Use SESSIONNAME instead of CLIENTNAME to try to detect RDP sessions.
Look for a string that starts with "rdp". This should take care of cases where a default capture filter is set needlessly. Update the docs accordingly. svn path=/trunk/; revision=19236
This commit is contained in:
parent
5f38a25c0b
commit
7d95399a0d
|
@ -1615,7 +1615,7 @@ The I<Filter:> text entry lets you set a capture filter expression to be
|
|||
used when capturing.
|
||||
|
||||
If any of the environment variables SSH_CONNECTION, SSH_CLIENT,
|
||||
REMOTEHOST, DISPLAY, or CLIENTNAME are set, Wireshark will create a
|
||||
REMOTEHOST, DISPLAY, or SESSIONNAME are set, Wireshark will create a
|
||||
default capture filter that excludes traffic from the hosts and ports
|
||||
defined in those variables.
|
||||
|
||||
|
|
|
@ -998,7 +998,7 @@ tcp port 23 and not host 10.0.0.5
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><command>CLIENTNAME</command> (terminal server)</term>
|
||||
<term><command>SESSIONNAME</command> (terminal server)</term>
|
||||
<listitem>
|
||||
<para>
|
||||
<remote name>
|
||||
|
|
20
util.c
20
util.c
|
@ -134,7 +134,7 @@ compute_timestamp_diff(gint *diffsec, gint *diffusec,
|
|||
SSH_CLIENT (ssh): <remote IP> <remote port> <local port>
|
||||
REMOTEHOST (tcsh, others?): <remote name>
|
||||
DISPLAY (x11): [remote name]:<display num>
|
||||
CLIENTNAME (terminal server): <remote name>
|
||||
SESSIONNAME (terminal server): <remote name>
|
||||
*/
|
||||
|
||||
const gchar *get_conn_cfilter(void) {
|
||||
|
@ -174,9 +174,21 @@ const gchar *get_conn_cfilter(void) {
|
|||
host_ip_af(tokens[0]), tokens[0]);
|
||||
return filter_str->str;
|
||||
}
|
||||
} else if ((env = getenv("CLIENTNAME")) != NULL) {
|
||||
g_string_sprintf(filter_str, "not tcp port 3389");
|
||||
return filter_str->str;
|
||||
} else if ((env = getenv("SESSIONNAME")) != NULL) {
|
||||
/* Apparently the KB article at
|
||||
* http://technet2.microsoft.com/WindowsServer/en/library/6caf87bf-3d70-4801-9485-87e9ec3df0171033.mspx?mfr=true
|
||||
* is incorrect. There are _plenty_ of cases where CLIENTNAME
|
||||
* and SESSIONNAME are set outside of a Terminal Terver session.
|
||||
* It looks like Terminal Server sets SESSIONNAME to RDP-TCP#<number>
|
||||
* for "real" sessions.
|
||||
*
|
||||
* XXX - There's a better way to do this described at
|
||||
* http://www.microsoft.com/technet/archive/termsrv/maintain/featusability/tsrvapi.mspx?mfr=true
|
||||
*/
|
||||
if (g_strncasecmp(env, "rdp", 3) == 0) {
|
||||
g_string_sprintf(filter_str, "not tcp port 3389");
|
||||
return filter_str->str;
|
||||
}
|
||||
}
|
||||
return "";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue