Matt, It really sounds like the Wireshark dissector is coming together! Congrats on the progress.
I am a little concerned about the TCP segmentation problem. It is very easy for a RO_ACCESS_REPORT or even a GET_ACCESSSPECS_RESPONSE to exceed Ethernet MTU and thus be segmented at a TCP layer, so we will need to be able to decode these frames. I have limited experience with Wireshark dissectors, but I did find a section in the Wireshark developer's guide that discusses this problem. http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html #TcpDissectPdus Will this help address the issue with large LLRP frames? Thanks, Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Poduska Sent: Wednesday, July 25, 2007 9:24 AM To: [email protected] Subject: Re: [ltk-d] WireShark Dissector Update [heur] I began development of the dissector before the format attribute was added to the XML, so no. There are quite a few enhancements that can be made to the current dissector, formatting variable data fields is definitely one. One other item of note: since LLRP is layered on TCP, it's possible for an LLRP message to be split across multiple packets. In this case, the LLRP dissector will fail decode. - Matt >From: "John R. Hogerhuis" <[EMAIL PROTECTED]> >Reply-To: LLRP Toolkit Development List ><[email protected]> >To: "LLRP Toolkit Development List" ><[email protected]> >Subject: Re: [ltk-d] WireShark Dissector Update >Date: Tue, 24 Jul 2007 15:43:47 -0700 > >On 7/24/07, Matt Poduska <[EMAIL PROTECTED]> wrote: > > we've only just begun work to support runtime definition of vendor > > extensions. > > >Great news... BTW, there is a bug in Wireshark that shows up with the >kind of heavy traffic in small packets you see in RFID. You will >eventually run into it: > >http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124 > >Vendor extensions are tricky business. There are still decisions to be >made here for LTK itself. Some issues that come up include versioning, >possibly in or out-of-band negotiation of version, strong vs. weak >typing, LLRP-XML format, filesystem organization of schemas, etc. Some >of these are less important for Wireshark. > >Are you using the format attributes in llrpdef.xml? > >-- John. > >----------------------------------------------------------------------- -- >This SF.net email is sponsored by: Splunk Inc. >Still grepping through log files to find problems? Stop. >Now Search log events and configuration files using AJAX and a browser. >Download your FREE copy of Splunk now >> http://get.splunk.com/ >_______________________________________________ >llrp-toolkit-devel mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ llrp-toolkit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ llrp-toolkit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel
