Ethereal-users: Re: [Ethereal-users] Interbase

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: alex.port@xxxxxxxxxxxx
Date: Fri, 17 Jan 2003 11:43:21 +0000
Guy

Well, as i see it   IPX is a protocol , Appletalk is a Protocol, TCP & IP
are suites of protocols.  TCP traffic on port 3050 is not a protocol (apart
from TCP) from a network perspective.  Is is simply a port that has been
defined for use with the Borland Interbase.  IB traffic is a protocol from
an application point of view but not when your snooping packets off the
wire.   Would you class telnet as a "protocol" as its predefined on port 23
(TCP)?  Should ethereal show d-port of 23, protocol telnet?

My point was simply, if this type of functionality was still wanted then if
a s_port or d_port matches a defined service then instead of showing the
port number in the corresponding source or destination port field, it shows
the defined service name, the protocol field would still show TCP (or
whatever) as that is correct.  Additionally as you state it should say
GDS_DB not IB, if it had I would probably had a hit off a search engine.

The real problem for me was that Ethereal completly changes how it displays
the packets after decode if it thinks the packets are IB, it also adds and
extra header to the decode giving an "unknown" opcode value based on the
packet payload.  It simply infers that something is going on that isnt
truly happening.

I enclose example traffic showing my point, look at it with the IB protocol
enabled and disabled and you'll see what i mean .

However all said and done, i know now and this is just detail,
fundementally Ethereal is a great bit of free software.

Thanks again

Alex

(See attached file: snoop example)





|---------+---------------------------->
|         |           guy@xxxxxxxxxx   |
|         |                            |
|         |           16/01/03 20:08   |
|         |                            |
|---------+---------------------------->
  >-----------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                             |
  |       To:       alex.port@xxxxxxxxxxxx                                                                                      |
  |       cc:       ethereal-users@xxxxxxxxxxxx                                                                                 |
  |       Subject:  Re: [Ethereal-users] Interbase                                                                              |
  >-----------------------------------------------------------------------------------------------------------------------------|




On Thu, Jan 16, 2003 at 06:09:19PM +0000, alex.port@xxxxxxxxxxxx wrote:
> Ethereal should amend the source port to the defined name not the
protocol
> field.

What do you mean by "Ethereal should amend the source port to the
defined name not the protocol field"?  Do you mean that the dissector
for traffic on TCP port 3050 should report the traffic as, for example,
"GDS_DB" rather than "Interbase"?

Attachment: snoop example
Description: Binary data