Thanks Chris, I'm a long time user of ethereal and provide rpm for ethereal.
So a big +1 for ajp13 disector (something I planned but never done) - Henri Gomez ___[_]____ EMAIL : [EMAIL PROTECTED] (. .) PGP KEY : 697ECEDD ...oOOo..(_)..oOOo... PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 >-----Original Message----- >From: Christopher K. St. John [mailto:[EMAIL PROTECTED]] >Sent: Friday, May 31, 2002 7:09 PM >To: [EMAIL PROTECTED] >Subject: Re: Ethereal AJP13 dissector? [Ethereal patch attached] > > >jean-frederic clere wrote: >> >> I am rewritting the Ajp protocol documentation. A protocol >> analyser would help me. >> > > The analyzer was written using the existing docs, so >if there are problems in the docs the analyzer will >be wrong as well. > > >> So please send it. (Even if it is not run and not clean). >> > > Some of the code is a bit iffy, and it's definitely a >work in progress, but it runs. I did some cleanup and put >in some comments. I've attached a patch to Ethereal 0.9.4, >which you can get at: > > http://www.ethereal.com/ > > Make sure you have a recent version of libpcap. If you >want to hack on it, there are Ethereal developer docs in >docs/README.developer, but they are very out of date. > >Notes: > > It autodetects 8009 as AJP traffic. It doesn't decode FORWARD_REQUEST >attributes (the optional stuff at the end). There are problems with >the protocol hierarchy display. There are probably memory leaks. The >protocol display could be easier to read. You need ethereal-0.9.4, >I'm confident it won't work with earlier versions, and I haven't >tested against CVS. There are lots of compiler warnings, many of them >legitimate. > >Install: > > <download and untar a clean copy of ethereal-0.9.4.tgz> > $ cd $PATH_TO_ETHEREAL/ethereal-0.9.4 > $ patch < $PATH_TO_PATCH/eth-ajp13.patch > patching file Makefile.am > patching file Makefile.nmake > patching file packet-ajp13.c > patching file packet-ajp13.h > patching file register-static.c > $ ./configure > $ make > <many compiler warnings> > $ su > # ./ethereal > < make sure that Edit -> Preferences -> Protocols -> TCP > "Allow subdissectors to desegment TCP streams" is set > to true > > <Capture -> Start -> Ok> # try "update packets in real time" > <Surf> > <Giggle like an anime schoolgirl as you watch the capture> > > >-- >Christopher St. John [EMAIL PROTECTED] >DistribuTopia http://www.distributopia.com > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
