Re: [Wireshark-dev] On which platforms is there a need for Wireshark to have a Language preference?
I know it's a bit late, but I felt I had a reasonable use-case: On 06/11/14 19:54 , Guy Harris wrote: So presumably many of the non-native-English users you know run in mixed mode. Why do they do that? For years I was forced by corporate IT to use the Dutch version of Windows. It was therefore a godsend to be able to configure applications that support it to English. Since most online documentation is in English, and my frame of reference for all things computer is in English, I get lost in Dutch language applications quite quickly. Here's an example, a forum that I use quite frequently. When I set Firefox to Dutch, The links for Login and Registration get translated to Aanmelden and Registreren. In my mind, Aanmelden and Registreren both mean Registration. So now I am confsed, which of the links should I follow to login? -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Current QT build crashes on OS X Mavericks
Hi, Just a heads up for anyone running OS X Mavericks on their Mac. The 1.11.0 build from the Wireshark website crashes due to a QT bug, that is supposed to be fixed in QT 5.1.1. I am assuming Wireshark is not using this new QT version in the build process (yet)? https://bugreports.qt-project.org/browse/QTBUG-31803 -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] VLAN statistics
Hi, Recently we've been trying to find which VLANs in a network carry the most traffic (which VLAN is the top talker). There's no easy way to extract this information from a current Wireshark, as far as I know (someone may have introduced this the last few months while I wasn't looking, though). I am thinking of adding an 802.1q (or VLAN) item to Statistics/Conversation List. I've dug around the code around the Ethernet conversations and I think I could get it working, but I am having some questions about what's going on in conversations_table.c. A VLAN doesn't have a source/destination address or port as such, so am I barking up the wrong tree? conversations_eth.c/h suggest the basics shouldn't be too difficult, but the question above bothers me enough to not start coding immediately ;-) So, can someone point me a little further in the right direction? -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Should payload dissectors' (RTP) packets depend on call-setup dissectors' (SIP) packets?
On 6/1/12 22:42 , Gerald Combs wrote: On 6/1/12 1:15 PM, Jeff Morriss wrote: Though I am nervous about this whole packet-dependency thing causing users to say I filtered on RTP and you saved my SIP too! A few months ago I talked to someone who complained that Wireshark *didn't* do that. In his case it would've been useful to see related ARPs when filtering down to a TCP stream. Yes, but where does one stop going down that route? For RTP initiated by SIP one might want to be able to save the related SIP messages. For RTP initiated by H.323 it already needs H.225 and H.245, for some of the UMTS/3G protocols there's probably loads more involved. If you want context for a call IMHO it is up to the user to provide the context using capture/display filters. Not all context can be provided by conversations. Providing some information about heuristic/decode as frames I can see as being useful. That would be along the path of least surprise. -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Bug 6844 - Universal Alcatel Protocol - Reloaded - Review for check-in requested
On 2/15/12 4:10 PM, Jeff Morriss wrote: Why not practical? $ egrep -c static .?int hf epan/dissectors/* | sort -t : -n -k 2 | tail -3 epan/dissectors/packet-nbap.c:3284 epan/dissectors/x11-declarations.h:7119 epan/dissectors/packet-rrc.c:8403 (Admittedly those 3 are all generated dissectors, but I also imagine you're not dealing with *quite* that many fields...) But these dissectors are both manually generated: The original H.323 dissector I wrote eons ago had hundreds if not thousands of fields one could filter on. Every single element in the ASN.1 specs (H.225, H.245) was generated into a proto_item. This was in the Ethereal 0.4 (?) days... It had *thousands* of variables contained in a couple of C++ structs (did you know there's a limited amount of member variables in a struct?). So I wouldn't be afraid of adding lots and lots of filterable fields to a dissector. The more the better. -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Question regarding QT/future Wireshark version
On 1/6/12 3:15 PM, Roland Knall wrote: On another note. If in the long term Qt is the way to go, should all references to gtk usage be replaced by a more generic version of such functions, which in the meantime call the gtk version as a first step? That would allow for the future to prepare a wireshark without gtk and glib. GHashTable for instance get's used quite a lot. Since getting back into Wireshark development I have this itch somewhere int he back of my head to create a proper OS X version of Wireshark, but have shied away from the amount of work involved ;-) -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Debugging on Windows
Hi, After being away for close to 10 years I finally have a need for a new protocol dissector so I started developing again. I've got one working, but since I don't have access to Visual Studio anymore, I downloaded the Express version. I'm assuming Microsoft thinks its debugger is secret sauce, are there any alternatives? -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Debugging on Windows
The debugger with VC EE works just fine; I use it all the time. After building Wireshark in the usual manner, just start VC and do File ! Open ! Project/Solution on the wireshark exe (in ...\wireshark-gtk2 and you'll have symbols and everything). (Note: Wireshark builds with VC2008 but VC2010 should also be OK). I assumed the whole VC EE was just a bare compiler and linker and never even checked out what else was installed.. Been away from compilers for way to long ;-) Thanks! -- Andreas Sikkema ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tvb in a conversation
I want to use the tvb from one packet in another packet. So I use conversations for that. When I use this conversation later in another packet, I can't use the tvb from the conversation. If I simple print the type of the tvbuffer, the output is something like 14343243 instead of 0,1 or 2. I suspect the tvb is being freed after dissecting the previous packet has finished. You should copy the tvb instead of just saving a pointer to it. -- Andreas SikkemaBBeyond Software EngineerPlaneetbaan 4 +31 (0)23 70743422132 HZ Hoofddorp ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev