[Wireshark-dev] Implementing my own dissector that uses SSL for authentication and encryption.

Hi, I have to write a dissector for a proprietary protocol. The protocol uses SSL and thus runs on top of TCP. The port is decided by the client. I have 2 questions: 1. Do I need to write a Heuristic Dissector? 2. How do I handle the encrypted data? Any suggestion please. Abhinav Kumar

[Wireshark-dev] query regarding register of protocol

Hi, If I have two protocols A and B, is it possible to register the handle of protocol B in the protocol table of A and to register the handle of protocol A in the Protocol table of B at the same time. Regards Rahul Rohit

Re: [Wireshark-dev] query regarding register of protocol

On Wed, Feb 19, 2014 at 9:37 AM, Rahul Rohit rahul.ro...@aricent.com wrote: Hi, If I have two protocols A and B, is it possible to register the handle of protocol B in the protocol table of A and to register the handle of protocol A in the Protocol table of B at the same time. Absolutely.

[Wireshark-dev] What clang analyzer version do the auto-bots use?

Howdy, Does anyone know what clang static analyzer checker-XXX version is used by the bots, for example for this: http://www.wireshark.org/download/automated/analysis/scan-build-2014-02-18-1/ I ask because I'm trying to cleanup some of the ones in wslua, and I don't get the same errors when

Re: [Wireshark-dev] What clang analyzer version do the auto-bots use?

Le mercredi 19 février 2014, Hadriel Kaplan hadriel.kap...@oracle.com a écrit : Howdy, Does anyone know what clang static analyzer checker-XXX version is used by the bots, for example for this: http://www.wireshark.org/download/automated/analysis/scan-build-2014-02-18-1/ I ask because I'm

[Wireshark-dev] displaying header field without filtering capability

I'm trying to add a header field for spare bytes in a custom dissector. Currently, I'm creating a header field for a 'Spare' data element in a 'Status' message, as shown in the example below: \code snippet { hf_Spare, { Spare, msg.Status.Spare, FT_UINT8, BASE_HEX, NULL,

Re: [Wireshark-dev] displaying header field without filtering capability

You could use proto_tree_add_text but that is strongly recommended against. Why do you want to explicitly disallow filtering? If the field is reserved and not important you could just not add any item at all, and skip that byte entirely... On Wed, Feb 19, 2014 at 4:17 PM, John Dill

Re: [Wireshark-dev] displaying header field without filtering

Message: 6 Date: Wed, 19 Feb 2014 17:24:11 -0500 From: Evan Huus eapa...@gmail.com To: Developer support list for Wireshark wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] displaying header field without filtering capability Message-ID:

Re: [Wireshark-dev] displaying header field without filtering

On Wed, Feb 19, 2014 at 5:57 PM, John Dill john.d...@greenfieldeng.com wrote: Message: 6 Date: Wed, 19 Feb 2014 17:24:11 -0500 From: Evan Huus eapa...@gmail.com To: Developer support list for Wireshark wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] displaying header field without

Re: [Wireshark-dev] displaying header field without filtering

On Feb 19, 2014, at 4:03 PM, Evan Huus eapa...@gmail.com wrote: It was at one point (long ago before wireshark had filtering) the default API, so it is in a lot of old code. People often use it by mistake when they *want* filterable items. It's also not quite as abstract, since the data must

Re: [Wireshark-dev] What clang analyzer version do the auto-bots use?

On 2/19/14 12:55 PM, Alexis La Goutte wrote: Le mercredi 19 février 2014, Hadriel Kaplan hadriel.kap...@oracle.com mailto:hadriel.kap...@oracle.com a écrit : Howdy, Does anyone know what clang static analyzer checker-XXX version is used by the bots, for example for this: