Title: Re: [Wireshark-dev] Random feature and enhancements ideas (topics for Sharkfests developers room?)
Hi Anders,
- The defined blocks are capture oriented should we define some analysis re-saving oriented ones.
- UDP/TCP/SCTP... port map similar to the NRB (think decode as)
- Read
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02.11.2012 04:23, Guy Harris wrote:
Is it legal to have a pcap-ng file that contains a block with
options that does not contain an opt_endofopt option?
My inclination would be to say yes, to indicate that option
processing must stop when you
Hi all,
can anyone tell me when Wireshark/Dumpcap will actually write a Name
Resolution Block to a pcapng file? I have a file written with an older
dumpcap version (I guess it was pre 1.8) that contains a NRB but the
latest 1.9 build doesn't seem to do that at all.
I tried with DNS queries
Title: Re: [Wireshark-dev] Start and stop capture toolbar buttons?
Either way, we aren't going to have any hard data for the expected release of 1.10 unless that gets bumped back a *lot*. The best we can do is probably a quick poll, so I've created just that:
Sorry to answer this late; I saw this email a week ago but didn't
manage to reply - the todo got swapped out but never swapped in again.
Graham gave me a heads up (that I didn't see until now, either,
*sigh*), so here I go.
Q2: What is the status of pcap-ng?
* it works fine, everyone's
On Sat, Mar 01, 2014 at 01:49:58PM +, Wireshark code review wrote:
URL:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=104a6edd1fb703c5c2319c893720df86f8c9a9e7
...
104a6ed by Gerald Combs (ger...@wireshark.org):
Disable IPv4 checksum verfification to match TCP
Hello,
as promised during Sharkfest, I checked the latest developer builds
for the accuracy of the calculation of initial RTT for TCP
connections. So far I have only seen correct results, even in cases
with heavy packet loss during the three way handshake. So I think
the code is good.
2014-07-02 20:59 GMT+02:00 Jasper Bongertz jas...@packet-foo.com:
Hello,
as promised during Sharkfest, I checked the latest developer builds
for the accuracy of the calculation of initial RTT for TCP
connections. So far I have only seen correct results, even in cases
Hello Jeff,
Out-of-order is basically a packet that arrives just a little too late
to be in-sequence, but is not a retransmission. It's the original
packet, which somehow got rearranged on the way to the destination so
that it arrives after a packet following it in sequence. WAN
optimizers
Hi all,
FYI, for the fun of it I started working on the German translation for
the QT UI. Just in case someone else gets the same idea.
Cheers,
Jasper
smime.p7s
Description: S/MIME Cryptographic Signature
___
Sent via:
Hi all,
I just added a bug report, as agreed with Alexis, regarding the
dissection failure in 1.99 when a frame contains MPLS shims. This is
the bug report URL:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11271
and I also attached a screen shot comparing 1.12.5 and 1.99 to this
email (I
Hi all,
I noticed that captures taken with Wireshark 2.x (meaning, with
dumpcap coming with those versions) showing unexpected results (see
Glossary below for the abbreviations).
With 1.12, the dumpcap version is written to the application option
field in the SHB, and the OS build in
Hi Paul,
I see the problem, but isn't it possible to read the .etl file first to
extract the interface information, write the IDBs and then reread the
file to convert the blocks? Maybe this can even be done in a way
skipping having to read all of the .etl file first, reading from the
back instead
Hi Ivan,
> There are a few public available tools that anonymize pcap files,
> but they usually target L2-L4 layers and "standard" protocols (i.e.
> dns, icmp,...)
There is a good reason for this: the complexity to anonymize anything
on top of L4 is a nightmare. UDP only haunts you with IP
Hi,
I learned that there is a tool that is supposed to be supporting lots
and lots of protocols (including Cellular stuff apparently), called
"SafePCAP". It's not free though, and I haven't tried it, so I have no
idea what it can or cannot do correctly.
https://omnipacket.com/safepcap.html
Hi Ivan,
> Only one note: AFAIK 3gpp/cellular protocols are not usually on top of
> TCP/UDP (with the main exception of GTP_U/C) but on top of SCTP (or
> even some SS7 stuff)
Thanks, I wasn't aware, but it doesn't surprise me - and it probably
makes things even more complex...
Cheers,
Jasper
Hi Dario,
I saw you assigned a Gerrit change/ticket/thingy to me - I have to admit that
I'm not really sure what to do there. I have no build environment for
Wireshark at the moment, and I don't know what I'm supposed to do? Are those
changes ending up in the automatic builds?
Cheers,
Hi,
+1 for the double dot syntax.
Cheers,
Jasper
Sunday, April 15, 2018, 3:03:53 PM, you wrote:
> Hi,
> In fact I would suggest to consider double dot (‘..’) in this case.
> Reasons:
> * It is a sufficiently unique operator
> * The minus causes too many conflicts, as you have stated
> *
Michael Richardson wrote:
> Peter Wu wrote:
> > Requirements for block placement:
> > - No requirement. Producers are allowed to write the block anywhere.
> > Disadvantages for consumers: requires a two-pass scan to collect
> > secrets before they are used.
> I prefer this, but I
Hello Peter,
I think calling it as "assigned to me" was a misinterpretation on my behalf.
Dario only wanted me to be cc'd in, as you assumed.
Thanks!
Jasper
Thursday, September 13, 2018, 11:26:07 AM, you wrote:
> Hi Jasper,
> On Tue, Sep 11, 2018 at 12:36:10PM +0200, Jaspe
>> On 21 Mar 2019 (Thu), at 10:16, Jasper Bongertz
>> wrote:
>> I just saw this: https://ask.wireshark.org/question/8014/hosts-file-manager/
>> My first impulse was "put the hosts in a profile directory and switch it via
>> profiles", but when I teste
Hi Graham,
I just saw this: https://ask.wireshark.org/question/8014/hosts-file-manager/
My first impulse was "put the hosts in a profile directory and switch it via
profiles", but when I tested that it didn't work (no names resolved). I'm not
sure if the hosts file is even read when it's in
at all).
Currently I am in the middle of rewriting the profile system and can put this on the todo list. Could you describe the behavior a little bit?
kind regards
Roland
Am Do., 21. März 2019 um 10:17 Uhr schrieb Jasper Bongertz <jas...@packet-foo.com>:
Hi Graham,
I just saw this:
Title: Re: [Wireshark-dev] Npcap 0.9-r9 causing WiFi disconnect?
Hi,
same here - I had strange WiFi disconnects in the past (and didn't connect it to Npcap, so that finally explains them), but not with the current version of npcap.
But I guess rolling out Wireshark 3.0 with Npcap now extremely
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11470
- Chris
From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Jasper Bongertz
Sent: Thursday, March 21, 2019 6:38 AM
To: Roland Knall ; Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark hosts file
Title: Re: [Wireshark-dev] Wireshark on Kali linux
On Wed, 6 Feb 2019 at 17:32, Guy Harris wrote:
So the question is whether we should print/pop up a message if TShark/Wireshark is running as root - and, if we do, whether we should have a compile or configuration
Title: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
Hi
There is a patch currently waiting for inclusion. It would allow for dissectors to easily make credentials (username/password) available and present them in a tool window in Wireshark.
The main concern here is,
Hi,
so if I get this right you expect to end up with a frame where length of the
original
content is less than what ends up in the pcap because meta data is added? This
usually happens by adding a trailer to the Ethernet frame, e.g. some TAPs do
that to add high precision timestamps and other
Title: Re: [Wireshark-dev] Visual studio 2019 from choco
Oh. A very old and unsupported (by MS) version of Win 10. See here for lifecycle info: https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet
Indeed. It was a fresh install with no updates (due to network
age-
> From: Wireshark-dev On Behalf Of Jasper
> Bongertz
> Sent: den 19 december 2019 13:30
> To: wireshark-dev@wireshark.org
> Subject: [Wireshark-dev] Brotli decompression
> Hello all,
> I found this in the release notes of Wireshark 3.2: "Brotli decompr
Hello all,
I found this in the release notes of Wireshark 3.2: "Brotli decompression
support in HTTP/HTTP2 (requires the brotli library)"
Sounds great, but I can't seem to find any instructions how to add the "brotli
library" to my Wireshark installation. I guess I need some DLL, but
ng or haven't really understood what it's supposed to be doing
:-)
Cheers,
Jasper
Friday, January 3, 2020, 10:31:30 PM, you wrote:
> Hi Jasper,
> Do you still have an issue? If so, can you check whether TCP reassembly
> is enabled?
> Kind regards,
> Peter
> On Thu, Dec 19, 2019 at 0
Hello Peter,
> A request was filed earlier to add a new "tcp.ack_rel" field to ensure
> that color filters can be created that always work on the relative
> sequence numbers independent of the "Relative sequence numbers" option.
> Instead of adding a new field, I propose to change the existing
Hello Peter,
Tuesday, May 5, 2020, 1:46:13 AM, you wrote:
>> To avoid cluttering the TCP tree with redundant fields: can we only show the
>> absolutes if the relatives are also displayed? I don't think it's useful to
>> show the absolutes twice.
> Sure! The fields will be hidden in the view,
Hi Richard,
I know there are some USB-C 10G network adapters (and the ProfiShark 10G, of
course), but I haven't tested any of them. Writing that much data to disk is
something I do with small portable servers (about the size of a small shoe box)
with a FPGA based capture card.
Cheers,
Jasper
35 matches
Mail list logo