Attached please find a patch that enables to heuristically find VNC traffic on non-standard ports.
(it also adds some if(tree) ... around some proto_tree_add_item() functions)
Y.
On Sun, Dec 28, 2008 at 11:50 PM, Stephen Fisher
<stephentfisher@xxxxxxxxx> wrote:
On Sun, Dec 28, 2008 at 11:34:55PM +0200, Kaul wrote:
> BTW, there's no minimum length verification for messages. I'd assume
> that if we try to dissect traffic as VNC we should probably verify
> minimal lengths - both SERVER_VERSION and CLIENT_VERSION packets
> should be EXACTLY 12 bytes long and start with ASCII chars 'RFB '(3
> letters and space - hex 52 46 42 20). Moreover, this could also be
> used to heuristically find VNC traffic on non-standard ports.
That's a good idea. I've thought for a while about adding length
verficiation to all of the fixed length packets in fact to help the
dissector pick up close to the right place in the VNC session if it's
already going on when the dissection starts.
> If agreed, I'll try to follow this with a patch, at least for some of
> the comments above.
Go ahead and whip up a patch and we'll try it out :). Thanks for your
interest in improving the VNC dissector!
Steve
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Attachment:
packet-vnc.c.diff
Description: Binary data