Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-bugs: [Wireshark-bugs] [Bug 2533] EBCDIC display for TN3270 packet

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 2 Jun 2009 12:37:56 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2533


hoganrobert <robert@xxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |robert@xxxxxxxxxxxxxxx




--- Comment #3 from hoganrobert <robert@xxxxxxxxxxxxxxx>  2009-06-02 12:37:53 PDT ---
I'm working on a tn3270 dissector. 

See: http://roberthogan.net/stuff/tn3270-dissector/

>From the README.txt at the above url:

http://roberthogan.net/stuff/tn3270-dissector/

Step One
--------
Patch svn wireshark with tn3270-XXXXX.diff. You can do this by:

svn co http://anonsvn.wireshark.org/wireshark/trunk/ wireshark
cd wireshark
patch -p0 < /location/of/tn3270-XXXXX.diff

Step Two
--------
Compile wireshark:

./autogen.sh
./configure
make

Step Three
----------
Run wireshark:
./wireshark

Step Four
---------
You can then dissect the sample dump at:
 http://roberthogan.net/stuff/tn3270-dissector/tn3270sample.pcap.

To dissect a 3270 stream you select 'decode as' and then telnet. The telnet 
dissector will call my 3270 dissector when it recognises a 3270 stream.

The dissector currently relies on the 'terminal type' telnet command issued 
by the client to recognise 3270 streams. The tn3270 terminal types it is 
aware of are anything that begins with IBM-3277, IBM-3278 or IBM 3279, 
i.e.:

  if ((strcmp(terminaltype,"IBM-3279-2-E") == 0) || 
(strcmp(terminaltype,"IBM-3279-2") == 0) ||
      (strcmp(terminaltype,"IBM-3278-2-E") == 0) || 
(strcmp(terminaltype,"IBM-3278-2") == 0) ||
      (strcmp(terminaltype,"IBM-3278-3") == 0) || 
(strcmp(terminaltype,"IBM-3278-4") == 0) ||
      (strcmp(terminaltype,"IBM-3278-5") == 0) || 
(strcmp(terminaltype,"IBM-3277-2") == 0) ||
      (strcmp(terminaltype,"IBM-3279-3") == 0))

It is quite possible that the 3270 streams you're interested in are not 
detected properly by the dissector. If not, please send on a sanitized dump 
to me so that I can try debugging it. The dissector is extremely raw but as 
you should see from the sample dump it does work in the only test case 
available to me at the moment!


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
  • Prev by Date: [Wireshark-bugs] [Bug 3501] Content of LINUX USB captured packets can't be displayed
  • Next by Date: [Wireshark-bugs] [Bug 3501] Content of captured packets with pseudo-headers in libpcap files can't be displayed in Wireshark
  • Previous by thread: [Wireshark-bugs] [Bug 3378] New Dissector: Host Identity Protocol
  • Next by thread: [Wireshark-bugs] [Bug 2533] EBCDIC display for TN3270 packet
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation