A new dissector - cimd dissector. CIMD stands for Computer Interface to Message Distribution and it's used to transfer short messages between applications and Nokia Short Message Service Center.
svn path=/trunk/; revision=15777
1. Use the new (good work!) 'nanosec' precision only for gig pods;
2. Rework 'struct netxray_hdr' to make it (somewhat) easier
to maintain and revise:
a. Declare known hdr fields such as 'captype' instead
of using offsets in 'xxx placeholder' fields.
d. Define 'unknown' hdr fields using placeholder names
based upon hex-offset in the netxray header record.
(This isn't perfect, but I hope it will make things
more manageable).
3. Update hdr field info (based upon examination of various
capture files):
a. Define a hdr field which appears to be 'time-zone'
[offset in hours from UTC] for the machine doing
the capture.
(Maybe this field can eventually be used for Ethereal
to display the (local) time as it was at the time
of the capture).
b. Describe certain hdr fields as being "file offsets"
(altho the exact use is still unclear).
Update some comments.
svn path=/trunk/; revision=15603
I'll attach a patch which fixes the decoding of authenticated
LDAP bind replies. The SASL credentials are always "context
specific" in terms of ASN.1.
I've tested the fix with DIGEST-MD5 authentication.
(Without the patch, ethereal complains about a wrong type
because it expects an ASN.a octet string.)
(You might also consider a stricter check of the ASN.1 header
type for the GSSAPI and GSS-SPNEGO cases, but I can't test this.)
svn path=/trunk/; revision=15428
Some changes that I made to flesh out GPRS message parsing. More information is displayed about the various frame formats. I have also added some code to parse XID parameters in the U frame. I have also fixed a couple of display bugs in the GSM and GPRS LLC parser.
svn path=/trunk/; revision=15224
1) dissect_isup_calling_party_number_parameter reported malformed packet
if the calling party number IE contains empty number (possibly with
presentation set to 'number not available')
I've basicly added if(length > 0) around the digits tree dissector,
which may not be obvious from the patch becase of the indenting of the
entire block.
2) As the tap_calling_number is static, if there is call with missing
calling_party_number IE, it gets assigned the calling party number of
the previuos call containing such IE.
fixed by adding tap_calling_number = NULL;
in the beginning of dissect_isup_message, and
tap_rec.calling_number=tap_calling_number?tap_calling_number:g_strdup("");
in the end to avoid segfault
Those things may not happen too often in the telecom world, but happen
all the time with VoIP.
svn path=/trunk/; revision=14268
I don't have the facility to test this, hopefully Frederic knows what he's doing :-)
However, this was out of date since a long time ago, so can't get worse anyway...
svn path=/trunk/; revision=13754
- better parsing for TIM info element: it parses 'bitmap control' byte
and provides list of AID for stations having power saving traffic.
- separate names for TIM elements. It helps to higlight beacons with
some properties, for example DTIM ones (dtim_count==0).
svn path=/trunk/; revision=13678
recursion instead of iteration means that packets with sufficiently
large lists can cause it to overflow the stack and crash.
svn path=/trunk/; revision=13643
Attached is an update to Lucent/Ascend trace parsing: fix a few bugs,
add support for ISDN and Ethernet captures - diffs to 0.10.9.
svn path=/trunk/; revision=13311
add radiobutton to allow saving raw tcpstreams
these radiobuttons should, by someone that uses, this feature be changed into
a menu instead.
svn path=/trunk/; revision=13236
h323 taps support up to 5 messages per packet now.
VoIP call analysis:
- Collect ISUP, SIP and H323 calls from a capture and show them in window with the following info:
- Start and Stop time of the call
- Init
svn path=/trunk/; revision=13225
don't dissect attributes if there aren't any;
put each attribute into a subtree;
register the dissector by name.
Use "match_strval()" to check whether the message type is a known STUN
message type, and to generate the message type for the Info column.
Don't use "tvb_bytes_exist()" to check when we run out of data - use the
length fields from the packet. Check the sanity of those lengths, too.
svn path=/trunk/; revision=13063
updates and enhancements:
- Added Cookie and L2-Specific sublayer support via preferences dialog.
- Added carried payload dissecting support from draft-ietf-l2tpext-pwe3-*
and draft-townsley-l2tpv3-mpls-02.txt
- Completed missing message types (call types) and result codes for stopccn
and cdn.
- Fixed conditionals for avp_vendor_id (Vendor-Specific AVPs)
- Changed Pseudowire Capabilities List AVPs to use subtree instead of tab
- Added numeric value of result and error codes
- Added Session ID for v3 data packets and missing flags and reserved
- Added version to the L2TPv3 protocol tree
- Changed `Tunnel Id' to `Control Connection Id' for v3
- Fixed offset for ctrl_tree on L2TPv3 over UDP
- Added `L2TPv3' in the COL_PROTOCOL and fixed handling of L2TP version
svn path=/trunk/; revision=13055
Add VENDOR_IETF to <epan/sminmpec.h>, and add an entry for it to
sminmpec_values[], so that the L2TP dissector can use them rather than
defining its own copy of the private enterprise number values and table
- and make it do so.
svn path=/trunk/; revision=12999
o BGPv4 SAFI-Specific Attribute support
- draft-kapoor-nalawade-idr-bgp-ssa-00.txt
o Tunnel SAFI support for BGP
- draft-nalawade-kapoor-tunnel-safi-02.txt
o Small length fix
svn path=/trunk/; revision=12977
a number of Windows Sniffer captures - apparently the time stamp units
are in a field in the file header.
Add a capture type value seen in at least one ATM capture.
Update some comments, and add some comments.
Get rid of some redundant setting of "timeunit".
svn path=/trunk/; revision=12936
GSM SMS fixes:
- Made Timezone view human readable based on 3GPP TS 23.040 V6.5.0 (9.2.3.11).
- TP-UDHI field - located within bit no 6 one more place was left over from
previous patch by Viorel Suman made on 9 Dec 2004.
svn path=/trunk/; revision=12718
The ACL parser will attempt to decode as many ACE structures as are
specified in the ACL structure. If the number of ACE structures is
sufficiently large with one of the ACE structures specifying a size of
0, then the ACL parser will parse that ACE structure repeatedly,
eventually causing a denial of service to Ethereal.
I've attached a diff against HEAD that corrects the problem. The diff
also corrects a few decoding errors in the NT ACL & ACE structures. A
pcap is attached that reproduces the problem.
svn path=/trunk/; revision=12706
Various GSM SMS fixes:
- Wrong positions of the fields, located within the first octet
of the GSM SMS TPDU.
- One byte is skipped during RP-ERROR vs. RP-ACK detecting:
Offset must be increased only when RP-ERROR is detected in
order to avoid one byte skipping.
- Improper dissect method is used to dissect SMS-DELIVER-REPORT.
svn path=/trunk/; revision=12703
1. Add Preferences:
a. To allow specification of a hint as to TDS protocol being decoded
(Unspecified/TDS4/TDS5/TDS7/TDS8); Default: 'unspecified'
The 'hint' is used only when needed to do a correct decode.
If the protocol is unspecified, the decode is as previous.
b. To allow specification of 'ranges' of TCP ports to be treated as
'TDS tcp ports'; i.e. if the source or destination port of a tcp
connection matches a specified range, then the connection should be
considered to be TDS.
c. To allow specification of a hint as to whether TDS being decoded is
'little-endian' or 'big-endian'. Default: 'little-endian'.
A hint is just that; E.G. if TDS7+ packets are encountered the decode
is always 'little-endian'.
2, Register tcp MS SQL default ports (1433, 2433) as TDS ports
('dissector_add'). This also enables TDS as a choice for 'decode as'.
3. 'netlib_check_login_pkt' changed to check 'TDS tcp port' range(s) as
entered in preferences;
4. Change 'dissect_tds_query_packet' to handle TDS4 ascii in addition to
TDS7/8 UCS-16.
5. Change 'dissect_tds_rpc' to:
a. handle TDS4 ascii RPC in addition to TDS7/8 UCS-16 RPC;
b. handle Microsoft 'encoded' rpc_name;
c. fix memory leak (not freeing memory obtained using
'tvb_fake_unicode');
6. Change 'dissect_tds_response' to:
a. handle tds4 tokens 'tds_col_name' and 'tds_col_info';
b. dissect tokens 'tds_doneinproc' and tds 'doneproc' similarly to
'tds_done'
c. reclaim memory allocated for 'tds_col' structures when finished
processing response
(Additional memory was being allocated each time a
tokenized tds5 response was processed)
7. New function 'dissect_tds_col_info_token' (similar to
'read_results_tds5') associated with handling TDS4 responses.
8. New functions 'dissect_tds_query5_packet', 'dissect_tds5_lang_token'
9. Rework TDS token size calculation; Some TDS tokens have a length field
of other than 2 bytes. (e.g.: the length field
for TDS_LANG_TOKEN is 4 bytes)
10. Update token definitions and usages;
a. Update based upon info from current version of FreeTDS 'tds.h'
as well as info from Sybase TDS5 document;
example: TDS_124_TOKEN renamed to TDS_PROCID_TOKEN
b. TDS_124_TOKEN [TDS_PROCID] was incorrectly not considered
a 'fixed-size' token in function 'tds_is_fixed_token'
svn path=/trunk/; revision=12566
add the "unknown sequence number" flag;
fix dissection of unreachable destinations in RERR messages;
fix prefix size in draft-perkins-manet-aodv6-01 RREP
messages to be 7 bits, not 5 bits;
put the message dissection under the top-level AODV tree rather
than at the top level;
fix labeling of source IPv6 address in RREP messages.
Update the comments at the beginning (AODV is now RFC 3561), and note
that RFC 3561 says that, for IPv6, the only change is that the address
fields are enlarged.
Rename RREQ_DEST and RREQ_GRAT to more fully indicate what they are.
Fix the name of the draft in the description of the
draft-perkins-manet-aodv6-01 messages.
Fix description of Gratuitous RREP flag in RREQ messages.
svn path=/trunk/; revision=12562
length of the UDP header itself, so subtract the length of the header
when using it to limit the length of the payload tvbuff.
Clean up the computing of the captured length of the payload tvbuff (we
really should get rid of the "length" argument to "tvb_new_subset()",
and have it compute the captured length based on the supplied reported
length and the amount of that data actually present in the parent
tvbuff).
Don't fetch the length and checksum fields until we use them (so that we
don't throw an exception until then, and fail to process the source and
destination ports), and check whether the length is bogus regardless of
whether we're building a protocol tree or not.
svn path=/trunk/; revision=12444
RTP graphic analysis;
assorted bug fixes;
display delay and jitter in milliseconds, and add the percentage
of lost packets to the statistics.
svn path=/trunk/; revision=12166
o Fix EXTENDED_COMMUNITIES output that was appending the Carried
Extended communities; fix BGP_EXT_COM_L2INFO was not appending to the
bgpext_com_type
o Update various text with the specific afi/safi
o Decode fields in MP Reach NLRI for labeled VPNv4 and labeled IPv4
(and small offset fix for the latter)
o Decode unknown address family in MP Reach NLRI
svn path=/trunk/; revision=12165
o Add link type string for MPLS Link Type in MPLS Link sub-TLV
o Decode MPLS Link Color/Resource sub-TLV
o Add bps for bandwidths in Max BW and Max Reservable BW sub-TLVs
o Display Type, Length Value for Unknown Link sub-TLV
o Allow display filter on Link Type and Link Color
svn path=/trunk/; revision=12122
- Add a configuration option for Diameter version. Currently,
the choice is between everything before draft-v16 and RFC3588.
- Fix diameter-ip-address parsing depending on the Diameter
version (and showing decoding errors accordingly).
- Change registration of Diameter from TCP and SCTP port 1812 to
TCP and SCTP port 3868 (this is according to RFC3588, section
11.5).
svn path=/trunk/; revision=12121
util.c, as util.c is no longer part of libethereal.
Update his e-mail address (I'm presuming it's the same person - Comcast
bought AT&T Broadband, so the domain name change makes sense).
svn path=/trunk/; revision=11967
to open it as a UTF-8 file).
Convert from ISO 8859/1 to UTF-8, and put the a-ring into a name.
Fix some bad characters.
svn path=/trunk/; revision=11918
will either have "heimdal", in all lower case, in the version string in
the header file, or will write out, when you run "krb5-config
--version", a version string with "heimdal" in all lower case, so we
don't need to do case-insensitive matching, which is good - not all
versions of "sed" support the "i" flag (although you can do
case-insensitive matching by using regular expressions, if necessary).
svn path=/trunk/; revision=11915
ISC DHCP Server 3.0 failover protocol dissection
Note: I tried to make the port configurable via prefs
but failed to do so: It always cashed on startup so it
is commented out for now.
svn path=/trunk/; revision=11630
add versions of CRC-16 and CRC-32 routines with seed arguments;
add versions of those routines with an "offset in the tvbuff"
argument;
add Doxygen comments to the CRC-16 and CRC-32 headers.
svn path=/trunk/; revision=11573
create the parameter tvbuff, as that requires that there's at least one
byte of parameter data, and some messages have no parameters and would
cause an exception to be thrown in that case.
Just use -1 for the length parameters when creating the parameter
tvbuff, so that it includes the full reported length.
Don't put undissected parameter information into the protocol tree if
there aren't any parameters - and don't bother getting the number of
bytes of parameter information unless we're putting undissected
parameter information into the protocol tree and need it to see whether
there are any parameters.
svn path=/trunk/; revision=11297
- NetrJoinDomain2 and NetrUnJoinDomain2 (can be used to remotely join a
machine to an Active Directory domain, typically with the JOIN and
UNJOIN of the netdom utility)
- NetrRenameMachineInDomain2
- NetrAddAlternateComputerName and NetrRemoveAlternateComputerName
(operations added in Windows XP)
All these operations carry a blob (524 bytes) containing an encrypted
version of the password of the account with domain administration
credentials, currently displayed as hex data because the format of this
blob is currently unknown (at least, for me).
svn path=/trunk/; revision=11142
and "Decode As" dialogs (so that you can cut down the size of the
protocol lists in those dialogs by disabling "uninteresting" protocols).
svn path=/trunk/; revision=11132
(always as strings, always as raw bytes, or as strings iff all bytes are
printable ASCII), and put the destination and source TSAPs into the
protocol tree so they can be filtered on.
svn path=/trunk/; revision=10978
- full support for "Wake Up" and "Security Parameter Recovered" messages
- full support for IPsec (additionally to SNMPv3) DOI
- add descriptive text to the info column (COL_INFO)
- proper FT_BOOLEAN type for "Re-establish" and "ACK required" flags
- proper item length for "PacketCable" (top-level), "List of ciphersuites"
and "Application Specific Data"
- minor cleanup
svn path=/trunk/; revision=10965
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
also make isns not dump core just because someone has encoded an integer in 0 bytes.
still need to add reassembly of fragmented pdus (first fragment/last fragment)
but have example captures of that so thats for tomorrow.
svn path=/trunk/; revision=10805
media dissector for a given media type (value of a Content-Type header)
must provide the logic to fall-back to this media dissector upon no match.
Note that you must set the pinfo->match_string to the media type name,
and if the media type is specified with parameters, then those parameters
can be added to pinfo->private_data. If there are no parameters, or the
parameter decoding is not implemented, you must set pinfo->private_data
to NULL.
Known TODOs:
- Fix the WSP parameter handling so it accompanies any media dissector.
Simplest approach is to retrieve the header field label from the WSP
Content-Type field and to search for a semicolon in it (or by using
the string length of the content type string representation).
- Verify that that subdissection always works in the WSP dissector,
even when the protocol tree is not being built.
- Implement the media dissector in the remaining dissectors that use the
media type string table.
svn path=/trunk/; revision=10743
Dissection of the EncryptedFileSystem dce/rpc interface.
