Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] An iSCSI expert system for wireshark

From: jimmy wang <jimmy.tianjin@xxxxxxxxx>
Date: Wed, 20 Jan 2010 10:13:40 +0800
Hi core developer,
         I’m a member of Inventec Tianjin Company. We write an iSCSI expert system based on wireshark. The main features of the system include:
1. An iscsi PDU analyzing expert system with about 50 rules. The system can detect protocol error like StatSN less than ExpStatSN, Login response CSG bad value, etc.
2. An enhanced iscsi dissector which based on packet-iscsi.c
3. An iscsi expert information dialog which displays the expert system detecting result, iscsi session/connection topology tree and iscsi parameters.
4. An iscsi flow dialog which displays the iscsi PDU sequence, iscsi session/connection topology tree and iscsi statistics information.
The attachments are the snapshot of the expert information dialog and iscsi flow dialog. 

The expert system include the follow source file:
1. Epan\dissectors\Packet-iscis.c         - enhanced iscsi dissector
2. Epan\dissectors\iscsiexpert-rules.c          - included by packet-iscsi.c for expert system rules
3. Gtk\iscsiexpert_dlg.c        - expert information dialog
4. Gtk\iscsiexpert_stat.c      - iscsi flow dialog

We want our dissector and dialog be included in the main wireshark distribution. Could you please give me some suggestion:
1. Is it possible?
2. May we just send a patch based on packet-iscsi.c or we need send a new file named packet-iscsiexpert.c for the iscsi dissector? If use packet-iscsiexpert.c, we need add a new protocol iscsi[E] and need enable iscsi[E] and disable iscsi manually.

Thanks for your time.

Jimmy

Attachment: iscsi_flow_dlg.jpg
Description: JPEG image

Attachment: iscsi_expert_info_dlg.jpg
Description: JPEG image