Hi List,
There are a number of circumstances when it useful to dissect an ASN.1 BER
encoded file.
For example, a X.509 certificate, a PKCS#12 file or a lump of X.400 content
from an MTA queue.
So attached is patch for an ASN.1 BER capture file format.
Briefly,
* a file is determined to ASN.1 if
i) the first Tag is constructed and either a SET, SEQUENCE or
CONTEXT [<32]
ii) the associated Length matches the length of the file
(This algorithm may need to be tweaked.)
* there is obviously only one "frame" which reflects the content of the file
- the arrival time of the frame reflects the time on the file.
* dissect_unknown_ber() has been significantly upgraded to handle arbitary
ASN.1
* a heuristic based on the OIDs found in the ASN.1 has been added to see if
a better
dissection can be made. For example, if id-signedData is found, the ASN.1
can be
dissected as CMS.
* the above heuristic can be turned off through a preference if it is making
the wrong
decision.
The patch also includes a BER preference to allow the user to specify a file
that
contains OID information for OIDs that Ethereal hasn't already encoded.
This is my first venture outside of dissectors, so let me know if I haven't
covered all the
bases for a new capture file format.
Graeme
Attachment:
berfile.tar.gz
Description: GNU Zip compressed data
