Re: [Wireshark-dev] wireshark crashes while I export the packets.

You could use a bisection method. Split the file in 2 smaller and try both. Continue until you have 1 packet. Once you have the guilty, you can give it to the different softwares (wireshark, tshark, reordercap, mergecap, etc). If only one crashes, the bug is located there. If all crash probably

[Wireshark-dev] Memory consumption in tshark

Hi list I've run this command on a 10G pcap file. ./tshark -r traffic.all -Y dns.qry.name.len 50 -w longnames.pcap Used memory grows continuously, up to over 3GB of ram. At this point my pc goes thrashing and I must kill tshark. That's not what I expected. I expected the memory to grow up to a

Re: [Wireshark-dev] Memory consumption in tshark

On Tue, Aug 27, 2013 at 10:38 PM, Evan Huus eapa...@gmail.com wrote: We already discard a great deal of state in (single-pass) tshark that we keep around in Wireshark (or two-pass tshark). We do need to keep some, though. It's only a bug if we're keeping more than we actually need, and that's

Re: [Wireshark-dev] Memory consumption in tshark

Running the same command as before (I mean without valgrind) with -n, I get 1.5G of memory consumption, as without -n. That's quite useful actually: it looks like the majority of the memory is being used to store address-resolution data from all of the DNS packets so that if those IP addresses

Re: [Wireshark-dev] Memory consumption in tshark

On Thu, Aug 29, 2013 at 4:35 PM, Evan Huus eapa...@gmail.com wrote: Basically, but it's also more. If your capture contains a DNS packet resolving a name in a certain way, and the system name resolver gives a different answer, we prefer the DNS packet in the capture (since presumably the

Re: [Wireshark-dev] Memory consumption in tshark

I've run it on the original 10G file (70M packets). It can't process all of them. At around 30M packets memory consumption is about 3.7G. It's a good improvement anyway! Thanks Dario. On Fri, Aug 30, 2013 at 3:35 AM, Evan Huus eapa...@gmail.com wrote: On Thu, Aug 29, 2013 at 11:07 AM, Dario

[Wireshark-dev] Multiple input files

Hi list I was trying to change the code of tshark to support multiple -r switches. The aim is to have many input files and one output file. Before getting mad in changing it, I was wondering if it makes sense or not, and if it was addressed before in some way. An example of use of it: tshark -r

Re: [Wireshark-dev] Multiple input files

On Thu, Sep 5, 2013 at 3:30 PM, Evan Huus eapa...@gmail.com wrote: mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y dns.qry.name contains google -o google.pcap mergecap would be certainly an option, if the merged file is not too big to be given to tshark. I have 10 file, 1G each.

Re: [Wireshark-dev] Multiple input files

Another option could be to support stdin as input file in mergecap with an append switch. If mergecap whould support something like this cat input1.pcap | mergecap -a - -w output.pcap cat input2.pcap | mergecap -a - -w output.pcap this would allow a user to do something like for file in *.pcap

Re: [Wireshark-dev] Multiple input files

On Fri, Sep 6, 2013 at 9:50 PM, Christopher Maynard christopher.mayn...@gtech.com wrote: Two problems: 1) How do you guarantee the files will be processed in correct time order for appending? I can't. If the user needs it, they can run reordercap. 2) mergecap today doesn't support

Re: [Wireshark-dev] Question regarding emem - wmem conversion

On Thu, Sep 12, 2013 at 5:36 PM, Joerg Mayer jma...@loplof.de wrote: So if we could split this between a few people at least the trivial part could be done quickly. Can you please show us what should be done? I could get a part of it if it's clear what to do. Dario.

Re: [Wireshark-dev] Question regarding emem - wmem conversion

Thanks for your description. On Thu, Sep 12, 2013 at 11:46 PM, Joerg Mayer jma...@loplof.de wrote: Here is what I do (now) - I'm on Linux: - cd epan/dissectors/ - Pick a letter from the alphabet. - grep emem.h packet-letter*.c - ../../tools/checkAPI.pl -g emem packet-letter*.c

Re: [Wireshark-dev] Question regarding emem - wmem conversion

. On Thu, Sep 12, 2013 at 11:54 AM, Dario Lombardo dario.lombardo...@gmail.com wrote: On Thu, Sep 12, 2013 at 5:36 PM, Joerg Mayer jma...@loplof.de wrote: So if we could split this between a few people at least the trivial part could be done quickly. Can you

Re: [Wireshark-dev] Question regarding emem - wmem conversion

I'm trying to address se_alloc() calls. If I change this: Index: packet-infiniband_sdp.c === --- packet-infiniband_sdp.c (revision 52002) +++ packet-infiniband_sdp.c (working copy) @@ -31,6 +31,7 @@ #include epan/packet.h #include

Re: [Wireshark-dev] Question regarding emem - wmem conversion

using wmem_epan_scope() it seems to work. Is it correct to use that scope? On Fri, Sep 13, 2013 at 1:55 PM, Dario Lombardo dario.lombardo...@gmail.com wrote: I'm trying to address se_alloc() calls. If I change this: Index: packet-infiniband_sdp.c

Re: [Wireshark-dev] Question regarding emem - wmem conversion

I've submitted a patch with epan scope. On Fri, Sep 13, 2013 at 2:30 PM, Evan Huus eapa...@gmail.com wrote: On 2013-09-13, at 7:55 AM, Dario Lombardo dario.lombardo...@gmail.com wrote: I'm trying to address se_alloc() calls. If I change this: Index: packet-infiniband_sdp.c

Re: [Wireshark-dev] Git + Gerrit: next steps

On Thu, Dec 19, 2013 at 4:57 AM, Evan Huus eapa...@gmail.com wrote: - handy quick-start instructions from Marc: https://www.wireshark.org/lists/wireshark-dev/201309/msg00191.html I had a look at the instructions above. Seems that only ssh is supported. Will it be so in the production git too,

Re: [Wireshark-dev] Git + Gerrit: next steps

On Thu, Dec 19, 2013 at 8:51 PM, Gerald Combs ger...@wireshark.org wrote: BTW, I *might* be able to have Gerrit's SSH daemon listen on port 22 instead of 29418. Would this be useful? In testing/lab/home networks access to outside is normally open (or can be opened). That means that port 80,

Re: [Wireshark-dev] (no subject)

Do you want to keep the pdml file format, or do you just want to export a subset of infos? In the latter case you can use the -T fields switch plus the -e switch. On Thu, Mar 6, 2014 at 8:04 AM, varsha mintri vmin...@yahoo.com wrote: Hi, I wanted to reduce the details produced while

[Wireshark-dev] Fwd: Broken link for buildbot

Hi In the header of the gerrit site, the link buildbot - documentation points to https://code.wireshark.org/plugins/buildbot/ that is a broken link. I'd like to point someone at it. Dario ___ Sent via:Wireshark-dev

Re: [Wireshark-dev] Fwd: Broken link for buildbot

On Wed, Jun 11, 2014 at 10:17 PM, Gerald Combs ger...@wireshark.org wrote: If it's causing any confusion I can remove it before then. No it isn't. I was just jumping over the links on the page and I found it. Do you think a bug on filezilla would be appropriate?

[Wireshark-dev] Deprecated APIs

Hi list I'm having a look at obsolete APIs and I've got those lines from checkAPI.pl Warning: Found soft-deprecated APIs in packet-bacapp.c: ep_address_to_str Warning: Found soft-deprecated APIs in packet-umts_fp.c: se_new0 but I can't find how those func should be changed. Can anyone help me?

[Wireshark-dev] Patching as per checkAPI

I'm trying to taking care of some of the warnings from checkAPI. The result is a set of commits. What should I do now? 1) submit one push for every commit (eg. branch checkapi1, checkapi2, etc.) 2) submit one push with multiple commits (don't know if gerrit allows it... I got an error when I

Re: [Wireshark-dev] [Wireshark-commits] master 14824e6: Revert Fixup: tvb_* - tvb_captured

On Thu, Jun 19, 2014 at 9:18 PM, Evan Huus eapa...@gmail.com wrote: We were not bulk-converting them so that we could catch the ones that really should have been tvb_reported_length and tvb_reported_length_remaining from the beginning. If you look at the code in epan/tvbuff.h:228,237,244 you

Re: [Wireshark-dev] [Wireshark-commits] master 14824e6: Revert Fixup: tvb_* - tvb_captured

On Fri, Jun 20, 2014 at 4:33 PM, Jeff Morriss jeff.morriss...@gmail.com wrote: IOW the reason these functions were renamed was because a large portion of the time dissector-writers would use tvb_length() when they really should have been using tvb_reported_length(). By renaming the functions

[Wireshark-dev] Deprecated APIs

Hi list I'm having a look at obsolete APIs and I've got those lines from checkAPI.pl Warning: Found soft-deprecated APIs in packet-bacapp.c: ep_address_to_str Warning: Found soft-deprecated APIs in packet-umts_fp.c: se_new0 but I can't find how those func should be changed. Can anyone help me?

Re: [Wireshark-dev] Translation tools

On Wed, Oct 8, 2014 at 9:06 PM, Alexis La Goutte alexis.lagou...@gmail.com wrote: Hi, It is now possible to translate the Gui of Wireshark (with Qt) Actually, there is start of French translation, Polish (Thanks Michal) and Japanese (Thanks martin Megane) How one can start a task like

Re: [Wireshark-dev] Translation tools

, and that change was not ported to the compiled ones. Am I right? What should I do with those changes? Keep them or discard them? On Thu, Oct 9, 2014 at 4:22 PM, Alexis La Goutte alexis.lagou...@gmail.com wrote: On Thu, Oct 9, 2014 at 4:02 PM, Dario Lombardo dario.lombardo...@gmail.com wrote

Re: [Wireshark-dev] Translation tools

Ok, thanks. I'm able to start the translation. I've translated a couple of entries, recompiled, changed the language, and everything is ok: my translated entries are now in wireshark. But if now I translate other entries, run lupdate and lrelease, then make, the ui is not recompiled again. It

[Wireshark-dev] QT with cmake

Hi list I tried to compile the master of wireshark using cmake. mkdir build cd build cmake .. make In run/ I can find wireshark-gtk but not qt. Any specific command to pass to cmake to have it? I am able to obtain qt executable using autotools (meaning that my qt dev subsystem should be fine).

Re: [Wireshark-dev] QT with cmake

for :) On 21 October 2014 11:20, Dario Lombardo dario.lombardo...@gmail.com wrote: Hi list I tried to compile the master of wireshark using cmake. mkdir build cd build cmake .. make In run/ I can find wireshark-gtk but not qt. Any specific command to pass to cmake to have it? I am able to obtain

Re: [Wireshark-dev] QT with cmake

Well... after installing some other qt5 packages I get CMake Error at ui/qt/CMakeLists.txt:306 (QT5_ADD_TRANSLATION): Unknown CMake command QT5_ADD_TRANSLATION. On Tue, Oct 21, 2014 at 11:49 AM, Peter Wu pe...@lekensteyn.nl wrote: On Tuesday 21 October 2014 11:20:54 Dario Lombardo wrote

Re: [Wireshark-dev] QT with cmake

On Tue, Oct 21, 2014 at 1:20 PM, Peter Wu pe...@lekensteyn.nl wrote: What distro are you using? For Debian/Ubuntu you need to install qttools5-dev. It is exactly what I'm using (ubuntu 14.04). I've installed qttools5-dev and compilation made few steps ahead, but then stopped with Scanning

Re: [Wireshark-dev] QT with cmake

On Tue, Oct 21, 2014 at 2:48 PM, Peter Wu pe...@lekensteyn.nl wrote: Have you tried to clear your build dir? The QtGui/QAction file is located in the qt4 include directory, in qt5 it is located at QtWidgets/QAction. I've completely deleted the build dir and started over. Same output. [

[Wireshark-dev] QT with cmake

Hi list I tried to compile the master of wireshark using cmake. mkdir build cd build cmake .. make In run/ I can find wireshark-gtk but not qt. Any specific command to pass to cmake to have it? I am able to obtain qt executable using autotools (meaning that my qt dev subsystem should be fine).

Re: [Wireshark-dev] QT with cmake

at 03:13:01PM +0200, Dario Lombardo wrote: On Tue, Oct 21, 2014 at 2:48 PM, Peter Wu pe...@lekensteyn.nl wrote: Have you tried to clear your build dir? The QtGui/QAction file is located in the qt4 include directory, in qt5 it is located at QtWidgets/QAction. I've completely

Re: [Wireshark-dev] Installing on Ubuntu 12.04.5

You installed gtk3 that is the library pkg but not the -dev pkg that is what configure checks for. The key packet you're probably missing is - libgtk-3-dev as stated in the Robert's list. To be sure, look for gtk in your config.log. You will find configure:30681: gcc -o conftest -g -O2

[Wireshark-dev] Compiling with ninja

Hi list Some days ago I played a bit with ninja and I found useful info I'd like to share with you. Ninja is a compilation system similar to make. It's advantage is that it was built with parallelism in mind, to take advantage of multi-core CPUs. Wireshark uses cmake that has a generator for

Re: [Wireshark-dev] On which platforms is there a need for Wireshark to have a Language preference?

Hi Guy The answer is yes. I live in italy, but I use linux in english. I switch to en or it for the specific purpose of the moment. With auto-detect I could't do that. For my daily use I switch to EN. To develop/test wireshark italian translation I switch to IT. I don't know if this scenario

Re: [Wireshark-dev] On which platforms is there a need for Wireshark to have a Language preference?

On Wed, Nov 5, 2014 at 10:52 AM, Bálint Réczey bal...@balintreczey.hu wrote: Please run LC_ALL=it_IT wireshark instead of asking the project to keep the language-switching feature. Thanks for your suggestion. ___ Sent

Re: [Wireshark-dev] Capture from multiple remote machines

On Wed, Nov 19, 2014 at 9:12 AM, Ozan T ozan@gmail.com wrote: Hi Patrick , Thank you, it works! Sorry, it is my mistake I thought rpcapd and Remote Interfaces wer just for Windows machines. Here , I see it works well on Linux and BSD also. Thanks again. Ozan. Hi Ozan Can you

Re: [Wireshark-dev] nflog in qt and gtk

On Thu, Dec 18, 2014 at 4:29 PM, Peter Wu pe...@lekensteyn.nl wrote: You should not run Wireshark with sudo, instead set the appropriate privileges on the dumpcap binary as described at http://wiki.wireshark.org/CaptureSetup/CapturePrivileges Generally speaking, you are right, and it's waht

Re: [Wireshark-dev] nflog in qt and gtk

On Fri, Dec 19, 2014 at 12:35 PM, Peter Wu pe...@lekensteyn.nl wrote: The Capture - Options dialog is another place where these stats are visible. Is it visible during capture? ___ Sent via:Wireshark-dev mailing list

Re: [Wireshark-dev] nflog in qt and gtk

Kill statistics before starting the capture? Sounds fine to me, though I am not sure whether it has other side-effects. The Capture - Options dialog is another place where these stats are visible. What about filing a bug? Do you think it would be useful? Or is there anyone taking care of

Re: [Wireshark-dev] nflog in qt and gtk

. It works on my machine. I noticed that the first try fails, while the second succeds. You can find the change here https://code.wireshark.org/review/#/c/6796/ Comments welcome. Dario. On Fri, Jan 23, 2015 at 2:11 PM, Dario Lombardo dario.lombardo...@gmail.com wrote: Hi Peter I opened a bug

Re: [Wireshark-dev] Undissected packet bytes

On Wed, Feb 4, 2015 at 5:25 PM, Evan Huus eapa...@gmail.com wrote: I think you will need to add a function very similar to proto_find_field_from_offset that makes use of proto_tree_traverse_pre_order and tracks which bytes have been seen as the traversal proceeds. And how the output could

Re: [Wireshark-dev] Undissected packet bytes

On Wed, Feb 4, 2015 at 3:52 PM, Evan Huus eapa...@gmail.com wrote: As a side note, I would expect that method to be *very* slow, since it traverses the entire tree for every byte of the packet. Traversing the tree once and maintaining a set of covered/uncovered ranges would be much more

Re: [Wireshark-dev] Undissected packet bytes

the proto tree and keep track of which byte ranges are claimed/unclaimed. proto_find_field_from_offset does something related to this (it is used for matching bytes to fields in the UI) so it's probably a good place to start. On Tue, Feb 3, 2015 at 12:08 PM, Dario Lombardo dario.lombardo...@gmail.com

Re: [Wireshark-dev] Undissected packet bytes

. You just need to iterate the proto tree and keep track of which byte ranges are claimed/unclaimed. proto_find_field_from_offset does something related to this (it is used for matching bytes to fields in the UI) so it's probably a good place to start. On Tue, Feb 3, 2015 at 12:08 PM, Dario

Re: [Wireshark-dev] Undissected packet bytes

On Fri, Feb 6, 2015 at 7:52 AM, Michal Labedzki michal.labed...@tieto.com wrote: One more hint: if push patch as draft then add reviewer, because draft is invisible for anyone (expect author and reviewers) Alternative command(s) to send to gerrit: git push origin HEAD:refs/drafts/master git

[Wireshark-dev] Undissected packet bytes

Hi list I was wondering if there is a comfortable way to find out undissected bytes in packets. This would be useful to find incomplete dissectors. Any hint? Thanks! Dario. ___ Sent via:Wireshark-dev mailing list

Re: [Wireshark-dev] Undissected packet bytes

On Thu, Feb 5, 2015 at 1:19 PM, Evan Huus eapa...@gmail.com wrote: I believe g_log and friends go to standard out, but maybe not on all platforms. An expert info under conditional compilation would probably be enough though, I hadn't thought of that. Another question. I've found a promising

Re: [Wireshark-dev] Undissected packet bytes

it, simply comment any proto_tree_add_item() from a dissector of your choice, and open a packet with wireshark or with tshark -V. Comments are welcome. Dario. On Thu, Feb 5, 2015 at 1:41 PM, Dario Lombardo dario.lombardo...@gmail.com wrote: On Thu, Feb 5, 2015 at 1:19 PM, Evan Huus eapa...@gmail.com

Re: [Wireshark-dev] Undissected packet bytes

On Wed, Feb 4, 2015 at 7:28 PM, Evan Huus eapa...@gmail.com wrote: I suppose you could add a an expert info, but I think that might be overkill, most users probably don't care that much. Expert infos could be added under conditional compilation. If enabled it would allow to filter packets

[Wireshark-dev] JSON as mime type

Hi list, Now that the json dissector has became heuristic, I was trying to make wireshark open a native json file, like it is able to do it with xml. What is necessary to make it work other than add a line like heur_dissector_add(wtap_file, dissect_json_heur, proto_json); in the json dissector?

Re: [Wireshark-dev] False positive from the new Look for incomplete dissectors function.

On Thu, Feb 12, 2015 at 6:18 PM, Anders Broman a.broma...@gmail.com wrote: I suspected as much, but I think all the sip lines skip the CRLF... What about adding the skipped bytes as hidden, labeled as unused bytes? ___

Re: [Wireshark-dev] False positive from the new Look for incomplete dissectors function.

On Fri, Feb 13, 2015 at 10:14 AM, Anders Broman a.broma...@gmail.com wrote: First thought is, unnecessary processing to satisfy this new functionality, which frankly I have my doubts about... I have the same feeling. But I can't figure out something else so far.

Re: [Wireshark-dev] False positive from the new Look for incomplete dissectors function.

: *From:* wireshark-dev-boun...@wireshark.org [mailto: wireshark-dev-boun...@wireshark.org] *On Behalf Of *Dario Lombardo *Sent:* den 13 februari 2015 10:18 *To:* Developer support list for Wireshark *Subject:* Re: [Wireshark-dev] False positive from the new Look for incomplete dissectors

[Wireshark-dev] Can't compile with cmake

Today I can't compile wireshark using cmake. Using git bisect I've found out that this commit is responsible for that 7263af87c6b0019c1bfda0f66fdc991330941892 I'm looking forward in the code to find out what exactly broke the compilation. Dario.

Re: [Wireshark-dev] Can't compile with cmake

-dev-boun...@wireshark.org] *On Behalf Of *Alexis La Goutte *Sent:* den 18 februari 2015 14:27 *To:* Developer support list for Wireshark *Subject:* Re: [Wireshark-dev] Can't compile with cmake Hi Dario, What the warning ? On Wed, Feb 18, 2015 at 2:24 PM, Dario Lombardo dario.lombardo

Re: [Wireshark-dev] Can't compile with cmake

https://code.wireshark.org/review/7235 (1 line ;)). On Wed, Feb 18, 2015 at 2:44 PM, Dario Lombardo dario.lombardo...@gmail.com wrote: I've found out what is happened. A file (qcustomplot.cpp) was missing. I'm pushing the patch. On Wed, Feb 18, 2015 at 2:30 PM, Anders Broman anders.bro

Re: [Wireshark-dev] False positive from the new Look for incomplete dissectors function.

On Fri, Feb 13, 2015 at 5:15 PM, Jeff Morriss jeff.morriss...@gmail.com wrote: I have to admit that I like being able to click on a byte and see what field it maps to. From that perspective I like when padding is claimed by the dissector which knew it was padding. And when CR+NL are claimed

[Wireshark-dev] Question about stats_tree

Hi list I was planning to have stats_tree for hpfeeds, but I have a problem and I need some suggestion from you. In hpfeeds the channel is a user-defined string that is not defined by the protocol, and that is used to share infos in a set of consumer/producer. For that I can't create a pivot table

Re: [Wireshark-dev] False positive from the new Look for incomplete dissectors function.

Hi Anders If you carefully have a look at the bytes, you can notice that the 2 bytes reported by the logs are claimed by the SIP dissector, but they're not decoded. Until SIP/2.0, bytes are decoded (address up to 0x0040+12). From Max-Forward and beyond (address 0x0040+15) they are decoded.

Re: [Wireshark-dev] Patch being stuck

On Thu, Jan 8, 2015 at 11:50 AM, Graham Bloice graham.blo...@trihedral.com wrote: No blockage reason, just no-one on the core team has gotten around to having a look at it yet. Submission to the Petri-Dish isn't (yet) automatic, it requires a manual flag (from a core team member). Ok,

[Wireshark-dev] Patch being stuck

Hi list I pushed a patch a couple of days ago https://code.wireshark.org/review/#/c/6350/ I think it's getting stuck for some reason (not even the petri dish buildbot has processed it). Other patches submitted later (eg. https://code.wireshark.org/review/6394 or

Re: [Wireshark-dev] Wireshark 1.99.5 is now available

On Fri, Mar 20, 2015 at 1:46 AM, Gerald Combs ger...@wireshark.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm proud to announce the release of Wireshark 1.99.5. Hi Gerald Just out of curiosity... why 2 releases so close? Dario.

Re: [Wireshark-dev] Wireshark code review

Since you now have 2 changes submitted, you should abandon one of them (do it from the web interface), then follow Alexis' suggestion about sqashing and amending, then push the final revision into the survived change (do it using the correct change-id, read it from the web interface again). I

Re: [Wireshark-dev] Wireshark code review

On Wed, Mar 25, 2015 at 10:03 AM, Alexis La Goutte alexis.lagou...@gmail.com wrote: From local branch ? or remote branch ? (master / master-1.12...) From local. ___ Sent via:Wireshark-dev mailing list

Re: [Wireshark-dev] Menagerie

On Mon, Mar 2, 2015 at 2:16 PM, Evan Huus eapa...@gmail.com wrote: The fastest way to get a decent menagerie right now might be to write a script that scrapes all public bugzilla attachments... That's where the majority of our menagerie comes from anyways. I downloaded samples from

Re: [Wireshark-dev] Menagerie

Evan, I'm not still able to download the torrent. Anyone tried and succeded? Can't the daily menagerie be exposed via a more convenient interface like http? I don't think the generated traffic would flood the server, especially if the files are compressed in a tar.bz2 or a zip.

Re: [Wireshark-dev] Menagerie

On Fri, Feb 27, 2015 at 3:36 PM, Evan Huus eapa...@gmail.com wrote: I have rsync set up via ssh to the host server, but I'm pretty sure we can't just give everyone ssh access :) Yes of course :). Maybe a public interface like http (or even rsync should be unautenticated, but I have no

[Wireshark-dev] Undissected reserved fields

I'm playing with the undissected bytes functionality of wireshark, patching some dissectors that clearly lack some fields. But now I've found some of them that fall in a grey area and I'd lilke to discuss with other devels the best way to go on. I've found that many dissectors lack decoding of

Re: [Wireshark-dev] Menagerie

need to open a hole in my firewall or something. I'm at work now anyways, so I'll look at it again tonight unless somebody beats me to it. Evan On Fri, Feb 27, 2015 at 9:07 AM, Dario Lombardo dario.lombardo...@gmail.com wrote: Should be supported by your torrent client (maybe create torrent

Re: [Wireshark-dev] Menagerie

On Fri, Feb 27, 2015 at 1:55 PM, Evan Huus eapa...@gmail.com wrote: I'm not sure if there is a more convenient way to download the entire menagerie available to the general public. Who can know that? Gerald maybe? It would be very useful when conducting large scale tests to have access to a

Re: [Wireshark-dev] Menagerie

, Feb 27, 2015 at 8:00 AM, Dario Lombardo dario.lombardo...@gmail.com wrote: On Fri, Feb 27, 2015 at 1:55 PM, Evan Huus eapa...@gmail.com wrote: I'm not sure if there is a more convenient way to download the entire menagerie available to the general public. Who can know that? Gerald

Re: [Wireshark-dev] Menagerie

On Fri, Feb 27, 2015 at 3:19 PM, Ed Beroset bero...@mindspring.com wrote: From the originally sent torrent, it seems to be 1.88G. I'm interested in this too and could seed pretty much perpetually once we get it started. I would rather prefer a rsync-compatible interface. The scenario I'm

[Wireshark-dev] Packet editor

Guys, do you know wireedit? https://wireedit.com/ I looks like pretty close to how I would have figured out the packet editor feature in wireshark. Unfortunately it is not open source nor natively for linux (w32 bin with wine 8-|), so my testing stopped at their how-to video. Is there anyone

Re: [Wireshark-dev] Use Transifex for manage Translations

How does the transfer into gerrit works? Is there a dummy account that commits and merges automatically? What about credits for contributions? Are they trasferred in some way from tx to git? Dario. ___ Sent via:

[Wireshark-dev] Menagerie

Browsing the buildbot site, I've read somewhere about menagerie. I suppose it is a large set of file that is used as regression test. Is it correct? Is it possible to download it? And to upload new samples to it? Thanks. Dario.

Re: [Wireshark-dev] Google deprecating OpenID 2.0

Shouldn't it be enough to log in into gerrit using google+ instead of google? The link Graham provided states that google+ implements the new version and supports google accounts (updated or not to g+). On Feb 22, 2015 6:10 PM, Richard Sharpe realrichardsha...@gmail.com wrote: On Sun, Feb 22,

Re: [Wireshark-dev] Google deprecating OpenID 2.0

Just had a try. Doesn't work for me too. On Mon, Feb 23, 2015 at 8:16 AM, Michal Labedzki michal.labed...@tieto.com wrote: Did you try log with Google+? I do not have any idea what is username for Google+ :) (or probably that does not work for me) On 23 February 2015 at 08:08, Dario Lombardo

Re: [Wireshark-dev] Google deprecating OpenID 2.0

On Mon, Feb 23, 2015 at 10:15 AM, Michal Labedzki michal.labed...@tieto.com wrote: Ok. I had feedback about Google+. Username is that long number after slash in URL when you are log in. Somehow it works... (created the second account... [no Core permission there...]) Can you provide more

Re: [Wireshark-dev] Google deprecating OpenID 2.0

michal.labed...@tieto.com wrote: URL from address bar... Also there is no changes from my other account, so I called it the second. On 23 February 2015 at 10:22, Dario Lombardo dario.lombardo...@gmail.com wrote: On Mon, Feb 23, 2015 at 10:15 AM, Michal Labedzki michal.labed...@tieto.com wrote

[Wireshark-dev] ISIS ISO

I've found an undecoded byte in the ISIS dissector. Before submitting a patch, I usually check with the reference standard (RFC, or others) the correctness of what I found. I found http://1.bp.blogspot.com/-9_nvv3M8ToU/T0-QsqCGc3I/AsI/YcBnXq2mkQI/s1600/pdu+format+ii.PNG Does anyone have

Re: [Wireshark-dev] nflog in qt and gtk

. On Tue, Dec 23, 2014 at 11:15 AM, Dario Lombardo dario.lombardo...@gmail.com wrote: Kill statistics before starting the capture? Sounds fine to me, though I am not sure whether it has other side-effects. The Capture - Options dialog is another place where these stats are visible. What

Re: [Wireshark-dev] Gerrit upgrade tomorrow

Hi Gerald Do we still need to re-bind the google account to the actual gerrit profile or will be automatically done based on the email address? Thanks Dario. On Fri, May 8, 2015 at 12:12 AM, Gerald Combs ger...@wireshark.org wrote: Gerrit 2.10.4 has been released, which includes improved

Re: [Wireshark-dev] Gerrit upgrade tomorrow

On Sat, May 9, 2015 at 1:34 PM, Graham Bloice graham.blo...@trihedral.com wrote: Seems to work for me, without needing to relink my old Google identity. Works for me, as well. ___ Sent via:Wireshark-dev mailing list

Re: [Wireshark-dev] Wrong URL at https://www.wireshark.org/docs/wsug_html_chunked/ChIntroHelp.html#ChIntroQA

In wireshark's bugzilla you can file a bug, for website also. https://bugs.wireshark.org/bugzilla/enter_bug.cgi On Thu, Jul 2, 2015 at 12:30 AM, Rouslan Ryabykh rrryab...@gmail.com wrote: Hello. Didn't find enough time to know where to send an appropriate address to send the info, so let it

Re: [Wireshark-dev] How do I submit changes to gerrit again?

Hi Richard If you commit with SSH, you can upload your public key in gerrit (upper right corner - settings - SSH public keys). If you commit with HTTP, you should use the password gerrit provides you (upper right cornet - settings - HTTP password). Dario. On Fri, Jul 3, 2015 at 5:57 AM, Richard

[Wireshark-dev] hadoop dissector

Hi list I opened a hadoop 2.6 capture file with the current master and I found that the hadoop dissector fails in opening the file (wrong dissection). This is probably related to the changes in the wire protocol that have not been reflected into the current dissector. So I decided to start

[Wireshark-dev] WIRESHARK_QUIT_AFTER_CAPTURE

Hi list Wireshark can quit after capture when the variable WIRESHARK_QUIT_AFTER_CAPTURE is set and -a and -k are activated. This is used mainly for testing purposes, according to the manual. This feature doesn't work in offline mode, when opening a local file. This would be very useful, so I tried

[Wireshark-dev] Crash during fuzzing

Hi list II was fuzzing a protocol, and I experienced a crash. The fuzz-test.sh gave me this output $ ../tools/fuzz-test.sh -b run ../data/hpfeed_all_packets_sample.pcap [...] Starting pass 130: ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr) OK Starting pass 131:

Re: [Wireshark-dev] CMake: Disable building with QT ?

A useful feature of cmake that works at least on ubuntu is the tab completion. So you can run cmake -DBUILD and you get a list of build targets that can be enabled/disabled. You can also try with cmake -DENABLE that gives you a list of features you can enable or disable. cmake -D gives you,

Re: [Wireshark-dev] command line tools

Sounds pretty similar to tcprewrite, isn't it? http://tcpreplay.synfin.net/wiki/tcprewrite On Fri, Oct 30, 2015 at 1:14 AM, Bret Jordan wrote: > Dev list, > > I wrote a command line tool that you might want to include in the > Wireshark bundle of command line tools. > >

Re: [Wireshark-dev] Code format change when pushing

Do you mean formatting? Like indentation, etc? Probably your editor formats your code in a different way from gerrit. Your best bet is to configure your editor to print spaces/tabs so you can see exactly how it's formatted. Then change it according to your modeline and push again. On Thu, Nov 5,

[Wireshark-dev] Extcap

I'm playing with extcap, but I can't make it fully work. I can run androiddump, and I can list the interfaces. # ./run/extcap/androiddump --extcap-interfaces interface {display=Android Logcat Main}{value=android-logcat-main-XX} interface {display=Android Logcat

Re: [Wireshark-dev] Extcap

On Mon, Oct 19, 2015 at 3:24 PM, Michal Labedzki wrote: > 3. Did you build your Wireshark with libpcap (aka do you have any > other interfaces?) Yes. I have eth0, lo, etc... > and extcap? I am building using cmake (ccmake), > check that you have ENABLE_EXTCAP = ON.

Re: [Wireshark-dev] Extcap

On Mon, Oct 19, 2015 at 2:39 PM, Michal Labedzki wrote: > Hello Dario, > > 1. What OS do you have? > ubuntu 14.04 64bit. > 2. Are you using "installed" Wireshark or from build source? (run from > build-directory) > Build from source, and run with

Re: [Wireshark-dev] Extcap

Looks like it's working now... I suppose that -DENABLE_EXTCAP=ON was the thing that made it work, and I got confused. Thanks everybody for your help. ___ Sent via:Wireshark-dev mailing list

  1   2   3   4   5   >