if you protocol is
encrypted or compressed, such event poisons the state of decoder or
decompressor and most of times it is unrecoverable.
Does wireshark have anything to handle this? If not is there any demand for
such functionality from dissectors' authors?
--
With best regards
y modification.
--
With best regards
Max Dmitrichenko
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options
2011/5/3 ronnie sahlberg :
> I think registering a destructor for an allocated is very useful, but
> it would be very uncommon.
> Most allocations never need a destructur, so it shouldnt be made
> mandatory in the allocation functions.
As it is implemented now, it's not mandatory - just a branch o
Hi!
I'm continue to write dissector for an encrypted protocol. Everything
works fine until I receive an out-of-order TCP segment, i.e. previous
was lost.
Since I'm trying to decrypt it, I fail with it and break the whole
decryption context. Is there any way to:
1) Detect that this packet is out of
2011/5/5 Jeff Morriss :
> Sake Blok wrote:
>>
>> On 4 mei 2011, at 22:11, Jeff Morriss wrote:
>>
>>>
>>> I would think desegment_tcp() should be able to handle this by not
>>> calling your dissector for an out-of-order segment: it should be able to
>>> only call your dissector once it has a complet
2011/5/5 Jeff Morriss :
> I would think desegment_tcp() should be able to handle this by not calling
> your dissector for an out-of-order segment: it should be able to only call
> your dissector once it has a completely reassembled (desegmented) PDU.
Did you mean using of tcp_dissect_pdus()?
2011/5/5 Jeff Morriss :
>
> I did stumble across a (apparently unrelated) problem in that it will fail
> if you see a gap while the subdissector is returning
> DESEGMENT_ONE_MORE_SEGMENT (as HTTP does until it gets all the headers): in
> that case TCP has to assume that the current message is not p
2011/5/6 Jeff Morriss :
> Oh, those out-of-order packets are quite possibly the problem: see the
> recent discussion here on "Handling TCP packets reordering".
Would love to fix this problem somehow, but I'm lack of knowledge of
wireshark's core :(
--
Max
___
Hi Sreenivasulu,
2011/5/11 Sreenivasulu Yellamaraju :
> If you confirm, I can think of buying it as it seems to be not a freeware.
aircrack-ng toolset is actually open source. Look here:
http://www.aircrack-ng.org/
But if you want to use it under Windows you need a proper hardware.
Cacetech AirP
Hi!
I've just submitted a patch [1] to the bugzilla and wish to discuss it here.
The patch was born after the discussion [2] happened about a month
ago. There we came to the conclusion that everything works fine until
application level PDU is fragmented and the first fragment is lost and
retransm
2011/6/8 Fernandez, Rafael :
> Which release may I apply this patch to?
It was done for the trunk revision 37461. Try to apply it to the HEAD
and if it fails, I'll renovate it. If you need, I can also try to
modify some existing dissector to make use the introduced feature. Or
we can discuss here
2011/10/7 Marcel Haas :
> And i have the next problem. Damn wireshark kick my ass :)
>
> I have some packets witch are compress witz zlib.
> I want to uncompress them.
> I read the dev-guid about transformed data but i dont have a clue.
> I were testing some stuff but with no good result.
> Can som
2011/12/6 Andriy Beregovenko :
> I'm truing to create custom dissector. Data in protocol is crypted with rc4,
> so I use internal implementation of RC4 encription and it works fine. Of
> course I read [0] before writing code :)
> But I got strange behaivor with result displaing. At time of dump loa
2012/2/10 Martin Wilck
> Hello,
>
> I just stumbled upon the known problem "SSL decryption breaks after
> retransmission"
> (http://www.wireshark.org/lists/wireshark-dev/200805/msg00067.html) with
> wireshark 1.6.5.
>
> I wonder if a patch for this issue is available? Is anybody working on
> this
2012/2/10 Martin Wilck
> On 02/10/2012 12:13 PM, Max Dmitrichenko wrote:
>
> > I have made a patch and put it into the bug tracker about half a year
> > ago.
>
> Thanks - I assume you're talking about
> https://bugs.wireshark.org/bugzilla/show_b
2012/2/10 Martin Wilck
> On 02/10/2012 01:09 PM, Max Dmitrichenko wrote:
> > Thanks - I assume you're talking about
> > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5971 ?
> > Yep!
>
> I built wireshark with this patch applied, but it didn'
16 matches
Mail list logo