Re: [Wireshark-dev] Gitlab missing feature compared to Github

2021-10-30 Thread Ivan Nardi 
> there is one very valuable feature of github that was lost in the transition 
> to giblab:
> The commit message does no longer reference the merge request, making it way 
> harder to
> look at the discussion leading to a merge.

+1. I really miss this feature (of Gerrit)! Incredibly useful

Ivan
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Unable to compile latest master

2021-10-04 Thread Ivan Nardi 
Hi João,
after executing these commands, everything worked! Thanks very much
Not sure what happened, though (git status was "clean")
Anyway, thanks a lot

Ivan

On Mon, 4 Oct 2021 at 18:04, João Valverde via Wireshark-dev
 wrote:
>
>
>
> On 04/10/21 14:29, Ivan Nardi wrote:
> > Hi
> > I am not able to compile the latest master, even if I start from
> > scratch (on ubuntu 20.04). Everything was fine until 1-2 weeks ago.
> >
> > ivan@ivan-Latitude-E6540:~/svnrepos/wireshark(master)$ mkdir
> > wireshark-master-asan
> > ivan@ivan-Latitude-E6540:~/svnrepos/wireshark(master)$ cd 
> > wireshark-master-asan/
> > ivan@ivan-Latitude-E6540:~/svnrepos/wireshark/wireshark-master-asan(master)$
> > cmake .. -DENABLE_ASAN=ON -DENABLE_UBSAN=ON
> > [...]
> > ivan@ivan-Latitude-E6540:~/svnrepos/wireshark/wireshark-master-asan(master)$
> > make -j5
> > [...]
> > [  9%] Generating grammar.c, grammar.h, grammar.out
> > [  9%] Generating scanner.c, scanner_lex.h
> > [  9%] Building C object wsutil/CMakeFiles/wsutil.dir/802_11-utils.c.o
> > Scanning dependencies of target dfilter
> > [  9%] Building C object epan/dfilter/CMakeFiles/dfilter.dir/dfilter.c.o
> > [  9%] Building C object wsutil/CMakeFiles/wsutil.dir/adler32.c.o
> > /home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c: In function 
> > ‘tokenstr’:
> > /home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c:229:8: error:
> > ‘TOKEN_WHITESPACE’ undeclared (first use in this function); did you
> > mean ‘TOKEN_TEST_GE’?
> >229 |   case TOKEN_WHITESPACE: return "WHITESPACE";
> >|^~~~
> >|TOKEN_TEST_GE
> > /home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c:229:8: note: each
> > undeclared identifier is reported only once for each function it
> > appears in
> > /home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c:230:8: error:
> > ‘TOKEN_DOTDOT’ undeclared (first use in this function); did you mean
> > ‘TOKEN_COLON’?
> >230 |   case TOKEN_DOTDOT: return "DOTDOT";
> >|^~~~
> >|TOKEN_COLON
> > make[2]: *** [epan/dfilter/CMakeFiles/dfilter.dir/build.make:82:
> > epan/dfilter/CMakeFiles/dfilter.dir/dfilter.c.o] Error 1
> > make[1]: *** [CMakeFiles/Makefile2:7040:
> > epan/dfilter/CMakeFiles/dfilter.dir/all] Error 2
> > make[1]: *** Waiting for unfinished jobs
> >
> >
> > Since everythings is working on Gitlab CI, it should be something on
> > my side... any clues?
>
> Not sure what is going on there. Those macro symbols are defined in
> grammar.h. To start from scratch you should run
>
> $ git reset --hard
> $ git checkout master
> $ git clean -xfd
> $ git pull
>
> in your source dir. Note that this will wipe every modification and
> untracked file in your tree.
>
> > Thanks
> >
> > Ivan
> > ___
> > Sent via:Wireshark-dev mailing list 
> > Archives:https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >   mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
> >
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Unable to compile latest master

2021-10-04 Thread Ivan Nardi 
Hi
I am not able to compile the latest master, even if I start from
scratch (on ubuntu 20.04). Everything was fine until 1-2 weeks ago.

ivan@ivan-Latitude-E6540:~/svnrepos/wireshark(master)$ mkdir
wireshark-master-asan
ivan@ivan-Latitude-E6540:~/svnrepos/wireshark(master)$ cd wireshark-master-asan/
ivan@ivan-Latitude-E6540:~/svnrepos/wireshark/wireshark-master-asan(master)$
cmake .. -DENABLE_ASAN=ON -DENABLE_UBSAN=ON
[...]
ivan@ivan-Latitude-E6540:~/svnrepos/wireshark/wireshark-master-asan(master)$
make -j5
[...]
[  9%] Generating grammar.c, grammar.h, grammar.out
[  9%] Generating scanner.c, scanner_lex.h
[  9%] Building C object wsutil/CMakeFiles/wsutil.dir/802_11-utils.c.o
Scanning dependencies of target dfilter
[  9%] Building C object epan/dfilter/CMakeFiles/dfilter.dir/dfilter.c.o
[  9%] Building C object wsutil/CMakeFiles/wsutil.dir/adler32.c.o
/home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c: In function ‘tokenstr’:
/home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c:229:8: error:
‘TOKEN_WHITESPACE’ undeclared (first use in this function); did you
mean ‘TOKEN_TEST_GE’?
  229 |   case TOKEN_WHITESPACE: return "WHITESPACE";
  |^~~~
  |TOKEN_TEST_GE
/home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c:229:8: note: each
undeclared identifier is reported only once for each function it
appears in
/home/ivan/svnrepos/wireshark/epan/dfilter/dfilter.c:230:8: error:
‘TOKEN_DOTDOT’ undeclared (first use in this function); did you mean
‘TOKEN_COLON’?
  230 |   case TOKEN_DOTDOT: return "DOTDOT";
  |^~~~
  |TOKEN_COLON
make[2]: *** [epan/dfilter/CMakeFiles/dfilter.dir/build.make:82:
epan/dfilter/CMakeFiles/dfilter.dir/dfilter.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:7040:
epan/dfilter/CMakeFiles/dfilter.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs


Since everythings is working on Gitlab CI, it should be something on
my side... any clues?
Thanks

Ivan
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Triggering "Windows Build" job

2021-09-13 Thread Ivan Nardi 
Hi Roland
I thought that the present configuration was a trade-off between
flexibility and resource constraints.
Thank you very much for the suggestions, very appreciated! I will
definitely compile Wireshark with both gcc and clang from now on.

Thanks for your reply
Kind regards


Ivan

On Mon, 13 Sept 2021 at 11:24, Roland Knall  wrote:
>
> Hi Ivan
>
> We have a limited number of machines for our build-jobs. Therefore only when 
> we set the merge-request to a semi-done level, buildjobs are triggered. What 
> you can do though, is run your own pipeline, and use our .gitlab-ci.yml file 
> as a template.
>
> At this point we do not plan on making the builders available to everyone. 
> But if you submit your changes, we can trigger it for you.
>
> Btw, as a Mac & Linux user myself, I keep a virtualbox around just for that 
> purpose. To be able to build Wireshark. It is not required, but certainly 
> helps. Also, building Wireshark on your local Linux machine with a clang 
> compiler instead of gcc, will also identify most issues with the Microsoft VS 
> compilers (as was my experience in the past)
>
> kind regards
> Roland
>
> Am Mo., 13. Sept. 2021 um 11:17 Uhr schrieb Ivan Nardi :
>>
>> Hi
>>
>> If I am not wrong, the "Windows Build" job is triggered only after a
>> maintainer picks up the MR and assigns it to the "Wireshark GitLab
>> Utility".
>> Is there any way I can trigger it myself?
>>
>> Some background.
>> I don't have a Windows machine to build Wireshark myself.
>> My last MR (https://gitlab.com/wireshark/wireshark/-/merge_requests/3628)
>> triggers a warning only in the Windows build.
>> I **think** to have a fix for it. I could push it, wait for a
>> maintainer to pick it up again and cross my fingers...
>> But if I could trigger the Windows test myself it should be less a
>> bother to anyone.
>> Can I do that somehow?
>>
>> I hope I made myself clear
>> Thanks
>>
>> Ivan
>> ___
>> Sent via:Wireshark-dev mailing list 
>> Archives:https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Triggering "Windows Build" job

2021-09-13 Thread Ivan Nardi 
Hi

If I am not wrong, the "Windows Build" job is triggered only after a
maintainer picks up the MR and assigns it to the "Wireshark GitLab
Utility".
Is there any way I can trigger it myself?

