On Tue, Feb 15, 2000 at 09:15:12AM +0100, andreas.sikkema@xxxxxxxxxxx wrote:
>
>
>
>
> > Presumably, in that case, frames 3, 4, 6, and 7 would all probably be
> > HTTP, so you might want to flag the entire connection between machine A
> > port 1010 and machine B port 2020 as HTTP - preferably in one operation,
> > not 4 (or more).
>
> But not necesarrily http!
I was just using HTTP as an example.
> I might know that when I receive a certain message a certain time later
> there might be unrecognized (because it's not a known port) messages
> exchanged...
>
> Suppose a protocol uses messagetype A to control a connection and
> messagetype B to exchange data.
Over the same connection (for connection-oriented transport protocols)
or host/port pair (connectionless transport protocols), or over
different connections or host/port pairs?
I.e., in this example:
> Sender 1 Sender 2
> 1 A:connection_req
> 2 A:req_ack
> 3 A:set_connection
> 4 A:set_ack
> 5 A:set_ports
> 6 A:portset_ack
> 7 B:data
> 8 B:data
> 9 B:data
> 10 A:connection_end
> 11 A:end_ack
>
> In the current situation messages 7,8,9 are not recognized, but from the
> information in messages 5 and 6 _I_ know that the messages 7,8,9 are a
> known format,
it sounds as if all the messages are going over the same (TCP, say)
connection or (UDP, say) host/port pair - or does the "set_ports" and
"portset_ack" imply that messages 7-9 are going over a different
connection or host/port pair?
> it's just that ethereal has no way of knowing that.
Why not? Why can it not infer from messages 1-6 that messages 7, 8, and
9 are of protocol type B, if it's capable of understanding message type
A?