http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=19350
User: sahlberg
Date: 2006/09/28 04:29 PM
Log:
From stephen fisher:
I have figured out one of the fields in the MAPI
EcRRegisterPushNotification packet. The field is a UDP port number that
the client wants the Exchange server to send new mail notifications on.
These notifications are on a port > 1023 and are always 8 bytes long.
It looks like I would add the function name to the
dcerpc_mapi_dissectors[] for the register push notification. What would
my new function need to do besides display the field?
Thanks,
Steve
Here is a patch to add this functionality. It displays the notification
port and the notification payload (not sure what the payload itself
means yet). It also dynamically registers each notification port found
with a new dissector (that I called newmail for lack of a better name -
I'm open to suggestions) that displays the notification payload. This
is all undocumented by Microsoft in their usual fashion.
I also changed the code to always display the mapi.opnum field;
currently, the mapi.opnum is only displayed when the
dcerpc_mapi_dissector is null.
Steve
Directory: /trunk/epan/dissectors/
Changes Path Action
+1 -0 Makefile.common Modified
+33 -2 packet-dcerpc-mapi.c Modified
+2 -4 packet-dcerpc.c Modified
+148 -0 packet-newmail.c Added
Directory: /trunk/
Changes Path Action
+1 -0 AUTHORS Modified