Some background.
I don't have a Windows machine to build Wireshark myself.
My last MR (https://gitlab.com/wireshark/wireshark/-/merge_requests/3628)
triggers a warning only in the Windows build.
I **think** to have a fix for it. I could push it, wait for a
maintainer to pick it up again and cross my fingers...
But if I could trigger the Windows test myself it should be less a
bother to anyone.
Can I do that somehow?

I hope I made myself clear
Thanks

Ivan
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Issue notifications

2021-06-08 Thread Ivan Nardi 
Just an update: the issue has been fixed by GitLab:
https://gitlab.com/gitlab-org/gitlab/-/issues/330033#note_589470025
I checked and everything seems fine now

Ivan

On Wed, 12 May 2021 at 19:47, Gerald Combs  wrote:
>
> This appears to be a GitLab bug:
>
> https://gitlab.com/gitlab-org/gitlab/-/issues/330033
>
> On 5/11/21 10:54 AM, chuck c wrote:
> > I don't have a fix but you're not alone.
> > Unable to change for open issue that I created:
> > https://gitlab.com/wireshark/wireshark/-/issues/17325 
> > <https://gitlab.com/wireshark/wireshark/-/issues/17325>
> >
> >
> >
> > On Mon, May 10, 2021 at 1:14 PM Ivan Nardi  > <mailto:nardi.i...@gmail.com>> wrote:
> >
> > Hi
> > Recently, I haven't been able to enable notifications for the gitlab
> > issues I am interested in: I can't toggle the "Notifications" button
> > (it seems disabled; see attachment)
> > Until some weeks ago I was able to do that.
> >
> > Something wrong in my environment or is this new behavior the expected 
> > one?
> >
> > Thanks in advance
> > Ivan
> > 
> > ___
> > Sent via:Wireshark-dev mailing list  > <mailto:wireshark-dev@wireshark.org>>
> > Archives: https://www.wireshark.org/lists/wireshark-dev 
> > <https://www.wireshark.org/lists/wireshark-dev>
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 
> > <https://www.wireshark.org/mailman/options/wireshark-dev>
> >   mailto:wireshark-dev-requ...@wireshark.org 
> > <mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe
> >
> >
> > ___
> > Sent via:Wireshark-dev mailing list 
> > Archives:https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >   mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
> >
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Issue notifications

2021-05-10 Thread Ivan Nardi 
Hi
Recently, I haven't been able to enable notifications for the gitlab
issues I am interested in: I can't toggle the "Notifications" button
(it seems disabled; see attachment)
Until some weeks ago I was able to do that.

Something wrong in my environment or is this new behavior the expected one?

Thanks in advance
Ivan
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Compile fails after fetch

2020-11-19 Thread Ivan Nardi 
Hi
could you share your environment details, please? SO, compiler version
and, particularly, libgcrypt version
Thanks

Ivan

On Thu, 19 Nov 2020 at 17:51, Mora, Jorge  wrote:
>
> Hello,
>
>
>
> After a git fetch, compile fails with the following:
>
> [ 50%] Building C object 
> epan/dissectors/CMakeFiles/dissectors.dir/packet-quic.c.o
>
> /home/mora/wireshark/epan/dissectors/packet-quic.c:603:1: error: 
> ‘quic_are_ciphers_initialized’ defined but not used [-Werror=unused-function]
>
> quic_are_ciphers_initialized(quic_ciphers *ciphers)
>
> ^
>
> cc1: all warnings being treated as errors
>
> make[2]: *** [epan/dissectors/CMakeFiles/dissectors.dir/packet-quic.c.o] 
> Error 1
>
> make[1]: *** [epan/dissectors/CMakeFiles/dissectors.dir/all] Error 2
>
>
>
> $ git log
>
> commit 1d7bc367e943464f912a67ad436fabddb1a61a37
>
> Author: Anders Broman 
>
> Date:   Wed Nov 18 13:56:52 2020 +0100
>
>
>
> GSM A Common: Dissect polygon points
>
>
>
>
>
> Two weeks ago I did a git fetch and I was able to compile with no problems.
>
>
>
>
>
> --Jorge
>
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Glitches in UI when using recent buildbot development versions

2019-06-29 Thread Ivan Nardi 
Qt 5.9.5

Thanks

Ivan

On Sat, 29 Jun 2019 at 21:51, Roland Knall  wrote:

> Could you post your Qt version? You will find it in the about dialog.
>
> Am 29.06.2019 um 17:44 schrieb Ivan Nardi :
>
> Hi
>
> On Fri, 28 Jun 2019 at 18:12, Jim Young  wrote:
>
>>
>> The first glitch has to do with "Apply as filter".  With this glitch I
>> had right-mouse selected the tcp.stream field and then selected the Apply
>> as filter.  But instead an unexpected display filter was applied.  I
>> thought I had mis-clicked on the packet details items so I tried again but
>> had the same results.  I then expanded the frame tree and right-mouse
>> clicked on frame.interface_id followed by Apply as filter but again the
>> wrong filter was entered into the display filter field.  At this point I
>> opted to shutdown and restart Wireshark since this particular instance of
>> Wireshark had been running for perhaps day or two and I had captured and
>> opened numerous trace files.
>>
>
> I am randomly facing the same issue: when a field is selected, if I select
> "Apply/Prepare as filter" an unexpected filter (probably a previous one) is
> executed
> Environment: ubuntu 18.04, today master (but I have been seeing this
> glitch from a couple of days)
> Let me know if you need further information
>
> Ivan
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
> 
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Glitches in UI when using recent buildbot development versions

2019-06-29 Thread Ivan Nardi 
Hi

On Fri, 28 Jun 2019 at 18:12, Jim Young  wrote:

>
> The first glitch has to do with "Apply as filter".  With this glitch I had
> right-mouse selected the tcp.stream field and then selected the Apply as
> filter.  But instead an unexpected display filter was applied.  I thought I
> had mis-clicked on the packet details items so I tried again but had the
> same results.  I then expanded the frame tree and right-mouse clicked on
> frame.interface_id followed by Apply as filter but again the wrong filter
> was entered into the display filter field.  At this point I opted to
> shutdown and restart Wireshark since this particular instance of Wireshark
> had been running for perhaps day or two and I had captured and opened
> numerous trace files.
>

I am randomly facing the same issue: when a field is selected, if I select
"Apply/Prepare as filter" an unexpected filter (probably a previous one) is
executed
Environment: ubuntu 18.04, today master (but I have been seeing this glitch
from a couple of days)
Let me know if you need further information

Ivan
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dealing with aggregated packets

2018-07-03 Thread Ivan Nardi 
Hi

I work with sctp pcaps very often and I have always found that Wireshark
doesn't handle them in a practical way
The far biggest issue is the display filter logic

As a workaround, I have to externally pre-process the traces and "de-chunk"
the sctp packets: when every sctp packet contains only one chunk everything
works like a charm, as usual

>From a user point of view, I would like an improvement in the display
filters:
* you should be able to match a specific sub-packet. I mean, when the
filter is something like "sccp.xxx ==  && gsm_a. == " I do
expect the matched fields to be on the same sub-packet, not on different
chunks of the same sctp packet. AFAIK one way to achieve this goal is
forcing all protocol fields above sctp (or any other "aggregating"
protocol) to be per sub-packets, not per packets (as today). In this way,
there shouldn't be multiple fields anymore
* when there is a display filter (involving sub-protocol fields), only
matching sub-packets should be visualized in the packet list
* you should be able to export only visualized sub-packets in a valid file.
Just my 2 cents, based on my personal workflow

I fully understand that my wish-list requires a huge amount of work;
improving only the visual representation of the packets/sub-packet should
be an important step forward anyway

