ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [ethereal-dev] problems with sniffer save, need info on adding info to NCP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: James Coe <jammer@xxxxxxx>
Date: Mon, 13 Dec 1999 14:35:35 -0600
"Neulinger, Nathan R." wrote:

> I was unable to open the saved capture from ethereal (latest cvs) with
> sniffer pro. It claims it is an unsupported file format.
>
> As a note, sniffer pro seems to come with a bunch of different traces that
> have a LOT of weird stuff in them. I've been looking at them with ethereal
> to see what sort of stuff is in there, but haven't started writing any
> updates
>
> It looks like there are a number of NCP functions that ethereal doesn't
> identify, for example:
>
> create-service-connect    00/02    create a service connection
> service-request         17/3d   read property value request
> destroy-conn            24/00   destroy connection
>
> I don't necessarily want to add all the dissectors for those, but since I
> have the information, I'd be happy to put in labels for the various function
> codes if someone could explain how. (I'm not sure on that ncp2222 structure
> what should be put in.)
>
> This particular trace also has a "IBMNM: trace tool present" dsap packet
> will lots of stuff in it, that may be worth breaking out.
>
> -- Nathan
>
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nneul@xxxxxxx
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216

Novell maintains a NetWare Core Protocol reference on their developer Web site,
but using it to develop the dissector module might create a copyright conflict
with the GPL. However possibly the mars_nwe server emulator could be used to
figure out some of this. It was engineered without using the NCP reference.

I analyzed the coding for the ncp structures  when I added the NCP over IP
patch to the packet-ncp. There are three places to add code for identifying NCP
stuff in it.

enum nfamily {
                NCP_UNKNOWN_SERVICE,            /* unknown or n/a */
... contains the family information. There are other families which should be
added.

static svc_record ncp_17_7C_C[] = {
                { nbelong,      4,      "The queue the job resides in" },
                { nbeshort,     2,      "Job Type" },
                { nend,         0,      NULL }
};
..... service records for dissecting functions.

static ncp2222_record ncp2222[] = {
{ 0x17, 0x35, SUBFUNC, "Get Bindery Object ID",
        ncp_17_35_C, NULL, NCP_BINDERY_SERVICES
},

.... ncp2222 records that break out as follows:

{ function number, subfunction number (always 0 when NOSUB), SUBFUNC(tion) or
NOSUB(function), "description",
    svc_record for calls or NULL, svc_record for replies or NULL, function
family },

Jamie Coe.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube