ecapture icon indicating copy to clipboard operation
ecapture copied to clipboard
verified publisher icon gojue

Can eCapture support packet filter ?

Open zhangbo1882 opened this issue 3 years ago • 5 comments

Can eCapture support packet filter such as src/dst IP filter ?

zhangbo1882 avatar Sep 14 '22 01:09 zhangbo1882

maybe will. but not now .

you can use ecapture for master secrets , and use tcpdump for pcapng .

use wireshark to union them.

cfc4n avatar Sep 15 '22 04:09 cfc4n

For example, I only want to decrypt the traffic between 1.1.1.1 to 2.2.2.2. But we have to capture all master secrets for all TLS traffic. The key size may be much larger than the traffic between 1.1.1.1 to 2.2.2.2. In our production env, the key size can be up to GB while the traffic I want to decrypt is only several MB.

zhangbo1882 avatar Sep 15 '22 04:09 zhangbo1882

In openssl_tc.h, you can get iph as an iphdr struct pointer, which contains src and dest IP info you need to filter.

You can add your IP filter logical after line 106 in openssl_tc.h

Recompile the code, then you should be able to do want you want to achieve.

blaisewang avatar Sep 16 '22 19:09 blaisewang

Do we have plan to support it officially ?

zhangbo1882 avatar Sep 21 '22 04:09 zhangbo1882

Do we have plan to support it officially ?

yes, we will .

cfc4n avatar Sep 21 '22 04:09 cfc4n