Wireshark · Wireshark-dev: [Wireshark-dev] packet-vnc.c - DEST_PORT_VNC macro

Wireshark-dev: [Wireshark-dev] packet-vnc.c - DEST_PORT_VNC macro - is it even needed?

Date: Sun, 28 Dec 2008 23:34:55 +0200

It seems to be used to check according to very specific destination ports, if we should dissect the messages as client to server or server to client messages. I'm not sure why not just compare the current destination port with the one we've saved in the conversation.
This will avoid erroneous dissection of VNC traffic on non-standard port (that was not explicitly defined in the preferences.

BTW, there's no minimum length verification for messages. I'd assume that if we try to dissect traffic as VNC we should probably verify minimal lengths - both SERVER_VERSION and CLIENT_VERSION packets should be EXACTLY 12 bytes long and start with ASCII chars 'RFB '(3 letters and space - hex 52 46 42 20).
Moreover, this could also be used to heuristically find VNC traffic on non-standard ports.

If agreed, I'll try to follow this with a patch, at least for some of the comments above.

Regards,
Y.

Follow-Ups:
- Re: [Wireshark-dev] packet-vnc.c - DEST_PORT_VNC macro - is it even needed?
  - From: Stephen Fisher

Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (release) on Ubuntu-8.04-x64
Next by Date: Re: [Wireshark-dev] packet-vnc.c - DEST_PORT_VNC macro - is it even needed?
Previous by thread: Re: [Wireshark-dev] rev 26979: /trunk/ /trunk/: version_info.c
Next by thread: Re: [Wireshark-dev] packet-vnc.c - DEST_PORT_VNC macro - is it even needed?
Index(es):
- Date
- Thread