I don't have any traffic to test my dissector against, because the
components in the system that will be generating that traffic aren't
ready yet.
Until then, I've used text2pcap to construct some capture files from
scratch. There is a bit of a problem though: The -T (add TCP headers)
option results in packets only going in one direction.
As a bit of hack, I've put this code in the process_directive function:
static void
process_directive (char *str)
{
guint32 tmp;
str += 11; //Strip off the #TEXT2PCAP and first space
if (strncmp("INVERT", str, 6) == 0) {
if (hdr_ip) {
tmp = HDR_IP.src_addr;
HDR_IP.src_addr = HDR_IP.dest_addr;
HDR_IP.dest_addr = tmp;
}
if (hdr_tcp || hdr_udp) {
tmp = hdr_src_port;
hdr_src_port = hdr_dest_port;
hdr_dest_port = tmp;
}
fprintf(stdout, "Inverted source and destination \n");
} else {
fprintf(stderr, "\n--- Directive [%s] currently
unsupported ---\n", str-11);
}
}
Such that a '#TEXT2PCAP INVERT' will switch the directions around.
The only downside to this approach is that it mucks up the TCP sequences
- subsequent packets have a 'TCP segment lost' warning. Any suggestions
on how to suppress/fix that, or otherwise enhance text2pcap?
----------------------------------
Patrick Barnes
Software Engineer
Land & Joint Systems
Thales Australia
274 Victoria Road, Rydalmere, NSW 2116, Australia
Tel: +61 2 9848 3857
Mob: +61 410 751 044
| www.thalesgroup.com.au
----------------------------------
DISCLAIMER:---------------------------------------------------------------------------
This e-mail transmission and any documents, files and previous e-mail messages
attached to it are private and confidential. They may contain proprietary or copyright
material or information that is subject to legal professional privilege. They are for
the use of the intended recipient only. Any unauthorised viewing, use, disclosure,
copying, alteration, storage or distribution of, or reliance on, this message is
strictly prohibited. No part may be reproduced, adapted or transmitted without the
written permission of the owner. If you have received this transmission in error, or
are not an authorised recipient, please immediately notify the sender by return email,
delete this message and all copies from your e-mail system, and destroy any printed
copies. Receipt by anyone other than the intended recipient should not be deemed a
waiver of any privilege or protection. Thales Australia does not warrant or represent
that this e-mail or any documents, files and previous e-mail messages attached are
error or virus free.
--------------------------------------------------------------------------------------
