I am working on a continuous packet capture application (think
Infinistream, Gigastor, NetVCR) written in Perl (only because that's
what I know). Here is what I have so far.
This works (or seems to). More optimization possible by removing
unnecessary trailing spaces from each packet hexdump. Ha
Adele wrote:
> Actually I have talk to some guys who work in OICQ company and according
> to them, Thunder and OICQ are competitors and there are not any
> co-operations between them. So I am really confused that how I can
> capture OICQ packets from Thunder while the OICQ is not running.
>
I am adding dissectors for two proprietary protocols. The protocols differs in
encapsulation and header structure, but have the same payload structure.
For each protocol I call proto_register_protocol, create_dissector_handle and
proto_register_field_array for protocol header fields.
The quest
Hello Adele,
jl...@ie.cuhk.edu.hk> how Wireshark works and decide a packet is an OICQ
packet?
jl...@ie.cuhk.edu.hk> I mean, besides of the UDP port, are there any other ways
for Wireshark
jl...@ie.cuhk.edu.hk> to categorise a packet to be an OICQ packet?
The most obvious (but maybe not easy fo
Hello,
It seems that WireShark is able to recognise OICQ protocol.
See the following page :
http://www.wireshark.org/docs/dfref/o/oicq.html
May be this could help you.
Regards
Philippe
From: jl...@ie.cuhk.edu.hk
To: wireshark-dev@wireshark.org
Date: Thu, 5 Mar 2009 17:48:38 -0800
Subject: [Wir
Dear all,
Here I have a very detailed question and I would like to thank you all for
your help in advance.
Some background information first:
Thunder is a very popular P2P file downloading software in China and it is
not open sourced. Recently I have been doing some protocol analysis
e
Hello Chris,
Could you send us an example of stored packets within a pcap file ?
Then regarding your code, I think there could be a problem how
your header offset is managed (tmpOffset variable).
I have understood that the packet begins with several headers,
each header has a length of 7 octets
Hej,
I´ve written a dissector for a multiplexer-protocol. The payload of these
multiplexer packets could be PPP packets, most of these packets will be
splitted to several mux packets.
I´ve tried to reassemble these PPP packets (reading that article 9.4.1. How to
reassemble split UDP packets),
