On Tue, Jul 04, 2000 at 07:45:59AM -0500, tarun@xxxxxxxxxxxxx wrote:
> 1) Associate each packet I sniff to the application
I said in my previous message what you'd have to do in order to do that.
It's not necessarily easy to do.
> 2) get the actual data from each packet so that I can add the data
> in the packets and arrive at the size of the encrypted file.
Which header information are you talking about stripping off?
You can get the size of the data in a packet, with the TCP headers
stripped off, by looking at the "Internet Protocol" part of the packet
dissection, and subtracting the "Header length" from the "Total Length",
and then looking at the "Transmission Control Protocol" part of the
packet dissection and subtracting *its* "Header length" from the result
of the previous subtraction.
However, this doesn't subtract out any SSL headers, for example, if
there are any; Ethereal doesn't dissect SSL information (and if the
data, including the headers, is encrypted, the only way it could do that
would be if it knew the encryption key - but if it's easy for it to get
that information, the encryption doesn't serve the purpose for which
it's intended; the first "S" in "SSL" stands for "Secure", and "Secure"
includes "secure against somebody snooping network traffic" - so you'd
have to somehow supply the encryption key yourself).
