[Wireshark-users] why ISUP are not parsed by WS?
Hello, all! I download a sample cap file with ISUP/MTP3/M3UA/SCTP/IP protocals from http://wiki.wireshark.org/SampleCaptures#head-97e33c24b1164f61e8669d78312d9db300f6b894 page The link is http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=isup.cap If I open it with help of wireshark tool that I can see only IP/SCTP/MTP3 protocols ISUP cannot shown. The last line of MTP 3 Adaptation Layer looks: Unknow parameter (tag 2 and 69 bytes value) Probably, the message inside of MTP3 is not parsed. Is it possible to show ISUP correctly? Or is it a bug? Help->Supported Protocols shows me that ISUP is supported. I tried to find some option which can help me to show ISUP but nothing result. I am sorry if it is a stupied question, but I am a newbie in wireshark and I would like to understand this tool. I use Version 0.99.4 of WS. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] why ISUP are not parsed by WS?
Alexander Bubnov wrote: > Hello, all! > > I download a sample cap file with ISUP/MTP3/M3UA/SCTP/IP protocals > from > http://wiki.wireshark.org/SampleCaptures#head-97e33c24b1164f61e8669d78312d9db300f6b894 > page > > The link is > http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=isup.cap > > If I open it with help of wireshark tool that I can see only > IP/SCTP/MTP3 protocols ISUP cannot shown. > The last line of MTP 3 Adaptation Layer looks: > Unknow parameter (tag 2 and 69 bytes value) > > Probably, the message inside of MTP3 is not parsed. In fact that capture file contains M3UA draft 6 data (which is vastly different in format than M3UA at the RFC level). To see the ISUP messages, change the M3UA version preference (Edit->Preferences->Protocols->M3UA) to be "Draft 6" instead of RFC. I'll update the Wiki to state that... ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] why ISUP are not parsed by WS?
Have you set the proper RFC version for M3UA? On 4/3/07, Alexander Bubnov <[EMAIL PROTECTED]> wrote: > Hello, all! > > I download a sample cap file with ISUP/MTP3/M3UA/SCTP/IP protocals > from > http://wiki.wireshark.org/SampleCaptures#head-97e33c24b1164f61e8669d78312d9db300f6b894 > page > > The link is > http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=isup.cap > > If I open it with help of wireshark tool that I can see only > IP/SCTP/MTP3 protocols ISUP cannot shown. > The last line of MTP 3 Adaptation Layer looks: > Unknow parameter (tag 2 and 69 bytes value) > > Probably, the message inside of MTP3 is not parsed. > > Is it possible to show ISUP correctly? Or is it a bug? > > Help->Supported Protocols shows me that ISUP is supported. > > I tried to find some option which can help me to show ISUP but nothing result. > > I am sorry if it is a stupied question, but I am a newbie in wireshark > and I would like to understand this tool. > > I use Version 0.99.4 of WS. > ___ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] wireshark questions
Hello, Ive just installed wireshark on my windows XP machine,and Im trying to capture a packet thats on a Linux box.But,at the same time,I have a copy of packet in a pdf document on my XP machine.Here's my questions: 1)Is there a way to capture the packet from my XP machine to the linux box? 2)If not,how can I get that packet into wireshark? 3)Since I have a copy of the packet in a pdf document,can I save it in a text file and use it with wireshark? 4)or is there a way to save the file so that I can use it with wireshark? what would be the extension of the file? Ive tried to save the file using notepad as ".txt" and as ".pcap" but it just did not work with wireshark as a result,Im kinda stuck.Please help. Thank you. Ibrahima Get your own web address. Have a HUGE year through Yahoo! Small Business. http://smallbusiness.yahoo.com/domains/?p=BESTDEAL ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Wireshark sudo
I am setting up a laptop to be used as (and only as) a network analysis machine. Wireshark is set up to be run sudo root. The problem is that any capture files saved by Wireshark are owned by root with permission 600. After the non-root user runs wireshark (sudo), he needs to be able to copy or move the files. I've tried changing the umask under which the script to launch wireshark runs, but that gets ignored. So maybe it is Wireshark itself (rather then the shell) setting the permissions of saved files? ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Wireshark sudo
If the machine has /dev/bpf* you should chmod these to be readable and writable by the users instead of suexecing wireshark. On 4/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I am setting up a laptop to be used as (and only as) a network analysis > machine. Wireshark is set up to be run sudo root. > > The problem is that any capture files saved by Wireshark are owned by root > with permission 600. After the non-root user runs wireshark (sudo), he needs > to be able to copy or move the files. > > I've tried changing the umask under which the script to launch wireshark > runs, but that gets ignored. So maybe it is Wireshark itself (rather then the > shell) setting the permissions of saved files? > ___ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] wireshark questions
If you can install programs on it or if you also receive the packet going to the machine you can capture it. That depends on how the network is constructed. If you have a packet in a PDF file you have to put it in a text-file in a format Wireshark can understand. There are programs like text2pcap that you can then use. On Mon, 2 Apr 2007 21:18:39 -0700 (PDT), "Elhadj Bah" <[EMAIL PROTECTED]> said: > Hello, > > Ive just installed wireshark on my windows XP machine,and Im trying to > capture a packet > thats on a Linux box.But,at the same time,I have a copy of packet in a > pdf document on my > XP machine.Here's my questions: > > 1)Is there a way to capture the packet from my XP machine to the linux > box? > 2)If not,how can I get that packet into wireshark? > 3)Since I have a copy of the packet in a pdf document,can I save it in a > text file and > use it with wireshark? > 4)or is there a way to save the file so that I can use it with wireshark? > what would be > the extension of the file? > > Ive tried to save the file using notepad as ".txt" and as ".pcap" but it > just did not > work with wireshark as a result,Im kinda stuck.Please help. > > Thank you. > Ibrahima > > > > > Get your own web address. > Have a HUGE year through Yahoo! Small Business. > http://smallbusiness.yahoo.com/domains/?p=BESTDEAL > ___ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users -- Hans Nilsson [EMAIL PROTECTED] -- http://www.fastmail.fm - I mean, what is it about a decent email service? ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Wireshark sudo
On Tue, Apr 03, 2007 at 02:35:49PM +, [EMAIL PROTECTED] wrote: > I've tried changing the umask under which the script to launch > wireshark runs, but that gets ignored. So maybe it is Wireshark itself > (rather then the shell) setting the permissions of saved files? Yes, Wireshark sets the umask on the temporary file it uses while capturing (look for the umask() call in tempfile.c). For saved files, I believe the temporary file is simply copied over with the same permissions it was created with. Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] wireshark questions
Ive just installed wireshark on my windows XP machine,and Im trying to capture a packet thats on a Linux box.But,at the same time,I have a copy of packet in a pdf document on my XP machine.Here's my questions: 1)Is there a way to capture the packet from my XP machine to the linux box? -> If you mean, "Can I capture a packet on my Linux box, then use Wireshark on my Windows XP system to analyze that packet", the answer is "Yes". Use tcpdump to do the capture on Linux, then copy the file to your Windows system and open it there with Wireshark. Wireshark can read a number of file formats, including tcpdump. T44 l ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Encoding problem of exported .pdml file
Hello, I have been trying to export packet datas to .pdml type file from wireshark, but there are some illegal characters in exported file. for example, So, I met some errors when i parsed this .pdml file by JDK SAXParser, for example, org.xml.sax.SAXParseException: Invalid byte 2 of 2-byte UTF-8 sequence. Line number: 9428 Column number: 129 Public ID: null System ID: file:/home/workspace/PdmlParser/pdmls/112007- 03-30-13.56.08.531.pdml Invalid byte 2 of 2-byte UTF-8 sequence. How can i do? Greetings, Leon ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
