On Sun, Jan 10, 2016 at 04:43:01PM +0100, Anders Broman wrote:
> Den 10 jan 2016 14:50 skrev <bugzilla-dae...@wireshark.org>:
> >
> > Comment # 6 on bug 11980 from Peter Wu
> >
> > You are right, coloring always need to happen (whenever color rules
> >
org/bugzilla/show_bug.cgi?id=9461).
Possible concerns that arise is increased memory usage and failure to
dissect any data if (say) the parts of the data is missing.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:
Hi Balint,
On Wed, Jan 13, 2016 at 01:44:00AM +0100, Bálint Réczey wrote:
> Hi Peter,
>
> 2016-01-13 1:11 GMT+01:00 Peter Wu <pe...@lekensteyn.nl>:
> > On Sun, Jan 10, 2016 at 11:52:39AM +0100, Bálint Réczey wrote:
> >> Hi,
> >>
> >> 2016-01-
CMake also checks whether the requested compiler is Clang which is not done by
the autotools script. It can also fail based on certain strings in the cc
output (besides just checking for a non-zero status code).
For now I think you have to add a check clang too before setting the flag.
Kind
n to disable translation for such options. It should however be
possible to remove the shortcuts from the .ts files and add them to the
cpp files instead using the setShortcut method of QActions. See:
- https://doc.qt.io/qt-5/qaction.html#shortcut-prop
- https://doc.qt.io/qt-5/qkeysequence.html#deta
):
https://code.wireshark.org/review/#/q/status:open+file:epan/dissectors/packet-isakmp.c
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archi
ithout Kerberos, without GeoIP.
>
> Running on Linux 3.2.0-101-generic, with locale en_US.UTF-8, with
> libpcap
> version 1.1.1, with zlib 1.2.3.4.
> Intel(R) Core(TM) i7-4980HQ CPU @ 2.80GHz (with SSE4.2)
>
> Built using gcc 4.6.3.
>
> So it look
On Wed, Feb 08, 2017 at 10:51:29AM -0800, Guy Harris wrote:
> On Feb 8, 2017, at 5:40 AM, Peter Wu <pe...@lekensteyn.nl> wrote:
>
> > I did not expect Libgcrypt to consume entropy when it is just doing
> > decryption.
>
> I'm concerned with consuming CPU and w
On Mon, Feb 06, 2017 at 12:04:48PM +0100, Jaap Keuter wrote:
>
> > On 6 Feb 2017, at 07:43, Jaap Keuter <jaap.keu...@xs4all.nl> wrote:
> >
> >>
> >> On 6 Feb 2017, at 00:08, Peter Wu <pe...@lekensteyn.nl> wrote:
> >>
> >> On Sun, F
On Mon, Feb 06, 2017 at 11:46:23AM -0800, Gerald Combs wrote:
> On 2/5/17 8:15 AM, João Valverde wrote:
> >
> >
> > On 02/05/2017 03:21 PM, Peter Wu wrote:
> >> Hey,
> >>
> >> Recently I discovered that wsutil actually contains a lot of
> >
t;, 1, GRND_NONBLOCK)
_dsa_validate_dss_pq
gnutls_supplemental_send
gnutls_global_set_log_level
So it seems that Libgcrypt is not unnecessarily draining entropy.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark
GTK+ 3.77.2, the dialog is very wide.
I guess it has something to do with the children not being constrained
while the parent tries to adjust to the largest width.
Maybe setting the maximum width hint for the label would help? (No idea
how, would have to read the fine manual for that.)
--
Kind regards,
).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wiresha
m your scripts, perhaps you could try to clarify what you
are trying to do? Maybe there is another way.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshar
nker command line
> /lib64/libm.so.6: could not read symbols: Invalid operation
> collect2: error: ld returned 1 exit status
> make[2]: *** [tshark] Error 1
I think you can try to link the math library with LDFLAGS=-lm
--
e started with the PROFINET dissector as plugin and it just
continued living there.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:ht
ut for Authorization digests in SIP, this would require external input
(credentials), possibly through a preference (filename or UAT). I think
it is better as separate script (since the input format can be different
depending on the user), but wouldn't object if a patch is proposed.
