Wireshark-users: [Wireshark-users] Need help with Citrix' ICA protocol

From: Jonathan Day <imipak@xxxxxxxxx>
Date: Fri, 7 Jul 2006 11:45:54 -0700 (PDT)

Couple of quick questions with respect to Wireshark on
Citrix' ISA protocol. A search on Google shows that
people have used Wireshark/Ethereal with the Citrix
protocol, but it is NOT listed in the software or in
the online manual as a supported protocol.

Is there something I need to add/install to recognize
Citrix packets, or is this an error in the docs?

Secondly, assuming Citrix recognition exists
somewhere, how much of the protocol can be deciphered
by Wireshark? I know it uses a mix of encryption and
compression, and probably other techniques, to obscure
the contents. Really, I don't need to know everything,
just the remote application being used.

Is there anything out there - however alpha - that
might tell me more about how the Citrix packets are
built, how to read them and how to identify what is
being done?

And finally an FYI - the list of protocols on the web
page version of the documentation is unreachable.
Seems to be a broken link. The version on the original
site works OK, but I dunno if that's current.


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 