At 06:53 PM 11/4/00 -0500, Todd Sabin wrote:
>
>Hi,
You too :-)
>I'm thinking about writing a dissector for MSRPC (actually I've
>already done a tiny amount), and I'm wondering whether ethereal has
>the ability to dynamically handoff packets to various dissectors until
>one accepts it.
Tim Potter has already done some of this, but I have yet to commit it to
the source. He dissects a few RPCs, but you have to see the whole chain,
from the bind or something like that before it makes sense.
Ethereal has heuristic dissectors that can be given a packet and return
true or something if they recognize and manage to dissect the packet.
> From what I can tell, dissectors have to say "I want
>TCP packets to port 135" or similar. MS's Netmon works a little like
>that, but also if there's no handler for a given packet, it lets the
>user chain parsers, so that they're called in turn until one of them
>accepts the packet. You probably already know this.
>
>Anyway, it's really necessary in the case of MSRPC, which can be done
>over both TCP and UDP on both fixed and dynamic ports, SMB, NBT, not
>to mention IPX, SPX, etc.
>
>So, assuming I (or someone) write a dissector that understands MSRPC,
>how does it get called in all of the various places that it might
>need to be?
>
>Thanks,
>
>
>Todd
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba
