Re: patch to support floating port number for tftp

[Motonori Shindo <mshindo () mshindo net>]

Guy,

From: Guy Harris <gharris () sonic net>
Subject: Re: [tcpdump-workers] patch to support floating port number for tftp
Date: Fri, 9 May 2003 19:32:09 -0700

> The way Ethereal handles that is that it:
>
>       1) recognizes packets sent to port 69 as TFTP packets;
>
>       2) for those packets, remembers the IP addresses and the
>          *source* port number, and arranges that all subsequent
>          packets from the client (from the client's IP address and
>          source port number, and to the server's IP address) and from
>          the server (from the server's IP address, and to the client's
>          IP address and source port number) be dissected as TFTP as
>          well.
>
> Should tcpdump do the same?

I believe so. Is there a facility in tcpdump something similar to
find_conversation(), conversation_new(), conversation_set_dissector()
provided in Ethereal?

Yet still having '-T tftp' option is useful because it is not always
possible to capture the first tftp packet of which tcpdump can
remember the IP address and source port number. There is often a case
where one wants to snoop the tftp session after the session has
already started. I always get into this situation when I need to know
what block number is being processed so that I can estimate the ETA in
the middle of relatively long tftp session.

Regards,

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe