB)
- Re: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format_text
  - From: Guy Harris

Prev by Date: [Ethereal-dev] BGP patch for labeled IPv6 unicast
Next by Date: Re: [Ethereal-dev] Adding Content-Type 'multipart/form-data' to HTTP parsing
Previous by thread: Re: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format_text
Next by thread: Re: [Ethereal-dev] Use of tcp_dissect_pdu and tvb_format_text
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$