[Wireshark-dev] (no subject)

[Googlelovez Funnyjaxzg]

Hi I'm trying to help from a piece of Samsung haxed by a lot of people
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Pratikshya Das]

Hey there, I'm Pratikshya, a computer science engineering sophomore. I'm
interested in the project : "Secure Shell Decryption Support". I'm fluent
in C, C++ and Python. Can anyone guide me through this, or give a detailed
insight on this?!
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Robert Denes Photography]

Please EditorGroup  you can edit
this wiki...  Im Robert Denes
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Pascal Quantin]

Hi Ralf,

You patch is under review in Gerrit: https://code.wireshark.org/review/29147
You did not get it with a fresh clone because it has not gone through the
review process test and has not been merged in the repository.

Best regards,
Pascal.


Le mer. 15 août 2018 à 10:24, Nasilowski, Ralf  a
écrit :

> Hi,
>
>
>
> I tried to upload my small patch
>
>
>
>   Added "wireshark-win32-libs/" and "wireshark-win64-libs/" to ".gitignore"
>
>
>
> without success. I proceeded as follows (Windows 7, starting from parent
> dir after deleting previous "wireshark" dir:
>
>
>
>   $ git clone https://ralf-nasilow...@code.wireshark.org/review/wireshark
>
>
>
>   $ cd wireshark
>
>
>
>   $ ls .git/hooks
>
>
>
> then after noting "commit-msg*" was missing
>
>
>
>   $ cd .git/hooks
>
>
>
>   $ wget --no-check-certificate 
> https://gerrit.wikimedia.org/r/tools/hooks/commit-msg
>
>
>
>   $ cd -
>
>
>
> to install the hook.
>
>
>
> Then I did my small change in ".gitignore", then
>
>
>
>   $ git add .
>
>
>
>   $ git status
>
>
>
> then after noting no parasitic stuff (such as wireshark-win32-libs/) had
> been added
>
>
>
>   $ git commit -a
>
>
>
> then after noting Change-Id line had been inserted
>
>
>
>   $ git review -f
>
>
>
> to push. This was apparently successful, however with message "Could not
> remove master" or similar.
>
>
>
> To verify, I deleted my local "wireshark" dir, and downloaded again with
>
>
>
>   $ git clone https://ralf-nasilow...@code.wireshark.org/review/wireshark
>
>
>
> However, my small patch was not present in git log, ie the upload failed.
>
>
>
> What did I do wrong???
>
>
>
>
>
> Best regards,
>
>
>
> Ralf Nasilowski
>
>
>
> *ise Individuelle Software und Elektronik GmbH *
>
>
>
> Osterstrasse 15
>
> 26122 Oldenburg
>
> Germany
>
>
>
> Tel.: +49 441 68006-41
>
> Fax: +49 441 68006-10
>
> E-Mail: ralf.nasilow...@ise.de 
>
> Internet: http://www.ise.de
>
>
>
> Commercial register: Amtsgericht Oldenburg, HRB 3701
>
> General manager: Christoph Sahm, Detlef Boss
>
>
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Nasilowski, Ralf]

Hi,

 

I tried to upload my small patch

 

  Added "wireshark-win32-libs/" and "wireshark-win64-libs/" to ".gitignore"

 

without success. I proceeded as follows (Windows 7, starting from parent dir
after deleting previous "wireshark" dir:

 

  $ git clone  
https://ralf-nasilow...@code.wireshark.org/review/wireshark
 
  $ cd wireshark
 
  $ ls .git/hooks
 
then after noting "commit-msg*" was missing
 
  $ cd .git/hooks
 
  $ wget --no-check-certificate

https://gerrit.wikimedia.org/r/tools/hooks/commit-msg
 
  $ cd -
 
to install the hook.
 
Then I did my small change in ".gitignore", then
 
  $ git add .

 

  $ git status

 

then after noting no parasitic stuff (such as wireshark-win32-libs/) had
been added

 
  $ git commit -a

 

then after noting Change-Id line had been inserted

 

  $ git review -f

 

to push. This was apparently successful, however with message "Could not
remove master" or similar.

 

To verify, I deleted my local "wireshark" dir, and downloaded again with

 

  $ git clone  
https://ralf-nasilow...@code.wireshark.org/review/wireshark
 
However, my small patch was not present in git log, ie the upload failed.
 
What did I do wrong???
 

 

Best regards,

 

Ralf Nasilowski

 

ise Individuelle Software und Elektronik GmbH 

 

Osterstrasse 15

26122 Oldenburg

Germany

 

Tel.: +49 441 68006-41

Fax: +49 441 68006-10

E-Mail: ralf.nasilow...@ise.de  

Internet:   http://www.ise.de

 

Commercial register: Amtsgericht Oldenburg, HRB 3701

General manager: Christoph Sahm, Detlef Boss

 

 



smime.p7s
Description: S/MIME cryptographic signature
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Ajay koti]

I vant to learn the haking
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Jaap Keuter]

Well, you are… It’s a community thing, where lots of input is collected and 
made available to the public. 
So go browse through the resources and find a place where you feel you can 
contribute.

Enjoy.


> On 26 Dec 2016, at 14:53, Jonathan Mator  wrote:
> 
> I want to be part of this organization
> 

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Jonathan Mator]

I want to be part of this organization
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Amavi Claude]

How can i Download wireshark?
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[khemis haythem]

 
Khemis Haythem
Adresse: BoitePostale 101  4118, Mednine
GSM : +216 55 69 19 90
E-mail : khemis.hayt...@yahoo.fr
Statut : Élèveingénieur 
Spatialité : Géniedes Communications etdesRéseaux 
Ecole : Ecole National d'IngénieursdeGabes 
 
  hello, 
I was just hoping if anyone could provide me with some good tutorials to write 
your own dissector in Wireshark and add it as a pluggin to Wireshark. please i 
m really blocked, i really want someone who tell from where i begin because i 
don't know from where i begin, i can't understand all the envirement in witch i 
work, the file .c all changes muste i do, how to commit my changes, there is 
nothing clear. please answer me i m really blocked 
Thanks and Regards, 
haythem  
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Hadriel Kaplan]

Start here:
http://wiki.wireshark.org/Development
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=doc/README.dissector
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=doc/README.developer

-hadriel


On Mar 28, 2014, at 8:49 PM, khemis haythem khemis.hayt...@yahoo.fr wrote:

 
  
 Khemis Haythem
 Adresse : Boite Postale 101  4118, Mednine
 GSM : +216 55 69 19 90
 E-mail : khemis.hayt...@yahoo.fr
 Statut : Élève ingénieur 
 Spatialité : Génie des Communications et des Réseaux 
 Ecole : Ecole National d'Ingénieurs de Gabes 
  
   hello, 
 I was just hoping if anyone could provide me with some good tutorials to 
 write your own dissector in Wireshark and add it as a pluggin to Wireshark. 
 please i m really blocked, i really want someone who tell from where i begin 
 because i don't know from where i begin, i can't understand all the 
 envirement in witch i work, the file .c all changes muste i do, how to commit 
 my changes, there is nothing clear. please answer me i m really blocked 
 Thanks and Regards, 
 haythem  
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Dario Lombardo]

Do you want to keep the pdml file format, or do you just want to export a
subset of infos?

