Hi
this is my script maybe someone else can use it in a script ms-dos
@echo offsetlocal ENABLEDELAYEDEXPANSIONFOR %%f IN (*.snoop) DO SET List=
%%~nf.pcap & tshark -r %%f -w !List!pause
best regards
> From: [EMAIL PROTECTED]> Subject: Wireshark-users Digest, Vol 22, Issue 54>
> To: wireshark-users@wireshark.org> Date: Tue, 18 Mar 2008 18:12:52 +0000> >
> Send Wireshark-users mailing list submissions to>
> wireshark-users@wireshark.org> > To subscribe or unsubscribe via the World
> Wide Web, visit> http://www.wireshark.org/mailman/listinfo/wireshark-users>
> or, via email, send a message with subject or body 'help' to> [EMAIL
> PROTECTED]> > You can reach the person managing the list at> [EMAIL
> PROTECTED]> > When replying, please edit your Subject line so it is more
> specific> than "Re: Contents of Wireshark-users digest..."> > > Today's
> Topics:> > 1. Re: Setting up fields with little endianess for a custom>
> dissector (Leandro Lucarella)> 2. Re: GUI problem with Mac OS X (R S)> 3. Re:
> Terminal Server traffic (Albert Jurado)> 4. Re: windows script to convert
> snoop to pcap (Bill Meier)> 5. Wireshark 1.0.0pre1 is now available (Gerald
> Combs)> 6. Re: GUI problem with Mac OS X (Andreas Fink)> > >
> ----------------------------------------------------------------------> >
> Message: 1> Date: Tue, 18 Mar 2008 10:47:05 -0300> From: Leandro Lucarella
> <[EMAIL PROTECTED]>> Subject: Re: [Wireshark-users] Setting up fields with
> little endianess> for a custom dissector> To: wireshark-users@wireshark.org>
> Message-ID: <[EMAIL PROTECTED]>> Content-Type: text/plain; charset=UTF-8;
> format=flowed> > Guy Harris wrote:> > On Mar 17, 2008, at 11:25 AM, Leandro
> Lucarella wrote:> > > >> But I still can't find a way to tell (looked at FT_*
> and BASE_*> >> constants) wireshark to interpret the field as little endian.>
> > > > The byte order is *NOT* a property of the field; there exist protocols
> > > (X11 and DCE RPC, to name two) where a given field might appear as > >
> little-endian in some packets and big-endian in other packets, even in > >
> the same capture.> > > > At least as I read the Wireshark Lua reference
> manual section of the > > Wireshark User's Manual, you want to do> > > >
> subtree:add_le(pf, buffer(0, 4))> > > > to add a little-endian 4-byte
> quantity, but I'm not an expert on the > > Lua support. Luis?> > Yeap! That
> did the trick! Thank you!> > Another Lua-specific question: is there any way
> to activate Lua support > in a user-basis or via some configuration file in
> /etc? Because init.lua > it's in /usr/share/... and when using a distribution
> (I'm using Debian), > if I edit the file to comment "disable_lua = true; do
> return end;", > every time a new version of the package is installed, I lost
> that > "configuration".> > TIA.> > > > ------------------------------> >
> Message: 2> Date: Tue, 18 Mar 2008 02:15:17 +0000> From: R S <[EMAIL
> PROTECTED]>> Subject: Re: [Wireshark-users] GUI problem with Mac OS X> To:
> <[EMAIL PROTECTED]>> Cc: wireshark-users@wireshark.org> Message-ID: <[EMAIL
> PROTECTED]>> Content-Type: text/plain; charset="iso-8859-1"> > > Andreas,> >
> When I launch it in X11, things don't get better. I still have the wireshark
> tab appearing in the menu bar with nothing next to it.> Any suggestions?> > >
