Anyone had a chance to look at this patch? On Sun, Jan 4, 2009 at 12:29 AM, Kaul <[email protected]> wrote:
> Attached please find a patch that enables to heuristically find VNC traffic > on non-standard ports. > > (it also adds some if(tree) ... around some proto_tree_add_item() > functions) > > Y. > > > On Sun, Dec 28, 2008 at 11:50 PM, Stephen Fisher <[email protected] > > wrote: > >> On Sun, Dec 28, 2008 at 11:34:55PM +0200, Kaul wrote: >> >> > BTW, there's no minimum length verification for messages. I'd assume >> > that if we try to dissect traffic as VNC we should probably verify >> > minimal lengths - both SERVER_VERSION and CLIENT_VERSION packets >> > should be EXACTLY 12 bytes long and start with ASCII chars 'RFB '(3 >> > letters and space - hex 52 46 42 20). Moreover, this could also be >> > used to heuristically find VNC traffic on non-standard ports. >> >> That's a good idea. I've thought for a while about adding length >> verficiation to all of the fixed length packets in fact to help the >> dissector pick up close to the right place in the VNC session if it's >> already going on when the dissection starts. >> >> > If agreed, I'll try to follow this with a patch, at least for some of >> > the comments above. >> >> Go ahead and whip up a patch and we'll try it out :). Thanks for your >> interest in improving the VNC dissector! >> >> >> Steve >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <[email protected]> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:[email protected] >> ?subject=unsubscribe >> > >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
