tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher K. St. John" <>
Subject Re: Ethereal AJP13 dissector? [Ethereal patch attached]
Date Fri, 31 May 2002 17:09:24 GMT
jean-frederic clere wrote:
> I am rewritting the Ajp protocol documentation. A protocol
> analyser would help me.

 The analyzer was written using the existing docs, so
if there are problems in the docs the analyzer will
be wrong as well.

> So please send it. (Even if it is not run and not clean).

 Some of the code is a bit iffy, and it's definitely a
work in progress, but it runs. I did some cleanup and put
in some comments. I've attached a patch to Ethereal 0.9.4,
which you can get at:

 Make sure you have a recent version of libpcap. If you
want to hack on it, there are Ethereal developer docs in
docs/README.developer, but they are very out of date.


 It autodetects 8009 as AJP traffic. It doesn't decode FORWARD_REQUEST
attributes (the optional stuff at the end). There are problems with
the protocol hierarchy display. There are probably memory leaks. The
protocol display could be easier to read. You need ethereal-0.9.4,
I'm confident it won't work with earlier versions, and I haven't
tested against CVS. There are lots of compiler warnings, many of them


 <download and untar a clean copy of ethereal-0.9.4.tgz>
 $ cd $PATH_TO_ETHEREAL/ethereal-0.9.4
 $ patch < $PATH_TO_PATCH/eth-ajp13.patch
     patching file
     patching file Makefile.nmake
     patching file packet-ajp13.c
     patching file packet-ajp13.h
     patching file register-static.c
 $ ./configure
 $ make 
   <many compiler warnings>
 $ su
 # ./ethereal
   < make sure that Edit -> Preferences -> Protocols -> TCP 
     "Allow subdissectors to desegment TCP streams" is set
     to true >
   <Capture -> Start -> Ok> # try "update packets in real time"
   <Giggle like an anime schoolgirl as you watch the capture>

Christopher St. John
View raw message