?Hi,
I am working on a dissector that dissects a proprietary protocol that uses raw
802.11 data frames. The protocol specification is not open so I won't be able
to contribute the dissector. I've therefore chosen to implement it in Lua.
Without patching Wireshark's 802.11 dissector I'm not ab
On 5/17/18 11:55 PM, Jaap Keuter wrote:
> Hi list,
>
> Working on a Debian testing system, the packagers have come so far as to
> package the recent update to Asciidoctor. This allows to generate the
> Wireshark documentation (WSUG/WSDG) with the proper layout. One stage is PDF
> generation, wh
Hey folks,
Here's what I'm thinking at this point: a new block type for SSL/TLS
keylogs and another block type for DTLS keylogs. The contents of each will
be the format as described here:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
Any number of these blocks can b
On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote:
> Hey folks,
>
> Here's what I'm thinking at this point: a new block type for SSL/TLS
> keylogs and another block type for DTLS keylogs. The contents of each will
> be the format as described here:
> https://developer.mozilla.org/en-US/d
On May 18, 2018, at 5:51 PM, Peter Wu wrote:
> On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote:
>
>> One thing I'm unclear on is how to trigger a reparse of previously
>> processed packets when a keylog block is encountered at e.g. the end of the
>> file. Is that possible?
>
> Decry
On Fri, May 18, 2018 at 5:51 PM, Peter Wu wrote:
> On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote:
> > Hey folks,
> >
> > Here's what I'm thinking at this point: a new block type for SSL/TLS
> > keylogs and another block type for DTLS keylogs. The contents of each
> will
> > be the f
On Fri, May 18, 2018 at 6:02 PM, Guy Harris wrote:
> On May 18, 2018, at 5:51 PM, Peter Wu wrote:
>
> > On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote:
> >
> >> One thing I'm unclear on is how to trigger a reparse of previously
> >> processed packets when a keylog block is encounter
On May 18, 2018, at 6:08 PM, Ben Higgins wrote:
> Sounds like it'd still be fine for there to be multiple keylog blocks,
Yes.
> but, as you say, they must occur before any packets that require the secrets
> contained therein. Is that correct?
Yes.
_
On Friday, May 18, 2018, Guy Harris wrote:
> On May 18, 2018, at 6:08 PM, Ben Higgins wrote:
>
> > Sounds like it'd still be fine for there to be multiple keylog blocks,
>
> Yes.
>
> > but, as you say, they must occur before any packets that require the
> secrets contained therein. Is that corre
Hello Ben,
Similar to the way that IDBs must be preceded by any EPBs that reference
it, Apple's tcpdump can augment pcpang files with proprietary process
information blocks. EPBs are augmented with proprietary options that can
reference any preceding process information blocks.
Unfortunately App
On Fri, May 18, 2018 at 7:49 PM, Jim Young wrote:
> Hello Ben,
>
> Similar to the way that IDBs must be preceded by any EPBs that reference
> it, Apple's tcpdump can augment pcpang files with proprietary process
> information blocks. EPBs are augmented with proprietary options that can
> referen
11 matches
Mail list logo
