Re: [Wireshark-dev] Jurassic packets
It's interesting how little the core UI design has changed over the years - the packet list, protocol tree and bytes view are all basically the same as they are now. On Thu, Jun 13, 2013 at 2:09 PM, Gerald Combs wrote: > For Monday's Sharkfest keynote I wanted to show everyone what things > looked like back in the early days of the project. After doing > unspeakable things to a Red Hat 6.2 VM I managed to get a copy of > Ethereal 0.2.0 up and running. Screenshot attached. > > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
On Jun 13, 2013, at 11:36 AM, Evan Huus wrote: > It's interesting how little the core UI design has changed over the > years - the packet list, protocol tree and bytes view are all > basically the same as they are now. 99 44/100% of packet analyzers are using a UI derived from that of the original DOS-based Sniffer, albeit in a GUI form (i.e., a 3-paned GUI window, rather than a 25x80 screen with line-drawing-character-set boxes drawn around the panes). If it ain't broken, don't fix it ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
Speaking of Ethereal 0.2.0 ... Recently I've noticed that some people, when they tweet about the project, are still referring to it as, "Ethereal (also known as Wireshark)", and I was wondering just how long it's going to take for them to start referring to it as, "Wireshark (previously known as Ethereal)" or simply dropping the reference to Ethereal altogether. That got me to wondering just how long the project has been called Wireshark and how long it had been previously called Ethereal. For no particular reason, I crafted a capture file (attached) that depicts the date/time at which the project will have been named Wireshark for as long as it had been named Ethereal. Anyway, by Sharkfest '14, the Wireshark name will have surpassed the Ethereal name in terms of longevity. - Chris -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Guy Harris Sent: Thursday, June 13, 2013 3:18 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Jurassic packets On Jun 13, 2013, at 11:36 AM, Evan Huus wrote: > It's interesting how little the core UI design has changed over the > years - the packet list, protocol tree and bytes view are all > basically the same as they are now. 99 44/100% of packet analyzers are using a UI derived from that of the original DOS-based Sniffer, albeit in a GUI form (i.e., a 3-paned GUI window, rather than a 25x80 screen with line-drawing-character-set boxes drawn around the panes). If it ain't broken, don't fix it CONFIDENTIALITY NOTICE: The information contained in this email message is intended only for use of the intended recipient. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately delete it from your system and notify the sender by replying to this email. Thank you. ethershark.pcapng Description: ethershark.pcapng ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
Can you try loading an NFS trace on it? I recall that in the old days, sniffers usually could not decode the NFS replies since they did not keep enough state around between request/response to identify what kind of response packet it was. On Thu, Jun 13, 2013 at 11:09 AM, Gerald Combs wrote: > For Monday's Sharkfest keynote I wanted to show everyone what things > looked like back in the early days of the project. After doing > unspeakable things to a Red Hat 6.2 VM I managed to get a copy of > Ethereal 0.2.0 up and running. Screenshot attached. > > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
I could try but I don't think it would show much. :) $ ls packet-*.c packet-arp.c packet-ip.c packet-tcp.c packet-udp.c According to the old site archives NFS didn't show up until 0.7.8 (November 1999). On 6/13/13 1:27 PM, ronnie sahlberg wrote: > Can you try loading an NFS trace on it? > > I recall that in the old days, sniffers usually could not decode the > NFS replies since they did not keep enough state around between > request/response to identify what kind of response packet it was. > > > > On Thu, Jun 13, 2013 at 11:09 AM, Gerald Combs wrote: >> For Monday's Sharkfest keynote I wanted to show everyone what things >> looked like back in the early days of the project. After doing >> unspeakable things to a Red Hat 6.2 VM I managed to get a copy of >> Ethereal 0.2.0 up and running. Screenshot attached. >> >> ___ >> Sent via:Wireshark-dev mailing list >> Archives:http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
On 06/13/13 14:09, Gerald Combs wrote: For Monday's Sharkfest keynote I wanted to show everyone what things looked like back in the early days of the project. After doing unspeakable things to a Red Hat 6.2 VM I managed to get a copy of Ethereal 0.2.0 up and running. Screenshot attached. You've really gotta replace the window dressing (whatever you call that bar with the X to close it) with a Motif one (or something like that)! :-) ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
On Thu, Jun 13, 2013 at 4:52 PM, Jeff Morriss wrote: > On 06/13/13 14:09, Gerald Combs wrote: >> >> For Monday's Sharkfest keynote I wanted to show everyone what things >> looked like back in the early days of the project. After doing >> unspeakable things to a Red Hat 6.2 VM I managed to get a copy of >> Ethereal 0.2.0 up and running. Screenshot attached. > > > You've really gotta replace the window dressing (whatever you call that bar > with the X to close it) with a Motif one (or something like that)! :-) GTK and Compiz call them window decorations, though I'm not sure if that's a widely accepted term. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
