Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Redback Lawful Intercept Dissector

From: Florian Lohoff <flo@xxxxxxxxxx>
Date: Thu, 10 Apr 2008 20:52:00 +0200
On Thu, Apr 10, 2008 at 10:27:50AM -0500, Michael A. McCartney wrote:
> Florian,
> 
> There is a existing bug ticket open for this:
> 
> http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2376

I took a look and cooked an even more strict patch than there was in
the bug report and attached it to the bug. It correctly does not touch
the klive capture but does correctly decode the redbackli cap ...

It should even refuse to claim the packet if there is e.g. 
a byte combination of:

	0x01 0x04 0xAA 0xBB 0xCC 0xDD 0x00 0x00

at the beginning - currently this would be a legal AVP_SEQNO with a 
4 byte integer and than an AVP_EOH.

With the more strict patch it would at least 2 more AVPs with correct
length and correct number of bytes inbetween so much less likely
to trigger accidentally.

Flo
-- 
Florian Lohoff                  flo@xxxxxxxxxx             +49-171-2280134
	Those who would give up a little freedom to get a little 
          security shall soon have neither - Benjamin Franklin

Attachment: signature.asc
Description: Digital signature