Wireshark-dev: Re: [Wireshark-dev] New dissector: exec (rexec) protocol
From: "ronnie sahlberg" <[email protected]>
Date: Mon, 3 Jul 2006 22:54:00 +0000

checked in

i changed the indentation to be more consistent with the rest of wireshark

i removed a few if(tree) tests  and initialized exec_tree to NULL instead

i removed the memcopy and the array of character for username/command
and replaces if with a pointer and se_strdup()

I dont know how popular this protocol is today   but since most of the
payload for this protocol would be ascii text  it would be nice if the
decode of the payload were displayed line by line in the decode tree.

On 7/3/06, Stephen Fisher <[email protected]> wrote:
Did anyone get a chance to consider my new dissector for inclusion in
Wireshark (see below)?  I have attached an updated patch that fixes a
sign issue I noticed only on OS X.  The length variable has been changed
from guint to gint to match the Wireshark functions it is passed to.

----- Forwarded message from Stephen Fisher <[email protected]> -----

Date: Wed, 21 Jun 2006 17:46:19 -0700
From: Stephen Fisher <[email protected]>
To: [email protected]
Subject: [Wireshark-dev] New dissector: exec (rexec) protocol

I have written a new dissector for the "Remote Execution Protocol"
(exec/rexec).  Yes, believe it or not, people still use this protocol
:(.  This is my first dissector, so let me know if there are any
problems with the code.  I based it on the sample in README.developer
and have tested it against many live traffic captures as well as randpkt
and the fuzz tester.  The code is more complex than you would expect
because the protocol is very simple and the only way to keep track of
the state (which field: username/password/etc) you are receiving is to
keep track of what you've seen in the packet capture already.

I am working on a sample capture and protocol description page on the
Wiki now.

I have attached a patch that updates the makefile and adds
packet-exec.c.  I also attached a sample capture of the protocol.


Wireshark-dev mailing list
[email protected]

----- End forwarded message -----