Hi
I was trying to develop ethereal for wireless lan and TCP protocol and session analysis and find out if
the machine communications are violating the protocol
IEEE specifications and find if the developers/ administrator or the card is violating
the IEEE standards without manually going
through all the packets captured in the overnight run.
As a starter I would like to implement:
1) See if the
packet responses at each protocol layer was correct and before the time out ( eg. Data-Ack, RTS-CTS, AssocReq-AssocRsp etc.)
2) There were a
sequence number duplication, jump.
3) Few rarely occurring
but very important cases:
a. A packet was
correctly captured, yet retried.
b. A packet not
being acked, but also not retried ( capture error)
c. A packet successfully
transmitted and received, but dropped by the higher networking layer.
4) The
timestamp errors.
5) What was the
backoff after which the transmitter retried?
6) NAV
violations.
I would basically like to code a special reporting tool/ plugin ( under the statistics tab as detected violations/
deviations) which captures and reports whenever there is a deviation from the ideal
behavior in real time on per protocol basis( I would also like a popup-window
or bell alert).
My queries where:
1) Does ethereal have a code base which could be used/
extended for this purpose?
2) Where exactly to put the interface? As
a plugin or with the dissectors?
3) I would love if you guys could actually come up with the
features requirements and save the time spend going through all the packets in
pin-pointing the deviations.
4) Does implementing a FSM on per address pair solve our
problem?
Regards,
Ankur