Wireshark mailing list archives
Extending Randpkt Protocol Coverage
From: Evan Huus <eapache () gmail com>
Date: Mon, 15 Apr 2013 11:13:50 -0400
Just a quick idea I had that I don't plan to work on in the near future. Perhaps one of the GSOC students interested in improving our fuzzing could pick this up since it is somewhat related. Our randpkt tester is great but currently only covers 22 protocols at a quick count. An easy way to extend this to cover vastly more protocols would be: - Add a type to randpkt (perhaps 'tcp-payload') that generates Eth+IP+TCP+Payload under a specific generic TCP port (something high in the unregistered zone). - Add support for cycling through the various -d options to the the randpkt-test.sh script So randpkt would generate random TCP payloads under a known port, and the script would then run tshark on the file once for each protocol that runs over TCP, forcing decoding on that port to that protocol. Doing this for just TCP, UDP and SCTP would add coverage for an additional ~450 distinct protocols (already accounting for duplicates). ./tshark -G decodes | grep -e udp.port -e tcp.port -e sctp.port | cut -f3 | uniq | wc Cheers, Evan ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Extending Randpkt Protocol Coverage Evan Huus (Apr 15)
- <Possible follow-ups>
- Re: Extending Randpkt Protocol Coverage Sonny Tavernier (Apr 15)
- Re: Extending Randpkt Protocol Coverage Sonny Tavernier (Apr 16)