Wireshark · Wireshark-dev: Re: [Wireshark-dev] Redback Lawful Intercept Dissector

Wireshark-dev: Re: [Wireshark-dev] Redback Lawful Intercept Dissector

From: Florian Lohoff <flo@xxxxxxxxxx>

Date: Thu, 10 Apr 2008 20:52:00 +0200

On Thu, Apr 10, 2008 at 10:27:50AM -0500, Michael A. McCartney wrote:
> Florian,
> 
> There is a existing bug ticket open for this:
> 
> http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2376

I took a look and cooked an even more strict patch than there was in
the bug report and attached it to the bug. It correctly does not touch
the klive capture but does correctly decode the redbackli cap ...

It should even refuse to claim the packet if there is e.g. 
a byte combination of:

	0x01 0x04 0xAA 0xBB 0xCC 0xDD 0x00 0x00

at the beginning - currently this would be a legal AVP_SEQNO with a 
4 byte integer and than an AVP_EOH.

With the more strict patch it would at least 2 more AVPs with correct
length and correct number of bytes inbetween so much less likely
to trigger accidentally.

Flo
-- 
Florian Lohoff                  flo@xxxxxxxxxx             +49-171-2280134
	Those who would give up a little freedom to get a little 
          security shall soon have neither - Benjamin Franklin

Attachment: signature.asc
Description: Digital signature

References:
- [Wireshark-dev] Redback Lawful Intercept Dissector
  - From: Andrew Feren
- Re: [Wireshark-dev] Redback Lawful Intercept Dissector
  - From: Jeff Morriss
- Re: [Wireshark-dev] Redback Lawful Intercept Dissector
  - From: Florian Lohoff
- Re: [Wireshark-dev] Redback Lawful Intercept Dissector
  - From: Michael A. McCartney

Prev by Date: Re: [Wireshark-dev] wslua: reading raw file?
Next by Date: Re: [Wireshark-dev] Is there a way to change the path (location) of wireshark PLUGINs?
Previous by thread: Re: [Wireshark-dev] Redback Lawful Intercept Dissector
Next by thread: Re: [Wireshark-dev] Redback Lawful Intercept Dissector
Index(es):
- Date
- Thread