Wireshark-dev: [Wireshark-dev] decoding thru a VPN tunnel

From: Bill Fassler <bill.fassler@xxxxxxxxx>
Date: Wed, 28 Feb 2007 14:03:48 -0800 (PST)
I started a thread on this a while back.  I see now that with 0.99.5 I can now use "decode as" with more choices including "IP".  That puts me VERY close to being able to dissect our software going through the VPN tunnel (when it is not encrypted I.E. when I use a NULL encryption key).  The only problem is that the there is a 5 byte variation of a PPP protocol before the encapsulation starts.  In other words, if I had the option of adding an offset to the "decode as" mechanism I would be all set.  I believe this would make it possible for "legitimate" folks to debug code through a VPN tunnel. An offset into the "decode as" would be much more versatile than trying to write seperate plugins or dissectors for each variation of VPN encapsulation protocols.  Also it would only be useful to the person(s) who had control of the VPN tunnel because you have to turn off encryption before this is even possible.

Is there any chance I can convince someone this is a very worth while addition to the Wireshark???

Bill


Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.