Wireshark-bugs: [Wireshark-bugs] [Bug 9234] New: Modify value in a protocol container
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 06 Oct 2013 01:27:12 +0000
Bug ID 9234
Summary Modify value in a protocol container
Classification Unclassified
Product Wireshark
Version 1.10.2
Hardware x86
OS Red Hat
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Extras
Assignee bugzilla-admin@wireshark.org
Reporter russelldelong@hotmail.com 

Build Information:

--
While packet sanitization isn't a function of Wireshark at the moment, it seems
like it is in the best position to fill the need. Wireshark's ability to
accurately dissect into the application layer means that the program can
already do most of the hardest parts of what packet sanitizing tools are trying
to do.

For example, tshark's -T fields output allows you to drill down to an
application, find the value of a protocol header and present just those bytes
to the user. If tshark could take that one last step, and just edit the value
of the field it identified, it would immediately become the greatest packet
sanitization tool in the world.

Now, I'm not as familiar with Wireshark's code as anyone reading this probably
would be, but since Tshark can get all the way to the protocol container and
accurately read and print out the value of the field, it can already  do what
others are trying really hard to do, and I would think (perhaps naively) that
an edit operation on the field that tshark identified would be somewhat
arbitrary. Yes, checksums should be modified ideally, but lack of checksum
modifier support is something people would likely be willing to live with if
needed, if they're in the market for trace file sanitization.

You are receiving this mail because:
  • You are watching all bug changes.