Hi folks,
Attached is a small patch to fix the problems I saw with filter expressions.
It is a quick simple fix although I think the whole 802.11 dissector
needs a cleanup and the check should possibly be based on the PHY
Type.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
diff --git a/epan/disse
Hi list,
In latest 0.04 r6 version, I have used 0x02, 0x00, 0x00, 0x00 for an IPv4
packet and 0x18, 0x00, 0x00, 0x00 for an IPv6 packet (tell me if you have
better value for IPv6). The driver can return NdisMediumNull now for
loopback interface. Wireshark seems to work now, one little issue is tha
Hi folks,
Here are some possible changes. They seemingly raise more questions
than they answer at this stage, so they are for comments.
diff --git a/epan/dissectors/packet-ieee80211-radio.c
b/epan/dissectors/packet-ieee80211-radio.c
index 7239f8b..2bbb05b 100644
--- a/epan/dissectors/packet-ieee8
I believe just in the past month sometime, someone was talking about
using the "{ }" braces in the display filter to indicate fields
grouped in the same application-layer PDU. So that for example a
filter like "{ foo && bar }" would only match true if foo and bar were
both true in the same PDU, as
On Aug 23, 2015, at 2:55 AM, Graham Bloice wrote:
> As AF_INET6 is defined as 23 on the Windows platform:
> ws2def.h(109): #define AF_INET623 // Internetwork
> Version 6
> Shouldn't code running on that platform, i.e. Wireshark use the appropriate
> value rather than faki
On 23 August 2015 at 04:07, Guy Harris wrote:
>
> On Aug 22, 2015, at 11:07 AM, Pascal Quantin
> wrote:
>
> > DLT_NULL does not work as expected because Npcap is still providing a
> linktype of type Ethernet instead of Null. I was able to fix the
> encapsulation of a captue by running editcap -T
