>
> > Given RTP dynamic protocol types, perhaps "Decode As..."
> > should be enhanced to support RTP, and give a list of all protocols
> > for which dissectors have been registered with the "rtp.pt" table?
>
I've been away from Wireshark development for a while, so this may be a
red herring,
I have reintegrated my changes with the latest source, and resubmitted
my patches to the bugzilla:
[PATCH] User can select dissector based on packet matching display
filter 31/1/07 -> Bug 1443
[PATCH] TShark input and output options 15/02/2007 -> Bug 1444
[PATCH] Ability to provide a file that nam
Cheers - a good suggestion.
I'm going to reintegrate my patches (separately) with the current code,
and then I'll create appropriate enhancements in bugzilla and attach
them there.
Doug
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joerg Mayer
Sent: 1
There is set of instructions that have been recently added to the
developer's guide:
http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBinary.html#ChSrcRp
m
In short:
Edit packaging/rpm/SPECS/wireshark.spec.in to set up the ./configure
settings for the RPM build the way you want
Call the roo
I worked on something in this area earlier this year (extending current
functionality to allow named subnets / partial matching - the patch has
not yet been committed.
If you turn on asynchronous name resolution (I think the dialogs may
call it concurrent) much of the speed issue with loading goes
hard van der Hoff <[EMAIL PROTECTED]> wrote:
> Douglas Pratley wrote:
> > I submitted two patches earlier this year:
> > ...
> > Can anybody tell me their current status? That is:
>
> To follow up what Doug has said, I have to say that I've found my
recent
>
e me more time to work on Wireshark!).
I'm slightly concerned that if the patches are not processed soonish
then they may become incompatible with the main source tree...
Cheers
Doug
__________
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
he instructions.
Cheers
Doug
__________
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
__
www.detica.com
http://www.detica.com/>
This message should be regarded as confidential. If
th-this --with-that
check in the report at the end of configure whether lua was included or
not.
please report success or failure.
If it fails you should send back the output of:
$ find / -name 'lua.h' -or -name 'liblua.a'
+ the config.log (gzipped please) so I can fin
#x27;lua.h' -or -name 'liblua.a'
>
> + the config.log (gzipped please) so I can find out what's wrong with
> the configure script.
>
> Thanks,
> Luis
>
>
> On 2/16/07, Douglas Pratley <[EMAIL PROTECTED]> wrote:
> >
> >
> >
>
Hi guys
I'm having trouble building a Wireshark RPM with Lua support.
I really a Windows (ugh) guy, so I may be missing something obvious.
I set up a build environment on Fedora Core 6, installed the libraries
for Lua and for ADNS and then said:
[my_ws_dir]$ ./autogen.sh
[my_ws_dir]$ ./configur
I'd recommend tackling it in two stages:
(a) Do it the "normal" Wireshark way, with a "user_decodes" file being
read from both the user settings directory and global settings directory
at startup (see Appendix A.2 of the users guide), and any changes being
saved to the user directory "user_decodes
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas
Pratley
Sent: 31 January 2007 18:27
To: Developer support list for Wireshark
Subject: [Wireshark-dev] [PATCH] User can select dissector based
on packet matching display filter
Hi guys
Following on from recent comments about being able to save "user
decodes", has anyone been working on being able to save Wireshark
settings under different "profiles"? There's some discussion of this on
the Wiki, and it would obviously be a very useful feature if user
decodes are persisted
4 mysubnet
192.168.0.2 -> mysubnet.2 (192.168.0.2)
Currently only works for IPv4.
Cheers
Doug
__________
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey |
the first 128 packets). This
applies only to TShark, as the code for reading / writing in Wideshark
is more widely distributed and I didn't have the time to analyze it
fully.
Cheers
Doug
______
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 543
shark output format
Douglas Pratley wrote:
> b) I didn't want to restrict the possible names of fields. So far, all
> the ones in Wireshark are "sensible" strings, but I can't find any
code
> that restricts them, so they might contain commas, spaces, etc.
See the loop in
For what it's worth, "wsug.validated" builds fine on my machine, both
using nmake and cygwin make.
Unless I've not noticed a commit that fixes this, perhaps this is a
problem with the build machine environment?
Apologies if you've already got that far in your debugging.
Cheers
Doug
> -Ori
without any extra work. If there is a rule (written or unwritten) that
keeps field names to be e.g. alphanumeric + '_' then this problem would
go away.
If (b) is just me being paranoid, and if anyone can come up with a good
way to encapsulate both field names and the sub-options in one st
ncapsulations (I often do).
Luis
On 2/5/07, Douglas Pratley <[EMAIL PROTECTED]> wrote:
> Hi guys
> At the moment, if Wireshark comes across an unexpected data-link level
type
> in the global header when reading a PCAP file, it completely rejects
the
> file. This doesn't
is ugly.
Cheers
Doug
__________
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
__
www.detica.com
http://www.detica.com/>
This messag
to have live DNS turned on
(with the slowdown that implies).
Can anyone confirm this? Might it be more sensible to have a setting
that allow the use of the hosts file without live DNS?
Cheers
Doug
__
Douglas Pratley
t +44 845 050 7640 | f +44
Hi all
I'm looking at implementing a feature from the Wishlist that we would
like as well: the ability to control the output of tshark e.g.
tshark -Tfields -e ip - e udp - e tcp.port
This new format would produce a line per packet, but would do full
dissection. "ip" would dump out the whole repr
tching display filter
>
> Douglas Pratley wrote:
>
> > b) Adds functionality analogous to dissector tables, but instead of
> > directing by field values, there is a list of display-filter /
> > sub-dissector pairs. A sub-dissector is called if the
> display filter
>
>
> Stephen Fisher wrote:
> > On Mon, Jan 29, 2007 at 10:22:15AM -0000, Douglas Pratley wrote:
> >
> >> Are there any other encodings / decodings it would be worth having
> >> available (uuencode? zip?). This might be better done as a full
> >&g
On Behalf Of Stephen Fisher
Sent: 30 January 2007 19:28
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] [PATCH] New menu items to copy packet data
On Mon, Jan 29, 2007 at 10:04:20AM -0000, Douglas Pratley wrote:
> Try this - the tar / gzip tools I have on Windows see
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ulf Lamping
> Sent: 28 January 2007 04:40
> To: wireshark-dev@wireshark.org
> Subject: Re: [Wireshark-dev] [PATCH] New menu items to copy
> packet data
>
> Nice work!
Thanks
>
> As usual some GU
o: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 20609:
> /trunk//trunk/:config.h.win32
>
> Douglas Pratley wrote:
> > The logic of this looks wrong to me in one sense - the
> message tells
> > you that your compiler is 14.00
Problem solved.
User error - didn't clean up properly after doing a revert.
D'oh.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas
Pratley
Sent: 30 January 2007 11:14
To: Developer support list for
Hi guys
I've developed a patch on Windows that includes some new code files. I
created the patch using Tortoise / Create Patch, copied across to a
Fedora core version 6 box and applied it using patch -p0 <
mypatch.patch.
The problem is that for the new files the original file contents appears
thr
The logic of this looks wrong to me in one sense - the message tells you
that your compiler is 14.00 when it is not (I'm still using 12.00). I
would have thought it should be reversed, so that given a compiler
number, it checks that the variant is one of the accepted values.
More importantly, I tr
> On Thu, Jan 11, 2007 at 01:59:56PM -, Douglas Pratley wrote:
>
> > This is a patch adding items to the context menus for the
> packet list
> > and packet details panes for copying packet data to the clipboard.
>
> I've checked in your changes as SVN revis
May I suggest that a section is added to the Developers Guide and / or
Readme.developer that just points out that the documentation source _is_
part of the Wireshark source and can be found in /docbook and built
according to the instructions in the readme there. And that people are
expected to upda
data
>
> On Mon, Jan 22, 2007 at 10:54:44AM -, Douglas Pratley wrote:
>
> > > The documentation here needs to be updated with new
> screenshots and
> > > text:
> >
> > OK - I'll get this done and send in a patch for the
> documentation. Are
data
>
> On Thu, Jan 11, 2007 at 01:59:56PM -, Douglas Pratley wrote:
>
> > This is a patch adding items to the context menus for the
> packet list
> > and packet details panes for copying packet data to the clipboard.
>
> Looking good so far. I fixed a few w
.
> (gdb) p *yypminor
> $1 = {yy0 = 0x8583d38, yy29 = 0x8583d38, yy44 = 0x8583d38
> "smil8=X\b:10", yy59 = 0x8583d38, yy81 = 14568}
> (gdb)
>
> On 1/16/07, Luis Ontanon <[EMAIL PROTECTED]> wrote:
> > They commited what we got in rev 20447.
> >
> > A
I get a similar crash under Windows. I'm having trouble reverting back
to a "good" baseline without losing today's work, so it would be great
if this could be fixed... I'm afraid I can't work out quite what the
dependencies are here.
Cheers
Doug
-Original Message-
From: [EMAIL PROTECTED]
Hi
I don't think there is (if I am wrong, please someone tell me!). I am
currently working on allowing the user to force the selection of the
next dissector using display filters (initially for TCP and UDP), which
I think would do what you want. You would use the display filter
"tcp.port" for all
<>
Hi
This is a patch adding items to the context menus for the packet list
and packet details panes for copying packet data to the clipboard.
