Wireshark mailing list archives
Re: Community ID flow hashes in Wireshark
From: Guy Harris <guy () alum mit edu>
Date: Thu, 11 Jul 2019 15:06:50 -0700
On Jul 11, 2019, at 2:32 PM, Christian Kreibich <christian () corelight com> wrote:
How do people here feel about adding the ability to see Community ID flow hashes in Wireshark?
I.e., compute the community ID for the flow to which a packet belongs, and add it to the protocol tree as a calculated field?
For context, this is a standardized implementation of flow hashing, to simplify linking/pivoting flows across data sets. There's more detail below, including a Python implementation
How about a higher-level pseudo-code description of the algorithm? That way, it 1) doesn't require the implementer to know Python, 2) doesn't include irrelevant details such as code to use dpkt to read a pcap file, etc.. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Community ID flow hashes in Wireshark Christian Kreibich (Jul 11)
- Re: Community ID flow hashes in Wireshark Guy Harris (Jul 11)
- Re: Community ID flow hashes in Wireshark Christian Kreibich (Jul 11)
- Re: Community ID flow hashes in Wireshark Guy Harris (Jul 11)
- Re: Community ID flow hashes in Wireshark Christian Kreibich (Jul 11)
- Re: Community ID flow hashes in Wireshark Guy Harris (Jul 11)