Wireshark · Ethereal-dev: Re: [ethereal-dev] Re:

Ethereal-dev: Re: [ethereal-dev] Re:

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <sharpe@xxxxxxxxxx>

Date: Tue, 06 Jul 1999 10:17:57 +0900

At 05:16 PM 7/5/99 -0400, Ashok Narayanan <ashokn@xxxxxxxxx> wrote:
>Laurent Deniel writes:
> > Jeffrey Perry wrote:
> > > 
> > > Yes, one comment. I think this is the right approach, I would suggest
> > > taking it one step farther though. If you build the parser into
> > > ethereal, then no recompiles would be needed for adding a new
> > > protocol. This is how Etherpeek on Windows works.
> > > 
> > 
> > Yes, I like this approach also.
> > 
> > I was already thinking about the handling of user-defined protocols in
> > a similar way but with direct processing in ethereal (no code generation
> > and so no recompilation - see some previous posts in mailing list).
>
>Given that we are an Open-Source project and the source code will
>always be available for compilation, is this really useful? I can see
>in a closed-source project the ability for users to extend the sniffer 
>without giving them the source code could be useful, but I am not sure 
>how this model extends over to Open Source.

I tend to agree with this.  At first, I thought that we needed an API that
allowed other people to write stuff for Ethereal, but after spending time
figuring out how to use the code, I realized that what is said above is true.

However, it would be better if we had a protocol description language that
allows people to easily create decode modules, as the present approach does
require a large investment in learning how to write the decode modules.

While I have made a start, I am not happy with the language I have
developed, and am not happy with my parser.

It will probably be good enough for me to handle the SMB protocol, or at
least the simple SMBs.  When it comes to the transact calls and RPCs, that
may be another story.  However, it is not clear that what I currently have
is good enough to do the job.

>-Ashok
>
>
>-- 
>--- Ashok Narayanan ----------------------------------------
>IOS Network Protocols, Cisco Systems
>250 Apollo Drive, Chelmsford, MA 01824
>Ph: 978-244-8387
>

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, NS Computer Software and Services P/L,
Samba (Team member www.samba.org), Ethereal (Team member www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours

References:
- [ethereal-dev] Re:
  - From: Laurent Deniel
- [no subject]
  - From: Jeffrey Perry
- Re: [ethereal-dev] Re:
  - From: Ashok Narayanan

Prev by Date: [ethereal-dev] Re:
Next by Date: RE: [ethereal-dev] Re:
Previous by thread: Re: [ethereal-dev] Re:
Next by thread: [ethereal-dev] Re:
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$