Generally found within a file (.p12 or .pfx) or as a directory attribute (userPKCS12 from iNetOrgPerson).
Wiki page and sample file to follow.
svn path=/trunk/; revision=20416
I have added a new dissector for DMP (STANAG 4406 Direct Message
Profile) as defined in STANAG 4406 Annex E. The DMP protocol has no
assigned UDP port number yet, so the default value in this dissector
is 0 (I suppose this is som sort of "disabled"?) until we get this
registered.
The dissector has been tested on OSX Intel/PowerPC and Solaris SPARC.
Changes in this patch:
* Added DMP dissector
* Added a new CRC table and functions in crc16.c
* Made NonDeliveryReasonCode and NonDeliveryDiagnosticCode available
from X.411
* Made NonReceiptReasonField and DiscardReasonField available from X.420
svn path=/trunk/; revision=20133
This is a new dissector for STUN v2, that is currently in WGLC at the IETF.
- Keep packet-stun.c for the RFC 3498 protocol, plus the STUN and TURN
drafts up to draft-ietf-behave-rfc3489bis-02 and
draft-rosenberg-midcom-turn-08, as there is some huge deployments using
this. There will be no modification to this dissectors in the future,
excepted perhaps to add support for retransmission or things like this.
- Add a new dissector packet-stun2.c for the new STUN (currently in
WGLC), the STUN relay-usage (formerly known as TURN) and the other
usages that will be added in the future (IPv6, NAT Behavior, etc...).
svn path=/trunk/; revision=20131
New dissector for ETSI DCP (ETSI TS 102 821).
Code rearranged to look more like other Wireshark dissectors and some warnings/errors
on Windows fixed.
svn path=/trunk/; revision=19981
The RDM protocol has been accepted as ANSI standard E1.20-2006. The following patch updates the decoder to that spec.
At the same time it is promoted to a build-in dissector.
svn path=/trunk/; revision=19596
this is a wrapper protocol to store SCSI frames inside usb bulk data transfers
the dissector is far from complete but does
track ITL and ITLQ structures and will also call the SCSI dissector to
dissect the SCSI CDB.
what is still missing is handling of data in/out and scsi responses
at least it will now display the SCSI CDB and dissect it. woohoo
svn path=/trunk/; revision=19589
packet-cisco-wireless.c is actually trying to dissect WLCCP:
I have attached a dissector I wrote from scratch for the
frames that I'm seeing. It has #defines for the field offsets and
lengths so it should be easier to merge. I also attached a sample
capture with one of the frames that I'm seeing. There are more fields
in the frame I haven't yet figured out, hopefully your dissector has
those that I'm missing.
Me: - Commented in wlccp over udp as well, it works most of the time.
- Leave the file packet-cisco-wireless.c in for the time being to
copy over knowledge until no usable info is left in the file.
svn path=/trunk/; revision=19447
dissector for Enea's LINX protocol?
A protocol spec is available at <http://www.enea.com/templates/Extension____8947.aspx>. The source of the kernel module could be obtained from Enea by sending a request to "linx at enea dot com".
Currently they use ethertype 0x9999 which is not registered at IEEE.
svn path=/trunk/; revision=19430
few things to be fixed:
- // comments,
- not every hf_xxx used might be registered
some packages from the current h248 dissector are still missing.
svn path=/trunk/; revision=19407
various changes to the existing scsi dissector to start allowing different commandsets to be implemented in their own dissector files to prevent the scsi dissector to become as huge as the parlay dissector
svn path=/trunk/; revision=19360
I have figured out one of the fields in the MAPI
EcRRegisterPushNotification packet. The field is a UDP port number that
the client wants the Exchange server to send new mail notifications on.
These notifications are on a port > 1023 and are always 8 bytes long.
It looks like I would add the function name to the
dcerpc_mapi_dissectors[] for the register push notification. What would
my new function need to do besides display the field?
Thanks,
Steve
Here is a patch to add this functionality. It displays the notification
port and the notification payload (not sure what the payload itself
means yet). It also dynamically registers each notification port found
with a new dissector (that I called newmail for lack of a better name -
I'm open to suggestions) that displays the notification payload. This
is all undocumented by Microsoft in their usual fashion.
I also changed the code to always display the mapi.opnum field;
currently, the mapi.opnum is only displayed when the
dcerpc_mapi_dissector is null.
Steve
svn path=/trunk/; revision=19350
this protocol is not too interesting yet since only the function names of this interface is known but it is more that no dissection at all
svn path=/trunk/; revision=19333
New protocol: epl v1
Hi,
in addition to the recently submitted dissector for the EPL v2 protocol,
this is the dissector for the first version of the EPL protocol.
Best Regards,
David
svn path=/trunk/; revision=19125
this patch adds support for MPEG2 transport stream packets in RTP (type
MP2T). It currently dissects the headers of the MPEG2 packets
svn path=/trunk/; revision=19023
new protocol: veritas low latency transport
---
Attached is a patch file that adds a new dissector for the LLT protocol
(Veritas Low Level Transport, used for server clustering). They use
ethertype 0xCAFE even though it isn't assigned to them :(. There are
other fields and possibly other message types directly between servers
it does not yet dissect as no one outside of Veritas knows what they
are. This dissector understands the one people will run across most -
multiple servers broadcasting these heartbeats all over the place. I
figured out these fields through many Internet searches.
I will add the protocol to the Wiki after it is committed.
Thanks,
Steve
svn path=/trunk/; revision=18944
I have developed a plugin for Pro-MPEG FEC packets over RTP (see
previous posts on ethereal-dev). I have added a page and example capture
file to the Wiki (http://wiki.wireshark.org/2dParityFEC). The source and
Windows makefile for the plugin are attached. Unfortunately I do not
have access to other systems so this plugin has been tested on Windows
only.
The attached version of my plug-in has only had the copyright header
added.
I will translate this into a proper dissector rather than a plug-in as
requested, but this may take a little time as I have a lot of other
things
to do at the moment.
Me:
Convert into a normal dissector
Reorder / reformat code a bit
Added Marks name to the top of the file.
svn path=/trunk/; revision=18908
This patch adds a new dissector for the daytime protocol (like the time
protocol, but the date and time is send as a text string). This protocol and
dissector work s over TCP or UDP.
svn path=/trunk/; revision=18823
A disassembly module I wrote for Pegasus Lightweight Stream Control, a protocol used by some cable set-top boxes for video-on-demand.
svn path=/trunk/; revision=18807
- allow SDP to parse the IP address + port for the MSRP session from the
path attribute
- setup an MSRP conversation using this address, whose data points back
to the SDP frame
- link to the SDP setup frame while dissecting MSRP (can be switched off
by a preference)
- I also changed sdp.media.port to be a numeric field
svn path=/trunk/; revision=18806
this dissector will not yet detect when ppp is passed over the rfcomm link
but the old code to detect and deescapt the ppp data is still in the dissector, though ifdeffed out to serve as inspiration when ppp over rfcomm captures are made available.
the only captures i have with rfcomm are for raw serial communications so they dont contain any ppp frames. :-(
svn path=/trunk/; revision=18221
acl chandle + direction + l2cap-CID to uniquely identify a single specific
flow of PDU packets.
So we need to pass the chandle upp from acl to l2cap at least.
It would have been nice to handle this using "conversations" but the bluetooth
stack does not eaily map to the idiom host:port<->host:port
instead in bluetooth you have unidirectional flows that are identified by ACL-chandle:L2CAP-CID:direction and additional state held inside l2cap would attach two such flows together into a "conversation".
Bluetooth packets themself only indentify "half" of the two way conversation.
svn path=/trunk/; revision=18218
the fragment reassembly from the old patch is commented out since it has to be redone completely using emem and se_trees the proper way.
but to do this i would need example captures of fragmented bluetooth traffic first.
svn path=/trunk/; revision=18149
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
Here is a patch for gsm_map dissector that adds USSD string decoding (mainly used in processUnstructuredSS-Request, UnstructuredSS-Request, UnstructuredSS-Notify). For now, it assumes that it will be GSM 7 bits.
