Re: [Wireshark-dev] Conversations - addresses/ports, more general endpoints, and "circuits" with their own IDs

On Jan 6, 2019, at 10:30 AM, Jaap Keuter wrote: > Rather than simplistic endpoint ID’s I think we need an ID tuple per endpoint, How is a tuple not itself an ID? And not all conversations necessarily have specific endpoints. > which may be combined with one (or more) other tuples representing

Re: [Wireshark-dev] Conversations - addresses/ports, more general endpoints, and "circuits" with their own IDs

Hi list, Rather than simplistic endpoint ID’s I think we need an ID tuple per endpoint, which may be combined with one (or more) other tuples representing single (and multipoint) connections. Examples are an aggregating tap/monitor port which monitors various VLANs, or an MPLS link. Or even clo

Re: [Wireshark-dev] dfilter functions

len - Checks the string length of "string types" (FT_STRING, FT_STRINGZ, FT_UINT_STRING, FT_STRINGZPAD) or array length of "byte types" (FT_BYTES, FT_UINT_BYTES) and does a compare. Examples:len(smpp.message_id)  > 10len(smpp.message) > 25 size - Checks the size of the field in a packet.  Can be

Re: [Wireshark-dev] Function getaddrinfo() vanished in one of the later commits. -> solved.

I will check out if GLIB2 is really necessary for windows and make it conditionally if so. And yes I'm intended to make the tool working in Linux and FreeBSD too. Because it is only using a socket connection to the device, it should be easy to get it working for any platform. The hardest pla

Re: [Wireshark-dev] Conversations - addresses/ports, more general endpoints, and "circuits" with their own IDs

I am very much in favor for this development. There are aggregated protocols out there, where multiple packets are transported in a single frame, and it would very much make sense to be able to individually have them added to conversations. I think, from a conversation endpoint it should simply be

[Wireshark-dev] dfilter functions

Hi I've noticed that the online documentation about dfilter functions just talks about 2 of them, upper and lower: https://www.wireshark.org/docs/man-pages/wireshark-filter.html but there are more that are undocumented AFAICS: - len - size - count Can someone explain me their purpose and give a

Re: [Wireshark-dev] Function getaddrinfo() vanished in one of the later commits. -> solved.

That is in fact the correct solution. I am not really sure why GLIB2_LIBRARIES is needed in this general way, but you will always have to look at your cmake files from a cross-plattform POV to ensure, that your utility is being built on all platforms. It is strongly recommended, that you build your