Wireshark-dev: Re: [Wireshark-dev] packet-vnc.c - DEST_PORT_VNC macro - is it even needed?

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Sun, 28 Dec 2008 14:50:13 -0700
On Sun, Dec 28, 2008 at 11:34:55PM +0200, Kaul wrote:

> BTW, there's no minimum length verification for messages. I'd assume 
> that if we try to dissect traffic as VNC we should probably verify 
> minimal lengths - both SERVER_VERSION and CLIENT_VERSION packets 
> should be EXACTLY 12 bytes long and start with ASCII chars 'RFB '(3 
> letters and space - hex 52 46 42 20). Moreover, this could also be 
> used to heuristically find VNC traffic on non-standard ports.

That's a good idea.  I've thought for a while about adding length 
verficiation to all of the fixed length packets in fact to help the 
dissector pick up close to the right place in the VNC session if it's 
already going on when the dissection starts.

> If agreed, I'll try to follow this with a patch, at least for some of 
> the comments above.

Go ahead and whip up a patch and we'll try it out :).  Thanks for your 
interest in improving the VNC dissector!


Steve