Wireshark · Ethereal-dev: Re: [ethereal-dev] Thoughs around the info field for TCP Application level protocols

Ethereal-dev: Re: [ethereal-dev] Thoughs around the info field for TCP Application level proto

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: guy@xxxxxxxxxx (Guy Harris)

Date: Tue, 6 Apr 1999 02:27:28 -0700 (PDT)

> In my last EM about Telnet I said I was unhappy with what I had done in the
> Telnet (and by extension in the FTP) protocol decoder.
> 
> I simply put Telnet Data ... in that field.
> 
> NetMon puts the relevant TCP info, including flags and sequence numbers
> there as well as any relevant protocol info if it can.

I assume you're referring to the summary line (the "Description" column
in NetMon, and the "Info" column in Ethereal) here, as the TCP
information is already in the TCP section of the detail display, and as
the detail information displays the actual data for Telnet data.

Which version of NetMon is that? The version I have (the "About" box
just says "Network Monitor Version 1.1 Copyright(C) 1992-1995 Microsoft
Corporation", and its title bar says "Retail 316 Jun 23 1995") just says
only "To Client With Port = XXXXX" or "To Server From Port = XXXXX" in
the summary section; yours might be a later version.

> I was thinking that I might do the same.  This means that I will have to
> retrieve the text that is in that field and add to it.

I.e., have the Telnet dissector add the Telnet information to the TCP
information (as the TCP dissector is called first, and then the Telnet
dissector is called)?

> A simple enough task. Does ethereal allow you to retrieve a field?

There's currently no routine that returns the contents of a column, but
it wouldn't be hard to add.

> Or, should we write an append routine?

That might be better, if all we expect is to have stuff added to the
column.

Are you thinking of doing this just for the FTP data stream, or for the
FTP control stream as well? Putting the TCP information *and* the FTP
request or response in the "Info" column might make it a bit crowded;
for Telnet, there's not much to lose by replacing "Telnet Data" with TCP
information, but for the FTP control stream, the request or response is
a nice thing to have in the summary.

I'd been thinking that this might be another application for a
multi-line summary display for a frame, with the ability to enable or
disable transport-layer (or perhaps even lower-layer) summary
information as well as the top-layer summary information.

References:
- [ethereal-dev] Thoughs around the info field for TCP Application level protocols
  - From: Richard Sharpe

Prev by Date: Re: [ethereal-dev] Capture box not displaying properly
Next by Date: [ethereal-dev] Capturing to an "unnamed" buffer
Previous by thread: [ethereal-dev] Thoughs around the info field for TCP Application level protocols
Next by thread: [ethereal-dev] GTK 1.2.1 bug/feature means "gtk_tree_set_view_mode()" has no effect
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$