Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Support for pure protocol packetswithout underlying protocol

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "John McDermott" <jjm@xxxxxxxxxx>
Date: Thu, 03 Jul 2003 14:59:16 -0600


Richard Sharpe wrote:
No, I was thinking of how a tool like Ethereal would be able to figure out how to dissect the PDUs in a packet that simply contained SMB PDUs. 

It seems that we have two alternatives:

  1. Unique protocol IDs for each and every protocol

  2. Some sort of path to the protocol.

Perhaps there are other approaches that I have not though of.
I think we should thrash this out some more, because it is worthwhile to get it [close-to] right.
I guess my first question is how would these get generated? Are you looking at having a program spew them out for debugging? If you are not going to have some SMB and some NFS and some Telnet and some ... Could we not modify the "decode as" mechanism to just pass the PDUs on to dissectors? What changes would we have to make in the wiretap/libpcap layer?
Just thinking out loud (and maybe talking out my whatever) isn't some sort of layer necessary to say, "here comes 150 bytes of SMB" so we could get accurate packet boundries? 

If you are debugging, couldn't you print out fake headers, too?

--john

--
John McDermott
Writer, Educator, Consultant
jjm@xxxxxxxxxx		http://www.jkintl.com
V +1 505/377-6293 F +1 505/377-6313
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube