https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3256
--- Comment #7 from Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> 2009-03-01 17:00:23 PDT ---
Thanks for comments, well printf() was just for debug purpose - sure I'll
remove it :)
About gadu-gadu traffic on port 443, it's not gg-over-ssl, it's still
unencrypted. It's just hack to make Gadu-Gadu connection more firewall-friendly
(some admins block connection on high-ports, 443 is low, and used by https, so
they won't close it)
Anyway it's hard to determinate if it's gadu-gadu port or not.
I could write some code to register connection (we always receive from server
GG_WELCOME packet) but it won't work if smb start sniffing after authorization.
Some other possibilities is to check if first 4 bytes (type of packet) is
inside some range (currently in use are packets type: 0x01 till 0x38) and if
len of packet (next 4 bytes) is below 5000.
By the way about len of packet and fragmentation (get_gg_pdu_len())
Known clients ignores packet with len (in header) above 65KB, (orginal
Gadu-Gadu client AFAIK ignores packet with len above ~3KB)
What should we do with such packet in wireshark? I'd like to ignore it like
normals client do. Any ideas how?
And second question (if I leave code as it is) if some evil person send packet
with some weird len (like 0xffffff) it's safe for wireshark?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
