I'm a user of Aruba / Alcatel OAW Wireless Switch ( www.arubanetworks.com )
The stream (802.11 Frame) is encapsulated in a tunnel GRE.
svn path=/trunk/; revision=26446
Add the fragment to the defragmentation sequence if the SMTP dissector
encouters a packet that contains both a DATA fragment and the terminating
\r\n.\r\n sequence.
svn path=/trunk/; revision=26419
The L2CAP dissector assumes all packets on a connection oriented channel are
B-frames (basic mode, or v1.1 backwards compatibility).
Retransmission mode or flow control mode (introduced in v1.2 bluetooth spec)
use I-frames and S-frames, which are described in the current 2.1 spec here:
Volume 3 (core, host volume) - Part A (L2CAP) - 3.3 (CONNECTION-ORIENTED
CHANNEL IN RETRANSMISSION/FLOW CONTROL MODES).
svn path=/trunk/; revision=26383
This patch adds support for DHCPv4 coordinate-based Location Configuration
Option 123, as proposed by RFC 3825.
The decoding functionality is based on the RFC3825decoder by Klaus Darilion
http://www.enum.at/rfc3825encoder.529.0.html
svn path=/trunk/; revision=26381
Sniffing native ICQ client I've found that SNAC(0x13,09) may contains more than
one buddy to modify. Also in attached patch enhanced decoders for SNACs
0x18-0x1B of family 0x13.
svn path=/trunk/; revision=26355
The attached patch fix several bugs in the decoding function to display the
Cell Channel Description (44.018 chapter 10.5.2.1b) and the Frequency List
(44.018 chapter 10.5.2.13) information elements content.
Without this patch the ARFCNs displayed are completely wrong.
svn path=/trunk/; revision=26354
The idea is that there is now some hardware that can put 802.15.4 frames over
Ethernet. To do so, the 802.15.4 frames are wrapped in an Ethernet frame, with
the Ethertype set to a value indicating the payload is 802.15.4.
Since there is no official ETHTYPE designated by the IEEE, the number 0x809A
is used in this code. However a preference is added to the "IEEE 802.15.4" type
in the preference dialog allowing you to change this ethtype to something else.
The hardware for those interested is the Atmel Raven USB Stick.
svn path=/trunk/; revision=26352
add a parameter *datalen to decrypt_krb5_data() so that we can pass back
the length of the decrypted blob back to the caller.
This is useful for when there are "junk" at the end of the blob and thus
the decrypted data is not the same size as the encrypted blob.
GSS CFX is one such example.
(we should have done this earlier since it might have made some other
stuff easier to imlement...)
make the preference setting krb_decrypt a globally visible variable so
we can see its value and act on it from callers of krb decryption from
outside of packet-kerberos.c i.e. from GSS CFX
Make keytype == -1 a wildcard that when passed to decrypt_krb5_data()
will try any/all encryption keys.
This since GSS CFX does not provide the enctype in the GSS layer.
(The GSS CFX enctype is only negotiated during the AP-REQ/REP so we
should later pick this value up and store it in a CFX session variable.
That is for a later enhancement.
)
Enhance the GSS decryption (that for hitorical reasons are implemented
in packet-spnego.c and not packet-gssapi.c :-) )
to also handle decryption of GSS CFX
This should make wireshark able to decrypt any/all GSSAPI RFC4121
packets, if the keytab file is provided.
I have successfully decrypted LDAP using GSS CFX with AES encryption
with this.
svn path=/trunk/; revision=26350
- Split SEQ/ACK analysis into SEQ analysis (pr msg) and ACK analysis
(pr dest/ackinfo entry) to correctly handle multicast messages.
- Improved dump of timestamp (in units of 100ms).
- Show Address PDU with 0 dest entries as Ack-Ack PDU.
- Print correct number of missing sequence numbers in Ack.
- Indicate end of list entry in Ack.
- Message ID is unsigned.
svn path=/trunk/; revision=26345
Modbus Application Protocol Specification V1.1b includes a function 43 (0x2b)
Encapsulated Interface Transport. When Wireshark encounters this message it is
shown as a TCP message, not a Modbus message.
svn path=/trunk/; revision=26314
"tcp.stream", this will make it possible to sort packets by
tcp stream, filter tcp streams exactly, etc.
It is also the preparation for a fix for bug 1447
svn path=/trunk/; revision=26305
NFSV4 parsing of the GETATTR reply is broken. I'm not sure what is going on,
but I re-wrote the GETATTR parsing anyways and my version of the parsing does not
exibit the same problems.
svn path=/trunk/; revision=26304
The DNS dissector conflates KEY (used for TSIG) and DNSKEY records. Also, the
DNSKEY dissector doesn't parse the REVOKED flag, defined in RFC 5011.
The attached patch splits KEY and DNSKEY parsing, and adds support for REVOKED.
svn path=/trunk/; revision=26298
callback address/port with only 2 octets (high/low port) i.e. witout
specifying the ip address.
this caused wireshark to corrupt memory when trying to 0-terminate the
original string after the fourth '.' which happened to be beyond the
end of the string.
svn path=/trunk/; revision=26296