Bug ID |
9234
|
Summary |
Modify value in a protocol container
|
Classification |
Unclassified
|
Product |
Wireshark
|
Version |
1.10.2
|
Hardware |
x86
|
OS |
Red Hat
|
Status |
UNCONFIRMED
|
Severity |
Enhancement
|
Priority |
Low
|
Component |
Extras
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Build Information:
--
While packet sanitization isn't a function of Wireshark at the moment, it seems
like it is in the best position to fill the need. Wireshark's ability to
accurately dissect into the application layer means that the program can
already do most of the hardest parts of what packet sanitizing tools are trying
to do.
For example, tshark's -T fields output allows you to drill down to an
application, find the value of a protocol header and present just those bytes
to the user. If tshark could take that one last step, and just edit the value
of the field it identified, it would immediately become the greatest packet
sanitization tool in the world.
Now, I'm not as familiar with Wireshark's code as anyone reading this probably
would be, but since Tshark can get all the way to the protocol container and
accurately read and print out the value of the field, it can already do what
others are trying really hard to do, and I would think (perhaps naively) that
an edit operation on the field that tshark identified would be somewhat
arbitrary. Yes, checksums should be modified ideally, but lack of checksum
modifier support is something people would likely be willing to live with if
needed, if they're in the market for trace file sanitization.
You are receiving this mail because:
- You are watching all bug changes.