Wireshark · Ethereal-dev: [Ethereal-dev] RE: New dissector: STANAG 5066

Ethereal-dev: [Ethereal-dev] RE: New dissector: STANAG 5066

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: <Menno.Andriesse@xxxxxxxxxxxxx>

Date: Mon, 7 Nov 2005 09:05:28 +0100

Thanks, 

I'll do the wiki somewhere this week.

Menno.

-----Original Message-----
From: ronnie sahlberg [mailto:ronniesahlberg@xxxxxxxxx] 
Sent: 04 November 2005 22:18
To: Ethereal development
Cc: Andriesse Menno [Internet]
Subject: Re: New dissector: STANAG 5066


Hi,

I have checked the dissector in but I checked it in as a built in
dissector instead of a plugin.

I also made some minor changes:
1, replace tvb_length   with tvb_length(tvb)
2, set reassembly to default to TRUE since that seems the new default
policy 3, fixed the text string for the reassembly preference



Can you add a WIKI page that describes some history and usage about this
exotic protocol and upload the example captures to there ?


best regards
ronnie s

On 11/2/05, M.P. Andriesse <menno.andriesse@xxxxxxxxxxxxx> wrote:
> Back from travel and other things...
>
> attached is the updated patch ('svn diff' against rev. 16376), I 
> gzipped it. Also attached three (small) sample captures.
>
> Cheers,
> Menno.
>
> ronnie sahlberg wrote:
>
> >Hi,
> >
> >The dissector looks really good.
> >
> >1, Do you have any sample captures of this protocol we can use for 
> >fuzz testing and also put on the sample captures page (i assume few 
> >people have access to an exotic protocol like this )?
> >
> >2, Do you plan to add any heuristics to this protocol to verify that 
> >it is indeed your protocol? Probably best to add that in the 
> >dissect_..._tcp() function before spawning it off to 
> >tcp_dissect_pdus(). This would help when there is a dissector port 
> >conflict, i.e. when there is traffic between your well known port and

> >the other port is another well known port such as smtp or similar.
> >This allows ethereal to try both your port and the other dissector
and
> >tell which protocol it really is.
> >
> >
> >
> >On 10/14/05, M.P. Andriesse <menno.andriesse@xxxxxxxxxxxxx> wrote:
> >
> >
> >>Oops...
> >>
> >>Actually attaching the file does work better...
> >>
> >>--
> >>Menno Andriesse
> >>
> >>
> >>
> >...
> >
> >
>
> --
> Menno Andriesse
>
> Nato C3 Agency
> CIS Division,
> Transmission & Network Services
> Resource Centre
>
> P.O. Box 174
> 2501 CD The Hague
> The Netherlands
> Tel: +31 (0)70 374 3449
> Fax: +31 (0)70 374 3049
>
> mailto:Menno.Andriesse@xxxxxxxxxxxxx
>
>
>

Prev by Date: Re: [Ethereal-dev] New GLib file-related call changes
Next by Date: [Ethereal-dev] Re: [Ethereal-cvs] rev 16411: /trunk/: pcap-util-unix.c
Previous by thread: [Ethereal-dev] Re: New dissector: STANAG 5066
Next by thread: SV: [Ethereal-dev] obvious small bug in packet-scsi.c when parsing"MultiP" bit
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$