I did an analysis of the top-level source files, to see the groupings.
*Small Programs*
capinfos.c - for capinfos
dftest..c - for dftest
editcap.c - for editcap
mergecap.c - for mergecap
randpkt.c - for randpkt
rawshark.c - for rawshark
text2pcap.c & text2pcap-scanner.c (generated) - for text2pcap
>
>
> By the way, note that the 802.11 header is *variable length*; the length
> depends on, for example, whether the frame has one, two, three, or four MAC
> addresses, and on whether it's a QoS frame.
Yes, I am taking care of that :)
Abhinav
_
>
>
> No, it's not based on the type of interface, or the mode of the interface.
> It's based on whether the 802.11 payload has been decrypted or not; if
> you're capturing in monitor mode most frames are probably encrypted, but if
> you're not capturing in monitor mode and seeing only frames to o
On Mar 8, 2012, at 6:34 PM, Guy Harris wrote:
>
> On Mar 8, 2012, at 4:47 PM, abhinav narain wrote:
>
>> Can someone tell me what should I expect in the the frame after
>> ieee80211_hdr (which comes after the radiotap header) ?
>
> Yes.
By the way, note that the 802.11 header is *variable le
On Mar 8, 2012, at 4:47 PM, abhinav narain wrote:
> I have seen tcpdump,wireshark both just print packet contents till mac
> header in monitor mode.
> In case of normal wireless interfaces (wlan0), they follow a different
> execution path.
No, it's not based on the type of interface, or the mode
hi,
I have seen tcpdump,wireshark both just print packet contents till mac
header in monitor mode.
In case of normal wireless interfaces (wlan0), they follow a different
execution path.
Can someone tell me what should I expect in the the frame after
ieee80211_hdr (which comes after the radiotap he
On Mar 8, 2012, at 12:26 AM, Guy Harris wrote:
>> alert_box.c
>
> Oops, that one belongs in the ui subdirectory, as it's only used by
> Wireshark, not TShark or rawshark; I'll work on moving it there.
Done.
___
Sent via:
Gilbert Ramirez wrote:
The existence of so many source files in the top-level directory of the
Wireshark source distribution bothers me. I would love to be able to
"ls" the top-level directory and not have it scroll off my screen.
As a general comment: +1/yes please!
_
Guy Harris wrote:
On Mar 7, 2012, at 9:07 PM, Gilbert Ramirez wrote:
I also feel that the directories that distribute data files (radius, dtds, idl), should
all be moved under another new directory, perhaps "definitions", but I know
less about those files.
One advantage of having them in the
On Mar 7, 2012, at 9:07 PM, Gilbert Ramirez wrote:
> With this in mind, and by analyzing the groupings in Makefile.common, I'd
> like to recommend the following movements:
>
> Create new directory called shark, to contain files common, or almost common,
> to the analyzer applications (wireshar
10 matches
Mail list logo
