Ethereal-dev: RE: [ethereal-dev] TCP/UDP protcol dissector lookups

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Jeff Foster <jfoste@xxxxxxxxxxxx>
Date: Thu, 2 Mar 2000 10:56:14 -0600 
>
>
>On Thu, Mar 02, 2000 at 09:09:30AM -0600, andreas.sikkema@xxxxxxxxxxx
wrote:
>> 
>> 
>> > I'm not sure that's the best way to do it; if the goal is to handle a
>> > source host/source port/destination host/destination port quad, the
>> > conversation code might be what we'd want to use, and have separate
>> > checks for generic ports and specific conversations.
>> 
>> Aha, where can I find this?
>
>conversation.c, in the Ethereal source directory. Also, grep for
>"conversation" -- various protocol dissectors use it.
>
>--gilbert

I checked the conversation.c code because it sounded like something I
could use in a socks dissector.  Just one problem;  how does this
function on a trace that does a router hop ?  For example:

	router ----------> hub -----------> server (10.2.1.2)
	(10.1.1.1)			\		
	(10.2.1.1)			 \--------> client (10.1.1.2)
					  \		
					   \------> ethereal computer

When I looked at adding "conversations" I realized that this would be a
problem
unless I had both the DLC and IP addresses in the key.


Jeff Foster.
jfoste@xxxxxxxxxxxx