Re: [Wireshark-dev] Packet reassemble - FTP-DATA Dissector - FTP - Export Object

2015-01-16 16:07 GMT+01:00 leonardoc...@libero.it leonardoc...@libero.it: I already posted this question to Ask.Wireshark.org; as I have a very tight schedule and realise the mailing list is more appropriate, I am posting it here as well. Please advice me if I need to remove the other post.

Re: [Wireshark-dev] Issue with packet-ieee802154.c

2015-01-20 20:09 GMT+01:00 Alexis La Goutte alexis.lagou...@gmail.com: Hi Robert, it is possible to push your patch on Gerrit ? and/or also create a bug in bugtracker ? (with pcap sample) for try Regards, See https://code.wireshark.org/review/#/c/6695/1 Regards, Pascal. On Tue, Jan

Re: [Wireshark-dev] Crash in ws_mempbrk_sse42_compile()

2015-02-11 19:23 GMT+01:00 Martin Mathieson martin.r.mathie...@googlemail.com: I am building on MSVC2010EE and getting a crash upon startup. This is after doing a clean and rebuild. [image: Inline image 1] 'needles' is set to {0x1, 0x0}. 'length'. 'length' (set by call to strlen())

Re: [Wireshark-dev] The RSVD dissector and 32-bit builds ...

2015-02-16 16:48 GMT+01:00 Richard Sharpe realrichardsha...@gmail.com: On Mon, Feb 16, 2015 at 7:11 AM, Evan Huus eapa...@gmail.com wrote: On Mon, Feb 16, 2015 at 10:08 AM, Richard Sharpe realrichardsha...@gmail.com wrote: On Mon, Feb 16, 2015 at 6:55 AM, Evan Huus eapa...@gmail.com wrote:

Re: [Wireshark-dev] function of dissector_try_uint()

Hi Vishnu, 2015-02-16 14:55 GMT+01:00 Vishnu Bhatt vishnu.bh...@aricent.com: Hi, I have a dissector code (atmii) and I am having problem in understanding the following two lines of code: In proto_register_atmii() aal_dissector_table = register_dissector_table(atmii.aal2_payload,

Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3

2015-02-17 10:08 GMT+01:00 yannick omnes yom...@aviwest.com: Hi list, I've recently updated my Wireshark to 1.12.3. I created a plugin that worked fine with previous versions but now I'm facing some problems. The plugins still compile and is correctly loaded by wireshark on Windows On my

Re: [Wireshark-dev] function of dissector_try_uint()

2015-02-17 8:48 GMT+01:00 Vishnu Bhatt vishnu.bh...@aricent.com: Thanks for the reply. Can you please tell me what is the function of p_get_proto_data() in Wireshark. Specifically, in case of FP frame, what is the role of this function? p_fp_info = (fp_info

Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3

that it will NOT be compatible ;) ). Regards, Yannick Le 17/02/2015 10:42, Pascal Quantin a écrit : 2015-02-17 10:08 GMT+01:00 yannick omnes yom...@aviwest.com: Hi list, I've recently updated my Wireshark to 1.12.3. I created a plugin that worked fine with previous versions but now

Re: [Wireshark-dev] Dissector Development; _init function for inizilizing GHashTable

2015-01-26 8:58 GMT+01:00 leonardoc...@libero.it leonardoc...@libero.it: I am working on the FTP dissector at the moment. I have introduced a GHashTable for the purpose of storing seq and lastackseq numbers and pinfo data. I have introduced a static void ftp_init(void) function in the same

Re: [Wireshark-dev] Questions about Submission of dissectors

2015-01-10 13:14 GMT+01:00 Bálint Réczey bal...@balintreczey.hu: Hi, 2015-01-10 13:08 GMT+01:00 Pascal Quantin pascal.quan...@gmail.com: Hi Christopher, 2015-01-09 21:51 GMT+01:00 Christopher Sheldahl christopher.sheld...@yahoo.com: My company has developed a number of dissectors

Re: [Wireshark-dev] [Wireshark-users] Wireshark 1.12.3 is now available

Le 8 janv. 2015 07:47, Manish . mani...@aricent.com a écrit : Hi Gents, I compared the no of plugin’s in wireshark release 1.12.3 and 1.6.7. Also found that the no of plug-in are much less in 1.12.3. Below is screenshot FYR Regards Manish Singla Hi, Some of those plugins were

Re: [Wireshark-dev] Patch being stuck

2015-01-08 11:52 GMT+01:00 Alexis La Goutte alexis.lagou...@gmail.com: On Thu, Jan 8, 2015 at 11:50 AM, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-01-08 11:38 GMT+01:00 Dario Lombardo dario.lombardo...@gmail.com: Hi list I pushed a patch a couple of days ago https

Re: [Wireshark-dev] Patch being stuck

2015-01-08 11:38 GMT+01:00 Dario Lombardo dario.lombardo...@gmail.com: Hi list I pushed a patch a couple of days ago https://code.wireshark.org/review/#/c/6350/ I think it's getting stuck for some reason (not even the petri dish buildbot has processed it). Other patches submitted later

Re: [Wireshark-dev] Protocol UPP is not available in wireshark release 1.12.3

Singla* *From:* Pascal Quantin [mailto:pascal.quan...@gmail.com] *Sent:* 08 January 2015 12:54 *To:* Community support list for Wireshark *Cc:* Developer support list for Wireshark; Guy Harris; wireshark-annou...@wireshark.org; Manish . *Subject:* Re: [Wireshark-users] Wireshark 1.12.3

Re: [Wireshark-dev] Protocol stats list in GUI

2015-01-04 20:27 GMT+01:00 Hadriel Kaplan hadri...@yahoo.com: With the addition of another protocol statistic [1], I noticed the list of the various stats is growing long and ugly in the Statistics menu of the GUIs (both GTK and Qt). It's also a jumble of generic things such as 'Flow Graph'

Re: [Wireshark-dev] Segmentation fault on tshark

2015-01-08 20:54 GMT+01:00 Alexis La Goutte alexis.lagou...@gmail.com: Hi, There is a problem with commit a323f0ce3ed46bba7f593790da2256180ac479f2 Author: Robert Grange robioneken...@bluewin.ch Date: Sat Dec 27 17:46:33 2014 +0100 packet-mq: Add New Def, Reformat Lines, re-order

Re: [Wireshark-dev] Set capture to TZ blah?

2015-03-14 20:34 GMT+01:00 Jeff Morriss jeff.morriss...@gmail.com: On 03/14/2015 02:16 PM, Guy Harris wrote: On Mar 14, 2015, at 8:00 AM, Niels de Vos nde...@redhat.com wrote: When I have captures and logs that do not match the timezone, I use the TZ environment variable to read the

Re: [Wireshark-dev] Supported Python versions?

2015-03-22 16:48 GMT+01:00 Peter Wu pe...@lekensteyn.nl: Hi, Triggered by a build error due to html2text.py, I have recently started with adding Python 3 support to various Python scripts[1][2]. The change to html2text.py[1] was tested with Python 2.6, 2.7, 3.2 and 3.4. The configure

Re: [Wireshark-dev] Latest code broken?

2015-03-15 14:16 GMT+01:00 Anil anilkumar...@gmail.com: Hi -- I have been seeing this problem with the wireshark since 12 Mar 2015. I get the below error anil@anilpc:~/ws_srcpkg/build$ ./run/wireshark-gtk 18:26:50 Err Field 'Src Vm Name' (nstrace.src_vm) is an integral value

Re: [Wireshark-dev] Buildbot test failures - wslua

2015-03-11 17:19 GMT+01:00 Alexis La Goutte alexis.lagou...@gmail.com: On Wed, Mar 11, 2015 at 4:53 PM, Graham Bloice graham.blo...@trihedral.com wrote: The current test failures are in the wslua tests, in the last part of the wslua_step_dissector_test() test, where the two files differ,

Re: [Wireshark-dev] Supported Python versions?

2015-03-24 18:17 GMT+01:00 Peter Wu pe...@lekensteyn.nl: On Sun, Mar 22, 2015 at 04:58:14PM +0100, Pascal Quantin wrote: 2015-03-22 16:48 GMT+01:00 Peter Wu pe...@lekensteyn.nl: Hi, Triggered by a build error due to html2text.py, I have recently started with adding Python 3

Re: [Wireshark-dev] Keep decoding malformed packet

2015-03-23 16:12 GMT+01:00 Victor Xiang victorxian...@gmail.com: I have a dissector written with ASN1. At some point in the packet I have a D-BL-ACK element with the following structure: D-BL-ACK ::= *SEQUENCE* { nr INTEGER(0..1), tl-sdu D-MLE-PDU } In a frame there

Re: [Wireshark-dev] Wireshark crash after removing if(tree)

Le 27 févr. 2015 14:38, Raj sekar mrajse...@gmail.com a écrit : Hi I am developing custom dissector and i was having issues on reassembly with help from PASCAL i have found my reassembly is not working because of if(tree) and if i remove if(tree) i can able to open my pcap file only in debug

Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation

provided earlier today cannot work as it is intended to be used with fragment_add_seq_check (that use sequence numbers and not fragment length, as explained in the header file). Thanks again and have a nice day! Raj On 25 Feb 2015 19:33, Pascal Quantin pascal.quan...@gmail.com wrote: Back

Re: [Wireshark-dev] Gsoc 15 Packet Editor project

Le 26 févr. 2015 05:14, isikcan yilmaz can...@gmail.com a écrit : Hello; I'm Isikcan Yilmaz, a Computer Engineering student in Drexel University. I am interested in participating in Google Summer of Code for the first time this year. I have seen the Packet Editor(UI) idea on the wiki page of

Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation

Le 25 févr. 2015 10:07, Raj sekar mrajse...@gmail.com a écrit : i have a off-line capture file.. iam developing dissector for customised protocol i have a old ethereal tool for the same protocol now iam developing in wireshark. My message pdu got 3 different message types 1. Beginning

Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation

PM, Pascal Quantin pascal.quan...@gmail.com wrote: Le 25 févr. 2015 10:07, Raj sekar mrajse...@gmail.com a écrit : i have a off-line capture file.. iam developing dissector for customised protocol i have a old ethereal tool for the same protocol now iam developing in wireshark

Re: [Wireshark-dev] impossible to commit my changes

2015-03-23 23:20 GMT+01:00 Aurélien Terrestris aterrest...@gmail.com: Hello when trying to commit my changes, I get this result : # git commit -m 'RRH dissector' epan/dissectors/packet-rrh.c: FT_IPv6: proto_tree_add_item(rrh_tree, hf_rrh_ipv6, tvb, pos, 6, [[ENC_BIG_ENDIAN]--[ENC_NA]]);

Re: [Wireshark-dev] Usage of make-version.pl

2015-03-23 17:49 GMT+01:00 Juan Jose Martin Carrascosa jua...@rti.com: Hi all, I am building Wireshark for Windows, Linux and Mac. I have been reading and analyzing the make-version.pl script and I have found that I am not a perl expert: I have no idea about how to use version.conf. Can

Re: [Wireshark-dev] Usage of make-version.pl

on this :) Juanjo Did you give a try to the following command? perl make-version.pl --set-release with a version.conf file containing: enable: 1 pkg_format: %#-ABCD pkg_enable: 1 Pascal. On Mon, Mar 23, 2015 at 6:38 PM, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-03-23 17:49 GMT+01

Re: [Wireshark-dev] Custom zlib for Windows builds

2015-04-27 20:43 GMT+02:00 Gerald Combs ger...@wireshark.org: On 4/27/15 8:57 AM, Pascal Quantin wrote: 2015-04-27 17:55 GMT+02:00 Graham Bloice graham.blo...@trihedral.com mailto:graham.blo...@trihedral.com: I'll have a go at producing a new one, what name do we give

Re: [Wireshark-dev] Custom zlib for Windows builds

2015-04-27 17:55 GMT+02:00 Graham Bloice graham.blo...@trihedral.com: On 27 April 2015 at 16:45, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-04-27 17:33 GMT+02:00 Graham Bloice graham.blo...@trihedral.com: The remaining CMake warnings for Windows are caused by zlib, as newer

Re: [Wireshark-dev] Custom zlib for Windows builds

2015-04-27 17:33 GMT+02:00 Graham Bloice graham.blo...@trihedral.com: The remaining CMake warnings for Windows are caused by zlib, as newer CMake versions complain about policy settings. As the zlib maintainers seem very reluctant to incorporate changes (31 pull requests at the moment oldest

Re: [Wireshark-dev] My first dissector

2015-04-15 12:53 GMT+02:00 14l0yt+90c01y4cpr...@guerrillamail.com: Dear all, (Sorry for double posting, but I got no response on the users mailing list, so I thought maybe this list is actually more appropriate) I'm trying to write my first Wireshark dissector. As an example, I looked at

Re: [Wireshark-dev] Windows automated builds migrated to CMake

2015-04-16 5:06 GMT+02:00 Gerald Combs ger...@wireshark.org: We reached a bit of a milestone today. The packages created by the 32-bit and 64-bit Windows builders at https://buildbot.wireshark.org/trunk/waterfall are now produced using CMake and MSBuild. Thanks to everyone for helping to

Re: [Wireshark-dev] My first dissector

2015-04-16 10:41 GMT+02:00 14mpdn+2zn37jzosz...@guerrillamail.com: Hi Pascal, Alexis and all, Thanks for your time and answers, very helpful. I did provide all the code, there just isn't much yet. I wanted to get something running first, before I would add more code, such that I know I have

Re: [Wireshark-dev] Windows automated builds migrated to CMake

2015-04-16 14:55 GMT+02:00 Graham Bloice graham.blo...@trihedral.com: On 16 April 2015 at 11:49, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-04-16 5:06 GMT+02:00 Gerald Combs ger...@wireshark.org: We reached a bit of a milestone today. The packages created by the 32-bit and 64

Re: [Wireshark-dev] Gerrit upgrade schedule

2015-04-02 1:06 GMT+02:00 Gerald Combs ger...@wireshark.org: As was discussed last month, Google's OpenID is going away on the 20th. Logins to code.wireshark.org using Google will break on that date. The Gerrit development team has been busy making releases recently to account for this.

Re: [Wireshark-dev] Gerrit upgrade schedule

Le 16 avr. 2015 11:29 PM, Gerald Combs ger...@wireshark.org a écrit : On 4/16/15 1:17 PM, Pascal Quantin wrote: 2015-04-02 1:06 GMT+02:00 Gerald Combs ger...@wireshark.org mailto:ger...@wireshark.org: As was discussed last month, Google's OpenID is going away on the 20th

Re: [Wireshark-dev] nmake setup target failing for me

2015-04-09 15:28 GMT+02:00 Martin Mathieson martin.r.mathie...@googlemail.com: I was prompted to run setup, but am getting this. Any ideas? Martin ** zlib128.zip ** No HTTP proxy specified (http_proxy and HTTP_PROXY are empty). Downloading zlib128.zip into

Re: [Wireshark-dev] Error: implicit declaration of function ‘gdk_pixbuf_new_from_inline’

2015-05-20 13:34 GMT+02:00 Andrei Emeltchenko andrei.emeltchenko.n...@gmail.com: Hi, recently I hit following error when building wireshark on Ubuntu 15.04: ... AR libqtui.a make[2]: Leaving directory '/usr/local/wireshark/ui/qt' Making all in ui/gtk make[2]: Entering directory

Re: [Wireshark-dev] Migrating dissector to WS 1.12

Hi Helge, 2015-05-20 18:46 GMT+02:00 Helge Kruse helge.kr...@gmx.net: Hi, I am migrating from WS 1.6 to WS 1.12 skipping all version between. I have some code that uses functions that are not available in the current version. How can I find how this functions are replaced by newer

Re: [Wireshark-dev] Migrating dissector to WS 1.12

...@wireshark.org] *On Behalf Of *Pascal Quantin *Sent:* Wednesday, May 20, 2015 7:04 PM *To:* Developer support list for Wireshark *Subject:* Re: [Wireshark-dev] Migrating dissector to WS 1.12 Hi Helge, 2015-05-20 18:46 GMT+02:00 Helge Kruse helge.kr...@gmx.net: Hi, I am migrating from WS 1.6

Re: [Wireshark-dev] [Wireshark-commits] master b5b3a6b: ISAKMP: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang

Hi Martin, 2015-06-06 16:59 GMT+02:00 Martin Mathieson martin.r.mathie...@googlemail.com: This is only a dead store if HAVE_LIBGCRYPT is not defined... Fixed in gbe701f6. Pascal. Martin On Sat, Jun 6, 2015 at 12:52 PM, Wireshark code review code-review-do-not-re...@wireshark.org

Re: [Wireshark-dev] hope to support NPcap by improving WinPcap's DLL searching logic

2015-06-05 19:24 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, I'm developing NPcap, an alternative to original WinPcap but with more features like NDIS 6 support and others. NPcap is supposed to support Nmap, Wireshark and so on just like WinPcap did and follow the same DLL interface with

Re: [Wireshark-dev] How to compile and execute the source code of wireshark?

Hi, 2015-06-18 16:17 GMT+02:00 JAI BHAGWAN YADAV saurav.yadav0...@gmail.com: Hello all, I am a beginner, Q- How to compile and execute the source code of wireshark so that (i) Whenever I will compile and execute it, it will also run wireshark (ii) I will use printf firstly so I

Re: [Wireshark-dev] [RFC-PATCH] IB: Create single conversation for Infiniband connections whenever possible

Hi Slava, Wireshark is not a project using an email based work flow for patch review and merge (contrary to some other projects). Instead should register to our Gerrit server https://code.wireshark.org/review and upload your patch as explained here:

Re: [Wireshark-dev] asn2wrs problem

Hi Jörg, 2015-06-25 14:21 GMT-07:00 Joerg Mayer jma...@loplof.de: Hello, after running make in the asn1 directory, I found the generated credssp dissector changed: index d418e17..03eea46 100644 --- a/epan/dissectors/packet-credssp.c +++ b/epan/dissectors/packet-credssp.c @@ -387,7

Re: [Wireshark-dev] asn2wrs problem

2015-06-25 14:24 GMT-07:00 Pascal Quantin pascal.quan...@gmail.com: Hi Jörg, 2015-06-25 14:21 GMT-07:00 Joerg Mayer jma...@loplof.de: Hello, after running make in the asn1 directory, I found the generated credssp dissector changed: index d418e17..03eea46 100644 --- a/epan/dissectors

Re: [Wireshark-dev] [RFC-PATCH] IB: Create single conversation for Infiniband connections whenever possible

patches. Thank you for reminding me about the Gerrit server – I ‘have used it before. *From:* wireshark-dev-boun...@wireshark.org [mailto: wireshark-dev-boun...@wireshark.org] *On Behalf Of *Pascal Quantin *Sent:* Thursday, June 25, 2015 16:41 *To:* Developer support list for Wireshark

Re: [Wireshark-dev] Problem with http2

2015-07-02 11:03 GMT+02:00 Luis Espla luises...@gmail.com: Hello, Until now, I have used wireshark 1.99.5 and it can recognise http2 traffic, but now I have updated to 1.99.7 and I need to actívate it with Analyze/Decode As option. Why do I need it?, what did it change? And I want to use

Re: [Wireshark-dev] Plan to make NPcap available for Wireshark

Le 4 juil. 2015 4:26 AM, Yang Luo hslu...@gmail.com a écrit : Hi list, Given that current Wireshark can't make use of NPcap because of the DLL search path problem mentioned in https://www.wireshark.org/lists/wireshark-dev/201506/msg00030.html, I'd like to make a patch for Wireshark. As it is a

Re: [Wireshark-dev] Problem with http2

Le 3 juil. 2015 10:29 AM, Luis Espla luises...@gmail.com a écrit : Capture file attached and I'll go to open a bug in bugzilla Thanks Luis, it confirms that this is a side effect of the change I was talking about. Pascal. On 2 July 2015 at 12:28, Pascal Quantin pascal.quan...@gmail.com

Re: [Wireshark-dev] hadoop dissector

Hi Dario, Le 3 juil. 2015 9:45 AM, Dario Lombardo dario.lombardo...@gmail.com a écrit : Maybe some developer like to develop in the wild... that could mean they can avoid some rules, push incomplete dissectors, or whatever else I can't figure out. Rules for dissectors are very strict. I don't

Re: [Wireshark-dev] Wireshark-dev: Re: using pinfo structure to save data after first iteration

Hi Koundinya, 2015-06-30 11:28 GMT+02:00 koundinya poluri koundi.pol...@gmail.com: Hi, Anders, I had a similar idea on how it should be done.I wanted to save some srtp related data once you processs the packets first time like creating a context which carries the ssrc and keys so that it

Re: [Wireshark-dev] [RFC-PATCH] IB: Create single conversation for Infiniband connections whenever possible

...@wireshark.org [mailto: wireshark-dev-boun...@wireshark.org] On Behalf Of Pascal Quantin Sent: Thursday, June 25, 2015 19:17 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] [RFC-PATCH] IB: Create single conversation for Infiniband connections whenever possible 2015-06-25 9

Re: [Wireshark-dev] MSVC 2015 (VC14) notes/issue

Le 12 août 2015 7:19 PM, Graham Bloice graham.blo...@trihedral.com a écrit : On 12 August 2015 at 17:57, Pascal Quantin pascal.quan...@gmail.com wrote: Hi, Le 12 août 2015 6:21 PM, Bill Meier wme...@newsguy.com a écrit : [Resend] I see that several people (Anders, ...) been building

Re: [Wireshark-dev] Npcap 0.04 call for test

Le 16 août 2015 3:39 PM, Pascal Quantin pascal.quan...@gmail.com a écrit : Hi Yang, 2015-08-16 14:18 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Pascal, I think this BSoD is caused by the Winsock Kernel init code in Npcap driver (NPF_WSKStartup call or NPF_WSKInitSockets call failed). I can't

Re: [Wireshark-dev] Question about changing Npcap loopback interface's MTU to 65536

Hi Yang, 2015-08-21 14:46 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, I have updated Npcap to 0.04-r4. This version modified Npcap Loopback Adapter's MTU to 65536, so the maximum packet size is 65550 (65536 + eth_hdr_size). But I found weird result in Wireshark's Interface Details

Re: [Wireshark-dev] Npcap 0.04 call for test

: NDIS doesn't provide an equivalent. And it seems that Npcap loopback adapter will continue to use the NdisMediumNull - DLT_NULL pair for now. Thanks for the link Yang, I was not aware of those defines. I also added them to the patch. Pascal. On Mon, Aug 24, 2015 at 7:00 PM, Pascal Quantin

