Remote Desktop Protocol Dissector

[Marc-André Moreau <marcandre.moreau () gmail com>]

Hi Wireshark developers,

I am a developer for FreeRDP <http://www.freerdp.com>, a free remote desktop
protocol client. I started writing a dissector for the RDP protocol as there
is currently none and such a tool would be immensely useful for the
development of my program. There's something I have a problem with: RDP is
made out of multiple protocols, with some of them already being implemented
in Wireshark. One of them is T.125 (MCS). I tried using
find_dissector("t125") and then call it on the RDP payload, and it works to
some extent. The problem with that is that I need a way to know if 1)
dissection has been successful with the T.125 dissector and 2) a way to
dissect the "userData" field if it is present, after the T.125 dissector has
been called, as it contains a payload defined in the RDP protocol. How
should I get the offset of this userData field dissected by the MCS
dissector, so that I can dissect it? I find that most of the Wireshark API
is useful when you are "forward" dissecting, but not when you want to
interpret the results from a previous dissection, unless I am mistaken. Any
help is appreciated, thanks.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe