Wireshark-dev: Re: [Wireshark-dev] Request for a Wireshark Update to support TEAP traffic analy
Hello Developers,
I am working on Cisco ISE and I find the Wireshark tool very beneficial to analyze different packets. So Cheers to all your hard work!!!
I am using Windows 10 (Insider Preview Build with TEAP support) endpoint with the latest version of Wireshark running (Version 3.2.1 (v3.2.1-0-gbf38a67724d0)).
Currently there is a new TEAP protocol (Tunneled EAP protocol - RFC 7170) , and we tried to analyze the TEAP traffic on Wireshark but Wireshark shows the Code-Type in EAP as ‘Unknown’ instead of ‘TEAP’ even though it identifies the code
as 55. Also, could you please let me know if there be way to analyze the TEAP traffic by adding certificate to Wireshark.
Kindly please have a look at the attached Wireshark screenshots of TEAP Traffic and PEAP traffic so as to have a better comparison and understanding of the issue.
Here's your chance to become one of the famous wireshark developers.
1. Get the source.
2. Inside epan/dissectors/packet-eap.c there is an array of value_string structs called eap_type_vals.
3. Add the new entry or entries to that table.
4. Rebuild. Probably on Linux because building on Windows is hard.
5. Feed the capture into the new build.
6. Feel a burst of joy at making your first change to Wireshark.
7. Add any new attributes or whatever is needed to properly dissect the whole new types.
8. Submit a code review.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
