Hi All,
i start this thread as a parallel discussion to the ongoing startup speed
assembler usage considerations.
As goes for me, i'm using Wireshark on a daily basis.
What i do most often is open a capture file (via clicking on the
file), reading rapidly through it, look at some frames, close
Hi,
it sounds good!
But I can imagine that it will not be easy task.
To define dependency somehow, check them and fulfil them during runtime
could be quite difficult.
Based on my past investigations it seems that it is possible to reduce
time spent in fields registration
... the option menu offering various link-layer types in the Capture
options dialog box lets you select.
Version 0.99.6a (SVN Rev 22276) seems to have HAVE_PCAP_LIST_DATALINKS *NOT*
compiled in. Is that correct? Do I need to compile my own version of
wireshark to use this feature? I am trying to
RE: the device-specific configuration requirement - I wasn't really thinking
of making wireshark itself offering native configuration for my device.
Instead I was merely thinking of some generic way of enabling wireshark to
allow the user to invoke my own device-specific UI (i.e. dialog) in some
Hi Thomas,
thanks a lot for the fast answer!
As you said, I had to insert [n] IMPLICIT into each sequence element
to make it work.
Best regards,
Martin
On Nov 20, 2007 7:41 PM, Kukosa, Tomas [EMAIL PROTECTED] wrote:
Hi,
unfortunately the asn2wrs does not support AUTOMATIC TAGS now.
The
Yes, but you'd need to use a DLT_ value that maps to
WTAP_ENCAP_PPP_WITH_PHDR. There currently isn't one.
It looks like I'll need to request a number of DLT_ values then to map onto
the following then:
WTAP_ENCAP_PPP_WITH_PHDR
WTAP_ENCAP_CHDLC_WITH_PHDR
WTAP_ENCAP_FRELAY_WITH_PHDR
as well as
To begin with,
From the output listed it looks like your using a flavor of Visual
Studio 2005 (VS 8.0). It is still recommended to use VS 6.
I have not tried using VS 2005 to build Wireshark. I know that some
developers on the Wireshark-dev list have successfully built Wireshark
with VS 2005.
If I filter conversation from the context menu or the Conversations dialog it
crates filter in following way (or similar):
ip.addr==ADDR1 and ip.addr=ADDR2 and tcp.port==PORT1 and tcp.port==PORT2
Unfortunaty it matches to two TCP streams ADDR1:PORT1-ADDR2:PORT2 and
ADDR1:PORT2-ADDR2:PORT1
and
That's not a modification of packet.dll; it's just using
PacketGetAdapterNames() as the call on Windows, just as you use various
ioctls or getifaddrs() on various UN*X systems. packet.dll is to
WinPcap as the various low-level platform-specific capture mechanisms
are to various UN*X systems.
Try somthing along the lines of ip.src==ADDR1 and ip.dst=ADDR2 and
tcp.srcport==PORT1 and tcp.dstport==PORT2.
So not a bug.
Andy.
Kukosa, Tomas [EMAIL PROTECTED]
To
wireshark-dev@wireshark.org
cc
bcc
Subject
[Wireshark-dev] Conversation filters
Kukosa, Tomas [EMAIL PROTECTED]
Please
Hi,
Sounds good to me.
Thanx,
Jaap
Kukosa, Tomas wrote:
Does it make sense to do all those sanity checks only if a special
command-line flag is supplied to TShark, so that the checks
are done as
part of the build process, rather than being done every
time you run
Wireshark or TShark?
Hi,
There are two roadblocks in this reasoning, which come to light on the
Win32 platform specifically:
1. Not all used functions are exported, so the dynamic linking won't
work with the current code.
2. Exporting data items from one DLL and using them in another won't
work. This will require
Just a quick update on the release: The 0.99.7 trunk was branched off
yesterday, and 0.99.7pre1 should be out in the next couple of hours.
If any commits after 23524 need to go into the release, please add them to the
0.99.7 Pending section in http://wiki.wireshark.org/Development/Roadmap .
On 20. nov.. 2007, at 23.51, Didier wrote:
It's called because the packet is selected and a redissection is
triggered
with old frame states (like visited) but only after dissector tables
have
been updated. ie wireshark outputs junk.
Yup. And your patch seems to fix. Will commit.
James Menzies wrote:
It would be greatly appreciated it if the following minor patch could be
applied. This corrects two long standing issues with the Visual
Networks file type in PPP and ML-PPP environments.
And causes bug 2005:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wireshark 0.99.7pre1 is now available for testing. Source code and a
Windows installer can be downloaded immediately from
http://www.wireshark.org/download/prerelease/wireshark-0.99.7pre1.tar.gz
On 14. nov.. 2007, at 22.24, Graeme Lunt wrote:
I think your patch is correct - but should adopt Tomas suggestions:
a) use the *_ref_present members; and
b) try to do a presentation context lookup if an indirect reference is
found.
I find three ways to implement handling of the
It would be nice to be able to split each dissector into two source
files... one with the actual dissector code, and one with the
registration/cross-reference logic.
All the cross-reference logic is loaded into Wireshark at run-time.
Only when protocols are actually seen in a file does the
On Thu, Nov 22, 2007 at 10:19:10AM +0530, Gilbert Ramirez wrote:
It would be nice to be able to split each dissector into two source
files... one with the actual dissector code, and one with the
registration/cross-reference logic.
All the cross-reference logic is loaded into Wireshark at
What I was visualizing was basically turning all dissectors into
plugins, too, since they would be dynamically loaded on-demand. But we
need to know when to load them, so we have to load *something* from
each dissector. That's what I meant about the registration stuff.
Split the main code of the
On Thu, Nov 22, 2007 at 10:44:18AM +0530, Gilbert Ramirez wrote:
My motivation is not the same... I'm more worried about the memory
being used by wireshark, rather than the startup-time. Why load some
of the bigger dissectors into memory if I'm never going to use them?
How much memory does a
Hi,
On Wed, 21 Nov 2007 09:39:02 +0100, Kukosa, Tomas wrote
Hi,
sorry for my delay but I was little bit busy during last days.
What I have done:
I have renamed and made few new functions in proto.c for more
comfortable profiling.
g_strcmp() renamed to wrs_strcmp()
g_str_hash() from
I compile Wireshark using both VS 2005 and VS 2005EE and do not run into
problems like this. What version of cygwin sed are you using? Mine is ver
4.1.5-2.
There are no special settings you need to setup to build with VS 2005
(either version) other than updating config.nmake to reflect which VC++
23 matches
Mail list logo