Wireshark mailing list archives
Re: Decoding New TLS CLient Hello Extension
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Thu, 14 Apr 2016 15:44:35 -0400
On Thu, Apr 14, 2016 at 3:07 PM, <nalini.elkins () insidethestack com> wrote:
Guys, I am trying to decode a new TLS extension in the Client Hello packet. I have the following statement in my LUA: local ssl_ext_table = DissectorTable.get("ssl.handshake.extension.type") This is getting an error. Would appreciate any help that anyone can give.
Where did you get that string? I can't find it in the SSL dissector. In order to get a dissector table (DissectorTable.get()) such a dissector table has to exist. (A common mistake is to believe that there is a dissector table for every field (hf) in Wireshark--there isn't even though there are sometimes fields that share a name with a dissector table--"tcp.port" is a good example.) So: you're getting an error because the SSL dissector does not publish such a table; in other words the dissector is not prepared to have other dissectors dissecting TLS extensions. Your best path forward would likely be to just modify the SSL dissector's C code; ideally you could then push that code to Wireshark so future versions will dissect the extension too.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Decoding New TLS CLient Hello Extension nalini.elkins (Apr 14)
- Re: Decoding New TLS CLient Hello Extension Jeff Morriss (Apr 14)
- Re: Decoding New TLS CLient Hello Extension nalini.elkins (Apr 14)
- Re: Decoding New TLS CLient Hello Extension Jeff Morriss (Apr 14)
- Re: Decoding New TLS CLient Hello Extension Graham Bloice (Apr 15)
- Re: Decoding New TLS CLient Hello Extension nalini.elkins (Apr 15)
- Re: Decoding New TLS CLient Hello Extension nalini.elkins (Apr 14)
- Re: Decoding New TLS CLient Hello Extension Jeff Morriss (Apr 14)