Wireshark-bugs: [Wireshark-bugs] [Bug 6616] New: I would like to contribute dissector for ELCOM
Date: Thu, 24 Nov 2011 10:25:41 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6616

           Summary: I would like to contribute dissector for ELCOM
                    protocol
           Product: Wireshark
           Version: 1.7.x (Experimental)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: user1@xxxxxxxxxxxx


Created an attachment (id=7466)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7466)
ELCOM dissector diffs

Build Information:
Version 1.7.1 (SVN Rev 39998 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.20.1, with Cairo 1.8.10, with Pango 1.28.0, with
GLib 2.24.1, with libpcap 1.1.1, with libz 1.2.3.3, without POSIX capabilities,
with SMI 0.4.8, without c-ares, without ADNS, without Lua, without Python, with
GnuTLS 2.8.5, with Gcrypt 1.4.4, without Kerberos, without GeoIP, without
PortAudio, without AirPcap.

Running on Linux 2.6.32-35-generic, with locale fi_FI.utf8, with libpcap
version
1.1.1, with libz 1.2.3.3, GnuTLS 2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.3.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I have created a dissector for ELCOM communication protocol.  This protocol is
used mainly by power utilities, to exchange historical, cyclic, and event based
data between SCADA systems.

Due to the nature of the protocol, complete dissecting is quite hard: In the
initialization phase, some associations between communicating partners are
created (this is what my dissector can do). Long living associations are plain
data streams where the description of the contents has been declared in the
initialization phase (gone maybe long before the capture starts; these can't be
decoded, they are just classified as 'data').

My experience from using this dissector for debugging some real life situations
is that the greatest value comes from observing the behaving of the parties in
the initialization phase: does it success, how often, network delays, being
able to use display filters to concentrate on some specific patterns, etc. 

I have run this dissector with fuzz testing, some 180 files, about 2 MB/each,
77 passes, took about 12 hours.  No errors.

I want to thank the Wireshark development team for excellent documentation,
instructions for developers, and an easy-to-add-new-dissectors structure of the
whole thing. Well done!

 -juha

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.