Ethereal-users: [Ethereal-users] New packet type support needed. Security Check.
Hello
I enclose two file, one is the MS Netmon .CAP file, and the other is the
Decoded packet in text.
How easy would it be to add support for this packet into ethereal?
Cheers
James
--
Nothing in this world is exactly what it appears to be.
Attachment:
MS-Netmon-Security_Check.cap
Description: Binary data
Network Monitor trace Wed 01/09/02 16:17:58 MS-Netmon-Security Check.txt
***********************************************************************************************************************************************************
Frame Time Src MAC Addr Dst MAC Addr Protocol Description Src Other Addr Dst Other Addr Type Other Addr
1 601.715224 LOCAL 030000000002 Bone Security Check (0x03)
Frame: Base frame properties
Frame: Time of capture = 15/07/2001 20:40:59.886
Frame: Time delta from previous physical frame: 0 microseconds
Frame: Frame number: 1
Frame: Total frame length: 197 bytes
Frame: Capture frame length: 197 bytes
Frame: Frame data: Number of data bytes remaining = 197 (0x00C5)
ETHERNET: 802.3 Length = 197
ETHERNET: Destination address : 030000000002
ETHERNET: .......1 = Group address
ETHERNET: ......1. = Locally administered address
ETHERNET: Source address : 0010A49C7D2B
ETHERNET: .......0 = No routing information present
ETHERNET: ......0. = Universally administered address
ETHERNET: Frame Length : 197 (0x00C5)
ETHERNET: Data Length : 0x00B4 (180)
ETHERNET: Ethernet Data: Number of data bytes remaining = 183 (0x00B7)
LLC: UI DSAP=0x03 SSAP=0x02 C
LLC: DSAP = 0x03 : GROUP
LLC: SSAP = 0x02: COMMAND
LLC: Frame Category: Unnumbered Frame
LLC: Command = UI
LLC: LLC Data: Number of data bytes remaining = 180 (0x00B4)
Bone: Security Check (0x03)
Bone: Signature = RTSS
Bone: Command = Security Check (0x03)
Bone: Flags = 0x00
00000: 03 00 00 00 00 02 00 10 A4 9C 7D 2B 00 B4 03 02 ..........}+....
00010: 03 52 54 53 53 03 00 00 00 00 00 A8 00 01 00 00 .RTSS...........
00020: 00 06 6A 17 01 45 4E 30 30 31 38 31 37 32 33 32 ..j..EN001817232
00030: 32 36 39 00 00 6A 63 64 75 74 74 6F 6E 00 00 00 269..jcdutton...
00040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00050: 00 00 00 00 00 00 00 00 00 00 10 A4 9C 7D 2B 00 .............}+.
00060: 10 A4 9C 7D 2B 45 00 4E 00 30 00 30 00 31 00 38 ...}+E.N.0.0.1.8
00070: 00 31 00 37 00 32 00 33 00 32 00 32 00 36 00 39 .1.7.2.3.2.2.6.9
00080: 00 00 00 00 00 6A 00 63 00 64 00 75 00 74 00 74 .....j.c.d.u.t.t
00090: 00 6F 00 6E 00 00 00 00 00 00 00 00 00 00 00 00 .o.n............
000A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000C0: 00 00 00 00 00 .....
page 1
�This message has been 'sanitized'. This means that potentially
dangerous content has been rewritten or removed. The following
log describes which actions were taken.
Sanitizer (start="1010593098"):
Part (pos="1224"):
SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
Match (rule="2"):
Enforced policy: accept
Part (pos="1595"):
SanitizeFile (filename="MS-Netmon-Security Check.cap", mimetype="application/octet-stream"):
Match (rule="2"):
Enforced policy: accept
Replaced file name with: MS-Netmon-Security_Check.cap
Part (pos="13376"):
SanitizeFile (filename="MS-Netmon-Security Check.txt", mimetype="text/plain"):
Match (rule="2"):
Enforced policy: accept
Replaced file name with: MS-Netmon-Security_Check.txt
Total modifications so far: 2
Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $
