Wireshark-dev: Re: [Wireshark-dev] Support for XCAP
From: "Anders Broman" <[email protected]>
Date: Wed, 8 Aug 2007 21:56:27 +0200
Hi,
I've added some more XCAP application types to the XML dissector in
revision 22471. You can download it from
http://wireshark.org/download/automated/ once the build has finished 
http://buildbot.wireshark.org/trunk/

Here what it will look as if Decode as http is used:
No.     Time        Source                Destination           Protocol
Info
     28 9.775441    127.0.0.1             127.0.0.1             HTTP/XML PUT
/xcap/test-auid1/users/sip:[email protected]/doc.xml HTTP/1.1

Frame 28 (598 bytes on wire, 598 bytes captured)
    Arrival Time: Aug  8, 2007 18:41:21.352927000
    [Time delta from previous captured frame: 0.000207000 seconds]
    [Time delta from previous displayed frame: 0.000207000 seconds]
    [Time since reference or first frame: 9.775441000 seconds]
    Frame Number: 28
    Frame Length: 598 bytes
    Capture Length: 598 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:tcp:http:xml]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst:
00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 584
    Identification: 0x2dec (11756)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x0cc2 [correct]
        [Good: True]
        [Bad : False]
    Source: 127.0.0.1 (127.0.0.1)
    Destination: 127.0.0.1 (127.0.0.1)
Transmission Control Protocol, Src Port: 58232 (58232), Dst Port: 8090
(8090), Seq: 1, Ack: 1, Len: 532
    Source port: 58232 (58232)
    Destination port: 8090 (8090)
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 533    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 32 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 32792 (scaled)
    Checksum: 0x003d [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 3440904, TSecr 3440904
Hypertext Transfer Protocol
    PUT /xcap/test-auid1/users/sip:[email protected]/doc.xml HTTP/1.1\r\n
        Request Method: PUT
        Request URI: /xcap/test-auid1/users/sip:[email protected]/doc.xml
        Request Version: HTTP/1.1
    Content-type: application/note+xml;charset=UTF-8\r\n
    X-XCAP-Asserted-Identity: "sip:[email protected]"\r\n
    User-Agent: Seagull-gull.sourceforge.net\r\n
    Host: clever5:8090\r\n
    Accept: text/html, image/gif, *; q=.2, */*; q=.2\r\n
    Connection: keep-alive\r\n
    Content-Length: 217
    \r\n
eXtensible Markup Language
    <?xml
        version="1.0"
        encoding="UTF-8"
        ?>
    <note
        xmlns:dog="the:namespace:for:dog">
        <dog:to>
            Jani
            </dog:to>
        <from>
            Tove
            </from>
        <heading>
            Re: Reminder
            </heading>
        <body>
            I will not forget you this week end!
            </body>
        </note>
Regards
Anders 

-----Ursprungligt meddelande-----
Från: [email protected]
[mailto:[email protected]] För Lampe, Sebastian
Skickat: den 8 augusti 2007 18:54
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Support for XCAP

Thanks for your answer, corresponding tot he RFC4825 there are several
specifications extending XCAP with other MIME Types:
   Draft-ietf-simple-xcap-diff-05   
        7.1. application/xcap-diff+xml MIME Type . . . . . . . . . . . 8
   RFC 4826
        8.2.1.  application/resource-lists+xml . . . . . . . . . . . . 25
        8.2.2.  application/rls-services+xml . . . . . . . . . . . . . 26  

So I'll send a sample trace file and an example, the view have to look like.

Example of XCAP request and response (packets 39 and 41 from trace file
attached) - looks similar to HTTP!:

No.     Time        Source                Destination           Protocol
Info
39      10.803295   127.0.0.1             127.0.0.1             TCP
58233 > 8090 [PSH, ACK] Seq=1 Ack=1 Win=32792 [TCP CHECKSUM INCORRECT]
Len=532 TSV=3441161 TSER=3441161

Frame 39 (598 bytes on wire, 598 bytes captured)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst:
00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
Transmission Control Protocol, Src Port: 58233 (58233), Dst Port: 8090
(8090), Seq: 1, Ack: 1, Len: 532
Data (532 bytes)

PUT /xcap/test-auid1/users/sip:[email protected]/doc.xml HTTP/1.1\r\n
Content-type: application/note+xml;charset=UTF-8\r\n
X-XCAP-Asserted-Identity: "sip:[email protected]"\r\n
User-Agent: Seagull-gull.sourceforge.net\r\n
Host: clever5:8090\r\n
Accept: text/html, image/gif, *; q=.2, */*; q=.2\r\n
Connection: keep-alive\r\n
content-length: 217\r\n
\r\n
<?xml version="1.0" encoding="UTF-8"?>\r\n
<note xmlns:dog="the:namespace:for:dog">\r\n
<dog:to>Jani</dog:to>\r\n
<from>Tove</from>\r\n
<heading>Re: Reminder</heading>\r\n
<body>I will not forget you this week end!</body>\r\n
</note>\r\n



No.     Time        Source                Destination           Protocol
Info
41      10.803652   127.0.0.1             127.0.0.1             TCP
8090 > 58233 [PSH, ACK] Seq=1 Ack=533 Win=32768 [TCP CHECKSUM INCORRECT]
Len=302 TSV=3441161 TSER=3441161

Frame 41 (368 bytes on wire, 368 bytes captured)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst:
00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
Transmission Control Protocol, Src Port: 8090 (8090), Dst Port: 58233
(58233), Seq: 1, Ack: 533, Len: 302
Data (302 bytes)


HTTP/1.1 201 Created\r\n
Server: Apache-Coyote/1.1\r\n
Pragma: No-cache\r\n
Cache-Control: no-cache\r\n
Expires: Wed, 31 Dec 1969 18:00:00 CST\r\n
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA
date=200605151000)/Tomcat-5.5\r\n
ETag: 1\r\n
Content-Length: 0\r\n
Date: Mon, 07 Aug 2006 21:14:46 GMT\r\n
\r\n

By
Sebastian

> -----Ursprüngliche Nachricht-----
> Von: [email protected] [mailto:wireshark-dev-
> [email protected]] Im Auftrag von Anders Broman
> Gesendet: Mittwoch, 8. August 2007 18:15
> An: 'Developer support list for Wireshark'
> Betreff: Re: [Wireshark-dev] Support for XCAP
> 
> Hi,
> Quickly browsing RFC4825 I get the impression that XCAP is used over
> http
> With different MIME types.
>      15.2. MIME Types . . . . . . . . . . . . . . . . . . . . . . . .
> 61
>        15.2.1. application/xcap-el+xml MIME Type  . . . . . . . . . .
> 61
>        15.2.2. application/xcap-att+xml MIME Type . . . . . . . . . .
> 62
>        15.2.3. application/xcap-ns+xml MIME Type  . . . . . . . . . .
> 63
>        15.2.4. application/xcap-error+xml MIME Type . . . . . . . . .
> 64
>        15.2.5. application/xcap-caps+xml MIME Type  . . . . . . . . .
> 64
> If this is indeed the case you can try to change the TCP port
> preference of
> HTTP ( edit->preferences->protocols->http) to the port in question
> And see if that suits your needs or if you think something more
> should be added. I think some of those MIME types will be handled by
> the XML
> dissector.
> Sending a sample trace file and references to applicable protocol
> descriptions might get some one to take a look at it and do necessary
> updates to dissector code.
> Regards
> Anders
> 
> -----Ursprungligt meddelande-----
> Från: [email protected]
> [mailto:[email protected]] För Lampe, Sebastian
> Skickat: den 8 augusti 2007 17:57
> Till: [email protected]
> Ämne: [Wireshark-dev] Support for XCAP
> 
> Hi,
> 
> we're working on XCAP and want to use Wireshark for testing and
> analyzing network traffic. Will there be any possibility to Wireshark
> for showing XCAP-Packets respectively planed for future releases?
> 
> Currently we have to filter for TCP using a specified port. But instead
> of displaying a formatted view of the content, you only see a
> 'Data'-section underneath the TCP-section.
> 
> Regards,
> Sebastian
> 
> --
> Sebastian Lampe
> 
> Fraunhofer Institute FOKUS
> National R&D Institute for Open Communication Systems
> Competence Center for Next Generation Network Infrastructures - NGNI
> 
> Kaiserin-Augusta-Allee 31
> D-10589 Berlin, Germany
> 
> Tel.: +49 30 3463-7218
> Mail: [email protected]
> http://www.fokus.fraunhofer.de
> 
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> 
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev