Wireshark-bugs: [Wireshark-bugs] [Bug 6373] Dissector for SPICE remote desktop protocol
Date: Wed, 28 Sep 2011 22:10:45 -0700 (PDT)

--- Comment #15 from Yaniv Kaul <[email protected]> 2011-09-28 22:10:44 PDT ---
(In reply to comment #14)
> (In reply to comment #13)
> > Right, it has the state information between the client and the server - which
> > is exactly why if the VNC dissector failed to find the start of the connection,
> > it should give up, as perhaps it's not VNC at all.
> But what if it is VNC?  I misspoke a bit before.  After the initial connection
> setup messages are exchanged in VNC, each further message is mostly self
> contained and can be interpreted properly.  Some cases where it can't are when
> certain values are used from the connection setup like the pixel depth and that
> can throw off the dissection accuracy, although it's still better than nothing

As the VNC dissector does not even desegement messages, it'll most likely fail
miserably (I know, I've tried to add desegementation support - worked so-so.
There's some BZ with that work-in-progress patch somewhere here).

IMHO, the dissector should look at the initial packet after the TCP handshake,
and if it cannot verify it's VNC, give up.

But anyway, because of others' concerns, I have not patched VNC in any way - if
you want to watch Spice (when using the VNC ports), just selected 'Decode As'.

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.