In the latter case you can use the -T fields switch plus the -e switch.


On Thu, Mar 6, 2014 at 8:04 AM, varsha mintri vmin...@yahoo.com wrote:

 Hi,

 I wanted to reduce the details produced while exporting a capture file as
 pdml file so that the file size could be reduced.Can anyone help??

 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org
 ?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[varsha mintri]

I want to keep the pdml file. I am seeking for a method that reduces the 
content. If i put the question other way round  : I want to convert a .cap file 
to .pdml file to generate only few information not an entire pdml file.Thank 
you.



On Thursday, 6 March 2014 2:01 PM, Dario Lombardo dario.lombardo...@gmail.com 
wrote:
 
Do you want to keep the pdml file format, or do you just want to export a 
subset of infos?

In the latter case you can use the -T fields switch plus the -e switch.



On Thu, Mar 6, 2014 at 8:04 AM, varsha mintri vmin...@yahoo.com wrote:

Hi,


I wanted to reduce the details produced while exporting a capture file as pdml 
file so that the file size could be reduced.Can anyone help??
___
Sent via:    Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[varsha mintri]

Hi,

I wanted to reduce the details produced while exporting a capture file as pdml 
file so that the file size could be reduced.Can anyone help??___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Edwin Abraham]

-- 
*Edwin Abraham,*
Skype ID: edwin_abraham12
BITS-Pilani, K.K. Birla Goa Campus
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Alexis La Goutte]

On Thu, May 9, 2013 at 4:20 AM, Prameswar Lal engg.p...@gmail.com wrote:

 but  i have already submitted this before 3 may  to GSOC 13 website.
 i get a mail to edit this .
 then i edit it after some time when i receive this mail.
 mail also show that we will review it later. so i am waiting for review.

 please  sir ,
 tell me what i do for this project.
 my interest to work on this project.


Hi,
The proposals are under review by mentors team.

Regards,



 On 5/9/13, Alexis La Goutte alexis.lagou...@gmail.com wrote:
  Ho Olexandr,
 
  It is too late for GSoc'13, the student application must be send in GSOC
  Website before the 3 May.
 
 
 
 
  On Tue, May 7, 2013 at 6:31 PM, Olexandr Buchkovsky 
  olex.buchkov...@gmail.com wrote:
 
  Hi. My name is Olexandr Buchkovsky I'm a student of National Aviation
  University in Kyiv, Ukraine.
   I would like to work on your project Wireshark for Android in GSoC.
   I wonder, can I rise my chances (Demo project or smt.) to be approved
  for this project?
   Thanks.
 
 ___
  Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
  Archives:http://www.wireshark.org/lists/wireshark-dev
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
   mailto:wireshark-dev-requ...@wireshark.org
  ?subject=unsubscribe
 
 

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Olexandr Buchkovsky]

Hi. My name is Olexandr Buchkovsky I'm a student of National Aviation
University in Kyiv, Ukraine.
 I would like to work on your project Wireshark for Android in GSoC.
 I wonder, can I rise my chances (Demo project or smt.) to be approved
for this project?
 Thanks.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Alexis La Goutte]

Ho Olexandr,

It is too late for GSoc'13, the student application must be send in GSOC
Website before the 3 May.




On Tue, May 7, 2013 at 6:31 PM, Olexandr Buchkovsky 
olex.buchkov...@gmail.com wrote:

 Hi. My name is Olexandr Buchkovsky I'm a student of National Aviation
 University in Kyiv, Ukraine.
  I would like to work on your project Wireshark for Android in GSoC.
  I wonder, can I rise my chances (Demo project or smt.) to be approved
 for this project?
  Thanks.
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org
 ?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Prameswar Lal]

but  i have already submitted this before 3 may  to GSOC 13 website.
i get a mail to edit this .
then i edit it after some time when i receive this mail.
mail also show that we will review it later. so i am waiting for review.

please  sir ,
tell me what i do for this project.
my interest to work on this project.


On 5/9/13, Alexis La Goutte alexis.lagou...@gmail.com wrote:
 Ho Olexandr,

 It is too late for GSoc'13, the student application must be send in GSOC
 Website before the 3 May.




 On Tue, May 7, 2013 at 6:31 PM, Olexandr Buchkovsky 
 olex.buchkov...@gmail.com wrote:

 Hi. My name is Olexandr Buchkovsky I'm a student of National Aviation
 University in Kyiv, Ukraine.
  I would like to work on your project Wireshark for Android in GSoC.
  I wonder, can I rise my chances (Demo project or smt.) to be approved
 for this project?
  Thanks.
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org
 ?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Kurt Knochner]

On 2013-02-08 16:44, Lee Brooks wrote:

_Just to clarify when I say update the packet filters I mean to
change the filters of a .pcap file that has already been
opened/displayed._


changing the display filter while Wireshark is running, sounds like
remote control of the GUI. Can you describe a common use case for
this extension?

Regards
Kurt
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[ankit]

Hi
 Thank you fro your suggestion. I have solved the problem. The problem
was in the FIELDDISPLAY part of the definition of hf_event_link_detect.
It is defined as 1 but is to be put as 32 ie the size of hf_event_list.

Thanks  Regards
Ankith

On Wed, 2012-03-21 at 19:29 +0100, Alexis La Goutte wrote:
 Hi Ankitha,
 
 What the value of event_fields ?
 Do you have look other dissector use proto_tree_add_bitmask ?
 (packet-gsm_sim.c or packet-ieee80211.c )
 
 Regards,
 
 On Wed, Mar 21, 2012 at 4:50 PM, anki...@cdac.in wrote:
 Hi
  I am currently working on developing of MIH protocol plugin.
 I am
 using proto_tree_add_bitmask and getting the error in the
 packets as -
 17:55:33  Warn Dissector bug, protocol MIH, in packet
 8:
 proto.c:7166: failed assertion len * 8 == hf-display
 
 What may be the error?
 The following is the definition of the datatype where the
 error occurs-
 
 {
hf_event_link_detect,
{
MIH LINK Detected,
mih.event_list.link_detect,
FT_BOOLEAN,
1,
NULL,
LINK_DETECT_MASK,
NULL, HFILL
}
 }
 
 and the call to the function is like this-
 
 evt_list_tree = proto_item_add_subtree(tlv_tree,
 ett_event_bitmap);
 proto_tree_add_bitmask(evt_list_tree, tvb, offset,
 hf_event_list,
 ett_event_bitmap, event_fields, ENC_BIG_ENDIAN);
 
 --hf_event_list is defined this way-
 {
hf_event_list,
{
List of Events,
mih.event_list,
FT_UINT32,
BASE_HEX,
NULL,
0x0,
NULL, HFILL
}
 },
 
 Let me know if any extra info is required.
 
 NB:I am sorry for duplicating the mail, but the problem is a
 little
 urgent.
 
 Regards
 Ankith
 
 --
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 
 
 ___
 Sent via:Wireshark-dev mailing list
 wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe:
 https://wireshark.org/mailman/options/wireshark-dev
 
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
 
 
 -- 
 This message has been scanned for viruses and 
 dangerous content by MailScanner, and is 
 believed to be clean. 
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[ankitha]

Hi
  I am currently working on developing of MIH protocol plugin. I am
using proto_tree_add_bitmask and getting the error in the packets as -
17:55:33  Warn Dissector bug, protocol MIH, in packet 8:
proto.c:7166: failed assertion len * 8 == hf-display

What may be the error?
The following is the definition of the datatype where the error occurs-

{
hf_event_link_detect,
{
MIH LINK Detected,
mih.event_list.link_detect,
FT_BOOLEAN,
1,
NULL,
LINK_DETECT_MASK,
NULL, HFILL
}
}

and the call to the function is like this-

evt_list_tree = proto_item_add_subtree(tlv_tree, ett_event_bitmap);
proto_tree_add_bitmask(evt_list_tree, tvb, offset, hf_event_list,
ett_event_bitmap, event_fields, ENC_BIG_ENDIAN);

--hf_event_list is defined this way-
{
hf_event_list,
{
List of Events,
mih.event_list,
FT_UINT32,
BASE_HEX,
NULL,
0x0,
NULL, HFILL
}
},

Let me know if any extra info is required.

NB:I am sorry for duplicating the mail, but the problem is a little
urgent.

Regards
Ankith

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Alexis La Goutte]

Hi Ankitha,

What the value of event_fields ?
Do you have look other dissector use proto_tree_add_bitmask ?
(packet-gsm_sim.c or packet-ieee80211.c )

Regards,

On Wed, Mar 21, 2012 at 4:50 PM, anki...@cdac.in wrote:

 Hi
  I am currently working on developing of MIH protocol plugin. I am
 using proto_tree_add_bitmask and getting the error in the packets as -
 17:55:33  Warn Dissector bug, protocol MIH, in packet 8:
 proto.c:7166: failed assertion len * 8 == hf-display

 What may be the error?
 The following is the definition of the datatype where the error occurs-

 {
hf_event_link_detect,
{
MIH LINK Detected,
mih.event_list.link_detect,
FT_BOOLEAN,
1,
NULL,
LINK_DETECT_MASK,
NULL, HFILL
}
 }

 and the call to the function is like this-

 evt_list_tree = proto_item_add_subtree(tlv_tree, ett_event_bitmap);
 proto_tree_add_bitmask(evt_list_tree, tvb, offset, hf_event_list,
 ett_event_bitmap, event_fields, ENC_BIG_ENDIAN);

 --hf_event_list is defined this way-
 {
hf_event_list,
{
List of Events,
mih.event_list,
FT_UINT32,
BASE_HEX,
NULL,
0x0,
NULL, HFILL
}
 },

 Let me know if any extra info is required.

 NB:I am sorry for duplicating the mail, but the problem is a little
 urgent.

 Regards
 Ankith

 --
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.

 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[raul camacho]

Anyone have sample captures of Cisco ERSPAN that is still encapsulated?  I've 
checked dev archive and sample library to no avail.If so please reply direct, 
thanks.   ___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Stephen Fisher]

On Thu, Mar 31, 2011 at 10:38:52AM +0200, Chaswi Przellczyk wrote:

 At the end of tap-rtp-common.c is a function called int 
 rtp_packet_analyse(...). Inside rtp_packet_analyse when you go down to 
 /* Dynamic PT */ and go to the else of that if, there is a statement 
 that says

 clock_rate = 0;

It sounds like you should add a standard Wirshark preference.  See the 
README.developer file in the doc directory of the source code for more 
details.

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Chaswi Przellczyk]

On 3/30/2011 11:37 AM, Palleske, Carsten wrote:

Hello all,

- I've got Windows and I've got MS-VS 2010 Pro.
- I downloaded Source-Code for Wireshark v1.44.
- I downloaded CygWin and Perl and a bunch of tools and got them installed.
- After getting used to the makefiles and stuff I got wireshark
compiled. No details about that, since I'm not used to Makefile-driven
development.
- I can debug Wireshark from VS2010

Ok, this is how far I got without help.

Now I got into Wireshark and found the point that I want to change or
add something to. Specifically I want to have a little pop-up asking for
a number at a given point of code from within tap-rtp-common.c
So I got down to wrote some minor dialog (ugh... got to get used to gtk
development as well) and tried to compile. Naturally I got unresolved
externals, since what I had written hadn't even been compiled. So I went
looking for tap-rtp-common.c/h in all text files, since that's really
the only file that I'll call into my little dialog anyway. I found
tap-rtp-common.c/h was mentioned in ...\Wireshark\Makefile.common and in
...\Wireshark\CMakeLists.txt. So I went right into those and added my
newly created .c and .h files in there.
Now I get
NMAKE : fatal error U1073: obj konnte nicht erstellt werden
Stop.

That's a bit odd, since it seems to be enough for tap-rtp-common.c/h.
Anyway - what did I miss? Where do I have to tell the Make-utility to
compile my stuff? It doesn't even give any syntax or other c-related error.


First of all:


tap-rtp-common is used by both the GUI and non-GUI variants of the software 
(Wireshark[GUI], tshark  rawshark[non-gui].

So trying to access gtk functions from tap-rtp-common isn't going to work.


IOW trying to link to gtk from stuff in any other directory than .../gtk is a 
non-starter. :)

What is it that you are trying to accomplish ?

---

Dear Bill,

thanks for your response and forgive the confusion with the mailing-addresses. 
I created this account specifically to handle all the wireshark load.

At the end of tap-rtp-common.c is a function called int rtp_packet_analyse(...).
Inside rtp_packet_analyse when you go down to /* Dynamic PT */ and go to the 
else of that if, there is a statement that says
clock_rate = 0;

Now, for the tests we are performing it is our wish to be able to enter the 
clock_rate at that very spot manually. That's what that mini-dialog is intended 
for. Just entering a number for the clock-rate.

It needs to work only in our little environment for our very specific purpose, 
so there's no need to find the big-general-solution, unless it's even easier. 
For a starter, we're trying to get started with minimum effort.

Regards,
Carsten.


-- 
NEU: FreePhone - kostenlos mobil telefonieren und surfen!   
Jetzt informieren: http://www.gmx.net/de/go/freephone
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Anders Broman]

 

-Original Message-
From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Chaswi Przellczyk
Sent: den 31 mars 2011 10:39
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] (no subject)

On 3/30/2011 11:37 AM, Palleske, Carsten wrote:

Hello all,

- I've got Windows and I've got MS-VS 2010 Pro.
- I downloaded Source-Code for Wireshark v1.44.
- I downloaded CygWin and Perl and a bunch of tools and got them installed.
- After getting used to the makefiles and stuff I got wireshark
compiled. No details about that, since I'm not used to Makefile-driven
development.
- I can debug Wireshark from VS2010

Ok, this is how far I got without help.

Now I got into Wireshark and found the point that I want to change or
add something to. Specifically I want to have a little pop-up asking for
a number at a given point of code from within tap-rtp-common.c
So I got down to wrote some minor dialog (ugh... got to get used to gtk
development as well) and tried to compile. Naturally I got unresolved
externals, since what I had written hadn't even been compiled. So I went
looking for tap-rtp-common.c/h in all text files, since that's really
the only file that I'll call into my little dialog anyway. I found
tap-rtp-common.c/h was mentioned in ...\Wireshark\Makefile.common and in
...\Wireshark\CMakeLists.txt. So I went right into those and added my
newly created .c and .h files in there.
Now I get
NMAKE : fatal error U1073: obj konnte nicht erstellt werden
Stop.

