Re: [Wireshark-dev] SCTP association analysis & selection does not work correctly

On Wed, Dec 6, 2023 at 12:15 PM Cristian Constantin via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Hi, > > I am trying to look at all SCTP associations (lots of them) in an pcap. > However, none of the "Analyse/SCTP/..." menu options work correctly. > It shows only _one_ association

Re: [Wireshark-dev] Changes to the plugin registration API

On Mon, Dec 4, 2023 at 9:53 AM João Valverde wrote: > > On 04/12/23 14:32, Anders Broman wrote: > > Hi, > > Company plug-ins may have restrictive license as the purpose is to > > only use them internally no public usage "secret" code for proprietary > > protocols under patents or IPL. Do we

Re: [Wireshark-dev] Future of Wireshark's Debian packaging scripts in the main repository

On Wed, Nov 22, 2023 at 11:54 AM João Valverde wrote: > > On 22/11/23 15:37, John Thacker wrote: > > On Wed, Nov 22, 2023 at 9:40 AM João Valverde wrote: > >> >> There are a myriad issues I have touched upon. To recap, in my opinion, >> if we want to provide public shared libraries

Re: [Wireshark-dev] proto_item_append_text info not being picked up when extracting fields via tshark

On Wed, Oct 12, 2022 at 2:31 PM Richard Sharpe wrote: > On Wed, Oct 12, 2022 at 11:10 AM Richard Sharpe > wrote: > > > > Hi folks, > > > > As a result of a recent issue and MR I suggested the use of tshark to > > extract some info but it does not work. > > > > I suggested this: > >

Re: [Wireshark-dev] CARES to old for CentOS8?

On Fri, Sep 30, 2022 at 5:50 AM Dario Lombardo wrote: > Hi Anders, > unfortunately this is a hairy issue. Redhat's policy about security is a > bit puzzling. They patch (as told before) old versions to make them not > vulnerable, maintaining the same version number. This is weird since being >

Re: [Wireshark-dev] CARES to old for CentOS8?

Also keep in mind that if RHEL decides to fix the CVE(s) in question in version 8 of their OS, they would likely apply the fix for the CVE to the version of CARES that they are already shipping (i.e., they'd create a version like 1.13.0. rather than upgrading to 1.14.x). They work hard to avoid

Re: [Wireshark-dev] Create tshark rpm

The .spec file has (or at least had) both runtime and build-time dependencies in it. I'm guessing cmake is one of those packages you manually built (so: it's not installed via RPM, which is what BuildRequires look at) so just comment out the BuildRequires: cmake line (or whatever it is). On Fri,

Re: [Wireshark-dev] ask.wireshark.org RSS feed

On Wed, Apr 1, 2020 at 5:57 PM Maynard, Chris via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > I don’t seem to be receiving any messages for ask.wireshark.org via the > RSS feed anymore. Am I the only one who seems affected by this or has > anyone else noticed this too? > > I looked at

Re: [Wireshark-dev] q on catching error in sub-dissectors.

We've been having fun with multiple PDUs in a single IP frame with SCTP for years. While there's room for improvement it's worked pretty well. On Tue, Jan 21, 2020 at 9:58 AM João Valverde < joao.valve...@tecnico.ulisboa.pt> wrote: > By the way usually a tunnel encapsulates a single packet. I'm

Re: [Wireshark-dev] Building a custom rpm from the source tarball, post 3.0

Known bug but I thought it was still unfixed: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15167 Haven't checked in a while... On Thu, May 16, 2019 at 3:18 AM Dario Lombardo wrote: > If I'm not mistaken, that's a known bug. It should be fixed by > >

Re: [Wireshark-dev] Lua debug statement not working in Wireshark 3

On Fri, Apr 26, 2019 at 4:20 AM David Aldrich wrote: > Hi > > Since upgrading to Wireshark 3 my lua dissector reports error: > > "attempt to call global 'debug' (a table value)" > > for line: > > debug("PRB #" .. prb_index) > > Why is this? (Sorry if this has been asked before). > See the 3.0

Re: [Wireshark-dev] Not seeing FOO Dissector in wireshark after successful build

I'd suggest running without the `sudo`. Capture with dumpcap and analyze your protocol with your freshly-built dissector. Or: make it a built-in dissector (in epan/dissectors/) rather than a plugin. On Mon, Apr 22, 2019 at 12:59 PM Abhisek Techie wrote: > Hi, > > Any suggestions for the below

Re: [Wireshark-dev] How to improve LUA dissector performance?

On Mon, Apr 15, 2019 at 9:04 AM David Aldrich wrote: > I haven't seen any answers to my question below. Any thoughts please? > > Hi >> I have written a LUA dissector that analyses large packets that consist >> of control information and IQ data (complex numbers). Until recently I >> displayed

Re: [Wireshark-dev] Release lifetime and version number changes?

On Thu, Apr 11, 2019 at 6:55 PM Gerald Combs wrote: > We currently have three active release branches: 3.0, 2.6, and 2.4. This > is because we support each release branch for a set amount of time > (typically 24 months after the initial .0 release) and our last three .0 > releases were less than

Re: [Wireshark-dev] Wireshark 3.0.1 build warning on Windows

On Wed, Apr 10, 2019 at 6:20 PM Maynard, Chris wrote: > > Is it intentional that we're not building with the "fail on warnings" > flag on the > > 3.0 Windows buildbot? > > Good question. I think it is, but maybe for a very old reason that nobody > can remember? > It's because we don't want

Re: [Wireshark-dev] Q site: not (or rarely) getting emails for followed questions

that? On Mon, Mar 11, 2019 at 11:55 AM Maynard, Chris wrote: > Can you check your “email alerts” settings? > > - Chris > > > > > > *From:* Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] *On > Behalf Of *Jeff Morriss > *Sent:* Monday, March 1

[Wireshark-dev] Q site: not (or rarely) getting emails for followed questions

Hi list, I've noticed with the new Q site that I seem to never get emails when questions that I've followed are updated. Except sometimes I do... But I can't figure out what the pattern is. The latest example is:

Re: [Wireshark-dev] Wireshark on Kali linux

On Thu, Feb 7, 2019 at 7:51 AM Graham Bloice wrote: > On Thu, 7 Feb 2019 at 10:34, Dario Lombardo wrote: > >> +1 from me for this as well. The warning should be there for anyone not >>> realizing that this is dangerous, but having the option to mute that >>> warning for people who know (or

Re: [Wireshark-dev] Memory leak debugging - current master passes all tests!

On Mon, Jan 28, 2019 at 4:03 PM Peter Wu wrote: > If you have not already, consider enabling ASAN by default in your > development builds (cmake -DENABLE_ASAN=1). It works on Linux and macOS, > but not with MSVC. ASAN detect memory safety issues (use-after-free, > double-free, buffer overflows,

[Wireshark-dev] TCP Continuation - with reassembly turned off

Hi list, Looking a capture file[1] I've noticed something funny in master: even if I turned off the TCP reassembly preference (Allow subdissector to reassemble TCP streams) I still get "[Continuation to #]" in the Info column and the payload is not handed to the subdissector. [1]

Re: [Wireshark-dev] GDB / Fuzz test ?

On Mon, Nov 12, 2018 at 4:42 AM Dario Lombardo wrote: > On Mon, Nov 12, 2018 at 9:40 AM Antoine d'Otreppe > wrote: > >> 2. I used the fuzz-test.sh, looks nice, but how many passes should I run >> to have adequate testing? >> > > That's an interesting question. I don't recall how many passes I

Re: [Wireshark-dev] Why are ett[] arrays static?

On Fri, Oct 19, 2018 at 2:27 PM Jakub Zawadzki wrote: > W dniu 2018-10-19 16:51, Jeff Morriss napisał(a): > > Is it just me or is there no reason for ett[] arrays: > > > > /* Setup protocol subtree array */ > > static gint *ett[] = { > >

Re: [Wireshark-dev] Why are ett[] arrays static?

On Fri, Oct 19, 2018 at 1:16 PM Guy Harris wrote: > On Oct 19, 2018, at 7:51 AM, Jeff Morriss > wrote: > > > Is it just me or is there no reason for ett[] arrays: > > > > /* Setup protocol subtree array */ > > static gint *ett[] = { > >

Re: [Wireshark-dev] Why are ett[] arrays static?

On Fri, Oct 19, 2018 at 11:59 AM Dario Lombardo wrote: > On Fri, Oct 19, 2018 at 4:52 PM Jeff Morriss > wrote: > >> It seems to me that making it static is just wasting space (keeping the >> array around forever)? >> >> > Interesting point, Jeff! Do you exp

[Wireshark-dev] Why are ett[] arrays static?

Is it just me or is there no reason for ett[] arrays: /* Setup protocol subtree array */ static gint *ett[] = { _PROTOABBREV to be static? It seems to me that making it static is just wasting space (keeping the array around forever)?

Re: [Wireshark-dev] Uncheck Use GSM SAPI values via Script

I used to push certain preference changes to all users by putting a global preferences file (with only the preferences I wanted to modify) in the "Global configuration" directory (e.g., /usr/share/wireshark/ - see the Folders tab on the About Wireshark window). By using that file I didn't have to

Re: [Wireshark-dev] [Wireshark-commits] master 7458f40: Diameter: add a bunch more AVPs from RFC 5777.

ster > Repository: wireshark > > Commits: > > 7458f40 by Jeff Morriss (jeff.morriss...@gmail.com): > > Diameter: add a bunch more AVPs from RFC 5777. > > Add enough AVPs to get the Diameter XML validating again. > > Also some whitespace and indentation cleanup.

Re: [Wireshark-dev] tools/check[hf|APIs|filtername].pl need updating?

[For completeness of this thread] Peter took care of checkAPIs in https://code.wireshark.org/review/#/c/29754/ . On Thu, Sep 20, 2018 at 11:03 AM Maynard, Chris wrote: > I'm not sure if anyone is waiting for my feedback, but just in case ... > > I'm not against Jakub's changes. There are

Re: [Wireshark-dev] How can I run this sort of test before checking in and can it be more useful?

On Sun, Sep 9, 2018 at 8:41 PM Guy Harris wrote: > On Sep 9, 2018, at 4:17 PM, Richard Sharpe > wrote: > > > Error: > /home/wireshark/builders/ubuntu-x86-64-petri-dish/ubuntu-x86-64-petri-dish/build/epan/dissectors/packet-ieee80211.c > > uses proto_tree_add_uint with tvb_get_*. Use

Re: [Wireshark-dev] Lua dissector: How to set sub-field bit widths using preferences?

On Mon, Sep 3, 2018 at 11:32 AM David Aldrich wrote: > Our protocol includes a 16-bit field which is sub-divided into 4 > sub-fields. The width of those sub-fields is variable so I want to specify > the widths using Wireshark preferences. I understand how to create and > read Wireshark

Re: [Wireshark-dev] Can a Lua dissector access Wireshark preferences?

For the preference side of it see: https://wiki.wireshark.org/LuaAPI/Pref On Thu, Aug 30, 2018 at 12:43 PM Maynard, Chris wrote: > If you look at the documentation for ProtoField.new and friends[1], you > can see that there’s a “*mask*” argument. That specifies how many bits > applies to this

Re: [Wireshark-dev] Dealing with aggregated packets

On Tue, Jul 3, 2018 at 2:42 AM, Jakub Zawadzki wrote: > Hello, > > W dniu 2018-07-02 22:33, Jeff Morriss napisał(a): > >> It's an idea that's been tossed around since at least 2006[1]. Someone >> (Jakub?) had played around with it but eventually gave up; unfor

Re: [Wireshark-dev] Dealing with aggregated packets

Yes please. It's an idea that's been tossed around since at least 2006[1]. Someone (Jakub?) had played around with it but eventually gave up; unfortunately I can't find the reference to that. [1] https://www.wireshark.org/lists/wireshark-dev/200606/msg00147.html I think the UI presentation is

Re: [Wireshark-dev] authors email change

On Wed, May 16, 2018 at 5:28 PM, njgm890 wrote: > Hi, > > Is there a specific person I should email to let them know I need to > change my email address? Or just this list? > > My new email address is: natej@gmail.com > > Please update “AUTHORS”. > Can you submit a patch

Re: [Wireshark-dev] CRC32 representation

On Fri, Apr 13, 2018 at 4:33 AM, Anton Glukhov wrote: > Hi all, > > I wonder what's the best choice to represent CRC32 little-endian checksum? > Should It be represented "as is"(exactly how it goes on wire) or I should > flip it to show it in correct number form.

Re: [Wireshark-dev] RPM generation

On 04/10/2018 09:14 AM, Dario Lombardo wrote: Is the rpm build platform expected to be one? If yes, which one? If no, do we want to support all the flavors? It seems that different flavors require different package names (link in asciidoctor). I can be hard to be portable in this way. The

Re: [Wireshark-dev] Dissector for decryted content

On Wed, Feb 21, 2018 at 11:07 AM, Jose Selvi wrote: > Hi there, > > It's my first time developing a dissector, so apologize in advance if my > question is too obvious for you guys. > > I'm trying to code a dissector (I'm using LUA) for a quick test. It > should match a piece

Re: [Wireshark-dev] Question for LUA dissection

On Wed, Feb 7, 2018 at 9:38 AM, Roland Knall wrote: > Hi > > Just a short question. > > I have a protocol, which transports information via TCP. Now we have a > segmented download via this protocol, which in turn is a TCP segmented > transfer. > > I can desegment_tcp_pdus, and

Re: [Wireshark-dev] How does tshark "synchronize" multiple interfaces?

I think you're just getting lucky. There's a long-standing bug complaining that the synchronization between interfaces, well, isn't: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8253 On Tue, Feb 6, 2018 at 12:07 PM, S. Jacobi wrote: > On Tue, 6 Feb 2018

Re: [Wireshark-dev] Do the Petri-disk builds build something I can install?

On Wed, Dec 27, 2017 at 10:12 AM, Richard Sharpe < realrichardsha...@gmail.com> wrote: > Hi Folks, > > Will I get something I can install from the petri-dish builds and if > so, where can I get them? > Nope. The only output comes from the (non-Petri-dish) build slaves.

Re: [Wireshark-dev] RPM Build fails on SUSE 11.4

On 11/24/2017 08:52 AM, Anders Broman wrote: Hi, I get the following error doing make rpm-build: RPM build errors:     File listed twice: /usr/local/bin/dumpcap     Installed (but unpackaged) file(s) found:    /usr/local/share/doc/wireshark/guides/wsug_html_chunked/AppFiles.html   

Re: [Wireshark-dev] build wireshrk with lua5.2.4 source code :no luaL_openlibs

On 12/02/2017 05:50 PM, Jeff Morriss wrote: On 11/19/2017 01:39 AM, 愛伱Dě儍苽 wrote: [...]     When I building wireshrk source code use –with-lua it show me the error message : checking for library containing luaL_openlibs... no configure: error: Lua support was requested

Re: [Wireshark-dev] Info column with multiple PDUs in one frame

On Wed, Oct 25, 2017 at 12:08 PM, Thomas Wiens wrote: > Hi, > > is there a common way or best practice of how to add information to the > info column, when there are multiple independent PDUs inside a frame > possible? > > Currently I'm first cleaning out the info column with: >

Re: [Wireshark-dev] Importing raw application protocol data with Wireshark

On Thu, Sep 14, 2017 at 7:28 AM, Jack Guest wrote: > Hi, > > Is there any straightforward way of importing from a file > application-layer protocol data that lacks transport headers (i.e > lacks link-layer, internet-layer and transport-layer headers) in order > to be able

Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap

On Thu, Aug 31, 2017 at 2:32 PM, Guy Harris <g...@alum.mit.edu> wrote: > On Aug 31, 2017, at 11:09 AM, Jeff Morriss <jeff.morriss...@gmail.com> > wrote: > > > A counter argument to this would be that there are some advantages to > not using a (tempora

Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap

On Thu, Aug 31, 2017 at 12:54 PM, Guy Harris wrote: > On Aug 31, 2017, at 3:37 AM, Ed Beroset wrote: > > > On 08/30/2017 09:31 PM, Guy Harris wrote: > >> On Aug 30, 2017, at 6:00 PM, Ed Beroset wrote: > >>> but I can't help but

Re: [Wireshark-dev] Idea about Adding extra functionality in wireshark.

As this sounds like it's more a theoretical thing it might make sense to discuss your ideas (at a high level) on this list first. For instance I'm not sure what Tx power rate means - normally what "Tx power" means to me isn't something Wireshark normally has access to (unless we're talking Wifi).

Re: [Wireshark-dev] Conditional compilation (debug)

On Thu, Jul 27, 2017 at 12:34 PM, Dario Lombardo < dario.lombardo...@gmail.com> wrote: > Hi > I'd like to add some code that appears only in development builds of > wireshark. Is there some define that helps me understand if I am in such a > case, both in autotools and cmake? > Define

Re: [Wireshark-dev] Fields offsets & tree hierarchy questions

On Fri, Jul 14, 2017 at 2:01 PM, Sultan, Hassan via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > > > > -Original Message- > > From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On > Behalf > > Of Jeff Morriss > &g

Re: [Wireshark-dev] Fields offsets & tree hierarchy questions

On Fri, Jul 14, 2017 at 1:02 PM, Sultan, Hassan via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Hi everyone, > > Sorry to bother you with might be beginner questions but... well... I'm a > beginner :) > > In my quest to understand how Wireshark's parsing engine works I've > written a

Re: [Wireshark-dev] linux package requirements for wireshark build

On Sat, Jun 24, 2017 at 11:11 PM, Alan Partis wrote: > I've looked through the wireshark developer's guide, and google'd all > around, but cannot find a list of required packages for building > wireshark. If there is one, let me know. I generally just run

Re: [Wireshark-dev] My Windows build seemed to be going so well until ...

On Sun, Jun 18, 2017 at 6:18 PM, Richard Sharpe wrote: > Hi folks, > > I am getting this: > > > [...] >"C:\Development\wsbuild64\Wireshark.sln" (default target) (1) -> >

Re: [Wireshark-dev] So why does building stuff in the docbook directory use DocBook URLs *and* disable fetching stuff over the net?

On 04/30/2017 12:34 PM, Guy Harris wrote: On Apr 30, 2017, at 3:26 AM, Peter Wu wrote: For the Debian (and Cygwin/Windows) setup, installation of said file is specified (see for example the file list in the suggested package:

Re: [Wireshark-dev] Error in Wireshark (tshark.c:646)

Proposed fix: https://code.wireshark.org/review/21246 On Thu, Apr 20, 2017 at 8:06 AM, Graham Bloice wrote: > > > On 20 April 2017 at 12:57, Remy Leone wrote: > >> Hello, >> >> I've noticed that master broke recently: >> tshark.c:646:24:

Re: [Wireshark-dev] Are retransmitted packets sometimes labelled as TCP out of order

On Tue, Feb 28, 2017 at 11:42 PM, ajay saxena wrote: > Hi, > > I am analyzing a dump file using Wireshark and I found that some of the > TCP messages that are sent again (with the same ACK) number are labelled as > TCP Out of Rrder by Wireshark. I was expecting to find

Re: [Wireshark-dev] Wireshark no longer builds on SuSE 11.3

Wireshark hasn't compiled on RHEL 5 for a while anyway... Or at least the UI hasn't. On Tue, Feb 14, 2017 at 7:47 AM, Roland Knall wrote: > I was hoping to say, let's drop SuSE 11.3, as SuSE 11.4 has glib version > 2.28, which includes the function. Also ReadHat 5 drops

Re: [Wireshark-dev] Conditional compiles

I remember getting (infrequent) questions/requests for building Wireshark without the ability to capture. Usually the desire seems to come from corporate IT policies which don't want people capturing corporate traffic but which need to support users' ability to analyze captures made elsewhere

Re: [Wireshark-dev] Checking address in WMEM

On Thu, Jan 26, 2017 at 8:48 AM, Dario Lombardo wrote: > On Thu, Jan 26, 2017 at 2:11 PM, Evan Huus wrote: > >> What problem specifically are you trying to solve? There may be an easier >> way. >> >> Evan > > > The general problem is: a function

Re: [Wireshark-dev] Getting values into version_extra, VCSVERSION and VCSBRANCH in a RPM

On 01/11/2017 12:16 AM, Richard Sharpe wrote: On Tue, Jan 10, 2017 at 5:44 PM, Jeff Morriss <jeff.morriss...@gmail.com> wrote: On 01/10/2017 07:53 PM, Richard Sharpe wrote: Now that my dissector generator is working well enough to handle the vagaries of the ten or so XDR files we hav

Re: [Wireshark-dev] Getting values into version_extra, VCSVERSION and VCSBRANCH in a RPM

On 01/10/2017 07:53 PM, Richard Sharpe wrote: Now that my dissector generator is working well enough to handle the vagaries of the ten or so XDR files we have I am working on getting RPMs generated. I want the version info returned by get_ws_vcs_version_info to: 1. Return some additional info

Re: [Wireshark-dev] How do I set the epan/dissectors/Makefile.am CUSTOM_DISSECTOR_SRC variable from a script when I run configure?

On Thu, Jan 5, 2017 at 9:09 PM, Richard Sharpe wrote: > I need to jam a list of dissectors into the CUSTOM_DISSECTOR_SRC > variable that is available in Makefile.am/Makefile.in ... > > How do I manage that? What I used to do (back when I managed proprietary

Re: [Wireshark-dev] Field Registration Error

On Thu, Dec 22, 2016 at 10:04 AM, Paul Offord wrote: > Hi, > > > > I upgraded from 2.2.2 to 2.2.3 a few days ago. I have a dissector( > written in C) that I wrote a while back that works OK with 2.2.2 but not > 2.2.3. With the latter, on Wireshark start up I get: > >

Re: [Wireshark-dev] Redhat binaries

On Thu, Dec 22, 2016 at 8:33 AM, Martin Sehnoutka <msehn...@redhat.com> wrote: > > On 12/16/2016 07:46 PM, Jeff Morriss wrote: > > That's the base package. Maybe link to the GUI package instead? > > https://apps.fedoraproject.org/packages/wireshark-gnome > > (Red H

Re: [Wireshark-dev] Packet sample repository/library?

On Wed, Dec 21, 2016 at 5:28 AM, Peter Wu wrote: > > 2) Won't be good idea to allow skip a sample from automatic testing > > (because it is for GUI demonstration)? > > You can invoke individual tests (which is most likely what you want when > you are testing changes to a

Re: [Wireshark-dev] RPM Build fails on SUSE 11.3

On Mon, Dec 19, 2016 at 11:07 AM, Anders Broman wrote: > Hi, > > > > Even though configured with: > > /configure --with-lua -enable-setuid-install --without-qt --with-gtk=2 > -without-libnl --enable-warnings-as-errors=no --with-extcap=no > > > > Rpm-build fails with:

Re: [Wireshark-dev] Redhat binaries

That's the base package. Maybe link to the GUI package instead? https://apps.fedoraproject.org/packages/wireshark-gnome (Red Hat hasn't, last time I checked, done anything with the Qt UI.) On Fri, Dec 16, 2016 at 12:16 PM, Gerald Combs wrote: > The Fedora link on our

Re: [Wireshark-dev] value_string from file

The RADIUS and Diameter dissectors also read most of their value_strings (and other things) from files. On Mon, Nov 7, 2016 at 11:05 AM, Jaap Keuter wrote: > Hi, > > While not ideal, it can be done. Have a look at packset-tpncp.c and the > wimaxasncp plugin > > Thanks, >

Re: [Wireshark-dev] GUI Change for Wireshark Remote Interfaces

On Thu, Oct 27, 2016 at 7:14 AM, Peter Wu wrote: > On Thu, Oct 27, 2016 at 12:57:53PM +0200, Roland Knall wrote: > > I've changed the title to something that helps me recognize it, but I can > > change it to something else. > > > > The show column is a duplicate of the list

Re: [Wireshark-dev] gerrit authentication

On Mon, Oct 3, 2016 at 3:32 PM, Francisco Javier Sanchez-Roselly < franciscojavier.sanchezrose...@ujaen.es> wrote: > dear all, > > since Friday, it is impossible for me to authenticate via Google. is it > just my issue? > > just a second one, is there a way to unsubscribe an email address from >

Re: [Wireshark-dev] Apply as Column not working correctly

gt; *From:* wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-bounces@ > wireshark.org <wireshark-dev-boun...@wireshark.org>] *On Behalf Of *Jeff > Morriss > *Sent:* 29 September 2016 20:43 > *To:* Developer support list for Wireshark <wireshark-dev@wireshark.org> >

Re: [Wireshark-dev] Apply as Column not working correctly

On Thu, Sep 29, 2016 at 3:21 AM, Paul Offord wrote: > Hi, > > > > I’m debugging a problem with the transum dissector. Repro steps are: > > > > ·Right click on a TRANSUM RTE Data value such as APDU Rsp Time > and choose Apply as Column > > ·The column is

Re: [Wireshark-dev] Crash in dissect_smb2_command

On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord wrote: > Hi, > > > > Between 2.2 and the latest git a change seems to have been made to > dissect_smb2_getinfo_request(). It now returns an integer based on the > difference between two dissected values: > > > >

Re: [Wireshark-dev] Sources of 61850 wireshark 1.99.0 skunkworks version

On Thu, Sep 22, 2016 at 10:11 AM, Carlos Lucero wrote: > Hello all, > > I'm wondering If anybody know about the source code of wireshark 1.99.0 > skunkworks version with some really interesting features about IEC 61850 > protocols like GOOSE, MMS and ICCP-TASE.2. Very

Re: [Wireshark-dev] Wireshark Memory Usage

On Thu, Sep 22, 2016 at 2:49 AM, Paul Offord wrote: > During my investigation into the performance issues with transum I noticed > an apparent memory leak. Each time I close and re-open the same 40 MB > trace file, Wireshark memory usage increases by about 14 MB. I

Re: [Wireshark-dev] BUG: infinite loop in "dumpcap -L" with rpcap:// interface since 2.2.0

On Fri, Sep 16, 2016 at 10:40 AM, Lukas Tribus wrote: > Hello, > > > dumpcap (and wireshark, if using that dumpcap feature) hangs using a full > CPU core since 2.2.0 in the following conditions: > > - OS is Windows (other OS'es unknown) > - interface is remote

Re: [Wireshark-dev] Cmake and RPM

On Tue, Aug 16, 2016 at 2:46 PM, Jonne Zutt wrote: > I don't seem to have any /path/to/wireshark-2.3.0.tar.xz anywhere. > Should make dist create that? > > For completeness: yes, the "make dist" step (the first step of "make rpm-package") should have created the source

