Ethereal-users: Re: [Ethereal-users] Report

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 15 Oct 2002 11:57:06 -0700
On Tue, Oct 15, 2002 at 11:03:42AM +0200, Guus Teley wrote:
> As mentioned before (for version 0.9.5) I get Unknown command messages
> for the RWSP protocol

I.e., the Microsoft Proxy protocol.

> with the request to report this.
> 
> The reported command is 0x40f.
> 
> The whole package is:
> 
> (The only way to include it was by making a dump of the window. Windows
> cut & paste is not supported)
> 
> Hope this helps.

It helps some, by indicating that there's a 0x040f command and showing
the hex data in the command, although what would *really* help would be
a description of what that command does and how to dissect it - or a
pointer to a more detailed document on the protocol, or an indication
that the latest version of Dante:

	http://www.inet.no/dante

understands those packets.  The underlying problem is that the protocol
isn't, as far as I know, publicly documented, so Jeffrey Foster
implemented the dissector based on the Dante source, but the Dante
implementors may have had to reverse-engineer the protocol, and that
doesn't always yield a complete description of the protocol.

(The same problem exists with other protocols, e.g. the AOL instant
messaging protocol, which is why, for example, Ethereal doesn't dissect
anything for AIM channel 5 - nobody's told us *how* to do so, or
contributed code to do so.)