Wireshark mailing list archives
Re: Dissector for decryted content
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Fri, 23 Feb 2018 11:58:00 -0500
On Wed, Feb 21, 2018 at 11:07 AM, Jose Selvi <jselvi () pentester es> wrote:
Hi there, It's my first time developing a dissector, so apologize in advance if my question is too obvious for you guys. I'm trying to code a dissector (I'm using LUA) for a quick test. It should match a piece of traffic inside a ESP tunnel. I have seen that other dissectors are working inside the decrypted content, but not mine. Browsing forums, I found this: https://osqa-ask.wireshark.org/questions/58217/how-do-i- dissect-decrypted-ssl-data-when-im-using-a-master-secret-log However, I can't find similar options for ESP, so I guess it only works for SSL.
Actually I think the same principle applies for IPSEC/ESP traffic: I think you'd need to register your dissector in the `ip.proto` dissector table.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissector for decryted content Jose Selvi (Feb 21)
- Re: Dissector for decryted content Jeff Morriss (Feb 23)