Hi I'm a new Wireshark user, and I'm asking if it's possible to decode a not pcap files (text files) by Wireshark. In the same time I'm thinking about the text2pcap function, but I don't know how to use it. Thaks for any help
-----Message d'origine----- De : [email protected] [mailto:[email protected]] De la part de [email protected] Envoyé : jeudi 12 mars 2009 15:26 À : [email protected] Objet : Wireshark-dev Digest, Vol 34, Issue 23 Send Wireshark-dev mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-dev or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-dev digest..." Today's Topics: 1. Re: Win64 build support (Brian Daniel) 2. Adding new dissectors (Rayne) 3. Re: Try to use non formatting routines (Stig Bj?rlykke) 4. Another typo in wireshark.nsi [PATCH] (Anders Broman) 5. Re: Another typo in wireshark.nsi [PATCH] (Martin Mathieson) 6. Questiong regarding Wireshark (ksiva) ---------------------------------------------------------------------- Message: 1 Date: Wed, 11 Mar 2009 17:40:46 -0400 From: Brian Daniel <[email protected]> Subject: Re: [Wireshark-dev] Win64 build support To: Developer support list for Wireshark <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Cool thanks folks! Since http://buildbot.wireshark.org/trunk/waterfall shows failed on both wireshark win32 and win64, I'll hold off on my svn update until later tonight when both are green. On Wed, Mar 11, 2009 at 12:18 PM, Gerald Combs <[email protected]> wrote: > You should now, along with updating SVN. I just checked in a change to use > WIRESHARK_TARGET_PLATFORM (note the fixed spelling) instead of PLATFORM. > > Config.nmake sets CPU according to WIRESHARK_TARGET_PLATFORM. You shouldn't > have > to set it yourself. > > Brian Daniel wrote: > > Yep, turns out I need to keep my setting: Platform=BPC > > Should I use WIRESHRK_TARGET_PLATFORM=win64 ?? > > For now, I'll try to temporarily change to Platform=win32 or win64 each > > time I launch the cmd.exe > > > > Also, what CPU= should I put for my Intel Core2 Quad Q6600? > > x86 is a solution for a very old Intel CPU. > > Many Thanks, > > Brian > > On Tue, Mar 10, 2009 at 8:26 PM, Guy Harris <[email protected] > > <mailto:[email protected]>> wrote: > > > > > > On Mar 10, 2009, at 5:08 PM, Gerald Combs wrote: > > > > > Should we use something more Wireshark-specific, e.g. > > > WIRESHRK_TARGET_PLATFORM > > > instead? > > > > That might work better. When Googling for information about this I > > found at least a couple of instances of some annoying bit of software > > insisting on setting the PLATFORM environment variable to some silly > > string such as BPC or HPC and breaking MSVC++ builds, so if we can > > avoid depending on PLATFORM at all, that might at least keep us from > > getting hosed by those programs. > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <[email protected] > > <mailto:[email protected]>> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected] > > <mailto:[email protected]>?subject=unsubscribe > > > > > > > > ------------------------------------------------------------------------ > > > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <[email protected]> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected] > ?subject=unsubscribe > > > -- > Join us for Sharkfest?09 | Stanford University, June 15 ? 18 > http://www.cacetech.com/sharkfest.09/ > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090311/96484194/attachment.htm ------------------------------ Message: 2 Date: Wed, 11 Mar 2009 22:52:50 -0700 (PDT) From: Rayne <[email protected]> Subject: [Wireshark-dev] Adding new dissectors To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hi, I would like to know if adding a new dissector would require modifying/adding this dissector to the code of the dissector that may later call it. For example, I was looking at packet-gtp.c, and in proto_re_handoff_gtp(), dissector_add() was used to add UDP and if neccessary, TCP. Looking at dissector_add(), it appears that it would call dissector_add_handle() to add GTP as a sub-dissector to UDP and/or TCP. All of this is done only in packet-gtp.c and not in packet-udp.c or packet-tcp.c. If my reasoning is correct, am I right to say when I add a dissector, I need not modify the codes of the protocol layers below it? For example in this case, if I were to add the GTP dissector, I only need to specify and add the layers below it (UDP and/or TCP) in its own code. As for protocol layers above it, I would just use call_dissector whenever appropriate? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090311/d70073f3/attachment.htm ------------------------------ Message: 3 Date: Thu, 12 Mar 2009 09:00:07 +0100 From: Stig Bj?rlykke <[email protected]> Subject: Re: [Wireshark-dev] Try to use non formatting routines To: Developer support list for Wireshark <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 2009/3/11 Jakub Zawadzki <[email protected]>: > On Wed, Mar 11, 2009 at 12:26:18PM -0400, Bill Meier wrote: >> To prevent this from getting lost: I suggest you submit it to >> bugs.wireshark.org as a patch request. > > Well first of all I'd like to know if for you it's ok to do so. > If not it's senseless to submit bugreport. Yes, please open a bug report (marked enhancement) for patches like this. We use bugzilla to keep a track of all submitted patches. I have committed this one (r27709) so you can open a bug report for your next patch :) -- Stig Bj?rlykke ------------------------------ Message: 4 Date: Thu, 12 Mar 2009 11:29:43 +0100 From: "Anders Broman" <[email protected]> Subject: [Wireshark-dev] Another typo in wireshark.nsi [PATCH] To: "Developer support list for Wireshark" <[email protected]> Message-ID: <e48f3a0f80c4b642bf6a5ff3257dfbb906243...@esealmw107.eemea.ericsson.se> Content-Type: text/plain; charset="us-ascii" Hi, Can some one apply this patch? <<wireshark.nsi.patch>> Regards Anders -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/b9f0cd14/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: wireshark.nsi.patch Type: application/octet-stream Size: 466 bytes Desc: wireshark.nsi.patch Url : http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/b9f0cd14/attachment.obj ------------------------------ Message: 5 Date: Thu, 12 Mar 2009 10:59:30 +0000 From: Martin Mathieson <[email protected]> Subject: Re: [Wireshark-dev] Another typo in wireshark.nsi [PATCH] To: Developer support list for Wireshark <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Done in 27710. On Thu, Mar 12, 2009 at 10:29 AM, Anders Broman <[email protected]>wrote: > Hi, > Can some one apply this patch? > <<wireshark.nsi.patch>> > Regards > Anders > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/94e9b5c5/attachment.htm ------------------------------ Message: 6 Date: Wed, 11 Mar 2009 11:17:21 -0700 (PDT) From: ksiva <[email protected]> Subject: [Wireshark-dev] Questiong regarding Wireshark To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=us-ascii Hi there, [1] Is there a way to run a script that will monitor the packets and look for a specific event to happen (say sequence number of the packet or src/dest is unreachable - packet type) and command the wireshark to stop capturing (perhaps N seconds after the event occured). (Similar to what procomm plus offers a script to monitor a serial port console output.) i.e. A trigger to stop capture. [2] A way to auto-flush and auto-start-capture after M packets. Thanks, Siva ------------------------------ _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev End of Wireshark-dev Digest, Vol 34, Issue 23 ********************************************* ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
