Hi Julien 2009/2/24 Julien Kerihuel <[email protected]>: > On Tue, 2009-02-24 at 12:13 -0800, Harsha wrote: >> Hi all, >> >> I just started looking into openchange and first want to thank all the >> contributors for giving us openchange and the related projects. >> >> As a first step to contributing to the mapiproxy project, I'm reading >> documents on openchange.org and MS Specifications. I have worked on >> CIFS in the past and would like to take a similar approach of looking >> at the packet captures simultaneously. So my question to the list is >> suggestions for looking into the packet captures. I looked at >> Wireshark support for MAPI here - >> http://www.wireshark.org/docs/dfref/m/mapi.html >> Looks like thre are not many fields supported yet (I'm hoping to >> contribute to Wireshark as I go along). > > Hi Harsha, > > I would suggest to directly browse the MAPI dissector code [1]. The > dissector code is a bit old (never really had time to update it), but > should be a good start for further contributions. > > Also, I'd suggest you to run mapiproxy [2] in the middle of > Outlook/Exchange with the downgrade module enabled so Outlook will be > forced to downgrade to EcDoConnect/EcDoRpc and avoid using > EcDoConnectEx/EcDoRpcExt2 with compression. > > Finally if you set mapiproxy binding string parameter with [print] flag, > you'll have all MAPI traffic decoded properly and dumped on stdout. > > Within the same order idea, you may want to try mapitrace tool[3] > available in trunk and possibly look at openchange tools to understand > MAPI semantics. > > [1] http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/pidl/mapi/ Do I need to build Wireshark differently to enable this dissector ? I have build Wireshark and it seems to decode MAPI in the same way as the general Wireshark.
> [2] http://mapiproxy.openchange.org I got this running and is very useful. > [3] http://wiki.openchange.org/index.php/MAPITRACE I'm now trying this and it looks like host kb.openchange.org mentioned here is down- http://wiki.openchange.org/index.php/RPCExtract_documentation Many thanks, Harsha _______________________________________________ devel mailing list [email protected] http://mailman.openchange.org/listinfo/devel