> Robert> > From: Andreas Fink <[EMAIL PROTECTED]>> > > > Date: Sat, 15 Mar
> 2008 18:58:27 +0100> > > > > > > > > > You need to launch it in X11, not
> Terminal.This is true for 10.4 but not for 10.5 where X11 is launched
> automatically.> > From: [EMAIL PROTECTED]> To: wireshark-users@wireshark.org>
> Subject: GUI problem with Mac OS X> Date: Sat, 15 Mar 2008 01:12:22 +0000> >
> > > > > > > > > > > Hi,> > I installed Wireshark on my Mac OS X 10.4.11 and
> it> worked fine for a couple of times. Now, when I launch it in the>
> terminal, the GUI simply doesn't appear.> Is anyone familiar with this
> problem?> > > Cheers,> > Robert> > Helping your favorite cause is as easy as
> instant messaging. You IM, we give. Learn more.> >
> _________________________________________________________________> Shed those
> extra pounds with MSN and The Biggest Loser!> http://biggestloser.msn.com/>
> -------------- next part --------------> An HTML attachment was scrubbed...>
> URL:
> http://www.wireshark.org/lists/wireshark-users/attachments/20080318/c9eddd31/attachment.htm
> > > ------------------------------> > Message: 3> Date: Tue, 18 Mar 2008
> 10:35:10 -0400> From: "Albert Jurado" <[EMAIL PROTECTED]>> Subject: Re:
> [Wireshark-users] Terminal Server traffic> To: "Community support list for
> Wireshark"> <wireshark-users@wireshark.org>> Message-ID:> <[EMAIL
> PROTECTED]>> Content-Type: text/plain; charset="utf-8"> > Thanks Hansang.> >
> That's what I thought at first but I couldn’t find the spot to look for it in
> Wireshark (I'm a newbie). Why wouldn't Wireshark be able to dissect this? Or
> is Wireshark just capturing what it's told to capture?> > Thx.> > Albert>
> Email: [EMAIL PROTECTED]> > -----Original Message-----> From: [EMAIL
> PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hansang Bae> Sent: Sunday,
> March 16, 2008 1:37 PM> To: Community support list for Wireshark> Subject:
> Re: [Wireshark-users] Terminal Server traffic> > Albert Jurado wrote:> > I've
> attached a small capture file. Maybe someone can take a look at it and make
> something of it.> > > > If you look for the following ip address
> (10.10.10.23) you'll should see the out of order packets.> > > Albert,> They
> are the same packets. Notice the IP ID field, you have duplicates. >
> Basically, you captured it twice. Chances are, you spanned the entire > vlan
> and you captured it as it came out of one server and entered the > other
> server.> > > -- > > Thanks,> Hansang>
> _______________________________________________> Wireshark-users mailing
> list> Wireshark-users@wireshark.org>
> http://www.wireshark.org/mailman/listinfo/wireshark-users> >
> ------------------------------> > Message: 4> Date: Tue, 18 Mar 2008 10:58:40
> -0400> From: Bill Meier <[EMAIL PROTECTED]>> Subject: Re: [Wireshark-users]
> windows script to convert snoop to pcap> To: Community support list for
> Wireshark> <wireshark-users@wireshark.org>> Message-ID: <[EMAIL PROTECTED]>>
> Content-Type: text/plain; charset=windows-1252; format=flowed> > miguel
> olivares varela wrote:> > > > > > > > @echo off> > setlocal
> ENABLEDELAYEDEXPANSION> > FOR %%f IN (*.snoop) DO SET Liste= "%%f" & tshark
> -r “%%f" -w “!Liste!”> > > > i need to use two variables "f" and "liste"
> asign "f" to "liste" but i > > don't know how can i change the extension of
> the file in "liste".> > > > Try something like: SET Liste=%%~nf.lis> > See
> the help documentation for the for statement.> > > > > > >
> ------------------------------> > Message: 5> Date: Tue, 18 Mar 2008 09:05:12
> -0700> From: Gerald Combs <[EMAIL PROTECTED]>> Subject: [Wireshark-users]
> Wireshark 1.0.0pre1 is now available> To: Wireshark announcements <[EMAIL
> PROTECTED]>,> Community support list for Wireshark
> <wireshark-users@wireshark.org>,> Developer support list for Wireshark
> <[EMAIL PROTECTED]>> Message-ID: <[EMAIL PROTECTED]>> Content-Type:
> text/plain; charset=ISO-8859-1> > Wireshark 1.0.0pre1 is now available for
> testing. Installers for Windows, OS X,> and source code can be downloaded
> immediately from> >
> http://www.wireshark.org/download/prerelease/wireshark-setup-1.0.0pre1.exe>
> http://www.wireshark.org/download/prerelease/wireshark-1.0.0pre1.u3p>
> http://www.wireshark.org/download/prerelease/WiresharkPortable-1.0.0pre1.paf.exe>
>
> http://www.wireshark.org/download/prerelease/Wireshark%201.0.0pre1%20Intel.dmg>
> http://www.wireshark.org/download/prerelease/wireshark-1.0.0pre1.tar.gz> >
> The Mac OS X installer is new for this release, and is experimental.> > An
> in-progress list of changes can be found in the release notes at>
> http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html.> > Please report
> any problems you find to the wireshark-dev mailing list or> open a ticket at
> http://bugs.wireshark.org/ .> > Barring any problems, version 1.0.0 will be
> released during Sharkfest on Monday,> March 31st.> > > File verification
> information:> > wireshark-setup-1.0.0pre1.exe: 21714062 bytes>
> MD5(wireshark-setup-1.0.0pre1.exe)=7f406a60a390f573574965b70251eb42>
> SHA1(wireshark-setup-1.0.0pre1.exe)=ddf3da6c890114d5af46648e9e7c0fd1a39e19be>
> RIPEMD160(wireshark-setup-1.0.0pre1.exe)=a3920da1c101a93df2f7de19318c893c39b203b1>
> > wireshark-1.0.0pre1.u3p: 19955689 bytes>
> MD5(wireshark-1.0.0pre1.u3p)=f0ab6a932165643bfcef64c33e7bdd6e>
> SHA1(wireshark-1.0.0pre1.u3p)=48a7856a47ce275bcf23d517d54ed8e9a02eca3c>
> RIPEMD160(wireshark-1.0.0pre1.u3p)=01079112e38c1b06dafa7db5af78e04d882ea1de>
> > WiresharkPortable-1.0.0pre1.paf.exe: 17365814 bytes>
> MD5(WiresharkPortable-1.0.0pre1.paf.exe)=2b9f6ff0c0772435022d25344754804c>
> SHA1(WiresharkPortable-1.0.0pre1.paf.exe)=c43755cae61883360902badf159a155833ca0af5>
>
> RIPEMD160(WiresharkPortable-1.0.0pre1.paf.exe)=fd264fda26417b1f64c88d5aadef605fc0093ff9>
> > Wireshark 1.0.0pre1 Intel.dmg: 59056532 bytes> MD5(Wireshark 1.0.0pre1
> Intel.dmg)=bb4eaf3bb4f03e4d4e568f4235c9054e> SHA1(Wireshark 1.0.0pre1
> Intel.dmg)=de962edf9592553ba98a1eb4b762f9eec29a3a6f> RIPEMD160(Wireshark
> 1.0.0pre1 Intel.dmg)=284f3db752d9920f18ac1eb85919ec981601d2a5> >
> wireshark-1.0.0pre1.tar.gz: 17041792 bytes>
> MD5(wireshark-1.0.0pre1.tar.gz)=a8b478c8698e5e4afbe1cd8f329f573b>
> SHA1(wireshark-1.0.0pre1.tar.gz)=815c8f03935da4ef2baa2b088c8a9d49e7d3ab6f>
> RIPEMD160(wireshark-1.0.0pre1.tar.gz)=d2ac844587987620472c07f25ffded7ea485a7e3>
> > > > ------------------------------> > Message: 6> Date: Tue, 18 Mar 2008
> 19:12:36 +0100> From: Andreas Fink <[EMAIL PROTECTED]>> Subject: Re:
> [Wireshark-users] GUI problem with Mac OS X> To: Community support list for
> Wireshark> <wireshark-users@wireshark.org>> Message-ID: <[EMAIL PROTECTED]>>
> Content-Type: text/plain; charset="utf-8"> > > On 18.03.2008, at 19:08,
> Andreas Fink wrote:> > what version of wireshark you have installed and where
> you got it from?> how you launch it?> > The versions I've built install into
> /usr/local/bin/wireshark and > require X11 and a bunch of libraries it
> dpeends on. If you installed > similar libraries using "Ports", or "Fink"
> package manager you might > get into dynamic linking issues.> > check this
> with the otool.> > This is the output I got on my MacOS X 10.5 system:> > $
> otool -L /usr/local/bin/wireshark> /usr/local/bin/wireshark:>
> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ >
> ApplicationServices (compatibility version 1.0.0, current version > 34.0.0)>
> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/ >
> CoreFoundation (compatibility version 150.0.0, current version 476.0.0)>
> /System/Library/Frameworks/CoreServices.framework/Versions/A/ > CoreServices
> (compatibility version 1.0.0, current version 32.0.0)>
> /usr/local/lib/libwiretap.0.dylib (compatibility version 1.0.0, > current
> version 1.1.0)> /usr/local/lib/libwireshark.0.dylib (compatibility version
> 1.0.0, > current version 1.1.0)> /usr/lib/libcrypto.0.9.7.dylib
> (compatibility version 0.9.7, current > version 0.9.7)>
> /usr/local/lib/libpcre.0.dylib (compatibility version 1.0.0, current >
> version 1.1.0)> /usr/lib/libpcap.A.dylib (compatibility version 1.0.0,
> current > version 1.0.0)> /usr/local/lib/libgtk-x11-2.0.0.dylib
> (compatibility version > 1201.0.0, current version 1201.3.0)>
> /usr/local/lib/libgdk-x11-2.0.0.dylib (compatibility version > 1201.0.0,
> current version 1201.3.0)> /usr/local/lib/libatk-1.0.0.dylib (compatibility
> version 2010.0.0, > current version 2010.1.0)>
> /usr/local/lib/libgdk_pixbuf-2.0.0.dylib (compatibility version > 1201.0.0,
> current version 1201.3.0)> /usr/local/lib/libpangocairo-1.0.0.dylib
> (compatibility version > 1901.0.0, current version 1901.0.0)>
> /usr/local/lib/libpangoft2-1.0.0.dylib (compatibility version > 1901.0.0,
> current version 1901.0.0)> /usr/local/lib/libpango-1.0.0.dylib (compatibility
> version 1901.0.0, > current version 1901.0.0)> /usr/lib/libSystem.B.dylib
> (compatibility version 1.0.0, current > version 111.0.0)>
> /usr/local/lib/libcairo.2.dylib (compatibility version 14.0.0, > current
> version 14.6.0)> /usr/X11/lib/libfontconfig.1.dylib (compatibility version
> 3.0.0, > current version 3.0.0)> /usr/X11/lib/libfreetype.6.dylib
> (compatibility version 10.0.0, > current version 10.16.0)>
> /usr/lib/libexpat.1.dylib (compatibility version 7.0.0, current > version
> 7.0.0)> /usr/X11/lib/libpng12.0.dylib (compatibility version 1.0.0, current >
> version 1.0.0)> /usr/X11/lib/libXrender.1.dylib (compatibility version 5.0.0,
> current > version 5.0.0)> /usr/X11/lib/libX11.6.dylib (compatibility version
> 9.0.0, current > version 9.0.0)> /usr/X11/lib/libXau.6.dylib (compatibility
> version 7.0.0, current > version 7.0.0)> /usr/X11/lib/libXdmcp.6.dylib
> (compatibility version 7.0.0, current > version 7.0.0)>
> /usr/local/lib/libgobject-2.0.0.dylib (compatibility version > 1501.0.0,
> current version 1501.0.0)> /usr/local/lib/libgmodule-2.0.0.dylib
> (compatibility version > 1501.0.0, current version 1501.0.0)>
> /usr/local/lib/libgthread-2.0.0.dylib (compatibility version > 1501.0.0,
