Herb,
I think think you will find on HP c7000 blades paired with with Virtual
Connect modules, the teaming is still done via Windows drivers - HP
provides these drivers as part of the standard install. Virtual Connect
drivers can present NICs (network interfaces) in different configurations
In Wireshark, it uses DNS or what ever you manually have written in the
ethers or hosts file. Whois only shows assignments from the various
Internet Registries.
You can of course infer names (say looking at the Host: header in a HTTP
request) but this isn't done.
Unfortunately their is no magic
Your browser/OS these days will in usually be smart enough to recognise that
if you have IPv6 enabled but no useful paths outside of your local network
it want use them.
Regards, Martin
martinvisse...@gmail.com
On 7 July 2011 09:48, Tony Trinh ton...@gmail.com wrote:
That's an interesting
Network management protocols like VRRP or OSPF have this function
(multiple PDUs in the one UDP frame) so check their dissectors for an
example.
Regards, Martin
martinvisse...@gmail.com
On 19 March 2011 00:08, Chipi norbert.koc...@gmail.com wrote:
Hi,
I have to write a dissector for an
Stephen,
One other default I think we should change is around TCP checksums. It
seems so many people are now using NICs with various chimneys and
offload processing that we get a lot of false positives from new
users in the forums and the mailing list.
The reality is that if there are real
Sake,
Not saying that this isn't a good idea (being able to output repeated
fields), but I suspect when it gets to stable you might get some complaints.
If people use -T fields like they do a CSV file, they might be expecting a
fixed number of columns. (Currently whether there are 0, 1 or more
Doug and Peter,
This is basically the same question as Damker's post which I have responded
to here -
http://www.wireshark.org/lists/wireshark-users/201007/msg00108.html
Unfortunately each -e field only matches a single instance. You are better
off parsing the PDML output, that outputs all of
Kyle,
I'm not a Solaris user, but I suspect that you have a Sun/BSD version of m4
rather than the GNU version of m4. Note sure of whether there is prepackaged
version on this already for your OS, but you could probably compile it from
source obtained from http://gnu.org. (That said you might find
Unfortunately, you are going to have to do a bit of your own parsing I
think. While a lot of the fields are properly parsed out as named fields,
some are left as unnamed text items. You can see this if you look at a DNS
response packet and select useful fields (such as the IP address in a
resource
Any dissector needs to be validate it's input and make sure it doesn't make
errant conclusions on what is presented.
For example many protocols have fields that indicate lengths of data within
the frame. However any dissector needs to make sure that it doesn't just
believe those fields as being
Richard,
I think you are not getting it.
In short, you happen to have a got a *lucky* result from the public reverse
DNS that is meaningful to you. There is no guarantee that this is going to
be the case in any other situations. In fact, for a huge amount of real
server IP addresses, you will
Joshua, GPL does not stop anyone selling the software, but it protects
access to the source code. (Lots of people sell GPL software based
solutions, but as long as they provide free access to the source code (and
they can charge nominal costs for distribution of the source code) then this
is OK).
Beth,
I actually was writing something similar a while back (for HTTP traffic) but
never quite got it finished. ( I was trying to figure out the best way to
store the info for each I need for each packet so that I could do the
association to calc the response times).
Anyway to display and add
at the fragment reassembly C code, and
see what it does there.
On Tue, Sep 15, 2009 at 3:55 AM, Martin Visser
martinvisse...@gmail.comwrote:
Beth,
I actually was writing something similar a while back (for HTTP traffic)
but never quite got it finished. ( I was trying to figure out the best
My take below,
'
With no firm evidence, I would bet that 90% of users are doing pretty much
vanilla Ethernet packet captures, which is reflected in my thoughts below.
That said, I know I often do 802.11 based captures, but am not interested in
physical layer information all that much. (And I know
There are plenty of examples in the source under the gtk directory. Just go
to http://anonsvn.wireshark.org/wireshark/trunk/gtk/ and look for *stat*.c
Regards, Martin
martinvisse...@gmail.com
On Mon, Jun 29, 2009 at 4:06 PM, Renjith V v.renj...@gmail.com wrote:
Hi,
I am looking at extending
(Including the dev list as well)
There are actually 2 problems with tcp.analysis.ack_rtt.
1. Is that you need to decide for which round-trip you wish to find
the RTT for. If you have Wireshark capturing traffic close to (or even
on) the client, then you expect that the server will respond
or run the same program on Linux. (Wireshark/libpcap can capture
loopback traffic on Linux)
Regards, Martin
martinvisse...@gmail.com
On Thu, Jun 4, 2009 at 7:40 PM, Jaap Keuter jaap.keu...@xs4all.nl wrote:
Hi,
Wireshark can't see communications on your Windows loopback interface.
So for Bryant's question is the issue that his customer didn't capture the
initial SYN/SYN-ACK handshake, and hence Wireshark didn't have opportunity
to remember which was the initial destination port (and hence server port
and the one the one he would be interested in dissecting for?
Maybe in
Not sure what the unwanted hex characters exactly are (can you post a
sample), but if you are talking about the raw payload data shown in the
data field (like field name=data
value=2d0b012900018294d5aeed173c5a8dc986388743c5306b76553630eab907cdfcac3d95050d0d01c210c4fbd0e6cc/
) then this is part
Yami,
I know it was only an example, but your DNS is only over UDP is a bad one.
DNS can use TCP for any query/response, either when the response is bigger
than a 512byte PDU, or when doing AXFR zone transfers.
But in princple the idea of preventing redundant dissection is great. I
often see
Another alternative is to basically allow two separate instances of
Wireshark (with 2 separate capture files), to have their IOGraph windows be
displayed adjacent to each other. You might then have a tool, either
graphical or via a filter, to be able to synchronise point in the graph. You
could
It definitely looks a little crazy. What is interesting as well, is that the
captured frame has an incorrect frame check sequence - Frame check
sequence: 0x0d0a0d0a [incorrect, should be 0xde70a86f]. I don't know
whether this is coincidence, but the given FCS value 0x0d0a0d0a can be
represented
Prasanth,
Are you sure you are capturing the full packets (or at least enough for it
to be dissected as HTTP) - check the Capture Options. Also in
Analyze:Enabled Protocols, TCP and HTTP enabled?
Regards, Martin
[EMAIL PROTECTED]
On Thu, Nov 27, 2008 at 8:11 AM, prashanth s [EMAIL PROTECTED]
be created before init.lua finishes. You can
register new protocols and dissectors at run time (as I did with the menu
function), but not fields.
Regards, Martin
[EMAIL PROTECTED]
On Fri, Nov 14, 2008 at 5:15 PM, Martin Visser [EMAIL PROTECTED]wrote:
Hi,
I am just playing with the chained
25 matches
Mail list logo