Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-dev: Re: [Ethereal-dev] Re: [distcc] [patch] distcc dissector for ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Martin Pool <mbp@xxxxxxxxxxxxxx>
Date: Tue, 11 Mar 2003 18:55:10 +1100
On 11 Mar 2003, Joerg Mayer <jmayer@xxxxxxxxx> wrote:

> Quite a few dissectors use TCP reassembly, e.g. packet-skinny.c, packet-tds.c.

OK, thanks for telling me.

> AFAIK Ethereal currently cannot decrypt ssh because nobody has written the
> code to do so. 

Oh, I meant to say that I assumed one would force null encryption,
though I suppose with a bit of help Ethereal could work out the
session key and do the decryption itself.

Having said all this, I have not yet had to look at a TCP dump to
debug a distcc problem, because the protocol is very straightforward
and there's only a single implementation.  So I'm not quite sure why
anyone would want a dissector, aside from just completeness in
Ethereal or for hack value.

> After that, the discc dissector would need to be turned into an
> heuristic dissector (basically, it needs to look at a data packet
> and decide whether the data is distcc from the contents. 

Either a heuristic, or it could be guided by the user.

-- 
Martin