All- I have developed a suite of plugins, several of which deal with packet decryption. Decrypting the packets (in-house protocol) requires tracing each packet to determine packet counts and watching key exchanges.
We are currently attempting to work with some extremely large trace files, 1-2GB in size. We are working on getting a machine with sufficient memory to load these files (and have upgraded to 1.6.1) in hopes that will work. However, I can see the need for working with larger files. I understand the requirements of splitting the files, and we have done that. My problem now is reworking my dissectors to pick up decryption in the middle of a conversation. Has anyone dealt with similar issues and solved the problem of transferring state from a dissector in one file to another file? I am not so concerned with how to store the data (maybe I should be...) but rather with hooking in to the right places, in a plugin, so that I can write out the state at the end of the file and then recover it before dissecting packets in the second file. Recommendations? Thanks for your input. Bryant Eastham
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
