Wireshark-dev: Re: [Wireshark-dev] digging something meaningful out of xmlrpc

From: David Young <dyoung@xxxxxxxxx>
Date: Tue, 15 Feb 2011 10:54:08 -0600
On Tue, Feb 15, 2011 at 03:05:47PM +0200, Toni Ruottu wrote:
> I am using Wireshark to analyse services that use XML-RPC calls to
> communicate. Currently the protocol gets dissected as XML which is
> fine because it is XML. However the result has lots of bloat that
> makes it hard for me to analyse the protocol built on top of XML-RPC.
> Can I somehow write a dissector (?) that analyses only the interesting
> parts of the protocol, and shows its results "on top" of the more
> generix XML-RPC dissection, as an alternative way of interpreting the
> same data. Note that being able to add detail into the atomic parts of
> dissected XML-RPC does not help, as it is the verboseness of XML-RPC
> that gets in the way.

I mentored a Google Summer of Code student in 2009 who
produced stream-oriented XML filter/transform tools,
<http://netbsd-soc.sourceforge.net/projects/xmltools/>.  Maybe the tools
or the corresponding C library will help.

Dave

-- 
David Young             OJC Technologies
dyoung@xxxxxxxxxxx      Urbana, IL * (217) 344-0444 x24