Ethereal-dev: [Ethereal-dev] Dissecting with variable length fields

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Fri, 26 May 2006 15:31:58 -0700
I am writing a new dissector for the exec/rexec protocol and am new to 
Ethereal development.  What is the best way to dissect a protocol whose 
fields are variable length null terminated strings?

Functions such as proto_tree_add_item() seem to be geared toward 
protocols with fixed length fields.  As I look through other dissectors 
such as rsh/rlogin/tftp, each seems to have its own way of looking at 
each field/its length and incrementing the offset within a loop.  The 
ideal function would pop out the next null terminated string from the 
packet data and keep track of the offset for me :).

The format of exec packets is:

Client -> Server:
  <tcp port number>NULL<username>NULL<password>NULL<command>NULL

The username and password fields can be any length up to 16 characters.  
After this exchange, control is passed to the user's shell and all other 
data is just information exchanged between the programs.


Thanks,
  Steve

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev