Re: [Wireshark-dev] Programming against WireShark pcap processing engine
Hi Per, It you can see SMIL decoded in Wireshark or JPEG data, then there should be a corresponding element in PDML as well. You will also need to use the Decode As option in tshark in case the MMSC is using a non-standard port. Regards, Abhik On Fri, Mar 11, 2011 at 5:08 PM, Per Steffensen st...@designware.dk wrote: Hi Thanks for you anwser, Abhik. I will consider your suggestion about exporting to PDML. Didnt even know that there where such a thing. As I understand you, tshark is able to do this for me and include e.g. full SMIL and images. As I understood another answer to my question, tshark is not able to extract content (like SMIL and images). Does anyone know which one it is - is tshark able to extract content for me or not? If it is then I might be able to live with using tshark, even though is sounds more correct to me to integrate via API with the engine instead of integrate by calling command-line stuff. Regards, Per Steffensen BTW: Does anyone know how to easily reply to posts from the digest mails I get from the mailing list. I do something stupid like constructing a new mail with the same subject (prefixed with Re:) and doing the quoting manually. But I not sure that it even ends up in the right thread that way, and I am sure that it is not able to figure out exactly which prior post I am anwsering and therefore where to put my new post in the thread-tree quote - How about exporting the captures to PDML format and then parsing the output XML in Java? I know it is CPU intensive and the PDML files could become quite large, but each layer (SMIL/images etc) would appear as separate entities and by doing some searching you might be able to extract what you want. You could first use Wireshark to export to PDML file just to see the format and understand if it is worth it. Then you can call tshark later to do the conversion for you automatically. HTH, Abhik ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Programming against WireShark pcap processing engine
How about exporting the captures to PDML format and then parsing the output XML in Java? I know it is CPU intensive and the PDML files could become quite large, but each layer (SMIL/images etc) would appear as separate entities and by doing some searching you might be able to extract what you want. You could first use Wireshark to export to PDML file just to see the format and understand if it is worth it. Then you can call tshark later to do the conversion for you automatically. HTH, Abhik On Tue, Mar 8, 2011 at 7:02 PM, Per Steffensen st...@designware.dk wrote: No one? Really? The important part is not that I have to use java. Any input on how to program against the WireShark pcap processing engine is very welcome, no matter the language. I will make the java wrapper myself. Regards, Steff ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Generation of display filter based on a field in the pcap
Hi Rohit, I think what you are looking for is MATE (http://wiki.wireshark.org/Mate). HTH Abhik On Sat, Jun 5, 2010 at 8:55 PM, Rohit Mediratta rohit_m...@hotmail.comwrote: The relation between packets is as follows. 1. Packet A is a request to setup a session. This packet has a unique request tunnel Identifier and a requestIndex. 2. Packet B is a reply, this packet is tunneled with the request tunnel Identifier and contains a reply tunnel Identifier 3. Packet C is subsequent request packet which is tunneled with reply tunnel Identifier 4. Packet D is a subsequent reply packet which is tunneled with request tunnel Identifier. NOTE: tunnel Identifier are unique in a single direction only, so there is no algorithmic correlation between the request tunnel Identifier and reply tunnel Identifier. I am looking to generate a view for all packets which are related to the requestIndex. I am open to the idea of editing the dissectors to achieve this. Any ideas/pointers would be very useful. thanks, Rohit Date: Sat, 5 Jun 2010 12:25:55 +0200 From: jaap.keu...@xs4all.nl To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] Generation of display filter based on a field in the pcap On 06/05/2010 11:37 AM, Rohit Mediratta wrote: Hi, I am trying to generate a display filter which is based on the the value of a TLV within the pcap. Let me provide an example of a display filter I am trying to generate in the pcap that I have. 1. Packet A has a TLV with value1 and another TLV with value2. 2. Packet B has a TLV with value2 and a TLV with value3. 3. Packet C has a TLV with value3. 4. Packet D has a TLV with value2. I'd like my display filter to be special_display_filter == value1 When I apply this filter, I'd like all 4 packets to be displayed. This is, ofcourse, my view of how I can achieve this. If there is another methodology to achieve my aim of displaying all packets related to Packet A, then please enlighten me. My final goal is to update the flow_graph to view all 4 packets, when I select packet flow for any packets related to Packet A. If someone can provide any pointers/hints that would be useful. thanks in advance, Rohit Hi, What's the relation between packet A, B, C and D? How do you identify this relation from the packets? Your display filter now will only match packet A. Thanks, Jaap ___ Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
Thanks Guy/Gerald. Works for me now too. Regards, Abhik On Wed, May 12, 2010 at 1:43 AM, Guy Harris g...@alum.mit.edu wrote: On May 11, 2010, at 2:09 PM, Gerald Combs wrote: Can you try r32763? Seemed to work in my test. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
I get the same error with dumpcap as well. I went back to 32687 (there seem to be some major changes to dumpcap in 32688) and dumpcap works, but tshark gives the original error I reported: E:\wireshark-src\wireshark-gtk2dumpcap -i 2 File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288 Packets: 31 Packets dropped: 0 E:\wireshark-src\wireshark-gtk2tshark -i 2 Capturing on Intel(R) 82567LM Gigabit Network Connection ** ERROR:column-utils.c:879:???: code should not be reached E:\wireshark-src\wireshark-gtk2 Then, I went back to 32682 (there are changes in 32683 to column-utils) and now it works at least. So, I am staying here for now! On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar sarkar.ab...@gmail.comwrote: Hi Joan, I am getting that error on both tshark and Wireshark with my build (32727) on Windows (32 bit). I tried doing a distclean; verify_tools; setup and build. It compiles without error, but refuses to capture. Looks like I chose a bad time to code a few changes ;-) I haven't got around to investigating the issue in detail (yet)... I hope someone beats me to it. Regards, Abhik On Sun, May 9, 2010 at 10:34 PM, j.snelders j.sneld...@telfort.nl wrote: Hi all, SVN 32686 I get the same error (column-utils.c:879:???) running TShark on: 64-bit Windows 7, build 7600 64-bit Windows Server 2008 R2, build 7600 SVN 32692 and higher (the latest version I tried is SVN-32727): Unable to capture with Wireshark and TShark, because The capture session could not be initiated () on: 64-bit Windows 7, build 7600 64-bit Windows Server 2008 R2, build 7600 Windows XP Service Pack 3, build 2600 $ tshark -D 1. \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} (Intel(R) PRO/1000 MT Network Connection) $ tshark -i 1 Capturing on Intel(R) PRO/1000 MT Network Connection tshark: The capture session could not be initiated (). Please check that \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} is the proper interface. Help can be found at: http://wiki.wireshark.org/WinPcap http://wiki.wireshark.org/CaptureSetup 0 packets captured Any ideas? Thanks Joan On Thu, 6 May 2010 10:37:13 -0400 Chris Maynard wrote: Yes, I?m seeing the same thing on Windows with the same SVN version, 32686. From: wireshark-dev-boun...@x [mailto: wireshark-dev-boun...@x] On Behalf Of Abhik Sarkar Sent: Thursday, May 06, 2010 10:00 AM To: Developer support list for Wireshark Subject: [Wireshark-dev] tshark (Windows) not working Hi All, I can't get tshark to work anymore. I get this error: E:\wireshark-src\wireshark-gtk2tshark -i 2 Capturing on Intel(R) 82567LM Gigabit Network Connection ** ERROR:column-utils.c:879:???: code should not be reached E:\wireshark-src\wireshark-gtk2 It seems to be related to the changes related to the timestamps which Stig has been working on. Is anyone else facing issues? I am on revision 32686. Thanks, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
It's still the same, Gerald :( E:\wireshark-srcgrep 32697 * tshark.c: * $Id: tshark.c 32697 2010-05-06 23:51:37Z gerald $ E:\wireshark-srcdumpcap -i 6 The capture session could not be initiated (). Please check that \Device\NPF_{96896B6D-2F50-4415-B46F-6A59A1382DB1} is the pr oper interface. Help can be found at: http://wiki.wireshark.org/WinPcap http://wiki.wireshark.org/CaptureSetup E:\wireshark-src On Mon, May 10, 2010 at 11:17 PM, Gerald Combs ger...@wireshark.org wrote: Can you try r32697? Abhik Sarkar wrote: I get the same error with dumpcap as well. I went back to 32687 (there seem to be some major changes to dumpcap in 32688) and dumpcap works, but tshark gives the original error I reported: E:\wireshark-src\wireshark-gtk2dumpcap -i 2 File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288 Packets: 31 Packets dropped: 0 E:\wireshark-src\wireshark-gtk2tshark -i 2 Capturing on Intel(R) 82567LM Gigabit Network Connection ** ERROR:column-utils.c:879:???: code should not be reached E:\wireshark-src\wireshark-gtk2 Then, I went back to 32682 (there are changes in 32683 to column-utils) and now it works at least. So, I am staying here for now! On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar sarkar.ab...@gmail.com mailto:sarkar.ab...@gmail.com wrote: Hi Joan, I am getting that error on both tshark and Wireshark with my build (32727) on Windows (32 bit). I tried doing a distclean; verify_tools; setup and build. It compiles without error, but refuses to capture. Looks like I chose a bad time to code a few changes ;-) I haven't got around to investigating the issue in detail (yet)... I hope someone beats me to it. Regards, Abhik On Sun, May 9, 2010 at 10:34 PM, j.snelders j.sneld...@telfort.nl mailto:j.sneld...@telfort.nl wrote: Hi all, SVN 32686 I get the same error (column-utils.c:879:???) running TShark on: 64-bit Windows 7, build 7600 64-bit Windows Server 2008 R2, build 7600 SVN 32692 and higher (the latest version I tried is SVN-32727): Unable to capture with Wireshark and TShark, because The capture session could not be initiated () on: 64-bit Windows 7, build 7600 64-bit Windows Server 2008 R2, build 7600 Windows XP Service Pack 3, build 2600 $ tshark -D 1. \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} (Intel(R) PRO/1000 MT Network Connection) $ tshark -i 1 Capturing on Intel(R) PRO/1000 MT Network Connection tshark: The capture session could not be initiated (). Please check that \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} is the proper interface. Help can be found at: http://wiki.wireshark.org/WinPcap http://wiki.wireshark.org/CaptureSetup 0 packets captured Any ideas? Thanks Joan On Thu, 6 May 2010 10:37:13 -0400 Chris Maynard wrote: Yes, I?m seeing the same thing on Windows with the same SVN version, 32686. From: wireshark-dev-boun...@x [mailto:wireshark-dev-boun...@x mailto:wireshark-dev-boun...@x] On Behalf Of Abhik Sarkar Sent: Thursday, May 06, 2010 10:00 AM To: Developer support list for Wireshark Subject: [Wireshark-dev] tshark (Windows) not working Hi All, I can't get tshark to work anymore. I get this error: E:\wireshark-src\wireshark-gtk2tshark -i 2 Capturing on Intel(R) 82567LM Gigabit Network Connection ** ERROR:column-utils.c:879:???: code should not be reached E:\wireshark-src\wireshark-gtk2 It seems to be related to the changes related to the timestamps which Stig has been working on. Is anyone else facing issues? I am on revision 32686. Thanks, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev
Re: [Wireshark-dev] tshark (Windows) not working
PS: Interestingly, when I open the Interface List dialog in Wireshark, it shows live values in Packet and Packet/s columns for the interface. However, when I Start the capture on the same interface, then it gives the error below. On Tue, May 11, 2010 at 7:44 AM, Abhik Sarkar sarkar.ab...@gmail.comwrote: It's still the same, Gerald :( E:\wireshark-srcgrep 32697 * tshark.c: * $Id: tshark.c 32697 2010-05-06 23:51:37Z gerald $ E:\wireshark-srcdumpcap -i 6 The capture session could not be initiated (). Please check that \Device\NPF_{96896B6D-2F50-4415-B46F-6A59A1382DB1} is the pr oper interface. Help can be found at: http://wiki.wireshark.org/WinPcap http://wiki.wireshark.org/CaptureSetup E:\wireshark-src On Mon, May 10, 2010 at 11:17 PM, Gerald Combs ger...@wireshark.orgwrote: Can you try r32697? Abhik Sarkar wrote: I get the same error with dumpcap as well. I went back to 32687 (there seem to be some major changes to dumpcap in 32688) and dumpcap works, but tshark gives the original error I reported: E:\wireshark-src\wireshark-gtk2dumpcap -i 2 File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288 Packets: 31 Packets dropped: 0 E:\wireshark-src\wireshark-gtk2tshark -i 2 Capturing on Intel(R) 82567LM Gigabit Network Connection ** ERROR:column-utils.c:879:???: code should not be reached E:\wireshark-src\wireshark-gtk2 Then, I went back to 32682 (there are changes in 32683 to column-utils) and now it works at least. So, I am staying here for now! On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar sarkar.ab...@gmail.com mailto:sarkar.ab...@gmail.com wrote: Hi Joan, I am getting that error on both tshark and Wireshark with my build (32727) on Windows (32 bit). I tried doing a distclean; verify_tools; setup and build. It compiles without error, but refuses to capture. Looks like I chose a bad time to code a few changes ;-) I haven't got around to investigating the issue in detail (yet)... I hope someone beats me to it. Regards, Abhik ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] tshark (Windows) not working
Hi All, I can't get tshark to work anymore. I get this error: E:\wireshark-src\wireshark-gtk2tshark -i 2 Capturing on Intel(R) 82567LM Gigabit Network Connection ** ERROR:column-utils.c:879:???: code should not be reached E:\wireshark-src\wireshark-gtk2 It seems to be related to the changes related to the timestamps which Stig has been working on. Is anyone else facing issues? I am on revision 32686. Thanks, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] need to read pcaps to develop a display system for the packets
Why not write a dissector for your proprietary protocol and distribute it only within your company only (if that's what you are about)? That would allow you to: - Work with the familiar interface of Wireshark and use all the facilities available - Use tshark to export the fields of your protocol into something like PDML and use that XML for input into another application. Hope that helps Abhik. On Mon, Feb 22, 2010 at 5:29 PM, prashanth joshi prashanthsjoshi2...@yahoo.com wrote: Yeah. looks pretty like that for now. The basic requirement would be like having a utility, to which pcaps can be input and the out put should be our proprietary fields of the packet displayed in a graphical format(maybe using c or pyhton itself.) But I have no clue as of now about how to proceed further. Any suggestions and pointers to acvance me further would be greatly appreciated. Regards, Prashanth --- On *Mon, 2/22/10, Jakub Zawadzki darkja...@darkjames.ath.cx* wrote: From: Jakub Zawadzki darkja...@darkjames.ath.cx Subject: Re: [Wireshark-dev] need to read pcaps to develop a display system for the packets To: Developer support list for Wireshark wireshark-dev@wireshark.org Date: Monday, February 22, 2010, 6:01 AM Hello, On Mon, Feb 22, 2010 at 05:21:29PM +0530, prashanth s wrote: I need to develop an application that reads a pcap as input and then diplays the packet contents in a style that should make it easy for the reader to understand - perhaps in the way wireshark does it. I have just come to know that libcap library is used by the applications to capture packets and then to display them. So maybe you could write new frontend for wireshark? IMHO it would be great if wireshark would have ncurses frontend :) Cheers. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.orghttp://us.mc544.mail.yahoo.com/mc/compose?to=wireshark-...@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.orghttp://us.mc544.mail.yahoo.com/mc/compose?to=wireshark-dev-requ...@wireshark.org ?subject=unsubscribe __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Fwd: wireshark file not showing all packets but showing only the first frame..
I might be making a silly assumption here, but you said you made the captures using tcpdump. To me that indicates that the file was not created on the Windows XP machine. Is there any chance that you transferred the file from a Unix/Linux box to the XP machine in ASCII mode? That could cause the file to get corrupt. On Sat, Feb 20, 2010 at 1:14 AM, prashanth s prbangl...@gmail.com wrote: Hi Guy Harris, Thanks for the response. When I click on the file at the bottom, it gives a window of the form : Wireshark : 2 expert infos. Mine is a windows xp machine. It is the same machine on which the pcaps showed all the info on opening them (two days ago). I need to try running Tshark still. The same pcaps however are opening on other machines(collegue's machine) and displaying all the info correctly. I havn't done any software update in the last two days. I used today a cd (Nokia 5800 XpressMusic cd) that comes with Nokia phone, but there was no updation or installation done.(I have checked the installed softwares). 5-6 hours back my saystem hanged and I had to forcibly shutdown the pc and this forcibly closed all the pcaps as well. Regards, Prashanth On Sat, Feb 20, 2010 at 2:17 AM, Guy Harris g...@alum.mit.edu wrote: On Feb 19, 2010, at 12:30 PM, prashanth s wrote: It shows in the pcap at the bottom: Packets: 3481 Displayed: 3481 Marked : 0 But actually only the first frame is displayed. If this is on a UN*X (Linux, *BSD, Solaris, Mac OS X, etc.), what does the file command say when you run it on the pcap file? What happens if you run TShark on it? Does it print all the packets? Is the machine on which it was working OK the same machine as the machine where it isn't working? If so, did you change anything (for example, updating any software, including libraries), in the past couple of days? ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] SMPP wireshark support
Hello Bob, SMPP is supported. Please see http://wiki.wireshark.org/SMPP. The source code of the dissector is in epan/dissectors/packet-smpp.[ch] If it is applications you want to write, you might consider using one of the many open source APIs available. I know of at least 3 available for Java and also for Python. Regards, Abhik On Wed, Jan 6, 2010 at 9:50 PM, bmoyn...@vodafone.ie bmoyn...@vodafone.iewrote: Hello, I'm interested to find out about SMPP handling within wireshark. expecially the reception of SMPP operations over TCP. Can someone point me towards the handling code? Basically I have an application and I want it to bind and submit SMPP messages The messages I want to send and test include o single submit operations o submits with SAR o submits with large payload o submits with udh I would like to write a test application for receive and process the SMPP operations. I'm thinking that wireshark smpp must be able to handle these type of operations and the re-assembly of SMMP payload within TCP transport. Does it handle the re-assembly of the TCP payload whereby multiple tcp socket reads may be required to get the appropriate stream of bytes required. Could someone point me towards the architecture of wireshark and the handling code. All feedback appreciated. Thank you. Bob I'm using Vodafone Mail - to get your free mobile email account go to http://www.vodafone.ie Use of Vodafone Mail is subject to Terms and Conditions http://www.vodafone.ie/terms/website ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] WireShark using parallel computing techniques
Hi, I was not, and I think this is still the case. Please check http://wiki.wireshark.org/Development/multithreading and mailing list archives for past discussions on this matter. Regards, Abhik. On Wed, Oct 21, 2009 at 9:48 PM, Chaitanya P.S.S chaitanya...@gmail.comwrote: Hi, I am student of DAIICT at India pursuing BTech in Information and Communication Technology. I am doing my BTech Project on Parallel Computing. I would like to know whether Wireshark can be implemented using parallel progamming techniques so that it can run on multi-core architectures. Is it having enough computer intensive work to do so. Waiting for your reply. Thanking You Yours sincerely P.S.S.Chaitanya - +91-9714766413 D104, HOR-Men DAIICT Near Indroda Circle Gandhinagar-382007 Gujarat India ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] WireShark using parallel computing techniques
Sorry: The mail should have read It was not On Thu, Oct 22, 2009 at 4:12 PM, Abhik Sarkar sarkar.ab...@gmail.comwrote: Hi, I was not, and I think this is still the case. Please check http://wiki.wireshark.org/Development/multithreading and mailing list archives for past discussions on this matter. Regards, Abhik. On Wed, Oct 21, 2009 at 9:48 PM, Chaitanya P.S.S chaitanya...@gmail.comwrote: Hi, I am student of DAIICT at India pursuing BTech in Information and Communication Technology. I am doing my BTech Project on Parallel Computing. I would like to know whether Wireshark can be implemented using parallel progamming techniques so that it can run on multi-core architectures. Is it having enough computer intensive work to do so. Waiting for your reply. Thanking You Yours sincerely P.S.S.Chaitanya - +91-9714766413 D104, HOR-Men DAIICT Near Indroda Circle Gandhinagar-382007 Gujarat India ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] SampleCaptures page truncation?
Hi Jeff, You are right... there are several things missing. I haven't checked the page in a while so I wouldn't know when it happened. Abhik On Sat, Oct 3, 2009 at 6:05 AM, Jeff Morriss jeff.morriss...@gmail.comwrote: Hi folks, Is it just me or is the SampleCaptures page (severely) truncated? It cuts off just after the LDAP captures but I'm pretty sure there used to be a LOT more there--going all the way down to the discussion section. I tried poking around through the history but it didn't seem to go back far enough to find whenever it got truncated. -J ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Improved interactive statistics?
Hi, For the round trip time, you might want to look at gtk/service_response_time_table.h. There are several dissectors using this API. For the rest, I am unable to make any suggestions immediately. Regards, Abhik. On Fri, Sep 25, 2009 at 12:09 AM, Nicolas Gendron nicolas.gend...@cybectec.com wrote: I want to gather some stats on an homemade protocol. I played with stats_tree_register, stats_tree_create_node, etc. It works great ... for counting packets. Now, I would want to calculate some round trip time (like a tcp ping) based on some information a user enters. I can't see how I can do the following with the stats interface : - Allow the user to provide information for stats gathering (e.g. two strings) - Allow the user to reset stats - Display some non counting stats (e.g. ms for the round trip time) Maybe the stats_tree_ is not the way to go. Can anybody help me? Thanks, Nic ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Play media streams in real time
Hi Miguel, Sounds like I good idea. I was wishing a few days back that this functionality was present. I am sure others will have comments, but I have a couple: - WS is distributed under GPL, and Gstreamer seems to be LGPL. I am not a 100% sure, but as far as I know, the two aren't compatible. - I would recommend you build the player as a plug-in (if you aren't already doing so). Regards, Abhik. On Sun, Aug 9, 2009 at 2:48 PM, Miguel Angel Cabrera Moya madmac2...@gmail.com wrote: Hi, right now i have a lot of spare time and i have thought to implement a new functionality that i think will be useful. It will be the possibility to play the media from a RTP stream (in the future also RTMP stream or any audio/video) in real time, and also not only the audio codecs right now supported, but any codec included video ones. For this i will use GStreamer because i think is the best technology for this purpose and in this circumstances. My goals in order are: - Substitute current functionality with GStreamer (RTP, only audio). - Add support for real time playing (RTP, only audio). - Add support for playing video in a RTP stream. - Continue to add support to other protocols that transport media. I don't ensure that i will implement all this or any part, just until i get a new job or get tired. Thanks ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Subversion Repository Layout, or, How to Confuse People
Hi Bryant, Specifically regarding this point... Thanks for clarification on releases. I was confused because of the jump between 1.0.8 and 1.2.0, with a (yet unreleased) 1.1.x. In case you haven't already read these two pages, you might get some useful information on how the releases are numbered and released http://wiki.wireshark.org/Development/ReleaseNumbers http://wiki.wireshark.org/Development/ReleasePolicy HTH Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Enhancement to Flow graph in Wireshark
Hi Govind, On Tue, Jun 9, 2009 at 10:25 AM, BANDARU, Govindarao (Govindarao) govinda...@alcatel-lucent.com wrote: But the issue is with when each NE(Network Element) has different IP addresses for the interface. For example, one NE (XX) will have different IP addresses for different interfaces. So in the Wireshark, in the hosts file, even if we define same host name (NE, XX) to different IP address it will not plot a flow showing one entity(NE,XX). It will generate a flow showing different entity (XX). Can you please suggest me how to implement this enhancement where we can see correct flow graph for this? How much time it will take to implement this in Wireshark? Why don't you suffix the hostname with the purpose of the different interfaces? For example, instead of just hostname NE for all the IPs, put the hostnames as NE-oam, NE-sig1, NE-sig2 etc. Would that not meet the requirements? Regards, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Compilation errors while building the Wireshark sources
Did you try nmake -f makefile.nmake distclean nmake -f makefile.nmake all This has often worked for me in similar situations. On Thu, Apr 30, 2009 at 3:08 PM, Anonymous Anonymous a.master.blas...@gmail.com wrote: No luck so far. I've re-downloaded the sources using TortoiseSVN and compilation again fails in the exact same place. Any suggestions? On Wed, Apr 29, 2009 at 9:14 AM, Jaap Keuter jaap.keu...@xs4all.nlwrote: Hi, Well, he's building the 1.1.4 development version, so 2008 should be fine. It seems that you've a botched tarball or working copy, since little has changed in this area for a long time. Try downloading a new tarball or revert changes in the working copy and start from the current head of development. Thanx, Jaap Rohan Solanki wrote: hi, I think you should try building wireshark with visual studio 2005. Also Make appropriate changes in the config.nmake file. I also had problems with visual studio 2008. I have successfully build and running wireshark 1.0.5 with visual studio 2005. Rohan. On Tue, Apr 28, 2009 at 7:19 PM, Anonymous Anonymous a.master.blas...@gmail.com mailto:a.master.blas...@gmail.com wrote: Hi everyone, I'm new to the Wireshark development process and I'm having some building issues I hope you will be able to solve. Ok, so here it comes. I've followed the developers manual step-by-step and everything worked out fine until I had to issue the command name Makefile.namke all. For some unknown reason this command seems to fail over and over again. The relevant output lines I managed to extract from the console are as follows: /*dissectors.lib(packet-ncp-sss.obj) : error LNK2001: unresolved external symbol _ ett_nds libwireshark.dll : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 9.0\VC\BIN \link.EXE' : return code '0x460' Stop. NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 9.0\VC\BIN \nmake.exe' : return code '0x2' Stop. */The same output also appears when I'm trying to build the .sln file provided is the sources using VC++ 2008 Express Edition. Can someone point out what the problem is? Thanks in advance. Any help will be deeply appreciated. My building environment specs: OS - Microsoft Windows XP SP3 IDE - Microsoft Visual C++ 2008 Express Edition SVN - TortoiseSVN Wireshark version - 1.1.4.0 (version info was taken from the config.nmake file) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Compilation errors while building the Wireshark sources
Hi Rohan, The distclean target cleans up any files made for a distribution... this removes any generated stuff and keeps the sources untouched. You can't compile a single file if you are changing the in-built dissectors because all of the functionality is part of one big shared library and that library needs to be relinked. I would like to point out however that the build system compiles only changed sources (and a few other files) and only re-links them... so, I normally find that if I change only a particular dissector the re-build takes a only about a minute, but after a distclean it takes a good 5-10 minutes (on my system). Regards, Abhik. On Thu, Apr 30, 2009 at 3:32 PM, Rohan Solanki solanki.ro...@gmail.comwrote: Hi Abhik, What does distclean does? I want to know will my changes remain when i do distclean? And also how do i compile a single file instead of building the whole project? Thanks in advance Rohan On Thu, Apr 30, 2009 at 4:28 AM, Abhik Sarkar sarkar.ab...@gmail.comwrote: Did you try nmake -f makefile.nmake distclean nmake -f makefile.nmake all This has often worked for me in similar situations. On Thu, Apr 30, 2009 at 3:08 PM, Anonymous Anonymous a.master.blas...@gmail.com wrote: No luck so far. I've re-downloaded the sources using TortoiseSVN and compilation again fails in the exact same place. Any suggestions? On Wed, Apr 29, 2009 at 9:14 AM, Jaap Keuter jaap.keu...@xs4all.nlwrote: Hi, Well, he's building the 1.1.4 development version, so 2008 should be fine. It seems that you've a botched tarball or working copy, since little has changed in this area for a long time. Try downloading a new tarball or revert changes in the working copy and start from the current head of development. Thanx, Jaap Rohan Solanki wrote: hi, I think you should try building wireshark with visual studio 2005. Also Make appropriate changes in the config.nmake file. I also had problems with visual studio 2008. I have successfully build and running wireshark 1.0.5 with visual studio 2005. Rohan. On Tue, Apr 28, 2009 at 7:19 PM, Anonymous Anonymous a.master.blas...@gmail.com mailto:a.master.blas...@gmail.com wrote: Hi everyone, I'm new to the Wireshark development process and I'm having some building issues I hope you will be able to solve. Ok, so here it comes. I've followed the developers manual step-by-step and everything worked out fine until I had to issue the command name Makefile.namke all. For some unknown reason this command seems to fail over and over again. The relevant output lines I managed to extract from the console are as follows: /*dissectors.lib(packet-ncp-sss.obj) : error LNK2001: unresolved external symbol _ ett_nds libwireshark.dll : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 9.0\VC\BIN \link.EXE' : return code '0x460' Stop. NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 9.0\VC\BIN \nmake.exe' : return code '0x2' Stop. */The same output also appears when I'm trying to build the .sln file provided is the sources using VC++ 2008 Express Edition. Can someone point out what the problem is? Thanks in advance. Any help will be deeply appreciated. My building environment specs: OS - Microsoft Windows XP SP3 IDE - Microsoft Visual C++ 2008 Express Edition SVN - TortoiseSVN Wireshark version - 1.1.4.0 (version info was taken from the config.nmake file) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman
Re: [Wireshark-dev] Packet Information
Hi Rohan, To and From fields of what? Mails? If yes, then you will probably want to check out the field imf.to and imf.from... That is in the dissector of the Internet Message Format dissector. HTH Abhik On Sat, Apr 25, 2009 at 11:36 AM, Rohan Solanki solanki.ro...@gmail.comwrote: Hi all, I am new to this community I have successfully build and run wireshark(in windows).. I want the information of To and From field, from which file can i get this information? Thanks in advance.. Rohan ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector from metafile?
