kNet (KristalliNet) dissector for Wireshark
kNet is a connection-oriented network protocol for transmitting arbitrary application-specific messages between network hosts. It is designed primarily for applications that require a method for rapid space-efficient real-time communication. kNet is an application-level protocol which can be ran either over UDP, TCP or SCTP transports.
From me :
* Add Modelines information and fix trailing whitespace
* Merge packet-knet.h in packet-knet.c
* Make Checkhf happy
* Fix Clang/GCC Warning about unused variable
* Add Authors info & CMakeList.txt
svn path=/trunk/; revision=40010
Enhance XMPP Dissector
XMPP is communication protocol that is based on XML.
Existing Jabber dissector has only few filtering possibilities and displays packets in inconvenient way.
This dissector is a result of cooperation with Jitsi community as Google Summer of Code project (http://www.jitsi.org/index.php/GSOC2011/XmppWireshark).
From me :
Add Mariusz Okrój in AUTHORS File
Add Modelines information
svn path=/trunk/; revision=39799
Dissector for the USB Integrated Circuit Card Interface Device Class (CCID)
I've implemented a reasonable subset of a dissector for the USB CCID specification (as described at http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf), during the course of experimenting with an ACS ACR122U ISO 14443 card reader and MiFare tokens.
It currently identifies all of the message types listed in that specification,ng.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines
* Fix Checkhf (Remove a unused entry)
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
svn path=/trunk/; revision=39750
Dissector for the NXP MiFare Protocol
I've just finished writing a dissector for the NXP-proprietary MiFare Protocol, as used alongside ISO 14443-A by a popular range of contactless (not-so-smart) cards, and various emulations, variants and clones thereof.
It currently supports all of the commands listed in http://www.nxp.com/documents/data_sheet/MF1S703x.pdf that also happen to be supported by LibNFC (http://code.google.com/p/libnfc/) - modulo the "NAK" and CRC bytes, since I haven't found examples of their usage in my USB traces, and I didn't want to hand-craft (probably incorrect) examples for testing.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines;
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
* Add Modelines information
svn path=/trunk/; revision=39746
Dissector for HSR and PRP-1
Here is a patch that adds a dissector for HSR and for PRP-1. Both protocols are defined in IEC62439 Part 3. (High-availability Seamless Redundancy / Parallel Redundancy Protocol)
The existing PRP dissector has been refactored to support both the old PRP (now called PRP-0) and the new PRP-1.
There are three distinct dissectors:
- HSR (ethertype 892F)
- HSR/PRP supervision (ethertype 88FB)
- PRP-0 and PRP-1 (trailer dissector; disabled by default)
From me :
* Fix Clang Warning
* Add modification for CMakeLists.txt
svn path=/trunk/; revision=39692
Enhance Universal Alcatel Protocol
Several fixes and heuristic version. You can also specify the ports (as in the previous version), if the heuristic version is not working properly.
svn path=/trunk/; revision=39691
BitTorrent DHT dissector for wireshark
From me :
* Fix encoding attribut for proto_tree_add_item (with fix-encodings-args script)
svn path=/trunk/; revision=39653
dissector for HDCP (High bandwidth Digital Content Protection)
HDCP can run on top of TCP, there's no fixed port number assigned. I created a heuristic dissector that's disabled by default and can be enabled by setting a preference (similar to the hilscher dissector). The idea behind this is that some HDCP messages are hard to recognize (e.g. one byte message id + 8 random bytes). Having the dissector enabled at all times may generate false positives.
svn path=/trunk/; revision=39480
New Protocol Submission for MVRP (Multiple VLAN Registration Protocol)
New dissector submission for Multiple VLAN Registration Protocol (MVRP) defined in 802.1ak Standard, section 11. MVRP is used to to dynamically create and update Dynamic VLAN Registration Entries.
From me :
* Fix error from fix-encodings-args script
* Add Modeline information
* Added packet-mrp-mvrp.c to CMakeLists.txt
svn path=/trunk/; revision=39477
Add dissector for public protocol Flight Message Transfer Protocol (FMTP)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6433
- Modified and moved col_add_fstr outside of if(tree)
- call data dissector for data
- use ENC_BIG_ENDIAN
- minor cleanups
svn path=/trunk/; revision=39403
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5929
From me:
packet-cipmotion.c:
FT_BOOLEAN fields with bitmasks need a bit-fieldwidth in the hf[] entry 'display' field;
Define attribute_size as guint32 since it has to store guint8*guint16;
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
Remove trailing whitespace from lines;
Other minor cleanup and reformatting.
packet-enip.c:
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
svn path=/trunk/; revision=39396
Move sniffer meta data parsing to separate files
packet-ieee80211.c includes dissectors for three different styles
of IEEE 802.11 sniffer meta data (like signal strength). Move these
to separate files in the same style as a fourth format (radiotap)
was already handled, so that packet-ieee80211.c focuses on the
actual IEEE 802.11 frame dissecting.
This reverts
http://anonsvn.wireshark.org/viewvc?revision=23911&view=revision
Objections?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6443
svn path=/trunk/; revision=39379
- Follow closely draft-ietf-p2psip-base-18
- Added support for draft-ietf-p2psip-base-18,
draft-ietf-p2psip-sip-06,
draft-ietf-p2psip-service-discovery-03,
draft-ietf-p2psip-self-tuning-04,
draft-ietf-p2psip-diagnostics-06,
draft-zong-p2psip-drr-00,
- Handoff to the xml dissectors for
configuration data
- export the message content dissection function
in the new packet-reload.h file for use in
related protocols (draft-hautakorpi-p2psip-with-hip-01)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6317
From me:
- Fix a few C++ style comments;
- Fix:
packet-reload.c(2156) ... conversion from 'guint64' to 'guint32', possible loss of data
packet-reload.c(3528) ... conversion from 'guint64' to 'guint32', possible loss of data
Note: Additional fix yet req'd since checkhf.pl gives:
ERROR: NO ARRAY: packet-reload.c, hf_reload_dmflag_underlay_hop
Unused entry: packet-reload.c, hf_reload_storeddata_signature
Unused entry: packet-reload.c, hf_reload_storeddataspecifiers
(Compile is OK).
svn path=/trunk/; revision=39301
This is a dissector for the BRP (Bandwidth Reservation Protocol). This protocol
is used by various telecommunications vendors to establish VoD (Video
On-Demand) sessions between a STB (Set Top Box) at the customer's home and the
VoD server at the video head-end.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6428
- Changed hf blurbs to NULL
- Used dissector_add_handle() as the proposed port is registered to a different protocol.
svn path=/trunk/; revision=39254
New dissectors: (UA) Universal Alcatel Protocol and transport UAUDP
From me :
* Prefer proto_tree_add_item (when is possible)
* Use 4-space indenting
* Add Modeline information
* Fix Clang Warning
svn path=/trunk/; revision=39167
Add dissector for XMCP protocol.
From me:
- Fixed an obvious bug setting transaction_id_key[2].key = NULL,
where transaction_id_key is defined with only 2 elements.
- Only register heur_dissector once.
- Only find media_type_dissector_table once.
- Added packet-xmcp.c to CMakeLists.txt
svn path=/trunk/; revision=39131
A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
* Update pflog dissector to the last header format (OpenBSD 4.9)
* Dissect all new field (uid, pid, saddr, daddr...)
* Replace proto_tree_add_xxx(uint/string...) by proto_tree_add_item
* Remove not needed packet-pflog.h file
svn path=/trunk/; revision=38364
Vuze, called Azureus before, is a great BT client and has a lot of users,
while its DHT implementation is different from the official one.
From me: New-style dissectors are supposed to to always return
"bytes dissected" (not just when tree != NULL);
svn path=/trunk/; revision=37755
The menu gets a new item (Statistics -> RTSP -> Packet Counter).
Like HTTP, filter can be set and then the dialog windows shows the result of the RTSP analysis.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6042
svn path=/trunk/; revision=37741
Please see the attached patch which updates the ppi-geolocation support
to v2.0 of the specification. This iteration adds a new tag (sensor) and
removes support for velocity/acceleration from the vector tag. Most of
the changes center on the Vector tag. Everything that takes place
elsewhere is cosmetic.
I ran this iteration through fuzz-test and check-APIs just like last
time.
From me:
Replace tvb_get_ephemeral_string with tvb_format_text. Move dissector
registration to the bottom of each file.
svn path=/trunk/; revision=37733
Attached is a dissector for CN/IP protocol described in EIA-852. It is mainly
used to encapsulate and send Lontalk (EIA-709.1) or EIA-600 frames over UDP (or
TCP).
This dissector can only decode the common header and data frames can be decoded
by further dissectors.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5907
svn path=/trunk/; revision=37596
I made the following improvements to the Modbus/TCP dissector:
1. Implemented protocol to the latest specification (v1.1b). See
http://www.modbus.org/specs.php.
2. Upgraded to "tcp_dissect_pdus" instead of having the dissector do it
manually. This also provides TCP packet reassembly support.
3. Removed support for UDP port 502 because it's not supported by the protocol
specification. I believe "Decode As..." could be used in its place.
4. Added dissector support for the following function codes:
a) 8 - Diagnostics
b) 11 - Event Counter
c) 12 - Event Log
d) 43 - Encapsulation Transport (mostly for 43/14)
5. Removed support for function codes not in the protocol specification. None
of them were really being parsed, they just offered a "name" for the function
code.
6. Moved protocol #defines to header file for access from other dissectors. I
plan to have other dissectors use this, but one patch at a time.
7. Created "modbus" dissector that is accessible to other dissectors.
8. Renamed base "display filter name" to reflect PROTOABBREV.
I removed defines for value_strings, I think it's better to export the vaöue strings if needed.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5923
svn path=/trunk/; revision=37539
Alexis La Goutte