Attached please find a patch that enables to heuristically find VNC traffic on non-standard ports.
(it also adds some if(tree) ... around some proto_tree_add_item() functions) Y. On Sun, Dec 28, 2008 at 11:50 PM, Stephen Fisher <[email protected]>wrote: > On Sun, Dec 28, 2008 at 11:34:55PM +0200, Kaul wrote: > > > BTW, there's no minimum length verification for messages. I'd assume > > that if we try to dissect traffic as VNC we should probably verify > > minimal lengths - both SERVER_VERSION and CLIENT_VERSION packets > > should be EXACTLY 12 bytes long and start with ASCII chars 'RFB '(3 > > letters and space - hex 52 46 42 20). Moreover, this could also be > > used to heuristically find VNC traffic on non-standard ports. > > That's a good idea. I've thought for a while about adding length > verficiation to all of the fixed length packets in fact to help the > dissector pick up close to the right place in the VNC session if it's > already going on when the dissection starts. > > > If agreed, I'll try to follow this with a patch, at least for some of > > the comments above. > > Go ahead and whip up a patch and we'll try it out :). Thanks for your > interest in improving the VNC dissector! > > > Steve > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
packet-vnc.c.diff
Description: Binary data
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
