Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Documentation for PDUs and TLS session keys

From: Alex Nik <rage.iz.me () gmail com>
Date: Wed, 30 Sep 2020 17:38:36 +0200
Hi, Pascal! 

Thanks a lot! I’ll start with that! I can see the comments in the code, will see if I can use those in the description 
for the users!

Alex


On 30 Sep 2020, at 16:35, Pascal Quantin <pascal () wireshark org> wrote:

Hi Alex,

Le mar. 29 sept. 2020 à 20:14, Alex Nik <rage.iz.me () gmail com <mailto:rage.iz.me () gmail com>> a écrit :
Hi, folks,

I’m looking for the subject matter expert in Exporting PDUs to file and Exporting TLS session keys to write a proper 
documentation. Is there anyone who I can ask questions? I’m alexnik in the IRC. Could you contact me there please, or 
answer to this mail?

I have contributed to the PDU export functionality addition in Wireshark even if I'm not the author. You can find 
some documentation in the corresponding header file 
(https://gitlab.com/wireshark/wireshark/-/blob/master/epan/exported_pdu.h 
<https://gitlab.com/wireshark/wireshark/-/blob/master/epan/exported_pdu.h>) even if it is more developer oriented 
than user oriented. The purpose is to be able to save "upper level" PDUs without the need for lower level protocols 
(for example to save a decrypted session without the need to share the encryption keys).
Currently we have the following default PDU export levels:
- Logcat and Logcat text: for Android logs
- DLT User: to be able to export a protocol framed in a user data link type table without the need to configure user 
DLT table again (see https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything 
<https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything>)
- DVB-CI: for DVB protocol
- OSI layer 3: currently used to export protocols encapsulated in IPSec or SCTP
- OSI layer 4: currently used to export protocols encapsulated in TCP or UDP
- OSI layer 7: currently used to export the following protocols: CredSSP over TLS, Diameter, protocols encapsulated 
in TLS and DTLS, H.248, Megaco, RELOAD framing, SIP, SMPP
The framework allows any dissector to add itself to this existing list or define a new entry in the list. The choice 
of the protocols using this functionality was mostly driven by user specific needs than anything else.

Hope this helps. Feel free to ask if you have more questions, I will try to help.

Best regards,
Pascal.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: