If we do not see the TreeConnect call when a TID is connected, we did not
know it was a IPC share.
If we do not know what kind of share it is we assume it being a normal one
and thus read/write data to that share is normal file i/o.
Update the dissector so that IF it sees a Transaction SMB carrying PIPE (dcerpc)
then we assume that all other read/write to that TID is also DCERPC.
I.e. we assume the entire TID is IPC.
svn path=/trunk/; revision=6747
know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
svn path=/trunk/; revision=6746
session; treat all packet type values >= 1 and <= 18 as valid packet
types.
Do standard TCP desegmentation of Netlib buffers, and do reassembly of
TDS messages fragmented over multiple Netlib buffers, rather than doing
the "remember what was in the last TCP segment" stuff; I've seen nothing
to indicate that a TDS message would continue past the last byte of a
"last buffer in request or response" Netlib buffer, and the "remember
what was in the last TCP segment" stuff was complicated and buggy,
perhaps irreparably so ("buggy" as in "crashes").
Make the top-level protocol item for a TDS message be an item for
"proto_tds", and put both the Netlib header and TDS stuff under that
item - that's what Microsoft Network Monitor does.
Get rid of the unused Netlib heuristic subdissector list.
Don't make a new data source for NTLMSSP data in a TDS message - the
data is just a slice of the message, it's not transformed from ASCII hex
to binary, or reassembled, or anything such as that.
Tokens are tokens, not PDUs.
Make the heuristics a bit stronger, to reject packets that are clearly
not TDS packets. Once the heuristics match, make a non-heuristic
dissector the dissector for the conversation.
Quit dissecting the TCP segment (or reassembled data) if we have a
Netlib buffer with a length < 8, as it's not large enough to even have a
Netlib header.
svn path=/trunk/; revision=6737
by DCE RPC are usually little-endian; fix a bunch of
"proto_tree_add_item()" calls (most are for byte-array or string fields,
so the byte order doesn't make a difference, but one is a number).
Put an item into the protocol tree for the encrypted NT password block.
Mallocate the buffer for the Unicode version of the password, rather
than assuming it'll fit in 256 bytes.
"g_malloc()" never returns NULL - it either allocates memory or aborts -
so don't check for a mallocation failure.
Don't try to decrypt the NT password block if we don't have a password.
svn path=/trunk/; revision=6731
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
Support for mDNS/LLMNR "cache flush" bit
Label mDNS and DNS differently in the Protocol column
Clean up summary line for PTR records
svn path=/trunk/; revision=6709
frame and the previous frame in the capture - a frame that might not be
displayed, so you don't know what it was - rather than the previous
frame in the display, as is intended. Fix that.
svn path=/trunk/; revision=6708
Replace the large matrix of protocol togglebuttons with a GtkCList. The
CList displays three columns: the enabled/disabled state, the protocol's
abbreviated name and the protocol's full name. Protocols can be enabled
or disabled by double-clicking on them. The enable all, disable all, and
invert buttons were left intact.
I made a half-assed attempt at Gtk2 support by copying code from
plugins_dlg.c. It's incomplete, and probably won't compile.
Using check boxes in the first column instead of the word "Disabled" would
have been nice. GtkCLists don't let you embed anything besides text and
pixmaps unfortunately.
Update the man page accordingly.
We still need a way to save a list of disabled protocols.
svn path=/trunk/; revision=6707
There is not a third option Advanced... in addition to frames/tick and bytes/tick.
See ethereal man page for description and how one can use this to graph how NFS response time MAX/MIN/AVG changes over time.
svn path=/trunk/; revision=6703
current "this is an error packet" flag and set that flag, so the payload
is dissected as the payload of an error packet rather than as a "real"
packet.
svn path=/trunk/; revision=6701
