Home page logo
/

wireshark logo Wireshark mailing list archives

Extending Randpkt Protocol Coverage
From: Evan Huus <eapache () gmail com>
Date: Mon, 15 Apr 2013 11:13:50 -0400

Just a quick idea I had that I don't plan to work on in the near
future. Perhaps one of the GSOC students interested in improving our
fuzzing could pick this up since it is somewhat related.

Our randpkt tester is great but currently only covers 22 protocols at
a quick count. An easy way to extend this to cover vastly more
protocols would be:

- Add a type to randpkt (perhaps 'tcp-payload') that generates
Eth+IP+TCP+Payload under a specific generic TCP port (something high
in the unregistered zone).
- Add support for cycling through the various -d options to the the
randpkt-test.sh script

So randpkt would generate random TCP payloads under a known port, and
the script would then run tshark on the file once for each protocol
that runs over TCP, forcing decoding on that port to that protocol.

Doing this for just TCP, UDP and SCTP would add coverage for an
additional ~450 distinct protocols (already accounting for
duplicates).

./tshark -G decodes | grep -e udp.port -e tcp.port -e sctp.port | cut
-f3 | uniq | wc

Cheers,
Evan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]