New menu item on packet list pane:
Copy (sub menu) ->
Summary (Text) Copies fields displayed in the packet
list, tab separated
Looks like this is related to revision 20388 - changing decryption keys to use
GByteArray rather than GString for SSID in epan\crypt\airpdcap_user.h. Not sure
why it only affects Windows. Nothing to do with MSVC version (as stated
already).
As I'm not using airpdcap I "fixed" this for my build
local http_dissector = tcp_port_table:get_dissector(80)
for port in {4888,4889,4890,4891} do
tcp_port_table:add(port,http_dissector)
end
end
On 1/5/07, Douglas Pratley <[EMAIL PROTECTED]> wrote:
> Thanks for that.
>
> I might see if there is a sensible wa
: [Wireshark-dev] Are user decodes persisted?
On Thu, Jan 04, 2007 at 04:50:46PM -, Douglas Pratley wrote:
> Does anyone know whether or not "User Decodes" are persisted between
> Wireshark sessions? As far as I can tell they are not. I'm working on
> extendin
7;t have to update persistence
functionality to be consistent...
Cheers
Doug
__________
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
__
www.de
Hiya
One thing I'd would like to able to do (and there seemed to be some
demand for it in recent mails in the users list) is to be able to select
an "unexpected" protocol to "Decode As" in the GUI on the fly.
Playing around in the code and with Lua, this looks quite easy as a one
off - just grab
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris
> Sent: 20 December 2006 10:36
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Microsoft Visual C Version 6
> support is a bitoutdated ...
We went through upgrades from MSCV 6 -> 7.1 -> 8 in my last job. The
only real problem we ran into (apart from all the code tweaks in the C++
to make it compile 6 -> 7.1, which is not relevant here) was in passing
dynamically allocated memory across binary boundaries.
If everyone has followed the
Thanks for the feedback.
> Having two Copy menu items in the details context menu might
> be too much, however, "remixing" the copy menu items will be
> easy once the functionality is settled, so the menu structure
> shouldn't be a problem.
Yep; I'll just get something working and see how it
Hiya
There are a few items in the Wishlist about being able to copy packet
data to the clipboard that I'm thinking of having a go at (partially)
implementing. I'm not going to look at actually being able to edit the
packet list, just being able to get data out of Wireshark.
I don't want to change
Unfortunately, I don't think Wireshark can't quite do what you want.
I am assuming that you have the protocol stack:
Ethernet -> maps to next layer by "Ethertype" field
IP -> maps to next layer by "Protocol" field
UDP -> maps to next layer by "Port" field
As Sebastien said, the UDP dissector
"Seconds since 1970-01-01 00:00:00 GMT: 1234567890.123456" (should that
be UTC?)
is quite a long menu item. I think that there is also an advantage in
having the word "epoch" in there as it ties to the command line 'e'
sub-switch to '-t' and the names in the code.
I'd favour
"Seconds since UN
fractions) since epoch
On Mon, Dec 04, 2006 at 03:59:09PM -, Douglas Pratley wrote:
> Corrected patch; epan/column.c and epan/column_utils.c were not
> included. This one has now been properly tested against a clean
> checkout of today's code.
>
> - New menu option available
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent s
time
difference means no-one has wasted any time on this yet.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas
Pratley
Sent: 04 December 2006 13:37
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Patch adding option to display ti
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
Cheers
Doug
This message should be regarded as confidential. If you have
I love the smell of pedantry in the morning; smells like - home. ;-)
I was planning to have the fractional precision user-configurable in
line with the other timestamp display formats.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris
Sent: 02
The wiki tips page has a couple of useful sections on debugging and setting up
browse info for MSVC.
http://wiki.wireshark.org/Development/Tips
I've also done it by creating a dummy static library project and using
Wireshark as the "program" under the debug settings (useful for putting a
y, or have objections to the idea?
Regards
Doug
______
Douglas Pratley - Senior Software Engineer
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
__
www.detic
not quite - the compiler still disables breakpoint in the dissector, as it
fails to see
the (symbolic) connection. Methinks you need .bsc files for that, which MSVC
generates when you compile from the IDE, but apprently nmake does not.
any ideas?
Douglas Pratley <[EMAIL
ne of the dissectors - e.g.
packet-h263.c etc. How to I get to the situation I can single step through
those?
thanks
Douglas Pratley <[EMAIL PROTECTED]> wrote:
[Apologies if this message appears twice - I am having some trouble
persuading exchange to be consistent about which S
[Apologies if this message appears twice - I am having some trouble persuading
exchange to be consistent about which SMTP address it uses for outgoing email,
and my first try bounced as a non-menber]
The wiki tips page has a couple of useful sections on debugging and setting up
browse inf
60 matches
Mail list logo
