Ethereal-dev: RE: [Ethereal-dev] Protocol Analysis Workbench ...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Visser, Martin (SNO)" <Martin.Visser@xxxxxxxxxx>
Date: Sat, 16 Dec 2000 10:13:51 +0800
Richard,

This something I would like to see added as well. I have some proprietary
Voice over IP product we are using (the ITG for Nortel Meridian PABX). They
use RTP over UDP but not RTCP or RTSP so I don't think the dissector finds
it. So, ideally you should be able to try the decode for selected packets,
at whatever layer. (As long as it makes sense)

Martin

Martin Visser
Technology Consultant - Compaq Global Services

Compaq Computer Australia
410 Concord Road
Rhodes, Sydney NSW 2138
Australia

Phone: +61-2-9022-5630
Mobile: +61-411-254-513
Fax:+61-2-9022-7001
Email:martin.visser@xxxxxxxxxx


-----Original Message-----
From: Richard Sharpe [mailto:sharpe@xxxxxxxxxx]
Sent: Saturday, 16 December 2000 1:00 PM
To: ethereal-dev@xxxxxxxxxxxx
Subject: [Ethereal-dev] Protocol Analysis Workbench ...


Hi,

It struck me that we have almost all we need in Ethereal to build some soft
of protocol analysis workbench ...

For an unknown protocol, one could use right mouse on the data/byte pane,
which would bring up a menu, and one item could be:

   Specify protocol (or something like that)

This would allow the user to bind a protocol to the rest of the data from
that position forward in the data pane, perhaps based on the value of some
bytes in the data portion.

We would need a little extra support, and the user would select from the
dissectors to use based on their names, but it certainly seems do-able.

Hmmm, we would need to be able to specify that all packets of a particular
type be dissected using a particular dissector. For example, X25 over LAPB
over Ethernet for Linux uses the unused DEC ethertype 0x6000, so one would
want to bind dissect_ip to the payload for all such ethernet frames.

However, one would also like to be able to say, these two bytes look like a
type field, so dissect the rest based on this value in this type field. For
example, 0x080045 is a dead givaway.

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba



_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev