It works!
Thank you very much, it saved me much time.
Regards,
Tomas
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of
atdev.quer...@wipro.com
Sent: Thursday, December 03, 2009 8:29 AM
To:
Hello list,
I'm currently trying to write an MS-RDP dissector.
This leads me to add the t.124 (GCC protocol) dissector too.
I've successfully compile the t.124 dissector based on its ASN.1
spec.(with a minor hack on the spec file)
Now, i would like to call this new dissector from the t.125
Normally with the translation of specific bits to a decimal value is
easy using the definition in the hf structure, but I am trying to find a
way to properly display 1 or more bytes that have disjoint bits
associated to a specific value.
Let me give an example:
Assume that you have 2 bytes to
Would something like this [untested] code work for you?
b = tvb_get_ntohs(tvb, offset);
b = ((b 0x8000) 7) | (b 0x00ff);
proto_tree_add_uint_format(tree, hf_myproto_B, tvb, offset, 2, b, B
Value: %u, b);
README.developer has more information on all the proto_tree_add_xxx()
functions.
I have changed
VERSION_EXTRA
in config.nmake and tried the following:
nmake -f Makefile.nmake
nmake -f Makefile.nmake all
both rebuild and create a new entry in the plugins directory under
wireshark-gtk2
but the About dialog in the resulting executables still have the old
value.
It
Does defining it as
{ hf_myproto_B,
{ B Value, myproto.b,
FT_UINT16, BASE_DEC, NULL, 0xff80, NULL, HFILL
}
}
And then using
proto_tree_add_item(tree, hf_myproto_B, tvb, o, 2, TRUE);
do what you want (basically telling it that the value is little_endian)?
On Wednesday 02 December 2009
Yes, removing gtk\about_dlg.obj and then rebuilding fixes the problem.
Michael Lum (michael@starsolutions.com
mailto:michael@starsolutions.com ) | STAR SOLUTIONS
http://www.starsolutions.com/ | Principal Software Engineer
4600 Jacombs Road, Richmond BC, Canada V6V 3B1 | +1.604.303.2315
Hi,
Almost, but that put bit 8 in Byte 1 at the LSB for Value B, while it's
supposed
to be the MSB.
This is a really weird encoding, not something supported by normal routines.
Chris pointed you in the right direction how to present 'interpreted' data.
Thanks,
Jaap
John Tapparo wrote:
Does
Hi,
How to extract a string from packet (of Hex values)?
I know the string length.
[cid:image001.png@01CA74C4.0EF6FC80]
I tried doing the following. But I am still not able to find it.
guint16 loc_name_length =0;
/*Location Name Length*/
proto_tree_add_item(oqtp_tree, hf_loc_name_length, tvb,
Hi,
From the picture below it looks like you are reading the length from offset
0x43 the bytes would then be; starting with the high lighted 0x06 which is
high lighted by
By proto_add_item with length 1.
06 05 44 72 61 6d 61 65 6e 67 00
Loc_name length would then be 0x0605 as you are reading
Hi,
Anders is right, neither highlighted 0x06 nor 0x05 gives you the string length.
Leaves you with FT_STRINGZ to display the string in the protocol tree.
Thanks,
Jaap
Anders Broman wrote:
Hi,
From the picture below it looks like you are reading the length from offset
0x43 the bytes
Hi,
If data is split across packets, how to extract fields (from next packet) in
continuation with the previous packet?
For example:
My full packet looks like this:
field 1
field 2
field 3
field 4
field 5
field 6
field 7
field 8
Initially, wireshark receives the following fragment only,
12 matches
Mail list logo
