On Feb 19, 2009, at 2:41 PM, Gerald Combs wrote:
Behdad Forghani wrote:
I am thinking of developing a notation along with code generator and
Eclipse integration to specify protocol PDUs and then generate
Wireshark
dissectors automatically, thus reducing the time to hand code
dissectors
and errors. Before, I do that, I wanted to make sure that I am not
reinventing the wheel. Does such a tool already exist for non ASN.1
protocol messages?
You might want to take a look at the NetPDL and TSN.1 notations:
http://www.nbee.org/doku.php?id=netpdl:index
http://www.protomatics.com/tsn1.html
Others have suggested the BinPAC language used by the Bro IDE:
http://bro-ids.org/wiki/index.php/BinPAC
and I think Scapy was mentioned in this context (or maybe I stumbled
across it):
http://www.secdev.org/projects/scapy/
and somebody's worked on some code to do this with their own language:
http://wsgd.free.fr/
or, heck, maybe use ASN.1 - ASN.1 isn't a protocol; the "A" stands for
"Abstract", so it's a way to describe the "abstract syntax" of
protocols, and you have to add the encoding rules to see what that
turns into as a sequence of octets, and there's an Encoding Control
Notation:
http://en.wikipedia.org/wiki/Encoding_Control_Notation
to let you specify non-standard encodings.
