Wireshark · Ethereal-dev: [Ethereal-dev] Prescan packets

Ethereal-dev: [Ethereal-dev] Prescan packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Jerome Freedman" <jerome@xxxxxxxxx>

Date: Sat, 8 Jan 2005 21:10:29 -0800

I am working on a dissector for RDP. Most of the packets are encrypted, but I have obtained the session keys by a kludge to rdesktop. I have successfully decrypted one packet, but I would like to be able to decrypt all encrypted packets before any packet is displayed. I am keeping the decrypted packet information around in a frame data structure, so when I return to this decrypted packet, I know what to do. I need to prescan the entire packet stream in a linear fashion so that the encryption/decryption tables do not get out of synchronization. How do I do this in ethereal? I’m using 0.10.8 on Windows and Fedora 2.

At Sniffer, we had a mechanism for prescanning all packets and saving any per frame data prior to display. I’ve looked at the tapping document, but it is doesn’t seem to be quite what I want.

Any ideas that you may have will be helpful.

Thanks,

Jerome

Jerome Freedman, Ph D.
jerome at TheTC.org

Follow-Ups:
- Re: [Ethereal-dev] Prescan packets
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Submitting support for decode of L2TP version 3
Next by Date: Re: [Ethereal-dev] Double free corruption
Previous by thread: Re: [Ethereal-dev] Submitting support for decode of L2TP version 3
Next by thread: Re: [Ethereal-dev] Prescan packets
Index(es):
- Date
- Thread