Re: [Wireshark-dev] seeking advice on how to reconcile two packet captures

Sure, I can take a look. On Mon, Aug 28, 2023 at 14:07 Brian Reichert wrote: > On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote: > > Personally, as long as there are no firewalls, proxies, or NATs in the > way, > > I would hash together source IP, destination IP, source port,

Re: [Wireshark-dev] SCTP statistics

The statistics mentioned here? https://gitlab.com/wireshark/wireshark/-/issues/16367 The comments there suggest that the Enable Association Indexing preference has to be on for the SCTP stats to work. John On Mon, Aug 28, 2023, 10:19 AM Jaap Keuter wrote: > Hi, > > Who knows what the current

Re: [Wireshark-dev] seeking advice on how to reconcile two packet captures

On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote: > Personally, as long as there are no firewalls, proxies, or NATs in the way, > I would hash together source IP, destination IP, source port, destination > port, and IP ID. As I feared, ip.id doesn't work in my case. My two captures are

Re: [Wireshark-dev] seeking advice on how to reconcile two packet captures

On Mon, Aug 28, 2023 at 11:57:54AM -0500, chuck c wrote: > https://github.com/corelight/community-id-spec > "When processing flow data from a variety of monitoring applications (such > as Zeek and Suricata), it's often desirable to pivot quickly from one > dataset to another." > > A Community ID

Re: [Wireshark-dev] seeking advice on how to reconcile two packet captures

On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote: > How controlled will the network be between the two capture locations? Are > there any firewalls, load balancers, proxies, NATs, or anything like that? No NAT, just evidence of latency we need to nail down. > If none of those are the

Re: [Wireshark-dev] seeking advice on how to reconcile two packet captures

https://github.com/corelight/community-id-spec "When processing flow data from a variety of monitoring applications (such as Zeek and Suricata), it's often desirable to pivot quickly from one dataset to another." A Community ID implementation for Wireshark.

Re: [Wireshark-dev] seeking advice on how to reconcile two packet captures

How controlled will the network be between the two capture locations? Are there any firewalls, load balancers, proxies, NATs, or anything like that? If there are, then whatever correlation you do will have to factor in the specific configuration and device characteristics. If none of those are

[Wireshark-dev] seeking advice on how to reconcile two packet captures

This question isn't specific to Wireshark, but I couldn't find a good forum. By all means, I'm open to suggestions as to where it would be more appropriate to ask about this. Anyway: I'm trying to automate the reconciliation of a pair of packet captures of a TCP session. This is sort of a

[Wireshark-dev] SCTP statistics

Hi, Who knows what the current status of the SCTP statistics is? I’ve tried a few files, but couldn’t make sense of it. It looked like information was missing or not filled at all. Thanks, Jaap Send from my iPhone ___

[Wireshark-dev] HTTP3 for Windows

Hi, I'm trying to compile the HTTP3 dissector from https://gitlab.com/wireshark/wireshark/-/merge_requests/9330 but it will require the NGHTTP3 package from https://vcpkg.io/en/packages could someone add it to the packages repo please? While at it it might be good to update the NGHTTP2 package to

Re: [Wireshark-dev] Wireshark warning for F1AP protocol: something unknown here [10.9 Unconstrained]

Hi, Le jeu. 24 août 2023 à 17:39, SAURABH SARAF a écrit : > While decoding Ue Assistance information in F1ap Ue context modification > request, warning "something unknown here [10.9 Unconstrained]" is seen. > Dump for the same RRC container is getting decoded properly in x2ap rrc > transfer

[Wireshark-dev] Wireshark warning for F1AP protocol: something unknown here [10.9 Unconstrained]

While decoding Ue Assistance information in F1ap Ue context modification request, warning "something unknown here [10.9 Unconstrained]" is seen. Dump for the same RRC container is getting decoded properly in x2ap rrc transfer message. Attached is pcap for your reference. F1ap_issue.pcap

Re: [Wireshark-dev] 4.2.0 release schedule

On 8/24/23 13:16, Peter Wu via Wireshark-dev wrote: Hi, In the last weeks I started using Wireshark more and noticed some crashes. I hope to be able to look into it over the next two weeks, and also address some QUIC issues. Not sure if I will be able to review the HTTP/3 changes in time. Do

Re: [Wireshark-dev] 4.2.0 release schedule

Hi, In the last weeks I started using Wireshark more and noticed some crashes. I hope to be able to look into it over the next two weeks, and also address some QUIC issues. Not sure if I will be able to review the HTTP/3 changes in time. Do you think it is better to branch, and then cherry-pick,

[Wireshark-dev] Wireshark 4.0.8 is now available

I'm proud to announce the release of Wireshark 4.0.8. What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New We do not ship official 32-bit Windows packages for Wireshark 4.0

Re: [Wireshark-dev] Inquiry about a TCP server packet capture

The difference is 1/100th of a second; that's basically simultaneous for your testing procedure. GIlbert On Tue, Aug 22, 2023 at 10:25 AM Ahmad Haron wrote: > Dear, > Hope you are doing well, > I wrote a simple (Single Threaded and Multi Threaded) TCP echo server, and > captured the packets in

Re: [Wireshark-dev] About the DNS resolver

Hi, So, for 5.0, there would be a compile time option to choose c-ares or unbound, or are we considering a clean break? If we keep both, which one would be considered default? I can imagine unbound when build support is present, otherwise c-ares? Thanks, Jaap > On 21 Aug 2023, at 22:47,

Re: [Wireshark-dev] About the DNS resolver

Sounds fine to me. We had overlapping support for c-ares and ADNS for a while, so this isn't new territory. Can you open an issue and set the milestone to "Wireshark 5.x" so this doesn't get lost? On 8/20/23 12:08 PM, Jaap Keuter wrote: Hi, So we’ve been using the c-ares name resolver for a

Re: [Wireshark-dev] 4.2.0 release schedule

Hi Gerald, Look good for the planned release I hope only to have time to integrate the support of HTTP3 headers (with nghttp3) -> https://gitlab.com/wireshark/wireshark/-/merge_requests/9330 Cheers On Thu, Aug 17, 2023 at 11:04 PM Gerald Combs wrote: > Hi all, > > I'd like to start preparing

[Wireshark-dev] About the DNS resolver

Hi, So we’ve been using the c-ares name resolver for a while now and it’s serving its purpose. However, this is not the only one out there. DNS technologies have evolved somewhat and c-ares does not provide for them. Would it make sense to start looking into using libunbound[1] as a replacement

Re: [Wireshark-dev] Timestamp from icmp data is incorrect in Wireshark v4.0.7-0-g0ad1823cc090

https://gitlab.com/wireshark/wireshark/-/issues/19283 Timestamp from icmp data is incorrect in Wireshark v4.0.7-0-g0ad1823c https://gitlab.com/wireshark/wireshark/-/merge_requests/11749 ICMP: Improve heuristic for data time On Thu, Aug 17, 2023 at 9:51 AM Stefan Kleedehn wrote: > Hello John,

Re: [Wireshark-dev] rewrite of asterix dissector

Hi Zoran, Le ven. 18 août 2023 à 17:36, Zoran Bošnjak a écrit : > Dear wireshark developers, > I am rewriting asterix dissector. There are some open problems on asterix, > which are almost impossible to resolve in the current setting. > > The idea is to split the code between pure generated

[Wireshark-dev] rewrite of asterix dissector

Dear wireshark developers, I am rewriting asterix dissector. There are some open problems on asterix, which are almost impossible to resolve in the current setting. The idea is to split the code between pure generated code (with all asterix items and other asterix related definitions), but

[Wireshark-dev] 4.2.0 release schedule

Hi all, I'd like to start preparing for the creation of the release-4.2 branch and the 4.2.0 release. I've come up with the following tentative schedule, which will give us a couple of release candidates before SharkFest EU and a final release in November, after SharkFest: Aug 24 : Release

Re: [Wireshark-dev] Timestamp from icmp data is incorrect in Wireshark v4.0.7-0-g0ad1823cc090

Hello John, thank you very much for your quick and detailed answer. I am using a Linux iputils ping and pinging different hosts for days. If I understood you correctly, the decision whether to interpret big-endian or little-endian is decided per frame. And there are just different guesses.

Re: [Wireshark-dev] add a BASE_DEFAULT_VALS

Hi, Use range_string rather than value_string. Jaap > On 14 Aug 2023, at 17:22, John Dill wrote: > > I've recently been doing a lot of enums that have multiple illegal values, > and the illegal value shouldn't be displayed as "Unknown" as it's hard coded > in proto.c (in 3.6.x).

Re: [Wireshark-dev] Timestamp from icmp data is incorrect in Wireshark v4.0.7-0-g0ad1823cc090

Haha! Yes. The problem is triggered by the specific value you have: 64dad964 Note that the first and fourth bytes are the same, and the second and third bytes are almost the same. That value is on the wire here in little-endian order. The problem being both orders are possible and wireshark

Re: [Wireshark-dev] Timestamp from icmp data is incorrect in Wireshark v4.0.7-0-g0ad1823cc090

That timestamp (64dad964) starts and end with a 64 byte so it passes the check in: https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-icmp.c#L1741 Please open an issue on the Wireshark Gitlab issues page ( https://gitlab.com/wireshark/wireshark/-/issues/) including the

[Wireshark-dev] Timestamp from icmp data is incorrect in Wireshark v4.0.7-0-g0ad1823cc090

Hello all, I have attached a pcap with 6 icmp echo requests. In frame 5 the icmp.data_time is wrong. It looks to me that the order of the hex value of the icmp.data_time field in frame 5, is interpreted incorrectly. For the other values it looks fine. Many greetings, Stefan

Re: [Wireshark-dev] Wireshark-dev Digest, Vol 207, Issue 3

Here is a sample from my implementation. proto.c snippets static const char *hf_try_val_to_str(guint32 value, const header_field_info *hfinfo); static const char *hf_try_val_to_str_idx(guint32 value, const header_field_info *hfinfo, gint *idx); static const char *hf_try_val64_to_str(guint64

[Wireshark-dev] add a BASE_DEFAULT_VALS

I've recently been doing a lot of enums that have multiple illegal values, and the illegal value shouldn't be displayed as "Unknown" as it's hard coded in proto.c (in 3.6.x). Any chance you could go for an attribute to signal that -1 can be used as the name of the fall-through text if

Re: [Wireshark-dev] View file internals?

Yes, thanks. Anders Den tors 10 aug. 2023 15:41Maynard, Chris via Wireshark-dev < wireshark-dev@wireshark.org> skrev: > I think you’re looking for View -> Reload as File Format/Capture > (Ctrl+Shift+F). > > - Chris > > > > *From:* Wireshark-dev *On Behalf Of > *Anders Broman > *Sent:* Thursday,

Re: [Wireshark-dev] View file internals?

I think you’re looking for View -> Reload as File Format/Capture (Ctrl+Shift+F). - Chris From: Wireshark-dev On Behalf Of Anders Broman Sent: Thursday, August 10, 2023 8:27 AM To: Developer support list for Wireshark Subject: [Wireshark-dev] View file internals? Hi, How do you open a file to

[Wireshark-dev] View file internals?

Hi, How do you open a file to view the internals? I have forgotten how... Best regards Anders ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe:

Re: [Wireshark-dev] Help regarding CI failure in gitlab

On Sat, Jul 29, 2023, 1:24 PM Jaap Keuter wrote: > > - dissector_add_uint("wtap_encap", 147, base_handle); looks suspicious, > where’s 147 coming from. > It appears to be from here: https://gerrit.openbmc.org/c/openbmc/libmctp/+/46162 "As there's no formal linktype defined for MCTP or

Re: [Wireshark-dev] Help regarding CI failure in gitlab

Hi, Preliminary review comments you could address before making an MR: - Recreate the files using the dissector boilerplate doc/packet-PROTOABBREV.c - Get rid of the header file - The PCAP doesn’t go into a commit, it has to got into either a protocol page on the wiki, or in Sample Captures on

Re: [Wireshark-dev] Help regarding CI failure in gitlab

The Windows and macOS CI runners are private to the Wireshark project itself, so any attempts to run them from an external project will fail. They shouldn't show up in the pipelines in other repositories, but it looks like there's a bug in our GitLab CI rules. I've pushed an attempted fix in

[Wireshark-dev] Help regarding CI failure in gitlab

Hi community, I am new to Wireshark development. I am trying to upstream my dissector. The code works fine but why is the CI failing for all packages ( window×64, macos arm and Intel). It is only passing for Windows MinGw. How do I debug this? This is the link to my CI -

Re: [Wireshark-dev] wiki.wireshark.org Sample Capture Links Broken

Someone created an issue for this: https://gitlab.com/wireshark/wireshark/-/issues/19234 On Sat, Jul 1, 2023, 7:18 PM chuck c wrote: > Thank you for the analysis. > I copied your notes over to the Discord server for internal discussion > about infrastructure. > > On Thu, Jun 29, 2023 at 10:44 

Re: [Wireshark-dev] Option to disable Expert Info for issue with frame length

On Jul 24, 2023, at 1:47 AM, CheeHow WEE wrote: > Thanks for explaining a detailed "possible" implementation of the packet > alignment in previous mails. > It's actually performed within the given PCIe based FPGA capture card, hence > the packets are stored in the card's memory (presumably a

Re: [Wireshark-dev] Option to disable Expert Info for issue with frame length

We acknowledge and respect the PCAP Capture File Format documentation. Thanks for explaining a detailed "possible" implementation of the packet alignment in previous mails. It's actually

[Wireshark-dev] Faster packet list scrolling

https://gitlab.com/wireshark/wireshark/-/issues/18213 https://www.wireshark.org/lists/wireshark-dev/202207/msg00057.html Hi, I would like to follow up on the following issues linked above regarding packet list scrolling. I apologize that I don't know how to continue off the previous mailing

Re: [Wireshark-dev] Option to disable Expert Info for issue with frame length

On Jul 18, 2023, at 8:10 PM, CheeHow WEE via Wireshark-dev wrote: > There's a "padding" added for a 4-bytes aligned PCAP writing API. > - I understood that the latest Wireshark app dev logic such that length > should not be lesser than captured length. > - In highspeed performance (scale of >

Re: [Wireshark-dev] Option to disable Expert Info for issue with frame length

On Jul 18, 2023, at 8:10 PM, CheeHow WEE via Wireshark-dev wrote: > There's a "padding" added for a 4-bytes aligned PCAP writing API. > - I understood that the latest Wireshark app dev logic such that length > should not be lesser than captured length. > - In highspeed performance (scale of >

[Wireshark-dev] Windows Arm64 packages

Hi all, We now have a Windows Arm64 CI builder and experimental Windows Arm64 packages are available at https://www.wireshark.org/download/automated/win64/. Basic features worked in my limited testing, but if you run into any problems please create an issue at

Re: [Wireshark-dev] Dissecting TLS and non-TLS using the same ports

I managed to solve this. I started to figure out what happens differently in the Lua dissector so that it works fine. I was then able to narrow the problem down to get_zabbix_pdu_len() where I returned 0 when the packet was not Zabbix data. My problem was that I did the Zabbix packet

Re: [Wireshark-dev] Dissecting TLS and non-TLS using the same ports

I'm confused. I just realized that now that I only have the "tcp.port" defined (dissector_add_uint_range_with_preference("tcp.port", ZABBIX_TCP_PORTS, zabbix_handle)), and I disable Zabbix protocol (in Analyze -> Enabled Protocols), then Wireshark sees the TLS packets properly and can decrypt

Re: [Wireshark-dev] Dissecting TLS and non-TLS using the same ports

On 13.7.2023 18.10, John Thacker wrote: On Thu, Jul 13, 2023, 10:49 AM Markku Leiniö > wrote: In my Zabbix dissector I'm currently using dissector_add_uint_range_with_preference("tcp.port", ZABBIX_TCP_PORTS, zabbix_handle) to define the TCP ports (defaulting

Re: [Wireshark-dev] Dissecting TLS and non-TLS using the same ports

On Thu, Jul 13, 2023, 10:49 AM Markku Leiniö wrote: > Hi, > > In my Zabbix dissector I'm currently using > dissector_add_uint_range_with_preference("tcp.port", ZABBIX_TCP_PORTS, > zabbix_handle) to define the TCP ports (defaulting to "10050,10051"). > > I'm now attempting to use

[Wireshark-dev] Dissecting TLS and non-TLS using the same ports

Hi, In my Zabbix dissector I'm currently using dissector_add_uint_range_with_preference("tcp.port", ZABBIX_TCP_PORTS, zabbix_handle) to define the TCP ports (defaulting to "10050,10051"). I'm now attempting to use ssl_dissector_add() to dissect also TLS-encrypted Zabbix protocol packets,

[Wireshark-dev] Wireshark 4.0.7 is now available

I'm proud to announce the release of Wireshark 4.0.7. What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New We do not ship official 32-bit Windows packages for Wireshark 4.0

[Wireshark-dev] Allow choosing a directory of master secret log files for TLS decryption

Hi, I opened an issue on GitLab ( https://gitlab.com/wireshark/wireshark/-/issues/19069) and made a pull request (https://gitlab.com/wireshark/wireshark/-/merge_requests/10604) regarding allowing the user to choose a directory containing master secret log files in the TLS option page to allow

Re: [Wireshark-dev] Handling larger than 2 GB packets in dissectors

On 10.7.2023 22.59, Guy Harris wrote: You would need to change Wireshark: 1) not to use negative offsets to mean "offset from the end of the packet" (I don't know whether that's used anywhere) and not to use a length of -1 as meaning "to the end of the tvbuff" (there are already "to

Re: [Wireshark-dev] Handling larger than 2 GB packets in dissectors

On Jul 10, 2023, at 12:18 PM, Markku Leiniö wrote: > Anyway, to the point. In Zabbix protocol header > (https://www.zabbix.com/documentation/current/en/manual/appendix/protocols/header_datalen) > the normal data length is 4-byte unsigned integer ("uint32"). However, there > is a flag for

[Wireshark-dev] Handling larger than 2 GB packets in dissectors

Hi all, I'm currently writing a new C dissector for Zabbix protocol. My Lua dissector has already been available a few years in GitHub (https://github.com/markkuleinio/wireshark-zabbix-dissectors), but encouraged by the participation in improving the DHCPFO dissector I decided to try C

Re: [Wireshark-dev] Information about troubleshooting Workspace and VM connectivity issues. I wonder.

On Fri, 7 Jul 2023 09:29:44 -0500 Gilbert Ramirez wrote: > Hello. > > I cannot think of a reason why installing Wireshark fixed your connection > issues. > Maybe it was a coincidence. > > Gilbert By default wireshark enables promiscuous receive mode. If the ethernet address did not match,

Re: [Wireshark-dev] Information about troubleshooting Workspace and VM connectivity issues. I wonder.

Hello. I cannot think of a reason why installing Wireshark fixed your connection issues. Maybe it was a coincidence. Gilbert On Fri, Jul 7, 2023 at 9:05 AM 김동환 wrote: > hello. > > I'm a Korean. I have a question. > > Connect to virtualized VM through Workspace via SSLVPN on MacBook. > > The

[Wireshark-dev] Information about troubleshooting Workspace and VM connectivity issues. I wonder.

hello. I'm a Korean. I have a question. Connect to virtualized VM through Workspace via SSLVPN on MacBook. The connection works fine on Windows, but I can't connect on Mac, so I installed wireshark to find out what the problem is. suddenly VMs via Workspace work fine. I just installed

Re: [Wireshark-dev] wiki.wireshark.org Sample Capture Links Broken

Thank you for the analysis. I copied your notes over to the Discord server for internal discussion about infrastructure. On Thu, Jun 29, 2023 at 10:44 AM Ken Mix wrote: > Hello, > > The links for sample captures imported from MoinMoin are currently broken > at

[Wireshark-dev] wiki.wireshark.org Sample Capture Links Broken

Hello, The links for sample captures imported from MoinMoin are currently broken at https://wiki.wireshark.org/SampleCaptures. Links uploaded recently look fine, and the links are not broken at https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures For example, the first sample capture

Re: [Wireshark-dev] incorrect display of a RDM E1.37-1 FREQUENCY_MODULATION_DESCRIPTION package

Issues are tracked over on Gitlab. https://gitlab.com/wireshark/wireshark/-/issues Could you move your pcap and notes to a new issue over there? On Mon, Jun 26, 2023 at 10:33 AM S. Jäkel via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Hi Wireshark team, > > an RDM packet from E1.37-1

Re: [Wireshark-dev] [EXTERNAL] Re: Latest PDF document (4.1.0)

I'm using Edge to view the pdf at www.wireshark.org, and Adobe Reader to view the downloaded PDF. Regarding the downloaded PDF, the Interactive TOC shows in Adobe, but it does not show in the printed copy, and neither are there any page #'s or section #'s in the

Re: [Wireshark-dev] Latest PDF document (4.1.0)

What application are you using to view the PDF? The TOC shows up just fine if I view the User's Guide here in Preview, Chrome, and Firefox. It doesn't show up in Safari but that appears to be due to a limitation of Safari. Note that in this case the TOC is part of the PDF file format; we don't

[Wireshark-dev] Latest PDF document (4.1.0)

Why does the latest PDF have no page numbers, no table of contents, and no section #'s??? Wireshark User's Guide: Version 4.1.0 -tom

Re: [Wireshark-dev] Wireshark ERROR While Running Cmake

Hi, It looks to me like you’re missing some required development packages. Not sure what environment you have, but you could refer to the setup scripts in the tools directory, e.g., arch-setup.sh Regards > On 30 May 2023, at 13:38, Anshula Singla wrote: > > > > Hi , > > Regarding I am

[Wireshark-dev] FW: Wireshark ERROR While Running Cmake

Hi , Regarding I am facing multiple issue while building wireshark code . while running cmake facing issue snapped in snippet . Please find below snippet [cid:image001.png@01D99318.60E77520] Please provide some fix for this issue . Regards Anshula

Re: [Wireshark-dev] Ability to dynamically dissect in more detail?

You could add a preference to your dissector to only perform detailed dissection for a specific frame, with the default frame number being 0 so that by default no detailed dissection is performed for any frame. Then you just need to compare the frame number from the pinfo data with the frame

[Wireshark-dev] Wireshark 4.0.6 is now available

I'm proud to announce the release of Wireshark 4.0.6. What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New We do not ship official 32-bit Windows packages for Wireshark 4.0

Re: [Wireshark-dev] Ability to dynamically dissect in more detail?

> On 16 May 2023, at 18:27, jayrturne...@gmail.com wrote: > > I have a dissector. I dissect the content as delimited text. Sometimes the > textual content has further meaning, but I only want to dissect it in further > detail on a packet by packet basis and only if the user requests it on a >

Re: [Wireshark-dev] Extcap program based on extcap_example.py

Hi Timo. Yes, not compiled extcaps are to be placed in the extcap folder. Since you're not integrating into the wireshark building system, you don't have to handle cmake. From a working wireshark installation, just point out where the extcap folder is (have a look at the about dialog, in case you

[Wireshark-dev] Extcap program based on extcap_example.py

I am writing an extcap program building upon doc/extcap_example.py. - Shall extcap programs that do not need compilation also be placed in extcap/? - I am not very familiar with CMake and am struggling with getting the extcap program copied over to run/extcap/ by the build system. (For

Re: [Wireshark-dev] Are we fully moved over to C++ compilers?

Hi Gilbert, 17 mai 2023 23:41:21 Gilbert Ramirez : > What's the state of our toolchain requirements for wireshark and all the > programs within it? > The CMakeLists.txt indicates we need C++ 11, but also has variables for > C_ONLY_FLAGS > > Some .c/.h files have "#ifdef __cplusplus" and others

[Wireshark-dev] Are we fully moved over to C++ compilers?

What's the state of our toolchain requirements for wireshark and all the programs within it? The CMakeLists.txt indicates we need C++ 11, but also has variables for C_ONLY_FLAGS Some .c/.h files have "#ifdef __cplusplus" and others don't. Basically, if I'm working on a new feature in common code

Re: [Wireshark-dev] Ability to dynamically dissect in more detail?

On Tue, May 16, 2023 at 12:27 PM wrote: > I have a dissector. I dissect the content as delimited text. Sometimes the > textual content has further meaning, but I only want to dissect it in > further detail on a packet by packet basis and only if the user requests it > on a specific packet. > > >

[Wireshark-dev] Ability to dynamically dissect in more detail?

I have a dissector. I dissect the content as delimited text. Sometimes the textual content has further meaning, but I only want to dissect it in further detail on a packet by packet basis and only if the user requests it on a specific packet. The reason is that the detailed dissection requires

Re: [Wireshark-dev] Wireshark 4.0.1 clone and build fails with test failures and complaints about paths prefixed in the source directory

Having the build directory under the source tree is still considered an out-of-source build and is generally convenient and customary. Having the support libraries path under the source tree is bad practice however and the root cause for your errors, as already mentioned by others. On

Re: [Wireshark-dev] Wireshark 4.0.1 clone and build fails with test failures and complaints about paths prefixed in the source directory

On May 4, 2023, at 10:16 AM, wrote: > Succeeded by -- creating C:\Project\wireshark, cloning in to > C:\Project\wireshark\wireshark, making C:\Project\wireshark\build, and > running CMake from within C:\Project\wireshark\build > > My build directory was also a peer, but not named ‘build’,

Re: [Wireshark-dev] Wireshark 4.0.1 clone and build fails with test failures and complaints about paths prefixed in the source directory

Succeeded by -- creating C:\Project\wireshark, cloning in to C:\Project\wireshark\wireshark, making C:\Project\wireshark\build, and running CMake from within C:\Project\wireshark\build My build directory was also a peer, but not named ‘build’, and not under C:\Project\wireshark. How odd.

Re: [Wireshark-dev] Building Wireshark From Source MacOS

That version of Wireshark is not supported with Mac OSX 13.x or higher. Please use a later version. But, for that specific protocol, you could also try the following dissector, written in Lua: https://github.com/netspooky/dissectors/blob/main/acble.lua cheers Roland Am Do., 4. Mai 2023 um 16:52

Re: [Wireshark-dev] Wireshark 4.0.1 clone and build fails with test failures and complaints about paths prefixed in the source directory

Try setting WIRESHARK_BASE_DIR to C:\Project Notice in section 2.2.11 at https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWindows that WIRESHARK_BASE_DIR is the *parent* directory of where the git clone happened. Gilbert On Wed, May 3, 2023 at 9:10 PM wrote: > The issues with building

Re: [Wireshark-dev] Wireshark 4.0.1 clone and build fails with test failures and complaints about paths prefixed in the source directory

It is preferred, that WIRESHARK_BASE_DIR is defined at the top directory, and not underneath the source directory. Also, it cannot be omitted as documented in our build documentation. Additionally, it is recommended to do an out-of-source build, to better be able to update the sources if needed.

[Wireshark-dev] Wireshark 4.0.1 clone and build fails with test failures and complaints about paths prefixed in the source directory

The issues with building from a git clone are: 1. I clone into C:\Project\wireshark. The make adds libraries to C:\Project\wireshark\wireshark-win64-libs and then complains at the end that targets contain paths that are prefixed in the source directory. 2. I want to use

Re: [Wireshark-dev] GNSS dissectors

On 2023-04-12, Tomáš Kukosa wrote: > > I would have question concerning extcap plugin. What language are you going > to use? > > I have prepared helper library for Rust https://crates.io/crates/extcap but > I did not have time and chance to use it in real project. > > So if the Rust is you

[Wireshark-dev] Quantum Safe Version of Wireshark for Windows

Guys, I see that there is: https://github.com/open-quantum-safe/oqs-demos/tree/main/wireshark This runs using docker on a linux platform.   Is there a version that I can compile to run under Windows? I have some quantum safe TLS pcaps and I would like to look at them! Thanks, Nalini Elkins CEO

[Wireshark-dev] Wireshark 4.0.5 is now available

I'm proud to announce the release of Wireshark 4.0.5. What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New We do not ship official 32-bit Windows packages for Wireshark 4.0

Re: [Wireshark-dev] GNSS dissectors

Hello Timo, I would have question concerning extcap plugin. What language are you going to use? I have prepared helper library for Rust https://crates.io/crates/extcap but I did not have time and chance to use it in real project. So if the Rust is you favorit language you are welcome to

[Wireshark-dev] GNSS dissectors

Hello Wireshark developers, I am working on different dissectors related to the Global Navigation Satellite System (GNSS). More precisely, this includes dissectors for - the UBX protocol as supported by u-blox GNSS receivers, - the EMS (EGNOS Message Server) protocol encoding SBAS navigation

Re: [Wireshark-dev] Option to disable Expert Info for issue with frame length

Sorry for my late reply, >From your article, I understand that the *Captured Packet Length* is the *Frame Length/Length on wire/real length* and *Original Packet Length* is the "*Capture Length/captured length*" in the attached picture. My issue is that the capture card in our system always

Re: [Wireshark-dev] Option to disable Expert Info for issue with frame length

On Mar 29, 2023, at 10:10 AM, Duy Khanh Pham wrote: > From your article, I understand that the Captured Packet Length is the Frame > Length/Length on wire/real length and Original Packet Length is the "Capture > Length/captured length" in the attached picture. > > My issue is that the capture

Re: [Wireshark-dev] Option to disable Expert Info for issue with frame length

On Mar 22, 2023, at 11:40 AM, Duy Khanh Pham via Wireshark-dev wrote: > My case for this request is when doing network data capturing with a capture > card. The capture card always sets the capture length to a multiple of 4 due > to performance requirement. > > As a result, the real length

[Wireshark-dev] Option to disable Expert Info for issue with frame length

Hi, My case for this request is when doing network data capturing with a capture card. The capture card always sets the capture length to a multiple of 4 due to performance requirement. As a result, the real length will always be less than or equal to the set captured length. After WireShark

Re: [Wireshark-dev] lua dissector: using base.UNIT_STRING on ftypes.DOUBLE ProtoField

On Mon, Mar 20, 2023, 2:36 PM Dennis Lambe wrote: > On Mon, Mar 20, 2023 at 12:17 PM chuck c wrote: > > Have you tried defining the field using ProtoField.float or > ProtoField.double? > > Yup. Same behavior. Unit shows up correctly for `tshark -G values` but > doesn't appear in the UI. > The

Re: [Wireshark-dev] lua dissector: using base.UNIT_STRING on ftypes.DOUBLE ProtoField

On Mon, Mar 20, 2023 at 12:17 PM chuck c wrote: > Have you tried defining the field using ProtoField.float or ProtoField.double? Yup. Same behavior. Unit shows up correctly for `tshark -G values` but doesn't appear in the UI. -- Dennis Lambe (He/Him) Lead Firmware Engineer sparkcharge.io

Re: [Wireshark-dev] lua dissector: using base.UNIT_STRING on ftypes.DOUBLE ProtoField

Have you tried defining the field using ProtoField.float or ProtoField.double? https://www.wireshark.org/docs/wsdg_html/#lua_class_ProtoField 11.3.7.17. ProtoField.float(abbr, [name], [valuestring], [desc]) 11.3.7.18. ProtoField.double(abbr, [name], [valuestring], [desc]) On Mon, Mar 20, 2023

[Wireshark-dev] lua dissector: using base.UNIT_STRING on ftypes.DOUBLE ProtoField

I am writing a dissector plugin in Lua, and I'm running into a problem with unit strings. I'm new to Wireshark plugins and new to Lua, so I'm not 100% sure any of what I'm doing is the right way to do it. The protocol I'm dissecting contains fields which are transmitted as integers, but should be

Re: [Wireshark-dev] Wiki editor permission request

"make a request for a example capture." You might have better luck on the Wireshark Discord server. There is an invitation link on https://ask.wireshark.org/questions/ . On Sat, Mar 18, 2023 at 10:48 AM Rich Maes wrote: > Hi I’d like to edit the Wireshark wiki. My gitlab user name richmaes. >

[Wireshark-dev] Wiki editor permission request

Hi I’d like to edit the Wireshark wiki. My gitlab user name richmaes. Specifically, I’d like to make a request for a example capture. Thanks Rich ___ Sent via:Wireshark-dev mailing list Archives:

[Wireshark-dev] Install Wireshark using chocolatey

How-to Install Wireshark using chocolatey? wireshark dependencies like winpcap or nmap ? choco install --yes nmap :: wireshark requires a pcap for capturing; nmap comes with npcap which fulfills this dependency :: see: :: - https://chocolatey.org/packages/wireshark :: -

Re: [Wireshark-dev] macOS Xcode build failure on multiple commands producing same directory

On Fri, Mar 3, 2023 at 3:18 PM Roland Knall wrote: > > Always > > Am Fr., 3. März 2023 um 13:27 Uhr schrieb Alexander Kapshuk > : >> >> On Wed, Mar 1, 2023 at 9:21 PM Guy Harris wrote: >> > >> > On Mar 1, 2023, at 7:18 AM, Alexander Kapshuk >> > wrote: >> > >> > > Pointers on how to proceed

Re: [Wireshark-dev] macOS Xcode build failure on multiple commands producing same directory

Always Am Fr., 3. März 2023 um 13:27 Uhr schrieb Alexander Kapshuk < alexander.kaps...@gmail.com>: > On Wed, Mar 1, 2023 at 9:21 PM Guy Harris wrote: > > > > On Mar 1, 2023, at 7:18 AM, Alexander Kapshuk < > alexander.kaps...@gmail.com> wrote: > > > > > Pointers on how to proceed with this

<    1   2   3   4   5   6   7   8   9   10   >