On Wed, Feb 21, 2018 at 11:07 AM, Jose Selvi <jse...@pentester.es> wrote:

> Hi there,
>
> It's my first time developing a dissector, so apologize in advance if my
> question is too obvious for you guys.
>
> I'm trying to code a dissector (I'm using LUA) for a quick test. It
> should match a piece of traffic inside a ESP tunnel. I have seen that
> other dissectors are working inside the decrypted content, but not mine.
>
> Browsing forums, I found this:
>
> https://osqa-ask.wireshark.org/questions/58217/how-do-i-
> dissect-decrypted-ssl-data-when-im-using-a-master-secret-log
>
> However, I can't find similar options for ESP, so I guess it only works
> for SSL.
>

Actually I think the same principle applies for IPSEC/ESP traffic: I think
you'd need to register your dissector in the `ip.proto` dissector table.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to