Hi,
Now i'm writing dissector for some kind of traffic. I'm already got basic
knowledge in dissector writing, so first primitive version was already done.
But now, when I try to complete fully featured version of dissector I got
many trobles with routine. So I'm looking for good advice from experienced
developers.
First of all, let me describe my traffic a little:
- most part of traffic is crypted(with rc4)+compressed(with mppc), not
crypted is only few start frames;
- few start frames(or packets) have rc4 key inside itself;
So I do next. When I dissect traffic, i looking for first frames, reads rc4
keys from it and put it into static variable, so all other frames(packets)
now can be correct decrypted. But I need to decompress(with MPPC), and here
I got my troubles, cause I can decompress only 'linearly' incoming data
(this is MPPC specific feature), so I'm stuck here. Please, point me to
right way to implement such type of dissector.
--
Best regards,
Andriy
0xBDDBDAE3
Attachment:
signature.asc
Description: Digital signature