feat: allow capture ipv6 packet#586
Conversation
|
Thank you for your contribution. I will verify it later. However, I lack an IPv6 environment; could you assist me with that? PS:可以加VX沟通吗? 可以在「榫卯江湖」公众号里留言,告诉我你的ID,我加你。 |
|
ok |
看上去,在tls 1.3下,捕获的包含密钥的网络包才能被wireshark正常解析。 即使使用SSLKEYLOGFILE导出密钥,使用tcpdump捕获网络包,再用wireshark设置sslkey的方式,wireshark依旧无法解密tls 1.2的包。 It appears that under TLS 1.3, only network packets containing keys can be properly decoded by Wireshark. Even with the export of keys using SSLKEYLOGFILE, capturing network packets with tcpdump, and setting up sslkey in Wireshark for decryption, Wireshark still cannot decrypt TLS 1.2 packets. 这看上去不是eCapture的bug,更像是wireshark的bug,也就是说wireshark无法正常解密IPv6 + 非tls 1.3 的网络包。 This does not appear to be a bug with eCapture; it seems more like an issue with Wireshark, meaning that Wireshark is unable to properly decrypt IPv6 network packets that are not using TLS 1.3. |
The pcap filter now doesn't take effect for packet protocols that are not IP or IPv6, such as ARP, because In gojue#586, the inject function migrated, it doesn't not work for all packet anymore.
The pcap filter now doesn't take effect for packet protocols that are not IP or IPv6, such as ARP, because In gojue#586, the inject function migrated, it doesn't not work for all packet anymore.
The pcap filter now doesn't take effect for packet protocols that are not IP or IPv6, such as ARP, because In gojue#586, the inject function migrated, it doesn't not work for all packet anymore.
The pcap filter now doesn't take effect for packet protocols that are not IP or IPv6, such as ARP, because In #586, the inject function migrated, it doesn't not work for all packet anymore.
2 participants
allow capture ipv6 packet.