Re: [Wireshark-dev] Windows file wildcard support

2015-08-20 14:38 GMT+02:00 Anders Broman anders.bro...@ericsson.com: Hi, I don't build with CMAKE currently so I can't test but it might still be a problem with setargv We get this warning on the buildboot: LINK : warning LNK4044: unrecognized option '/RELEASE;setargv.obj'; ignored

Re: [Wireshark-dev] Npcap 0.04 call for test

Le 18 août 2015 5:04 PM, Yang Luo hslu...@gmail.com a écrit : Hi Pascal, I have analyzed your log and it shows that WSK_CLIENT_DISPATCH::WskSocket function fails with STATUS_ACCESS_DENIED. The result turns out to be a bug: If you launch Wireshark with no Admin right, the WSK code fails to

Re: [Wireshark-dev] Npcap 0.04 call for test

2015-08-24 3:38 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, In latest 0.04 r6 version, I have used 0x02, 0x00, 0x00, 0x00 for an IPv4 packet and 0x18, 0x00, 0x00, 0x00 for an IPv6 packet (tell me if you have better value for IPv6). The driver can return NdisMediumNull now for loopback

Re: [Wireshark-dev] Npcap 0.04 call for test

2015-08-24 10:19 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com: 2015-08-24 3:38 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, In latest 0.04 r6 version, I have used 0x02, 0x00, 0x00, 0x00 for an IPv4 packet and 0x18, 0x00, 0x00, 0x00 for an IPv6 packet (tell me if you have better

Re: [Wireshark-dev] Npcap 0.04 call for test

2015-08-24 10:28 GMT+02:00 Guy Harris g...@alum.mit.edu: On Aug 24, 2015, at 1:19 AM, Pascal Quantin pascal.quan...@gmail.com wrote: any reason for not using NdisMediumLoopback that is defined since Vista according to https://msdn.microsoft.com/en-us/library/windows/hardware/ff565910%28v

Re: [Wireshark-dev] Npcap 0.04 call for test

2015-08-22 7:55 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, Npcap 0.04 r5 has added the DLT_NULL protocol support, you need to check the *Use DLT_NULL protocol as loopback packets' link layer instead of Ethernet II* option when installing (default is not checked). The problem is

Re: [Wireshark-dev] Npcap 0.04 call for test

Le 24 août 2015 12:19 PM, Yang Luo hslu...@gmail.com a écrit : Hi Pascal, On Mon, Aug 24, 2015 at 4:19 PM, Pascal Quantin pascal.quan...@gmail.com wrote: Hi Yang, any reason for not using NdisMediumLoopback that is defined since Vista according to https://msdn.microsoft.com/en-us/library

Re: [Wireshark-dev] Npcap 0.04 call for test

2015-08-24 12:30 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Pascal, On Mon, Aug 24, 2015 at 5:46 PM, Pascal Quantin pascal.quan...@gmail.com wrote: I personally think data returned by OID_GEN_MEDIA_IN_USE should be identical with the one returned by OID_GEN_MEDIA_SUPPORTED for our loopback

Re: [Wireshark-dev] Npcap 0.04 call for test

wording seems OK to me. Note that I updated the list of enum (so as to support loopback value) in https://code.wireshark.org/review/#/c/10225/ Cheers, Yang On Mon, Aug 24, 2015 at 4:29 PM, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-08-24 10:19 GMT+02:00 Pascal Quantin pascal.quan

Re: [Wireshark-dev] Npcap 0.04 call for test

2015-08-24 10:29 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com: 2015-08-24 10:19 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com: 2015-08-24 3:38 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, In latest 0.04 r6 version, I have used 0x02, 0x00, 0x00, 0x00 for an IPv4 packet

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-07-27 9:19 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, Thanks for your tests for the first two versions of Npcap, I have fixed several problems as following: 1) Npcap causes BSoD if you uninstall Npcap when Npcap is still in use for capturing packets. 2) Npcap can't start the

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-08-03 17:57 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Pascal, Thanks for testing. The output of your dump is pasted below. It seems that NdisFOidRequest call fails in Npcap's NPF_GetDeviceMTU routine. It is in the same position with the previous SYSTEM_SERVICE_EXCEPTION BSoD. So I think

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Yang 2015-08-03 9:33 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, I think have fixed the BAD_POOL_CALLER BSoD in Npcap 0.03 r3 version, it turns out to be a memory double-free bug in WFP classifyFn function used for loopback packet capturing. The lastest installer is:

Re: [Wireshark-dev] Npcap 0.03 call for test

` : ` ` ` ` : 0x7701e10a On Mon, Aug 3, 2015 at 6:35 PM, Pascal Quantin pascal.quan...@gmail.com wrote: Hi Yang 2015-08-03 9:33 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, I think have fixed the BAD_POOL_CALLER BSoD

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-08-06 15:21 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Pascal, This issue is because some parts of Npcap have been migrated to MSVC2010, however Win10 RTM lacks VC2010 redist package. I have changed to static link the libs, and tested on my Win10 RTM. Latest installer that has this bug

Re: [Wireshark-dev] Crash during fuzzing

Hi Dario, Le 10 août 2015 10:27 PM, Dario Lombardo dario.lombardo...@gmail.com a écrit : No crash still happening... $ ../tools/test-captures.sh -b run ../data/hpfeeds_all_packets_sample.pcap Testing file ../data/hpfeeds_all_packets_sample.pcap... - with tree... OK - without tree... OK

Re: [Wireshark-dev] removing mergecap -T option

PM, Pascal Quantin pascal.quan...@gmail.com wrote: Le 14 août 2015 6:18 PM, Hadriel Kaplan the.real.hadr...@gmail.com a écrit : Howdy, Due to some reported bugs and inconsistencies, I'm refactoring the capture file merging code in mergecap.c and file.c's cf_merge_files() - basically

Re: [Wireshark-dev] removing mergecap -T option

Le 14 août 2015 6:18 PM, Hadriel Kaplan the.real.hadr...@gmail.com a écrit : Howdy, Due to some reported bugs and inconsistencies, I'm refactoring the capture file merging code in mergecap.c and file.c's cf_merge_files() - basically gutting them and putting most of the logic into a common

Re: [Wireshark-dev] Npcap 0.04 call for test

Hi Yang, 2015-08-15 14:38 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, Thanks for your tests for the first 3 versions of Npcap, with your tests I am able to release Npcap 0.04 version as below: 1) Fixed the BAD_POOL_CALLER BSoD. 2) Updated Packet, NPFInstall, NPcapHelper projects to MSVC

Re: [Wireshark-dev] MSVC 2015 (VC14) notes/issue

Hi, Le 12 août 2015 6:21 PM, Bill Meier wme...@newsguy.com a écrit : [Resend] I see that several people (Anders, ...) been building with MSVC-2015 (VC14) and have fixed a number of issues. So: I decided to download VC14 and give it a try (using NMake). A few questions: Are you using

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-08-05 9:39 GMT+02:00 Yang Luo hslu...@gmail.com: Hello Jim, On Tue, Aug 4, 2015 at 12:23 PM, Jim Young jyo...@gsu.edu wrote: Hello Yang, While testing Npcap 0.03-r3 I stumbled into one reproducible issue but I also triggered a crash (which I am currently unable to reproduce). The

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

to test with a MBIM WWAN device (long due task on my side ;)). The interface is not listed unfortunately. Regards, Pascal. Cheers, Yang On Mon, Jul 20, 2015 at 11:14 PM, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-07-20 17:03 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

2015-07-22 18:25 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Pascal, On Wed, Jul 22, 2015 at 11:33 PM, Pascal Quantin pascal.quan...@gmail.com wrote: I just gave a try to this new installer: - still my rename issue of the loop back installer (as expected ;)). Is there some debug log / test

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

now. I will not be able to try capturing traffic before next Thursday unfortunately as I'm traveling. Regards, Pascal. On Thu, Jul 23, 2015 at 4:18 PM, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-07-22 21:39 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com: 2015-07-22 18:25

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

2015-07-24 19:56 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com: 2015-07-24 15:14 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Parscal, I think I have added the flpp4 and flpp6 to Npcap, but I don't know if this works, you could try latest installer: https://svn.nmap.org/nmap-exp/yang

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

Hi Yang, 2015-07-23 5:12 GMT+02:00 Yang Luo hslu...@gmail.com: On Thu, Jul 23, 2015 at 3:39 AM, Pascal Quantin pascal.quan...@gmail.com wrote: Indeed the command output is localized. Before installing Npcap, I have: État adminÉtat TypeNom de l'interface

Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector

/ disabled heuristic protocol given in the command line be ephemeral or persistent? I believe it should be the former, like the DL mapping value you can indicate manually in the command line and that does not get stored. Pascal. -Original Message- From: Pascal Quantin pascal.quan

Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector

Le 13 juil. 2015 3:03 AM, mman...@netscape.net a écrit : With: https://code.wireshark.org/review/9508/ https://code.wireshark.org/review/9610/ (and already submitted https://code.wireshark.org/review/9602/) I consider this feature complete enough for now. If Qt wants to provide a better

