headers
Richard Sharpe | 1 Jul 2012 18:37
Picon

The NEGOEX dissector is proceeding well

Hi folks,

I have now procured a capture with NEGOEX messages in it and am about half done.

I will post the dissector later today, most likely.

--

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev <at> wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request <at> wireshark.org?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Pontus Fuchs | 1 Jul 2012 23:20
Picon

Re: compile error related to nl ?

On 2012-06-29 21:43, Toralf Förster wrote:
> The current svn tree produces here at a Gentoo Linux a compilation error :
>
> In file included from /usr/include/libnl3/netlink/route/link.h:18:0,
>                   from iface_monitor.c:44:
> /usr/include/linux/if.h:136:8: error: redefinition of ‘struct ifmap’
> /usr/include/net/if.h:112:8: note: originally defined here
> /usr/include/linux/if.h:170:8: error: redefinition of ‘struct ifreq’
> /usr/include/net/if.h:127:8: note: originally defined here
> /usr/include/linux/if.h:219:8: error: redefinition of ‘struct ifconf’
> /usr/include/net/if.h:177:8: note: originally defined here

Hi,

This should hopefully fix your problem. net/if.h collides with 
linux/if.h (included by libnl3)

diff --git a/iface_monitor.c b/iface_monitor.c
index 71c72e1..76db493 100644
--- a/iface_monitor.c
+++ b/iface_monitor.c
 <at>  <at>  -37,7 +37,9  <at>  <at> 
  #include <strings.h>
  #include <errno.h>

+#if defined(HAVE_LIBNL1) || defined(HAVE_LIBNL2)
  #include <net/if.h>
+#endif

  #include <netlink/msg.h>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Richard Sharpe | 2 Jul 2012 00:53
Picon

A much better version of packet-negoex.c ...

Hi Folks,

Here a version of the NEGOEX dissector that is pretty functional ...
and reveals that I need to add a GSS-API EAP dissector :-)

When I get permission to post the capture, I will create a bug and add
the capture to the bug.

Index: epan/CMakeLists.txt
===================================================================
--- epan/CMakeLists.txt	(revision 43186)
+++ epan/CMakeLists.txt	(working copy)
 <at>  <at>  -893,6 +893,7  <at>  <at> 
 	dissectors/packet-ndmp.c
 	dissectors/packet-ndp.c
 	dissectors/packet-ndps.c
+	dissectors/packet-negoex.c
 	dissectors/packet-netanalyzer.c
 	dissectors/packet-netbios.c
 	dissectors/packet-netdump.c
Index: epan/dissectors/Makefile.common
===================================================================
--- epan/dissectors/Makefile.common	(revision 43186)
+++ epan/dissectors/Makefile.common	(working copy)
 <at>  <at>  -814,6 +814,7  <at>  <at> 
 	packet-ndmp.c		\
 	packet-ndp.c		\
 	packet-ndps.c		\
+	packet-negoex.c		\
 	packet-netanalyzer.c	\
(Continue reading)

Permalink | Reply | 0 comments |
headers
Richard Sharpe | 2 Jul 2012 02:40
Picon

A bug in the SPNEGO asn1-based dissector that shows up when dissecting NTLMSSP

Hi folks,

There is a bug in the SPNEGO dissector that shows up when dissecting
the new445stream242.pcap file that was shown in the CIFS/SMB session
at Sharkfest.

It occurs in frame 8 and seems to happen because, when dissecting the
negTokenTarg, it dissects the NTLMSSP responseToken and then dissects
the mechListMIC, however, it does not think that it has used up all
the bytes in the TVB by the look of things, and redissects the
mechListMIC using a heuristic approach that tries to dissect it as
NTLMSSP, which it is not, so it screws up.

Can someone have a look at it.

--

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev <at> wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request <at> wireshark.org?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Lloyd | 2 Jul 2012 17:12
Picon

Display filter implementation

Hi,

I would like to know more about Wireshark display filters. Is its
internals are documented? Especially the display filter execution
virtual machine's instruction set.

I saw the instructions (Byte code) in the source tree, I would like to
know more about it, any documentation available?

Thanks,
  Lloyd
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 4 comments |
headers
Helge Kruse | 3 Jul 2012 07:17
Picon

compiling 1.8.0 on Win7

A new Wireshark stable version is out and I need to update my dissectors 
build package. Therefore I need to compile the Wireshark 1.8.0 sources.

During the build I get an error

 > tools/textify.sh: line 50: u2d: command not found

just after building of tshark.exe.

I have Cygwin installed. When I run in Cygwin bash "u2d" I get the 
"command not found" too. But I have installed cygutils 1.4.10-2 that 
should include this Unix/Dos format conversion tool. Do I need a 
specific version of Cygwin? Are there any other changes necessary in the 
build environment since Wireshark 1.6.2?

Regards
Helge

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Toralf Förster | 2 Jul 2012 16:20
Picon
Picon

Re: compile error related to nl ?

Hello Pontus,

You wrote :
>Hi,

>This should hopefully fix your problem. net/if.h collides with
>linux/if.h (included by libnl3)

fixed, thx :-)

--

-- 
MfG/Sincerely
Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Richard Sharpe | 3 Jul 2012 16:45
Picon

Exposing KRB5 value_strings to other dissectors ...

Hi Folks,

There are protocols that specify the use of KRB5 specified values. Eg,
NegoEx specifies RFC3961 strings.

Rather than simply re-entering these values it would be useful to
reuse the existing value_string variables, but they are static ...

Suggestions?

--

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev <at> wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request <at> wireshark.org?subject=unsubscribe
Permalink | Reply | 5 comments |
headers
mmann78 | 3 Jul 2012 17:06

Re: Exposing KRB5 value_strings to other dissectors ...

packet-cip.[ch] exposes some value_string variables, you should be able to use that as an example.
 
-----Original Message-----
From: Richard Sharpe <realrichardsharpe-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Developer support list for Wireshark <wireshark-dev-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Sent: Tue, Jul 3, 2012 10:51 am
Subject: [Wireshark-dev] Exposing KRB5 value_strings to other dissectors ...

Hi Folks, There are protocols that specify the use of KRB5 specified values. Eg, NegoEx specifies RFC3961 strings. Rather than simply re-entering these values it would be useful to reuse the existing value_string variables, but they are static ... Suggestions? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev-IZ8446WsY0/dtAWm4Da02A@public.gmane.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe 
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Stephen Fisher | 3 Jul 2012 17:22

Re: Exposing KRB5 value_strings to other dissectors ...


---- On Tue, 03 Jul 2012 08:45:46 -0600 Richard Sharpe  wrote ---- 

>There are protocols that specify the use of KRB5 specified values. Eg,
>NegoEx specifies RFC3961 strings.
>
>Rather than simply re-entering these values it would be useful to
>reuse the existing value_string variables, but they are static ...

Move them to a separate header file (without the static identifier) and include that in each dissector
source file.  Take a look at packet-x11-keysym.h for an example of sharing a value string, which is used by
packet-x11.c and packet-vnc.c.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 3 comments |

Gmane