[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 --- Comment #8 from Christopher Maynard --- (In reply to Betty DuBois from comment #6) > You rock Chris! This is exactly the direction I wanted to go. I only know a > nano smidge about Lua, so it had not occurred to me to use it. It tested > perfectly for me this morning. Thanks. Happy to help and I'm glad it's working. I still don't know Lua all that well myself, but enough to be dangerous. > What about adding two new tabs in Endpoints - IP4 Summary and IP6 Summary, > that total like your script but still have all the functionality of the > Endpoints. The hard part would be adding the CIDR, but then you could use > the 'limit to display filter'. Keep in mind that the Lua script is only a stop-gap solution until this capability is added to Wireshark by someone, assuming that happens. Sometimes that can take awhile though, so it's nice to have *something* available in the meantime. The built-in Wireshark feature would presumably work with the current display filter too. Maybe it's possible to get that to work in Lua too, but I'm currently at a loss as to how. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 Christopher Maynard changed: What|Removed |Added Attachment #17958|0 |1 is obsolete|| --- Comment #7 from Christopher Maynard --- Created attachment 17959 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17959&action=edit Lua Subnet Statistics Tap (with sorting fixed) This version should fix the subnet sorting problem. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 --- Comment #6 from Betty DuBois --- You rock Chris! This is exactly the direction I wanted to go. I only know a nano smidge about Lua, so it had not occurred to me to use it. It tested perfectly for me this morning. What about adding two new tabs in Endpoints - IP4 Summary and IP6 Summary, that total like your script but still have all the functionality of the Endpoints. The hard part would be adding the CIDR, but then you could use the 'limit to display filter'. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 --- Comment #5 from Christopher Maynard --- Created attachment 17958 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17958&action=edit Wireshark Lua Tap that displays subnet statistics in a UI menu I don't know if this Lua tap helps or not, but it displays statistics similar to the Endpoints dialog, except by subnet. Notably, it does *not* suffer from the bug identified in Bug 16796. In any case, there are some known deficiencies enumerated below, and there certainly could be other bugs lurking in the tap too. I'm also sure other improvements could be made - this is after all the first "release", and I started from another tap I had written previously, so some additional cleanup could probably be made to it as well. Anyway, it's just a text file, so you're free to take a look at it to find out how it works if you're curious and even tweak it as you see fit, if you so choose. To use it, save it in the Personal Lua Plugins directory, which you can find from Wireshark's "Help -> About Wireshark -> Folders -> Personal Lua Plugins". On my system, this is %APPDATA%\Wireshark\plugins. You must restart Wireshark for the Lua script to be loaded. After loading a capture file, you can generate the Subnet Statistics by choosing, "Tools -> Subnets Statistics". You may have to manually resize the dialog so the text doesn't wrap; I don't know how to get Wireshark to auto-size it properly to avoid this. Other notes about the tap: Currently, that tap doesn't even attempt to deal with tunneled addresses, only the outermost IP header. I've intentionally avoided this for now. It *should* be feasible to enhance the tap to add support for this though, but I just haven't given it enough thought yet. If there's any interest in this, let me know and I'll see what I can come up with ... I've included a "Copy" button so you can copy the text to the clipboard and paste it elsewhere. Unfortunately, while the text seems well-aligned in the dialog itself, copying/pasting it elsewhere loses the alignment, even when switching to a fixed-width font. I don't know how to fix this either. Currently, the statistics is generated against all IP packets where an "ip.addr" field is present. I have been unable to figure out how to limit the statistics to the current display filter only, even though there's a global get_filter() function available which seemed promising but ultimately failed to produce the desired results. Either there's a bug here somewhere in Wireshark Lua code or I'm failing to understand how to use this function properly. The subnets are *supposed* to be sorted, but that's not working correctly yet. Unlike the Endpoints dialog, all packet and byte counts are displayed in actual values. For example, instead of seeing a large number like 28K, you'll see the actual value, i.e., 27987. Finally, the tap is written in Lua, so don't expect it to be fast, especially when run on a large capture file. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 --- Comment #4 from Betty DuBois --- Created attachment 17956 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17956&action=edit screenshot of how it would look in Excel -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 --- Comment #3 from Betty DuBois --- Created attachment 17955 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17955&action=edit screenshot of current Endpoints with annotation -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 --- Comment #2 from Betty DuBois --- (In reply to Chuck Craft from comment #1) > Is this something you could mock up in Excel (or similar) using the Copy->as > CSV for data and then attach screen shots of existing and desired? I've attached screenshots. Pivot tables would have been easiest to work with in Excel, but I've long forgotten how to do those. Here is a link to my spreadsheet, https://1drv.ms/x/s!AiZgmY_rJQkZlPRqqbxoKPAj8ew1YQ?e=lWxsMZ Now that I look at it, by cidr would not be the only way to group that would be awesome. By ASN, country or organization would be pretty fantastic too. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
[Wireshark-bugs] [Bug 16795] Endpoints - Allow user to enter the number of masked bits and then group by subnet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16795 Chuck Craft changed: What|Removed |Added CC||[email protected] --- Comment #1 from Chuck Craft --- Is this something you could mock up in Excel (or similar) using the Copy->as CSV for data and then attach screen shots of existing and desired? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
