Age | Commit message (Collapse) | Author | Files | Lines |
|
Patch to implement decoding of Exchange RFR protocol.
svn path=/trunk/; revision=28420
|
|
Add a UAT for custom HTTP header fields.
From me:
Use se_alloc0 to initialize a struct. Use g_strdup(...) instead of
g_strdup_printf("%s"...). Add a missing UAT_END_FIELDS.
svn path=/trunk/; revision=28406
|
|
Attached please find a patch that enables to heuristically find VNC
traffic on non-standard ports.
(it also adds some if(tree) ... around some proto_tree_add_item()
functions)
svn path=/trunk/; revision=28394
|
|
svn path=/trunk/; revision=28391
|
|
the LLC dissector recognize and handle those packets.
svn path=/trunk/; revision=28253
|
|
svn path=/trunk/; revision=28095
|
|
New ATM PW (with/without CW) dissector, RFC 4717
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3375
svn path=/trunk/; revision=27955
|
|
Radius dissector enhancement to support WiMAX vendor specific attributes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3176
svn path=/trunk/; revision=27937
|
|
svn path=/trunk/; revision=27902
|
|
SIP dissector fix: mismatch of P-Asserted-Identity and P-Answer-State headers
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3356
svn path=/trunk/; revision=27859
|
|
(See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3009)
svn path=/trunk/; revision=27840
|
|
svn path=/trunk/; revision=27722
|
|
svn path=/trunk/; revision=27499
|
|
svn path=/trunk/; revision=27495
|
|
svn path=/trunk/; revision=27427
|
|
svn path=/trunk/; revision=27417
|
|
Add support for TightVNC extensions to the VNC dissector.
It has the following changes:
- Dissect TightVNC negotiation (tunneling, basic authentication, capabilities).
- Dissect X cursor encoding.
- Dissect POINTER_POS encoding.
- Dissect the general form of Tight rectangles.
- Dissect Tight image data (basic compression, JPEG, gradient).
- Handle LastRect encoding.
- Fix some always-true conditions.
- Some code cleanups.
svn path=/trunk/; revision=26825
|
|
Add new Bssap dissectors for the Lb interface.
svn path=/trunk/; revision=26814
|
|
svn path=/trunk/; revision=26797
|
|
Support for Diameter conversations and service response time.
svn path=/trunk/; revision=26785
|
|
like other autocompletion implementations.
Check for case match before removing a popup with one entry.
svn path=/trunk/; revision=26768
|
|
svn path=/trunk/; revision=26464
|
|
svn path=/trunk/; revision=26442
|
|
Add the fragment to the defragmentation sequence if the SMTP dissector
encouters a packet that contains both a DATA fragment and the terminating
\r\n.\r\n sequence.
svn path=/trunk/; revision=26419
|
|
svn path=/trunk/; revision=26238
|
|
Display FQDN binary encoded name as text
Ensure that get_dns_name does not cross packet sub boundry
From me:
Preserve the usage of bootp.fqdn.name as a display filter
svn path=/trunk/; revision=25981
|
|
Added TeamSpeak2 dissector
From me:
- Made all local functions static
- Renamed my_vals to conv_vals
- Call correct function to parse LOGINEND
- Fixed some obvious errors in typenames list
- Fixed some indentation
svn path=/trunk/; revision=25973
|
|
From me:
Instead of adding adns_config.h, place it a custom adns package in
wireshark-win32-libs. Update tools/win32-setup.sh accordingly.
Split the MSVC2008EE variant into MSVC2008 and MSVC2008EE, similar to
MSVC2005 and MSVC2005EE. We have to worry about vcredist_x86.exe in
both cases.
Add Pascal to AUTHORS.
Update the Developer's Guide.
svn path=/trunk/; revision=25921
|
|
svn path=/trunk/; revision=25919
|
|
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
|
|
Follow-up from SVN 25825 check in
The g_slist_free() is really needed in export_object.c, otherwise, the export
list has false (repetitive) entries in it, that cause a crash when selecting
them.
Whether false entries are in the list, only depends on the speed of the export
processing, since this tap is
Replaced all guchar with gchar. This should eliminate the warnings on solaris.
I guess I used the wrong reference.
Added patch for 'Authors' in case I need to add myself to the list.
svn path=/trunk/; revision=25834
|
|
svn path=/trunk/; revision=25792
|
|
The SMPP dissector currently supports only version 3.4. The latest version of
the protocol is version 5.0 and it has been around for a while. However, the
usage of this version of the protocol is only now picking up.
This patch adds basic support for SMPP 5.0. By basic I mean:
- New Operations and Responses.
- New TLVs.
- New Error codes.
- Any changes to earlier values.
svn path=/trunk/; revision=25787
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2693 :
The rfc4938bis draft extends the Point-to-Point over Ethernet (PPPoE) protocol
with an optional credit-based flow control mechanism and an optional Link
Quality Metric report. These optional extensions improve the performance of
PPPoE over media with variable bandwidth and limited buffering, such as mobile
point-to-point radio links.
Support for rfc4938 already exists in wireshark, but rfc4938bis specifies a new
credit scale factor TLV and the use of the reserved field of the PADQ to
specify max and current data-rate scaling.
svn path=/trunk/; revision=25768
|
|
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
|
|
Implement field decoding in mysql protocol dissector.
svn path=/trunk/; revision=25728
|
|
Avaya IPSI Control dissector
svn path=/trunk/; revision=25678
|
|
Added B.A.T.M.A.N. dissector
svn path=/trunk/; revision=25520
|
|
Added support for IUA carrying X.25.
svn path=/trunk/; revision=25518
|
|
Added a dissector of XTP version 4.0.
svn path=/trunk/; revision=25116
|
|
Fix dumping of PROTECTION INFO and GENERALIZED UNI according to RFC3471.
svn path=/trunk/; revision=25002
|
|
The decoded value of Size Packet shown as "From the calling DTE" is the value
of "From the called DTE".
When the size packet to negotiate has any of 512, 1024, 2048 or 4096 bytes, the
value shown decoded is erroneus.
The patch attached also includes new decoded facilities:
- Extended CUG selection.
- Extended access outgoing CUG selection.
- Extended RPOA selection.
- NUI selection.
- Charging info selection.
- Call dureation.
- Segment Count.
- Monetary Unit.
svn path=/trunk/; revision=24932
|
|
Add new dissectors for the iWARP protocol stack.
The code can handle the following 3 protocols:
- MPA
- DDP
- RDMAP
svn path=/trunk/; revision=24931
|
|
svn path=/trunk/; revision=24737
|
|
svn path=/trunk/; revision=24663
|
|
This plugin implements a dissector for Infiniband. It is released
under the GPL v2.
Rather than using say libpcap to capture raw (unframed) IP packets
from near the top of an IPoIB stack, this plugin dissects link level
Infiniband frames.
Infiniband trace files can be read from Endace ERF format trace
files, or from libpcap DLT_ERF files containing ERF TYPE_INFINIBAND
records. There is currently no native DLT_INFINIBAND in libpcap.
Each record contains a hardware timestamp, capture metadata such as
port Id, and a complete link level Infiniband frame starting from
the Local Route Header.
svn path=/trunk/; revision=24628
|
|
svn path=/trunk/; revision=24626
|
|
This patch adds some new ENCAP and FILE types for wiretap. It also adds new
entries to pcap_to_wtap_map[] to provide a mapping of the new types to some
pcap DLTs.
svn path=/trunk/; revision=24622
|
|
I have added two new display filters to support filtering based on LSP-ID and
hostname for ISIS protocol.
svn path=/trunk/; revision=24621
|
|
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
|