I am a Wireshark developer and I was perusing the Wireshark bug list and came across an unsubmitted patch to the existing Firebird dissector (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3749). It was rather old, so it didn’t apply cleanly, but I tried to take the principles of the patch and apply them to the current Firebird dissector (which doesn’t look like its really been modified for functionality since its inception). I’m otherwise unfamiliar with Firebird, but tried to briefly peruse the source to try to complete as much as I could given the capture file also supplied with the bug report. The patch I came up with has been submitted (https://code.wireshark.org/review/8494/).

This is an open invitation/offer for help in bringing the dissector more up to date/complete. Many of the fields for commands are present in the dissector, but currently commented out (I’m presuming because the original author may not have been sure of the message format). I think the format/API used in the dissector is fairly straightforward (if someone here just wants to take a shot at it), but I’ve also been doing Wireshark development for a few years and it has become second nature. The two biggest issues are “dissecting a response” (especially across multiple packets) and captures to verify functionality against. Again, if someone can help me more quickly interpret the “protocol” code in the Firebird source, I’m willing to do the development on the Wireshark side.

Thank you for your time,

Michael Mann