Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: fuzzing UDP/TCP dissectors with no port assignment

From: Evan Huus <eapache () gmail com>
Date: Tue, 8 Oct 2013 11:02:24 -0400
I had a thought in this direction a while back. It was in the context
of randpkt, not fuzzing but I think the same principle applies:

https://www.wireshark.org/lists/wireshark-dev/201304/msg00109.html

Basically it should be pretty easy to script such that it forces
decoding for every protocol over TCP/UDP/etc on a given capture.

There is certainly a lot of code that fuzz-testing currently doesn't cover.

On Tue, Oct 8, 2013 at 9:57 AM, Anders Broman
<anders.broman () ericsson com> wrote:





From: wireshark-dev-bounces () wireshark org
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of
mmann78 () netscape net
Sent: den 8 oktober 2013 15:23
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] fuzzing UDP/TCP dissectors with no port assignment




Anders brought up a question in bug 9241 that I've always been curious
about (and I think the discussion is better served on -dev than the bug).
We have many >TCP/UDP dissectors that don't have an IANA assigned port
number or are not setup as heuristic dissectors.  In these cases their port
number = 0 and it's up to >a user preference to set it to a value
corresponding to their trace.  If that step is required to invoke the
dissector, how are the fuzzbots handling it?   Are all of >these dissectors
just not getting fuzzed?




Yes I’m pretty sure that’s the case, and I also think we have the case of
user DLT etc. The best would be if it was possible to add pseudo information
to the trace files setting the needed preferences. It would be possible to
have tags in the SHB of pcap-ng files but I’m not sure we want to go that
route.

A new Wireshark specific block would be much better. Another possibility
would be to have a template file with the file name and the required tshark
parameters or indicating a profile to be used together with the file in
question but it would require a bit of work to set up I suppose.



Regards

Anders




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: