Ethereal-dev: Re: [ethereal-dev] non-standard UDP ports for standard protocolls ???

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Laurent Deniel <deniel@xxxxxxxxxxx>
Date: Sun, 10 Jan 1999 20:07:20 +0100
"Hannes R. Boehm" wrote:
> 
> Hi,
> 
> 
> What should we do with those packets ?
> 
> I am thinking about analyzing the packet within packet-udp.c
> -> if a packet to an unknown UDP port turns out to be a RADIUS packet,
>    then dissect_radius() is called
> 
> -> since this step is only performed for unknown UDP ports, this should
>    not increase the time needed to open a standard tracefile (unless
>    of course, there are many UDP packets to unknown ports....
> 
> Any other ideas ?
> 
> waiting for comments or suggestions
> 

If radius packets contain some sort of magic numbers, you can check it
in dissect_radius routine or before the call in packet_udp (I use that
method in dissect_tcp before calling dissect_giop). Else you can check
the validity of the raduis packet before decoding it and if wrong, call
the dissect_data routine (I used that in dissect_osi) ...

--
Laurent DENIEL            | E-mail: deniel@xxxxxxxxxxx
Paris, FRANCE             |         deniel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
                          | WWW   : http://www.worldnet.fr/~deniel
    All above opinions are personal, unless stated otherwise.