["James Courtier-Dutton" <James@xxxxxxxxxxxxxxxxxxxx>]

Hello
I enclose two file, one is the MS Netmon .CAP file, and the other is the
Decoded packet in text.
How easy would it be to add support for this packet into ethereal?

Cheers
James


--
Nothing in this world is exactly what it appears to be.

Attachment: MS-Netmon-Security_Check.cap
Description: Binary data

Network Monitor trace  Wed 01/09/02 16:17:58  MS-Netmon-Security Check.txt

***********************************************************************************************************************************************************
Frame    Time         Src MAC Addr    Dst MAC Addr    Protocol    Description                                       Src Other Addr     Dst Other Addr     Type Other Addr
1        601.715224   LOCAL           030000000002    Bone        Security Check (0x03)                                                                    

  Frame: Base frame properties
      Frame: Time of capture = 15/07/2001 20:40:59.886
      Frame: Time delta from previous physical frame: 0 microseconds
      Frame: Frame number: 1
      Frame: Total frame length: 197 bytes
      Frame: Capture frame length: 197 bytes
      Frame: Frame data: Number of data bytes remaining = 197 (0x00C5)
  ETHERNET: 802.3 Length = 197
      ETHERNET: Destination address : 030000000002
          ETHERNET: .......1 = Group address
          ETHERNET: ......1. = Locally administered address
      ETHERNET: Source address : 0010A49C7D2B
          ETHERNET: .......0 = No routing information present
          ETHERNET: ......0. = Universally administered address
      ETHERNET: Frame Length : 197 (0x00C5)
      ETHERNET: Data Length : 0x00B4 (180)
      ETHERNET: Ethernet Data: Number of data bytes remaining = 183 (0x00B7)
  LLC: UI DSAP=0x03 SSAP=0x02 C
      LLC: DSAP = 0x03 : GROUP
      LLC: SSAP = 0x02: COMMAND
      LLC: Frame Category: Unnumbered Frame
      LLC: Command = UI
      LLC: LLC Data: Number of data bytes remaining = 180 (0x00B4)
  Bone: Security Check (0x03)
      Bone: Signature = RTSS
      Bone: Command = Security Check (0x03)
      Bone: Flags = 0x00

00000:  03 00 00 00 00 02 00 10 A4 9C 7D 2B 00 B4 03 02   ..........}+....
00010:  03 52 54 53 53 03 00 00 00 00 00 A8 00 01 00 00   .RTSS...........
00020:  00 06 6A 17 01 45 4E 30 30 31 38 31 37 32 33 32   ..j..EN001817232
00030:  32 36 39 00 00 6A 63 64 75 74 74 6F 6E 00 00 00   269..jcdutton...
00040:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00050:  00 00 00 00 00 00 00 00 00 00 10 A4 9C 7D 2B 00   .............}+.
00060:  10 A4 9C 7D 2B 45 00 4E 00 30 00 30 00 31 00 38   ...}+E.N.0.0.1.8
00070:  00 31 00 37 00 32 00 33 00 32 00 32 00 36 00 39   .1.7.2.3.2.2.6.9
00080:  00 00 00 00 00 6A 00 63 00 64 00 75 00 74 00 74   .....j.c.d.u.t.t
00090:  00 6F 00 6E 00 00 00 00 00 00 00 00 00 00 00 00   .o.n............
000A0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
000B0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
000C0:  00 00 00 00 00                                    .....           









page 1


This message has been 'sanitized'.  This means that potentially
dangerous content has been rewritten or removed.  The following
log describes which actions were taken.

Sanitizer (start="1010593098"):
  Part (pos="1224"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="1595"):
    SanitizeFile (filename="MS-Netmon-Security Check.cap", mimetype="application/octet-stream"):
      Match (rule="2"):
        Enforced policy: accept

      Replaced file name with: MS-Netmon-Security_Check.cap

  Part (pos="13376"):
    SanitizeFile (filename="MS-Netmon-Security Check.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

      Replaced file name with: MS-Netmon-Security_Check.txt

  Total modifications so far: 2


Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $