RE: [Ethereal-dev] Ethereal Plugin for decrypting Code.

["Royce Fessenden" <rfessenden@xxxxxxx>]

Ah, two posts and already I'm discovering who the Gurus around here are!

And yes, I am needing to write a plugin to dissect a protocol that runs atop
TCP and contains encrypted data.  

In this case, the data always starts with the same 3 bytes, which are not
encrypted, so I might be able to use a heuristic dissector.  It usually uses
the same port, but not always.

All the protocol has to do is take the data block, pass it to a Data
Transformer and display the transformed data in the data pane.  Should be
simple, and I suspect it has been done before.  I was hoping to find an
example to study/copy.  (I'm a fan of code reuse.)  I realize I can just
start examining existing plugins but there are a lot to look at.

Royce

-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Monday, June 05, 2006 9:56 PM
To: Ethereal development
Subject: Re: [Ethereal-dev] Ethereal Plugin for decrypting Code.

Royce Fessenden wrote:
> I need to write a plug in that will take the data from a TCP packet where
> the flags are 0x0018 (PSH, ACK)  and decrypt it.

Did you mean to say "I need to write a plugin to dissect a protocol that
runs atop TCP and contains encrypted data"?

If so, then you first need to arrange that the dissector be called when
the TCP traffic is traffic for your protocol.  If your protocol uses a
standard port number, you could use that; if it doesn't, you could either
give your dissector a preference to specify the port number of numbers to
use, or, *IF* the protocol data can be examined to determine whether it
looks like it's for your protocol or not (which, if it's encrypted, is
probably not the case) make the dissector a heuristic dissector.


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev