jean-frederic clere wrote: > > I am rewritting the Ajp protocol documentation. A protocol > analyser would help me. >
The analyzer was written using the existing docs, so if there are problems in the docs the analyzer will be wrong as well. > So please send it. (Even if it is not run and not clean). > Some of the code is a bit iffy, and it's definitely a work in progress, but it runs. I did some cleanup and put in some comments. I've attached a patch to Ethereal 0.9.4, which you can get at: http://www.ethereal.com/ Make sure you have a recent version of libpcap. If you want to hack on it, there are Ethereal developer docs in docs/README.developer, but they are very out of date. Notes: It autodetects 8009 as AJP traffic. It doesn't decode FORWARD_REQUEST attributes (the optional stuff at the end). There are problems with the protocol hierarchy display. There are probably memory leaks. The protocol display could be easier to read. You need ethereal-0.9.4, I'm confident it won't work with earlier versions, and I haven't tested against CVS. There are lots of compiler warnings, many of them legitimate. Install: <download and untar a clean copy of ethereal-0.9.4.tgz> $ cd $PATH_TO_ETHEREAL/ethereal-0.9.4 $ patch < $PATH_TO_PATCH/eth-ajp13.patch patching file Makefile.am patching file Makefile.nmake patching file packet-ajp13.c patching file packet-ajp13.h patching file register-static.c $ ./configure $ make <many compiler warnings> $ su # ./ethereal < make sure that Edit -> Preferences -> Protocols -> TCP "Allow subdissectors to desegment TCP streams" is set to true > <Capture -> Start -> Ok> # try "update packets in real time" <Surf> <Giggle like an anime schoolgirl as you watch the capture> -- Christopher St. John [EMAIL PROTECTED] DistribuTopia http://www.distributopia.com
eth-ajp13.patch.gz
Description: Binary data
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