That's a bit odd, since it seems to be enough for tap-rtp-common.c/h.
Anyway - what did I miss? Where do I have to tell the Make-utility to
compile my stuff? It doesn't even give any syntax or other c-related error.


First of all:


tap-rtp-common is used by both the GUI and non-GUI variants of the software 
(Wireshark[GUI], tshark  rawshark[non-gui].

So trying to access gtk functions from tap-rtp-common isn't going to work.


IOW trying to link to gtk from stuff in any other directory than .../gtk is a 
non-starter. :)

What is it that you are trying to accomplish ?

---

Dear Bill,

thanks for your response and forgive the confusion with the mailing-addresses. 
I created this account specifically to handle all the wireshark load.

At the end of tap-rtp-common.c is a function called int rtp_packet_analyse(...).
Inside rtp_packet_analyse when you go down to /* Dynamic PT */ and go to the 
else of that if, there is a statement that says clock_rate = 0;

Now, for the tests we are performing it is our wish to be able to enter the 
clock_rate at that very spot manually. That's what that mini-dialog is intended 
for. Just entering a number for the clock-rate.

It needs to work only in our little environment for our very specific purpose, 
so there's no need to find the big-general-solution, unless it's even easier. 
For a starter, we're trying to get started with minimum effort.

Regards,
Carsten.


-- 
NEU: FreePhone - kostenlos mobil telefonieren und surfen!   
Jetzt informieren: http://www.gmx.net/de/go/freephone

If you use wireshark trunk clock rate is extracted from SDP I think, does that 
solve your problem?
/Anders
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Chaswi Przellczyk]

Dear Anders,

I'm feeling a bit silly here, since wireshark trunk only makes sense to me in 
using the trunk-branch of wireshark to do that and I have found three of those
* 1.5 (unstable) trunk
* 1.4 (stable) trunk
* 1.2 (old stable) trunk 

But unfortunately I'm unable to find out what you really mean. Sorry.

CP

 Original-Nachricht 
 Datum: Thu, 31 Mar 2011 15:44:00 +0200
 Von: Anders Broman anders.bro...@ericsson.com
 An: Developer support list for Wireshark wireshark-dev@wireshark.org
 Betreff: Re: [Wireshark-dev] (no subject)

  
 
 -Original Message-
 From: wireshark-dev-boun...@wireshark.org
 [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Chaswi Przellczyk
 Sent: den 31 mars 2011 10:39
 To: wireshark-dev@wireshark.org
 Subject: [Wireshark-dev] (no subject)
 
 On 3/30/2011 11:37 AM, Palleske, Carsten wrote:
 
 Hello all,
 
 - I've got Windows and I've got MS-VS 2010 Pro.
 - I downloaded Source-Code for Wireshark v1.44.
 - I downloaded CygWin and Perl and a bunch of tools and got them
 installed.
 - After getting used to the makefiles and stuff I got wireshark
 compiled. No details about that, since I'm not used to Makefile-driven
 development.
 - I can debug Wireshark from VS2010
 
 Ok, this is how far I got without help.
 
 Now I got into Wireshark and found the point that I want to change or
 add something to. Specifically I want to have a little pop-up asking
 for
 a number at a given point of code from within tap-rtp-common.c
 So I got down to wrote some minor dialog (ugh... got to get used to
 gtk
 development as well) and tried to compile. Naturally I got unresolved
 externals, since what I had written hadn't even been compiled. So I
 went
 looking for tap-rtp-common.c/h in all text files, since that's really
 the only file that I'll call into my little dialog anyway. I found
 tap-rtp-common.c/h was mentioned in ...\Wireshark\Makefile.common and
 in
 ...\Wireshark\CMakeLists.txt. So I went right into those and added my
 newly created .c and .h files in there.
 Now I get
 NMAKE : fatal error U1073: obj konnte nicht erstellt werden
 Stop.
 
 That's a bit odd, since it seems to be enough for tap-rtp-common.c/h.
 Anyway - what did I miss? Where do I have to tell the Make-utility to
 compile my stuff? It doesn't even give any syntax or other c-related
 error.
 
 
 First of all:
 
 
 tap-rtp-common is used by both the GUI and non-GUI variants of the
 software (Wireshark[GUI], tshark  rawshark[non-gui].
 
 So trying to access gtk functions from tap-rtp-common isn't going to work.
 
 
 IOW trying to link to gtk from stuff in any other directory than .../gtk
 is a non-starter. :)
 
 What is it that you are trying to accomplish ?
 
 ---
 
 Dear Bill,
 
 thanks for your response and forgive the confusion with the
 mailing-addresses. I created this account specifically to handle all the 
 wireshark load.
 
 At the end of tap-rtp-common.c is a function called int
 rtp_packet_analyse(...).
 Inside rtp_packet_analyse when you go down to /* Dynamic PT */ and go to
 the else of that if, there is a statement that says clock_rate = 0;
 
 Now, for the tests we are performing it is our wish to be able to enter
 the clock_rate at that very spot manually. That's what that mini-dialog is
 intended for. Just entering a number for the clock-rate.
 
 It needs to work only in our little environment for our very specific
 purpose, so there's no need to find the big-general-solution, unless it's
 even easier. For a starter, we're trying to get started with minimum effort.
 
 Regards,
 Carsten.
 
 
 -- 
 NEU: FreePhone - kostenlos mobil telefonieren und surfen! 
 Jetzt informieren: http://www.gmx.net/de/go/freephone
 
 If you use wireshark trunk clock rate is extracted from SDP I think, does
 that solve your problem?
 /Anders
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

-- 
GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit 
gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark

[Wireshark-dev] (no subject)

[luofeng]

Dear teacher:
My teacher told me to develop a application which can display the captured data 
on the line(which has a little like wireshark).
I want to know how wireshark realize the syschronization between the list view 
and the tree view.
Or you can tell me how the captured data display on the screen(how the data 
flow).
Very thank you!   ___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Jerry Balderrama]

I down loaded the latest wire share. I have windows 7 pro no interfaces show up 
on any on my windows 7 pc, why not?


Thanks,
Jerry Balderrama


[cid:image001.gif@01CB4A0A.E936C440]


Thanks,
Jerry Balderrama


[cid:image001.gif@01CB4A0A.E936C440]

inline: image001.gif___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[DePriest, Jason R.]

You'll need to run it as administrator if you don't have the NPF service
from winpcap running.

-Jason

On Sep 4, 2010 10:23 AM, Jerry Balderrama jbalderr...@ffex.net wrote:

I down loaded the latest wire share. I have windows 7 pro no interfaces show
up on any on my windows 7 pc, why not?





Thanks,

Jerry Balderrama





*[image: Description: Description: cid:image001.gif@01CB282D.3603F720]*





Thanks,

Jerry Balderrama





*[image: Description: cid:image001.gif@01CB282D.3603F720]*



___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
image001.gif___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Jerry Balderrama]

I just downloaded Wireshark and rebooted. No interfaces show up on the
interface list what can I do to make this work? Windows 7 64 bit.

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Osis Ellen-MGIA0856]

 
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Sourabh Rathor]

Hi
Any body have any idea about this error.


../wiretap/.libs/libwiretap.so /usr/lib/libgmodule-2.0.so -ldl /usr/lib/
libglib-2.0.so ../wsutil/.libs/libwsutil.so -lm -lz  -pthread
-Wl,--as-needed @LIBSMI_LDFLAGS@ -Wl,--export-dynamic -Wl,-soname
-Wl,libwireshark.so.0 -o .libs/libwireshark.so.0.0.1
gcc: @LIBSMI_LDFLAGS@: No such file or directory
make[3]: *** [libwireshark.la] Error 1
make[3]: Leaving directory `/home/sourabh/Desktop/wireshark-1.3.1/epan'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/sourabh/Desktop/wireshark-1.3.1/epan'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/sourabh/Desktop/wireshark-1.3.1'
make: *** [all] Error 2


Please help.
-- 
Sourabh Rathor
Institute Of Informatics  Communication
South Campus, Delhi University
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[kalge...@gmail.com]

Hi guys, i'm using revision 30495 of the trunk wireshark and i'm
getting the following error

~snip~
/usr/bin/pod2man\
--center=The Wireshark Network Analyzer   \
--release=1.3.1 \
./rawshark.pod  rawshark.1
WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ../tshark -G fields | \
/usr/bin/perl ./dfilter2pod.pl ./wireshark-filter.pod.template 
wireshark-filter.pod
/root/wireshark-trunk/.libs/lt-tshark: Symbol
`gsm_a_dtap_msg_rr_strings' has different size in shared object,
consider re-linking
/root/wireshark-trunk/.libs/lt-tshark: symbol lookup error:
/root/wireshark-trunk/.libs/lt-tshark: undefined symbol:
gsm_a_sacch_msg_rr_strings
/usr/bin/pod2man\
--section=4 \
--center=The Wireshark Network Analyzer   \
--release=1.3.1 \
wireshark-filter.pod  wireshark-filter.4
~ snip ~

and when i ran i get

bash-3.1# ./wireshark
/root/wireshark-trunk/.libs/lt-wireshark: symbol lookup error:
/root/wireshark-trunk/.libs/lt-wireshark: undefined symbol:
gsm_a_dtap_msg_tp_strings
bash-3.1#

Can some one please help me ? i tried to google but didn't turn up with anything
-- 
Kalgecin
http://kalgecin.110mb.com
http://kalgecin.110mb.com/forums
http://kalgecin.blogspot.com
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Guy Harris]

On Oct 11, 2009, at 5:46 AM, kalge...@gmail.com wrote:

 Hi guys, i'm using revision 30495 of the trunk wireshark and i'm
 getting the following error

Try updating again - I did and it built on my OS X machine (you appear  
to be building on some flavor of UN*X).  There may have been a problem  
in 30495 that broke the build.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[kalge...@gmail.com]

I'm using zenwalk 6.2 and updated to revision 30528 and getting the error.

bash-3.1# ./autogen.sh
Checking for python.
aclocal -I ./aclocal-fallback
/usr/share/aclocal/dotconf.m4:5: warning: underquoted definition of
AM_PATH_DOTCONF
/usr/share/aclocal/dotconf.m4:5:   run info '(automake)Extending aclocal'
/usr/share/aclocal/dotconf.m4:5:   or see
http://sources.redhat.com/automake/automake.html#Extending-aclocal
libtoolize --copy --force
libtoolize: putting auxiliary files in `.'.
libtoolize: copying file `./ltmain.sh'
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
autoheader
automake --add-missing --gnu
autoconf

Now type ./configure [options] and make to compile Wireshark.

and i'm still getting the error.


On 10/11/09, Guy Harris g...@alum.mit.edu wrote:

 On Oct 11, 2009, at 5:46 AM, kalge...@gmail.com wrote:

 Hi guys, i'm using revision 30495 of the trunk wireshark and i'm
 getting the following error

 Try updating again - I did and it built on my OS X machine (you appear
 to be building on some flavor of UN*X).  There may have been a problem
 in 30495 that broke the build.
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



-- 
Kalgecin
http://kalgecin.110mb.com
http://kalgecin.110mb.com/forums
http://kalgecin.blogspot.com
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Bruce]

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Irina Dumitrascu]

Hi,

I implemented a dissector for Access Node Control Protocol.
I want to send the dissector to be included in a new version of Wireshark.
I want to ask, which are the procedures that must be followed to add the
dissector to Wireshark.

Thanks


Irina Dumitrascu
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Stig Bjørlykke]

On 10. juli. 2009, at 16.53, Irina Dumitrascu wrote:

 I want to ask, which are the procedures that must be followed to add  
 the dissector to Wireshark.


Hi, have a look at this wiki page:
http://www.wireshark.org/docs/wsdg_html/#ChSrcSend


-- 
Stig Bjørlykke


___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] (no subject)

[Rahul Jain]

Hello all,

I am running the following setup:
http://www.sics.se/contiki/tutorials/tutorial-running-contiki-with-uipv6-and-sicslowpan-support-on-the-atmel-raven.html

I am trying to understand the following packet:

16  35.577489   02:12:13:ff:fe:14:15:16 Broadcast   IEEE
802.15.4   Data,
Dst: Broadcast, Src: 02:12:13:ff:fe:14:15:16, Bad FCS

Frame 16 (111 bytes on wire, 111 bytes captured)
Ethernet II, Src: MS-NLB-PhysServer-18_13:14:15:16
(02:12:13:14:15:16), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
IEEE 802.15.4 Data, Dst: Broadcast, Src: 02:12:13:ff:fe:14:15:16, Bad FCS
Data (78 bytes)

Now, as I understand the setup, the RZ Raven USB bridges 802.15.4
packets to the ethernet. Now when I analyze the frame it tells me that
there are three protocols in it (eth:wpan:data).

Comparing the above frame with frame 15:
15  35.561236   fe80::12:13ff:fe14:1516 ff02::1 ICMPv6  Router
advertisement

Comparing IPv6 local link and MAC address I see that the frames are
from the RZ Raven USB. The Ethernet II frame is same for the both,
while the IPv6 frame in 15 is replaced by a 802.15.4 frame in 16 (Is
this the result of 6lowpan? and if I get it right 6lowpan takes place
on RZ Raven...) and then there is a frame called data (varying bytes
in each 802.15.4 frame) which could be said to correspond to the
ICMPv6 frame. What is this data?

So, if I get it right the router daemon running on the usb0 interface
sends out daemon advertisements which are then encapsulated into
802.15.4 through 6lowpan on the RZ Raven USB - but how come wireshark
still sees this packets - for they are no longer generated on the host
pc?
Also, what is this date protocol in the 802.15.4 packet?

Please inform me
Rahul Jain
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] (no subject)

[Stephen Fisher]

On Thu, Jun 26, 2008 at 03:24:05PM -0400, Martin Corraine (mcorrain) wrote:

 I'm finishing my ged125 dissector and figured I'd check if my name was 
 mentioned in the authors section. It's not. I do have the authors file 
 with my name and email in it. Is there any thing else that I forget to 
 edit/add to my dissector folder?

I see that you never got a response on the list for this.  Even if you 
figured it out, I'd like to answer this for the archives.

You have to manually add yourself to the AUTHORS file (or we developers 
will add it for you when we commit your code.)

P.S. Subject lines in e-mails are very handy.  Please include one :)


Steve

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[samyc]

Hi all,
I'm trying to figure out if it is possible for wireshark to handle many versions
of the same protocol. Ex I wrote a plugin handling v1 of foo protocol, now this
protocol has evolved and I need to write a v2 plugin. is it possible for
wireshark to handle both version in the same session? that is without replacing
the fooPluginv1.dll fooPluginV2.dll?
Cheers

-- 
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] (no subject)

[Abhik Sarkar]

I saw something similar in this:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2727



On Fri, Jul 25, 2008 at 7:44 PM,  [EMAIL PROTECTED] wrote:
 Hi all,
 I'm trying to figure out if it is possible for wireshark to handle many 
 versions
 of the same protocol. Ex I wrote a plugin handling v1 of foo protocol, now 
 this
 protocol has evolved and I need to write a v2 plugin. is it possible for
 wireshark to handle both version in the same session? that is without 
 replacing
 the fooPluginv1.dll fooPluginV2.dll?
 Cheers

 --
 ___
 Wireshark-dev mailing list
 Wireshark-dev@wireshark.org
 https://wireshark.org/mailman/listinfo/wireshark-dev

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[Martin Corraine (mcorrain)]

Hello,
 
I'm finishing my ged125 dissector and figured I'd check if my name was
mentioned in the authors section. It's not. I do have the authors file
with my name and email in it. Is there any thing else that I forget to
edit/add to my dissector folder?
 
Thanks,
martin
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[Martin Corraine (mcorrain)]

Hello all,
 
In the readme.developer, it states you shouldn't use tvb_get_ntohl(tvb,
offset);  I tried using tvb_get_letohl (tvb, offset);  However, it
retrieves the data backwards thus retrieving the wrong value. Any
suggestions?
 
For instance, 
 
00 00 00 06  should be 6 in base 10 (I'm sure it should be read this
way). However, I get 1610612736 with tvb_get_letohl() becasue it reads
it 60 00 00 00
 
 
Thanks,
martin
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] (no subject)

[Guy Harris]

Martin Corraine (mcorrain) wrote:

 In the readme.developer, it states you shouldn't use tvb_get_ntohl(tvb, 
 offset);

No, it doesn't.

It does say

 Don't fetch a little-endian value using tvb_get_ntohs() or
 tvb_get_ntohl() and then using g_ntohs(), g_htons(), g_ntohl(),
 or g_htonl() on the resulting value - the g_ routines in question
 convert between network byte order (big-endian) and *host* byte order,
 not *little-endian* byte order; not all machines on which Wireshark runs
 are little-endian, even though PCs are.  Fetch those values using
 tvb_get_letohs() and tvb_get_letohl().

but that doesn't say don't use tvb_get_ntohl(), it says don't fetch 
little-endian values using tvb_get_ntohl().

It also says

 NOTE: IPv4 addresses are not to be converted to host byte order before
 being passed to proto_tree_add_ipv4().  You should use tvb_get_ipv4()
 to fetch them, not tvb_get_ntohl() *OR* tvb_get_letohl() - don't,
 for example, try to use tvb_get_ntohl(), find that it gives you the
 wrong answer on the PC on which you're doing development, and try
 tvb_get_letohl() instead, as tvb_get_letohl() will give the wrong
 answer on big-endian machines.

but that also doesn't say don't use tvb_get_ntohl(), it says don't 
fetch IPv4 addresses using tvb_get_ntohl().
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] (no subject)

[John Sullivan]

On Monday, June 23, 2008, 6:38:16 PM, Martin Corraine (mcorrain) wrote:
 In the readme.developer, it states you shouldn't use tvb_get_ntohl(tvb,
 offset);  I tried using tvb_get_letohl (tvb, offset);  However, it
 retrieves the data backwards thus retrieving the wrong value. Any
 suggestions?

What it actually says is:

Don't use ntohs(), ntohl(), htons(), or htonl(); the header
files required to define or declare them differ between platforms,

This is talking just about the functions with those names - it says
nothing about the wireshark-provided alternatives called g_ntohl(),
tvb_get_ntohl() etc. These are safe platform-independant versions that
you are expected to use (in the appropriate circumstances.)

Then:

Don't fetch a little-endian value using tvb_get_ntohs() or
tvb_get_ntohl() and then using g_ntohs(), g_htons(), g_ntohl(),
or g_htonl() on the resulting value

Here it is saying don't use tvb_get_ntohl() *followed* by g_ntohl(),
in the expectation that the second call will byte-swap. On a naturally
big-endian machine, g_ntohl() does nothing. This says nothing about
calling tvb_get_ntohl() *on its own*, where that is the appropriate
thing to do.

 For instance,
 
 00 00 00 06  should be 6 in base 10 (I'm sure it should be read this
 way). However, I get 1610612736 with tvb_get_letohl() becasue it reads
 it 60 00 00 00

In your example, the value is trasmitted in big-endian (AKA network)
byte order already, not little-endian, so the right thing is to use
tvb_get_ntohl() to retrieve it. This will produce the correct result
on all platforms.

John
-- 
Dead stars still burn

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[Martin Corraine (mcorrain)]

Hello, 
 
Does anyone know how to deal with fields that are floating. For
instance, ANI is an optional field name(it may or may not be in the
packet) AND it's size can be 0-40 bytes. I need to be able to determine
the data type and its length so I can dissect that field. Or I could
just output as one long string. Any ideas?
 
Thanks,
Martin
 
 
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] (no subject)

[Martin Corraine (mcorrain)]

I got my hands on additional specs. Problem solved!  



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Corraine (mcorrain)
Sent: Monday, June 23, 2008 4:35 PM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] (no subject)


Hello, 
 
Does anyone know how to deal with fields that are floating. For
instance, ANI is an optional field name(it may or may not be in the
packet) AND it's size can be 0-40 bytes. I need to be able to determine
the data type and its length so I can dissect that field. Or I could
just output as one long string. Any ideas?
 
Thanks,
Martin
 
 
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[prakash chowbey]

  hi guys,
  i need ur help regarding a problem in wireshark.
  i need to append some bits(all 0 in fact) to a bit string of type tvbuff_t* , 
how can i do it, in fact in function tvbuff_t * new_octet_aligned_subset_bits 
they have done some kind of padding(line 182)to which u can refer to.
  will b very thankful if u plz help me.
  regards,
  prakash

   
-
 Unlimited freedom, unlimited storage. Get it now___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[Andreas Bakurov]

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[Jaap Keuter]

Hi list,

Going over the tarball on Win32 I've found some cruft in config.nmake.
Hopefully someone with insight can set these straight.


# Support for GTK 2.10 is currently experimental ...
GTK2_INST_VERSION=2.10
PANGO_INST_VERSION=1.14

Is it experimental?


WINPCAP_VERSION=3.1
# XXX - what to set for 4.0 beta 1?

Weren't we at 4.0? Which may have consequence for this

!IFDEF PCAP_DIR
# Nmake uses carets to escape special characters
WINPCAP_CONFIG=^#define HAVE_LIBPCAP 1
!IF $(WINPCAP_VERSION) == 3.0 || $(WINPCAP_VERSION) == 3.1

And when you make the setup target you get the WpdPack for 3.1

!IFDEF PCAP_DIR
@$(SH) tools\win32-setup.sh --download $(WIRESHARK_LIBS) \
. WpdPack_3_1.zip
!ENDIF

Thanx,
Jaap


___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[david lopez]

Hello

I'm working with Tethereal
I need to capture WLAN packets as quick as it is possible

I'm interested only in Request to Send and Clear to Send sequences and more
specificly in their Prism Header
My questions are:
- What filter can I use for capturig only this king of packets?
- Once I'm only capturing RTS/CTS sequences, what filter can I use for
capturing only the MacTime in the Prism Header?#

Now I'm using this:
-R '(wlan.fc.type_subtype eq 27)||(wlan.fc.type_subtype eq 28) (RTS/CTS
sequences)
-z proto,colinfo,prism.mactime.data,prism.mactime.data (MacTime in Prism
Header)

However, I think these filter are not for capturing, they are only for
display that information in the output file.

All the best

David
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[Thomas Sillaber]

Hello,

here's the working patch/diff.
Please test and apply!

Thanks

TS


Index: epan/column.c
===
--- epan/column.c   (revision 20080)
+++ epan/column.c   (working copy)
@@ -91,12 +91,16 @@
 %H, 
 %P, 
 %y, 
-%z, 
-%v, 
+   %v,
+   %q,
+   %f,
+%U,  
 %E,
%C,
-   %l
+   %l,
+   %z
 };
+
  
   if (fmt  0 || fmt = NUM_COL_FMTS)
 return NULL;
@@ -155,6 +159,8 @@
DCE/RPC call (cn_call_id / dg_seqnum),/* COL_DCE_CALL */
DCE/RPC context ID (cn_ctx_id),   /* COL_DCE_CTX */
802.1Q VLAN id,   /* COL_8021Q_VLAN_ID */
+   IP DSCP Value,
/* COL_DSCP_VALUE */
+   L2 COS Value, 
/* COL_COS_VALUE */
TEI,  /* XXX - why is it missing 
in column_utils.c and elsewhere? */
Frame Relay DLCI, 
/* COL_FR_DLCI */
GPRS BSSGP TLLI,  
/* COL_BSSGP_TLLI */
@@ -261,6 +267,12 @@
 case COL_8021Q_VLAN_ID:
   fmt_list[COL_8021Q_VLAN_ID] = TRUE;
   break;
+   case COL_DSCP_VALUE:
+ fmt_list[COL_DSCP_VALUE] = TRUE;
+ break;
+   case COL_COS_VALUE:
+  fmt_list[COL_COS_VALUE] = TRUE;
+ break;
 case COL_TEI:
   fmt_list[COL_TEI] = TRUE;
   break;
@@ -524,6 +536,12 @@
 case COL_8021Q_VLAN_ID:
   return ;
   break;
+   case COL_DSCP_VALUE:
+ return 00;
+ break;
+case COL_COS_VALUE:
+ return 0;
+ break;
 case COL_TEI:
   return 127;
   break;
@@ -682,9 +700,15 @@
   case 'z':
return COL_DCE_CTX;
break;
-  case 'v':
+  case 'q':
return COL_8021Q_VLAN_ID;
break;
+ case 'f':
+return COL_DSCP_VALUE;
+break;
+ case 'U':
+return COL_COS_VALUE;
+break;
   case 'E':
return COL_TEI;
   case 'C':
Index: epan/column-utils.c
===
--- epan/column-utils.c (revision 20080)
+++ epan/column-utils.c (working copy)
@@ -1288,7 +1288,14 @@
 
 case COL_8021Q_VLAN_ID:
 break;
+
+   case COL_DSCP_VALUE:/* done by packet-ip */
+   break;
 
+
+   case COL_COS_VALUE: /* done by packet-vlan */
+   break;
+
 case COL_FR_DLCI:  /* done by packet-fr.c */
 case COL_BSSGP_TLLI: /* done by packet-bssgp.c */
 break;
Index: epan/dissectors/packet-vlan.c
===
--- epan/dissectors/packet-vlan.c   (revision 20080)
+++ epan/dissectors/packet-vlan.c   (working copy)
@@ -91,6 +91,9 @@
   if ( check_col(pinfo-cinfo, COL_8021Q_VLAN_ID)) {
   col_add_fstr(pinfo-cinfo, COL_8021Q_VLAN_ID, %u, (tci  0xFFF));
   }
+  if ( check_col(pinfo-cinfo, COL_COS_VALUE)) {
+  col_add_fstr(pinfo-cinfo, COL_COS_VALUE, %u, (tci  13));
+}
 
   vlan_tree = NULL;
 
Index: epan/dissectors/packet-ip.c
===
--- epan/dissectors/packet-ip.c (revision 20080)
+++ epan/dissectors/packet-ip.c (working copy)
@@ -929,7 +929,11 @@
 
   iph-ip_tos = tvb_get_guint8(tvb, offset + 1);
   if (tree) {
-if (g_ip_dscp_actif) {
+  
+ if ( check_col(pinfo-cinfo, COL_DSCP_VALUE)) {
+   col_add_fstr(pinfo-cinfo, COL_DSCP_VALUE, %u, 
IPDSFIELD_DSCP(iph-ip_tos));
+  }
+ if (g_ip_dscp_actif) {
   tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1, 
1, iph-ip_tos,
   Differentiated Services Field: 0x%02x (DSCP 0x%02x: %s; ECN: 
0x%02x), iph-ip_tos,
   IPDSFIELD_DSCP(iph-ip_tos), val_to_str(IPDSFIELD_DSCP(iph-ip_tos), 
dscp_vals,
Index: epan/column_info.h
===
--- epan/column_info.h  (revision 20080)
+++ epan/column_info.h  (working copy)
@@ -100,6 +100,8 @@
   COL_DCE_CALL,   /* DCE/RPC connection oriented call id OR datagram 
sequence number */
   COL_DCE_CTX,/* DCE/RPC connection oriented context id */
   COL_8021Q_VLAN_ID,  /* 802.1Q vlan ID */
+  COL_DSCP_VALUE, /* IP DSCP Value */
+  COL_COS_VALUE,  /* L2 COS Value */
   COL_TEI,/* q.921 TEI */
   COL_FR_DLCI,   /* Frame Relay DLCI */
   COL_BSSGP_TLLI,/* GPRS BSSGP IE TLLI */

-- 
Ein Herz für Kinder - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de
Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht!
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] (no subject)

[david lopez]

Hello

I'm David, a PhD student
I'm developing a small sniffer for my project. I'm using libpcap

I built a sniffer for capturing ethernet packets on the cable and it is
working fine.
Now, I would like to use this sniffer for capturing 802.11 WLAN packets.
When I use this sniffer for capturing  802.11 WLAN packets on my adapter, it
looks ok, but when I try to get the MAC and IP addresses, they are wrong.
I supposse that I should eliminate first the WLAN envelopment or something
like tath

I would like to know if you can give a clue or if you have some example
code.

