Wireshark-bugs: [Wireshark-bugs] [Bug 5522] New: Support for the Linux ATM-over-TCP protocol

Date: Sun, 26 Dec 2010 07:55:08 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5522

           Summary: Support for the Linux ATM-over-TCP protocol
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: tyson.key@xxxxxxxxx


Build Information:
Version 1.5.0-SVN-35259 (SVN Rev 35259 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.16.6, with GLib 2.24.2, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, without Kerberos, with GeoIP, with PortAudio V19-devel (built Dec
23 2010), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
It may be useful to support dissection of traffic generated by the "atmtcp"
utility under Linux. This is typically carried on TCP port 2812.

As far as I am aware, there is no formal specification or standard for this
protocol; although the packets themselves consist of an 8 byte header (VPI, VCI
and Payload Length) and a payload, according to
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=blob_plain;f=include/linux/atm_tcp.h;hb=HEAD.

An example of such a payload (including the header), after extraction from a
TCP packet is:
0000   00 00 00 10 00 00 00 61 30 5f 02 01 00 04 04 49  .......a0_.....I
0010   4c 4d 49 a0 54 02 01 07 02 01 00 02 01 00 30 49  LMI.T.........0I
0020   30 12 06 0d 2b 06 01 04 01 82 61 02 01 01 01 08  0...+.....a.....
0030   00 02 01 00 30 12 06 0d 2b 06 01 04 01 82 61 02  ....0...+.....a.
0040   01 01 01 07 00 02 01 00 30 10 06 0b 2b 06 01 04  ........0...+...
0050   01 82 61 02 01 04 00 02 01 00 30 0d 06 08 2b 06  ..a.......0...+.
0060   01 02 01 01 03 00 02 01 00                       .........

In addition to raw binary payload data (e.g. ILMI traffic), textual data that
appears to be used for debugging or command delivery has also been discovered
within these packets.

For example:
0000   00 00 00 00 00 00 00 22 4f 20 30 2e 31 36 20 30  ......."O 0.16 0
0010   2e 30 2e 31 36 20 75 62 72 2c 61 61 6c 35 3a 6d  .0.16 ubr,aal5:m
0020   61 78 5f 73 64 75 3d 34 38 34                    ax_sdu=484

Thanks in advance.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.