On Fri, Feb 6, 2015 at 7:52 AM, Michal Labedzki michal.labed...@tieto.com
wrote:
One more hint: if push patch as draft then add reviewer, because draft
is invisible for anyone (expect author and reviewers)
Alternative command(s) to send to gerrit:
git push origin HEAD:refs/drafts/master
git
On Thu, Feb 5, 2015 at 1:19 PM, Evan Huus eapa...@gmail.com wrote:
I believe g_log and friends go to standard out, but maybe not on all
platforms. An expert info under conditional compilation would probably
be enough though, I hadn't thought of that.
Another question. I've found a promising
it, simply comment any proto_tree_add_item() from a dissector of
your choice, and open a packet with wireshark or with tshark -V.
Comments are welcome.
Dario.
On Thu, Feb 5, 2015 at 1:41 PM, Dario Lombardo dario.lombardo...@gmail.com
wrote:
On Thu, Feb 5, 2015 at 1:19 PM, Evan Huus eapa...@gmail.com
On Wed, Feb 4, 2015 at 7:28 PM, Evan Huus eapa...@gmail.com wrote:
I suppose you could add a an expert info, but I think that might be
overkill, most users probably don't care that much.
Expert infos could be added under conditional compilation. If enabled it
would allow to filter packets
On Wed, Feb 4, 2015 at 5:25 PM, Evan Huus eapa...@gmail.com wrote:
I think you will need to add a function very similar to
proto_find_field_from_offset that makes use of
proto_tree_traverse_pre_order and tracks which bytes have been seen
as the traversal proceeds.
And how the output could
On Wed, Feb 4, 2015 at 3:52 PM, Evan Huus eapa...@gmail.com wrote:
As a side note, I would expect that method to be *very* slow, since it
traverses the entire tree for every byte of the packet. Traversing the
tree once and maintaining a set of covered/uncovered ranges would be
much more
the proto
tree and keep track of which byte ranges are claimed/unclaimed.
proto_find_field_from_offset does something related to this (it is
used for matching bytes to fields in the UI) so it's probably a good
place to start.
On Tue, Feb 3, 2015 at 12:08 PM, Dario Lombardo
dario.lombardo...@gmail.com
. You just need to iterate the proto
tree and keep track of which byte ranges are claimed/unclaimed.
proto_find_field_from_offset does something related to this (it is
used for matching bytes to fields in the UI) so it's probably a good
place to start.
On Tue, Feb 3, 2015 at 12:08 PM, Dario
Hi list
I was wondering if there is a comfortable way to find out undissected bytes
in packets. This would be useful to find incomplete dissectors.
Any hint?
Thanks!
Dario.
___
Sent via:Wireshark-dev mailing list
. It works
on my machine. I noticed that the first try fails, while the second succeds.
You can find the change here
https://code.wireshark.org/review/#/c/6796/
Comments welcome.
Dario.
On Fri, Jan 23, 2015 at 2:11 PM, Dario Lombardo dario.lombardo...@gmail.com
wrote:
Hi Peter
I opened a bug
.
On Tue, Dec 23, 2014 at 11:15 AM, Dario Lombardo
dario.lombardo...@gmail.com wrote:
Kill statistics before starting the capture? Sounds fine to me, though I
am not sure whether it has other side-effects. The Capture - Options
dialog is another place where these stats are visible.
What
Hi list,
Now that the json dissector has became heuristic, I was trying to make
wireshark open a native json file, like it is able to do it with xml.
What is necessary to make it work other than add a line like
heur_dissector_add(wtap_file, dissect_json_heur, proto_json);
in the json dissector?
Hi list
I was planning to have stats_tree for hpfeeds, but I have a problem and I
need some suggestion from you.
In hpfeeds the channel is a user-defined string that is not defined by the
protocol, and that is used to share infos in a set of consumer/producer.
For that I can't create a pivot table
On Thu, Jan 8, 2015 at 11:50 AM, Graham Bloice graham.blo...@trihedral.com
wrote:
No blockage reason, just no-one on the core team has gotten around to
having a look at it yet. Submission to the Petri-Dish isn't (yet)
automatic, it requires a manual flag (from a core team member).
Ok,
Hi list
I pushed a patch a couple of days ago
https://code.wireshark.org/review/#/c/6350/
I think it's getting stuck for some reason (not even the petri dish
buildbot has processed it).
Other patches submitted later (eg. https://code.wireshark.org/review/6394
or
Kill statistics before starting the capture? Sounds fine to me, though I
am not sure whether it has other side-effects. The Capture - Options
dialog is another place where these stats are visible.
What about filing a bug? Do you think it would be useful? Or is there
anyone taking care of
On Thu, Dec 18, 2014 at 4:29 PM, Peter Wu pe...@lekensteyn.nl wrote:
You should not run Wireshark with sudo, instead set the appropriate
privileges on the dumpcap binary as described at
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
Generally speaking, you are right, and it's waht
On Fri, Dec 19, 2014 at 12:35 PM, Peter Wu pe...@lekensteyn.nl wrote:
The Capture - Options
dialog is another place where these stats are visible.
Is it visible during capture?
___
Sent via:Wireshark-dev mailing list
On Wed, Nov 19, 2014 at 9:12 AM, Ozan T ozan@gmail.com wrote:
Hi Patrick ,
Thank you, it works!
Sorry, it is my mistake I thought rpcapd and Remote Interfaces wer just
for Windows machines. Here , I see it works well on Linux and BSD also.
Thanks again.
Ozan.
Hi Ozan
Can you
Hi Guy
The answer is yes. I live in italy, but I use linux in english. I switch to
en or it for the specific purpose of the moment. With auto-detect I could't
do that. For my daily use I switch to EN. To develop/test wireshark italian
translation I switch to IT.
I don't know if this scenario
On Wed, Nov 5, 2014 at 10:52 AM, Bálint Réczey bal...@balintreczey.hu
wrote:
Please run LC_ALL=it_IT wireshark instead of asking the project to
keep the language-switching feature.
Thanks for your suggestion.
___
Sent
Hi list
Some days ago I played a bit with ninja and I found useful info I'd like to
share with you.
Ninja is a compilation system similar to make. It's advantage is that it
was built with parallelism in mind, to take advantage of multi-core CPUs.
Wireshark uses cmake that has a generator for
You installed gtk3 that is the library pkg but not the -dev pkg that is
what configure checks for.
The key packet you're probably missing is
- libgtk-3-dev
as stated in the Robert's list.
To be sure, look for gtk in your config.log. You will find
configure:30681: gcc -o conftest -g -O2
at 03:13:01PM +0200, Dario Lombardo wrote:
On Tue, Oct 21, 2014 at 2:48 PM, Peter Wu pe...@lekensteyn.nl wrote:
Have you tried to clear your build dir? The QtGui/QAction file is
located
in the
qt4 include directory, in qt5 it is located at QtWidgets/QAction.
I've completely
Hi list
I tried to compile the master of wireshark using cmake.
mkdir build
cd build
cmake ..
make
In run/ I can find wireshark-gtk but not qt. Any specific command to pass
to cmake to have it? I am able to obtain qt executable using autotools
(meaning that my qt dev subsystem should be fine).
for
:)
On 21 October 2014 11:20, Dario Lombardo dario.lombardo...@gmail.com
wrote:
Hi list
I tried to compile the master of wireshark using cmake.
mkdir build
cd build
cmake ..
make
In run/ I can find wireshark-gtk but not qt. Any specific command to pass
to cmake to have it? I am able to obtain
Well... after installing some other qt5 packages I get
CMake Error at ui/qt/CMakeLists.txt:306 (QT5_ADD_TRANSLATION):
Unknown CMake command QT5_ADD_TRANSLATION.
On Tue, Oct 21, 2014 at 11:49 AM, Peter Wu pe...@lekensteyn.nl wrote:
On Tuesday 21 October 2014 11:20:54 Dario Lombardo wrote
On Tue, Oct 21, 2014 at 1:20 PM, Peter Wu pe...@lekensteyn.nl wrote:
What distro are you using? For Debian/Ubuntu you need to install
qttools5-dev.
It is exactly what I'm using (ubuntu 14.04). I've installed qttools5-dev
and compilation made few steps ahead, but then stopped with
Scanning
On Tue, Oct 21, 2014 at 2:48 PM, Peter Wu pe...@lekensteyn.nl wrote:
Have you tried to clear your build dir? The QtGui/QAction file is located
in the
qt4 include directory, in qt5 it is located at QtWidgets/QAction.
I've completely deleted the build dir and started over. Same output.
[
Hi list
I tried to compile the master of wireshark using cmake.
mkdir build
cd build
cmake ..
make
In run/ I can find wireshark-gtk but not qt. Any specific command to pass
to cmake to have it? I am able to obtain qt executable using autotools
(meaning that my qt dev subsystem should be fine).
Ok, thanks. I'm able to start the translation. I've translated a couple of
entries, recompiled, changed the language, and everything is ok: my
translated entries are now in wireshark.
But if now I translate other entries, run lupdate and lrelease, then make,
the ui is not recompiled again. It
On Wed, Oct 8, 2014 at 9:06 PM, Alexis La Goutte alexis.lagou...@gmail.com
wrote:
Hi,
It is now possible to translate the Gui of Wireshark (with Qt)
Actually, there is start of French translation, Polish (Thanks Michal)
and Japanese (Thanks martin Megane)
How one can start a task like
, and that change was not ported to the compiled ones. Am I
right? What should I do with those changes? Keep them or discard them?
On Thu, Oct 9, 2014 at 4:22 PM, Alexis La Goutte alexis.lagou...@gmail.com
wrote:
On Thu, Oct 9, 2014 at 4:02 PM, Dario Lombardo
dario.lombardo...@gmail.com wrote
On Thu, Jun 19, 2014 at 9:18 PM, Evan Huus eapa...@gmail.com wrote:
We were not bulk-converting them so that we could catch the ones that really
should have been tvb_reported_length and tvb_reported_length_remaining from
the beginning.
If you look at the code in epan/tvbuff.h:228,237,244 you
On Fri, Jun 20, 2014 at 4:33 PM, Jeff Morriss jeff.morriss...@gmail.com wrote:
IOW the reason these functions were renamed was because a large portion of
the time dissector-writers would use tvb_length() when they really should
have been using tvb_reported_length(). By renaming the functions
Hi list
I'm having a look at obsolete APIs and I've got those lines from checkAPI.pl
Warning: Found soft-deprecated APIs in packet-bacapp.c: ep_address_to_str
Warning: Found soft-deprecated APIs in packet-umts_fp.c: se_new0
but I can't find how those func should be changed. Can anyone help me?
I'm trying to taking care of some of the warnings from checkAPI. The
result is a set of commits.
What should I do now?
1) submit one push for every commit (eg. branch checkapi1, checkapi2, etc.)
2) submit one push with multiple commits (don't know if gerrit allows
it... I got an error when I
Hi list
I'm having a look at obsolete APIs and I've got those lines from checkAPI.pl
Warning: Found soft-deprecated APIs in packet-bacapp.c: ep_address_to_str
Warning: Found soft-deprecated APIs in packet-umts_fp.c: se_new0
but I can't find how those func should be changed. Can anyone help me?
On Wed, Jun 11, 2014 at 10:17 PM, Gerald Combs ger...@wireshark.org wrote:
If it's causing any
confusion I can remove it before then.
No it isn't. I was just jumping over the links on the page and I found
it. Do you think a bug on filezilla would be appropriate?
Hi
In the header of the gerrit site, the link buildbot - documentation points to
https://code.wireshark.org/plugins/buildbot/
that is a broken link.
I'd like to point someone at it.
Dario
___
Sent via:Wireshark-dev
Do you want to keep the pdml file format, or do you just want to export a
subset of infos?
In the latter case you can use the -T fields switch plus the -e switch.
On Thu, Mar 6, 2014 at 8:04 AM, varsha mintri vmin...@yahoo.com wrote:
Hi,
I wanted to reduce the details produced while
On Thu, Dec 19, 2013 at 8:51 PM, Gerald Combs ger...@wireshark.org wrote:
BTW, I *might* be able to have Gerrit's SSH daemon listen on port 22
instead of 29418. Would this be useful?
In testing/lab/home networks access to outside is normally open (or can be
opened). That means that port 80,
On Thu, Dec 19, 2013 at 4:57 AM, Evan Huus eapa...@gmail.com wrote:
- handy quick-start instructions from Marc:
https://www.wireshark.org/lists/wireshark-dev/201309/msg00191.html
I had a look at the instructions above. Seems that only ssh is supported.
Will it be so in the production git too,
Thanks for your description.
On Thu, Sep 12, 2013 at 11:46 PM, Joerg Mayer jma...@loplof.de wrote:
Here is what I do (now) - I'm on Linux:
- cd epan/dissectors/
- Pick a letter from the alphabet.
- grep emem.h packet-letter*.c
- ../../tools/checkAPI.pl -g emem packet-letter*.c
.
On Thu, Sep 12, 2013 at 11:54 AM, Dario Lombardo
dario.lombardo...@gmail.com wrote:
On Thu, Sep 12, 2013 at 5:36 PM, Joerg Mayer jma...@loplof.de
wrote:
So if we could split this between a few people at least the trivial
part
could be done quickly.
Can you
I'm trying to address se_alloc() calls. If I change this:
Index: packet-infiniband_sdp.c
===
--- packet-infiniband_sdp.c (revision 52002)
+++ packet-infiniband_sdp.c (working copy)
@@ -31,6 +31,7 @@
#include epan/packet.h
#include
using wmem_epan_scope() it seems to work. Is it correct to use that scope?
On Fri, Sep 13, 2013 at 1:55 PM, Dario Lombardo dario.lombardo...@gmail.com
wrote:
I'm trying to address se_alloc() calls. If I change this:
Index: packet-infiniband_sdp.c
I've submitted a patch with epan scope.
On Fri, Sep 13, 2013 at 2:30 PM, Evan Huus eapa...@gmail.com wrote:
On 2013-09-13, at 7:55 AM, Dario Lombardo dario.lombardo...@gmail.com
wrote:
I'm trying to address se_alloc() calls. If I change this:
Index: packet-infiniband_sdp.c
On Thu, Sep 12, 2013 at 5:36 PM, Joerg Mayer jma...@loplof.de wrote:
So if we could split this between a few people at least the trivial part
could be done quickly.
Can you please show us what should be done? I could get a part of it if
it's clear what to do.
Dario.
On Fri, Sep 6, 2013 at 9:50 PM, Christopher Maynard
christopher.mayn...@gtech.com wrote:
Two problems:
1) How do you guarantee the files will be processed in correct time order
for appending?
I can't. If the user needs it, they can run reordercap.
2) mergecap today doesn't support
Another option could be to support stdin as input file in mergecap with an
append switch. If mergecap whould support something like this
cat input1.pcap | mergecap -a - -w output.pcap
cat input2.pcap | mergecap -a - -w output.pcap
this would allow a user to do something like
for file in *.pcap
Hi list
I was trying to change the code of tshark to support multiple -r switches.
The aim is to have many input files and one output file. Before getting mad
in changing it, I was wondering if it makes sense or not, and if it was
addressed before in some way.
An example of use of it:
tshark -r
On Thu, Sep 5, 2013 at 3:30 PM, Evan Huus eapa...@gmail.com wrote:
mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y dns.qry.name
contains
google -o google.pcap
mergecap would be certainly an option, if the merged file is not too big to
be given to tshark.
I have 10 file, 1G each.
I've run it on the original 10G file (70M packets). It can't process all of
them. At around 30M packets memory consumption is about 3.7G.
It's a good improvement anyway!
Thanks
Dario.
On Fri, Aug 30, 2013 at 3:35 AM, Evan Huus eapa...@gmail.com wrote:
On Thu, Aug 29, 2013 at 11:07 AM, Dario
Running the same command as before (I mean without valgrind) with -n, I get
1.5G of memory consumption, as without -n.
That's quite useful actually: it looks like the majority of the memory is
being used to store address-resolution data from all of the DNS packets so
that if those IP addresses
On Thu, Aug 29, 2013 at 4:35 PM, Evan Huus eapa...@gmail.com wrote:
Basically, but it's also more. If your capture contains a DNS packet
resolving a name in a certain way, and the system name resolver gives a
different answer, we prefer the DNS packet in the capture (since presumably
the
On Tue, Aug 27, 2013 at 10:38 PM, Evan Huus eapa...@gmail.com wrote:
We already discard a great deal of state in (single-pass) tshark that we
keep around in Wireshark (or two-pass tshark). We do need to keep some,
though. It's only a bug if we're keeping more than we actually need, and
that's
You could use a bisection method. Split the file in 2 smaller and try both.
Continue until you have 1 packet.
Once you have the guilty, you can give it to the different softwares
(wireshark, tshark, reordercap, mergecap, etc). If only one crashes, the
bug is located there. If all crash probably
Hi list
I've run this command on a 10G pcap file.
./tshark -r traffic.all -Y dns.qry.name.len 50 -w longnames.pcap
Used memory grows continuously, up to over 3GB of ram. At this point my pc
goes thrashing and I must kill tshark.
That's not what I expected. I expected the memory to grow up to a
401 - 459 of 459 matches
Mail list logo