Or outside of the official Wireshark development, WSGD ( http://wsgd.free.fr/) attempts to do what you are describing. On Fri, Apr 17, 2009 at 3:58 PM, Jaap Keuter jaap.keu...@xs4all.nl wrote: Hi, You may want to look at Lua for that. Thanx, Jaap Sent from my iPhone On 17 apr 2009, at 12:52, Tamas Somogyi tsomo...@ndcinfrared.co.uk wrote: Hi, I'm new in Wireshark development; I've just coded my first dissector for one of our company-specific protocols, and I'm going to write the next. However my impression is, that simple protocols might be described pretty well by structured texts/files (e.g. XML files), because most of my code is just about formatting the data (texts, values, etc.) and defining the tree structure. Defining protocol dissectors in text metafiles for Wireshark would have many advantages: no need for installing the whole development environment for adding just a simple protocol, moreover it would be no software development work any more to add protocol to Wireshark. Is there any existing possibility to define dissector from meta-file instead of coding, or is there any ongoing development in this direction? Thanks, Tamas ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] UAT access from within the registration functions
Thank you, thank you, thank you, Luis! It never occurred to me that I could load it manually. This worked! Also, it turns out that my original approach did not work because UAT preferences is one of the only preference types which, if changed, doesn't lead to the calling of the apply_cb passed in prefs_register_protocol... Perhaps there is a reason for it, but for now, my requirement is met and I am submitting a new patch. Thanks again! Abhik. On Fri, Apr 10, 2009 at 8:06 AM, Luis EG Ontanon l...@ontanon.org wrote: You can call uat_load() to have it loaded before preferences. 2009/3/25 Abhik Sarkar sarkar.ab...@gmail.com: Hi All, I want to read some data from a UAT while I am still in the registration functions. Going through the documentation and the code, it seems that all UAT tables are loaded when preferences are being read, and that if some registration needs to be done after preferences have been loaded, then it should be from inside proto_reg_handoff_protoname. My questions are: - is my understanding correct? - if not, is what I am trying to do possible at all? I am trying to revise the patch which I submitted originally for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3242 Thanks, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I re-use definition of hf[]?
How about registering a third common protocol PROTO, putting the common fields in that and then calling dissect methods in the common dissector from the variant dissectors? Would that work? On Tue, Apr 7, 2009 at 8:06 PM, Tamazov, Artem artem.tama...@tellabs.comwrote: Hello, I would like to implement two dissectors which are very similar. How can I re-use definition of hf[]? See sample code below (question is in comments): == ... static int proto_PROTOABBREV_VARIATION_A = -1; static int proto_PROTOABBREV_VARIATION_B = -1; static int hf_PROTOABBREV_FIELDABBREV = -1; static gint ett_PROTOABBREV = -1; static int dissect_PROTOABBREV_VARIATION_A(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { ... } static int dissect_PROTOABBREV_VARIATION_B(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { ... } void proto_register_PROTOABBREV(void) { static hf_register_info hf[] = { { hf_PROTOABBREV_FIELDABBREV, { FIELDNAME, PROTOABBREV.FIELDABBREV, FIELDTYPE, FIELDBASE, FIELDCONVERT, BITMASK, FIELDDESCR, HFILL } } }; static gint *ett[] = { ett_PROTOABBREV }; proto_PROTOABBREV_VARIATION_A = proto_register_protocol(PROTONAME VARIATION A, PROTOSHORTNAME A, PROTOABBREVA); proto_PROTOABBREV_VARIATION_B = proto_register_protocol(PROTONAME VARIATION B, PROTOSHORTNAME B, PROTOABBREVB); proto_register_field_array(proto_PROTOABBREV_VARIATION_A, hf, array_length(hf)); /* * *QUESTION*: * AFAIK double registration of hf[] is wrong, although currently Wireshark * tolerates this. How to _properly_ re-use hf[] in variation B? */ proto_register_field_array(proto_PROTOABBREV_VARIATION_B, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); } void proto_reg_handoff_PROTOABBREV(void) { dissector_handle_t PROTOABBREV_handle; PROTOABBREV_handle = new_create_dissector_handle(dissect_PROTOABBREV_VARIATION_A, proto_PROTOABBREV_VARIATION_A); dissector_add(PARENT_SUBFIELD, ID_VALUE, PROTOABBREV_handle); PROTOABBREV_handle = new_create_dissector_handle(dissect_PROTOABBREV_VARIATION_B, proto_PROTOABBREV_VARIATION_B); dissector_add(PARENT_SUBFIELD, ID_VALUE, PROTOABBREV_handle); } == I see one possible way -- using of C preprocessor capabilities: == ... static int hf_PROTOABBREV_FIELDABBREV_for_A = -1; static int hf_PROTOABBREV_FIELDABBREV_for_B = -1; ... #define HF_INITIALIZER_FIELDABBREV(hf_handle)\ { (hf_handle),\ { FIELDNAME, PROTOABBREV.FIELDABBREV,\ FIELDTYPE, FIELDBASE, FIELDCONVERT, BITMASK,\ FIELDDESCR, HFILL }\ }\ } ... static hf_register_info hf_a[] = HF_INITIALIZER_FIELDABBREV(hf_PROTOABBREV_FIELDABBREV_for_A); static hf_register_info hf_b[] = HF_INITIALIZER_FIELDABBREV(hf_PROTOABBREV_FIELDABBREV_for_B); ... proto_register_field_array(proto_PROTOABBREV_VARIATION_A, hf_a, array_length(hf_a)); proto_register_field_array(proto_PROTOABBREV_VARIATION_B, hf_b, array_length(hf_b)); ... == But this solution is not elegant, I guess. Any ideas? Thank you in advance, artem// The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any reproduction, dissemination or distribution of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Tellabs ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] add new project
Hi, It was I who had brought up this topic about a week back ( http://www.wireshark.org/lists/wireshark-dev/200903/msg00261.html) and in general it seems to me that it is a bad idea to use any Glib functionality which has introduced after Glib 2.4 (there was another mail earlier today about the same). I am going to fall back to the old code which I had written (copied from the parser generator for Diameter dictionary). I don't think it is a very straight forward way of handling it, but it seems to be the cleanest option for now. If more and more developers want to use XML configuration files, perhaps it might be good to introduce a dependency anyway... any small, cross-platform XML parsing library (even if it a subset of XML) with a compatible license should do. Regards, Abhik. 2009/3/30 Anders Broman a.bro...@telia.com Hi, No currently there is no XML parsing library used, the diameter dissector parses XML to load the AVP:s But I don’t think it’s a general xml parser. A similar approach could be used depending on your needs. Adding a XML library to the current project needs to be discussed I suppose, using GMarkupParser as per your previous mail might be an option (some one else suggested that as well) the drawback is that it’s only available in recent versions of glib, I’ve no idea if it limited to glib’s needs or if it’s a general XML parser. Using Glib might be more appealing than adding another library however. Comments any one? Regards Anders -- *Från:* wireshark-dev-boun...@wireshark.org [mailto: wireshark-dev-boun...@wireshark.org] *För *POINTEAU Remy *Skickat:* den 30 mars 2009 16:51 *Till:* Developer support list for Wireshark *Ämne:* [Wireshark-dev] add new project Hi ! for my project, i have to use a parser, and i have several questions : - Should i create a new project to modify th edependency of the project ? - Should i use Tinyxml to parse my XML files or, is there already a parser in wireshark ? - how can i use this parser if there is already one ? Can you answer to my questions please because the dead line of my project come quickly Thank you for all Rémy ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] UAT access from within the registration functions
Hi All, I want to read some data from a UAT while I am still in the registration functions. Going through the documentation and the code, it seems that all UAT tables are loaded when preferences are being read, and that if some registration needs to be done after preferences have been loaded, then it should be from inside proto_reg_handoff_protoname. My questions are: - is my understanding correct? - if not, is what I am trying to do possible at all? I am trying to revise the patch which I submitted originally for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3242 Thanks, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] XML parsing
Ah, thanks Jeff; I understand now. I checked ( http://library.gnome.org/devel/glib/unstable/glib-Simple-XML-Subset-Parser.html) and it suggests it has been around since version 2.16... so I guess it is OK to use it. Thanks for your help! Abhik. On Sat, Mar 21, 2009 at 1:25 AM, Jeff Morriss jeff.morriss...@gmail.comwrote: Hi Abhik, Sorry, I guess I mean: what is the earliest version of glib that supports the APIs you're talking about? For Windows we don't have a problem because we distribute glib with Wireshark, but all other OS's rely on the currently-installed glib. configure.in currently enforces glib 2.4 . Increasing that may be OK but of course it means some number of people will have to go upgrade their glib (so doing it shouldn't be taken lightly). Regards, Jeff Abhik Sarkar wrote: Hi Jeff, I meant version of glib which is part of the current set of libraries used to build the SVN version (in particular wireshark-win32-libs). There are a few different ways of parsing XML used in various parts of WS, and I wanted to use an existing API without having to introduce a new dependency (but also without having to use any parser generators) and it seems to be possible using the mentioned functionality. Thanks, Abhik. On Thu, Mar 19, 2009 at 6:52 PM, Jeff Morriss jeff.morriss.ws http://jeff.morriss.ws@gmail.com http://gmail.com wrote: Abhik Sarkar wrote: Hi Everyone, This is a question specifically to the core developers. Would it be OK to use the GMarkupParser facility which is provided by the latest glib that is part of the required libraries for the development version? I want to use it to read XML configuration files for a generally available dissector. Define latest. (I looked through the GLIB documentation and their list of symbols new to each release and at least some of the markup functions have been around for a while.) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] XML parsing
Hi Jeff, I meant version of glib which is part of the current set of libraries used to build the SVN version (in particular wireshark-win32-libs). There are a few different ways of parsing XML used in various parts of WS, and I wanted to use an existing API without having to introduce a new dependency (but also without having to use any parser generators) and it seems to be possible using the mentioned functionality. Thanks, Abhik. On Thu, Mar 19, 2009 at 6:52 PM, Jeff Morriss jeff.morriss...@gmail.comwrote: Abhik Sarkar wrote: Hi Everyone, This is a question specifically to the core developers. Would it be OK to use the GMarkupParser facility which is provided by the latest glib that is part of the required libraries for the development version? I want to use it to read XML configuration files for a generally available dissector. Define latest. (I looked through the GLIB documentation and their list of symbols new to each release and at least some of the markup functions have been around for a while.) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] XML parsing
Hi Everyone, This is a question specifically to the core developers. Would it be OK to use the GMarkupParser facility which is provided by the latest glib that is part of the required libraries for the development version? I want to use it to read XML configuration files for a generally available dissector. Thanks, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Can't run compiled Wireshark or tshark
Hi All, I did an svn update on my working copy after a while and though compilation is successful, neither Wireshark not tshark start-up successfully. I am on Windows XP SP 2 with MS VC2008EE. tshark fails to start with the following error: F:\wireshark-src\wireshark-gtk2tshark ** ERROR:packet.c:707:???: assertion failed: (sub_dissectors) F:\wireshark-src\wireshark-gtk2 I can't figure out the reason. I find that some dissectors do a dissector_add for a table which doesn't exist... e.g. packet-sqloracle.c: dissector_add(tns.port, TCP_PORT_TNS, sqloracle_hand); I couldn't find the table tns.port being defined anywhere and I suspect this should be tcp.port. At the same time, this dissector seems to have been committed 4 months back... so surely someone else would have spotted this by now if this is the issue. I can't catch this from within VS because the process runs for a very short time (not enough for me to attach to it). Any ideas? Thanks, Abhik. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Can't run compiled Wireshark or tshark
That dissector's source was added a while ago but it's not in the Makefile.common--presumably because it was not deemed ready for prime time. Did you manually add it? Ah... right. No Jeff, I checked and it is not added. So, that must not be the reason then. Any other ideas? ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Using wireshark
Hi Abhi, Perhaps you want to have a look at this page (http://wiki.wireshark.org/) and from there move on to these two pages for examples and ideas: http://wiki.wireshark.org/Tools http://wiki.wireshark.org/ThirdPartyServices Hope this helps Abhik. On Thu, Jan 15, 2009 at 9:57 PM, abhi tt maverick9...@gmail.com wrote: Hello. I am a student of IT engineering . We want to carry out a small but effective project on Packet Sniffer. We almost have no technical information about WireShark. We wish to use it for developing an application that is measurely used for monitoring purpose and Security ( ex. monitoring which sites are being accesed from the boys hostel ? what type of downloading peaple carry out ? etc etc. ). What are other ways we can use WireShark to create an effective application. Is it possible to make available the information present in the packet to the database so that it can be used for a variety of purposes ? Please reply soon. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Proto IPDR dissector working written in lua
Hi Charles, I am glad you have written this. I had offered to write it a long time back and never had the time (or the real need to do it). I don't think a Lua dissector will be make it to the core distribution. But, if you want to share it with everyone anyway, you could create a page at http://wiki.wireshark.org/ and make the Lua dissector available there. For the C version, just in case you haven't already, have a look at this page (http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcContribute.html). A bug is already open for this enhancement (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2771). You can attach the patch to that. Regards and thanks again! Abhik. On Wed, Jan 7, 2009 at 9:41 PM, Charles Carson charles.carso...@arrisi.com wrote: Hi All, I've written a prototype IPDR dissector in lua to the ipdr.org protocol specification version 2.1 and tested itseems to work well. How can I submit this for evaluation and comments etc. Working on one in C. Any input would be great. Regards, Charles Carson charles.car...@arrisi.com ARRIS 678.473.8489 ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Packet reasembling
I think one way might be to use a combination of conversations. You could try to create one conversation for each sub-channel. The conversation should have some way of storing the data from the sub-channel. Each time you have dissected a frame, append the data from each sub-channel to each conversation and check if the end of the PDU on a particular PDU is reached. When you are sure that you have a complete PDU, create a new tvb from the collected bytes using tvb_new_real_data, you could possible use that tvb to call other dissectors. The downside WS is not automatically show the extra re-assembly information in the frames. That my idea as a novice ;-) I am sure someone else might have better suggestions (or it is even possible that reassembly API is modified to suit this kind of application). HTH Abhik On Thu, Dec 18, 2008 at 11:01 AM, Vasyl Semchyshyn vasyl.semchys...@aricent.com wrote: HI all. I know Wireshark can reassemble packets, and I have found several reassembling strategies, but it seams that none of them is suitable for me. In my dissect function I'm receiving a buffer that consist of 32 bytes - this is one frame. Each byte of this frame is called timeslot, and enumerated from 0 to 31, e.g timeslot0, timeslot1, Each timeslot can be divided into several sub-channels, for example bits 0 -1 from timeslot0 will be sub-channel1, bits 2-3 will be sub-channel2, and so on, it's like applying bit mask on timeslot(0xC for sub-channel1, 0x30 for sub-channel2, ...). To collect data of some sub-channel, we must take certain amount of bits at certain offset from the beginning of the frame, add them to buffer and continue doing this for each frame we have captured. Fragment disassembling is not applicable here because concatenation of two frames will not be helpful. Segment fragmentation is also not applicable because here work must be done with bits. So can someone make some suggestions how to implement reassembling for this protocol? DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error,please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Crash on Edit Preferences
Hello All, My SVN copy of Wireshark has been, for a while, crashing when I go to Edit Preferences. I finally decided to get to the bottom of this and have some very strange observations... but to start at the beginning: OS: Windows XP Professional SVN revision: 26908 Build Env: VC++ 2008 EE To investigate, I start Wireshark and then attach to it from VC++. Then I go to Edit Preferences. The result is that the program always stops due to an access violation and VC++ opens the file packet-vnc.c and breaks at this block in vnc_server_framebuffer_update case ENCODING_COPY_RECT: bytes_needed = vnc_copyrect_encoding(tvb, pinfo, offset, vnc_encoding_type_tree, width, height); break; I can't figure out what packet-vnc.c would have to do with my going to Edit Preferences, but that what always comes up. Perhaps I am doing something wrong. Can someone help out or suggest a new approach to try and find the problem? Version 1.0.4 works properly on the same machine. Thanks, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Crash on Edit Preferences
Thanks Martin... I'll give that a shot. On Wed, Dec 3, 2008 at 11:55 PM, Martin Lutz [EMAIL PROTECTED] wrote: Hi, I had the same problem. A clean build got me out of this. Regards, Martin. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Crash on Edit Preferences
Hi Bill, Here are the answers. Guy, I think these answer your questions too. Is this similar to bug #2053 ? (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2053) No. When do you get the crash ? If you are displaying packets and the crash happens when you exit edit ! preferences, then the bug might be the same as #2053. It is happening irrespective of whether a capture file is open or not. WS crashes _before_ the dialog is shown. If not, can you step through the edit ! preferences code to see when the crash occurs ? I'll try that. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Crash on Edit Preferences
Hi Martin, Thanks... this fixed it. Seems to correspond to the first item at http://wiki.wireshark.org/Development/CommonProblems. Regards, Abhik. On Thu, Dec 4, 2008 at 6:56 AM, Abhik Sarkar [EMAIL PROTECTED] wrote: Thanks Martin... I'll give that a shot. On Wed, Dec 3, 2008 at 11:55 PM, Martin Lutz [EMAIL PROTECTED] wrote: Hi, I had the same problem. A clean build got me out of this. Regards, Martin. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Make Packaging Failed
Hi Sean, Do you have NSIS installed? Have a look at http://www.wireshark.org/docs/wsdg_html_chunked/ChToolsNSIS.html and http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBinary.html. Hope this helps Abhik On Thu, Nov 27, 2008 at 4:19 AM, Sean [EMAIL PROTECTED] wrote: Hi, I'm using the 1.0.4 source code and would like to build out the package, but the following error message is prompted: 'C:/Program' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error U1077: 'C:/Program Files\nsis\makensis.exe' : return code ' 0x1' Stop. NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 9.0\VC\BIN \nmake.exe' : return code '0x2' Stop. Can anyone give me some clues on how to solve this issue? Thanks a lot. Sean ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] SCCP equivalents in SUA dissector
Hi All, Just as the M3UA dissector added a section called MTP3 equivalents in packets which make it possible to use MTP3 fields for filtering, would it be fair to have SCCP equivalents in the SUA dissector. I am interested in particular in sccp.calling.digits and sccp.called.digits... though there might be others which are also useful. Thanks, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] How do you get RTP recognized by Wireshark ?
Hi Michael, I don't know much about RTP, but I think I remember someone answering a similar question recently... have you already trying turning on the preference for RTP protocol called Try to decode RTP outside of conversations?. HTH Abhik. On Fri, Nov 14, 2008 at 10:06 PM, Michael Lum [EMAIL PROTECTED] wrote: Hi, I have RTP streams that are set up with an unrecognized signaling protocol. I.e. not SIP/MGCP, etc. Can somebody give me a quick run down on what to change so that the streams can be recognized as RTP ? I thought all I might have to do was add a call to rtp_add_address() with the correct IP address, port, payload, etc. but it doesn't appear to work. Any help would be great. Thanks. -- Michael Lum Principal Software Engineer 4600 Jacombs Road +1.604.276.0055 Richmond, B.C. Canada V6V 3B1 Star Solutions ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Fwd: [Bug 3065] Support for Diameter conversations and service response time
Hi All, I think the buildbots have failed after this commit. It might be because I didn't include the updated Makefile.common files. Sorry! I'll make sure I do this the next time. Perhaps someone wants correct it in the meantime. Thanks, Abhik. -- Forwarded message -- From: [EMAIL PROTECTED] Date: Sat, Nov 15, 2008 at 4:53 PM Subject: [Bug 3065] Support for Diameter conversations and service response time To: [EMAIL PROTECTED] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3065 Anders Broman [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] Status|NEW |RESOLVED Resolution||FIXED --- Comment #1 from Anders Broman [EMAIL PROTECTED] 2008-11-15 07:53:10 PDT --- Committed revision 26785. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You reported the bug. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Ericsson SCAP Diameter
Hello All, I am currently deploying/integrating a system which interfaces with Ericsson charging systems using Diameter SCAP. During the integration, I found that Wireshark is not able to decode some SCAP AVPs and was able to modify the Wireshark Diameter Ericsson dictionary to decode all the SCAP AVPs. I would like to find out if there are any reasons (technical or legal) which would prevent us from including this updated dictionary into the standard distribution. I noticed that some of the command codes overlap with other dictionaries, but I think the application_id's are different. I also noticed a comment somewhere that the dissector currently doesn't/can't distinguish between command codes based on application id. I don't know if this is still the case. If there are no issues, then I'll submit a patch for the updated dictionary. Thanks, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Ericsson SCAP Diameter
Hi Anders, Thanks for the quick response. This is the reason why I asked... I am not sure about the document's distribution because it was provided to us by Ericsson but it doesn't seem to say anything about an NDA and says in general that it is for application developers intending to interface with Ericsson CCN. Anyway, I'll not distribute the dictionary until I have got further clarity on the matter. Thanks, Abhik. On Fri, Nov 14, 2008 at 11:25 AM, Anders Broman [EMAIL PROTECTED] wrote: Hi, I've no idea about the leagal issues but I'd be careful if you where able to create that dictionary by Using Ericsson internal dockumentation or dockuments that may have been given to you under nondisclosure terms. Regards Anders -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar Sent: den 14 november 2008 11:18 To: Developer support list for Wireshark Subject: [Wireshark-dev] Ericsson SCAP Diameter Hello All, I am currently deploying/integrating a system which interfaces with Ericsson charging systems using Diameter SCAP. During the integration, I found that Wireshark is not able to decode some SCAP AVPs and was able to modify the Wireshark Diameter Ericsson dictionary to decode all the SCAP AVPs. I would like to find out if there are any reasons (technical or legal) which would prevent us from including this updated dictionary into the standard distribution. I noticed that some of the command codes overlap with other dictionaries, but I think the application_id's are different. I also noticed a comment somewhere that the dissector currently doesn't/can't distinguish between command codes based on application id. I don't know if this is still the case. If there are no issues, then I'll submit a patch for the updated dictionary. Thanks, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Can execute compiled Wireshark/tshark :-(
Hi Anders, It wasn't that complicated after all and it did work out of the box as you said. I am happy once more :-) And I just noticed a mistake in the subject of this thread... it should have read Can't execute Sorry! Regards, Abhik. On Sun, Oct 12, 2008 at 8:16 PM, Anders Broman [EMAIL PROTECTED] wrote: Hi, I think it works out of the box with trunk. Regards Anders ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Can execute compiled Wireshark/tshark :-(
By using Dependency Walker (http://www.dependencywalker.com/) I figured out that this is happening because I am missing two DLLs: - MSVCR90.DLL (which seems to be required by the new LUA dll). - DWMAPI.DLL ( ieframe.dll mshtml.dll ... user32.dll libwireshark.dll) I also get this error when running Dependency Walker: Error: The Side-by-Side configuration information for f:\wireshark-src\wireshark-gtk2\LUA5.1.DLL contains errors. This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem (14001). It seems to be related to the manifest file related thing that I keep hearing about... but my knowledge of Windows specific development is zero. Can someone please help! Thanks, Abhik. On Fri, Oct 10, 2008 at 11:51 PM, Abhik Sarkar [EMAIL PROTECTED] wrote: Hi All, Since doing an svn update today, I am not longer able to run wireshark or tshark (on my Windows XP Professional + SP 2). It compiles OK, but when I start up wireshark or tshark, Windows throws up a pop-up with the following message: The application failed to initialize properly (0xc0150002). Click on OK to terminate the application. I have also tried distclean followed by compile, but that doesn't change the situation. I have been using VS2005EE to build. Any ideas? Thanks, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Can execute compiled Wireshark/tshark :-(
Thanks Stig... you stole the words right out of my mouth. I didn't upgrade because the only thing I compile on Windows is WS. There was nothing to indicate that VS2008EE had become the mandatory development environment (and not just the recommended one). Also, it had been working fine until recently. I had tried installing the missing DLL's before my second post, but it didn't seem to help. Chris, I have read your detailed response too, thanks! I think I'll give that a shot in the short term and upgrade to VS2008EE once time permits. Thanks guys, for all the answers. On Sun, Oct 12, 2008 at 6:31 PM, Stig Bjørlykke [EMAIL PROTECTED] wrote: On 12. okt.. 2008, at 16.14, Anders Broman wrote: I have been using VS2005EE to build. Any reason to not upgrade to VS2008EE? I know one: it requires some amount of work :) Our documentation (developer guide, chapter 2.2 Win32: Step-by-Step Guide) still referes to VS2005EE, and if this does not work out of the box I think we should update the documentation. -- Stig Bjørlykke ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Can execute compiled Wireshark/tshark :-(
Hi All, Since doing an svn update today, I am not longer able to run wireshark or tshark (on my Windows XP Professional + SP 2). It compiles OK, but when I start up wireshark or tshark, Windows throws up a pop-up with the following message: The application failed to initialize properly (0xc0150002). Click on OK to terminate the application. I have also tried distclean followed by compile, but that doesn't change the situation. I have been using VS2005EE to build. Any ideas? Thanks, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Error while setting up check-out of code
Or, like in the case of a problem I had recently, the proxy was detected, but the proxy needed authentication. In that case, you need to create a file called .wgetrc in %HOME% and its contents should be something like this: http_proxy=a.b.c.d:port proxy_user=username proxy_password=password Regards, Abhik. On Mon, Sep 29, 2008 at 6:18 PM, Luis EG Ontanon [EMAIL PROTECTED] wrote: Try to pass the proxy settings manually. e.g.: HTTP_PROXY=1.2.3.4: nmake -f Makefile.nmake setup \Lego On Mon, Sep 29, 2008 at 3:55 PM, Roshan Nair [EMAIL PROTECTED] wrote: Hi, I am seeing thiis error while I execute the command nmake -f Makefile.nmake setup. The error I get is as below : ** glib_2.18.1-1_win32.zip ** Using Internet Explorer proxy settings. HTTP proxy (eng-proxy.net.com:80) has been specified and will be used. Downloading gtk2.14/glib_2.18.1-1_win32.zip into C:\WIRESH~1, installing into glib --2008-09-29 18:55:20-- http://anonsvn.wireshark.org/wireshark-win32-libs/tags/2008-09-25 /packages//gtk2.14/glib_2.18.1-1_win32.zip Resolving anonsvn.wireshark.org... 67.228.110.124 Connecting to anonsvn.wireshark.org|67.228.110.124|:80... failed: Connection timed out. Retrying. What could be the problem ? Thanks in advance! Regards, -Roshan. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] XML Parser
I needed something similar for feature I have been working on for the SMPP dissector. I could not (when I started working on this) find any ready-made XML parser library in the WS tool chain. So, I have shamelessly copied LEGO's good work on the Diamater Diameter dictionary support (which us also based on XML files). It was a bit tough for me (because I have never worked with Lex before), but it was a good learning experience. There is also the XML dissector which (if I remember correctly) uses the lemon parser generator. HTH Abhik. On Fri, Sep 19, 2008 at 6:41 PM, Matt Poduska [EMAIL PROTECTED] wrote: I'm looking to add support for loading vendor extension information into the LLRP protocol dissector (submitted, but not yet accepted). The vendor extension files are XML formatted, and define the structure and content of extensions to the LLRP protocol. The vendor extension XML files would be read when the dissector is initialized, and would produce structures (in memory) that would be used to dissect the protocol extensions. Is there an XML parsing library available to my dissector? Thanks, Matt Poduska Software Engineer, RFID Systems Intermec 550 Second Street SE Cedar Rapids, IA 52401 voice: 319.369.3331 fax: 319.369.3577 ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] About adding new capture file format
Hi Robert Lai, Please see wiretap/README.developer and any of the other files in the same directory (which add supported for various file formats) for examples. Best regards, Abhik. 2008/8/27 香草巧克力慕斯 [EMAIL PROTECTED]: Dear all : I am new to wireshrak, and I hava a problem about add new capture file. Wireshark can capture some file format such as pcap. But I want add a new capture file format. According to the develop guide, I have to modify the wtap code. But I don`t know how to modify it. Could you provide some reference files or samples to me, thanks a lot. p.s.Because I am not good at English (I am come from Taiwan),there may have some grammar error. Thanks for your patients. From Robert Lai 想知道無聊生活如何大變身嘛? - 馬上瞧瞧! ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Deploying 'default' properties with installation
Hi Scott, Have you already seen this: http://www.wireshark.org/docs/wsug_html_chunked/ChCustConfigProfilesSection.html Abhik. On Wed, Aug 13, 2008 at 11:15 AM, [EMAIL PROTECTED] wrote: Hi guys I'm wondering what my options are in terms of preconfiguring an installation for a specific environment. We have our own custom dissector which is a stub of GIOP, and I'd like to disable PARLAY, TANGO and DNP 3 which can cause problems with our dissector. There are a couple of other tweaks to standard preferences for IP and TCP which I'd like to change too - Ideally I'd set up two new config profiles for the two modes (i.e. one for legacy code, one of current code reflecting our two plugins) Is this possible? Many thanks Scott ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Deploying 'default' properties with installation
Hi Scott, Sorry, I misunderstood your requirement and am not familiar with this part. But, having had a quick look at the related files, it seems you will have to create a customized installer which copies over your customized files settings to the correct location. Based on your requirements, I think these would be the following files: %APPDATA%\Wireshark\disabled_protos %APPDATA%\Wireshark\preferences Or perhaps, it might be better to create a customized profile by creating a directory called %APPDATA%\profiles\custom_name and having these files there, and then asking users to switch to this profile when required. Abhik. On Wed, Aug 13, 2008 at 12:12 PM, [EMAIL PROTECTED] wrote: Hi Abhik, I've looked at that - was hoping to find a config file I could tweak for deployment, that would become the default profile on installation I've tweaked the services file so that my ports are detected correctly just reading through the NSI file to see where it's copied from - or is it generated on first run? Cheers Scott Abhik Sarkar [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 13/08/2008 08:25 Please respond to Developer support list for Wireshark wireshark-dev@wireshark.org To Developer support list for Wireshark wireshark-dev@wireshark.org cc Subject Re: [Wireshark-dev] Deploying 'default' properties with installation Hi Scott, Have you already seen this: http://www.wireshark.org/docs/wsug_html_chunked/ChCustConfigProfilesSection.html Abhik. On Wed, Aug 13, 2008 at 11:15 AM, [EMAIL PROTECTED] wrote: Hi guys I'm wondering what my options are in terms of preconfiguring an installation for a specific environment. We have our own custom dissector which is a stub of GIOP, and I'd like to disable PARLAY, TANGO and DNP 3 which can cause problems with our dissector. There are a couple of other tweaks to standard preferences for IP and TCP which I'd like to change too - Ideally I'd set up two new config profiles for the two modes (i.e. one for legacy code, one of current code reflecting our two plugins) Is this possible? Many thanks Scott ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev -- This e-mail is intended for the named addressees only. Its contents may be privileged or confidential and should be treated as such. If you are not an intended recipient please notify the sender immediately and then delete it; do not copy, distribute, or take any action based on this e-mail. In the pursuit of its legitimate business activities and its conformance with relevant legislation, Quantel may access any e-mail (including attachments) it originates or receives, for potential scrutiny. Quantel is the trade name used by Quantel Holdings Limited and its subsidiaries. Quantel Holdings Limited is registered in England Wales. Registration No: 4004913 Contact details for all Quantel Offices and Companies can be found on our website www.quantel.com or by writing to the holding company. Registered address: Turnpike Road, Newbury, Berkshire, RG14 2NX, United Kingdom ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Display filter syntax checking
Hi Everyone, The display filter syntax checking (background colour red/green/amber) seems to be broken in SVN (at least on my SVN Rev 25800 on WinXP Pro SP2). Is this the side effect of someone's ongoing work (bug 2581 e.g.)? For example, I am able to type tcpspace which turns the colour green, and then I can type anything whatsoever after that, it remains green. This doesn't happen in 1.0.2. If anyone asks me to open a bug, I will, but I just wanted to make sure that no one is already aware of this and working on it. Regards, Abhik ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Display filter syntax checking
Hi Bahaa, Thanks a lot for checking. I'll open a bug report. Regards, Abhik. On Fri, Aug 8, 2008 at 1:49 AM, Bahaa Naamneh [EMAIL PROTECTED] wrote: Hi Abhik, I've reviewed my code (bug 2581) to check whether it causes the bug you mentioned, and I'm quite sure that it has no influence on the way display filter syntax checking feature works. To verify this I checked an older SVN Rev (25382) that does not have the Filter AutoCompletion feature (bug 2581). And I found that the bug exists at least in SVN Rev 25382. So I think you should open a bug on that. Best Regards, Bahaa ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] problem about SIR over WSP protocol
Hi, Can you share a capture or a screenshot to explain your concern? I don't know about the others, but I couldn't quite understand what your point is... Thanks! Abhik. On Wed, Jul 30, 2008 at 12:14 PM, [EMAIL PROTECTED] wrote: Hi everybody There are doubts when I was encoding a SIR data Unit over wsp protocol.When packing the Application-ID List item, I just pack the the header value part of the X-WAP-Application-Id header,omitting the header name code 0xAF, but both of them should be packed into the item by wireshark1.0.2. I think the header name code is redundant,and the OMA gateway source just do so.What about your options?Your reply will be higly appreciated! Thanks Ding 丁宇峰 网络研究所 业务软件开发一部 Mail: [EMAIL PROTECTED] mobile: 13770766038 ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Generic call_dissector()
Building on Chris' idea... based on the assumption that your protocol has a field to say what the payload is (called payload_tag e.g.), you will still have to determine what the payload protocol (as Chris suggested) is but to keep things generic, you could register a preference which has a syntax of something like this: payload_tag:payload_proto;payload_tag:payload_proto;... e.g. 1:ip;2:ppp;3:tcp; That way, you can add support for new protocols without having to re-write any code. The only gotcha is that the dissectors for all the payload protocols must have registered themselves with names (and recently a fair number have been found not to and corrected). HTH Abhik. On Wed, Jul 30, 2008 at 5:41 PM, Maynard, Chris [EMAIL PROTECTED] wrote: You may be able to get away with calling the lowest common denominator dissector and letting it naturally take care of handing off dissection to the next protocol, whatever it is. If there is no common denominator, one possible way to do it would be to have all possible protocol dissectors that could appear in your payload register themselves as heuristic dissectors to your dissector, then you would only need to make a single call to dissector_try_heuristic(). But that would require changes to a lot of core protocols, potentially, namely ip, ppp, etc., so I'm not so sure that it's the best solution overall. I don't know, perhaps the best solution is simply for you to determine the protocol yourself and hand off to the appropriate dissector. Maybe someone else has some thoughts on this or ideas on how else it could be done. - Chris -Original Message- From: [EMAIL PROTECTED] [mailto:wireshark-dev- [EMAIL PROTECTED] On Behalf Of Hans Glück Sent: Wednesday, July 30, 2008 4:41 AM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Generic call_dissector() Hello, I am writing a dissector and in the payload of my packets are different types of data/information (PPP, TCP,...) and maybe some more I don´t know. I wonder if I can call WS to dissect this payload without defining a special handle? = call_dissector(...) - therefor I have to define a ppp or ip handle Is there a possibility to make a generic dissector call? Or can the user define the payload by clicking on a packet and Export as ... IP? Regards, Chris __ Gesendet von Yahoo! Mail. Dem pfiffigeren Posteingang. http://de.overview.mail.yahoo.com ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Patch to support decoding LANforge packets.
Hello Ben, Please follow the instructions here (http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcContribute.html#ChSrcSend) to make sure that your contribution is tracked properly and not lost. Thanks! Abhik. On Thu, Jul 31, 2008 at 7:07 AM, Ben Greear [EMAIL PROTECTED] wrote: LANforge is a network traffic generator that my company sells. Part of our feature set is UDP and TCP traffic generation. We have a small header followed by a payload. The payload is normally just filler and of no special interest to users. Attached is a patch to decode the LANforge header. Please consider adding this to Wireshark, and let me know if there are any suggestions for improvement. Thanks, Ben -- Ben Greear [EMAIL PROTECTED] Candela Technologies Inc http://www.candelatech.com ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Problem editing Wiki
:'( Thanks Jaap! I have worked around it for now. On Sun, Jul 27, 2008 at 2:57 PM, Jaap Keuter [EMAIL PROTECTED] wrote: Hi, Content spammers caused this domain to be added to the blocked domain list. Thank them for not being able to save your page. Thanx, Jaap Abhik Sarkar wrote: Hi Everyone, I am not sure if this is the correct place to ask, but can't think of anywhere else right now. I am trying to edit wiki.wireshark.org/SMPP and keep getting this error message when trying to save the changes: Sorry, can not save page because smsforum.net is not allowed in this wiki.. Any pointers? I can't understand why that particular phrase would be not allowed. The preview shows the page correctly. Thanks Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] display filter for expert/tcp analysis info
Hi Nathan, Would using the tcp.analysis.lost_segment and other display filters from the tcp.analysis family not meet your requirement? Or do you specifically want to have display filters on expert analysis items for a broader scope? Regards, Abhik. On Fri, Jul 25, 2008 at 7:12 AM, Nathan Jennings [EMAIL PROTECTED] wrote: Hello, Is there a way to use the display filter syntax to filter packets based on the expert/tcp analysis output (strings)? What I'd like to do is construct a display filter that matches an expert/tcp analysis string like TCP segment lost, or something similar. I could then use this filter in the IO Graph window to show/highlight the affected packets in the line graph. I looked at the wishlist on the Wiki but didn't see anything. Any ideas on how difficult this might be to implement? Maybe point me to where I might get started? Thanks, -Nathan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] (no subject)
I saw something similar in this: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2727 On Fri, Jul 25, 2008 at 7:44 PM, [EMAIL PROTECTED] wrote: Hi all, I'm trying to figure out if it is possible for wireshark to handle many versions of the same protocol. Ex I wrote a plugin handling v1 of foo protocol, now this protocol has evolved and I need to write a v2 plugin. is it possible for wireshark to handle both version in the same session? that is without replacing the fooPluginv1.dll fooPluginV2.dll? Cheers -- ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Decoding an incoming message into an array
Hi Sachin, I don't think there is any function to fetch an array from the tvb. _In theory_, if you knew that there are exactly 10 integers in param2 you could do a memcpy from the tvb... but that would be just wrong because the byte-order might get messed up on different platforms. So, it is probably best to loop 10 times and get an integer in the host-order one at a time. As far as displaying it in the decoded tree goes, you can create a sub-tree called param2 and add the integers under that tree. You can find any example in packet-smpp.c, function smpp_handle_dlist(). HTH Abhik. On Tue, Jul 22, 2008 at 10:41 AM, Sachin Kumar Verma [EMAIL PROTECTED] wrote: Hi All, Can anyone please provide me a sample code to dissect an incoming message into a structure that also contains an array? For e.g. if the target structure is: struct sample_struct { int param1; int param2[10]; }; Then please suggest me the appropriate way to dissect an incoming packet into this structure and displaying its decoded tree properly. Would appreciate if you can also suggest me the way to take care of possible padding bytes that may be inserted by the sending entity. Thanks a ton in advance. T R Sachin Verma Software Engineer DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error,please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility forloss or damage arising from the use of the information transmitted by this email including damage from virus. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Bug 2581 - Filter autocompletion
Hi Bahaa / Martin, Ever since I have seen this enhancement request raised, I have been eager to try it out. But, now that I have compiled the latest SVN version... it doesn't seem to work (that is, no pop-up menu appears with the suggested values) . Must I do anything special to enable the feature? Thanks, Abhik. PS: Build information Version 1.0.99-AS (SVN Rev 25800) Copyright 1998-2008 Gerald Combs [EMAIL PROTECTED] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.11, with GLib 2.16.5, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos, with PortAudio V19-devel (built Jul 23 2008), with AirPcap. Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 8.0 build 50727 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Bug 2581 - Filter autocompletion
Hi Martin, On Wed, Jul 23, 2008 at 4:45 PM, Martin Mathieson [EMAIL PROTECTED] wrote: Hi Abhik, Its a very nice feature that I wish I or someone else had written years ago :) Indeed... it is a very welcome addition. Its working in my Linux and Windows builds (I commited it using my Linux client, which shows that I didn't miss out any files needed by Windows. I did run 'nmake -f Makefile.nmake setup' before building under Windows). All you should need to do is type e.g. sip. in the main display filter and the popup should appear. Yup... I made sure it was built correctly, but I figured out the problem (incorrect user expectation). I thought the popup would appear as soon as I started typing, so if, for example, I typed s, all protocol names starting with s would appear and so on and I didn't wait to put protoname.. It works as designed. Sorry for the noise! Regards, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] wireshark to sql
Hi Saeed, This has been discussed before... http://www.wireshark.org/lists/wireshark-dev/200708/msg00041.html You can search the wireshark mailing list archives to see if there are more discussions. HTH Abhik. On Tue, Jul 22, 2008 at 4:49 PM, Saeed Akhtar [EMAIL PROTECTED] wrote: Hi, I am trying to dump information retrieved from wireshark to sql. is there any option in wireshark or is it already done by someone. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Text2pcap and bidirectional traffic
Hi Patrick! Due you really need the TCP and lower layers (for example, if you make use of the conversations API)? If not, you could simply use text2pcap with a user DLT to test only your protocol layer: http://wiki.wireshark.org/HowToDissectAnything (the page needs a bit of an update to match the latest versions... I'll see if I can do that later today, but you should get the idea (if you don't already know, that is)). What you are proposing of course could be quite useful. It might be worth opening an enhancement bug report with your initial approach (so that the idea doesn't get lost) and someone might be able to provide further ideas. HTH Abhik. On Tue, Jul 22, 2008 at 8:50 AM, Barnes, Pat [EMAIL PROTECTED] wrote: I don't have any traffic to test my dissector against, because the components in the system that will be generating that traffic aren't ready yet. Until then, I've used text2pcap to construct some capture files from scratch. There is a bit of a problem though: The -T (add TCP headers) option results in packets only going in one direction. As a bit of hack, I've put this code in the process_directive function: static void process_directive (char *str) { guint32 tmp; str += 11; //Strip off the #TEXT2PCAP and first space if (strncmp(INVERT, str, 6) == 0) { if (hdr_ip) { tmp = HDR_IP.src_addr; HDR_IP.src_addr = HDR_IP.dest_addr; HDR_IP.dest_addr = tmp; } if (hdr_tcp || hdr_udp) { tmp = hdr_src_port; hdr_src_port = hdr_dest_port; hdr_dest_port = tmp; } fprintf(stdout, Inverted source and destination \n); } else { fprintf(stderr, \n--- Directive [%s] currently unsupported ---\n, str-11); } } Such that a '#TEXT2PCAP INVERT' will switch the directions around. The only downside to this approach is that it mucks up the TCP sequences - subsequent packets have a 'TCP segment lost' warning. Any suggestions on how to suppress/fix that, or otherwise enhance text2pcap? -- Patrick Barnes Software Engineer Land Joint Systems Thales Australia 274 Victoria Road, Rydalmere, NSW 2116, Australia Tel: +61 2 9848 3857 Mob: +61 410 751 044 | www.thalesgroup.com.au -- DISCLAIMER:--- This e-mail transmission and any documents, files and previous e-mail messages attached to it are private and confidential. They may contain proprietary or copyright material or information that is subject to legal professional privilege. They are for the use of the intended recipient only. Any unauthorised viewing, use, disclosure, copying, alteration, storage or distribution of, or reliance on, this message is strictly prohibited. No part may be reproduced, adapted or transmitted without the written permission of the owner. If you have received this transmission in error, or are not an authorised recipient, please immediately notify the sender by return email, delete this message and all copies from your e-mail system, and destroy any printed copies. Receipt by anyone other than the intended recipient should not be deemed a waiver of any privilege or protection. Thales Australia does not warrant or represent that this e-mail or any documents, files and previous e-mail messages attached are error or virus free. -- ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] col_add_fence for Source/Dest columns?
Hi David, If you are trying to prevent a sub dissector from over-writing the columns, you probably want to check the col_set_writable call as well. See, packet-gsm_sms_ud (at around line 390) for an example. HTH Abhik. On Wed, Jul 16, 2008 at 8:02 AM, David Underhill [EMAIL PROTECTED] wrote: I am trying to prevent a call to call_dissector from overwriting the data in the source/dest fields in the main wireshark table. However, even if I setup a fence on every value in the enum in column_info.h, they still get overwritten. This is odd because setting fences on COL_PROTOCOL and COL_INFO protects the protocol and info fields as expected. Any ideas? ~ David ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] How to register the plugins
You said initially that the SSN's are 91 and 92, but you are subsequently using 90 and 91 during registration... Not sure if that is correct. If it isn't then XXX messages should be dissected as YYY messages. Also, you might want to not register the heuristic dissector and try. HTH Abhik. On Tue, Jul 15, 2008 at 3:39 PM, [EMAIL PROTECTED] wrote: Hi all, I wrote two plugins which run on sua layer. The plugins are xxx and yyy and their subsystem no. are 91 and 92 respectively. Now I registered the two protocols as For XXX plugin: static guint global_xxx_ssn = 90; Void proto_reg_handoff_xxx(void) { static dissector_handle_t xxx_handle; heur_dissector_add(sua, dissect_xxx, proto_xxx); xxx_handle = create_dissector_handle(dissect_xxx, proto_xxx); dissector_add(sccp.ssn, global_xxx_ssn, xxx_handle); } For YYY plugin: static guint global_yyy_ssn = 91; Void proto_reg_handoff_yyy(void) { static dissector_handle_t yyy_handle; heur_dissector_add(sua, dissect_yyy, proto_yyy); yyy_handle = create_dissector_handle(dissect_yyy, proto_yyy); dissector_add(sccp.ssn, global_yyy_ssn, yyy_handle); } Now the problem is the data what ever comes above sua layer is dissected as yyy protocol. The data which comes after yyy protocol is dissected as xxx protocol. But both the plugins should run on sua layer and depending on subsystem no. they have to be differentiated. Can any one please suggest me how to register the plugins properly so that then can be dissected properly on sua layer? Thanks in advance, Atdev. Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] SSL decryption breaks after retransmission
Hi Sake, I was curious to know - Are you working on this? I just wanted to know because some work I am doing depends (slightly) on this and I will put comments in the code accordingly. Thanks! Abhik. On Thu, May 29, 2008 at 9:38 PM, Sake Blok [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 12:19:31PM -0400, Bill Meier wrote: - Make the TCP dissector not forward retransmitted segments to higher layer protocols, just like the normal TCP stack will do on the receiving host. This will have a major impact on the way retransmitted frames are displayed. Then again, the fully dissected segment is already available. 1. Given that TCP is a streaming protocol, ISTR that a retransmitted frame can actually consist partially of bytes previously sent and partially of additional bytes not previously sent. If this is the case (and I'm not missing something), then presumably the tcp dissector would need to forward any new bytes of a frame. Yes indeed. When tcp reassembly is enabled, this will be taken care of unless the extra data is actually the start of a new upper layer PDU. I will either try to incorporate this case in my fix, or put some notes in the code that it should be fixed in the future. I think there will not be many cases where this happens... 2. How does re-assembly play into this discussion ? I haven't looked at the SSL dissector so I don't know how it works. Is re-assembly being used ? Doesn't re-assembly in effect take care of retransmissions (at least in some cases) ? It does, unless the retransmitted segment is the last part of the upper layer PDU (which of course includes the case where the PDU consists of only one tcp segment). Cheers, Sake ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] SSL decryption breaks after retransmission
No problems... thanks for the update, Sake! On Mon, Jul 7, 2008 at 5:20 PM, Sake Blok [EMAIL PROTECTED] wrote: Abhik, I did take a look at it, but have not found the time yet to create a proper fix. Cheers, Sake On Mon, Jul 07, 2008 at 04:03:28PM +0400, Abhik Sarkar wrote: Hi Sake, I was curious to know - Are you working on this? I just wanted to know because some work I am doing depends (slightly) on this and I will put comments in the code accordingly. Thanks! Abhik. On Thu, May 29, 2008 at 9:38 PM, Sake Blok [EMAIL PROTECTED] wrote: On Thu, May 29, 2008 at 12:19:31PM -0400, Bill Meier wrote: - Make the TCP dissector not forward retransmitted segments to higher layer protocols, just like the normal TCP stack will do on the receiving host. This will have a major impact on the way retransmitted frames are displayed. Then again, the fully dissected segment is already available. 1. Given that TCP is a streaming protocol, ISTR that a retransmitted frame can actually consist partially of bytes previously sent and partially of additional bytes not previously sent. If this is the case (and I'm not missing something), then presumably the tcp dissector would need to forward any new bytes of a frame. Yes indeed. When tcp reassembly is enabled, this will be taken care of unless the extra data is actually the start of a new upper layer PDU. I will either try to incorporate this case in my fix, or put some notes in the code that it should be fixed in the future. I think there will not be many cases where this happens... 2. How does re-assembly play into this discussion ? I haven't looked at the SSL dissector so I don't know how it works. Is re-assembly being used ? Doesn't re-assembly in effect take care of retransmissions (at least in some cases) ? It does, unless the retransmitted segment is the last part of the upper layer PDU (which of course includes the case where the PDU consists of only one tcp segment). Cheers, Sake ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Query on Field Registration
Hi Hemant, As far as I know nesting of header fields is not possible... check out epan/proto.h where the field info structures are defined. What you could do is something like have: hf_message_type hf_field1 hf_field2 Then, the display filter would be message.type==1 field1.value==X or message.type==2 field1.value==X). You can then (in the protocol tree) next the fields under message types by using subtrees... This is done for the protocol I am most familiar with (SMPP) and you can check in packet-smpp.c how the common DCS field is handled in a submit_sm and a data_sm. HTH Abhik On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant [EMAIL PROTECTED] wrote: Hello Another query that has surfaced up while doing the design for dissector module is , whether there is a concept of tree and subtree while registration of the fields? Actually, I have a set of messages and all of them have a common field which again contains subfields. So under the current situation for registration of fields I have to register the same field again and again for different messages with different names like Message1.field1.field2 Message2.field1.field2 and so . So that in the expression window user should not get confused with a common parameter for all the messages. Is there any way out so that in the expression window when the user wants to set some parameter for field2 so as to collect only message 1 , he should be able to see a tree under message1 and and then again a subtree for field1 ,whose branch contains a set of parameters including field2 and so on and appropriately set the required parameter for a particular message. If there is a way out then I will be able to share a common dissect function for a particular field tyoe across all the messages otherwise I have to register Customized fields for various messages and also have to write customized dissectors with the customized variables for particular message type.In this way For the same field in different messages I have to write several instances of the same function containing different names of the fields and subfield which are actually the one and same. Any help will be highly appreciated. Thanks Hemant -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Wednesday, July 02, 2008 11:09 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Query on Field Registration Kumar, Hemant wrote: I just wanted to put up one query regarding field registration in packet-xx.c .Is there any limit on the number of fields which we can register? No. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Query on Field Registration
Isn't _something_ like what you want already present. I agree it is not _exactly_ the same, but it is very similar. Taking your example of the TCP protocol: - Select any frame. - In the Packet Details pane - click + to expand the TCP protocol - click + to expand the Flags. - Select a flag of your choice (e.g. SYN) - Right-click and choose Prepare a filter Selected, and tcp.flags.syn == X appears in the display filter field! Regards, Abhik. On Thu, Jul 3, 2008 at 11:09 PM, Kumar, Hemant [EMAIL PROTECTED] wrote: So that if user wants to select fetch all the messages having subfield == X He should go in the expression window and not put Protocol.Field.subfield == X, but rather just go on hitting on the + buttons and the subtree should appear below it and he can set the parameter for that field and the wireshark will automatically form the expression based on the user selction of trees and subtrees so basically I don't want to put Protocol.Field.subfield beforehand in the expression window but rather just firstly just Protocol will appear then on hitting + for protocol, Field will apper and then on hittin + for Field subfield should appear and then user can set subfield == x and in the expression bar, automatically wireshark will put the expression Protocol.Field.subfield. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] adding some features
Hi, You might find something of use here : http://www.wireshark.org/docs/wsdg_html_chunked/ChapterUserInterface.html. Most (all?) of the GUI code is in the gtk directory. For an example from the Analyze menu, check out gtk\expert_dlg.c. HTH Abhik. On Mon, Jun 30, 2008 at 5:03 PM, Embiza Tadesse [EMAIL PROTECTED] wrote: Hi all I built wireshark from source on my win xp and am trying to add a menu item called 'Radius Filter' on the 'Analyze' menu. I saw the 'gtk\main_menu.c' file and added on the menu_items item factory entry the below code: {/Analyze/radius Filter...,NULL, GTK_MENU_FUNC(radius_cb),0,NULL,NULL}, I want to know where my callback function implementation should be and where the GUI of the application that comes after clicking the menu item should reside thanks ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] [Wireshark-commits] rev 25612: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-syslog.c
Hi Joerg, Actually, I discovered the problem when (by mistake) I captured the trace without the -s 0 option passed to tcpdump. So, actually a large part of the MSU has already been lost. There is no way of knowing what the next nibble was in the original packet, so adding a 0 in the end would actually produce an incorrect last byte (and the MSU would still be incomplete), but removing the last nibble at least ensures that whatever is passed to the MTP3 dissector (even though incomplete) is what was received. So, I think Jeff's approach is OK. Best regards, Abhik. On Fri, Jun 27, 2008 at 2:40 AM, Joerg Mayer [EMAIL PROTECTED] wrote: On Thu, Jun 26, 2008 at 08:40:33PM +, [EMAIL PROTECTED] wrote: From me: Check if that will happen and chop off the nibble before giving it to convert_string_to_hex() so we'll dissect as much of the MSU as possible. Wouldn't it be more helpful to add a 0, that way no information would be lost. ciao Joerg -- Joerg Mayer [EMAIL PROTECTED] We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] wireshark
I believe the data type provided by the field registration it is also used by various functions like (but not limited to): - tshark when it is converting a capture to some text based format (like PDML). - column sorting HTH Abhik. On Wed, Jun 18, 2008 at 5:55 PM, Gilbert Ramirez [EMAIL PROTECTED] wrote: It's needed so that the display filter engine knows about your fields. --gilbert On 6/18/08, Martin Corraine (mcorrain) [EMAIL PROTECTED] wrote: Hello, I need someone to clarify the purpose of the field registration. I've read the readme.developer but I'm still lost. Thanks!, martin static hf_register_info hf[] = { { hf_field_a, { Field A, proto.field_a, FT_UINT8, BASE_HEX, NULL, 0xf0, Field A represents Apples, HFILL }}, { hf_field_b, { Field B, proto.field_b, FT_UINT16, BASE_DEC, VALS(vs), 0x0, Field B represents Bananas, HFILL }} }; ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Regarding rev 25462
Hi, Regarding the mentioned change, would it not be better to rename ADDRBUF_MAX_MESSAGE_SIZE to something like MAX_ADDR_LEN or something similar? Regards, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] problem to register own protoco...
Sub-dissectors can't be added against protocol fields, but against dissector tables. H225 registers the following tables: nsp_object_dissector_table = register_dissector_table(h225.nsp.object, H.225 NonStandardParameter (object), FT_STRING, BASE_NONE); nsp_h221_dissector_table = register_dissector_table(h225.nsp.h221, H.225 NonStandardParameter (h221), FT_UINT32, BASE_HEX); tp_dissector_table = register_dissector_table(h225.tp, H.225 TunnelledProtocol, FT_STRING, BASE_NONE); gef_name_dissector_table = register_dissector_table(h225.gef.name, H.225 Generic Extensible Framework (names), FT_STRING, BASE_NONE); gef_content_dissector_table = register_dissector_table(h225.gef.content, H.225 Generic Extensible Framework, FT_STRING, BASE_NONE); So you have to see which one you need to register against... it is probably h225.tp. There is also a discussion in this thread: http://www.wireshark.org/lists/wireshark-dev/200707/msg00214.html which _might_ be of use. HTH Abhik. On Thu, Jun 12, 2008 at 1:24 PM, H F [EMAIL PROTECTED] wrote: Hi!!! I'm writing a plugin for our program's own protocol, which encapsulates a whole 'q931' package in user-user (look at the end of massage in red ) But I have problem to register own protocol! I'm missing the dissector_add() in my (sub)dissector void proto_reg_handoff_mytype(void) { static gboolean initialized = FALSE; if (!initialized) { H323UserInformation_handle= find_dissector(h323ui); ipnet_handle= create_dissector_handle(dissect_mytype, proto_mytype); dissector_add(h225.messageContent_item,0xFE,mytype_handle); /*0xFE for identifier my protcol */ initialized = TRUE; }; }; But when wireshark build !! I get the error: ** ERROR:(packet.c:697):???: assertion failed: (sub_dissectors) No. TimeSourceDestination Protocol Info 203 15.094231 10.24.30.13 10.24.30.15 Q.931CS: setup SETUP Frame 203 (210 bytes on wire, 210 bytes captured) Arrival Time: Jun 2, 2008 17:57:50.481268000 [Time delta from previous captured frame: 0.016456000 seconds] [Time delta from previous displayed frame: 15.094231000 seconds] [Time since reference or first frame: 15.094231000 seconds] Frame Number: 203 Frame Length: 210 bytes Capture Length: 210 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:q931:q931:h225:q931] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst: Ericsson_52:f2:14 (00:80:37:52:f2:14) Destination: Ericsson_52:f2:14 (00:80:37:52:f2:14) Address: Ericsson_52:f2:14 (00:80:37:52:f2:14) ...0 = IG bit: Individual address (unicast) ..0. = LG bit: Globally unique address (factory default) Source: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c) Address: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c) ...0 = IG bit: Individual address (unicast) ..0. = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15 (10.24.30.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00) 1011 10.. = Differentiated Services Codepoint: Expedited Forwarding (0x2e) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 196 Identification: 0xf0fa (61690) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x3836 [correct] [Good: True] [Bad : False] Source: 10.24.30.13 (10.24.30.13) Destination: 10.24.30.15 (10.24.30.15) Transmission Control Protocol, Src Port: mxomss (1141), Dst Port: h323hostcall (1720), Seq: 1, Ack: 1, Len: 156 Source port: mxomss (1141) Destination port: h323hostcall (1720) Sequence number: 1(relative sequence number) [Next sequence number: 157(relative sequence number)] Acknowledgement number: 1(relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... = Congestion Window Reduced (CWR): Not set .0.. = ECN-Echo: Not set ..0. = Urgent: Not set ...1 = Acknowledgment: Set 1... = Push: Set .0.. = Reset: Not set ..0. = Syn: Not set ...0 = Fin: Not set Window size: 5840 Checksum: 0xc1ad [validation disabled] [Good Checksum: False] [Bad
Re: [Wireshark-dev] Start Dissection from an upper layer?
Hi Guillaume, Perhaps if you can figure out how this mechanism works - http://wiki.wireshark.org/HowToDissectAnything, you could use a similar approach. You could also check wiretap/wtap.h to see if the API you have been provided can produce frames in one of the known types. HTH Abhik. On Tue, Jun 10, 2008 at 3:25 PM, Guillaume Bienkowski [EMAIL PROTECTED] wrote: Hello Guys, I have successfully written a program that uses the Wireshark Lib to dissect some packets. The thing is, through the API I was given from my boss, I can only receive informations from the 3rd layer (IPv4, IPX, ... layer), which confuses the dissectors, and screws the dissection. One solution would be to allocate a temporary buffer which would include my 3rd layer and above, plus a fake header from the 2 bottom layers; but this would mean that I'd have to allocate memory for every packet... not really optimized.. Is it possible to use epan_dissect_run() from an upper layer, telling the library to start dissecting from a packet that has already been shortened? Thanks in advance, Guillaume ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] tvb buffer
Hi Amit, If I am not mistaken, the tvb is first created in the dissect_packet function of epan/packet.c. Hope this helps. Abhik. On Mon, Jun 9, 2008 at 10:12 AM, Amit Paliwal [EMAIL PROTECTED] wrote: thanks for your reply. but can you plz let me know where is it done in source code, if you can tell me where in code is it done i will be in a better position to understand that. Gilbert Ramirez [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 06/09/2008 10:58 AM Please respond to Developer support list for Wireshark wireshark-dev@wireshark.org To Developer support list for Wireshark wireshark-dev@wireshark.org cc Subject Re: [Wireshark-dev] tvb buffer The pcap library collects the data from the operating system. That gets passed to wireshark and the tvb is created. --gilbert On 6/9/08, Amit Paliwal [EMAIL PROTECTED] wrote: I know that in wireshark when a farme is selected the top level dissector is called like ethernet which in turn calls other dissectors. But I really want to know where is this buffer tvb constructed for the first time which is than passed to subsequent dissectors. Is it constructed from the raw data received on the network card. __ ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev __ __ ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Buidling Wireshark using MingW/MSyS on WIndows ?
The information about the Cygwin build is in the Wiki : http://wiki.wireshark.org/Development/CygwinGCC (if that's of any help). On Thu, May 15, 2008 at 4:56 PM, Graham Bloice [EMAIL PROTECTED] wrote: John Smith wrote: I have nothing against Microsoft nor open source, I just chose Eclipse as my build environment as Im used to it on Linux. Furthermore, I see this as a training/tutorial exercise, as I desire to build some other open source software the same way. By the way, MingW/MSYS let's you run ./configure ;make all ; make install on Windows, and most of these projects come with Unix style Makefiles/automake and are pretty hard to get compiled using Microsoft's IDE. For better or worse Wireshark on Windows is built as a windows app using the MS toolchain. Although there is the standard *nix stuff for building on *nix platforms I don't think anyone has attempted to use that on windows for a long time. I believe that someone once managed to get it to build under Cygwin. I wish you luck in your endeavours. -- Regards, Graham Bloice ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] SMTP: Extracting parametrs
Perhaps you could explore the use of the customer columns feature that was recently introduced. This is not exactly what you are looking for but might work out better than a dialog since it is non-obtrusive. You will want to experiment with the following fields: imf.from imf.to imf.subject imf.date You can check out how to setup custom columns in this video: http://ie.youtube.com/watch?v=XpUNXDkfkQg Hope this helps. Abhik. 2008/5/10 goitom kahsay [EMAIL PROTECTED]: Hello, How can i extract these values (From, TO ,Subject and Date) from the SMTP packets displayed in the packet list pane in to a new dialog. Any idea! Thank u in advance On Thu, May 1, 2008 at 1:37 AM, Stig Bjørlykke [EMAIL PROTECTED] wrote: On 30. april. 2008, at 09.44, goitom kahsay wrote: How can i extract the SMTP parameters such as FROM,TO,SUBJECT,DATE and ... from SMTP packets? Hi. I don't know where you want the output, but the SMTP dissector is using the IMF dissector, so it's possible to use tshark to print the values like this: $ tshark -r smtp_data.pcap -e imf.from -e imf.to -e imf.subject -T fields Or you could simply dump all fields and do a grep, like this: $ tshark -V -r smtp_data.pcap | egrep Subject:|From:|To:|Date: -- Stig Bjørlykke ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev -- Benice2all ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Question on text2pcap behaviour
Hi All, I just ran into a small problem while using text2pcap and I wanted to know (before I attempt to fix it) whether this is a problem at all. Let's say I have a text file with a single line as so (this is just an example, not actual payload): 30 31 32 33 34 35 36 37 38 39 0123456789 According to the comments in text2pcap.c, The text at the end is ignored. My interpretation of this is that the text at the end may or may not be present. Perhaps this interpretation is not quite right because, if I have a like like this (quotes added to clarify the situation): 30 31 32 33 34 35 36 37 38 39 the last byte is ignored. However, if the line is like this 30 31 32 33 34 35 36 37 38 39 then it is parsed correctly. Not having the text part in the end is useful sometimes because sometimes we get just a hex dump of the TCP payload (but without the text part in the end). Thanks! Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Question on text2pcap behaviour
On Thu, May 1, 2008 at 2:38 PM, Andy Lawman [EMAIL PROTECTED] wrote: Abhik, text2pcap was designed to read hex dumps in od format ie: with a character representation of the data on the right. If, like me, you have to create a hex dump from some other source to act as input to text2pcap, then it's your responsibility to ensure that there's something on the right that acts as a place holder. I append .. which is sufficient for text2pcap. Andy. Thanks Andy... if that's how it was meant to be, then I'll take your tip (or the shorter path of just adding the space in the end ;-) On Thu, May 1, 2008 at 3:08 PM, Richard van der Hoff [EMAIL PROTECTED] wrote: Thanks Abhik. I suspect the guy that originally posted the patch lost the will to work on it any further after nothing happened for three months... If you could polish up his patch a bit more, that would be fabulous. On a side note (not /neccessarily/ something i expect you to do anything about, Abhik), it would be fabulous if text2pcap had some tests... just some sample input and expected output such that we can check there aren't any regressions as patches get applied. This is true of much of our code... there aren't enough tests for my liking. How do others feel about this? Perhaps I have bitten off a bit more than I can chew here, but it will be a learning experience for me if I can do this... so I take the challenge :-) If someone beats me to it, I don't mind of course. Regards, Abhik ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] New Wireshark welcome page!
What is special about March 1st and June 14th? The welcome page will display a different welcome message from the message The World's Most Popular Network Protocol Analyzer on these two dates. Just curious. This got me very curious as well... so I did a bit of digging around and I finally found this... _July_ (Guy Harris' hint) 14th back in 1998 was probably the day Gerald announced Ethereal. I can't find any direct evidence of this, but the USPTO (www.uspto.gov) website suggests that was the date the trademark was first used publicly. The alternate statement is (was) of course the motto of Ethereal. April 1st is a bit more difficult. I can't find any major incident related to Wireshark/Ethereal linked to that day. So, my guesses: - Perhaps it was an important date in Gerald's switch to the new co.? - or, it is just meant to be a April fool's day joke? Not really sure. I hope no one 'destroy[s my] very existence' after this ;-) Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] RTP Player annoyance
Hello Peter, This might be related to a known issue: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2325 Hope this helps! Abhik. On Mon, Apr 28, 2008 at 12:54 AM, Peter Fuller [EMAIL PROTECTED] wrote: Gentle developers, I believe the new RTP Player placement has been discussed in the mailing list in the past. I'm not sure anyone has noticed, but the ability to type in the selection list on the left hand side is quite a nice feature. However, I can no longer type 'r' t' 'p' and go right to the RTP protocol preference settings. I always go to the RTP Player section. If it plays a role in your design decisions as to what future placement the RTP Player preferences will have, I would like to say that it is a bit of an annoyance having it 'in the way'. A thousand thank yous for your efforts, rkm ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] time
Yikes! Sorry about that! On Thu, Apr 10, 2008 at 7:39 PM, Sake Blok [EMAIL PROTECTED] wrote: On Thu, Apr 10, 2008 at 04:31:57PM +0200, Maria de Fatima Requena wrote: The website itself http://www.wireshark.org/docs/wsug_html_chunked/ChWorkTimeFormatsSect this page doesn???t work for me That's probably because the URL should be: http://www.wireshark.org/docs/wsug_html_chunked/ChWorkTimeFormatsSection.html :-) ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] time
Does this chapter (http://www.wireshark.org/docs/wsug_html_chunked/ChWorkTimeFormatsSection.html) of the user guide provide the answer? Best regards, Abhik. On Thu, Apr 10, 2008 at 11:16 AM, Maria de Fatima Requena [EMAIL PROTECTED] wrote: Hi What is time column expressed in? Milliseconds maybe? María de Fátima Requena Cabot (2488) +34 91 787 23 00 alhambra-eidos.es ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] time
Do you mean that the website wireshark.org doesn't work, or the instructions found at wireshark.org don't work? On Thu, Apr 10, 2008 at 12:36 PM, Maria de Fatima Requena [EMAIL PROTECTED] wrote: Well, i have found the option in the view menu, but I have also found that it is usual for Wireshark.org pages not to work María de Fátima Requena Cabot (2488) +34 91 787 23 00 alhambra-eidos.es -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Abhik Sarkar Enviado el: jueves, 10 de abril de 2008 9:21 Para: Developer support list for Wireshark Asunto: Re: [Wireshark-dev] time Does this chapter (http://www.wireshark.org/docs/wsug_html_chunked/ChWorkTimeFormatsSection.html) of the user guide provide the answer? Best regards, Abhik. On Thu, Apr 10, 2008 at 11:16 AM, Maria de Fatima Requena [EMAIL PROTECTED] wrote: Hi What is time column expressed in? Milliseconds maybe? María de Fátima Requena Cabot (2488) +34 91 787 23 00 alhambra-eidos.es ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Typing in lists
Should fixing this be a pre-requisite for the 1.0 release? Or, would it be easy to update the installers once the fix in GTK becomes available? On Mon, Mar 17, 2008 at 2:48 PM, Anders Broman [EMAIL PROTECTED] wrote: Hi, Thats bug http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2325 which is a GTK problem http://bugzilla.gnome.org/show_bug.cgi?id=520165 Regards Anders -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar Sent: den 17 mars 2008 11:12 To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Typing in lists Hi All, I wanted to know if anyone else is facing this problem before I open a bug report... I am at revision 24663 and I find that unlike earlier, I can't type complete words to make selections in list. E.g. If I go Edit Preferences Protocols and then click the list and try to type http, I can only type h , the first item starting with h is selected and the UI then blocks for a while (what appears to be 10s). This is happening for any lists ('Decode As', for example). This is a marked deviation from what I am used to. I am running on Windows XP Pro SP 2. Thanks! Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Typing in lists
