Wireshark mailing list archives

Re: An iSCSI expert system for wireshark

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Tue, 19 Jan 2010 18:17:43 -0800

On Tue, Jan 19, 2010 at 6:13 PM, jimmy wang <jimmy.tianjin () gmail com> wrote:

Hi core developer,
         I’m a member of Inventec Tianjin Company. We write an iSCSI expert
system based on wireshark. The main features of the system include:
1. An iscsi PDU analyzing expert system with about 50 rules. The system can
detect protocol error like StatSN less than ExpStatSN, Login response CSG
bad value, etc.
2. An enhanced iscsi dissector which based on packet-iscsi.c
3. An iscsi expert information dialog which displays the expert system
detecting result, iscsi session/connection topology tree and iscsi
parameters.
4. An iscsi flow dialog which displays the iscsi PDU sequence, iscsi
session/connection topology tree and iscsi statistics information.
The attachments are the snapshot of the expert information dialog and iscsi
flow dialog.
The expert system include the follow source file:
1. Epan\dissectors\Packet-iscis.c         - enhanced iscsi dissector
2. Epan\dissectors\iscsiexpert-rules.c          - included by packet-iscsi.c
for expert system rules
3. Gtk\iscsiexpert_dlg.c        - expert information dialog
4. Gtk\iscsiexpert_stat.c      - iscsi flow dialog
We want our dissector and dialog be included in the main wireshark
distribution. Could you please give me some suggestion:
1. Is it possible?
2. May we just send a patch based on packet-iscsi.c or we need send a new
file named packet-iscsiexpert.c for the iscsi dissector? If use
packet-iscsiexpert.c, we need add a new protocol iscsi[E] and need enable
iscsi[E] and disable iscsi manually.
Thanks for your time.


Hmmm, this is interesting.

Can you send it to me please ... I have been wanting to do some work
on the iSCSI dissector for a while, and this sounds interesting.

-- 
Regards,
Richard Sharpe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

An iSCSI expert system for wireshark jimmy wang (Jan 19)
- Re: An iSCSI expert system for wireshark Richard Sharpe (Jan 19)
  - Re: An iSCSI expert system for wireshark jimmy wang (Jan 20)
    - Re: An iSCSI expert system for wireshark Richard Sharpe (Jan 20)
    - Re: An iSCSI expert system for wireshark Guy Harris (Jan 20)
    - Re: An iSCSI expert system for wireshark jimmy wang (Jan 20)
    - Re: An iSCSI expert system for wireshark Richard Sharpe (Jan 20)
    - Re: An iSCSI expert system for wireshark jimmy wang (Jan 20)
    - Re: An iSCSI expert system for wireshark Richard Sharpe (Jan 20)
    - Re: An iSCSI expert system for wireshark jimmy wang (Jan 20)
    - Re: An iSCSI expert system for wireshark Richard Sharpe (Jan 20)