>From what I understand, I need either to redissect with a tcp filter (ie
dfilter("tcp") ) but it looks slow. I would rather search through created
TCP conversations. My problem is that conversations look saved into
different hashtables such as "GHashTable* conversation_hashtable_exact". To
compare my token with a key against all TCP connections, I believe I should
compare it over the conversations in the 4 hashtables. Is that correct ?
2014-10-28 9:58 GMT+01:00 Matt <[email protected]>:
> >Is that option present in all TCP packets or just in the initial 3-way
> >handshake? If the former, then you have the problem I described above, with
> >the indicated workaround.
> This is one of the problems (and advantages) of these multipath protocols,
> it's easier to evade data capture.
> Especially for MPTCP, you have to get all SYN/ACKs to be able to map a
> subflow to an MPTCP
> connection, otherwise you can't tell anything (MPTCP exchanges keys/nonces to
> authenticate a subflow during the3WHS).
> I wished to propose expert info in case of packet retransmission (such as
> detecting wrong keys) but it's not mandatory.
>
> In fact, an MPTCP communication starts with a TCP 3WHS that exchanges some
> cryptographic keys with the TCP option MPTCP_CAPABLE.Then data is sent on
> this TCP connection.
>
> At anytime a new TCP connection can be made to join the precedent MPTCP
> connection. It is achieved with the establishment of a new TCP connection
> with the TCP option MP_JOIN. THis tcp option carries tokens derived from the
> keys exchanged during the MPTCP connection. So I need to check the token
> against all previous keys to see if it maches a previously registered MPTCP
> connection.
> That's why I need to loop through TCP connections
> find_conversation() returns one conversation based on IP addresses/ports but
> I want to run a check against token/keys and I dunno how to do it.
>
> Thanks for your help
>
>
>
> 2014-10-27 14:47 GMT+01:00 Matt <[email protected]>:
>
>> Hi,
>>
>> I am trying to improve the MPTCP support in the TCP dissector. To
>> provide expert infos, I need to identify which host initiated the
>> connection (ie sent the SYN). I wonder how to do that, I could use
>> tcp_analysis::server_port if ports were guaranted to be different on
>> both sides.
>>
>> Secondly, I am trying to setup an MPTCP *stream* identifier , similar
>> to tcp stream. Indeed a single MPTCP connection can be composed of
>> several TCP connections. Thing is to know to which MPTCP stream a TCP
>> stream is bound to, I have to check a token (in a TCP option) against
>> all MPTCP connections until I find a match. So I need to loop through
>> TCP connections. How can I do that.
>>
>> Regards
>> Matt
>>
>
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
