[Wireshark-dev] Export higer level PDUs, Unbundled PDUs decrypted PDUs etc
Hi, I think these topics in various forms has been cropping up lately, would it be possible/useful to have a generic feature to Export to a new file From a dissector using a tap writing a to a generic DLT with a pseudo header containing pseudo data such as extracts from lover layers like IP port or whatever can be useful and an Indication what the next level protocol is. As an example if I have decrypted and reassembled SIP traffic it could be useful to be able to export that to a new file Just containing the SIP traffic and the IP port combination used. The header would then Indicate the protocol as SIP and the meta data would be of type TLV and added to as Needs arises. Just a rough idea... Regards Anders ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Export higer level PDUs, Unbundled PDUs decrypted PDUs etc
Hi Anders, Do you mean ability to export only the payload protocol from tunneled/encapsulated captures like GTP-U etc? If yes, +1 :) Have been looking for such functionality for some time. Regards, Vineeth On Thu, Apr 18, 2013 at 2:23 PM, Anders Broman anders.bro...@ericsson.comwrote: Hi, I think these topics in various forms has been cropping up lately, would it be possible/useful to have a generic feature to “Export” to a new file* *** From a dissector using a tap writing a to a generic DLT with a pseudo header containing pseudo data such as extracts from lover layers like IP port or whatever can be useful and an Indication what the next level protocol is. As an example if I have decrypted and reassembled SIP traffic it could be useful to be able to export that to a new file Just containing the SIP traffic and the IP port combination used. The header would then Indicate the protocol as SIP and the meta data would be of type TLV and added to as Needs arises. Just a rough idea… ** ** Regards Anders ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Export higer level PDUs, Unbundled PDUs decrypted PDUs etc
vineeth vijay skrev 2013-04-18 18:11: Hi Anders, Do you mean ability to export only the payload protocol from tunneled/encapsulated captures like GTP-U etc? If yes, +1 :) Yes that could be one use case. Probably every protocol using the function would have to have code supporting it. Regards Anders Have been looking for such functionality for some time. Regards, Vineeth On Thu, Apr 18, 2013 at 2:23 PM, Anders Broman anders.bro...@ericsson.com mailto:anders.bro...@ericsson.com wrote: Hi, I think these topics in various forms has been cropping up lately, would it be possible/useful to have a generic feature to Export to a new file From a dissector using a tap writing a to a generic DLT with a pseudo header containing pseudo data such as extracts from lover layers like IP port or whatever can be useful and an Indication what the next level protocol is. As an example if I have decrypted and reassembled SIP traffic it could be useful to be able to export that to a new file Just containing the SIP traffic and the IP port combination used. The header would then Indicate the protocol as SIP and the meta data would be of type TLV and added to as Needs arises. Just a rough idea... Regards Anders ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Export higer level PDUs, Unbundled PDUs decrypted PDUs etc
Yes, and this function would take arguments of original frame, offset where the interesting payload starts and length of this payload. Correct?? Regards, Vineeth On Thu, Apr 18, 2013 at 9:52 PM, Anders Broman a.bro...@bredband.netwrote: vineeth vijay skrev 2013-04-18 18:11: Hi Anders, Do you mean ability to export only the payload protocol from tunneled/encapsulated captures like GTP-U etc? If yes, +1 :) Yes that could be one use case. Probably every protocol using the function would have to have code supporting it. Regards Anders Have been looking for such functionality for some time. Regards, Vineeth On Thu, Apr 18, 2013 at 2:23 PM, Anders Broman anders.bro...@ericsson.com wrote: Hi, I think these topics in various forms has been cropping up lately, would it be possible/useful to have a generic feature to “Export” to a new file From a dissector using a tap writing a to a generic DLT with a pseudo header containing pseudo data such as extracts from lover layers like IP port or whatever can be useful and an Indication what the next level protocol is. As an example if I have decrypted and reassembled SIP traffic it could be useful to be able to export that to a new file Just containing the SIP traffic and the IP port combination used. The header would then Indicate the protocol as SIP and the meta data would be of type TLV and added to as Needs arises. Just a rough idea… Regards Anders ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Export higer level PDUs, Unbundled PDUs decrypted PDUs etc
vineeth vijay skrev 2013-04-18 18:34: Yes, and this function would take arguments of original frame, offset where the interesting payload starts and length of this payload. Correct?? Regards, Vineeth Or the tvb used by the dissector e.g the reassembled one + a buffer with meta data TLV:s possibly + DLT to use. Just brainstorming at this stage :-) On Thu, Apr 18, 2013 at 9:52 PM, Anders Broman a.bro...@bredband.net mailto:a.bro...@bredband.net wrote: vineeth vijay skrev 2013-04-18 18:11: Hi Anders, Do you mean ability to export only the payload protocol from tunneled/encapsulated captures like GTP-U etc? If yes, +1 :) Yes that could be one use case. Probably every protocol using the function would have to have code supporting it. Regards Anders Have been looking for such functionality for some time. Regards, Vineeth On Thu, Apr 18, 2013 at 2:23 PM, Anders Broman anders.bro...@ericsson.com mailto:anders.bro...@ericsson.com wrote: Hi, I think these topics in various forms has been cropping up lately, would it be possible/useful to have a generic feature to Export to a new file From a dissector using a tap writing a to a generic DLT with a pseudo header containing pseudo data such as extracts from lover layers like IP port or whatever can be useful and an Indication what the next level protocol is. As an example if I have decrypted and reassembled SIP traffic it could be useful to be able to export that to a new file Just containing the SIP traffic and the IP port combination used. The header would then Indicate the protocol as SIP and the meta data would be of type TLV and added to as Needs arises. Just a rough idea... Regards Anders ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing listwireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe:https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe