Question on Large Files and Packet State

[Bryant Eastham <beastham () pewla us pewg panasonic com>]

All-

I have developed a suite of plugins, several of which deal with packet decryption. Decrypting the packets (in-house 
protocol) requires tracing each packet to determine packet counts and watching key exchanges.

We are currently attempting to work with some extremely large trace files, 1-2GB in size. We are working on getting a 
machine with sufficient memory to load these files (and have upgraded to 1.6.1) in hopes that will work. However, I can 
see the need for working with larger files.

I understand the requirements of splitting the files, and we have done that. My problem now is reworking my dissectors 
to pick up decryption in the middle of a conversation.

Has anyone dealt with similar issues and solved the problem of transferring state from a dissector in one file to 
another file? I am not so concerned with how to store the data (maybe I should be...) but rather with hooking in to the 
right places, in a plugin, so that I can write out the state at the end of the file and then recover it before 
dissecting packets in the second file.

Recommendations?

Thanks for your input.

Bryant Eastham

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe