This page contains a set of patches to Wireshark to dissect the NSIS protocols. In particular, it provides dissectors for:
Since no NSLPIDs are officially assigned yet, these dissectors use the following provisional NSLP IDs:
As in previous testing, it assumes that the GIST UDP port is port 4.
The dissectors have been tested with Wireshark svn version 21300, but should work with any recent Wireshark release or development version. A README file is included in the source tarball which gives instructions on using the code.
As an additional convenience, we're also providing a Windows binary of Wireshark with these patches applied (this is built from Wireshark SVN version 21300).
We'd like to see a GIST dissector incorporated into Wireshark itself, but will probably wait until we've got an official port number assignment before doing anything about this.
The software is Copyright Roke Manor Research Ltd (A Siemens Company), and released under the GNU GPL, the same licence as the rest of Wireshark.
The current release of these patches is version 20070404. This is the initial public release, released on 11 April 2007. Future updates will be announced on the NSIS Implementors mailing list.
The source code tarball can be found here: nsis-wireshark-20070404.tar.gz.
The windows binary is here: wireshark-setup-0.99.6-gist20070404.exe.
A sample capture showing GIST messages, including the establishment of TCP and SCTP MAs, can be found here: gist-example.pcap.
Any comments should be sent to: Andrew McDonald <andrew.mcdonald [at] roke.co.uk>.