Wireshark-bugs: [Wireshark-bugs] [Bug 6616] New: I would like to contribute dissector for ELCOM
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6616
Summary: I would like to contribute dissector for ELCOM
protocol
Product: Wireshark
Version: 1.7.x (Experimental)
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: user1@xxxxxxxxxxxx
Created an attachment (id=7466)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7466)
ELCOM dissector diffs
Build Information:
Version 1.7.1 (SVN Rev 39998 from /trunk)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.20.1, with Cairo 1.8.10, with Pango 1.28.0, with
GLib 2.24.1, with libpcap 1.1.1, with libz 1.2.3.3, without POSIX capabilities,
with SMI 0.4.8, without c-ares, without ADNS, without Lua, without Python, with
GnuTLS 2.8.5, with Gcrypt 1.4.4, without Kerberos, without GeoIP, without
PortAudio, without AirPcap.
Running on Linux 2.6.32-35-generic, with locale fi_FI.utf8, with libpcap
version
1.1.1, with libz 1.2.3.3, GnuTLS 2.8.5, Gcrypt 1.4.4.
Built using gcc 4.4.3.
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
I have created a dissector for ELCOM communication protocol. This protocol is
used mainly by power utilities, to exchange historical, cyclic, and event based
data between SCADA systems.
Due to the nature of the protocol, complete dissecting is quite hard: In the
initialization phase, some associations between communicating partners are
created (this is what my dissector can do). Long living associations are plain
data streams where the description of the contents has been declared in the
initialization phase (gone maybe long before the capture starts; these can't be
decoded, they are just classified as 'data').
My experience from using this dissector for debugging some real life situations
is that the greatest value comes from observing the behaving of the parties in
the initialization phase: does it success, how often, network delays, being
able to use display filters to concentrate on some specific patterns, etc.
I have run this dissector with fuzz testing, some 180 files, about 2 MB/each,
77 passes, took about 12 hours. No errors.
I want to thank the Wireshark development team for excellent documentation,
instructions for developers, and an easy-to-add-new-dissectors structure of the
whole thing. Well done!
-juha
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.