Add dissector for XMCP protocol.
From me:
- Fixed an obvious bug setting transaction_id_key[2].key = NULL,
where transaction_id_key is defined with only 2 elements.
- Only register heur_dissector once.
- Only find media_type_dissector_table once.
- Added packet-xmcp.c to CMakeLists.txt
svn path=/trunk/; revision=39131
A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
* Update pflog dissector to the last header format (OpenBSD 4.9)
* Dissect all new field (uid, pid, saddr, daddr...)
* Replace proto_tree_add_xxx(uint/string...) by proto_tree_add_item
* Remove not needed packet-pflog.h file
svn path=/trunk/; revision=38364
Vuze, called Azureus before, is a great BT client and has a lot of users,
while its DHT implementation is different from the official one.
From me: New-style dissectors are supposed to to always return
"bytes dissected" (not just when tree != NULL);
svn path=/trunk/; revision=37755
The menu gets a new item (Statistics -> RTSP -> Packet Counter).
Like HTTP, filter can be set and then the dialog windows shows the result of the RTSP analysis.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6042
svn path=/trunk/; revision=37741
Please see the attached patch which updates the ppi-geolocation support
to v2.0 of the specification. This iteration adds a new tag (sensor) and
removes support for velocity/acceleration from the vector tag. Most of
the changes center on the Vector tag. Everything that takes place
elsewhere is cosmetic.
I ran this iteration through fuzz-test and check-APIs just like last
time.
From me:
Replace tvb_get_ephemeral_string with tvb_format_text. Move dissector
registration to the bottom of each file.
svn path=/trunk/; revision=37733
Attached is a dissector for CN/IP protocol described in EIA-852. It is mainly
used to encapsulate and send Lontalk (EIA-709.1) or EIA-600 frames over UDP (or
TCP).
This dissector can only decode the common header and data frames can be decoded
by further dissectors.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5907
svn path=/trunk/; revision=37596
I made the following improvements to the Modbus/TCP dissector:
1. Implemented protocol to the latest specification (v1.1b). See
http://www.modbus.org/specs.php.
2. Upgraded to "tcp_dissect_pdus" instead of having the dissector do it
manually. This also provides TCP packet reassembly support.
3. Removed support for UDP port 502 because it's not supported by the protocol
specification. I believe "Decode As..." could be used in its place.
4. Added dissector support for the following function codes:
a) 8 - Diagnostics
b) 11 - Event Counter
c) 12 - Event Log
d) 43 - Encapsulation Transport (mostly for 43/14)
5. Removed support for function codes not in the protocol specification. None
of them were really being parsed, they just offered a "name" for the function
code.
6. Moved protocol #defines to header file for access from other dissectors. I
plan to have other dissectors use this, but one patch at a time.
7. Created "modbus" dissector that is accessible to other dissectors.
8. Renamed base "display filter name" to reflect PROTOABBREV.
I removed defines for value_strings, I think it's better to export the vaöue strings if needed.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5923
svn path=/trunk/; revision=37539
The two patches attached allow the dissection of the Homeplug AV Ethernet MAC
management frames between a controlling device and a Homeplug AV Ethernet to
PLC adapter. This protocol is pretty similar to the previous generation
Homeplug protocol (dissected by packet-homeplug.c) but a couple of noticeable
differences make it require its own dissector handler.
This dissector is based on the work done by Nicolas Thill, Xavier Carcelle and
myself in the Faifa project (https://dev.open-plc.org).
The dissector handles the standard Homeplug AV Ethernet MAC management frames
(called public) as well as the Intellon specific management frames (vendor).
From me:
Remove unnecessary global variables.
Add to COL_INFO even when !tree.
Remove gotos.
Remove unnecessary includes.
svn path=/trunk/; revision=37403
The Locator/ID Separation Protocol [1] is being standardized within the IETF,
and it is nearing RFC status (pending security review). I have been maintaining
a dissector patch for about a year, see [2]. Feedback received indicates that,
among others, it is widely used by the developers of a large router vendor,
without issues.
In January I submitted the dissector for data plane packets as bug #5602, which
was committed as r35615. The patch attached to this bug adds support for
dissection of control plane packets.
[1] http://tools.ietf.org/html/draft-ietf-lisp
[2] http://lisp.ccaba.upc.edu/wireshark/
svn path=/trunk/; revision=36845
A new dissector for uTorrent Transport Protocol
From me :
* Add link to spec BEP-0029
* Add note about type/version
* Rework extensions loop
* Use 2-space indenting
svn path=/trunk/; revision=36715
Adds BMC protocol, including adding support for MAC and RLC CTCH channels to carry it.
From me:
Removed hf blurbs = def and removed check_col added tp CMakeList.
svn path=/trunk/; revision=36662
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
This patch adds the capability to create BACnet statistics trees.
Find the respective menu items under 'Statistics->BACnet'.
Packets can be sorted by different criteria:
- Src/Dst IP adresses
- Instance ID
- Object Type
- Service
From me:
- Don't use C++/C99-style comments.
- Name variables for tick_stat_node() don't need to be static.
- Change updateBacnetInfoValue() to require 'data' to be ep_ allocated. Change
the couple of calls that did not send in ep_ allocated data to do so.
- Change one or two functions to be static.
- Do not use (memory-unsafe) g_sprintf().
- Use ep_strconcat() instead of leaking memory with g_strconcat().
- Put back one if(tree) that doesn't appear to do any harm.
- Remove variable declarations and #includes from the header file.
svn path=/trunk/; revision=36468
A patch to add ATM over TCP Dissector.
The dissector dissect only the ATMTCP header (VCI, VPI, Payload Length)
The data are not yet dissect, it is necessary to add a "UAT" (As with the K12
dissector) to indicate the type (ILMI, AAL, ATM...) of data (based on VCI/VPI)
svn path=/trunk/; revision=36354
Patch, which removes both EPL and EPLv1 .h files, as well as adding a heuristic dissector hook to EPL (v1 is nearly nowhere in use anymore, therefore not needed)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5751
svn path=/trunk/; revision=36198
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
Enhance RIPng
* Replace tvb_memcpy/proto_tree_add_text by proto_tree_add_item
* Remove dependency to packet-ipv6.h
* Remove packet-ripng.h (not needed)
Also update AUTHORS file
From me:
Put a check_col() back and reword (shorten) a couple of the new blurbs.
svn path=/trunk/; revision=36033