Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Problem dissection generic ASN1

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>
Date: Thu, 28 Sep 2006 13:35:42 +0200
Hi,
I think it sounds reasonable to have the dissector turned off as default
and definetly turned of if there is no
"ASN.1 type table file" as the table is "stating" how the protocol
should be dissected right?
 Furthermore the default port should probably be zero e.g dissection
turned off. At some stage the dissector should also be changed to use
the
BER helpers rather than the current ones.
If you frequently use the asn1 plugin to dissect a protocol you should
consider using asn2wrs and create a "real" dissector for the protocol in
question.
Best regards
Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Thomas Steffen
Sent: den 28 september 2006 10:44
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Problem dissection generic ASN1

Dear Developers

I think I was able to pinpoint a long standing problem with the ASN1
dissector (plugin), and I wonder whether other users have the same
experience.

The ASN1 dissector works fine if you specify an "ASN.1 type table file"
in the preference. It automatically dissects packets send to the
configured ports, and you can use the context menu entry "Decode As ..."
to force dissection as ASN1.

However, if the field "ASN.1 type table file" is empty, the dissector
does not work. It does not recognize packets send to the specified
ports, and it does not appear in the list of dissectors under "Decode As
...". I find this a rather strange behaviour, and I could not find any
hint in the code that this would be intended. (I need to get my debugger
working to find out why it might happen unintentionally.)

So is this problem indeed unintended? If so, I could try to produce a
fix. The only reservation that I have is that it may make Wireshark more
vulnerable, because the ASN1 dissector certainly still has a few rough
edges. Since the default setting basically disables the dissector, no
vulnerability is reach. However, if I fix this issue, the dissector
would automatically dissect everything on port 801 (by default).

So should the ASN1 dissector be disabled by default, or can I just fix
the issue, and thereby enable the dissector by default?

Yours,
Thomas
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube