Ethereal-users: Re: [Ethereal-users] Question?? Comment...
> Please help,
> I'm wanting to write an "add-on" to your ethereal base system, for
> decrypting PGP-IP encrypted traffic. Obviously, I've installed the PGP
> Net Encryption software and now any traffic sent on my small (but
> humble) net is encrypted. Would I try to write a "filter" to do this or
> use a "Pluggin" feature?? I've looked at the filter stuff and it looks
> to be alot of work to include this new feature.
"Filters" have nothing whatsoever to do with dissecting new types of
traffic. They have to do with limiting the display of packets.
> What about the
> Pluggin's?? I havn't been able to find much information about them, and
> how their tied into ethereal.
In what fashion does the PGP Net Encryption software encrypt packets?
(NOTE: when I used the search engine on Network Associates' Web site to
search for "PGP Net Encryption" - or, rather, "pgp net encryption", as
searches are case-insensitive - it found nothing, and a Google search
for "pgp net encryption" found nothing as well.)
If it encrypts the payload of IP datagrams, this can't be handled by a
plugin - it would require that the IP dissector itself be modified.
If, however, there's some protocol used for tunneling encrypted IP
datagrams over, say, UDP, it could perhaps be dissected by a dissector
for that protocol, in which case the dissector could either be a
"built-in" or "plugin" dissector - a "plugin" is nothing more than a
dissector that's loaded at run-time, rather than link-time, and can do
nothing that a built-in dissector couldn't do.