This dissector also contains a complete and fully tested IDL definition for
the entire interface.
svn path=/trunk/; revision=10734
ANSI and GSM MAP stats enhancements and cleanups;
enhanced parameter dissection related to SS for GSM A-interface
and MAP;
minor GSM SMS fix;
GSM SS enhancements for parameter dissection;
MTP3 statistics tap.
svn path=/trunk/; revision=10655
own modified Per-VLAN STP, so there's some extra stuff at the end of the
packet that needs to be decoded).
Indicate in a comment in packet-cisco-oui.c what PVSTP is.
svn path=/trunk/; revision=10589
- in decoding of replies: 0 is not an unknown opcode, it means that the
request was unseen or that the opcode of the request is unknown
(e.g. due to unseen / undecoded QueryExtension replies)
- add special processing for QueryExtension requests & replies in order to
store new opcodes in a value_string of opcodes saved per conversation
- try to resynchronize sequence number once at first reply if no initial
connection request was seen
- add decoding of SendEvent request
- add decoding of many replies (AllocColor, GetInputFocus, GetGeometry,
GetPointerControl, GetScreenSaver, GetSelectionOwner, GrabKeyboard,
GrabPointer, InternAtom, ListProperties, LookupColor, QueryBestSize,
QueryKeymap, QueryPointer, TranslateCoordinates)
- fix decoding of EnterNotify / LeaveNotify events
- add decoding of most events (FocusIn, FocusOut, Expose, GraphicsExpose,
NoExpose, VisibilityNotify, CreateNotify, DestroyNotify, UnmapNotify,
MapNotify, MapRequest, ReparentNotify, ConfigureNotify, GravityNotify,
ResizeRequest, CirculateNotify, CirculateRequest, PropertyNotify,
SelectionClear, SelectionRequest, SelectionNotify, ColormapNotify,
ClientMessage)
- miscellaneous changes & code cleaning
svn path=/trunk/; revision=10442
GSM A facility element decoding;
make TCAP dissector export routines for use by various GSM
dissectors;
make GSM MAP dissector use exported TCAP routines/defines;
GSM Supplementary Services support.
svn path=/trunk/; revision=10409
* Correct the version checks (use path expansion
rather than regular expressions, and fail if the
tools are not installed at all).
* Make it possible to specify other names for the
auto* tools to use (e.g., automake-1.6 instead
of automake).
svn path=/trunk/; revision=10383
date/time IE, so support IE lengths of 5 (no seconds) or 6 (includes
seconds).
Merge the two AUTHORS and man page entries for him.
svn path=/trunk/; revision=10089
"congestion" bit for ECN. Show it as a reserved bit.
Put semicolons, not commas, at the end of the calls to put flags field
bits into the protocol tree.
svn path=/trunk/; revision=10087
* Added decoding of Transport type/trigger
* Updated service code's text to match specification
* Added new vendor IDs from ODVA
* Added service etc to info column, formatted info column for
easier overview
* Added actual time out calculation for Forward close,
Unconnected send
* Fixed bug, port not shown for extended addresses
* Added Network Segment to EPATH decode
* NOP packets not decoded as they contain Common data Format
svn path=/trunk/; revision=9979
dissectors for protocols that put non-802.3 packets inside 802.3 frames
can intercept 802.3/Ethernet frames before they're dissected as
802.3/Ethernet packets.
svn path=/trunk/; revision=9976
into "lapd_sapi.h". Use that to register the Q.931 dissector atop LAPD.
From Rolf Fiedler: ISDN TEI management frame support.
svn path=/trunk/; revision=9864
Support for dissection of concatenated SMPP PDUs.
Also:
Add more information to the protocol tree summary.
Clean up the white space so it's in-line with the conventions
of the original author (8-space tabs, 4-space indentations).
svn path=/trunk/; revision=9696
add 3 new vendors;
add 3 non-encapsulated Merit vendor-specific attributes;
display the authenticator in the protocol tree.
svn path=/trunk/; revision=9651
add parsing of message token (Unicode and regular);
add parsing of error token (Unicode only - do not have a non Unicode
sample. Anyone?);
add parsing of done token (only minimal actually);
add parsing of Collation Information structure in Environment
Change token.
svn path=/trunk/; revision=9549