Ethereal-dev: RE: [Ethereal-dev] RMI is gone

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Esh, Andrew" <AEsh@xxxxxxxxxxx>
Date: Tue, 1 Oct 2002 08:50:36 -0500
Title: RE: [Ethereal-dev] RMI is gone

My problem is not with trying to decode what might be odd RMI that doesn't match the dissector criteria. My problem is different versions of Ethereal decode the same dump file differently. The new versions don't recognize as RMI the same packets that version 0.9.4 did.

I will capture a short dump, verify my results, and send you the dump file. I will also test with 0.9.5.

-----Original Message-----
From: Michael Stiller [mailto:ms@xxxxxxxxxx]
Sent: Tuesday, October 01, 2002 4:50 AM
To: AEsh@xxxxxxxxxxx
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] RMI is gone


>I am working on an RMI problem, and I noticed that the newest
>version (CVS, today) of Ethereal does not appear to decode RMI any more.
>I tried Linux 0.9.7, and the Windows 0.9.6 binary package. Neither one
>lists RMI as the protocol of some of the packets in my trace file. The
>0.9.4 version on Linux (which I compiled some time while the version
>number was set that way) does show RMI packets in the same trace file.
>One packet I looked at was identified as "Serialization data", and
>"Version 5".

As i am the author of the RMI dissector, i will answer:

First the RMI dissector will only try to decode packets as RMI,
if they use TCP Port 1099 for communication. After that, it tries
to decode the RMI Message, following the RMI Specification. If it
doesn't get any clues what kind of message it's looking at it will
only show undecoded data or "Continuation".

I just verified, that the released version 0.9.7 does this correct.

>I can use the new version of Ethereal to view the same packet, and it >shows as a TCP packet, and the RMI portion is "Data". The same bytes >that were decoded by 0.9.4 are shown as hex.

Don't think so. There should be no change in the rmi code.
It also depends what traffic you are decoding. For instance,
if you try to decode "RMI" Traffic between jboss and jboss client,
you would only see traffic delared as "Serialisation Data" as jboss uses
something called jnp over the Java RMI Port.

But i can offer you to look at the dumps, if you are able to mail them to
me. (keep it small if possible)

Cheers,

 -Michael