whitequark
commented
5 months ago Hi Martin! I last worked on this about 10 years ago :D No, I don't think I have any captures, sorry.
- are the curve and plain methods used much in practice? The only attempt at privacy I've seen is where the ZMTP session was just run over SSH...
I've definitely tried using CURVE. However, there were serious downsides of it, mainly that you can't detect an authentication failure at all. (Yes, really!) For this reason, and unless they fixed it, I think CURVE is basically not usable in user-facing applications as the only way to figure out why auth is failing is a Wireshark dissector. (You can now start seeing why I wrote this...)
There were other similarly frustrating moments with it--I vaguely recall having the same problem with PLAIN. I think I might've used PLAIN instead of CURVE for debugging because then I could use Wireshark? Not sure...
I have next to no memory of using ZeroMQ, except that I found it a frustrating library to use, and some other social factors that aren't relevant here.
MartinMathieson
Hi, I am a Wireshark core developer who met this protocol for the first time on a project recently. I have started work on a C-based dissector for ZMTP (it is currently in Draft at https://gitlab.com/wireshark/wireshark/-/merge_requests/14947). One motivation for writing it was to be able to add UAT preferences (as an alternative to the dissector table, which will still get checked if there are no matching UAT entries).
My use-case of ZeroMQ is really just to be clearly able to see/filter short text payloads, where the version will always be 3.1. I have tried to copy the various command types supported by the Lua dissector, but don't have any captures to test with. I guess I could download old source code versions of zeromq and play with sample code, but was hoping you could advise me:
Any help/advice/captures anyone can share would be greatly appreciated (including any downsides of merging my dissector!). Best regards, Martin Mathieson