Ethereal-dev: Re: [Ethereal-dev] Need help with protocol that spans multiple TVBs
If we can get-around the COTP reassembly, I will be happy to merge my
changes with the disectors in 0.10.3.
Please note, I have made substancial improvements in the area of ASN.1
within ethereal (add-on modules) in order to allow values of enumerated
values and bitstrings to be determined via table-lookup, I also believe
that I have patched the indefinite length issue (have not tested yet
e.g. no MMS trace available with indefinite length).
Obviously, if I upgrade to the new disectors, I will need to re-merge my
Connectionless fixes (no big deal).
I look forward to moving towards 0.10.3, but need to verify that COTP
reassembly will work (currently I believe that it is broken).
Guy Harris wrote:
Sid Sid said:
As I can see you completely rewrote(or probably,recreated) Presentation
dissector.
The reason is not clear for me.
Perhaps it's because he was apparently using (based on the RCS/CVS version
strings in the dissectors he sent) Ethereal 0.10.0 or 0.10.0a, and that
version of Ethereal didn't have your Presentation dissector.
Regarding trace file that you have send me:
I do not know MMS protocol very well
One of his dissectors referred to "IEC GSSE", which appears to be an
electrical utility control protocol ("generic substation event model"),
and Googling for
MMS OID 9506
found
http://www.cl.cam.ac.uk/~mgk25/osi-faq.txt
which says, among other things:
The Manufacturing Message Specification (MMS) Service and Protocol have
been defined for controlling and integrating industrial automation
systems (ISO 9506).
so that's presumably the protocol to which he's referring (and he
presumably has an MMS dissector somewhere). SISCO are in the business of
computer-based industrial control, and have MMS software:
http://www.sisconet.com/mms_products.htm
but as I can see from trace it
nevertheless uses ACSE protocol too.
Googling for
MMS ACSE 9506
found
http://www.nettedautomation.com/standardization/ISO/TC184/SC5/WG2/mms_syntax/
which says
MMS.TXT - This file contains the four ASN.1 modules published in the
second edition text in which the IF - ENDIF blocks have been removed.
This file has been tested for syntactic conformity with ASN.1 standard
by parsing with the OSS ASN.1 parser. This file contains references to
elements defined in the ACSE standard. Therefore, when compiling this
program by itself, an ASN.1 compiler will complain of unsatisfied
references.
ACSE.TXT - This file was created solely to satisfy the ACSE references
in MMS.TXT so that an ASN.1 compiler will not complain. In any real
application, this file should be replaced with a file supplying real
links to ACSE (or ACSE-like) support facilities.
which seem to suggest that MMS does use ACSE.
However, the ACSE dissector *also* wasn't in 0.10.0 or 0.10.0a, so it
sounds as if he *really* should be using a newer version of Ethereal if
he's developing an MMS dissector - several of the protocol dissectors he
needs would be in 0.10.3 but not in 0.10.0.
--
Herbert Falk
SISCO
6605 19-1/2 Mile Road
Sterling Heights, MI 48314
Ph: 586-254-0020
Fx: 586-254-0053
NOTICE: This communication may contain privileged or other confidential
information. If you are not the intended recipient, or believe that you
have received this communication in error, please do not print, copy,
retransmit, disseminate, or otherwise use the information. Also, please indicate to
the sender that you have received this communication in error, and delete the
copy you received. Thank you.