[Ethereal-dev] Re: [distcc] [patch] distcc dissector for ethereal
Martin Pool
mbp at sourcefrog.net
Tue Mar 11 07:55:10 GMT 2003
On 11 Mar 2003, Joerg Mayer <jmayer at loplof.de> wrote:
> Quite a few dissectors use TCP reassembly, e.g. packet-skinny.c, packet-tds.c.
OK, thanks for telling me.
> AFAIK Ethereal currently cannot decrypt ssh because nobody has written the
> code to do so.
Oh, I meant to say that I assumed one would force null encryption,
though I suppose with a bit of help Ethereal could work out the
session key and do the decryption itself.
Having said all this, I have not yet had to look at a TCP dump to
debug a distcc problem, because the protocol is very straightforward
and there's only a single implementation. So I'm not quite sure why
anyone would want a dissector, aside from just completeness in
Ethereal or for hack value.
> After that, the discc dissector would need to be turned into an
> heuristic dissector (basically, it needs to look at a data packet
> and decide whether the data is distcc from the contents.
Either a heuristic, or it could be guided by the user.
--
Martin
More information about the distcc
mailing list