Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: [distcc] [patch] distcc dissector for ethereal

[Joerg Mayer <jmayer@xxxxxxxxx>]

On Tue, Mar 11, 2003 at 12:56:34PM +1100, Martin Pool wrote:
> You really need to reassemble the TCP stream and work from there.  Any
> alignment with packet boundaries is purely accidental.  I don't know
> how hard this is in Ethereal, if it can't be done then I guess we just
> need to put up with only decoding the first packet.

Quite a few dissectors use TCP reassembly, e.g. packet-skinny.c, packet-tds.c.

> The other thing that would be very cool, but which is probably not
> very practical at the moment, is that it would be great if Ethereal
> could decode distcc-over-ssh.  Ethereal would need to be able to be
> told to treat the contents of the ssh stdin/stdout streams as a distcc
> stream.  I don't know if anyone is considering this kind of recursive
> dissector.

AFAIK Ethereal currently cannot decrypt ssh because nobody has written the
code to do so. After that, the discc dissector would need to be turned into
an heuristic dissector (basically, it needs to look at a data packet and
decide whether the data is distcc from the contents. The infrastructure is
already present.

  Ciao
     Jörg

--
Joerg Mayer                                            <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want ist just stuff that
works. Some say that should read Microsoft instead of technology.