Re: [Wireshark-users] Problem with 0.99.3a-1011 on MacBook

2006-09-03 Thread Andreas Fink
This is a known bug. Shout at Apple about it. I opened a bug report about it long ago but Apple doesnt seem to care to fix it so far. And of course they leave you in the dark. You can reproduce the same problem with tcpdump which comes with MacOS X. So its not wireshark being at fault. On

Re: [Wireshark-users] trouble getting packaged installs to work on OSX

2006-09-07 Thread Andreas Fink
MacOS X 10.4 comes with X11 on the install CD as optional install. It is not installed by default but only a doubleclick away.On 07.09.2006, at 14:52, Chris Cocuzzo wrote:Does X11 come standard with OSX 10.4+? For the hell of it, I tried installing X11 last night, but the install wouldn't complete

Re: [Wireshark-users] Running Wireshark on OS X

2006-10-13 Thread Andreas Fink
Hi Jeremy, I have built wireshark/ethereal package version 0.99.0 for MacOS X. It is on http://www.finkconsulting.com/page7.php#ethereal Except X11 there's nothing required. I'm working on a newer version which uses gtk2 instead of gtk1 but the chain reaction there is pretty serious and

[Wireshark-users] MacOS X Package 0.99.4 done

2007-01-04 Thread Andreas Fink
and all the dependent libraries are finally been built properly (with gtk+1 we had only 2 dependencies, now we have more than a dozen), I will try to keep up with the cvs version and build updated packages more often. Andreas Fink Fink Consulting GmbH

Re: [Wireshark-users] Capturing with no free ips

2007-01-11 Thread Andreas Fink
Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG --- Tel: +41-61-330 Fax: +41-61-331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: [EMAIL PROTECTED

Re: [Wireshark-users] Help on tcpdump or dumpcap

2007-01-18 Thread Andreas Fink
I would do tcpdump -w capture_file -s0 -i interface the -s0 makes sure the packets are not cut in size... On 18.01.2007, at 02:38, Sebastien Tandel wrote: basically, tcpdump -w capture_file -i interface_name tshark -r capture_file but the man pages should be of great help for further

Re: [Wireshark-users] Problem with 0.99.3a-1011 on MacBook

2007-01-20 Thread Andreas Fink
puts the WLAN offline to do monitoring. On 20.01.2007, at 18:37, Todd Wease wrote: Andreas Fink [EMAIL PROTECTED] writes: This is a known bug. Shout at Apple about it. I opened a bug report about it long ago but Apple doesnt seem to care to fix it so far. And of course they leave you

Re: [Wireshark-users] tcp packets too big !?

2007-02-02 Thread Andreas Fink
) packets? Note that Client and Server are Linux 2.6.18/Fedora4. Many thanks. Regards ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users Andreas Fink Fink Consulting GmbH Global

Re: [Wireshark-users] Cross compilation problem again

2007-02-06 Thread Andreas Fink
ideas about this? Thank you very much and good work Daniele ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG

Re: [Wireshark-users] U3 Package

2007-02-06 Thread Andreas Fink
Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG --- Tel: +41-61-330 Fax: +41-61-331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: [EMAIL PROTECTED

Re: [Wireshark-users] Wireshark on OSX **NEWBIE**

2007-03-06 Thread Andreas Fink
... : Start X11 (usually Applications/Utilities/X11.app). in the xterm type wireshark or maybe /usr/local/bin/wirehsark if the path is not set up. depending on the distribution you used, it might be at some other place. you can do find / -print | grep wireshark$ to search for it. Andreas Fink

Re: [Wireshark-users] Calculating SIP Calls Per Second (CPS) trafic in a wireshark/ethereal trace

2007-03-06 Thread Andreas Fink
that that knows if it is possible to do what I want? Regards, // Andreas ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG

Re: [Wireshark-users] Wireless recommendation

2007-03-21 Thread Andreas Fink
On 21.03.2007, at 06:03, David Schweinsberg wrote: On 20/03/2007, at 9:34 PM, Andreas Fink wrote: the traffic showing is opening the device in promiscious mode which still has the same problem as it can not count on wlt1 while en1 is connected. Sorry Andreas, are you saying

Re: [Wireshark-users] Any Macintosh users out there?

2007-05-11 Thread Andreas Fink
that other Mac users may have found. -- Robert Ameeti You cannot kill time without injuring eternity. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users Andreas Fink Fink

Re: [Wireshark-users] How to see HTTP hosts visited

2007-11-13 Thread Andreas Fink
the two switches are not forwarding packets to your PC as the destination of the packets are not meant to receive it You need to do the tracing on the WRTG54G itself (if it runs some linux for example) or it should forward packets. I dont think even without the two switches you will see the

Re: [Wireshark-users] RE : Re: Showing TCAP packets : Ethereal vs. Wireshark

2007-12-13 Thread Andreas Fink
TCAP is a user of SCCP or SUA. As such a TCAP packet includes a SUA or SCCP packet. If Wireshark doesnt show it as TCAP it might be the fact that the packet is invalid and thus the SUA payload is not considered as TCAP packet. The reasons for this can be many. One obvious one would be that

[Wireshark-users] SCCP XUDT (Segmentation)

2008-01-11 Thread Andreas Fink
Does anyone here have a proper sample of a trace of a SCCP XUDT message including segments?My self made packet decodes correctly in wireshark but the global title node doesn't like it and rejects it with 0x08 (Message Transport Failure) and I don't have anything to compare against what could be

Re: [Wireshark-users] SCCP XUDT (Segmentation)

2008-01-11 Thread Andreas Fink
Message Transport Failure implies a message ordering problem or timeout. Looking at your MTP routing label the 2 messages are on different SLS despite the fact that Class-1 is selected. That might be the problem. (I didn't check a lot for other possible problems.) Ah... different

Re: [Wireshark-users] SCCP XUDT (Segmentation)

2008-01-11 Thread Andreas Fink
On 11.01.2008, at 17:21, Jeff Morriss wrote: Andreas Fink wrote: Does anyone here have a proper sample of a trace of a SCCP XUDT message including segments? My self made packet decodes correctly in wireshark but the global title node doesn't like it and rejects it with 0x08 (Message

[Wireshark-users] MacOS X Leopard package of Wireshark 0.99.7 available

2008-01-12 Thread Andreas Fink
-1.2.24 lua-5.1.2 pango-1.19.0 pcre-7.4 pkg-config-0.22 portaudio_stable_v19.20071207 tiff-3.8.2 wireshark-0.99.7 A pseudo application starting wireshark from an icon in /Applications. A startup item making /dev/bpf* readable for everyone at startup. X11.app update Andreas Fink Fink Consulting GmbH

Re: [Wireshark-users] Bad Checksum Packet

2008-02-10 Thread Andreas Fink
On 11.02.2008, at 06:35, Becky Vict wrote: Hi, The protocol that I'm interested in is TCP (ftp transfer). I've done as per recommended but the following is what I get. Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: ftp- data (20), Seq: 1, Ack: 15169, Len: 0 Flags:

Re: [Wireshark-users] Filtering tcp payload

2008-02-13 Thread Andreas Fink
is rejected as invalid. Can anyone see what I'm doing wrong? can't see it right now neither but try tcp[21] 193 which should be logically the same. Andreas Fink Global Networks Schweiz AG --- Tel: +41-61-333 Fax: +41-61-331

Re: [Wireshark-users] Router broken or is my Linux crazy? *Smallest* log included

2008-03-10 Thread Andreas Fink
On 10.03.2008, at 16:57, Monkey D. Luffy wrote: I left wireshark running during the night, since there was no network traffic during that time, the log is as clean as it can get. The weird thing is that my computer starts ARPing the router and never stops The router only does some IGMP

Re: [Wireshark-users] Router broken or is my Linux crazy? *Smallest* log included

2008-03-10 Thread Andreas Fink
On 10.03.2008, at 18:26, Monkey D. Luffy wrote: Your computer should gather that 192.168.2.1 is your router's ethernet from the broadcasts it listens to. Thats also a way of learning ARP tables. So that means that I have (at least) a problem in my computer? Since it doesn't learn who

Re: [Wireshark-users] GUI problem with Mac OS X

2008-03-15 Thread Andreas Fink
You need to launch it in X11, not Terminal. This is true for 10.4 but not for 10.5 where X11 is launched automatically. On 15.03.2008, at 02:12, R S wrote: Hi, I installed Wireshark on my Mac OS X 10.4.11 and it worked fine for a couple of times. Now, when I launch it in the terminal,

Re: [Wireshark-users] GUI problem with Mac OS X

2008-03-18 Thread Andreas Fink
On 18.03.2008, at 19:08, Andreas Fink wrote: what version of wireshark you have installed and where you got it from? how you launch it? The versions I've built install into /usr/local/bin/wireshark and require X11 and a bunch of libraries it dpeends on. If you installed similar libraries

Re: [Wireshark-users] vlan dhcp packets

2008-03-18 Thread Andreas Fink
I think dhcp always is untagged on ethernet by the standard as it might tell you what vlan to use maybe. At least i had such issues when trying to run a dhcp server on a cisco connected on vlan virtual interfaces Von meinem iPhone gesendet Am 18.03.2008 um 21:08 schrieb wb [EMAIL

Re: [Wireshark-users] GUI problem with Mac OS X

2008-03-25 Thread Andreas Fink
deleted the preferences file but nothing changed. Thanks. Robert Windows Live Hotmail is giving away Zunes. Enter for your chance to win. Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG --- Tel: +41-61

Re: [Wireshark-users] GUI problem with Mac OS X

2008-03-26 Thread Andreas Fink
://www.wireshark.org/mailman/listinfo/wireshark-users Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG --- Tel: +41-61-330 Fax: +41-61-331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel