Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: [PATCH] Order of subdissectors :suggestion of a trick

Ethereal-dev: Re: [Ethereal-dev] Re: [PATCH] Order of subdissectors :suggestion of a trick

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Fri, 4 Jun 2004 09:55:12 -0700

On Tue, Jun 01, 2004 at 09:58:25PM +0200, Olivier Biot wrote:
> Given your input I can live with the patch. Guy, what's your view?
> Maybe we can check it in and see if it breaks something (which it
> shouldn't).

...but it did.

I have an FTP capture where the client sends

	PORT XXX,XXX,XXX,XXX,192,0

and gets back a 200 from the server; the server then connects from its
port 20 to XXX.XXX.XXX.XXX port 49152 (192*256+0).

Unfortunately, as the connection comes *from* the server to the
*client*, the official port number for FTP data (port 20) is the port
from which the initial SYN *comes*, not the port to which it *goes*, and
the new port matching scheme doesn't work, and the FTP data connection
isn't dissected as such.

References:
- Re: [Ethereal-dev] Re: [PATCH] Order of subdissectors : suggestion of a trick
  - From: metatech
- Re: [Ethereal-dev] Re: [PATCH] Order of subdissectors :suggestion of a trick
  - From: Olivier Biot

Prev by Date: [Ethereal-dev] Re: [PATCH] packet-pktc.c: PKTC MTA FQDN dissector
Next by Date: Re: [Ethereal-dev] Help with Interface
Previous by thread: Re: [Ethereal-dev] Re: [PATCH] Order of subdissectors :suggestion of a trick
Next by thread: RE: [Ethereal-dev] How to use the doxygen stuff
Index(es):
- Date
- Thread