Re: [Wireshark-dev] How could Wireshark write / read the pcap file simultaneously?

On Apr 1, 2014, at 10:52 PM, Aaron Lewis wrote: > From what I know, it seems like dumpcap listens for traffic and record > everything > And the wireshark GUI read and parse that file. (Usually a file located in > /tmp) > > But, > 1) how did wireshark know there's a new packet? Dumpcap tells i

[Wireshark-dev] How could Wireshark write / read the pcap file simultaneously?

Hi, >From what I know, it seems like dumpcap listens for traffic and record everything And the wireshark GUI read and parse that file. (Usually a file located in /tmp) But, 1) how did wireshark know there's a new packet? 2) what happens if /tmp is full? I'm not sure about the mechanism -- Best

[Wireshark-dev] Wireshark 1.11.3 on FreeBSD: no plugins are loaded

Hey there, I compiled Wireshark 1.11.3 on FreeBSD and can see that the plugins (especially one dissector I wrote as a plugin) is working in the build environment. When I copy the build to another FreeBSD machine, Wireshark runs properly but does not seem to load any of the plugins in the plugin fo

Re: [Wireshark-dev] how to decode a packet based on the flags in the previous packet.

See doc/README.request_response_tracking -Original Message- From: qiaoyin_yang To: wireshark-dev Sent: Tue, Apr 1, 2014 10:14 am Subject: [Wireshark-dev] how to decode a packet based on the flags in the previous packet. Hello All, I am writing a dissector. The capturedtraffic has

[Wireshark-dev] how to decode a packet based on the flags in the previous packet.

Hello All, I am writing a dissector. The captured traffic has a request packet and a response packet. How the response should be decoded depends on the information in the previous request packet. The request contains a few bytes that I want to read and use it in decoding the response packet.

Re: [Wireshark-dev] Difference between wiretap, winpcap and libpcap

On Apr 1, 2014, at 12:20 AM, Vishnu Bhatt wrote: > Can somebody explain to me the exact difference between the above three? I > read in the doc that wiretap is used to read .pcap or any other extn file and > winpcap and libpcap are libraries used to capture packets in wireshark. libpcap is a

Re: [Wireshark-dev] Difference between wiretap, winpcap and libpcap

Hi Vishnu, WinPCap is effectively an external "branch" (not sure if "fork" is the correct term, since the devs track upstream libpcap) of the libpcap library (which is designed to abstract the packet capturing APIs of at least various UNIXesque OSes, and also MS-DOS) for 32-bit, and 64-bit Wind

[Wireshark-dev] Difference between wiretap, winpcap and libpcap

Hello, Can somebody explain to me the exact difference between the above three? I read in the doc that wiretap is used to read .pcap or any other extn file and winpcap and libpcap are libraries used to capture packets in wireshark. Thanks Vishnu Bhatt ===