--
Kind regards,
On Sat, Feb 11, 2017 at 06:27:41PM +, João Valverde wrote:
> On 02/11/2017 12:14 PM, Peter Wu wrote:
> > On Fri, Feb 10, 2017 at 12:59:46AM +, João Valverde wrote:
> > > On 02/08/2017 01:40 PM, Peter Wu wrote:
> > > > On Mon, Feb 06, 2017 at 03:2
(forgot to attach the file lists...)
On Sat, Feb 11, 2017 at 10:35:10PM +0100, Peter Wu wrote:
> On Sat, Feb 11, 2017 at 09:31:17PM +0100, Erik de Jong wrote:
> > On Sat, Feb 11, 2017 at 8:55 PM, Peter Wu <pe...@lekensteyn.nl> wrote:
> [..]
> > > My original
for the hash functions, you get decryption algorithms
like AES for free. (Unless you want to keep the bundled algorithms... I
would rather not).
At this moment I don't know how the end result looks like. Maybe after
actually looking at the files/functions, we'll see whether an extra
abstract
On Sat, Feb 11, 2017 at 09:31:17PM +0100, Erik de Jong wrote:
> On Sat, Feb 11, 2017 at 8:55 PM, Peter Wu <pe...@lekensteyn.nl> wrote:
[..]
> > My original goal was to replace wsutil by an existing crypto library
> > (case 2). Since we Libgcrypt is already used in a lot of
On Mon, Feb 13, 2017 at 07:31:50PM +0100, Erik de Jong wrote:
> On Sun, Feb 12, 2017 at 3:38 PM, Peter Wu <pe...@lekensteyn.nl> wrote:
>
> > On Sun, Feb 12, 2017 at 02:40:03PM +0100, Pascal Quantin wrote:
> > > Le 12 févr. 2017 11:12, "Erik de Jong" <erik
On Sun, Feb 12, 2017 at 02:40:03PM +0100, Pascal Quantin wrote:
> Le 12 févr. 2017 11:12, "Erik de Jong" <erikdej...@gmail.com> a écrit :
> On Sat, Feb 11, 2017 at 10:38 PM, Peter Wu <pe...@lekensteyn.nl> wrote:
> > (forgot to attach the file lists...)
>
> I
unction `value_list_sel_cb':
> /home/ericsson/ewireshark/trunk/ui/gtk/dfilter_expr_dlg.c:625: undefined
> reference to `g_list_free_full'
This function is very useful and open-coded many times, should we
provide a compatibility header for older GLib?
--
Ki
gt; > functionality in this case, although it seems to be a burden. An utility
> > function which masks the compatibility could also be a possible solution.
> > In extcap I came across this issue quite some time, and most of the time I
> > ended up hardcoding the functionality.
>
out having to
rebuild/install a new version of Wireshark. (Additional benefits: the
data can be compressed and ignored from Lintian spell-checking.)
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev ma
On Tue, Feb 07, 2017 at 07:51:38AM +0100, Pascal Quantin wrote:
> Le 6 févr. 2017 22:00, "Peter Wu" <pe...@lekensteyn.nl> a écrit :
> > On Mon, Feb 06, 2017 at 11:46:23AM -0800, Gerald Combs wrote:
[..]
> > > No objections here, although this might require
15 feb. 2017 2:47 em skrev "Peter Wu" <pe...@lekensteyn.nl>:
>
> > Hi,
> >
> > While many protocols have fixed value_string mappings, some of them are
> > quite dynamic (USB Vendor/Product IDs, "enterprise-numbers" (sminmpec),
> > servi
recent proposed patches, you seem to have no issues with breaking
backwards compatibility. Have you developed Lua dissectors before?
Breaking things for the sake of "shiny, new, future" is not an
acceptable motivation, there must be something more appealing to justify
such breakage. Havi
On Fri, Aug 19, 2016 at 05:38:57PM +0100, João Valverde wrote:
>
>
> On 08/19/2016 04:05 PM, João Valverde wrote:
> >
> >
> > On 08/19/2016 03:56 PM, João Valverde wrote:
> > >
> > >
> > > On 08/19/2016 02:54 PM, Peter Wu wrote:
> >
me know, otherwise I will merge the patch next week.
The main blocker for more C99 support was Microsoft's compiler, but MSVC
2013 seems to "support" all of the above features.
--
Kind regards,
Peter Wu
https://lek
On Thu, Sep 01, 2016 at 11:29:19AM +0200, Dario Lombardo wrote:
> After removing libnl3-devel I get (from cmake)
>
> -- The following OPTIONAL packages have not been found:
>
> * NL
> * PORTAUDIO
> * YAPP
>
> -- Configuring done
> -- Generating done
> -- Build files have been written to:
will remove this function in version 2.4.
If you still use it, please clarify the requirements (supported TLS
versions, whether you really need to start decryption at arbitrary
positions, etc.).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
re available at
https://www.wireshark.org/download/automated/
By the way, are you not able to replicate the issue with RSA key
exchanges or have you just not tested it? I could reproduce the issue
with a cipher using the RSA key exchange.
--
Kind regards,
Peter Wu
Hi Roland,
Evan has once added a configuration for Vagrant (Vagrantfile), you could
have a look there for inspiration.
Kind regards,
Peter
On Thu, Oct 06, 2016 at 09:53:16AM +0200, Roland Knall wrote:
> Hello
>
> I've created a docker image, to build Wireshark for a Linux build. You can
> find
On Mon, Oct 03, 2016 at 10:39:08AM +0100, Graham Bloice wrote:
> On 3 October 2016 at 00:51, Peter Wu <pe...@lekensteyn.nl> wrote:
>
> > Hi,
> >
> > To fix bug 12968 (__gc being called for tables, resulting in lua_error
> > while exiting), I modifie
ncluding
setting the "attrs" member.
- Remove wslua_reg_attributes and macros.
- grep for WSLUA_REGISTER_META and WSLUA_REGISTER_CLASS to change the
remaining ClassName_register files.
If you feel that the Lua core code need
files without the links being corrected.
By the way, Debian (and Ubuntu) do have an asciidoctor package in the
repositories, others can install a Ruby gem if the distribution/OS does
not provide appropriate packages.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
[1]:
https://github.com
On Wed, Oct 26, 2016 at 05:55:03PM +0100, Graham Bloice wrote:
> On 26 October 2016 at 15:35, Peter Wu <pe...@lekensteyn.nl> wrote:
>
> > Hi,
> >
> > The current documentation generator is really, really, really slow. It
> > takes 35 seconds to ge
On Thu, Oct 27, 2016 at 12:57:53PM +0200, Roland Knall wrote:
> I've changed the title to something that helps me recognize it, but I can
> change it to something else.
>
> The show column is a duplicate of the list of interfaces in the first tab.
> The basic idea would be to manage all general
(+cc list in case people search for this issue)
Hi Roland,
The crash looks like a Qt bug, a possible workaround is posted in
https://bugreports.qt.io/browse/QTBUG-56448
--
Kind regards,
Peter Wu
https://lekensteyn.nl
On Mon, Oct 17, 2016 at 09:45:39PM +0200, Roland Knall wrote:
>
OK
>
> Is this an actual memory corruption bug in wireshark? A problem with the
> fuzzing script? Or am I doing something wrong? I'd appreciate any suggestions
> you have.
>
> Thanks,
> Nora Sandler
>
Is it possible that the tool consumes a lot of memory, eventually
Hey Michael,
The issue can be reproduced by changing the display filter while the
dialog is open. I think that a tap runs twice without clearing the list
first. (It runs once during loading, and once again during
redissection).
Kind regards,
Peter
On Sat, Dec 03, 2016 at 08:09:39AM -0500,
The issue seems to exist since 2.0:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12230
Proposed patch is here:
https://code.wireshark.org/review/19055
Kind regards,
Peter
On Sat, Dec 03, 2016 at 10:10:01PM +0100, Peter Wu wrote:
> Hey Michael,
>
> The issue can be reproduced by
1. Open capture file and VoIP Calls dialog.
2. Close capture file.
3. Click a stream.
4. Crash in in VoipCallsDialog::on_callTreeWidget_itemActivated via
ui/qt/voip_calls_dialog.cpp:617 (v2.3.0rc0-1586-g9887cd7).
--
Kind regards,
Peter Wu
https:
stone and things
can change as you see them fit :-)
As you can see in the README, there are very basic guidelines, but
nothing very specific about how the process of developing the XSL works
(due to lack of experience).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
_
ting the
dissectors functions. Since these may appear over the network, it is
probably one of the more interesting parts to tackle first.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <
an be changed during time. Therefore it should be easy
> editable.
