Use registered fields in both the TACACS and TACACS+ dissectors, and put
in Booleans for request vs. response in TACACS+, as it used to be there
(the request type determines that in TACACS).
svn path=/trunk/; revision=3689
table for IGMP packet types (we treat requests as "Query or Request", as
the type doesn't say which it is).
Base the query vs. request decision on the reported length of the
packet, not the captured length.
Checksum the packet only if it's not fragmented and the captured length
is greater than or equal to the amount to be checksummed, and, for
requests where we don't wire in the length to be checksummed, base it on
the reported length of the packet, not the captured length.
svn path=/trunk/; revision=3683
themselves with the DCE RPC dissector, and support for some of the
protocols atop DCE RPC that are part of DCE RPC, from Todd Sabin.
svn path=/trunk/; revision=3681
that's how Network Monitor displays them. (What are they if they're not
0xffff?).
The PDC Startup announcement message, if not short, includes an LMNT
token between the NT version and LM20 token.
After the DB Count in an Announce change to UAS or SAM message there are
that number of DBChange Info Structures, according to Network Monitor;
dissect them. After that, there is a domain SID size, and, if that size
is non-zero, a domain SID, and only then
In a SAM LOGON request, the domain SID size is a 4-byte quantity, not a
2-byte quantity, and is followed by a domain SID, an NT version, an LMNT
token, and an LM token, according to Network Monitor.
Display the NT version in decimal, as that's how Network Monitor
displays it.
svn path=/trunk/; revision=3666
LM token - it appears to have the value 0xffff in several captures, and
follows an "LMNT Token" field, so it might be an LM token.
svn path=/trunk/; revision=3663
Fixed up some longstanding bugs (predating the tvbuffification)
discovered during regression testing of the tvbuffification.
svn path=/trunk/; revision=3661
compressed Sniffer files by sequentially moving forward, and we no
longer seek backward by seeking to the beginning and then seeking
forward to the new position, we now seek to the beginning of the
compressed block that contains the target position, if we're not already
in that block, and then move to the appropriate position in that block.
svn path=/trunk/; revision=3658
- at least some versions of makewhatis (e.g., the Solaris version)
uses that name in a case-sensitive fashion, so you can't do "man
ethereal", say, you have to do "man Ethereal", and that doesn't work as
the man page file is "ethereal.1", not "Ethereal.1".
svn path=/trunk/; revision=3656
unnecessary as a result of the change that made subdissectors for
GIOP-based protocols register themselves with the GIOP dissector with
their protocol ID and had the GIOP dissector check whether the protocol
is enabled before calling its dissector, so that subdissectors can be
disabled from the "Edit->Protocols" dialog box.
svn path=/trunk/; revision=3654
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
the port - instead, base it on whether the dissector was called directly
from UDP or called from another WAP dissector.
That way, if you explicitly say "decode this as WTP" because there was a
redirection (or if, in the future, the WSP dissector handles
redirections for you, although that won't handle the case of a capture
where the redirection wasn't captured), the column doesn't say "UDP", it
says the right thing.
Don't register the WTLS dissector by name - nobody calls it through a
handle.
Register the WTP dissector by name, as the WTLS dissector tries to get a
handle for it - although it doesn't actually call it, or the WSP
dissector, through a handle.
svn path=/trunk/; revision=3647
Guy Harris