OK, thanks for the feedback Steve. On Tue, Mar 18, 2008 at 11:08 AM, Stephen Fisher [EMAIL PROTECTED] wrote: On Tue, Mar 18, 2008 at 10:58:59AM +0400, Abhik Sarkar wrote: Should fixing this be a pre-requisite for the 1.0 release? Or, would it be easy to update the installers once the fix in GTK becomes available? We're planning on 1.0 going out out in a couple of weeks and the GTK bug probably won't be fixed by then. When the GTK problem is fixed, we would include the new GTK version in a later version of Wireshark instead of updating the 1.0 installer. You would actually be able to get a build in between releases with the fixed GTK once it becomes available. Steve ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] nested dissector
Sorry, don't know enough to help you. I doubt a dissector would try to free a tvbuff, so maybe it is something else. I did have a similar issue sometime back and but it was because I was writing past allocated memory. You might want to use some kind of debugger and attach it to the running wireshark and see if you can get some information about what is causing the crash. You might find some useful hints at: http://wiki.wireshark.org/Development/Tips I know this is not much help, but this is all the help I can offer. Best regards, Abhik. On Tue, Mar 18, 2008 at 2:34 PM, Filippo Margiotta [EMAIL PROTECTED] wrote: Hi Abhik, thank you for the useful suggestion, it is exactly what i was looking for. I have another BIG problem. Wireshark is crashing when the MIKEY dissector is called from the plugin, maybe because the MIKEY dissector (after the dissecting) is trying to release all the tvbuff, but this free(tvbuff) makes Wireshark crashing because probably this tvbuff was allocated in the plugin dll. Is it correct my opinion? There is a way to avoid this? Thanks, Filippo. 2008/3/18, Abhik Sarkar [EMAIL PROTECTED]: If I understand you correctly, Filippo, I think you want to know how you can find out from within your plug-in if the mikey dissector was called (and did its work). I think one of the ways would be to use pinfo-layer_names (which corresponds to frame.protocols). If you can find the string mikey in this field after the protocol has been called and has done its work, I think it will work. Perhaps there is a cleaner way of finding out but I hope this helps. Best regards, Abhik. On Mon, Mar 17, 2008 at 11:35 PM, Jaap Keuter [EMAIL PROTECTED] wrote: Hi, Ehm, I don't follow. Either you call the dissector or you don't. You'll see the mikey dissectors output in the packet detail pane. Thanx, Jaap Filippo Margiotta wrote: Hi Jaap, your information were very useful form me. Thank you. I would ask you another question. I used as your suggestion the function call_dissector(mikey_handle, sub_tvb, ppinfo, tree) from the plugin. How can I understand if the the dissect_mikey is called by the plugin or not. Depending on that I should do different thinks. Thanks, FIlippo 2008/3/16, Jaap Keuter [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi, You could use find_dissector(mikey) to get a handle on it and call it with a tvb subset containing the payload for mikey. Many examples like this in the Wireshark dissectors source tree. Thanx, Jaap Filippo Margiotta wrote: Hi All, the company I am working has a propietary plugin to dissect a specific protocol (let's call XXX). I should add a dissector for the data_payload field in the XXX to be decoded by the MIKEY dissector. Somebody could help me on this please? Thanks, Filippo ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Typing in lists
Hi All, I wanted to know if anyone else is facing this problem before I open a bug report... I am at revision 24663 and I find that unlike earlier, I can't type complete words to make selections in list. E.g. If I go Edit Preferences Protocols and then click the list and try to type http, I can only type h , the first item starting with h is selected and the UI then blocks for a while (what appears to be 10s). This is happening for any lists ('Decode As', for example). This is a marked deviation from what I am used to. I am running on Windows XP Pro SP 2. Thanks! Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Typing in lists
There is already a bug opened for this issue. It seems to be an issue within GTK for which a bug has been filed too. Ah, thanks Sake! ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] nested dissector
If I understand you correctly, Filippo, I think you want to know how you can find out from within your plug-in if the mikey dissector was called (and did its work). I think one of the ways would be to use pinfo-layer_names (which corresponds to frame.protocols). If you can find the string mikey in this field after the protocol has been called and has done its work, I think it will work. Perhaps there is a cleaner way of finding out but I hope this helps. Best regards, Abhik. On Mon, Mar 17, 2008 at 11:35 PM, Jaap Keuter [EMAIL PROTECTED] wrote: Hi, Ehm, I don't follow. Either you call the dissector or you don't. You'll see the mikey dissectors output in the packet detail pane. Thanx, Jaap Filippo Margiotta wrote: Hi Jaap, your information were very useful form me. Thank you. I would ask you another question. I used as your suggestion the function call_dissector(mikey_handle, sub_tvb, ppinfo, tree) from the plugin. How can I understand if the the dissect_mikey is called by the plugin or not. Depending on that I should do different thinks. Thanks, FIlippo 2008/3/16, Jaap Keuter [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi, You could use find_dissector(mikey) to get a handle on it and call it with a tvb subset containing the payload for mikey. Many examples like this in the Wireshark dissectors source tree. Thanx, Jaap Filippo Margiotta wrote: Hi All, the company I am working has a propietary plugin to dissect a specific protocol (let's call XXX). I should add a dissector for the data_payload field in the XXX to be decoded by the MIKEY dissector. Somebody could help me on this please? Thanks, Filippo ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Can't build on Windows
Hello all, I keep getting this error: ... packet-x509af.c packet-x509ce.c packet-x509if.c packet-x509sat.c packet-dcerpc-nt.c Generating Code... NMAKE : fatal error U1077: 'F:\Program Files\Microsoft Visual Studio 8\VC\BIN\cl.EXE' : return code '0x2' Stop. NMAKE : fatal error U1077: 'F:\Program Files\Microsoft Visual Studio 8\VC\BIN\nmake.exe' : return code '0x2' Stop. NMAKE : fatal error U1077: 'F:\Program Files\Microsoft Visual Studio 8\VC\BIN\nmake.exe' : return code '0x2' Stop. I have done a SVN update, and a dist-clean. Any suggestions? Thanks, Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Can't build on Windows
Fixed in r24657. Thank you Stig! I was able to build now. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] new dissector / redback lawful intercept packet
Hello Flo, I think you need to follow this procedure to submit your dissector: http://www.wireshark.org/docs/wsdg_html/#ChSrcSend Best regards, Abhik. On Wed, Feb 27, 2008 at 2:00 PM, Florian Lohoff [EMAIL PROTECTED] wrote: Hi, here a new dissector for the RedBack Smartedge Lawful Intercept packet format. Flo -- Florian Lohoff [EMAIL PROTECTED] +49-171-2280134 Those who would give up a little freedom to get a little security shall soon have neither - Benjamin Franklin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHxTTZUaz2rXW+gJcRAoxMAJ0SD1awbMGqIrvU0Ts+88vYbaW+WQCdFc33 3zi01ekmYhh/WtIjEeVJvqI= =+hDb -END PGP SIGNATURE- ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Can't capture traffic on some ports
Hello, When the traffic is within the machine... the packets will pass through the local TCP/IP stack without going through the network interface... that's why tcpdump/wireshark are unable to see those packets. Hope this helps Abhik. On Feb 10, 2008 2:17 AM, S [EMAIL PROTECTED] wrote: I setup reverse proxy (Pound) to listen on standard ports 80 and 443 and pipe the data to backend server on the same machine (same IP address), to ports 81 83 respectively. Although everything passes OK, I can't capture any traffic on ports 81 or 83 either by using tcpdump or wireshark. Capturing data on 80 or 443 goes without problems. Any help here? ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] nmake -f Makefile.nmake all is failing
Hi Satish, Did you get the sources from a tarball or by checking it out from svn. If it was from svn, you might want to update and try again. Hope this helps Abhik. On Feb 6, 2008 3:16 PM, Satish Srirama [EMAIL PROTECTED] wrote: Hi All, I am new to wireshark development. I am trying to establish the build setup from source code and I am following the developer guidelines. I am getting the following error when I am working with the command nmake -f Makefile.nmake all. The snapshot of the details are : Further details can be provided at request. Can anyone help me? I also tried to distclean again but the error persists. Thanks in advance. Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. bison -d -p ascend ascend-grammar.y -o ascend-grammar.c bash -o igncr ..\tools\runlex.sh flex -oascend-scanner.c ascend-scanne r.l 15432 [main] bash 2588 fork: child -1 - CreateProcessA failed, errno 13 ../tools/runlex.sh: fork: Permission denied flex: could not create bash -o igncr ..\tools\runlex.sh flex -ok12text.c k12text.l 514 [main] bash 2980 fork: child -1 - CreateProcessA failed, errno 13 ../tools/runlex.sh: fork: Permission denied rc /r ..\image\wiretap.rc cl -DWIN32 -DNULL=0 -D_MT -D_DLL -WX -DYYMALLOC=malloc -DYYFREE=free -DH AVE_CONFIG_H /I. /I.. /IC:\wireshark-win32-libs\glib\include\glib-2.0 /IC:\wir eshark-win32-libs\glib\lib\glib-2.0\include /IC:\wireshark-win32-libs\zlib123\in clude /IC:\wireshark-win32-libs\WPdpack/include -D_U_= /Zi /W3 /MD /D_CRT_SEC URE_NO_DEPRECATE /D_CRT_NONSTDC_NO_DEPRECATE /DMSC_VER_REQUIRED=1400 -Fd.\ -c 5v iews.c airopeek9.c ascend.c atm.c ber.c btsnoop.c buffer.c catapult_dct2000.c co mmview.c cosine.c csids.c dbs-etherwatch.c erf.c etherpeek.c eyesdn.c file_acces s.c file_wrappers.c hcidump.c i4btrace.c iptrace.c iseries.c k12.c lanalyzer.c l ibpcap.c mpeg.c mpeg-audio.c netmon.c netscreen.c nettl.c network_instruments.c netxray.c ngsniffer.c pcapng.c pppdump.c radcom.c snoop.c toshiba.c visual.c vms .c wtap.c ascend-grammar.c ascend-scanner.c k12text.c file_util.c Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80x86 Copyright (C) Microsoft Corporation. All rights reserved. 5views.c airopeek9.c ascend.c atm.c ber.c btsnoop.c buffer.c catapult_dct2000.c commview.c cosine.c csids.c dbs-etherwatch.c erf.c etherpeek.c eyesdn.c file_access.c file_wrappers.c hcidump.c i4btrace.c iptrace.c Generating Code... Compiling... iseries.c k12.c lanalyzer.c libpcap.c mpeg.c mpeg-audio.c netmon.c netscreen.c nettl.c network_instruments.c netxray.c ngsniffer.c pcapng.c pppdump.c radcom.c snoop.c toshiba.c visual.c vms.c wtap.c Generating Code... Compiling... ascend-grammar.c ascend-scanner.c c1 : fatal error C1083: Cannot open source file: 'ascend-scanner.c': No such fil e or directory k12text.c k12text.l(65) : fatal error C1083: Cannot open include file: 'k12text_lex.h': No such file or directory file_util.c Generating Code... NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 8\VC\BIN\c l.EXE' : return code '0x2' Stop. NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 8\VC\BIN\n make.exe' : return code '0x2' Stop. Regards, Satish Srirama Looking for last minute shopping deals? Find them fast with Yahoo! Search. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] nmake -f Makefile.nmake all is failing
Well, the original output Satish posted did give this error: bison -d -p ascend ascend-grammar.y -o ascend-grammar.c bash -o igncr ..\tools\runlex.sh flex -oascend-scanner.c ascend-scanne r.l 15432 [main] bash 2588 fork: child -1 - CreateProcessA failed, errno 13 ../tools/runlex.sh: fork: Permission denied flex: could not create So, Satish looks like you need to check your environment a bit more. On Feb 6, 2008 6:28 PM, J.C. Wren [EMAIL PROTECTED] wrote: ascend-scanner.c is produced by flex. As the make reported, the C compiler can't find ascend-scanner.c, so likely flex was unhappy and there was a silent error. Have you updated your cygwin tools recently? I know that flex-2.5.4 works, as that's what's installed on my machine. I would suggest running http://cygwin.com/setup.exe and making sure everything is up to date. If you just click through, it'll do everything for you. --jc On Feb 6, 2008 8:50 AM, Satish Srirama [EMAIL PROTECTED] wrote: Hi Anders and Abhik, Thank you very much for your replys. I have tried with distclean, then checkout the code again and tried to distclean and 'nmake -f Makefile.nmake all'. Still I could not make it work. I tried to download wireshark-0.99.7 and tried to build again. Surprisingly I got the same error. ascend-grammar.c ascend-scanner.c c1 : fatal error C1083: Cannot open source file: 'ascend-scanner.c': No such fil e or directory k12text.c Generating Code... Compiling... file_util.c Generating Code... NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 8\VC\BIN\c l.EXE' : return code '0x2' Stop. NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 8\VC\BIN\n make.exe' : return code '0x2' Stop. Any suggestions? Could there be a trouble with my setup, in general. I am using cygwin, python24 . In this regard I am sending my verify_tools report C:\wireshark-0.99.7nmake -f Makefile.nmake verify_tools Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Checking for required applications: cl: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/cl link: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/link nmake: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/nmake bash: /usr/bin/bash bison: /usr/bin/bison flex: /usr/bin/flex env: /usr/bin/env grep: /usr/bin/grep /usr/bin/find: /usr/bin/find perl: /usr/bin/perl C:/python24/python.exe: /cygdrive/c/python24/python.exe sed: /usr/bin/sed unzip: /usr/bin/unzip wget: /usr/bin/wget Thanks Regards, Satish - Original Message From: Anders Broman [EMAIL PROTECTED] To: Developer support list for Wireshark wireshark-dev@wireshark.org Sent: Wednesday, February 6, 2008 12:38:41 PM Subject: Re: [Wireshark-dev] nmake -f Makefile.nmake all is failing Hi, Start off with a distclean... /Anders -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar Sent: den 6 februari 2008 12:35 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] nmake -f Makefile.nmake all is failing Hi Satish, Did you get the sources from a tarball or by checking it out from svn. If it was from svn, you might want to update and try again. Hope this helps Abhik. On Feb 6, 2008 3:16 PM, Satish Srirama [EMAIL PROTECTED] wrote: Hi All, I am new to wireshark development. I am trying to establish the build setup from source code and I am following the developer guidelines. I am getting the following error when I am working with the command nmake -f Makefile.nmake all. The snapshot of the details are : Further details can be provided at request. Can anyone help me? I also tried to distclean again but the error persists. Thanks in advance. Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. bison -d -p ascend ascend-grammar.y -o ascend-grammar.c bash -o igncr ...\tools\runlex.sh flex -oascend-scanner.c ascend-scanne r.l 15432 [main] bash 2588 fork: child -1 - CreateProcessA failed, errno 13 .../tools/runlex.sh: fork: Permission denied flex: could not create bash -o igncr ...\tools\runlex.sh flex -ok12text.c k12text.l 514 [main] bash 2980 fork: child -1 - CreateProcessA failed, errno 13 .../tools/runlex.sh: fork: Permission denied rc /r ...\image\wiretap.rc cl -DWIN32 -DNULL=0 -D_MT -D_DLL -WX -DYYMALLOC=malloc -DYYFREE=free -DH AVE_CONFIG_H /I. /I.. /IC:\wireshark-win32-libs\glib\include\glib-2.0 /IC:\wir eshark-win32-libs\glib\lib\glib-2.0