Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] New dissector: exec (rexec) protocol

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Mon, 3 Jul 2006 22:54:00 +0000
Hi,

checked in

i changed the indentation to be more consistent with the rest of wireshark

i removed a few if(tree) tests  and initialized exec_tree to NULL instead

i removed the memcopy and the array of character for username/command
and replaces if with a pointer and se_strdup()


I dont know how popular this protocol is today   but since most of the
payload for this protocol would be ascii text  it would be nice if the
decode of the payload were displayed line by line in the decode tree.




On 7/3/06, Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:

Did anyone get a chance to consider my new dissector for inclusion in
Wireshark (see below)?  I have attached an updated patch that fixes a
sign issue I noticed only on OS X.  The length variable has been changed
from guint to gint to match the Wireshark functions it is passed to.
Thanks.

----- Forwarded message from Stephen Fisher <stephentfisher@xxxxxxxxx> -----

Date: Wed, 21 Jun 2006 17:46:19 -0700
From: Stephen Fisher <stephentfisher@xxxxxxxxx>
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] New dissector: exec (rexec) protocol


I have written a new dissector for the "Remote Execution Protocol"
(exec/rexec).  Yes, believe it or not, people still use this protocol
:(.  This is my first dissector, so let me know if there are any
problems with the code.  I based it on the sample in README.developer
and have tested it against many live traffic captures as well as randpkt
and the fuzz tester.  The code is more complex than you would expect
because the protocol is very simple and the only way to keep track of
the state (which field: username/password/etc) you are receiving is to
keep track of what you've seen in the packet capture already.

I am working on a sample capture and protocol description page on the
Wiki now.

I have attached a patch that updates the makefile and adds
packet-exec.c.  I also attached a sample capture of the protocol.


Thanks,
  Steve

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


----- End forwarded message -----
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube