Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Support for XCAP

From: "Lampe, Sebastian" <Sebastian.Lampe@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 9 Aug 2007 12:48:29 +0200
Thanks a lot! Seems to be working ... 

> -----Ursprüngliche Nachricht-----
> Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] Im Auftrag von Anders Broman
> Gesendet: Mittwoch, 8. August 2007 21:56
> An: 'Developer support list for Wireshark'
> Betreff: Re: [Wireshark-dev] Support for XCAP
> 
> Hi,
> I've added some more XCAP application types to the XML dissector in
> revision 22471. You can download it from
> http://wireshark.org/download/automated/ once the build has finished
> http://buildbot.wireshark.org/trunk/
> 
> Here what it will look as if Decode as http is used:
> No.     Time        Source                Destination
> Protocol
> Info
>      28 9.775441    127.0.0.1             127.0.0.1
> HTTP/XML PUT
> /xcap/test-auid1/users/sip:user@xxxxxx/doc.xml HTTP/1.1
> 
> Frame 28 (598 bytes on wire, 598 bytes captured)
>     Arrival Time: Aug  8, 2007 18:41:21.352927000
>     [Time delta from previous captured frame: 0.000207000 seconds]
>     [Time delta from previous displayed frame: 0.000207000 seconds]
>     [Time since reference or first frame: 9.775441000 seconds]
>     Frame Number: 28
>     Frame Length: 598 bytes
>     Capture Length: 598 bytes
>     [Frame is marked: False]
>     [Protocols in frame: eth:ip:tcp:http:xml]
> Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst:
> 00:00:00_00:00:00 (00:00:00:00:00:00)
>     Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
>         Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
>         .... ...0 .... .... .... .... = IG bit: Individual address
> (unicast)
>         .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>     Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
>         Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
>         .... ...0 .... .... .... .... = IG bit: Individual address
> (unicast)
>         .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>     Type: IP (0x0800)
> Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1
> (127.0.0.1)
>     Version: 4
>     Header length: 20 bytes
>     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
>         0000 00.. = Differentiated Services Codepoint: Default (0x00)
>         .... ..0. = ECN-Capable Transport (ECT): 0
>         .... ...0 = ECN-CE: 0
>     Total Length: 584
>     Identification: 0x2dec (11756)
>     Flags: 0x04 (Don't Fragment)
>         0... = Reserved bit: Not set
>         .1.. = Don't fragment: Set
>         ..0. = More fragments: Not set
>     Fragment offset: 0
>     Time to live: 64
>     Protocol: TCP (0x06)
>     Header checksum: 0x0cc2 [correct]
>         [Good: True]
>         [Bad : False]
>     Source: 127.0.0.1 (127.0.0.1)
>     Destination: 127.0.0.1 (127.0.0.1)
> Transmission Control Protocol, Src Port: 58232 (58232), Dst Port: 8090
> (8090), Seq: 1, Ack: 1, Len: 532
>     Source port: 58232 (58232)
>     Destination port: 8090 (8090)
>     Sequence number: 1    (relative sequence number)
>     [Next sequence number: 533    (relative sequence number)]
>     Acknowledgement number: 1    (relative ack number)
>     Header length: 32 bytes
>     Flags: 0x18 (PSH, ACK)
>         0... .... = Congestion Window Reduced (CWR): Not set
>         .0.. .... = ECN-Echo: Not set
>         ..0. .... = Urgent: Not set
>         ...1 .... = Acknowledgment: Set
>         .... 1... = Push: Set
>         .... .0.. = Reset: Not set
>         .... ..0. = Syn: Not set
>         .... ...0 = Fin: Not set
>     Window size: 32792 (scaled)
>     Checksum: 0x003d [validation disabled]
>         [Good Checksum: False]
>         [Bad Checksum: False]
>     Options: (12 bytes)
>         NOP
>         NOP
>         Timestamps: TSval 3440904, TSecr 3440904
> Hypertext Transfer Protocol
>     PUT /xcap/test-auid1/users/sip:user@xxxxxx/doc.xml HTTP/1.1\r\n
>         Request Method: PUT
>         Request URI: /xcap/test-auid1/users/sip:user@xxxxxx/doc.xml
>         Request Version: HTTP/1.1
>     Content-type: application/note+xml;charset=UTF-8\r\n
>     X-XCAP-Asserted-Identity: "sip:user@xxxxxx"\r\n
>     User-Agent: Seagull-gull.sourceforge.net\r\n
>     Host: clever5:8090\r\n
>     Accept: text/html, image/gif, *; q=.2, */*; q=.2\r\n
>     Connection: keep-alive\r\n
>     Content-Length: 217
>     \r\n
> eXtensible Markup Language
>     <?xml
>         version="1.0"
>         encoding="UTF-8"
>         ?>
>     <note
>         xmlns:dog="the:namespace:for:dog">
>         <dog:to>
>             Jani
>             </dog:to>
>         <from>
>             Tove
>             </from>
>         <heading>
>             Re: Reminder
>             </heading>
>         <body>
>             I will not forget you this week end!
>             </body>
>         </note>
> Regards
> Anders
> 
> -----Ursprungligt meddelande-----
> Från: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Lampe, Sebastian
> Skickat: den 8 augusti 2007 18:54
> Till: Developer support list for Wireshark
> Ämne: Re: [Wireshark-dev] Support for XCAP
> 
> Thanks for your answer, corresponding tot he RFC4825 there are several
> specifications extending XCAP with other MIME Types:
>    Draft-ietf-simple-xcap-diff-05
>         7.1. application/xcap-diff+xml MIME Type . . . . . . . . . . .
> 8
>    RFC 4826
>         8.2.1.  application/resource-lists+xml . . . . . . . . . . . .
> 25
>         8.2.2.  application/rls-services+xml . . . . . . . . . . . . .
> 26
> 
> So I'll send a sample trace file and an example, the view have to look
> like.
> 
> Example of XCAP request and response (packets 39 and 41 from trace file
> attached) - looks similar to HTTP!:
> 
> No.     Time        Source                Destination
> Protocol
> Info
> 39      10.803295   127.0.0.1             127.0.0.1             TCP
> 58233 > 8090 [PSH, ACK] Seq=1 Ack=1 Win=32792 [TCP CHECKSUM INCORRECT]
> Len=532 TSV=3441161 TSER=3441161
> 
> Frame 39 (598 bytes on wire, 598 bytes captured)
> Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst:
> 00:00:00_00:00:00 (00:00:00:00:00:00)
> Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1
> (127.0.0.1)
> Transmission Control Protocol, Src Port: 58233 (58233), Dst Port: 8090
> (8090), Seq: 1, Ack: 1, Len: 532
> Data (532 bytes)
> 
> PUT /xcap/test-auid1/users/sip:user@xxxxxx/doc.xml HTTP/1.1\r\n
> Content-type: application/note+xml;charset=UTF-8\r\n
> X-XCAP-Asserted-Identity: "sip:user@xxxxxx"\r\n
> User-Agent: Seagull-gull.sourceforge.net\r\n
> Host: clever5:8090\r\n
> Accept: text/html, image/gif, *; q=.2, */*; q=.2\r\n
> Connection: keep-alive\r\n
> content-length: 217\r\n
> \r\n
> <?xml version="1.0" encoding="UTF-8"?>\r\n
> <note xmlns:dog="the:namespace:for:dog">\r\n
> <dog:to>Jani</dog:to>\r\n
> <from>Tove</from>\r\n
> <heading>Re: Reminder</heading>\r\n
> <body>I will not forget you this week end!</body>\r\n
> </note>\r\n
> 
> 
> 
> No.     Time        Source                Destination
> Protocol
> Info
> 41      10.803652   127.0.0.1             127.0.0.1             TCP
> 8090 > 58233 [PSH, ACK] Seq=1 Ack=533 Win=32768 [TCP CHECKSUM
> INCORRECT]
> Len=302 TSV=3441161 TSER=3441161
> 
> Frame 41 (368 bytes on wire, 368 bytes captured)
> Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst:
> 00:00:00_00:00:00 (00:00:00:00:00:00)
> Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1
> (127.0.0.1)
> Transmission Control Protocol, Src Port: 8090 (8090), Dst Port: 58233
> (58233), Seq: 1, Ack: 533, Len: 302
> Data (302 bytes)
> 
> 
> HTTP/1.1 201 Created\r\n
> Server: Apache-Coyote/1.1\r\n
> Pragma: No-cache\r\n
> Cache-Control: no-cache\r\n
> Expires: Wed, 31 Dec 1969 18:00:00 CST\r\n
> X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA
> date=200605151000)/Tomcat-5.5\r\n
> ETag: 1\r\n
> Content-Length: 0\r\n
> Date: Mon, 07 Aug 2006 21:14:46 GMT\r\n
> \r\n
> 
> By
> Sebastian
> 
> > -----Ursprüngliche Nachricht-----
> > Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> > bounces@xxxxxxxxxxxxx] Im Auftrag von Anders Broman
> > Gesendet: Mittwoch, 8. August 2007 18:15
> > An: 'Developer support list for Wireshark'
> > Betreff: Re: [Wireshark-dev] Support for XCAP
> >
> > Hi,
> > Quickly browsing RFC4825 I get the impression that XCAP is used over
> > http
> > With different MIME types.
> >      15.2. MIME Types . . . . . . . . . . . . . . . . . . . . . . . .
> > 61
> >        15.2.1. application/xcap-el+xml MIME Type  . . . . . . . . . .
> > 61
> >        15.2.2. application/xcap-att+xml MIME Type . . . . . . . . . .
> > 62
> >        15.2.3. application/xcap-ns+xml MIME Type  . . . . . . . . . .
> > 63
> >        15.2.4. application/xcap-error+xml MIME Type . . . . . . . . .
> > 64
> >        15.2.5. application/xcap-caps+xml MIME Type  . . . . . . . . .
> > 64
> > If this is indeed the case you can try to change the TCP port
> > preference of
> > HTTP ( edit->preferences->protocols->http) to the port in question
> > And see if that suits your needs or if you think something more
> > should be added. I think some of those MIME types will be handled by
> > the XML
> > dissector.
> > Sending a sample trace file and references to applicable protocol
> > descriptions might get some one to take a look at it and do necessary
> > updates to dissector code.
> > Regards
> > Anders
> >
> > -----Ursprungligt meddelande-----
> > Från: wireshark-dev-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Lampe, Sebastian
> > Skickat: den 8 augusti 2007 17:57
> > Till: wireshark-dev@xxxxxxxxxxxxx
> > Ämne: [Wireshark-dev] Support for XCAP
> >
> > Hi,
> >
> > we're working on XCAP and want to use Wireshark for testing and
> > analyzing network traffic. Will there be any possibility to Wireshark
> > for showing XCAP-Packets respectively planed for future releases?
> >
> > Currently we have to filter for TCP using a specified port. But
> instead
> > of displaying a formatted view of the content, you only see a
> > 'Data'-section underneath the TCP-section.
> >
> > Regards,
> > Sebastian
> >
> > --
> > Sebastian Lampe
> >
> > Fraunhofer Institute FOKUS
> > National R&D Institute for Open Communication Systems
> > Competence Center for Next Generation Network Infrastructures - NGNI
> >
> > Kaiserin-Augusta-Allee 31
> > D-10589 Berlin, Germany
> >
> > Tel.: +49 30 3463-7218
> > Mail: sebastian.lampe@xxxxxxxxxxxxxxxxxxx
> > http://www.fokus.fraunhofer.de
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> 
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev