Hi,
> 1, Do you have any sample captures of this protocol we can use for
> fuzz testing and also put on the sample captures page (i assume few
> people have access to an exotic protocol like this )?
Yes, I have some sample captures: should I upload them to the wiki? (It
won't happen until I am back from travel next week.)
> 2, Do you plan to add any heuristics to this protocol to verify that
> it is indeed your protocol?
> Probably best to add that in the dissect_..._tcp() function before
> spawning it off to tcp_dissect_pdus().
> This would help when there is a dissector port conflict, i.e. when
> there is traffic between your well known port and the other port is
> another well known port such as smtp or similar.
> This allows ethereal to try both your port and the other dissector and
> tell which protocol it really is.
OK, I'll look into the Heuristics. Should be simple: if the PDU does not
start with '0x90 0xEB 0x00' it is not an STANAG 5066 PDU.
Cheers,
Menno.
> On 10/14/05, M.P. Andriesse <menno.andriesse@xxxxxxxxxxxxx> wrote:
>> Oops...
>>
>> Actually attaching the file does work better...
>>
>> --
>> Menno Andriesse
>>
> ...
>
--
Menno Andriesse
Nato C3 Agency
CIS Division,
ASI Branch
P.O. Box 174
2501 CD The Hague
The Netherlands
Tel: +31 (0)70 374 3449
Fax: +31 (0)70 374 3049
mailto:Menno.Andriesse@xxxxxxxxxxxxx