On Jun 13, 2013, at 1:55 PM, Evan Huus wrote: > On Thu, Jun 13, 2013 at 4:52 PM, Jeff Morriss > wrote: > >> You've really gotta replace the window dressing (whatever you call that bar >> with the X to close it) with a Motif one (or something like that)! :-) > > GTK and Compiz call them window decorations, though I'm not sure if > that's a widely accepted term. But whether quartz-wm will let you change them is another matter. You might need to get a screenshot of it running on a machine with a 1990's-vintage window manager to *really* get the right retro look. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
On 6/13/13 1:52 PM, Jeff Morriss wrote: > On 06/13/13 14:09, Gerald Combs wrote: >> For Monday's Sharkfest keynote I wanted to show everyone what things >> looked like back in the early days of the project. After doing >> unspeakable things to a Red Hat 6.2 VM I managed to get a copy of >> Ethereal 0.2.0 up and running. Screenshot attached. > > You've really gotta replace the window dressing (whatever you call that > bar with the X to close it) with a Motif one (or something like that)! :-) I tried configuring XFree86 and then a bunch of unpleasant memories resurfaced and then I stopped. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
Heh, couldn't you try to install the Open Source version of CDE? Or is that too retro/now ironically incompatible with such an old distribution? Tyson. 2013/6/13 Gerald Combs > On 6/13/13 1:52 PM, Jeff Morriss wrote: > > On 06/13/13 14:09, Gerald Combs wrote: > >> For Monday's Sharkfest keynote I wanted to show everyone what things > >> looked like back in the early days of the project. After doing > >> unspeakable things to a Red Hat 6.2 VM I managed to get a copy of > >> Ethereal 0.2.0 up and running. Screenshot attached. > > > > You've really gotta replace the window dressing (whatever you call that > > bar with the X to close it) with a Motif one (or something like that)! > :-) > > I tried configuring XFree86 and then a bunch of unpleasant memories > resurfaced and then I stopped. > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe > -- Fight Internet Censorship! http://www.eff.org http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844 ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] smb2_time considered bad ...
Hi folks, I found out today that the time from request field is named differently for packet_smb.c and packet_smb2.c. This seems like a bad idea. I like to have that column displayed pretty much all the time, regardless of whether the capture contains SMB1 or SMB2 traffic. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
> I tried configuring XFree86 and then a bunch of unpleasant memories > resurfaced and then I stopped. Just install fvwm2 or ovm next to your current Window manager and run "X" from a console window (the big black screen with "login: " at the top, switch back to a new console, run "xterm" and go back to the graphical mode and run fvwm2 or ovm from there. Edwin -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Gerald Combs Sent: Friday, 14 June 2013 07:11 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Jurassic packets On 6/13/13 1:52 PM, Jeff Morriss wrote: > On 06/13/13 14:09, Gerald Combs wrote: >> For Monday's Sharkfest keynote I wanted to show everyone what things >> looked like back in the early days of the project. After doing >> unspeakable things to a Red Hat 6.2 VM I managed to get a copy of >> Ethereal 0.2.0 up and running. Screenshot attached. > > You've really gotta replace the window dressing (whatever you call that > bar with the X to close it) with a Motif one (or something like that)! :-) I tried configuring XFree86 and then a bunch of unpleasant memories resurfaced and then I stopped. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] smb.time || smb2.time is valid in a filter string but not in a custom column field?
Hi folks, I thought I would try to work around my issue with smb.time vs smb2.time by using a custom column field and putting in an expression, but it seems not to work. An expression that is acceptable in the Filter field is not acceptable in a custom column. Why is this? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] smb.time || smb2.time is valid in a filter string but not in a custom column field?
On Jun 13, 2013, at 5:16 PM, Richard Sharpe wrote: > I thought I would try to work around my issue with smb.time vs > smb2.time by using a custom column field and putting in an expression, > but it seems not to work. An expression that is acceptable in the > Filter field is not acceptable in a custom column. > > Why is this? Because "||" is a Boolean "or", not a human-language "or". :-) I.e., "a || b" is a packet-matching expression that matches if the expression "a" matches or the expression "b" matches, not a field expression that evaluates to whichever of the fields "a" or "b" is present (with "a" chosen if both are present, presumably). The Filter field takes packet-matching expressions; the custom column field takes field names. Field names are valid packet-matching expressions, which match if the field is present in the packet and don't match if it's not, but arbitrary packet-matching expressions aren't valid as custom columns. Having a separate feature allowing a set of field names for a custom column could be useful. I'm not sure an "||" operator, given its existing meaning in C (and in packet-matching expressions), would be the right syntax for that. (Other expressions for custom columns might be useful, e.g. (ip.ttl % 17) + (1/137.035999074)*ip.proto - OK, well, *that* expression might not be useful, but) ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Jurassic packets
Thus wrote Edwin Groothuis (edwin.grooth...@riverbed.com): > > I tried configuring XFree86 and then a bunch of unpleasant memories > > resurfaced and then I stopped. I'd say that has become simpler over the years. There's no need for monitor modelines in xorg.conf anymore... > Just install fvwm2 or ovm next to your current Window manager fvwm2 *is* my current window manager ;-) see you all at Sharkfest, Martin ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
