try as a port number doesn't always give the right answer, as you might
have a name query packet from an SMB-over-IPX server, meaning it's from
IPX_SOCKET_NWLINK_SMB_SERVER to IPX_SOCKET_NWLINK_SMB_NAMEQUERY, and,
unfortunately, IPX_SOCKET_NWLINK_SMB_SERVER is less than
IPX_SOCKET_NWLINK_SMB_NAMEQUERY and it'll now be dissected as an SMB
packet rather than an NMPI name query packet.
So if the higher-numbered socket is IPX_SOCKET_NWLINK_SMB_NAMEQUERY, we
just try that, we don't try the other port.
svn path=/trunk/; revision=7409
Stream" window, which adds "and !(<filter for the stream>)" to the
display filter in effect before the stream was followed, removing that
stream from the display.
svn path=/trunk/; revision=7408
packets, and mark any stuff before the first BGP header as continuation
data.
Make the main loop for dissecting the BGP packets similar to the loop in
"tcp_dissect_pdus()" (if "tcp_dissect_pdus()" took a starting offset as
an argument, we could use it), so that it handles a BGP header split
between TCP segments.
svn path=/trunk/; revision=7405
stuff I sent out in a mail message to somebody asking how to add support
for a new file format, but hopefully it'll get improved by various
contributors over time (hint hint).
svn path=/trunk/; revision=7397
aren't 1/1193000.0 second; the code used to use 1/1193180.0 second, but
at least one capture appears to have units of somewhere around
1/3579540.0 second.
svn path=/trunk/; revision=7388
Socket 0x9001 is for NLSP - it supports LANs as well as WANs, at least
as I read the specification.
Socket 0x9004 is for "IPX WAN 2".
svn path=/trunk/; revision=7387
- TLV 135 cleanup and support for subTLVs
- a common IP Reach subTLV dissector which dissects
subTLV 1 & 2 [32 & 64 Bit Admin Tags as per
draft-ietf-isis-admin-tags-01.txt]
- rework IPv6-related TLVs.
svn path=/trunk/; revision=7381
2 the time stamps are in units of 1/31250000 seconds rather than
nanoseconds - and, by generating Windows Sniffer captures with various
hdr.timeunit values, that for all the non-zero values he tested, the
time stamps for non-gigabit pod captures are in units of 1/1193000
second.
Instead of having a TpS array, just test for the exception value (0 for
non-gigabit pod captures, 2 for gigabit pod captures).
svn path=/trunk/; revision=7380
* Fix the Extended Method PDU mapping (move code some lines down)
* Decode more WSP Parameter entries (now WAP Provisioning Push OK)
* First check whether the PDU content for Post, Reply and Push PDUs
can be dissected (dissector_try_X function calls), if not then
display the PDU data as "Data" in the WSP protocol tree.
* Replaced "Unsupported header" by "Undecoded header" for clarity
svn path=/trunk/; revision=7376
Duplicate ACKs that are detected/suspected are now also flagged
with which frame the original ACK was seen in and the dup ack number.
This is displayed both in the summary pane as well as in the tree pane.
svn path=/trunk/; revision=7375
Allocate the per-conversation and per-frame data items from a GMemChunk
(which saves memory and CPU time, *and* lets us free all those items
quickly - as opposed to not freeing them at all, as had been the case).
Don't assume that, just because a conversation for the TCP connection
exists, it necessarily has an AJP13 data chunk attached to it; the
conversation might have, for example, been created by the TCP sequence
number analysis code.
svn path=/trunk/; revision=7374
comma-separated, so that the resources will be built correctly and the
version number correctly displayed in the GUI, and make the resources
dependent on "config.nmake" so that they're rebuilt if it's changed.
svn path=/trunk/; revision=7373
and let the Protocol Options header code page and extended methods calls
refer to hexadecimal representation as used everywhere else in the WSP
dissection code.
svn path=/trunk/; revision=7372
FIN flag would previously only add one to the sequence number if the
FIN packet was empty, i.e. did not carry any payload data.
This caused ethereal to incorrectly flag the ACK to such packets
(FIN+payload data) to be incorrectly flagged as
ACK to previously lost segment.
Change the algorithm to always add 1 to the segment length, and thus the sequence number for all packets with teh FIN bit set.
svn path=/trunk/; revision=7371
in the configure script for the all-variables-expanded version of the
data file directory.
Don't AC_SUBST "DATAFILE_DIR", as it's not used.
Define DATAFILE_DIR in config.h as the all-variables-expanded version of
$datadir/ethereal, as that's where the global configuration files such
as manuf and the Diameter files are actually installed.
svn path=/trunk/; revision=7368
it. (Nothing other than "get_datafile_dir()" should use it - anything
that needs to know whether the configuration files are located should
use "get_datafile_dir()".)
svn path=/trunk/; revision=7367
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
svn path=/trunk/; revision=7362
type for loopback devices; map it to DLT_NULL when reading libpcap files
with a major version of 2 and a minor version of 2, and when capturing
from an "loN" device on AIX.
svn path=/trunk/; revision=7361
Guy Harris