Use SESSIONNAME instead of CLIENTNAME to try to detect RDP sessions.

Look for a string that starts with "rdp". This should take care of cases where a default capture filter is set needlessly. Update the docs accordingly. svn path=/trunk/; revision=19236
2006-09-15 21:35:01 +00:00 · 2006-09-15 21:35:01 +00:00 · 7d95399a0d
parent 5f38a25c0b
commit 7d95399a0d
3 changed files with 18 additions and 6 deletions
--- a/doc/wireshark.pod
+++ b/doc/wireshark.pod
@ -1615,7 +1615,7 @@ The I<Filter:> text entry lets you set a capture filter expression to be
 used when capturing.

 If any of the environment variables SSH_CONNECTION, SSH_CLIENT,
-REMOTEHOST, DISPLAY, or CLIENTNAME are set, Wireshark will create a
+REMOTEHOST, DISPLAY, or SESSIONNAME are set, Wireshark will create a
 default capture filter that excludes traffic from the hosts and ports
 defined in those variables.

--- a/docbook/wsug_src/WSUG_chapter_capture.xml
+++ b/docbook/wsug_src/WSUG_chapter_capture.xml
@ -998,7 +998,7 @@ tcp port 23 and not host 10.0.0.5
 	  </listitem>
 	</varlistentry>
 	<varlistentry>
-	  <term><command>CLIENTNAME</command> (terminal server)</term>
+	  <term><command>SESSIONNAME</command> (terminal server)</term>
 	  <listitem>
    <para>	
   	&lt;remote name>
--- a/util.c
+++ b/util.c
@ -134,7 +134,7 @@ compute_timestamp_diff(gint *diffsec, gint *diffusec,
   SSH_CLIENT (ssh): <remote IP> <remote port> <local port>
   REMOTEHOST (tcsh, others?): <remote name>
   DISPLAY (x11): [remote name]:<display num>
-   CLIENTNAME (terminal server): <remote name>
+   SESSIONNAME (terminal server): <remote name>
 */

 const gchar *get_conn_cfilter(void) {
@ -174,9 +174,21 @@ const gchar *get_conn_cfilter(void) {
 				host_ip_af(tokens[0]), tokens[0]);
 			return filter_str->str;
 		}
-	} else if ((env = getenv("CLIENTNAME")) != NULL) {
-		g_string_sprintf(filter_str, "not tcp port 3389");
-		return filter_str->str;
+	} else if ((env = getenv("SESSIONNAME")) != NULL) {
+        /* Apparently the KB article at
+         * http://technet2.microsoft.com/WindowsServer/en/library/6caf87bf-3d70-4801-9485-87e9ec3df0171033.mspx?mfr=true
+         * is incorrect.  There are _plenty_ of cases where CLIENTNAME
+         * and SESSIONNAME are set outside of a Terminal Terver session.
+         * It looks like Terminal Server sets SESSIONNAME to RDP-TCP#<number>
+         * for "real" sessions.
+         *
+         * XXX - There's a better way to do this described at
+         * http://www.microsoft.com/technet/archive/termsrv/maintain/featusability/tsrvapi.mspx?mfr=true
+         */
+		if (g_strncasecmp(env, "rdp", 3) == 0) {
+			g_string_sprintf(filter_str, "not tcp port 3389");
+			return filter_str->str;
+		}
 	}
 	return "";
 }