Re: [Wireshark-dev] Community ID flow hashes in Wireshark
On 9/14/20 2:46 PM, Guy Harris wrote: One thing is, as reported in one of the pre-commit build failures: ERROR: Please edit your merge request and make sure the setting Allow commits from members who can merge to the target branch is checked so that maintainers can rebase your change and make minor edits. Thanks, I got the pipeline notification. CI seems to look different for the MR than in my branch work in my fork -- I also didn't see the BSD 3-clause error there. I'll revise. Happy to move to Gitlab for the rest of the discussion. Best, Christian ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Community ID flow hashes in Wireshark
On 7/11/19 3:16 PM, Christian Kreibich wrote: On 7/11/19 3:06 PM, Guy Harris wrote: I.e., compute the community ID for the flow to which a packet belongs, and add it to the protocol tree as a calculated field? Yep, exactly. I finally got around to this and just submitted an MR: https://gitlab.com/wireshark/wireshark/-/merge_requests/281 I've not submitted code to Wireshark before, so please let me know if I overlooked anything here. Thanks! Christian ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Community ID flow hashes in Wireshark
On 7/11/19 3:06 PM, Guy Harris wrote: I.e., compute the community ID for the flow to which a packet belongs, and add it to the protocol tree as a calculated field? Yep, exactly. How about a higher-level pseudo-code description of the algorithm? That way, it 1) doesn't require the implementer to know Python, 2) doesn't include irrelevant details such as code to use dpkt to read a pcap file, etc.. Yep, sorely missing and duly noted. There's some history here -- the folks working on the two initial implementations (in Zeek and Suricata) worked from dummy code directly, and we still haven't updated the "spec" to be more useful. Thanks! Christian ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Community ID flow hashes in Wireshark
Hi folks, How do people here feel about adding the ability to see Community ID flow hashes in Wireshark? For context, this is a standardized implementation of flow hashing, to simplify linking/pivoting flows across data sets. There's more detail below, including a Python implementation and pointers to projects that currently support (or intend to support) it: https://github.com/corelight/community-id-spec/ We'd be happy to start working toward this, assuming sufficient interest. Best, Christian ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe