Hello everyone,
here's the remaining wireshark/sniffing related stuff that I remember
talking about.
Ciao
Jörg
Friday:
Dinnertalk (just ideas, not discussed in detail):
- Something I can't remember
- In order to reduce the impact of buffer overflows and similar mistakes
separate out the dissection code into it's own executable like it was
done with dumpcap. This process could then be run in a sandbox and talk
to the Wireshark process via filehandles or whatever. This would also
significantly reduce the work required to show several traces in one
process, as the dissection code would not need to be touched.
- Maybe verify GPL compliance of commercial software calling Wireshark's
dissection code via Microsoft's COM mechanism (with and without process
switching). Who can we ask about this? EFF?
- Idea: Offer a translated (capture filter syntax) version when a user enters
a display filter into a capture filter place (e.g. "Did you mean
'host 1.2.3.4'?" after the user entered ip.addr==1.2.3.4).
FOSDEM beer event (after a beer or so):
- Wireshark doesn't have any catchy code names for releases like the Linux
kernel has. Use shark species like "smashing Sphyrna mokarran". Send out
Sake to provide pictures ;-)
Saturday:
- Visiting introduction Cmake talk as FOSDEM (Graham, Jörg, Martin, Sake) by
Bill Hoffman and Alexander Neundorf.
- The minemu talk was interesting
https://minemu.org/mediawiki/index.php?title=Minemu
but probably not relevant for Wireshark testing.
Dinnertalk (with Harald Welte):
- Sniffing sim-card traffic
- decode as
+ any type of payload (not layer specific)
+ at any place
+ saveable
- Change protocol tables and save that (i.e. change the default port of
a protocol and save that). Provide a fixed port (or whatever selector
is used) for heuristic protocols
- Inverse to desegmentation: at some layer there are e.g. 13 higher level
pdus inside one frame. Convert this into 13 separate packets (or whatever).
- Ability to "ignore" (i.e. don't show) lower level protocols
- Show context of filtered packets (like diff -C 3 ...)
- Ability to filter on the info column
- Provide an option to show the info column when running "tshark -V ..."
- CSN1 decoding is manually coded right now - and wrong in some places.
Automatic creation like ASN.1 possible but rather hard problem.
Sunday:
- Coreboot talk: Interesting project but irrelevant to Wireshark unless we
want to put Wireshark into the bios ;-)
Nothing Wireshark specific happend.
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.