Wireshark · Ethereal-dev: Re: [ethereal-dev] Address services and handling

Ethereal-dev: Re: [ethereal-dev] Address services and handling

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>

Date: Mon, 17 Jul 2000 00:01:17 -0700

On Tue, Jun 20, 2000 at 02:29:35PM +0900, Richard Sharpe wrote:
> One feature that I liked in NetMon that is not in Ethereal is good handling
> of names for transmitting devices.
> 
> What I have in mind is an addresses databases.
> 
> When any dissector figures out a name for a party of any comminication, it
> should register that in a names database.

This might be done by having "resolv.c" export routines to let a
dissector add entries to its tables of addresses.

> Each party can have many names:
> 
>    - Its MAC address, eg Ethernet, Frame, etc
>    - Its IP address
>    - Its DNS name
>    - Its NetBIOS name
>    - Its IPX name
>    - Etc

If you split those into names and addresses, the set of address types
currently supported by "resolv.c" are:

	Ethernet-style MAC addresses (Ethernet/FDDI/Token-Ring/whatever
	    other protocols use them)

	IPv4 addresses

	IPv6 addresses

	IPX networks

although it doesn't have a hash table for IPv6 address->name mappings.

Currently, the "resolv.c" routines don't use the "address" structures
from "packet.h", which include an address type, an address length, and a
pointer to the bytes of the address; having them do so might be a useful
generalization.

> This will require that each dissector be given one of the names that have
> already been discovered so it can look up the object in order to register
> any new names.

If we had a routine that took an "address *" and attempted to look up
the name corresponding to that address, the dissector might be able to
take the "net_src" and "net_dst" addresses from the "packet_info"
structure, look up a host name, and use that.

If the packet is what *contains* the name, then that wouldn't be
necessary.  (Consider, for example, the DNS dissector registering
information from the resource records in a DNS reply - or a NetBIOS
Session Service connection request, which contains source and
destination NetBIOS names, as I remember; I think Network Monitor will
add those as, for example, names for the IP source and destination
addresses of the connection request.)

> The GUI should allow you to specify that any type of name be displayed, and
> it would be nice to be able to list the objects in the database and their
> attibutes.

...and we might want to support writing out the database, as NetMon does
and as snoop does with the "-N" flag (although that's only IP addresses,
in "/etc/hosts" format).

We'd also want to support *reading* those files (again, as NetMon does,
and as snoop does with the "-n" flag).

Prev by Date: Re: [ethereal-dev] Adding new protocols
Next by Date: Fw: [ethereal-dev] Using Ethereal to measure application performance
Previous by thread: Re: [ethereal-dev] Adding new protocols
Next by thread: [ethereal-dev] RTP/RTCP from NetMeeting
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$