[Ethereal-dev] Re: [distcc] [patch] distcc dissector for ethereal

[Martin Pool]

On 11 Mar 2003, Joerg Mayer <jmayer at loplof.de> wrote:

> Quite a few dissectors use TCP reassembly, e.g. packet-skinny.c, packet-tds.c.

OK, thanks for telling me.

> AFAIK Ethereal currently cannot decrypt ssh because nobody has written the
> code to do so. 

Oh, I meant to say that I assumed one would force null encryption,
though I suppose with a bit of help Ethereal could work out the
session key and do the decryption itself.

Having said all this, I have not yet had to look at a TCP dump to
debug a distcc problem, because the protocol is very straightforward
and there's only a single implementation.  So I'm not quite sure why
anyone would want a dissector, aside from just completeness in
Ethereal or for hack value.

> After that, the discc dissector would need to be turned into an
> heuristic dissector (basically, it needs to look at a data packet
> and decide whether the data is distcc from the contents. 

Either a heuristic, or it could be guided by the user.

-- 
Martin