[Wireshark-dev] buildbot failure in Wireshark (development) on Windows-7-x64

The Buildbot has detected a new failure of Windows-7-x64 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Windows-7-x64/builds/619 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: windows-7-x64 Build Reason: B

[Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-10.04-x64

The Buildbot has detected a new failure of Ubuntu-10.04-x64 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Ubuntu-10.04-x64/builds/849 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: ubuntu-10.04-x64 Build R

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

> Sorry, I didn't make it clear that "what RFC that is" is "what RFC - if any - > says that ephemeral ports should be handed out by default", not "what RFC > explains what SHOULD and MUST mean". *Is* there an RFC that describes > well-known, registered, and ephemeral ports? The first two of th

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

On Dec 15, 2010, at 8:26 PM, Chris Maynard wrote: > Guy Harris writes: > >> SHOULD in some RFC - or even a MUST - but I don't know offhand what RFC that >> is) > > http://tools.ietf.org/html/rfc2119 Sorry, I didn't make it clear that "what RFC that is" is "what RFC - if any - says that ephe

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

Guy Harris writes: >SHOULD in some RFC - or even a MUST - but I don't know offhand what RFC that >is) http://tools.ietf.org/html/rfc2119 ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/l

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

On Dec 15, 2010, at 1:46 PM, Christopher Maynard wrote: > The problem I have with this is that 3503 is registered to MPLS Echo so that > dissector shouldn't have to be changed to essentially become a heuristic one > to > accommodate this port-stealing protocol. The protocol itself might not be

Re: [Wireshark-dev] [work in progress / stuck] improved dissection for VNC (correct hextile encoding, correct desegmentation)

Kaul skrev 2010-12-15 21:05: On Wed, Dec 15, 2010 at 4:29 PM, Jeff Morriss @gmail.com > wrote: Kaul wrote: > 3. Corrected hextile encoding parsing. It's quite wrong the way it's > done today (see 2nd rectangle in packet 23 of the attached

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

> The problem I have with this is that 3503 is registered to MPLS Echo so that > dissector shouldn't have to be changed to essentially become a heuristic one > to > accommodate this port-stealing protocol. It's essentially the same situation > as There is no port stealing. The IANA list is just

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

Christopher Maynard wrote: > Stephen Fisher writes: > >>> In addition to Christopher Maynard's suggestions, the surest way to >>> fix it is to make both dissectors "new-style" so that they verify that >>> the traffic on the port they're registered on (3503) is the right >>> traffic they're exp

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

Stephen Fisher writes: > > In addition to Christopher Maynard's suggestions, the surest way to > > fix it is to make both dissectors "new-style" so that they verify that > > the traffic on the port they're registered on (3503) is the right > > traffic they're expecting and kick it back to Wire

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

On Wed, Dec 15, 2010 at 02:30:47PM -0700, Stephen Fisher wrote: > In addition to Christopher Maynard's suggestions, the surest way to > fix it is to make both dissectors "new-style" so that they verify that > the traffic on the port they're registered on (3503) is the right > traffic they're e

Re: [Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

On Wed, Dec 15, 2010 at 03:02:31PM -0500, eymanm wrote: > I have a dissector plugin that is registered with port A. Once in a > while, this dissector is not kicking in. It looks like it > "overpowered" by a dissector with registered port 3503 (lsp-ping). It > looks like port 3503 is defined in

Re: [Wireshark-dev] How to avoid dissection based on port d efined by a different dissector?

eymanm writes: > I have a dissector plugin that is registered with port A. Once in a while, this dissector is not kicking in. It looks like it "overpowered" by a dissector with registered port 3503 (lsp-ping). It looks like port 3503 is defined in epan\dissectors\packet-mpls-echo.c(39):#define UD

Re: [Wireshark-dev] [work in progress / stuck] improved dissection for VNC (correct hextile encoding, correct desegmentation)

On Mon, Dec 13, 2010 at 11:29 PM, Christopher Maynard < chris.mayn...@gtech.com> wrote: > Kaul writes: > > > Hi,Attached please find an incomplete, work-in-progress improved > dissection of > the VNC protocol. > > Hi Kaul, I think it would be better to open a bug report for this and > submit the

Re: [Wireshark-dev] [work in progress / stuck] improved dissection for VNC (correct hextile encoding, correct desegmentation)

On Wed, Dec 15, 2010 at 4:29 PM, Jeff Morriss wrote: > Kaul wrote: > > 3. Corrected hextile encoding parsing. It's quite wrong the way it's > > done today (see 2nd rectangle in packet 23 of the attached sample > > capture). It completely ignored the fact that the hextile encoding is > > actually e

[Wireshark-dev] How to avoid dissection based on port defined by a different dissector?

I have a dissector plugin that is registered with port A. Once in a while, this dissector is not kicking in. It looks like it "overpowered" by a dissector with registered port 3503 (lsp-ping). It looks like port 3503 is defined in epan\dissectors\packet-mpls-echo.c(39):#define UDP_PORT_MPLS_ECHO 35

Re: [Wireshark-dev] New network interface card integration

On Dec 15, 2010, at 8:09 AM, kristian.mart...@freenet.de wrote: > I have libpcap and it works OK (interface is visible in Wireshark, I assume this is the card you'd asked about earlier in "LTE over AAL2"? > can be this card are only shown as hex data. To not spent extra dissector > efforts the

Re: [Wireshark-dev] Problems with release 1.4.2?

On 12/15/2010 11:50 AM, Herbert Falk wrote: > Yes, Winpcap 4.1.2 is installed. A build of 1.2.6 (on same machine) does > not throw this error. > > > > I was in the process of migrating from 1.2.6 to 1.4.2 and this error > appeared. > OK: Let's simplify: What happens for the following cmds: dump

Re: [Wireshark-dev] Structure of protocol tree

What are you talking about? It's Wednesday. Everyone knows that UTF8Strings have indefinite lengths on Wednesdays. On Dec 15, 2010, at 8:50 AM, Jaap Keuter wrote: > Hi, > > "With the proper use of subtrees the structure of even the most complex > protocols becomes clear." > ... and then came AS

Re: [Wireshark-dev] Problems with release 1.4.2?

Yes, Winpcap 4.1.2 is installed. A build of 1.2.6 (on same machine) does not throw this error. I was in the process of migrating from 1.2.6 to 1.4.2 and this error appeared. --- Herbert Falk SISCO 6605 19-1/2

Re: [Wireshark-dev] Structure of protocol tree

Hi, "With the proper use of subtrees the structure of even the most complex protocols becomes clear." ... and then came ASN.1 ... ;) Thanks, Jaap On Wed, 15 Dec 2010 17:32:13 +0100, "news.gmane.com" wrote: > "Jaap Keuter" wrote in > message news:75883c052eaf82074dac3aef04d29...@xs4all.nl... >

Re: [Wireshark-dev] Problems with release 1.4.2?

Hi, Do you have WinPcap installed/running? Thanks,Jaap On Wed, 15 Dec 2010 11:19:26 -0500, "Herbert Falk" wrote: I have just downloaded and built (successfully) 1.4.2. However, when I execute the resultant wireshark, the following error is displayed:     This prohibits me from doing any capture

[Wireshark-dev] Problems with release 1.4.2?

I have just downloaded and built (successfully) 1.4.2. However, when I execute the resultant wireshark, the following error is displayed: This prohibits me from doing any captures. Assistance on how to fix this issue would be appreciated. --

Re: [Wireshark-dev] Structure of protocol tree

"Jaap Keuter" wrote in message news:75883c052eaf82074dac3aef04d29...@xs4all.nl... > Hi, > > This 'colorize' is mainly intended to mark changeover into another > protocol. > Usually you see this at the top level (from the root), but occasionally > when a protocol is encapsulated (some ITU protoco

Re: [Wireshark-dev] [work in progress / stuck] improved dissection for VNC (correct hextile encoding, correct desegmentation)

Kaul wrote: > 3. Corrected hextile encoding parsing. It's quite wrong the way it's > done today (see 2nd rectangle in packet 23 of the attached sample > capture). It completely ignored the fact that the hextile encoding is > actually encoding a series of 16 by 16 pixel tiles (hence hexTILE, I >

Re: [Wireshark-dev] Structure of protocol tree

Hi, This 'colorize' is mainly intended to mark changeover into another protocol. Usually you see this at the top level (from the root), but occasionally when a protocol is encapsulated (some ITU protocols show this). As long as your 'structures' are at the top level, these could be considered vali

[Wireshark-dev] Structure of protocol tree

When I look at other dissector's output they use the proto_tree_add_protocol_format only for indicating that a new protocol is engaged. These protocol lines in the tree are also displayed in other colors. That makes it easy to navigate by eyes. I have a protocol with a lot of structures inside. Wh

Re: [Wireshark-dev] Automatic test for a dissector DLL

"Douglas Wood" wrote in message news:37d3213e-8407-4ac8-9149-ea6bbf68e...@ieee.org... > But, wireshark is organized to call the PDML print code with all the > fields. It is very easy to "flatten" the hierarchy and choose what to > keep. It is possible that the CSV print code is easier to modi

[Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-10.04-x64

The Buildbot has detected a new failure of Ubuntu-10.04-x64 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Ubuntu-10.04-x64/builds/845 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: ubuntu-10.04-x64 Build R