>
> Does anyone know about something I'm looking for?
I think that happy-shark (which uses PDML output with a XSL
post-processor) does what you want.
In case a dissector checks for the pinfo->visited flag, you have t
Hey Dario,
You can try to build Debian packages with:
dpkg-buildpackage -b -us -uc -j10
(-b for binary, -uc/-us to avoid signing the builds, -j for parallelism)
Kind regards,
Peter
On Thu, Dec 22, 2016 at 09:45:40AM +0100, Dario Lombardo wrote:
> Hi Balint
> I have installed the latest
On Wed, Dec 21, 2016 at 03:51:51PM -0500, Jeff Morriss wrote:
> On Wed, Dec 21, 2016 at 5:28 AM, Peter Wu <pe...@lekensteyn.nl> wrote:
>
> > > 2) Won't be good idea to allow skip a sample from automatic testing
> > > (because it is for GUI demonstration)?
> >
proto = Proto("dummy", "dummy description")
myproto.fields.seq = ProtoField.uint32("tcp.seq_abs", "Abs seq no")
local tcp_seq = Field.new("tcp.seq")
function myproto.dissector(tvb, pinfo, tree)
local seq = tcp_seq()
On Tue, Mar 28, 2017 at 09:21:19PM +0200, Jirka Novak wrote:
> Hello,
>
> is there any feedback to pull request about happy-shark?
Sorry for the delay, I'll have a look at the PR at
https://github.com/wireshark/happy-shark/pull/1
--
Kind regards,
Peter Wu
https://leke
ot cherry-picked without merging the base
patches first.
If that is not configurable for each patch, separately, maybe I should
post a comment next time?
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wiresh
}
-- ...
end
register_postdissector(my_proto)
Alternatively, use ip.src and ip.dst for specific addresses (but note
that in case of tunneled traffic you may still have multiple
occurrences).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
__
create a second preference, pointing to the
file where new keys are appended. Yet another option is a boolean
preference, controlling whether new keys are allowed to be written to
the "input" keylog file. Then the user can control whether it is OK to
write the file.
Peter
> Best regard
are the lnik.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wir
AP_CPP.
Looking around, I also found: https://doc.qt.io/qt-5/cmake-manual.html
Perhaps we could do this better as there is also:
https://cmake.org/cmake/help/v3.0/prop_tgt/AUTOMOC.html
https://cmake.org/cmake/help/v3.0/manual/cmake-qt.7.html
--
Kind regards,
Peter Wu
https://lekensteyn.nl
_
list is refreshed
(I am currently looking into it).
Note that some of the more annoying issues have already been fixed and
backported to 2.2.5 (duplicate interfaces (bug 11553), crashes on system
suspend/resume (bug 12263)).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
missing dependency issues I think?
> I also plan creating a PPA for nightly builds for latest Ubuntu LTS
> release (16.04 at the moment).
Sounds great!
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wi
me sort of check whether there are HTTP or https packets etc.
>
>
> In my previous email thread Peter Wu mentioned
>
> "The classes included with the WSLUA API are not designed to be
>
> registered with multiple users. If you are lucky, it sometimes does not
> work as ex
tly from a browser and got same result, any clue why? Thanks.
Try the URL without "/a/": https://code.wireshark.org/review/wireshark
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev
On Tue, Mar 14, 2017 at 05:23:02PM +0100, Bálint Réczey wrote:
> 2017-03-14 14:28 GMT+01:00 Peter Wu <pe...@lekensteyn.nl>:
> > On Tue, Mar 14, 2017 at 12:29:24AM +0100, Bálint Réczey wrote:
> >> Hi,
> >>
> >> I have created a separate PPA for backpo
(on a Debian
> x64 system) as well as 2.2.2 (on a OS X system)...same issue on both
> systems.
>
> Thanks for any tips,
> Reid
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailin
ich the error occurs.
>
> Best regards
>
> Rémy
Usually I set a breakpoint at "except_throw" in the debugger and then
examine the backtrace when it is hit. This works without modifying the
source (but for a helpful trace, debugging symbols are recommended).
--
Kind regards,
ed and left a process on
the machine, breaking all following builds. Gerald, can you have a look?
Maybe it is an idea to add a pass that kills all
dumpcap/tshark/wireshark processes before starting the build? (Assuming
that no other builds happen in parallel).
--
Kind reg
> >>
> >> On 24 April 2017 at 14:56, Pascal Quantin <pascal.quan...@gmail.com>
> >> wrote:
> >>
> >>> Hi Peter
> >>>
> >>> 2017-04-24 15:43 GMT+02:00 Peter Wu <pe...@lekensteyn.nl>:
> >>>
> >>>> Hi
4.8/designer-ui-file-format.html, the column
element in specific to the Widget type:
...
Keep in mind that when moving the columns to the code, you must add tr()
calls to keep strings translatable.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
milar to how older draft versions of TLS 1.3 are replaced by
newer ones. Though on the other hand, protocols like SPDY (already
removed from Chrome) are still in the tree even though HTTP2 is current.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
"/tmp".
>
> Whether it's a good idea or not is OS-dependent and installation-dependent:
An option would be OK, but personally I would change it back to /tmp.
My root filesystem (with /var/tmp) is located on an almost full SSD
while /tmp is a tmpfs with a size of
Windows, VS2015 or newer is attractive because you
can install a subset of the tools without pulling the full bloat of VS
(using Visual C++ Build Tools).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark
On Mon, Apr 24, 2017 at 03:56:14PM +0200, Pascal Quantin wrote:
> Hi Peter
>
> 2017-04-24 15:43 GMT+02:00 Peter Wu <pe...@lekensteyn.nl>:
>
> > Hi,
> >
> > Are there possible issues to be aware of when using the libraries (built
> > with mingw/m
For the Debian (and Cygwin/Windows) setup, installation of said file is
specified (see for example the file list in the suggested package:
https://packages.debian.org/jessie/all/docbook-xml/filelist).
If this is missing in the macOS instructions, then that needs fixing.
In any case, don't
<cfile+544>)
> at epan.c:473
> #34 0x00417a5c in process_packet_single_pass (cf=cf@entry=0x644c40
> , edt=edt@entry=0x11b81b0, offset=, whdr=0x11784e0,
> pd=pd@entry=0x117d4a0 "`", tap_flags=tap_flags@entry=0)
> at tshark.c:3448
> #35 0x
y implemented in the master version (and
the 2.4 branch). For data reassembly you will need a patch like this:
https://code.wireshark.org/review/20737
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wiresha
e=%22%5Boss-fuzz%5D%22=bug_file_loc
Here are all open oss-fuzz issues:
https://bugs.wireshark.org/bugzilla/buglist.cgi?resolution=---=%22oss-fuzz%22=product%2Ccomponent%2Cbug_status%2Cresolution%2Cshort_desc%2Cbug_file_loc%2Cchangeddate
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
ightly
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark
It could be a bug in the Qt GUI component of Wireshark. Is it possible
to attach a debugger to "wireshark" or "dumpcap" and obtain a symbolized
stack trace?
Kind regards,
Peter
On Tue, May 23, 2017 at 03:51:58PM +0200, Remy Leone wrote:
> I'm not sure about where to start investigating this
017-06-01 16:19 GMT+02:00 Peter Wu <pe...@lekensteyn.nl>:
>
> > Hi Remy,
> >
> > On Mon, May 22, 2017 at 04:15:41PM +, Remy Leone wrote:
> > > Is there a ppa for wireshark:HEAD as well? Would it be complicated to add
> > > one?
> >
> &
ark keeps hanging and I don't know how to use it to get meaningful
> information.
>
> Best regards
>
> Rémy
>
> 2017-06-01 16:24 GMT+02:00 Peter Wu <pe...@lekensteyn.nl>:
>
> > It could be a bug in the Qt GUI component of Wireshark. Is it possible
> > t
Hi John,
Are your col_* functions guarded/affected by a check like if(tree) or do they
depend on pinfo->fd.visited? Are the affected frames triggering reassembly or
exceptions?
Kind regards,
Peter
https://lekensteyn.nl
(pardon my brevity, top-posting and formatting, sent from my phone)
On 15
t("elapsed us: %" G_GUINT64_FORMAT, end_time - start_time);
https://developer.gnome.org/glib/stable/glib-Date-and-Time-Functions.html#g-get-monotonic-time
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:
up to you, what have you tried? (This is
starting to get off-topic for wireshark-dev though.)
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives
k-dev@wireshark.org>>
>Subject: Re: [Wireshark-dev] Tips regarding measuring function
>execution times
>
>
>
>2017-10-15 22:40 GMT+02:00 João Valverde
><joao.valve...@tecnico.ulisboa.pt<mailto:joao.valve...@tecnico.ulisboa.pt>>:
>
>
>On 15-10-2017 21:32, Peter
tarting in
dissect_ssl (or whatever function you are interested in). Then run the
the "console" version of Wireshark using the capture and keys from the
source directory:
tshark -r test/captures/dhe1.pcapng.gz -o
ssl.keylog_file:test/keys/dhe1_keylog.dat
--
Kind regards,
Pe
p seems well-supported, but perhaps others want to use
xz or other formats.
Maybe in the future Wireshark (GUI) can also be extended to write
compressed, temporary files. This should be an option since it has a CPU
hit and increases latency.
--
Kind regards,
Peter Wu
https://l
describing this.
It is computed per section 8.1 which you linked above.
Note that if the Extended Master Secret TLS extension is in use, the
master secret would include the whole handshake and not just the
client+server random. See https://tools.ietf.org/html/rfc7627 and
https://bugs.wire
s, but to a
lesser extent expect arbitrary code execution. (These are preferences,
not plugins.)
Perhaps the snort dissector should be configured through an environment
variable, or require other changes to work?
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
over details like record compression, fragmentation,
session resumption, extended master secret, export ciphers, TLS 1.3 and
many other things that affect decryption, but hope that this
introduction will be helpful.
Note that the described structure reflects the current imp
On Tue, Aug 29, 2017 at 10:13:04AM +0200, Jakub Zawadzki wrote:
> Hi Peter,
>
> W dniu 2017-08-28 18:50, Peter Wu napisał(a):
> > This can especially problematic for services like Cloudshark and
> > Webshark (by Jakub). The former is not yet affected since it does not
t is probably fine to remove it from master, similar to the ChangeLog
file. Maybe the ChangeLog file could be removed completely since the
user should be able to get much more detail from git.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
omething
like this, once after a fresh boot:
sudo modprobe usbmon
sudo setfacl -m u:$USER:r /dev/usbmon*
This allows the current user (which is expanded automatically from
`$USER`) to Read (capture) USB traffic. In this way, dumpcap does not
need additional capabilities either.
--
ong term.
The specification should also answer:
- Where in the pcapng file should the block be located? The information
must be available before the TLS dissector is invoked.
- If it can be anywhere, can there be multiple blocks?
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
ults are shared with the UI.
Memory usage will probably suck due to exact copies of the process, but
it cannot be worse than the current situation where you have to start
multiple processes anyway to view multiple capture files.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
ng_bit_length));
> }
> }
>
> That would seem to take the top bits from the next byte but that seems
> incorrect from the point of view of many uses.
It looks valid for me, but only for ENC_BIG_ENDIAN types. Your field is
ENC_LITTLE_ENDIAN. We have
to load the symbols anyway? Is there something in the
packaging steps that has to be changed?
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archiv
On Thu, May 17, 2018 at 12:28:00PM +0100, Graham Bloice wrote:
> On Thu, 17 May 2018 at 11:52, Peter Wu <pe...@lekensteyn.nl> wrote:
>
> > Hi,
> >
> > While trying to debug a crash dump from Wireshark 2.6.0, I ran into the
> > following error:
> >
m playing with the test suite (make test-programs && make test). I
> hit a test that doesn't pass on ubuntu 14.04, but passes on 16.04. The
> test is test_80211_wpa_tdls
The test requires Libgcrypt 1.6, I'll send a p
On Thu, May 17, 2018 at 04:16:22PM +0200, Peter Wu wrote:
> > I was unsuccessful attempting this with a recent 2.6.0 build on a RHEL7
> > system as I was unable to get past this error once WIRESHARK_DATA_DIR was
> > set:
> > ERROR:privileges.c:153:started_with_special
ail and on the website look weird
though. Could it be related to the new documentation toolchain
(AsciidoctorJ)?
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list <wireshark-dev@wiresha
On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote:
> Hey folks,
>
> Here's what I'm thinking at this point: a new block type for SSL/TLS
> keylogs and another block type for DTLS keylogs. The contents of each will
> be the format as described here:
>
101 - 200 of 341 matches
Mail list logo