Re: [Wireshark-dev] Remote Desktop Default Filter Change For Windows

2015-07-09 17:30 GMT+02:00 Matthew matthew1...@matthew1471.co.uk: Hi Wireshark Devs, In newer versions of Windows® that support the Remote Desktop Protocol (RDP) version 8.0 or later, Remote Desktop now uses UDP (and falls back on TCP if unavailable). In ui_util.c on line 331 is:

Re: [Wireshark-dev] Npcap 0.01 call for test about Windows loopback traffic capture feature

2015-07-15 16:30 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com: Le 15 juil. 2015 5:14 AM, Yang Luo hslu...@gmail.com a écrit : Hi Pascal, I am not very familiar about dialup/PPP interfaces, perhaps you mean capturing on adapters like below? WAN Miniport (SSTP) WAN Miniport

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

Hi Yang, 2015-07-19 15:55 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Jim, Thanks for testing! On Sun, Jul 19, 2015 at 12:25 AM, Jim Young jyo...@gsu.edu wrote: Hello Yang, Two comments on all for 2nd test. 1 - Should the name of the newer package reflect that this is a different

Re: [Wireshark-dev] Windows CMake, multiple copies of libffi-6.dll

2015-07-18 14:59 GMT+02:00 Graham Bloice graham.blo...@trihedral.com: Windows CMake always copies libffi-6.dll into the runtime directory, because it's found in two places in the support libraries, gnutls and gtk2. The version from gnutls is copied first, then overwritten by the gtk2

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

2015-07-20 16:22 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Pascal, On Mon, Jul 20, 2015 at 8:36 PM, Pascal Quantin pascal.quan...@gmail.com wrote: Hi Yang, I gave another try to a second Win10 x64 French virtual machine and it was not renamed either. The 'ver' command typed in a console

Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

2015-07-20 17:03 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com: 2015-07-20 16:22 GMT+02:00 Yang Luo hslu...@gmail.com: Hi Pascal, On Mon, Jul 20, 2015 at 8:36 PM, Pascal Quantin pascal.quan...@gmail.com wrote: Hi Yang, I gave another try to a second Win10 x64 French virtual

Re: [Wireshark-dev] Windows driver signing certificate purchase decision for WinPcap and Npcap

Le 21 juil. 2015 11:38 AM, Graham Bloice graham.blo...@trihedral.com a écrit : On 21 July 2015 at 07:06, Pascal Quantin pascal.quan...@gmail.com wrote: Le 21 juil. 2015 4:15 AM, Yang Luo hslu...@gmail.com a écrit : Hi list, There's only 8 days left for Win10 RTM. It seems that both

Re: [Wireshark-dev] Npcap 0.01 call for test about Windows loopback traffic capture feature

whether I can reproduce the issue reported by Tyson. Pascal. Cheers, Yang On Wed, Jul 15, 2015 at 3:16 AM, Pascal Quantin pascal.quan...@gmail.com wrote: 2015-07-11 11:15 GMT+02:00 Yang Luo hslu...@gmail.com: Hi list, In order not to diverge with WinPcap interfaces, I have made

Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000

2015-10-23 21:01 GMT+02:00 Oleksii Shevchuk <public.ava...@gmail.com>: > Pascal Quantin <pascal.quan...@gmail.com> writes: > > I tried wireshark in Debian Jessie (1.12) and on gentoo (1.12.8). > > Screenshot is here - https://alxchk.me/scr.png > Dump is here - ht

Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000

2015-10-23 16:50 GMT+02:00 [AvataR] : > Hi list. > > I wrote trivial dissector (in lua, if it's matters) for MTP protocol > for own use. Now I have a problem - how to apply it just for these > packets. > > I reviewed sources and found out, that there is usb.protocol >

Re: [Wireshark-dev] GTP session plugin

t; > *From:* wireshark-dev-boun...@wireshark.org [mailto: > wireshark-dev-boun...@wireshark.org] *On Behalf Of *Pascal Quantin > *Sent:* Monday 2 November 2015 17:11 > > *To:* Developer support list for Wireshark > *Subject:* Re: [Wireshark-dev] GTP session plugin > > > >

Re: [Wireshark-dev] When is the preference variable updated?

2015-11-12 15:07 GMT+01:00 Paul Offord : > Hi, > > > > Frankly I feel a bit stupid asking this but I've been trying to figure it > out for about 6 hours and I think I need help. I have a dissector which I > register like this: > > > > static int tmsvc_port = 0; > > > >

<    1   2   3   4   5   6   7   8   9   >