- ACP123(B) Published
- NEDS procurement have issued amendment 11 and extended the bid submission date to 3rd March 2010
- Isode announce addition of new product, M-Link Edge, to R14.6 release
- ESS equivalentLabels mandatory in STANAG 4631
- Management Buy In Of Clearswift Specialist Products Division
- Boldon James joins Transglobal Secure Collaboration Program
- Isode Adopts XML Security Policies
- ACP133 8 Years On
- RFC Search
- Canadian MMHS adopts Web-based Solution
Wireshark as an ASN.1 Decoder
Submitted by admin on Tue, 2007-05-01 09:19
As well as opening a wide range of packet capture files, Wireshark can now open ASN.1 encoded files, such as certificates or X.400 content. So now you can view your own ASN.1 dumps in exactly the same way as if you had captured them from the network.
This gives Wireshark a similar capability to Microsoft's ASpiriN, Gemini Security Solutions GUIDumpASN (based on Peter Guttman's dumpasn1.c) and a range of other ASN.1 analysis tools.
Just select "File"/"Open", choose the ASN.1 encoded file and Wireshark will display the ASN.1 as if it were a capture file with a single packet. The only pre-requisite for Wireshark to open the file is that the first tag in the file is constructed and the length matches the length of the file. For example, Wireshark will not open a file containing a primitive OCTET STRING.
Wireshark knows about a number of file extensions and will dissect the ASN.1 appropriately:
- p7s, p7m, p7c - ContentInfo
- p12, pfx - PKCS#12
- p772 - MilitaryMessage
- cer, crt - Certificate
- crl - CertificateList
If Wireshark does not understand the extension, it will display the ASN.1 as "unknown", tagged ASN.1. However, if you right click in the "Packet Details" or "Packet List" area and choose "Decode As...", you can select the syntax Wireshark uses to decode the ASN.1.