Here you have my code:


#include pcap.h
#include stdio.h
#include stdlib.h
#include errno.h
#include sys/socket.h
#include netinet/in.h
#include arpa/inet.h
#include netinet/if_ether.h
#include net/ethernet.h
#include netinet/ether.h
#include netinet/ip.h


/* tcpdump header (ether.h) defines ETHER_HDRLEN) */
#ifndef ETHER_HDRLEN
#define ETHER_HDRLEN 14
#endif

/*
* Structure of an internet header, naked of options.
*
* Stolen from tcpdump source (thanks tcpdump people)
*
* We declare ip_len and ip_off to be short, rather than u_short
* pragmatically since otherwise unsigned comparisons can result
* against negative integers quite easily, and fail in subtle ways.
*/
struct my_ip {
u_int8_t ip_vhl;  /* header length, version */
#define IP_V(ip) (((ip)-ip_vhl  0xf0)  4)
#define IP_HL(ip) ((ip)-ip_vhl  0x0f)
u_int8_t ip_tos;  /* type of service */
u_int16_t ip_len;  /* total length */
u_int16_t ip_id;  /* identification */
u_int16_t ip_off;  /* fragment offset field */
#define IP_DF 0x4000   /* dont fragment flag */
#define IP_MF 0x2000   /* more fragments flag */
#define IP_OFFMASK 0x1fff  /* mask for fragmenting bits */
u_int8_t ip_ttl;  /* time to live */
u_int8_t ip_p;  /* protocol */
u_int16_t ip_sum;  /* checksum */
struct in_addr ip_src,ip_dst; /* source and dest address */
};


main()
{
   pcap_if_t *alldevs;
   pcap_if_t *d;
   pcap_t *p;
   pcap_t *adhandle;
   int i=0;
   int inum;
   int res;
   int datalink;
   char errbuf[PCAP_ERRBUF_SIZE];
   char timestr[16];
   struct tm *ltime;
   struct pcap_pkthdr *header;
   struct ether_header *eptr;
   const struct my_ip* ip;
   u_char *pkt_data;
   u_short ether_type;


   /* Retrieve the device list */
   if (pcap_findalldevs(alldevs, errbuf) == -1)
   {
   fprintf(stderr,Error in pcap_findalldevs: %s\n, errbuf);
   exit(1);
   }



   /* Print the list */
   for(d=alldevs; d; d=d-next)
   {
   printf(%d. %s, ++i, d-name);
   if (d-description)
   printf( (%s)\n, d-description);
   else
   printf( (No description available) \n);

   }

   if(i==0)
   {
   printf(\nNo interfaces found! Make sure WinPcap is installed.\n);
   return -1;
   }

   printf(Enter the interface number (1-%d):,i);
   scanf(%d, inum);

   if(inum  1 || inum  i)
   {
   printf(\nInterface number out of range.\n);
   /* Free the device list */
   pcap_freealldevs(alldevs);
   return -1;
   }

   /* Jump to the selected adapter */
   for(d=alldevs, i=0; i inum-1 ;d=d-next, i++);

   /* Open the adapter */
   if ( (adhandle= pcap_open_live(d-name, // name of the device
   65536, // portion of the packet to capture.
   // 65536 grants that the whole packet will be captured on all the
MACs.
   1, // promiscuous mode
   1000,  // read timeout
   errbuf // error buffer
   ) ) == NULL)
   {
   fprintf(stderr,\nUnable to open the adapter. %s is not supported by
WinPcap\n);
   /* Free the device list */
   pcap_freealldevs(alldevs);
   return -1;
   }

   printf(\nlistening on %s... \n, d-name);

if(datalink=pcap_datalink(adhandle)0){
 printf(\nDatalink Error: %s\n,errbuf);
}

printf(\nDatalink=%s\n\n, pcap_datalink_val_to_name(datalink));



   /* At this point, we don't need any more the device list. Free it */
   pcap_freealldevs(alldevs);

   /* Retrieve the packets */
   while((res = pcap_next_ex( adhandle, header, pkt_data)) = 0){

   if(res == 0)
   /* Timeout elapsed */
   continue;

   /* convert the timestamp to readable format */
   ltime=localtime(header-ts.tv_sec);
   strftime( timestr, sizeof timestr, %H:%M:%S, ltime);

   printf(%s,%.6d; len:%d; , timestr, header-ts.tv_usec,
header-len);

/// MAC

  /* lets start with the ether header... */
  eptr = (struct ether_header *) pkt_data;
  ether_type = ntohs(eptr-ether_type);

  /* check to see if we have an ip packet */
  if (ether_type == ETHERTYPE_IP)
  {
  fprintf(stdout,Type(IP); );
  }else  if (ether_type == ETHERTYPE_ARP)
  {
  fprintf(stdout,Type(ARP); );
  }else  if (eptr-ether_type == ETHERTYPE_REVARP)
  {
  fprintf(stdout,Type(RARP); );
  }else {
  fprintf(stdout,Type(?); );
  }

  /* Lets print SOURCE DEST TYPE LENGTH */
  fprintf(stdout,MAC: );
  fprintf(stdout,%s/
 

[Wireshark-dev] (no subject)

[henry cox]

Hello.
I have downloaded  installed wireshark 0.99.4 on a pentium3/667 running 
win98se
I am connected to the web via a broadband cable modem @2megs.
There is a server on an intranet and we were developing a box with 
smoothwall in it. Wirershark was intended to supply network  packet 
information to setup the server  firewall.
Both windump  winpcap are installed, but I get this message when firing up 
wireshark.

Can't get pathname of Wireshark: GetModuleFileName failed: 120 
(FormatMessage failed: 120).
It won't be possible to capture traffic.
Report this to the Wireshark developers.

I tried re-installing in case it hadn't unpacked properly,  I tried 
altering the default 'install to'
folder, but no difference.

Can anyone offer any assistance, please?
Thanks, Henry

_
The new Windows Live Toolbar helps you guard against viruses 
http://toolbar.live.com/?mkt=en-gb

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] (no subject)

[Jaap Keuter]

Hi,

See 
http://www.wireshark.org/docs/wsug_html_chunked/ChIntroPlatforms.html#id4721855
Sorry.

Thanx,
Jaap

On Tue, 14 Nov 2006, henry cox wrote:

 Hello.
 I have downloaded  installed wireshark 0.99.4 on a pentium3/667 running
 win98se
 I am connected to the web via a broadband cable modem @2megs.
 There is a server on an intranet and we were developing a box with
 smoothwall in it. Wirershark was intended to supply network  packet
 information to setup the server  firewall.
 Both windump  winpcap are installed, but I get this message when firing up
 wireshark.

 Can't get pathname of Wireshark: GetModuleFileName failed: 120
 (FormatMessage failed: 120).
 It won't be possible to capture traffic.
 Report this to the Wireshark developers.

 I tried re-installing in case it hadn't unpacked properly,  I tried
 altering the default 'install to'
 folder, but no difference.

 Can anyone offer any assistance, please?
 Thanks, Henry


___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev