On Sun, Feb 11, 2007 at 11:14:43PM +0000, [Chris] NULL wrote:
>
> > > general. Is it possible to extend the Wireshark disectors to be able to
> > > "build" a trace?
> >
> >No; that feature's missing from the current version because the
> >infrastructure for it isn't available, not because Wireshark chooses not
> >to implement it.
> >
> >This is probably significantly more complicated than one might think,
> >especially given packet reassembly. A mechanism to do that would be
> >useful for manually editing packets (e.g., to construct a sequence of
> >packets to replay), as well as for the anonymization feature another
> >person would like to implement - but it'd require architectural work.
>
> Thanks lot for your answer. Packet trace anonymization was exactly the point
> I am interested in :)
You are not the only one :)
In my work I have to send tracefiles of our-end-customers to the
support staff of manufacturers to solve issues (and pinpoint bugs).
I would like to be able to anonymize those files as much as possible.
If every dissector would have a function to anonymize it's protocol
data and a preference window giving the user some options on what
to anonymize and how, that would make it possible to create an
anonymize-export function that dissect all data, build a protocol
tree, show the prefences of all involved protocols. After changing
the options and pressing ok, the trace would be saved with the
sensitive data removed.
Some anonymize options could be:
IP : shift IP-addresses
POP3 : replace password with XXXX (keep the length the same
to now mess up sequence numbers and keep reassmble the
same)
HTTP : replace the authentication header
have some regular expressions to change known fields in
the http-data
etc.
I'm not sure how much impact such functionality would have on
the dissector architecture, but I would really love such
functionality :)
Cheers, Sake
