Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] Enhancement request to http dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Yaniv Kaul <ykaul@xxxxxxxxxxxxxx>
Date: Tue, 13 Jul 2004 14:54:59 +0200
In some cases, what begins as HTTP turns to HTTPS. The easiest example is HTTPS via a proxy connection. Today, Ethereal tries to dissect it as HTTP, then when SSL begins it switches to show only 'Continuation' - the data only. 
I suggest that it will try to dissect it as SSL.
To do it in a clever way, I'd like to use packet-ssl's functions ssl_looks_like_sslv2() / ssl_looks_like_sslv3() in order to determine first if it might be indeed SSL. 
To do so, I'd like to:
(1) Move the zillion #define's in packet-ssl.c to packet-ssl.h (a good practice anyway?) (2) COPY the above mentioned functions from packet-ssl.c to packet-http.c and use it them (and include packet-ssl.h for the definitions).
The call for those functions (and if successful to the ssl dissector) would be done from packet-http.c, I'm not really sure where exactly I should do it (I'd like to as soon as possible once failed to identify it as HTTP - perhaps around line 271) 

I'd like to get comments about it before I'll do it.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube