Ethereal-users: Re: [Ethereal-users] libpcap file format and two more questions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 16 Jan 2003 16:10:34 -0800
On Thu, Jan 16, 2003 at 03:42:41PM -0800, Guy Harris wrote:
> > 3. Why Ethereal's protocol dissector doesn't recognize Yahoo Messenger
> > protocol (YMSG) packets, despite of its presence in protocol list?
> 
> Because those packets either
> 
> 	1) aren't being sent to or from the port the dissector thinks is
> 	   the Yahoo port (port 5050)
> 
> and
> 
> 	2) aren't at the beginning of TCP segments or don't begin with
> 	   "YPNS" or "YHOO"
> 
> or
> 
> 	3) take more than one TCP segment, in which case the first TCP
> 	   segment will be recognized *IF* the packet starts at the
> 	   beginning of the segment (and begins with "YPNS" or "YHOO")
> 	   but subsequent segments won't be recognized).

And if "YMSG" means they begin with YMSG, then the reason why the
dissector rejects them is that nobody's added to the Yahoo Messenger
dissector the ability to dissect the version of the Yahoo Messenger
protocol that uses YMSG.