Ethereal-dev: [Ethereal-dev] MSRPC and protocol handoffs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Todd Sabin <tas@xxxxxxxxxxx>
Date: 04 Nov 2000 18:53:32 -0500
Hi,

I'm thinking about writing a dissector for MSRPC (actually I've
already done a tiny amount), and I'm wondering whether ethereal has
the ability to dynamically handoff packets to various dissectors until
one accepts it.  From what I can tell, dissectors have to say "I want
TCP packets to port 135" or similar.  MS's Netmon works a little like
that, but also if there's no handler for a given packet, it lets the
user chain parsers, so that they're called in turn until one of them
accepts the packet.  You probably already know this. 

Anyway, it's really necessary in the case of MSRPC, which can be done
over both TCP and UDP on both fixed and dynamic ports, SMB, NBT, not
to mention IPX, SPX, etc.

So, assuming I (or someone) write a dissector that understands MSRPC,
how does it get called in all of the various places that it might
need to be?

Thanks,


Todd