Hi Michael, I've sent you some samples off-list. I hope they're of use. Thanks, Tyson
On Thu, May 21, 2009 at 7:54 PM, Michael Tüxen < [email protected]> wrote: > On May 21, 2009, at 8:01 PM, Tyson Key wrote: > > > Hi. I'm not sure what the problem was, although changing the > > directory to the directory that the capture files are to be stored > > in, and doing "sudo ../wireshark-1.1.4-SVN-28436/dumpcap -n -s 0 -w > > Wifi3 -i wlan0" did the trick nicely. > > > > A great job with the implementation by the way, so far. I managed to > > create an ersatz multi-link-type file by cat-ing together a file > > with 802.11 packets, one with USB packets, and one with Linux Cooked > > packets from a PPP device, and Wireshark handled them perfectly > > (barring some timestamp strangeness - the appended packets have > > negative timestamps, although I'd expect that sort of behaviour, > > given that there are multiple "reference" timestamps, and an issue > > with the USB dissector (gives "Warn Dissector bug, protocol USB, in > > packet 104: packet-usb.c:1702: failed assertion > > "DISSECTOR_ASSERT_NOT_REACHED"" although it's probably a known > > issue)), if anyone's interested. > Can you send me the tracefile privately? I would like to have a look > at the timestamp problem... > > > > > > Thanks, > > Tyson. > > > > On Thu, May 21, 2009 at 6:51 PM, Michael Tüxen < > [email protected] > > > wrote: > > On May 21, 2009, at 7:24 PM, Tyson Key wrote: > > > > > Hi again, Michael. Probably a stupid question, and I'm not sure if > > > it's a bug or not, but any idea why I'd get "The file to which the > > > capture would be saved ("../pcapng/U1") could not be opened: > > > Permission denied." when trying to write a pcap-ng file to any > > > directory other than the default one (/tmp), even as root, and when > > > a directory has it's permission bits set to 777? > > Not sure what the problem could be. I can run > > ./dumpcap -n -w test.pcapng -i lo0 -p > > without any problem... > > > > > > > > > Thanks in advance, > > > Tyson. > > > > > > On Thu, May 21, 2009 at 5:24 PM, Michael Tüxen < > [email protected] > > > > wrote: > > > On May 21, 2009, at 5:17 PM, Tyson Key wrote: > > > > > > > Hi Michael. This is fantastic news to hear! > > > > Will it eventually support non-Ethernet, and mixed link types in > > the > > > > same file (e.g. mmapped Linux USB and Ethernet), out of interest? > > > Yes, it should be possible to capture from multiple interfaces of > > link > > > types > > > which are supported today (so I do not add new link types). For > > > supporting > > > multiple link types, I had to add pcapng support, which is already > > > there... > > > > > > Best regards > > > Michael > > > > > > > > > > > > > > > Thanks, > > > > Tyson. > > > > > > > > On Thu, May 21, 2009 at 1:11 PM, Michael Tüxen < > [email protected] > > > > > wrote: > > > > On May 21, 2009, at 12:02 PM, <[email protected]> > > > wrote: > > > > > > > > > Hi Michael, > > > > > > > > > > I have downloaded the source code from SVN. Can you please say > > how > > > > > to use dumpcap option -n to capture on interfaces x1, x2, x3 > > > from x1 > > > > > to xn. > > > > Currently you can capture only on one interface, so > > > > dumpcap -n -i en0 > > > > should work. > > > > A future version will support > > > > dumpcap -n -i en0 -s 100 -i en1 -s 1000 > > > > and so one, where you capture on en0 with snaplen 100 and on en1 > > > with > > > > snaplen 1000. > > > > You will also be able to set a pe interface capture filter, link > > > type, > > > > promiscuous flag. > > > > I'll send a note to the dev list, when this stuff is working. > > > > > > > > Which platform are you using? > > > > > > > > Best regards > > > > Michael > > > > > > > > > > > > > > > > > > > Regards, > > > > > Chandra. > > > > > > > > > > -----Original Message----- > > > > > From: Chandra Sekhar kotikalapudi (WT01 - Telecom Equipment) > > > > > Sent: Thursday, May 21, 2009 3:20 PM > > > > > To: 'Developer support list for Wireshark' > > > > > Subject: RE: [Wireshark-dev] capturing on multiple interfaces > > > > > > > > > > Hi Michael, > > > > > > > > > > It is good to hear you have already working on it. Can you > > please > > > > > say in which svn version it is available so that I could do the > > > > > testing what ever possible? > > > > > > > > > > Thanks & Regards, > > > > > Chandra. > > > > > > > > > > -----Original Message----- > > > > > From: [email protected] [mailto: > [email protected] > > > > > ] On Behalf Of Michael Tüxen > > > > > Sent: Thursday, May 21, 2009 2:52 PM > > > > > To: Developer support list for Wireshark > > > > > Subject: Re: [Wireshark-dev] capturing on multiple interfaces > > > > > > > > > > On May 21, 2009, at 8:59 AM, <[email protected]> < > [email protected] > > > > >> wrote: > > > > > > > > > >> Hi Tyson, > > > > >> > > > > >> Thank you very much for the response. > > > > >> Is it possible to capture on desired 'x' interfaces in 'n' > > > > >> interfaces available using "dumpcap". > > > > > This is what I'm working on. The capture file will be stored > > > > > in .pcapng format... > > > > > Saving in .pcapng is already available in the svn version. Use > > the > > > > -n > > > > > option. > > > > > Testing it is highly appreciated... > > > > > > > > > > Best regards > > > > > Michael > > > > > > > > > >> > > > > >> Regards, > > > > >> Chandra. > > > > >> From: [email protected] [mailto: > [email protected] > > > > >> ] On Behalf Of Tyson Key > > > > >> Sent: Monday, May 18, 2009 8:53 PM > > > > >> To: Developer support list for Wireshark > > > > >> Subject: Re: [Wireshark-dev] capturing on multiple interfaces > > > > >> > > > > >> Hi, Chandra. > > > > >> Assuming that all the devices you want to capture on uses the > > > same > > > > >> link type, there's an "any" pseudo-device on Linux that you can > > > > use. > > > > >> Sadly, it doesn't store information about the devices involved, > > > and > > > > >> the link type-specific headers are transformed into a "Cooked" > > > > >> format. You might want to investigate pcap-ng for that sort of > > > > stuff. > > > > >> > > > > >> Hope that helps, > > > > >> Tyson. > > > > >> On Mon, May 18, 2009 at 10:23 AM, > > > <[email protected]> > > > > >> wrote: > > > > >> Hi, > > > > >> > > > > >> > > > > >> > > > > >> We all know Wireshark can capture on different interfaces, > > can it > > > > be > > > > >> able to capture on all interfaces at once using Wireshark? > > > > >> > > > > >> > > > > >> > > > > >> If 'No' is the answer can any one help me in understanding how > > > > >> capturing is done using Wireshark? > > > > >> > > > > >> I could change the implementation accordingly for my needs to > > > > >> capture on all interfaces. > > > > >> > > > > >> > > > > >> > > > > >> Thanks in advance. > > > > >> > > > > >> > > > > >> > > > > >> Regards, > > > > >> > > > > >> Chandra. > > > > >> > > > > >> > > > > >> > > > > >> Please do not print this email unless it is absolutely > > necessary. > > > > >> > > > > >> The information contained in this electronic message and any > > > > >> attachments to this message are intended for the exclusive > > use of > > > > >> the addressee(s) and may contain proprietary, confidential or > > > > >> privileged information. If you are not the intended recipient, > > > you > > > > >> should not disseminate, distribute or copy this e-mail. Please > > > > >> notify the sender immediately and destroy all copies of this > > > > message > > > > >> and any attachments. > > > > >> > > > > >> WARNING: Computer viruses can be transmitted via email. The > > > > >> recipient should check this email and any attachments for the > > > > >> presence of viruses. The company accepts no liability for any > > > > damage > > > > >> caused by any virus transmitted by this email. > > > > >> > > > > >> www.wipro.com > > > > >> > > > > >> > > > > >> > > > > > > > > > > ___________________________________________________________________________ > > > > >> Sent via: Wireshark-dev mailing list < > [email protected] > > > > > > > > > >> Archives: http://www.wireshark.org/lists/wireshark-dev > > > > >> Unsubscribe: https://wireshark.org/mailman/options/wireshark- > > dev > > > > >> mailto:[email protected] > ?subject=unsubscribe > > > > >> > > > > >> > > > > >> > > > > >> -- > > > > >> Fight Internet Censorship! http://www.eff.org > > > > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > >> http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon | > > > > >> +447549728105 > > > > >> Please do not print this email unless it is absolutely > > necessary. > > > > >> > > > > >> The information contained in this electronic message and any > > > > >> attachments to this message are intended for the exclusive > > use of > > > > >> the addressee(s) and may contain proprietary, confidential or > > > > >> privileged information. If you are not the intended recipient, > > > you > > > > >> should not disseminate, distribute or copy this e-mail. Please > > > > >> notify the sender immediately and destroy all copies of this > > > > message > > > > >> and any attachments. > > > > >> > > > > >> WARNING: Computer viruses can be transmitted via email. The > > > > >> recipient should check this email and any attachments for the > > > > >> presence of viruses. The company accepts no liability for any > > > > damage > > > > >> caused by any virus transmitted by this email. > > > > >> > > > > >> www.wipro.com > > > > >> > > > > >> > > > > > > > > > > ___________________________________________________________________________ > > > > >> Sent via: Wireshark-dev mailing list < > [email protected] > > > > > > > > > >> Archives: http://www.wireshark.org/lists/wireshark-dev > > > > >> Unsubscribe: https://wireshark.org/mailman/options/wireshark- > > dev > > > > >> mailto:[email protected] > ?subject=unsubscribe > > > > > > > > > > > > > > > > > > > > ___________________________________________________________________________ > > > > > Sent via: Wireshark-dev mailing list <wireshark- > > > > [email protected]> > > > > > Archives: http://www.wireshark.org/lists/wireshark-dev > > > > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > > > mailto:[email protected] > ?subject=unsubscribe > > > > > > > > > > Please do not print this email unless it is absolutely > > necessary. > > > > > > > > > > The information contained in this electronic message and any > > > > > attachments to this message are intended for the exclusive use > > of > > > > > the addressee(s) and may contain proprietary, confidential or > > > > > privileged information. If you are not the intended recipient, > > you > > > > > should not disseminate, distribute or copy this e-mail. Please > > > > > notify the sender immediately and destroy all copies of this > > > message > > > > > and any attachments. > > > > > > > > > > WARNING: Computer viruses can be transmitted via email. The > > > > > recipient should check this email and any attachments for the > > > > > presence of viruses. The company accepts no liability for any > > > damage > > > > > caused by any virus transmitted by this email. > > > > > > > > > > www.wipro.com > > > > > > > > > > > > > > > ___________________________________________________________________________ > > > > > Sent via: Wireshark-dev mailing list <wireshark- > > > > [email protected]> > > > > > Archives: http://www.wireshark.org/lists/wireshark-dev > > > > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > > > mailto:[email protected] > ?subject=unsubscribe > > > > > > > > > > > > > > > > > > > ___________________________________________________________________________ > > > > Sent via: Wireshark-dev mailing list <wireshark- > > > [email protected]> > > > > Archives: http://www.wireshark.org/lists/wireshark-dev > > > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > > mailto:[email protected] > ?subject=unsubscribe > > > > > > > > > > > > > > > > -- > > > > Fight Internet Censorship! http://www.eff.org > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon | > > > > +447549728105 > > > > > > > > > > ___________________________________________________________________________ > > > > Sent via: Wireshark-dev mailing list <wireshark- > > > [email protected]> > > > > Archives: http://www.wireshark.org/lists/wireshark-dev > > > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > > mailto:[email protected] > ?subject=unsubscribe > > > > > > > > > ___________________________________________________________________________ > > > Sent via: Wireshark-dev mailing list <wireshark- > > [email protected]> > > > Archives: http://www.wireshark.org/lists/wireshark-dev > > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > mailto:[email protected] > ?subject=unsubscribe > > > > > > > > > > > > -- > > > Fight Internet Censorship! http://www.eff.org > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon | > > > +447549728105 > > > > > > ___________________________________________________________________________ > > > Sent via: Wireshark-dev mailing list <wireshark- > > [email protected]> > > > Archives: http://www.wireshark.org/lists/wireshark-dev > > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > mailto:[email protected] > ?subject=unsubscribe > > > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <[email protected]> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected] > ?subject=unsubscribe > > > > > > > > -- > > Fight Internet Censorship! http://www.eff.org > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon | > > +447549728105 > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <[email protected]> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected] > ?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > -- Fight Internet Censorship! http://www.eff.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon | +447549728105
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
