Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethereal Plugin for decrypting Code.

Ethereal-dev: Re: [Ethereal-dev] Ethereal Plugin for decrypting Code.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <gharris@xxxxxxxxx>

Date: Mon, 5 Jun 2006 19:56:16 -0700 (PDT)

Royce Fessenden wrote:
> I need to write a plug in that will take the data from a TCP packet where
> the flags are 0x0018 (PSH, ACK)  and decrypt it.

Did you mean to say "I need to write a plugin to dissect a protocol that
runs atop TCP and contains encrypted data"?

If so, then you first need to arrange that the dissector be called when
the TCP traffic is traffic for your protocol.  If your protocol uses a
standard port number, you could use that; if it doesn't, you could either
give your dissector a preference to specify the port number of numbers to
use, or, *IF* the protocol data can be examined to determine whether it
looks like it's for your protocol or not (which, if it's encrypted, is
probably not the case) make the dissector a heuristic dissector.

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Follow-Ups:
- RE: [Ethereal-dev] Ethereal Plugin for decrypting Code.
  - From: Royce Fessenden

References:
- [Ethereal-dev] Ethereal Plugin for decrypting Code.
  - From: Royce Fessenden

Prev by Date: [Ethereal-dev] Ethereal Plugin for decrypting Code.
Next by Date: [Ethereal-dev] Revisiting (Separating the dissectors into a library)
Previous by thread: [Ethereal-dev] Ethereal Plugin for decrypting Code.
Next by thread: RE: [Ethereal-dev] Ethereal Plugin for decrypting Code.
Index(es):
- Date
- Thread