Wireshark mailing list archives
Re: fuzzing UDP/TCP dissectors with no port assignment
From: Evan Huus <eapache () gmail com>
Date: Tue, 8 Oct 2013 11:02:24 -0400
I had a thought in this direction a while back. It was in the context of randpkt, not fuzzing but I think the same principle applies: https://www.wireshark.org/lists/wireshark-dev/201304/msg00109.html Basically it should be pretty easy to script such that it forces decoding for every protocol over TCP/UDP/etc on a given capture. There is certainly a lot of code that fuzz-testing currently doesn't cover. On Tue, Oct 8, 2013 at 9:57 AM, Anders Broman <anders.broman () ericsson com> wrote:
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of mmann78 () netscape net Sent: den 8 oktober 2013 15:23 To: wireshark-dev () wireshark org Subject: [Wireshark-dev] fuzzing UDP/TCP dissectors with no port assignmentAnders brought up a question in bug 9241 that I've always been curious about (and I think the discussion is better served on -dev than the bug). We have many >TCP/UDP dissectors that don't have an IANA assigned port number or are not setup as heuristic dissectors. In these cases their port number = 0 and it's up to >a user preference to set it to a value corresponding to their trace. If that step is required to invoke the dissector, how are the fuzzbots handling it? Are all of >these dissectors just not getting fuzzed?Yes I’m pretty sure that’s the case, and I also think we have the case of user DLT etc. The best would be if it was possible to add pseudo information to the trace files setting the needed preferences. It would be possible to have tags in the SHB of pcap-ng files but I’m not sure we want to go that route. A new Wireshark specific block would be much better. Another possibility would be to have a template file with the file name and the required tshark parameters or indicating a profile to be used together with the file in question but it would require a bit of work to set up I suppose. Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- fuzzing UDP/TCP dissectors with no port assignment mmann78 (Oct 08)
- Re: fuzzing UDP/TCP dissectors with no port assignment Anders Broman (Oct 08)
- Re: fuzzing UDP/TCP dissectors with no port assignment Evan Huus (Oct 08)
- Re: fuzzing UDP/TCP dissectors with no port assignment Anders Broman (Oct 08)