wireshark

osmith

History

João Valverde 0853ddd1cb dfilter: Add support for raw (bytes) addressing mode This adds new syntax to read a field from the tree as bytes, instead of the actual type. This is a useful extension for example to match matformed strings that contain unicode replacement characters. In this case it is not possible to match the raw value of the malformed string field. This extension fills this need and is generic enough that it should be useful in many other situations. The syntax used is to prefix the field name with "@". The following artificial example tests if the HTTP user agent contains a particular invalid UTF-8 sequence: @http.user_agent == "Mozill\xAA" Where simply using "http.user_agent" won't work because the invalid byte sequence will have been replaced with U+FFFD. Considering the following programs: $ dftest '_ws.ftypes.string == "ABC"' Filter: _ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <FT_STRING>) 1 FVALUE("ABC" <FT_STRING>) Instructions: 00000 READ_TREE _ws.ftypes.string <FT_STRING> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == "ABC" <FT_STRING> 00003 RETURN $ dftest '@_ws.ftypes.string == "ABC"' Filter: @_ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <RAW>) 1 FVALUE(41:42:43 <FT_BYTES>) Instructions: 00000 READ_TREE @_ws.ftypes.string <FT_BYTES> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == 41:42:43 <FT_BYTES> 00003 RETURN In the second case the field has a "raw" type, that equates directly to FT_BYTES, and the field value is read from the protocol raw data.		2022-10-31 21:02:39 +00:00
..
arp.pcap	…
c1222_std_example8.pcap	…
communityid.pcap.gz	A Community ID implementation for Wireshark.	2020-09-16 09:25:38 -07:00
cose_encrypt0_tagged.cbordiag	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_encrypt0_tagged.pcap	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_encrypt_tagged.cbordiag	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_encrypt_tagged.pcap	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_keyset.cbordiag	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_keyset.pcap	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_mac0_tagged.cbordiag	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_mac0_tagged.pcap	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_mac_tagged.cbordiag	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_mac_tagged.pcap	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_sign1_tagged.cbordiag	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_sign1_tagged.pcap	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_sign_tagged.cbordiag	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
cose_sign_tagged.pcap	COSE dissector from dtn-wireshark project	2021-09-29 08:51:13 +00:00
dhcp-nanosecond.pcap	…
dhcp-nanosecond.pcapng	…
dhcp.pcap	…
dhcp.pcapng	…
dhe1.pcapng.gz	…
dmgr.pcapng	…
dns+icmp.pcapng.gz	…
dns-ooo.pcap	…
dns_port.pcap	…
dtls12-aes128ccm8-dsb.pcapng	DTLS: add DSB support, use the key log file from the TLS dissector	2019-01-17 21:33:25 +00:00
dtls12-aes128ccm8.pcap	…
dtn_tcpclv3_bpv6_transfer.pcapng	TCPCLv4: Update TCPCL dissector to include version 4 from dtn-wireshark	2021-10-17 14:09:07 +00:00
dtn_tcpclv4_bpv7_transfer.pcapng	TCPCLv4: Update TCPCL dissector to include version 4 from dtn-wireshark	2021-10-17 14:09:07 +00:00
dtn_udpcl_bpv7_bpsec_bcb_admin.cbordiag	BPv7: Add Bundle Protocol version 7 and BPSec dissectors from dtn-wireshark	2021-10-10 13:27:17 +00:00
dtn_udpcl_bpv7_bpsec_bcb_admin.pcapng	BPv7: Add Bundle Protocol version 7 and BPSec dissectors from dtn-wireshark	2021-10-10 13:27:17 +00:00
dtn_udpcl_bpv7_bpsec_bib_admin.cbordiag	BPv7: Add Bundle Protocol version 7 and BPSec dissectors from dtn-wireshark	2021-10-10 13:27:17 +00:00
dtn_udpcl_bpv7_bpsec_bib_admin.pcapng	BPv7: Add Bundle Protocol version 7 and BPSec dissectors from dtn-wireshark	2021-10-10 13:27:17 +00:00
dvb-ci_UV1_0000.pcap	…
empty.pcap	…
esp-bug-12671.pcapng.gz	…
gitOverTCP.pcap	git: Add test cases	2021-08-30 06:34:52 +00:00
grpc_person_search_json_with_image.pcapng.gz	Protobuf/gRPC: add test cases for Protobuf and gRPC	2020-12-01 12:06:43 +00:00
grpc_person_search_protobuf_with_image-missing_headers.pcapng.gz	HTTP2/GRPC: support using fake headers if first HEADERS frame is missing	2021-11-26 17:34:23 +00:00
grpc_person_search_protobuf_with_image.pcapng.gz	Protobuf/gRPC: add test cases for Protobuf and gRPC	2020-12-01 12:06:43 +00:00
grpc_stream_reassembly_sample.pcapng.gz	http2: fix the stream mode reassembly issue	2021-10-20 17:25:17 +00:00
grpc_web.pcapng.gz	GRPC: Add support for gRPC-Web	2022-03-01 10:19:47 +00:00
http-brotli.pcapng	Add brotli decompression support for HTTP and HTTP2 dissectors.	2019-04-22 15:24:46 +00:00
http-ooo.pcap	…
http-ooo2.pcap	tcp: fix reporting of "Reassembled in" for OoO initial segment	2019-01-25 12:01:32 +00:00
http.pcap	…
http2-brotli.pcapng	Add brotli decompression support for HTTP and HTTP2 dissectors.	2019-04-22 15:24:46 +00:00
http2-data-reassembly.pcap	…
http2_follow_multistream.pcapng	HTTP2, QUIC: fix "Follow Stream"	2021-09-13 15:13:10 +00:00
icmp.pcapng.gz	test: make 'double' tests rely on icmp instead of ntp.	2018-10-25 04:09:44 +00:00
ikev1-bug-12610.pcapng.gz	…
ikev1-bug-12620.pcapng.gz	…
ikev1-certs.pcap	…
ikev2-decrypt-3des-sha1_160.pcap	…
ikev2-decrypt-aes128ccm12-2.pcap	…
ikev2-decrypt-aes128ccm12.pcap	…
ikev2-decrypt-aes192ctr.pcap	…
ikev2-decrypt-aes256cbc.pcapng	…
ikev2-decrypt-aes256ccm16.pcapng	…
ikev2-decrypt-aes256gcm8.pcap	…
ikev2-decrypt-aes256gcm16.pcap	…
ipoipoip.pcap	dfilter: Add syntax to match specific layers in the protocol stack	2022-04-26 16:50:59 +00:00
ipv6.pcap	…
ipx_rip.pcap	…
knxip_DataSec.pcap	…
knxip_SecureWrapper.pcap	…
knxip_TimerNotify.pcap	…
krb-816.pcap.gz	…
many_interfaces.pcapng.1	Dumpcap: Fix writing SHBs and IDBs.	2018-11-16 19:28:11 +00:00
many_interfaces.pcapng.2	Dumpcap: Fix writing SHBs and IDBs.	2018-11-16 19:28:11 +00:00
many_interfaces.pcapng.3	Dumpcap: Fix writing SHBs and IDBs.	2018-11-16 19:28:11 +00:00
netperfmeter.pcapng.gz	Replaced large NetPerfMeter captures by one small capture.	2021-03-04 20:27:24 +01:00
nfs.pcap	…
ntp.pcap	…
owe.pcapng.gz	ieee80211: Support decrypting OWE captures	2019-03-26 08:56:03 +00:00
packet-h2-14_headers.pcapng	…
protobuf_tcp_addressbook.pcapng.gz	Protobuf/gRPC: add test cases for Protobuf and gRPC	2020-12-01 12:06:43 +00:00
protobuf_test_default_value.pcapng	Protobuf/gRPC: add test cases for Protobuf and gRPC	2020-12-01 12:06:43 +00:00
protobuf_test_leading_dot.pcapng	Protobuf/gRPC: add test cases for Protobuf and gRPC	2020-12-01 12:06:43 +00:00
protobuf_test_map_and_oneof_types.pcapng	Protobuf/gRPC: add test cases for Protobuf and gRPC	2020-12-01 12:06:43 +00:00
protobuf_udp_addressbook_with_image_ts.pcapng	Protobuf/gRPC: add test cases for Protobuf and gRPC	2020-12-01 12:06:43 +00:00
quic-fragmented-handshakes.pcapng.gz	quic: Handle out-of-order CRYPTO frames, aka "Chaos Protection"	2022-07-24 23:27:38 -04:00
quic_follow_multistream.pcapng	HTTP2, QUIC: fix "Follow Stream"	2021-09-13 15:13:10 +00:00
retrans-tls.pcap	TCP: pass data after a ZeroWindowProbe to subdissectors	2019-01-27 09:47:54 +00:00
rsa-p-lt-q.pcap	…
rsasnakeoil2.pcap	…
s7comm-fuzz.pcapng.gz	dfilter: Add support for raw (bytes) addressing mode	2022-10-31 21:02:39 +00:00
sample_control4_2012-03-24.pcap	…
segmented_fpm.pcap	…
sip.pcapng	…
sipmsg.log	…
smb300-aes-128-ccm.pcap.gz	test/suite_decryption.py: add smb2 decryption tests	2019-01-25 16:07:52 +00:00
smb311-aes-128-ccm.pcap.gz	test/suite_decryption.py: add smb2 decryption tests	2019-01-25 16:07:52 +00:00
smb311-aes-128-gcm.pcap.gz	smb2: add support for AES-128-GCM decryption	2019-07-02 17:54:03 +00:00
smb311-aes-256-ccm.pcap.gz	packet-smb2: add AES-256-* decryption	2022-02-02 07:54:40 +00:00
smb311-aes-256-gcm.pcap.gz	packet-smb2: add AES-256-* decryption	2022-02-02 07:54:40 +00:00
smb311-chained-patternv1-lznt1.pcapng.gz	SMB2: add tests for chained compression and pattern_v1	2020-09-26 02:23:23 +00:00
smb311-lz77-lz77huff-lznt1.pcap.gz	smb2: add support for decompression	2019-07-15 21:00:14 +00:00
snakeoil-dtls.pcap	…
tcp-badsegments.pcap	…
tcp-exp-option-tarr.pcap.gz	TCP: Use RFC 6994 for experimental options	2022-08-17 21:33:31 +00:00
text2pcap_hash_eol.txt	…
tftp.pcap	…
tls-fragmented-handshakes.pcap.gz	TLS: Implement reassembly for Handshake messages	2019-04-24 21:02:35 +00:00
tls-renegotiation.pcap	…
tls12-aes128ccm.pcap	…
tls12-aes256gcm.pcap	…
tls12-chacha20poly1305.pcap	…
tls12-dsb.pcapng	wiretap: add read/write support for Decryption Secrets Block (DSB)	2018-11-20 05:12:37 +00:00
tls13-20-chacha20poly1305.pcap	…
tls13-rfc8446.pcap	…
udt-dtls.pcapng.gz	…
wep.pcapng.gz	dot11decrypt: Fix WEP decryption	2020-10-21 11:03:44 +00:00
wireguard-ping-tcp-dsb.pcapng	Add support for embedding WireGuard keys in a pcapng file	2019-06-17 00:48:29 +00:00
wireguard-ping-tcp.pcap	…
wireguard-psk.pcap	…
wpa-Induction.pcap.gz	…
wpa-ccmp-256.pcapng.gz	ieee80211: Add CCMP-256 decryption support	2020-03-14 06:53:13 +00:00
wpa-eap-tls.pcap.gz	…
wpa-gcmp-256.pcapng.gz	ieee80211: GCMP decryption support	2020-03-14 17:53:36 +00:00
wpa-gcmp.pcapng.gz	ieee80211: GCMP decryption support	2020-03-14 17:53:36 +00:00
wpa-test-decode-mgmt.pcap.gz	…
wpa-test-decode-tdls.pcap.gz	…
wpa-test-decode.pcap.gz	…
wpa1-gtk-rekey.pcapng.gz	ieee80211: Fix WPA1 decryption	2019-04-03 15:25:54 +00:00
wpa2-ft-eap.pcapng.gz	dot11decrypt: Add partial FT-EAP decryption support	2021-01-20 16:10:12 +00:00
wpa2-ft-psk.pcapng.gz	ieee80211: Support decrypting Fast BSS Transition with roaming	2021-03-16 14:36:26 +00:00
wpa2-psk-mfp.pcapng.gz	dot11decrypt: Fix decryption of MFP enabled connections	2020-03-23 08:45:57 +00:00
wpa3-sae.pcapng.gz	ieee80211: Support decrypting WPA3-Personal / SAE captures	2019-03-21 12:13:58 +00:00
wpa3-suiteb-192.pcapng.gz	test/suite_decryption: Add WPA3 SuiteB-192 bit test	2019-11-14 08:28:00 +00:00
wpa_ptk_extended_key_id.pcap.gz	ieee80211: Extended Key ID support	2019-11-02 11:40:57 +00:00