I don't have the expertize to write GUI or "core" code, but I am more than
willing to test any solutions

Thank you very much for bringing up this topic

Ivan

On Mon, 2 Jul 2018 21:19 Darien Spencer,  wrote:

> Hey devs
> There's something that has been bothering me in my wireshark experience
> and I wanted to bring to discussion
> *Some protocols can aggregate several payloads *such as *SCTP and TCP*
> Viewing those in wireshark could be difficult if many payloads are present.
> Specificly *the Info column gets long quickly *(assuming fences are used)
>
> Here is an example - the info column of a SCTP packet with 6 payloads:
> https://i.imgur.com/GeA2WmU.png
>
> It can be challenging to spot a specific packets in those overpopulated
> info columns
> further more, once you find the right packet by the info column you are
> served with your next challenge -
> finding which of the aggregated packets in the protocol tree is the one
> you are looking for.
>
> I was thinking about introducing a newer concept to wireshark in the form
> of *"sub-packets"*
> Maybe that's a cosmetic feature to add to the Qt GUI and maybe it required
> some changes to the dissection engine. I'm not familiar enought with the
> GUI to tell.
> What I had in mind is an option to 'expend' a packet in the main view so
> its aggregated sub packets are seen in a tree under it
> Here's a mock hoping it's get the idea across:
> https://i.imgur.com/WfSvg6x.png
>
> I can imagine how this might require a change to the way info is saved in
> the dissectors.
>
>
> Does anyone else feel this is an issue when analysing traffic?
> Is this a feature fitting the GUI/User experience guidelines of wireshark?
>
> Cheers,
> Darien
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Tools to anonymize pcaps with cellular/3gpp traffic

2017-06-08 Thread Ivan Nardi 
Hi Jasper

On 7 June 2017 at 21:38, Jasper Bongertz  wrote:
>
> Anyway, if you can get me PCAPs and Specs for the stuff on top of
> TCP/UDP I can see what I can do. That's basically what happened for

Only one note: AFAIK 3gpp/cellular protocols are not usually on top of
TCP/UDP (with the main exception of GTP_U/C) but on top of SCTP (or
even some SS7 stuff)

Thanks for your inputs
Ivan
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Tools to anonymize pcaps with cellular/3gpp traffic

2017-06-08 Thread Ivan Nardi 
Hi all
thanks everyone for your replies and for reporting your valuable
experience on this topic.
I knew that I was asking for too much but I'll take a look at the
programs that have been named.

Cheers
Ivan



On 7 June 2017 at 20:54, Ivan Nardi <nardi.i...@gmail.com> wrote:
> Hi
> There are a few public available tools that anonymize pcap files, but they
> usually target L2-L4 layers and "standard" protocols (i.e. dns, icmp,...)
> Is there any tool which sanitizes information carried on "3gpp" protocols
> (ranap, bssap, gsm_a dtap, gsm_map, sgsap...) or, at least, on some of them?
>
> I am not looking for something particularly advanced: zeroing mcc and mnc
> (both in imsi and in cell/location information) should be enough, even
> without checksum updating.
>
> The goal is to easily share some pcaps without changing them with an
> hex-editor by hand
>
> I know that I am asking for a very specific tool, but it's worth giving it a
> try...
>
> Thanks in advance
> Ivan
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Tools to anonymize pcaps with cellular/3gpp traffic

2017-06-07 Thread Ivan Nardi 
Hi
There are a few public available tools that anonymize pcap files, but they
usually target L2-L4 layers and "standard" protocols (i.e. dns, icmp,...)
Is there any tool which sanitizes information carried on "3gpp" protocols
(ranap, bssap, gsm_a dtap, gsm_map, sgsap...) or, at least, on some of them?

I am not looking for something particularly advanced: zeroing mcc and mnc
(both in imsi and in cell/location information) should be enough, even
without checksum updating.

The goal is to easily share some pcaps without changing them with an
hex-editor by hand

I know that I am asking for a very specific tool, but it's worth giving it
a try...

Thanks in advance
Ivan
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe