Guy Harris
changed
bug 9234
| What |
Removed |
Added |
| Hardware |
x86
|
All
|
| OS |
Red Hat
|
All
|
Comment # 6
on bug 9234
from Guy Harris
(In reply to comment #3)
> The problem is that the "defensive" component of TraceWrangler would be much
> more complicated to build into Wireshark. Depending on your needs, that may
> not be as important though.
If "defensive" means "Do defensive transformation – if you can‘t parse it,
don‘t write it" (as per the slide show on Tracewrangler), and if "can't parse
it" means "Wireshark gives up on trying to dissect it", perhaps a defensive
option for a trace sanitizer based on libwireshark would be "any part of the
packet that isn't a named field should be replaced with {0xFF, 0x00, byte
selected in sequence from 0xDE 0xAD 0xBE 0xEF, a random byte value, ...}", so
that named fields are either left alone or sanitized in some fashion and
everything else is sanitized by scrambling it.
You are receiving this mail because:
- You are watching all bug changes.
