Graeme Lunt
Hi!
I have been working on Wireshark since mid 2005 initially working on the dissectors that interested me, but then diversifying into other areas of Wireshark.
The dissectors I developed are primarily for the OSI X.400 Messaging Services and X.500 Directory Services, including the lower layers of the stack. I've also worked on the IETF equivalents; SMTP, LDAP.
So far I have added dissectors for:
ROS: Remote Operations Service Element
RTSE: Reliable Transfer Service Element
X411: X.400 Message Transfer Service (P1)
X413: X.400 Message Store Service (P7)
X420: X.420 Interpersonal Message Service (P22) (including X.420 File Transfer Body Part).
S4406: STANAG 4406 Military Message Service (P772)
DISP: X.500 Directory Information Shadowing Protocol
DAP: X.500 Directory Access Protocol
DSP: X.500 Directory Shadowing Protocol
DOP: X.500 Directory Object Management Binding Protocol
PKCS12: Personal Information Exchange Syntax (private key storage (.pfx or .p12 files).
IMF: Internet Message Format (RFC2822)
TNEF: Transport-Neutral Encoding Format (TNEF) (those pesky winmail.dat files!)
This has involved forays into the existing dissectors:
BER: ASN.1 Basic Encoding Rules
PRES: OSI Presentation Layer
CMS: Cryptographic Message Syntax
ESS: Enhanced Security Services
LDAP: Lightweight Directory Access Protocol
SMTP: Simple Message Transfer Protocol
I've even tried to understand how asn2wrs (on which most of my new dissectors rely) does it's magic!
I have introduced a new file type that allows Wireshark to read a raw ASN.1 BER-encoded file, for example a PKCS#12 file. All of Wireshark's powerful ASN.1 dissection routines can then be brought to bear on these files, that may not normally be sent over the wire. The "Decode As" feature has been updated to recognise ASN.1 files and offer dissection in accordance to common ASN.1 definitions.
I have developed the U3Packaging for Wireshark that allows you to run Wireshark from a USB stick, as well as a WiresharkPortable version of Wireshark that runs under the PortableApps framework.
Current things I am working on are:
TNEF: Still looking to enhance this to allow the registration of dissectors for specific MAPI properties.
I am [still] looking at mechanisms that will allow the user to associate a known BER syntax with a given OID - either from a configuration file, parsing of ASN.1 modules, SNMP MIBS etc, or some other mechanism.
If there is some messaging/directory feature you would like to see in Wireshark, send it to the development list and I'll try and help out.
For other information see http://www.smhs.co.uk.
Email: <graeme.lunt AT SPAMFREE smhs DOT co DOT uk>