Hi,
How to figure out if a fix for an issue like the one mentioned by John
above is part of a Wireshark release? And what Wireshark release is
part of...
Thank you,
Cristian
On Sat, Dec 23, 2023 at 4:45 AM John Thacker wrote:
>
> On Thu, Dec 7, 2023 at 3:32 AM Cristian Constantin via Wir
John Thacker wrote:
>
> On Thu, Dec 7, 2023 at 3:32 AM Cristian Constantin via Wireshark-dev
> wrote:
>>
>> Hi Jeff,
>>
>> Yes, after enabling the respective protocol decoding option, SCTP
>> association analysis works.
>> SCTP association analysis is _qu
isplay mode, without HiDPI, with
LC_TYPE=en_US.UTF-8, binary plugins supported (19 loaded).
Wireshark is Open Source Software released under the GNU General Public License.
Thanks,
Cristian Constantin
___
Sent via:Wireshark-
> On Wed, Dec 6, 2023 at 12:15 PM Cristian Constantin via Wireshark-dev
> wrote:
>>
>> Hi,
>>
>> I am trying to look at all SCTP associations (lots of them) in an pcap.
>> However, none of the "Analyse/SCTP/..." menu options work correctly.
&g
Hi,
I am trying to look at all SCTP associations (lots of them) in an pcap.
However, none of the "Analyse/SCTP/..." menu options work correctly.
It shows only _one_ association whereas there are many in the pcap.
Pls. see an attachment with a screenshot of "Analyse/SCTP/Show All...".
What
Hi Uli,
> > 1. Is this issue known? I tried to look it up on gitlab but I did not
> > find anything relevant. Should I file an issue on gitlab?
>
> Yes, please open a new issue for this using the bug template. Please attach a
> sample capture to reproduce the bug.
The biggest problem with the
Hi!
Wireshark crashes while decoding relatively large (~20 MBytes)
captures with RDP traffic.
Here is how the stack trace looks like (only frames 0-26, since there
are 90 frames in the core dump):
(gdb) bt
#0 __memmove_avx_unaligned_erms () at
hi!
I am using wireshark:
wireshark 1.8.6
Copyright 1998-2013 Gerald Combs ger...@wireshark.org and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+
On Fri, Mar 29, 2013 at 6:19 AM, Hadriel Kaplan hkap...@acmepacket.comwrote:
Hi Cristian - thanks for example script!
Comments inline...
On Mar 20, 2013, at 1:11 PM, Cristian Constantin
const.cr...@googlemail.com wrote:
hi!
I attach a lua script that can extract and dump
On Thu, Apr 4, 2013 at 3:59 PM, Cristian Constantin
const.cr...@googlemail.com wrote:
On Fri, Mar 29, 2013 at 6:19 AM, Hadriel Kaplan hkap...@acmepacket.com
wrote:
Hi Cristian - thanks for example script!
Comments inline...
On Mar 20, 2013, at 1:11 PM, Cristian Constantin
const.cr
hi!
I attach a lua script that can extract and dump in a separate file
isup payloads from either sigtran or ss7 packets.
it is based on a script that manipulates ascii text from tcp packets found here:
http://ask.wireshark.org/questions/4639/extracting-soap-xml-payload?page=1#4835
it can be
On Sat, Mar 16, 2013 at 11:46 PM, Hadriel Kaplan hkap...@acmepacket.com wrote:
From: Cristian Constantin const.crist@xx
Date: Fri, 15 Mar 2013 19:24:39 +0100
I am trying to access from a lua script the length indictator field of
the mtp2 protocol.
1. yes, I am sure
hi!
I am trying to access from a lua script the length indictator field of
the mtp2 protocol.
1. yes, I am sure that the capture contains ss7 mtp2 traffic
2. yes, I am sure that the filter selects the ss7 mtp2 traffic.
3. I am using wireshark:
wireshark -v
wireshark 1.8.2
Copyright 1998-2012
cristian: if I need tag as a number I should use:
tonumber (tostring (tag))
right?
On 8 Mar 2013 22:17, Hadriel Kaplan hkap...@acmepacket.com wrote:
On Mar 8, 2013, at 6:40 AM, Cristian Constantin
const.cr...@googlemail.com wrote:
cristian: thanks a lot tony and hadriel. it works. otoh I
??
tonumber() won't work on t,i as they are, returning nil...
it works after removing them with the string pattern match/replace.
On Thu, Mar 7, 2013 at 3:04 AM, Tony Trinh ton...@gmail.com wrote:
On Wed, Mar 6, 2013 at 7:02 AM, Cristian Constantin
const.cr...@googlemail.com wrote:
hi!
some protocols
On Thu, Mar 7, 2013 at 3:04 AM, Tony Trinh ton...@gmail.com wrote:
function tap.packet()
local lengths = { param_len() }
for i,len in ipairs( lengths ) do
print( '['..i..']', len )
end
end
cristian: hi again. thanks again for the example.
anyway, in case of:
- multiple sctp
hi!
some protocols are structured in chunks which have the same structure
but differ in content.
examples:
- diameter (avps)
- sigtran suite (parameters)
- sctp (data chunks)
how to access with lua a certain field in such a chunk? NOT necessarly
the first.
for example, using:
local param_len
On Thu, Nov 29, 2012 at 12:44 AM, Guy Harris g...@alum.mit.edu wrote:
On Nov 28, 2012, at 6:53 AM, Cristian Constantin const.cr...@googlemail.com
wrote:
what I do not understand is why are functions like:
dissector_try_heuristic
guint8_pbrk
dissect_sip_common
called since:
1
hi!
I have used oprofile for profiling loading a pretty large sctp capture.
the sctp chunks are filled with zeroes (i.e. there is NO application
protocol involved)
here is the main part of the call trace:
CPU: AMD64 family10, speed 3e+06 MHz (estimated)
Counted CPU_CLK_UNHALTED events (Cycles
On Tue, Nov 13, 2012 at 9:15 PM, Alexander Koeppe forma...@online.de wrote:
Am 12.11.2012 11:41, schrieb Cristian Constantin:
hi!
I am just a bit confused about the way the tcp graphs are presented to
the user.
I am using debian/Version 1.6.5
1. tcp. if one selects (for example
hi!
I am just a bit confused about the way the tcp graphs are presented to the
user.
I am using debian/Version 1.6.5
1. tcp. if one selects (for example):
Statistics/TCP Stream Graph/Window Scaling Graph
from the main menu, one gets the graph from the perspective of the endpoint
which is
cristian: done. here is the bug report:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6794
On Sat, Feb 4, 2012 at 12:43 PM, Anders Broman a.bro...@bredband.net wrote:
Please add your patch as it is so we can have a look at it.
Regards
Anders
Cristian Constantin skrev 2012-02-03 15:19
hi!
wireshark can draw call flows for sip voip calls
(accessible through the menu Telephony/VoIP Calls).
however, when the capture is large, containing tens of
thousands of sip voip calls, wireshark becomes very slow
at producing the list of calls and the call flows.
here are my experiences
...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Cristian Constantin
Sent: den 3 februari 2012 14:54
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] slow sip voip flow for large captures
On Fri, Feb 3, 2012 at 1:44 PM, Anders Broman anders.bro
hi!
in the case that two hosts host_a and host_b are communicating using:
* tcp as a transport protocol
* ip addresses: ip_addr_host_a, ip_addr_host_b
* tcp ports (always!): tcp_port_host_a, tcp_port_host_b
and the tcp connection is NOT persistent (i.e. it is explicitly terminated and
started
hi!
I am using wirehsark 1.2.1 on debian.
I am attaching an capture where wireshark fails to decode an
map payload which contains an asn1 tag with a value of 278.
I assume that it should be able to decode it since it is
a reply to a request that wireshark correctly decoded; it has
also
On Thu, Dec 17, 2009 at 06:06:03PM +0100, Cristian Constantin wrote:
hi!
I am using wirehsark 1.2.1 on debian.
I am attaching an capture where wireshark fails to decode an
map payload which contains an asn1 tag with a value of 278.
cristian: sorry, the tag value is 150.
I assume
On Thu, Aug 20, 2009 at 12:56:54PM +0200, Michael Tüxen wrote:
On Aug 20, 2009, at 11:47 AM, Cristian Constantin wrote:
hi!
I am trying to plot the tsns in an association's data flow; anyway the
result is not what I expect. here are some details:
0. wireshark on linux/debian:
c
-boun...@wireshark.org] För Cristian Constantin
Skickat: den 27 januari 2009 18:28
Till: wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] map decoding problems
hi!
I have seen some problems in wireshark when decoding the response of an
SendRoutingInfo (locationInfoRetrievalContext-v3
On Wed, Jan 28, 2009 at 12:09:37PM +0100, Anders Broman wrote:
On Tue, Jan 27, 2009 at 09:33:26PM +0100, Anders Broman wrote:
Hi,
I have checked in a fix in revision 2731, formally I think the frame
is wrongly Encoded as the tag [3] is missing but from comments in the
code It looks like
On Wed, Jan 28, 2009 at 12:09:37PM +0100, Anders Broman wrote:
On Tue, Jan 27, 2009 at 09:33:26PM +0100, Anders Broman wrote:
Hi,
I have checked in a fix in revision 2731, formally I think the frame
is wrongly Encoded as the tag [3] is missing but from comments in the
code It looks like
hi!
I have seen some problems in wireshark when decoding the response of an
SendRoutingInfo (locationInfoRetrievalContext-v3). the asn1 def of this
is:
SendRoutingInfoRes ::= [3] SEQUENCE {
imsi[9] IMSIOPTIONAL,
-- IMSI must be present if SendRoutingInfoRes is not
32 matches
Mail list logo