Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] eDonkey dissector update

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Wed, 10 Oct 2007 15:50:46 -0400
> How do the review process works?
That's pretty much it.

By the way, since you seem to be an edonkey/emule expert, maybe you can
take a look at this bug and provide an appropriate patch for the edonkey
dissector: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1802.  The
bug has to do with the inconsistent display filter field naming
conventions used.  The rule is to prefix all display filter fields with
the PROTOABBREV, in this case, "edonkey.".

- Chris

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Stefano
Picerno
Sent: Wednesday, October 10, 2007 3:25 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] eDonkey dissector update

Hi,
  I've filed a "bug" in bugzilla attaching a patch that updates the
edonkey
dissector.

The vanilla edonkey dissector did not decode any kademlia packet.
Kademlia packet are udp packets that recent emule/amule clients use to
create a
serverless P2P network.

As the only reference for the protocol specs is the source code, the
dissector
has been enhanced inspecting aMule 2.1.3 and eMule 0.48a source code.

Most kademlia1 and some kademlia2 messages are now entirely decoded by
the
dissector.

See http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1897

Using this patch I already found a bug in amule networking code. I think
it
could be useful also to other people.

How do the review process works?

Bye
 Stefano Picerno

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.