> current version 1501.0.0)> /usr/local/lib/libglib-2.0.0.dylib (compatibility
> version 1501.0.0, > current version 1501.0.0)> /usr/local/lib/libintl.8.dylib
> (compatibility version 9.0.0, current > version 9.2.0)>
> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos >
> (compatibility version 5.0.0, current version 5.0.0)>
> /usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current > version
> 19.0.0)> /usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current >
> version 7.0.0)> /usr/local/lib/libportaudio.2.dylib (compatibility version
> 3.0.0, > current version 3.0.0)> /usr/lib/libz.1.dylib (compatibility version
> 1.0.0, current version > 1.2.3)> /usr/lib/libgcc_s.1.dylib (compatibility
> version 1.0.0, current > version 1.0.0)> > You might also trash the
> preferences in ~/.wireshark/ to see if some > old settings move your window
> off screen or the like.> > > > On 18.03.2008, at 03:15, R S wrote:> >
> Andreas,> >> > When I launch it in X11, things don't get better. I still have
> the > > wireshark tab appearing in the menu bar with nothing next to it.> >
> Any suggestions?> >> >> > Robert> >> > From: Andreas Fink <[EMAIL
> PROTECTED]>> > Date: Sat, 15 Mar 2008 18:58:27 +0100> >> > You need to launch
> it in X11, not Terminal.> > This is true for 10.4 but not for 10.5 where X11
> is launched > > automatically.> >> >> > From: [EMAIL PROTECTED]> > To:
> wireshark-users@wireshark.org> > Subject: GUI problem with Mac OS X> > Date:
> Sat, 15 Mar 2008 01:12:22 +0000> >> > Hi,> >> > I installed Wireshark on my
> Mac OS X 10.4.11 and it worked fine for > > a couple of times. Now, when I
> launch it in the terminal, the GUI > > simply doesn't appear.> > Is anyone
> familiar with this problem?> >> >> > Cheers,> >> > Robert> >> > Helping your
> favorite cause is as easy as instant messaging. You IM, > > we give. Learn
> more.> >> > Shed those extra pounds with MSN and The Biggest Loser! Learn > >
> more._______________________________________________> > Wireshark-users
> mailing list> > Wireshark-users@wireshark.org> >
> http://www.wireshark.org/mailman/listinfo/wireshark-users> > > > Andreas
> Fink> > Fink Consulting GmbH> Global Networks Schweiz AG> BebbiCell AG> >
> ---------------------------------------------------------------> Tel:
> +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333> Address:
> Clarastrasse 3, 4058 Basel, Switzerland> E-Mail: [EMAIL PROTECTED]>
> www.finkconsulting.com www.global-networks.ch www.bebbicell.ch>
> ---------------------------------------------------------------> ICQ: 8239353
> MSN: [EMAIL PROTECTED] AIM: smsrelay Skype: andreasfink> Yahoo:
> finkconsulting SMS: +41792457333> > http://a-fink.blogspot.com/ A developers
> view about iPhone SDK> -------------- next part --------------> An HTML
> attachment was scrubbed...> URL:
> http://www.wireshark.org/lists/wireshark-users/attachments/20080318/42346177/attachment.htm
> > > ------------------------------> >
> _______________________________________________> Wireshark-users mailing
> list> Wireshark-users@wireshark.org>
> http://www.wireshark.org/mailman/listinfo/wireshark-users> > > End of
> Wireshark-users Digest, Vol 22, Issue 54>
> ***********************************************
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
