Wireshark-bugs: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Date: Tue, 08 Oct 2013 06:55:08 +0000

changed bug 9234

What Removed Added
Hardware x86 All
OS Red Hat All

Comment # 6 on bug 9234 from
(In reply to comment #3)
> The problem is that the "defensive" component of TraceWrangler would be much
> more complicated to build into Wireshark. Depending on your needs, that may
> not be as important though.

If "defensive" means "Do defensive transformation – if you can‘t parse it,
don‘t write it" (as per the slide show on Tracewrangler), and if "can't parse
it" means "Wireshark gives up on trying to dissect it", perhaps a defensive
option for a trace sanitizer based on libwireshark would be "any part of the
packet that isn't a named field should be replaced with {0xFF, 0x00, byte
selected in sequence from 0xDE 0xAD 0xBE 0xEF, a random byte value, ...}", so
that named fields are either left alone or sanitized in some fashion and
everything else is sanitized by scrambling it.


You are receiving this mail because:
  • You are watching all bug changes.