Ethereal-dev: [Ethereal-dev] Working on packet-tds ....

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
From: "Bill Meier" <wmeier@xxxxxxxxxxx>
Date: Sun, 31 Oct 2004 20:29:00 -0500
I've a need to decode TDS 4.2 and so I'm making some additions/fixes to 
packet-tds.c to somewhat improve the decoding of same.

I expect I'll have the work done in a week or two.


With respect to the below from a note in an Aug 2003 EMail on the dev 
mailing list:

    "... It also makes an attempt to dissect part of the "remote procedure 
    call" packets (there appears to be a counted string at the beginning; I 
    don't know what's in the rest of the packet), ...."

    I'm pretty sure I understand the format of "RPC" packets (at least for TDS 
    4.2) and will see what, if anything, makes sense for decoding the stored-
    proc-args which occur after the "stored proc name"



On a separate note: I've a need to be able to specify the (non-standard) 
port(s) being used by the Sybase server(s) in my environment so that 
Ethereal will decode connectins for those ports as TDS.

Looking back at previous EMails, I note there was some discussion that a 
way to do this is to implement "decode as" for the TDS dissector; However, 
it appears that this was not implemented. 

Implementing "decode as" does seem a good way to allow decoding a specific 
conversation as TDS.

On the other hand it would seem an alternative might be to use a preference 
and then have the dissector register the port specified in the preference

(This would be more useful for me since captures I'm examining have many 
conversations (connections) to the same server and since all the captures 
are for the same server(s)).

(Or: maybe both approaches are useful for different circumstances).

(The current heuristic doesn't really work for me since it basically seems 
to require ms-sql default ports or a 'login' PDU before decoding TDL (if 
I'm reading the code correctly)).


Any suggestions or comments on this ?


Thanks

Bill Meier