* crypto flag?
@ 2011-12-07 18:50 Johannes Berg
[not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Berg @ 2011-12-07 18:50 UTC (permalink / raw)
To: radiotap-sUITvd46vNxg9hUCZPvPmw
Hi,
Just wanted to see what people think ... I frequently find myself with
different pcap files:
* OTA files: completely encrypted frames
* locally created files (HW crypto): IV present but frame not encrypted
* (infrequently, with other HW: files that have protection bit w/o IVs)
wireshark has a setting for this, but I find myself switching it around
all the time.
What would you think about a radiotap flag that tells wireshark what
happened in the packet?
johannes
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: crypto flag?
[not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
@ 2011-12-07 19:47 ` Guy Harris
[not found] ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Guy Harris @ 2011-12-07 19:47 UTC (permalink / raw)
To: radiotap
On Dec 7, 2011, at 10:50 AM, Johannes Berg wrote:
> What would you think about a radiotap flag that tells wireshark what
> happened in the packet?
Other than saying "that tells the program reading the file what happened in the packet" - this shouldn't be thought of as Wireshark-specific - a flag of that sort makes sense; if there's some information that is necessary or every very helpful when processing a file, and the program that generates the file knows that information, the ideal is to have that information stored in the file somewhere that allows programs reading the file to get it.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: crypto flag?
[not found] ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
@ 2011-12-07 21:07 ` Johannes Berg
0 siblings, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2011-12-07 21:07 UTC (permalink / raw)
To: radiotap
On Wed, 2011-12-07 at 11:47 -0800, Guy Harris wrote:
> On Dec 7, 2011, at 10:50 AM, Johannes Berg wrote:
>
> > What would you think about a radiotap flag that tells wireshark what
> > happened in the packet?
>
> Other than saying "that tells the program reading the file what
> happened in the packet" - this shouldn't be thought of as
> Wireshark-specific - a flag of that sort makes sense; if there's some
> information that is necessary or every very helpful when processing a
> file, and the program that generates the file knows that information,
> the ideal is to have that information stored in the file somewhere
> that allows programs reading the file to get it.
Yes, you're right, it's not wireshark specific. I think that we know
this information when generating, and if not we can leave it out.
I think it'd have to be something like
name: crypto flags
bit number: xxx
structure: u8
unit: bitmap
0x01: IV present
0x02: frame encrypted
...
come to think of it, we could record a bit more info about crypto I
guess, at least in the case where we actually have keys (which happens
if you record on the same machine that is doing something)
I'll think about this a bit more to see if there's something else we can
record.
johannes
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-12-07 21:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-07 18:50 crypto flag? Johannes Berg
[not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
2011-12-07 19:47 ` Guy Harris
[not found] ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
2011-12-07 21:07 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).