On Feb 28, 2007, at 2:03 PM, Bill Fassler wrote:
I started a thread on this a while back. I see now that with 0.99.5
I can now use "decode as" with more choices including "IP". That
puts me VERY close to being able to dissect our software going
through the VPN tunnel (when it is not encrypted I.E. when I use a
NULL encryption key). The only problem is that the there is a 5
byte variation of a PPP protocol before the encapsulation starts.
In other words, if I had the option of adding an offset to the
"decode as" mechanism I would be all set. I believe this would make
it possible for "legitimate" folks to debug code through a VPN
tunnel. An offset into the "decode as" would be much more versatile
than trying to write seperate plugins or dissectors for each
variation of VPN encapsulation protocols.
...but would mean we wouldn't have dissectors for those VPN
encapsulation protocols.
Luis, am I misremembering, or is it possible to write dissectors in
Lua? If so, then, at least for versions of Wireshark with Lua
support, that'd be a way to let people quickly write dissectors for
those protocols.