It re-use packet-gsm_sms.c "gsm_sms_char_7bit_unpack" and "gsm_sms_char_ascii_decode" functions, as well as packet-smpp.c "smpp_handle_dcs" function.
svn path=/trunk/; revision=17739
rename binding into assoc(iation) which is the AOC name.
move the definition of sccp_assoc_t to packet-sccp.h so that information regarding sccp associations it can be used by user protocols
svn path=/trunk/; revision=17590
- New Dissector Novell Cluster Services
1. Changes Dir Handle Type from Boolean to val string
2. Changes Search Mode from Boolean to val string
3. Adds a number of additional attribute definitions
4. Adds file migration state values
5. Adds missing return values
6. Adds NCP 90,150 "File Migration Request"
svn path=/trunk/; revision=16844
Log:
From Grame Lunt:
updated X.500 dissectors to include DOP support.
The "dop" dissector is the renamed "x501" dissector consequently the asn/x501 directory should be removed. The patch includes the changes to epan/dissectors/Makefile.common to reflect this.
As the DOP dissection is not fully tested, I have disabled it by default for now (like DSP) but it can be enabled by the user.
svn path=/trunk/; revision=16727
New protocol : CIGI (with minor updates to make it heuristic)
Hi,
This patch is for a CIGI dissector (complete versions 2 and 3). It has
been [fuzz] tested on GNU/Linux using the Ethereal 0.10.13 codebase.
However, the patch here is against the svn repository.
More information about CIGI can be found at http://cigi.sourceforge.net/
Kyle Harms
svn path=/trunk/; revision=16681
Added a new dissector for CDT (CompressedDataType) as
defined in STANAG 4406 Annex E. This dissector is used in P_Mul to
decode encapsulated X.411 content. I have added a function in the
X.411 dissector to decode a MTS APDU without having a ROS
Changes in this patch:
* Added CDT dissector
* Use CDT dissector in P_Mul
* Added function to decode MTS APDU in the X.411 dissector
svn path=/trunk/; revision=16567
we will do service-response-time statistics before other inferior products have even noticed a new protocol is in town.
svn path=/trunk/; revision=16463
New protocol : STANAG 5066
I changed it from being a plugin to a builtin dissector
and also changed a couple of small bugs
svn path=/trunk/; revision=16390
makefile.common.diff - epan directory
1. Adds new packet-ncp-sss.c and packet-ncp-sss.h for new Secret Store dissector
New Novell Secret Store Services dissector
packet-ncp-sss.c
packet-ncp-sss.h
ncp2222.py.diff
1. Adds a number of return values
2. Adds 64bit file size support
3. Add NCP 89,xx NCP's for UTF8 support
4. Fixes a number of field values for proper dissection
5. Adds support for Secret Store dissector
packet-ncp2222.inc.diff
1. Skwelches some compiler warnings
2. Redo of fix for bug 535 which original fix broke dissection of NDS verb 5
3. Adds support for Secret Store dissector
4. Adds expert data
5. Adds tap for service response time
6. Fixes dissection of stream attribute
7. Fixes defragmentation problem with more then 10 fragments
8. Fixes NDS dissection if reply buffer was less then 7
packet-ncp.c.diff
1. Adds tap data
2. Adds expert data
3. Fixes calculation for NCP connection number
4. Fixes malformed packet for destroy service connection
packet-ncp.c.diff
1. Adds tap data
svn path=/trunk/; revision=16266
almost none of the data - fill in only variables for what we need, and
use proto_tree_add_item() in most cases.
Move what's left of the packet-winsrepl.h header into packet-winsrepl.c,
and get rid of the header.
Dissect the name flags field in detail, as per the Samba code.
We don't do any checks for whether the packet is a valid WINS
replication packet, so don't make the dissector a new-style dissector.
svn path=/trunk/; revision=15935
Graeme Lunt