Re: [Wireshark-dev] Cmake and RPM

On Tue, Aug 16, 2016 at 9:41 AM, Jonne Zutt wrote: > I see, thanks for that. I was already trying this path after reading the > reply of Anders. > > I installed the rpms that were suggested by wireshark/tools/install_ > rpms_for_devel.sh > > I then also installed

Re: [Wireshark-dev] dissecting TCP packets with multiple PDUs

On Fri, Aug 5, 2016 at 1:39 PM, John Dill wrote: > One problem I have is that I'm creating multiple subtrees for a protocol > when two PDUs are found in the same frame. What's the best way to avoid > this? > > \code > gint > dissect_mk32_tcp_pdu(tvbuff_t *tvb,

Re: [Wireshark-dev] Question on payload reassembly

On Thu, Jul 28, 2016 at 8:35 AM, John Dunlop wrote: > Hi, > > > > Hope someone can help me with a question of payload reassembly. > > > > First up, I have been trawling the e-mail archives to find an equivalent > answer and was wondering if there is a better way of

Re: [Wireshark-dev] LUA Comparative Times

On Wed, Jul 13, 2016 at 10:53 AM, Paul Offord wrote: > Hi, > > > > I recently measured some load and filter times with and without a LUA > postdissector plugin called TRANSUM. I tried three different scenarios: > > > > ·No LUA - without any plugins other than

Re: [Wireshark-dev] Adding dynamic fields to tree from dissector

Or the MATE plugin. It registers its fields after the user selects a MATE configuration file (in preferences). (Note that it doesn't currently support reconfiguration. So while you can add a configuration file without restarting Wireshark changing the configuration file requires restarting.)

Re: [Wireshark-dev] RHEL 6 reached the end of production phase 1 on May 10, 2016

On Thu, Jun 23, 2016 at 9:36 AM, Christopher Maynard < christopher.mayn...@igt.com> wrote: > I don't recall what support policy, if any, was decided regarding the > various distributions, but I believe at least one commit > (https://code.wireshark.org/review/#/c/14041/) was reverted due to the >

Re: [Wireshark-dev] newbie question about dissection specifications

On Mon, May 30, 2016 at 4:44 PM, Christian Convey < christian.con...@gmail.com> wrote: > Hi guys, > > I'm starting a side project, and I was wondering if it might eventually be > something useful to Wireshark developers. Anyone mind weighing in? > > It's a translator that does this: > Input: > >

Re: [Wireshark-dev] reassembled PDU for lua dissector in case of a seq overrun

On Sat, May 14, 2016 at 11:31 AM, João Valverde < joao.valve...@tecnico.ulisboa.pt> wrote: > > > On 13-05-2016 16:12, Strauß, Martin wrote: > >> Dear all, >> I've written a lua dissector for a company intern binary protocol. >> Usually it is capable to dissect everything (if no packet is

Re: [Wireshark-dev] Configure/autogen failing on Ubuntu 14.04

On Wed, May 18, 2016 at 10:07 AM, Anders Broman wrote: > Hi, > > I get > > Makefile.am:415: error: HAVE_SPEEXDSP does not appear in AM_CONDITIONAL > > codecs/Makefile.am:38: error: HAVE_SPEEXDSP does not appear in > AM_CONDITIONAL > > ui/qt/Makefile.am:27: error:

Re: [Wireshark-dev] checkapi

On 04/22/2016 03:28 AM, Graham Bloice wrote: On 21 April 2016 at 18:31, Jeff Morriss <jeff.morriss...@gmail.com <mailto:jeff.morriss...@gmail.com>> wrote: On Thu, Apr 21, 2016 at 8:15 AM, Graham Bloice <graham.blo...@trihedral.com <mailto:graham.blo...@trihedr

Re: [Wireshark-dev] checkapi

On Fri, Apr 22, 2016 at 3:28 AM, Graham Bloice wrote: > Just thinking for this for about 30 secs, is there another way? checkAPIs > seems to be a very rudimentary (not meant in any derogatory way just > because it's written in Perl :_)) static code analyser. Is

Re: [Wireshark-dev] checkapi

On Thu, Apr 21, 2016 at 8:15 AM, Graham Bloice wrote: > > The latest update to the change no longer checks .l files, so no errors > are produced now, just warnings. > > This leaves one last issue, the command line for the checkAPIs call in > epan\dissectors is too

Re: [Wireshark-dev] Commit 3c1f71e: Build error "unused parameter 'ntlm_pass' [-Werror=unused-parameter]"

On Wed, Apr 20, 2016 at 5:10 AM, João Valverde < joao.valve...@tecnico.ulisboa.pt> wrote: > > > On 20-04-2016 06:32, ze...@heilmeier.eu wrote: > >> You don't have Kerberos enabled (HAVE_KERBEROS). >>> >>> By the way using an explicit --with-kerberos should throw a configure >>> error if

Re: [Wireshark-dev] checkapi

On 04/19/2016 05:17 AM, Graham Bloice wrote: On 18 April 2016 at 22:48, Guy Harris > wrote: On Apr 18, 2016, at 2:16 PM, Graham Bloice > wrote: > What should we do

Re: [Wireshark-dev] Decoding New TLS CLient Hello Extension

[Resending with the list in Cc:; I'm not sure why gmail's web interface decided to drop the list when I hit reply.] On Thu, Apr 14, 2016 at 3:48 PM, > wrote: On Thu, Apr 14, 2016 at 3:07 PM,

Re: [Wireshark-dev] Decoding New TLS CLient Hello Extension

On Thu, Apr 14, 2016 at 3:07 PM, wrote: > Guys, > > I am trying to decode a new TLS extension in the Client Hello packet. I > have the following statement in my LUA: > > local ssl_ext_table = DissectorTable.get("ssl.handshake.extension.type") > > This is

Re: [Wireshark-dev] checkapi

On Mon, Apr 11, 2016 at 12:45 PM, Graham Bloice <graham.blo...@trihedral.com > wrote: > > > > On 11 April 2016 at 16:54, Jeff Morriss <jeff.morriss...@gmail.com> wrote: > >> >> >> On Mon, Apr 11, 2016 at 11:36 AM, Graham Bloice < >> graham.b

Re: [Wireshark-dev] checkapi

On Mon, Apr 11, 2016 at 11:36 AM, Graham Bloice <graham.blo...@trihedral.com > wrote: > > > On 11 April 2016 at 16:03, Jeff Morriss <jeff.morriss...@gmail.com> wrote: > >> >> >> On Mon, Apr 11, 2016 at 10:29 AM, Jeff Morriss <jeff.morriss...@gmail.co

Re: [Wireshark-dev] checkapi

On Mon, Apr 11, 2016 at 10:29 AM, Jeff Morriss <jeff.morriss...@gmail.com> wrote: > > CUSTOMBUILD : error : Found prohibited APIs in inet_aton.c: >> htonl,isascii,isdigit,islower,isspace,isxdigit >> [C:\buildbot\builders\windows-x86-petri-dish\windows-x86-petri-d

Re: [Wireshark-dev] checkapi

On Mon, Apr 11, 2016 at 10:29 AM, Jeff Morriss <jeff.morriss...@gmail.com> wrote: > > On Sun, Apr 10, 2016 at 4:44 PM, Graham Bloice < > graham.blo...@trihedral.com> wrote: > >> After creating an initial change to add checkAPI to CMake builds, >> following the

Re: [Wireshark-dev] checkapi

On Sun, Apr 10, 2016 at 4:44 PM, Graham Bloice wrote: > After creating an initial change to add checkAPI to CMake builds, > following the current checks done by nmake, I got the attached (massaged) > output. > > While there are some warnings to be fixed up, I'm more

Re: [Wireshark-dev] Warn Dissector bug, protocol RADIUS

On Wed, Mar 30, 2016 at 2:05 PM, Jeff Morriss <jeff.morriss...@gmail.com> wrote: > > > On Wed, Mar 30, 2016 at 11:51 AM, Anders Broman < > anders.bro...@ericsson.com> wrote: > >> Hi, >> >> After the recent radius changes I get these console print

Re: [Wireshark-dev] Warn Dissector bug, protocol RADIUS

On Wed, Mar 30, 2016 at 11:51 AM, Anders Broman wrote: > Hi, > > After the recent radius changes I get these console printouts for radius > packets…. > > Hey, you blamin' me? ;-) ;-) > C:\Development\wireshark>17:30:27 Warn Dissector bug, protocol > RADIUS,

Re: [Wireshark-dev] FT_TYPE appropiated?

On Wed, Mar 16, 2016 at 10:14 AM, Juan Jose Martin Carrascosa < jua...@rti.com> wrote: > Hi all, > > I have a field that has the following content (hex bytes): > > 0a00020f7cfb0001 > > If I use FT_STRING, it displays 0a\n. Thus, I decided to use FT_BYTES. > > The problem now is that when

  1   2   3   4   5   6   7   8   9   10   >