Wireshark mailing list archives
Re: Community ID flow hashes in Wireshark
From: Christian Kreibich <christian () corelight com>
Date: Thu, 11 Jul 2019 15:16:03 -0700
On 7/11/19 3:06 PM, Guy Harris wrote:
I.e., compute the community ID for the flow to which a packet belongs, and add it to the protocol tree as a calculated field?
Yep, exactly.
How about a higher-level pseudo-code description of the algorithm? That way, it 1) doesn't require the implementer to know Python, 2) doesn't include irrelevant details such as code to use dpkt to read a pcap file, etc..
Yep, sorely missing and duly noted. There's some history here -- the folks working on the two initial implementations (in Zeek and Suricata) worked from dummy code directly, and we still haven't updated the "spec" to be more useful.
Thanks! Christian ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Community ID flow hashes in Wireshark Christian Kreibich (Jul 11)
- Re: Community ID flow hashes in Wireshark Guy Harris (Jul 11)
- Re: Community ID flow hashes in Wireshark Christian Kreibich (Jul 11)
- Re: Community ID flow hashes in Wireshark Guy Harris (Jul 11)
- Re: Community ID flow hashes in Wireshark Christian Kreibich (Jul 11)
- Re: Community ID flow hashes in Wireshark Guy Harris (Jul 11)