Those RPMs are already patched. What the patches allow are: support for mesh link layer messages (RREQ,PREQ, RREPLY, etc.) and decoding our new non-standard mesh multicast packets.
That version doesn't dig into the telepathy packets. I have a patch from collabora that should do that, but haven't applied and tested it yet. I'll get it out ASAP (the patch is attached). IPv6 is turned off on recent school server builds. It breaks installations with more than a single school server --- see the trac ticket for details (sorry no number, I'm offline). mDNS is shown fine by the patched version, but should be turned off in a school server environment. In order to see all frames (and not just those containing IP packets), you have to bring up a special interface on the mesh driver (bringing down the regular one.) On servers with one wired ethernet interface, type: ifconfig eth1 down ifconfig msh0 down On servers with two wired ethernet interfaces, type: ifconfig eth2 down ifconfig msh0 down Then, on all types of servers, type: echo 7 > /sys/class/net/eth2/lbs_rtap ifconfig rtap0 up Now point wireshark at rtap0 instead of msh0 to see more packets. The number echoed into lbs_rtap is a bit field indicating which frame types you want to see. I believe this is documented at http://wiki.laptop.org/go/Wireless Cheers, wad On Mar 2, 2008, at 8:30 AM, Bryan Berry wrote: > I have installed Wad's patched version Wireshark on my School > Server and > captured a whole ton of packets on msh0. > > I have assumed that the wireshark-0.99.7.mesh.i386.rpm and > wireshark-gnome-0.99.7.mesh.i386.rpm are already patched and I don't > have to apply the .patch file. Please correct me if I am wrong. > > When I looked at the captured packets in Wireshark the Info column > reads > [Malformed Packet] . I was hoping to see something much more > informative > about the mesh protocols, IPv6, mdns, and other cool stuff I don't > quite > understand. > > Is there something wrong w/ my install of Wireshark or does this > version > not yet display the juicy bits? > > >> On Mon, Feb 25, 2008 at 4:37 AM, John Watlington <wad at laptop.org> > wrote: >>> >>> A version of wireshark which is patched to monitor the new mesh >>> protocol is available at: >>> >>> (older, F7 version) >>> http://dev.laptop.org/~wad/wireshark-0.99.5.mesh.patch >>> http://dev.laptop.org/~wad/wireshark-0.99.5-1.i386.rpm >>> >> http://dev.laptop.org/~wad/wireshark-gnome-0.99.5-1.i386.rpm >>> >>> (current, F8 version) >>> http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.patch >>> http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.i386.rpm >>> >> http://dev.laptop.org/~wad/wireshark-gnome-0.99.7.mesh.i386.rpm >>> >>> I'm still not seeing RREQ traffic, but I haven't played >>> around with the new version much. >>> >>> Enjoy, >>> wad > > _______________________________________________ > Devel mailing list > [email protected] > http://lists.laptop.org/listinfo/devel _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
