Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4026] New: New Packet Dissector - jmirror

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 17 Sep 2009 19:43:38 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4026

           Summary: New Packet Dissector - jmirror
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: wbrassem@xxxxxxxxxxx


Created an attachment (id=3675)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3675)
This is the source code.  I also have the header, make files and some packet
captures.

Build Information:
Version 1.3.0-jmirror (SVN Rev unknown)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, without Python, with GnuTLS 2.8.1, with Gcrypt
1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 23
2009), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I have built and tested a new Wireshark dissector which decodes a mirrored
packet that has an additional prepended UDP header attached to it.  The packet
format was designed by Juniper Networks.  I have tested this decoder on several
different packet captures (which I can provide if you wish) and it appears to
work the way I want it to.

A description of the packet format can be found here:
http://www.juniper.net/techpubs/en_US/junose10.2/information-products/topic-collections/policy-management/packet-mirror-prepended-header.html

It's currently in the form of a plugin since I followed some instructions
posted on how to build it as a plugin.  I mimicked the coding style as closely
as possible.

I tried to check it in using SVN but not surprisingly I got a denial.  So I'm
opening this ticked to see what can be done about that.  I have everything in
my setup under the C:\wireshark\plugins\jmirror directory.

I would like to submit the following files for review:
packet-jmirror.c
packet-jmirror.h
Makefile.nmake
moduleinfo.nmake
plugin.rc.in
Makefile.am
Makefile.common
README

Please contact me at wbrassem@xxxxxxxxxxx if you are interested in getting this
new packet decoder into the next release of Wireshark.

Thank you,
Wayne Brassem
Juniper Networks
(416) 435-2262


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube