[Wireshark-dev] Incomplete SSL dissection (when not on standard port)
I sniff traffic on port 8443, which is SSL based. Unless I add to HTTP dissector that port, as SSL based, de-segmentation of SSL records fails (meaning, if it began from the middle of one TCP packet and ends in another, it is not dissected properly). 'Decode As' is what I've used before trying the trick to add to the HTTP dissector prefs the SSL port - any idea why it doesn't work? I have a hunch that the HTTP method calls 'ssl_dissector_add()', while 'decode as' will call dissect_ssl(), which probably misses registering the dissector to that port, but perhaps I'm missing something else. Any ideas? (I can open a bug about this of course). TIA, Y ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Annotation(comments) of captures and interfaces (pcapng).
On Feb 22, 2012, at 9:05 AM, Anders Broman wrote: > Spending some time on the basics for this I have a couple of questions on how > to proceed. > > Live captures: > - To annotate a capture when we start it we would have to fill in pcapngs > Section Header Blocks (SHB) option comment. This has to be done trough > dumpcap -right? Or, in Wireshark, through an option to annotate the capture after you've made it; File -> Save would be activated, and it'd write out a new version of the file with a comment option in the SHB. > In order to do that a new argument is needed Use -C "This capture was made > to prove that annotating captures work"? > Where to put the GUI stuff for it? For annotating the capture when you make the capture, I'd have a field in the Capture Options dialog, activated if the capture is being done as a pcap-NG file rather than a pcap file. > - It cold be nice to have a permanent comment attached to an interface, fits > in the Interface Description Blocks(IDB) comment field, does this also > require an option to dumpcap? ...and, in Wireshark, a dialog of some sort to let you add comments and save the capture out. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Annotation(comments) of captures and interfaces (pcapng).
Hi, Spending some time on the basics for this I have a couple of questions on how to proceed. Live captures: - To annotate a capture when we start it we would have to fill in pcapngs Section Header Blocks (SHB) option comment. This has to be done trough dumpcap -right? In order to do that a new argument is needed Use -C "This capture was made to prove that annotating captures work"? Where to put the GUI stuff for it? - It cold be nice to have a permanent comment attached to an interface, fits in the Interface Description Blocks(IDB) comment field, does this also require an option to dumpcap? For example: "Captures of the mirror interface of XXX". At least for windows it should be possible to add if_speed to the IDB as well. Any one interested in doing parts of this? Regards Anders ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] (no subject)
Anyone have sample captures of Cisco ERSPAN that is still encapsulated? I've checked dev archive and sample library to no avail.If so please reply direct, thanks. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
