Socket 0x9001 is for NLSP - it supports LANs as well as WANs, at least
as I read the specification.
Socket 0x9004 is for "IPX WAN 2".
svn path=/trunk/; revision=7387
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
svn path=/trunk/; revision=7362
- A new decoder called MDSHDR which decodes the internal header of the
Cisco MDS switch (this is different from the Boardwalk header).
- Support for some more new columns as part of FC support.
- Fixed the decoding of the Special Frame in FCIP.
- Fixed the decoding of credit management type field in FLOGI/PLOGI frame
in FC-ELS.
svn path=/trunk/; revision=6974
IO-Users is a feature for tethereal that will print statistics on io usage
similar to top talkers in other tools.
It needs to be ported to ethereal with a nice graph sometime later.
try:
-z io,users,ip
see man-page
svn path=/trunk/; revision=6972
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
- Decoders for the few remaining FC protocols not included in my first
patch. Included in this list are decoders for FC-CT (common transport),
Name Server (dNS), Fabric Configuration Server (FCS) and Zone Server
(FZS).
- Decoder for MDS Debug Port Adapter. MDS Debug Port Adapter (internal
name was Boardwalk and this is the file name) is a piece of hardware
that can be purchased with Cisco's MDS Fibre Channel switches that
converts FC frames into Ethernet frames. One end is connected to a
port on a FC switch and the other end is connected to a FE/GE Ethernet
port. The decoder included here decodes the encapsulation header that
carries information such as SOF/EOF of FC frames.
svn path=/trunk/; revision=6919
The Q bit in X.25 doesn't mean "this is QLLC traffic", it's just a "this
packet is special" indication. Have the X.25 dissector pass as the
"private_data" pointer a pointer to a gboolean indicating whether the Q
bit was set or not. Replace the "decode non-Q-bit traffic as SNA"
option with a "decode traffic as QLLC/SNA if we didn't see the Call
Request packet and thus don't know what it is" option, which hands
traffic to the QLLC dissector for that traffic. Have the QLLC dissector
hand traffic to the SNA dissector if the Q bit isn't set.
Arrange that we determine whether the Q bit is set regardless of whether
we're building the protocol tree or not.
If we don't just dissect traffic as QLLC/SNA if we didn't see the Call
Request packet, check not only for 0x45 (as an indication that it's
probably IP), check also for NLPID_ISO8473_CLNP and treat that as an
indication that it's probably OSI CLNP.
svn path=/trunk/; revision=6854
make ANSI point codes filterable in MTP3;
fix a bug in the ANSI SLS dissection;
have MTP3 store the SI for use by subdissectors;
add a new MTP3-Management dissector.
Fix Makefile.nmake to include the Wellfleet HDLC dissector.
svn path=/trunk/; revision=6837
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
svn path=/trunk/; revision=6825
The MD5 is copyrighted by L. Peter Deutsch, and released under the same
license as zlib. It is GPL-compatible, and should NOT have the GPL
applied to it.
svn path=/trunk/; revision=6790
header.
Add overflow checks to "BYTES_ARE_IN_FRAME()", and cast all arguments to
unsigned values (negative values should never be passed) to squelch
compiler warnings.
svn path=/trunk/; revision=6567
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.
Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash
as a parameter to tethereal.
Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.
svn path=/trunk/; revision=6560
Similar to what is available on ethereal:/Tools/ProtocolHierarchyStatistics
but this one can handle ALL protocols that tethereal has dissectors for.
Maybe a gtk/gtk2 version of this should replace the existing one in ethereal?
Try -z io,phs or -z io,phs,<filter> to test it.
svn path=/trunk/; revision=6532
and generate the table of stuff to register from tap source files, so
Tethereal doesn't need to know what tap listeners exist.
Get rid of "tap-xxx.h" files, as they're now empty.
Add "tethereal-tap-register.c" to the .cvsignore file, as it's a new
generated file.
Update "Makefile.nmake" to generate "tethereal-tap-register.c".
Clean up "Makefile.am" and "Makefile.nmake" a bit.
svn path=/trunk/; revision=6525
WTAP_ENCAP_ISDN encapsulation type, which includes a pseudo-header
giving the direction (user-to-network or network-to-user) and the
channel number.
Add a new circuit type, using the ISDN channel number as the circuit ID.
Add an ISDN dissector to put the direction and channel number into the
protocol tree and to call the appropriate dissector for the payload
based on the channel (LAPD for the D channel; V.120, PPP, or data for B
channels, based on some heuristics).
svn path=/trunk/; revision=6521
Guy Harris