Wireshark mailing list archives
Re: Adding verification functionality to SIP dissector
From: Peter Wu <peter () lekensteyn nl>
Date: Thu, 23 Feb 2017 22:21:53 +0100
On Thu, Feb 23, 2017 at 12:49:51PM -0800, Guy Harris wrote:
On Feb 23, 2017, at 11:56 AM, Erik de Jong <erikdejong () gmail com> wrote:During my day job I have noticed that sometimes combinations of certain platforms have trouble dealing with SIP digest authorization. Reasons for this range from bugs in the SIP stack to wrong escapes for special characters in configuration files generated for automated set provisioning. I have written a Lua script that will allow me to enter credentials and check if the digest hash in a SIP authorization line is indeed the correct hash for those credentials. I've written a proof of concept where this functionality is added to the SIP dissector itself and I'm wondering whether this is appropriate to submit for review or that these kind of diagnostics are better left in an external script as it is not really a dissection of the packet.1) We already do validation of checksums in dissectors. 2) Wireshark is a packet *analyzer*, not a packet *dissector*. So there's no reason *not* to do digest hash checks in Wireshark, and if the dissector is the best place, there's no reason not to do them there.
Validation of the protocol fields (like checksums) can be done without external input and would be nice. On violation, these could add "expert info" to the tree. But for Authorization digests in SIP, this would require external input (credentials), possibly through a preference (filename or UAT). I think it is better as separate script (since the input format can be different depending on the user), but wouldn't object if a patch is proposed. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Adding verification functionality to SIP dissector Erik de Jong (Feb 23)
- Re: Adding verification functionality to SIP dissector Guy Harris (Feb 23)
- Re: Adding verification functionality to SIP dissector Peter Wu (Feb 23)
- Re: Adding verification functionality to SIP dissector Erik de Jong (Feb 23)
- Re: Adding verification functionality to SIP dissector Guy Harris (Feb 23)
- Re: Adding verification functionality to SIP dissector Peter Wu (Feb 23)
- Re: Adding verification functionality to SIP dissector Guy Harris (Feb 23)