Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container

Wireshark-bugs: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container

Date: Tue, 08 Oct 2013 06:55:08 +0000

What	Removed	Added
Hardware	x86	All
OS	Red Hat	All

Comment # 6 on bug 9234 from Guy Harris

(In reply to comment #3)
> The problem is that the "defensive" component of TraceWrangler would be much
> more complicated to build into Wireshark. Depending on your needs, that may
> not be as important though.

If "defensive" means "Do defensive transformation – if you can‘t parse it,
don‘t write it" (as per the slide show on Tracewrangler), and if "can't parse
it" means "Wireshark gives up on trying to dissect it", perhaps a defensive
option for a trace sanitizer based on libwireshark would be "any part of the
packet that isn't a named field should be replaced with {0xFF, 0x00, byte
selected in sequence from 0xDE 0xAD 0xBE 0xEF, a random byte value, ...}", so
that named fields are either left alone or sanitized in some fashion and
everything else is sanitized by scrambling it.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 9234] New: Modify value in a protocol container
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9241] TIPC dissector updates
Next by Date: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Previous by thread: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Next by thread: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Index(es):
- Date
- Thread