[Wireshark-bugs] [Bug 14381] cannot find any Mongo Wire Protocol (MONGO) package

Mon, 22 Oct 2018 04:50:13 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381

--- Comment #8 from Alexis La Goutte <alexis.lagou...@gmail.com> ---
(In reply to Peter Wu from comment #7)
> (In reply to Alexis La Goutte from comment #6)
> > (In reply to Peter Wu from comment #5)
> > > Use ssl_dissector_add(0, mongo_handle) to avoid interpreting the port as 
> > > TLS
> > > by default.
> > > 
> > > In order to recognize TLS again and be able to dissect decrypted TLS data,
> > > change dissect_mongo to recognize TLS. If TLS is detected, set the appdata
> > > dissector to mongodb and call the TLS dissector with ssl_starttls_ack(...,
> > > mongo_handle) + call_dissector(tls_handle, ...).
> >
> > i prefer solution 1 :)
> 
> To validate that a mongodb TLS capture needs to be created with decryption
> secrets. At the moment I don't have time to try that though.
> 
> Disabling TLS as was done in comment 2 should not be necessary, but there is
> a bug in the Decode As dialog. Steps to reproduce:
> 1. Select packet 6, Decode As.
> 2. Observe Field "TLS Port", Value 27017, Default "MONGO", Current "MONGO".
> 3. Change "Field" to "TCP Port".
> 4. Press OK.
> 
> Expected behavior:
> Traffic is decoded as Mongo.
> 
> Actual behavior:
> Traffic is still decoded as TLS. When opening the Decode As dialog again,
> the entry is gone again. Changing "Field" should probably change the other
> columns as well. If you select "Ether type" or "IP Protocol" for example, it
> will still say "TLS".
> 
> What did work was Decode As on packet 2 which shows:
> Field "TCP Port", Value 27017, Default "TLS", Current "TLS"
> and then change Current "TLS" -> "MONGO".

on the other bug, there is a no a pcap with TLS ?

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to