Differences between revisions 6 and 7
Revision 6 as of 2007-11-18 09:31:32
Size: 2961
Editor: GraemeLunt
Comment: Add link to P7 protocol and Wireshark Portable
Revision 7 as of 2008-04-12 17:51:45
Size: 2965
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
 * ["ROS"]: Remote Operations Service Element
 * ["RTSE"]: Reliable Transfer Service Element
 * ["X411"]: X.400 Message Transfer Service (P1)
 * ["X413"]: X.400 Message Store Service (P7)
 * ["X420"]: X.420 Interpersonal Message Service (P22) (including X.420 File Transfer Body Part).
 * ["S4406"]: STANAG 4406 Military Message Service (P772)
 * ["DISP"]: X.500 Directory Information Shadowing Protocol
 * ["DAP"]: X.500 Directory Access Protocol
 * ["DSP"]: X.500 Directory Shadowing Protocol
 * ["DOP"]: X.500 Directory Object Management Binding Protocol
 * ["PKCS12"]: Personal Information Exchange Syntax (private key storage (.pfx or .p12 files).
 * ["IMF"]: Internet Message Format (RFC2822)
 * ["TNEF"]: Transport-Neutral Encoding Format (TNEF) (those pesky winmail.dat files!)
 * [[ROS]]: Remote Operations Service Element
 * [[RTSE]]: Reliable Transfer Service Element
 * [[X411]]: X.400 Message Transfer Service (P1)
 * [[X413]]: X.400 Message Store Service (P7)
 * [[X420]]: X.420 Interpersonal Message Service (P22) (including X.420 File Transfer Body Part).
 * [[S4406]]: STANAG 4406 Military Message Service (P772)
 * [[DISP]]: X.500 Directory Information Shadowing Protocol
 * [[DAP]]: X.500 Directory Access Protocol
 * [[DSP]]: X.500 Directory Shadowing Protocol
 * [[DOP]]: X.500 Directory Object Management Binding Protocol
 * [[PKCS12]]: Personal Information Exchange Syntax (private key storage (.pfx or .p12 files).
 * [[IMF]]: Internet Message Format (RFC2822)
 * [[TNEF]]: Transport-Neutral Encoding Format (TNEF) (those pesky winmail.dat files!)
Line 27: Line 27:
 * ["BER"]: ASN.1 Basic Encoding Rules
 * ["PRES"]: OSI Presentation Layer
 * ["CMS"]: Cryptographic Message Syntax
 * ["ESS"]: Enhanced Security Services
 * ["LDAP"]: Lightweight Directory Access Protocol
 * ["SMTP"]: Simple Message Transfer Protocol
 * [[BER]]: ASN.1 Basic Encoding Rules
 * [[PRES]]: OSI Presentation Layer
 * [[CMS]]: Cryptographic Message Syntax
 * [[ESS]]: Enhanced Security Services
 * [[LDAP]]: Lightweight Directory Access Protocol
 * [[SMTP]]: Simple Message Transfer Protocol
Line 39: Line 39:
I have developed the ["U3Packaging"] for Wireshark that allows you to run Wireshark from a USB stick, as well as a ["WiresharkPortable"] version of Wireshark that runs under the [http://www.portableapps.com/ PortableApps] framework. I have developed the [[U3Packaging]] for Wireshark that allows you to run Wireshark from a USB stick, as well as a [[WiresharkPortable]] version of Wireshark that runs under the [[http://www.portableapps.com/|PortableApps]] framework.
Line 43: Line 43:
 * ["TNEF"]: Still looking to enhance this to allow the registration of dissectors for specific MAPI properties.  * [[TNEF]]: Still looking to enhance this to allow the registration of dissectors for specific MAPI properties.
Line 49: Line 49:
For other information see [http://www.smhs.co.uk]. For other information see [[http://www.smhs.co.uk]].
Line 51: Line 51:
Email: [[MailTo(graeme.lunt AT SPAMFREE smhs DOT co DOT uk)]] Email: <<MailTo(graeme.lunt AT SPAMFREE smhs DOT co DOT uk)>>

Graeme Lunt

Hi!

I have been working on Wireshark since mid 2005 initially working on the dissectors that interested me, but then diversifying into other areas of Wireshark.

The dissectors I developed are primarily for the OSI X.400 Messaging Services and X.500 Directory Services, including the lower layers of the stack. I've also worked on the IETF equivalents; SMTP, LDAP.

So far I have added dissectors for:

  • ROS: Remote Operations Service Element

  • RTSE: Reliable Transfer Service Element

  • X411: X.400 Message Transfer Service (P1)

  • X413: X.400 Message Store Service (P7)

  • X420: X.420 Interpersonal Message Service (P22) (including X.420 File Transfer Body Part).

  • S4406: STANAG 4406 Military Message Service (P772)

  • DISP: X.500 Directory Information Shadowing Protocol

  • DAP: X.500 Directory Access Protocol

  • DSP: X.500 Directory Shadowing Protocol

  • DOP: X.500 Directory Object Management Binding Protocol

  • PKCS12: Personal Information Exchange Syntax (private key storage (.pfx or .p12 files).

  • IMF: Internet Message Format (RFC2822)

  • TNEF: Transport-Neutral Encoding Format (TNEF) (those pesky winmail.dat files!)

This has involved forays into the existing dissectors:

  • BER: ASN.1 Basic Encoding Rules

  • PRES: OSI Presentation Layer

  • CMS: Cryptographic Message Syntax

  • ESS: Enhanced Security Services

  • LDAP: Lightweight Directory Access Protocol

  • SMTP: Simple Message Transfer Protocol

I've even tried to understand how asn2wrs (on which most of my new dissectors rely) does it's magic!

I have introduced a new file type that allows Wireshark to read a raw ASN.1 BER-encoded file, for example a PKCS#12 file. All of Wireshark's powerful ASN.1 dissection routines can then be brought to bear on these files, that may not normally be sent over the wire. The "Decode As" feature has been updated to recognise ASN.1 files and offer dissection in accordance to common ASN.1 definitions.

I have developed the U3Packaging for Wireshark that allows you to run Wireshark from a USB stick, as well as a WiresharkPortable version of Wireshark that runs under the PortableApps framework.

Current things I am working on are:

  • TNEF: Still looking to enhance this to allow the registration of dissectors for specific MAPI properties.

I am [still] looking at mechanisms that will allow the user to associate a known BER syntax with a given OID - either from a configuration file, parsing of ASN.1 modules, SNMP MIBS etc, or some other mechanism.

If there is some messaging/directory feature you would like to see in Wireshark, send it to the development list and I'll try and help out.

For other information see http://www.smhs.co.uk.

Email: <graeme.lunt AT SPAMFREE smhs DOT co DOT uk>


CategoryHomepage

GraemeLunt (last edited 2008-04-12 17:51:45 by localhost)