All-
I have developed a suite of plugins, several of which deal with packet decryption. Decrypting the packets (in-house protocol) requires tracing each packet to determine packet counts and watching key exchanges.
We are currently attempting to work with some extremely large trace files, 1-2GB in size. We are working on getting a machine with sufficient memory to load these files (and have upgraded to 1.6.1) in hopes that will work. However, I can see the need for working with larger files.
I understand the requirements of splitting the files, and we have done that. My problem now is reworking my dissectors to pick up decryption in the middle of a conversation.
Has anyone dealt with similar issues and solved the problem of transferring state from a dissector in one file to another file? I am not so concerned with how to store the data (maybe I should be…) but rather with hooking in to the right places, in a plugin, so that I can write out the state at the end of the file and then recover it before dissecting packets in the second file.
Recommendations?
Thanks for your input.
Bryant Eastham
