Hi, folks,
I’m looking for the subject matter expert in Exporting PDUs to file and Exporting TLS session keys to write a proper documentation. Is there anyone who I can ask questions? I’m alexnik in the IRC. Could you contact me there please, or answer to this mail?
I have contributed to the PDU export functionality addition in Wireshark even if I'm not the author. You can find some documentation in the corresponding header file (
https://gitlab.com/wireshark/wireshark/-/blob/master/epan/exported_pdu.h) even if it is more developer oriented than user oriented. The purpose is to be able to save "upper level" PDUs without the need for lower level protocols (for example to save a decrypted session without the need to share the encryption keys).
Currently we have the following default PDU export levels:
- Logcat and Logcat text: for Android logs
- OSI layer 3: currently used to export protocols encapsulated in IPSec or SCTP
- OSI layer 4: currently used to export protocols encapsulated in TCP or UDP
- OSI layer 7: currently used to export the following protocols: CredSSP over TLS, Diameter, protocols encapsulated in TLS and DTLS, H.248, Megaco, RELOAD framing, SIP, SMPP
The framework allows any dissector to add itself to this existing list or define a new entry in the list. The choice of the protocols using this functionality was mostly driven by user specific needs than anything else.
Hope this helps. Feel free to ask if you have more questions, I will try to help.
Best regards,
Pascal.
