Wireshark mailing list archives
Re: Embed SSL keylog file in pcap-ng
From: Ahmad Fatoum <ahmad () a3f at>
Date: Sat, 5 May 2018 10:40:24 +0200
Hi,
On 5May 2018, at 09:31, Guy Harris <guy () alum mit edu> wrote: "Support multiple protocols in a capture" in what sense?
multiple protocols with a key block each, e.g. TLS and Tibia interleaved in the same capture file.
On 4May 2018, at 09:21, Paul Zander <p.j.zander () philips com> wrote: Via fields in this block we can define for which protocol the key is.
On 5May 2018, at 09:31, Guy Harris <guy () alum mit edu> wrote:some authority that allocates protocol identifiers would be desirableIf this is going to be in pcapng files, the authority would be the pcapng file format maintainers.
Of course, the pcapng maintainers are the authority on the block's structure, but the protocol identifier would be a field inside the new "Wireshark dissector preferences" block and managed by Wireshark, no?
and I think Wireshark protocol names are very suited for this (after renaming SSL to TLS :-). Maybe: - Standardize some prefs_register_key_preference API for key supplement in Wireshark that wraps existing UAT/preference use and provides key preferences in a uniform format - Agree on a specific format for those key preferences inside pcapng blocksOnce they're in pcapng blocks, unless the block is Wireshark-specific, the preferences would be managed entirely by the pcapng developers, not the Wireshark developers.
The block is Wireshark-specific. Its layout is fixed and versioned. The contents vary but Wireshark would commit to a standard format for key preferences. Thinking about it, another alternative would be a generic pcap block but with a frame number replacing the protocol name. The frame number can be used to identify the protocol "conversation" that the key is associated with and alleviates the need to centrally assign protocol identifiers. Cheers ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Embed SSL keylog file in pcap-ng Ben Higgins (May 03)
- Re: Embed SSL keylog file in pcap-ng Peter Wu (May 04)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 04)
- Re: Embed SSL keylog file in pcap-ng Paul Zander (May 04)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 04)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 04)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 04)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 04)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 05)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 05)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 05)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 05)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 05)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)
- Re: Embed SSL keylog file in pcap-ng Peter Wu (May 18)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 18)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 18)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)
- Re: Embed SSL keylog file in pcap-ng Jim Young (May 18)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 04)
- Re: Embed SSL keylog file in pcap-ng Peter Wu (May 04)