* crypto flag?
@ 2011-12-07 18:50 Johannes Berg
[not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Berg @ 2011-12-07 18:50 UTC (permalink / raw)
To: radiotap-sUITvd46vNxg9hUCZPvPmw
Hi,
Just wanted to see what people think ... I frequently find myself with
different pcap files:
* OTA files: completely encrypted frames
* locally created files (HW crypto): IV present but frame not encrypted
* (infrequently, with other HW: files that have protection bit w/o IVs)
wireshark has a setting for this, but I find myself switching it around
all the time.
What would you think about a radiotap flag that tells wireshark what
happened in the packet?
johannes
^ permalink raw reply [flat|nested] 3+ messages in thread[parent not found: <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>]
* Re: crypto flag? [not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org> @ 2011-12-07 19:47 ` Guy Harris [not found] ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org> 0 siblings, 1 reply; 3+ messages in thread From: Guy Harris @ 2011-12-07 19:47 UTC (permalink / raw) To: radiotap On Dec 7, 2011, at 10:50 AM, Johannes Berg wrote: > What would you think about a radiotap flag that tells wireshark what > happened in the packet? Other than saying "that tells the program reading the file what happened in the packet" - this shouldn't be thought of as Wireshark-specific - a flag of that sort makes sense; if there's some information that is necessary or every very helpful when processing a file, and the program that generates the file knows that information, the ideal is to have that information stored in the file somewhere that allows programs reading the file to get it. ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>]
* Re: crypto flag? [not found] ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org> @ 2011-12-07 21:07 ` Johannes Berg 0 siblings, 0 replies; 3+ messages in thread From: Johannes Berg @ 2011-12-07 21:07 UTC (permalink / raw) To: radiotap On Wed, 2011-12-07 at 11:47 -0800, Guy Harris wrote: > On Dec 7, 2011, at 10:50 AM, Johannes Berg wrote: > > > What would you think about a radiotap flag that tells wireshark what > > happened in the packet? > > Other than saying "that tells the program reading the file what > happened in the packet" - this shouldn't be thought of as > Wireshark-specific - a flag of that sort makes sense; if there's some > information that is necessary or every very helpful when processing a > file, and the program that generates the file knows that information, > the ideal is to have that information stored in the file somewhere > that allows programs reading the file to get it. Yes, you're right, it's not wireshark specific. I think that we know this information when generating, and if not we can leave it out. I think it'd have to be something like name: crypto flags bit number: xxx structure: u8 unit: bitmap 0x01: IV present 0x02: frame encrypted ... come to think of it, we could record a bit more info about crypto I guess, at least in the case where we actually have keys (which happens if you record on the same machine that is doing something) I'll think about this a bit more to see if there's something else we can record. johannes ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-12-07 21:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-07 18:50 crypto flag? Johannes Berg
[not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
2011-12-07 19:47 ` Guy Harris
[not found] ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
2011-12-07 21:07 ` Johannes Berg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).