Wireshark-dev: Re: [Wireshark-dev] decoding thru a VPN tunnel
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 28 Feb 2007 15:39:59 -0800
On Feb 28, 2007, at 2:03 PM, Bill Fassler wrote:
I started a thread on this a while back. I see now that with 0.99.5 I can now use "decode as" with more choices including "IP". That puts me VERY close to being able to dissect our software going through the VPN tunnel (when it is not encrypted I.E. when I use a NULL encryption key). The only problem is that the there is a 5 byte variation of a PPP protocol before the encapsulation starts. In other words, if I had the option of adding an offset to the "decode as" mechanism I would be all set. I believe this would make it possible for "legitimate" folks to debug code through a VPN tunnel. An offset into the "decode as" would be much more versatile than trying to write seperate plugins or dissectors for each variation of VPN encapsulation protocols.
...but would mean we wouldn't have dissectors for those VPN encapsulation protocols.
Luis, am I misremembering, or is it possible to write dissectors in Lua? If so, then, at least for versions of Wireshark with Lua support, that'd be a way to let people quickly write dissectors for those protocols.
- References:
- [Wireshark-dev] decoding thru a VPN tunnel
- From: Bill Fassler
- [Wireshark-dev] decoding thru a VPN tunnel
- Prev by Date: Re: [Wireshark-dev] tshark statistics locales pitfall
- Previous by thread: [Wireshark-dev] decoding thru a VPN tunnel
- Next by thread: [Wireshark-dev] [Patch] Add "Copy as Filter" menu item
- Index(es):