Age | Commit message (Collapse) | Author | Files | Lines |
|
be installed - don't explicitly search
"/usr/lib/ethereal/plugins/{version}" or
"/usr/local/lib/ethereal/plugins/{version}", so that if there's more
than one version of Ethereal installed, we don't end up picking up
plugins from the wrong version.
svn path=/trunk/; revision=6766
|
|
protocols using 802.2 LLC.
svn path=/trunk/; revision=6765
|
|
Get rid of some probably-unnecessary #includes.
Register the IP-over-FC dissector as the dissector to call for
IP-over-FC captures.
svn path=/trunk/; revision=6764
|
|
svn path=/trunk/; revision=6762
|
|
svn path=/trunk/; revision=6761
|
|
svn path=/trunk/; revision=6760
|
|
svn path=/trunk/; revision=6759
|
|
svn path=/trunk/; revision=6758
|
|
header, Extended Link Service, Interswitch Link Service, FCP, and IPFC.
svn path=/trunk/; revision=6757
|
|
them.
Add RCS IDs to ChangeLog and NEWS.
svn path=/trunk/; revision=6756
|
|
svn path=/trunk/; revision=6755
|
|
svn path=/trunk/; revision=6754
|
|
svn path=/trunk/; revision=6753
|
|
svn path=/trunk/; revision=6752
|
|
often get TCP to collapse multiple RPC PDUs into a MSS TCP segment.
This changes the RPC dissector so that it will put one entry on COL_INFO
for each PDU in the segment, (as the SMB dissector does for multiple AndX calls in one SMB PDU)
and just one entry for the first/last RPC PDU.
svn path=/trunk/; revision=6751
|
|
Surveyor capture, as there's one link-layer type that UNICOS/mp snoop
treats one way and Shomiti Surveyor treats another way. The only way to
check that is to look at the first record to see how much padding it
has.
svn path=/trunk/; revision=6750
|
|
gtpv0 decoder.
svn path=/trunk/; revision=6749
|
|
svn path=/trunk/; revision=6748
|
|
If we do not see the TreeConnect call when a TID is connected, we did not
know it was a IPC share.
If we do not know what kind of share it is we assume it being a normal one
and thus read/write data to that share is normal file i/o.
Update the dissector so that IF it sees a Transaction SMB carrying PIPE (dcerpc)
then we assume that all other read/write to that TID is also DCERPC.
I.e. we assume the entire TID is IPC.
svn path=/trunk/; revision=6747
|
|
know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
svn path=/trunk/; revision=6746
|
|
svn path=/trunk/; revision=6745
|
|
svn path=/trunk/; revision=6744
|
|
svn path=/trunk/; revision=6743
|
|
svn path=/trunk/; revision=6742
|
|
svn path=/trunk/; revision=6741
|
|
svn path=/trunk/; revision=6740
|
|
svn path=/trunk/; revision=6739
|
|
- Improved handling of padding bytes.
- Some cleanup of the code.
svn path=/trunk/; revision=6738
|
|
session; treat all packet type values >= 1 and <= 18 as valid packet
types.
Do standard TCP desegmentation of Netlib buffers, and do reassembly of
TDS messages fragmented over multiple Netlib buffers, rather than doing
the "remember what was in the last TCP segment" stuff; I've seen nothing
to indicate that a TDS message would continue past the last byte of a
"last buffer in request or response" Netlib buffer, and the "remember
what was in the last TCP segment" stuff was complicated and buggy,
perhaps irreparably so ("buggy" as in "crashes").
Make the top-level protocol item for a TDS message be an item for
"proto_tds", and put both the Netlib header and TDS stuff under that
item - that's what Microsoft Network Monitor does.
Get rid of the unused Netlib heuristic subdissector list.
Don't make a new data source for NTLMSSP data in a TDS message - the
data is just a slice of the message, it's not transformed from ASCII hex
to binary, or reassembled, or anything such as that.
Tokens are tokens, not PDUs.
Make the heuristics a bit stronger, to reject packets that are clearly
not TDS packets. Once the heuristics match, make a non-heuristic
dissector the dissector for the conversation.
Quit dissecting the TCP segment (or reassembled data) if we have a
Netlib buffer with a length < 8, as it's not large enough to even have a
Netlib header.
svn path=/trunk/; revision=6737
|
|
Call the pieces of a multi-frame NetBIOS message fragments, not
segments.
Fix a typo.
svn path=/trunk/; revision=6736
|
|
absolute time stamps (we were already doing that for relative and delta
time stamps).
svn path=/trunk/; revision=6735
|
|
to "gpointer", so that we only get warnings when we turn on the extra
GCC warning checks.
svn path=/trunk/; revision=6734
|
|
svn path=/trunk/; revision=6733
|
|
svn path=/trunk/; revision=6732
|
|
by DCE RPC are usually little-endian; fix a bunch of
"proto_tree_add_item()" calls (most are for byte-array or string fields,
so the byte order doesn't make a difference, but one is a number).
Put an item into the protocol tree for the encrypted NT password block.
Mallocate the buffer for the Unicode version of the password, rather
than assuming it'll fit in 256 bytes.
"g_malloc()" never returns NULL - it either allocates memory or aborts -
so don't check for a mallocation failure.
Don't try to decrypt the NT password block if we don't have a password.
svn path=/trunk/; revision=6731
|
|
silence the warning anyway.
svn path=/trunk/; revision=6730
|
|
svn path=/trunk/; revision=6729
|
|
svn path=/trunk/; revision=6728
|
|
add MD4 and RC4 crypto support;
use it to decrypt the NT password encryption block in
UnicodeChangePassword2.
svn path=/trunk/; revision=6727
|
|
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
|
|
argument to "col_append_str()", const pointers; they're not modified by
the routines in question.
svn path=/trunk/; revision=6725
|
|
argument; make it a const pointer.
svn path=/trunk/; revision=6724
|
|
have taken their places.
svn path=/trunk/; revision=6723
|
|
Packets" value in the WTP header in decimal, not hex.
svn path=/trunk/; revision=6722
|
|
svn path=/trunk/; revision=6721
|
|
svn path=/trunk/; revision=6720
|
|
svn path=/trunk/; revision=6719
|
|
to cast away the constness of pointers passed to it.
svn path=/trunk/; revision=6718
|
|
svn path=/trunk/; revision=6717
|
|
break statements.
svn path=/trunk/; revision=6716
|