Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3225] add ability to parse netdump protocol in wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 10 Feb 2009 07:32:46 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3225





--- Comment #5 from Neil Horman <nhorman@xxxxxxxxxxxxx>  2009-02-10 07:32:45 PDT ---
>Wireshark already has UDP Port 6666 registered to the sigcomp protocol.
Yes, I'm aware.


>In fact, since sigcomp registers port 6666 after your netdump registration of
>port 6666 and thus the netdump registration will get clobbered, the netdump
>dissector will never get called in the current version.
Not true.  All you have to do is indicate to netdump (via Analyze-decode As...)
that you want frames on src/dst port 6666 to be decoded as netdump frames,
rather than sigcomp frames.  It works quite well.

(>Maybe the netdump dissector worked previously because you were running it as
a
>plugin. ISTR that plugins register after regular dissectors).
It worked previously by default (I expect because the plugins get registered
after the builtin dissectors).  Of course that clobbered the sigcomp protocols
ability to dissect by default.  Of course, as I mentioned above, the latest
implementation works just as well, the only difference being that you need to
indicate to wireshark that you want frames dissected as netdump frames.


>In any case, doing a little Googling I find that a netdump dissector was
>previously submitted some time ago (when what is now Wireshark was called
>Ethereal).
Yes, I was involved in that previous effort, and have only just now gotten
around to re-writing it.  The facts of the matter remain unchanged.  While a
heuristic approach to dissecting netdump would be nice, the fact fo the matter
is that there is no good way to conclusively determine if a frame is a netdump
frame or not based on anything other than predetermined port numbers.  There
seems to be precedent for this, since that seems to be exactly the way sigcomp
treats these frames.  I'd just like the option to choose to decode them as
netdump frames instead.  So unless you can suggest a heruistic for reasonable
detecting netdump frames, I don't see any other way to do this.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube