Re: [Wireshark-dev] can't compile wireshark version 4.0

On Thu, Oct 20, 2022 at 11:22 AM w...@comcast.net wrote: > I can't compile wireshark version 4.0 on Raspberry Pi ubuntu 22.04 > > Here is the error from make. > > I've attached cmake success and make error logs.txt, CMakeError.log and > CMakeOutput.log > > [ 84%] Building CXX object ui/qt/CMakeFi

Re: [Wireshark-dev] git doesn't like me anymore

my ID (which it never did before). I think I've managed to get it wrong 4 times in a row, and now I'm locked out. Now what can I (also) do to unlock it? (from bad to worse) Fulko > On Sun, Jan 17, 2021 at 3:44 PM Fulko Hew wrote: > >> >> The subject line says it

[Wireshark-dev] git doesn't like me anymore

The subject line says it all, but it doesn't say why. git and I just don't seem to understand one another. I've made a new dissector, and I went through the whole process to clone the repo, add/change my stuff, resync it, and submit my merge request. Now the approver(s) asked for some changes, an

[Wireshark-dev] How to allow string matching on a decoded string field ?

I have a protocol that has an encrypted string as one of its fields. A Lua based dissector (for example) shows this using the following code snippet: xx_proto.fields.msg = ProtoField.string("xx.msg", "Msg", base.ASCII) local decoded = decrypt(buf, start) subtree:add(xx_proto.fields.msg, buf(start

Re: [Wireshark-dev] Trouble uploading Wireshark enhancement

On Sat, Oct 24, 2020 at 12:15 AM chuck c wrote: > https://gitlab.com/wireshark/wireshark/-/merge_requests/698 > > Fulko Hew @fulko.hew closed 2 hours ago > Fulko Hew @fulko.hew reopened 2 hours ago > Fulko Hew @fulko.hew closed 2 hours ago > > If it will let you reopen aga

Re: [Wireshark-dev] Trouble uploading Wireshark enhancement

Thanks for all the advice. I think I've gotten further. I got as far as the 'press the “Submit merge request” button' step and did it. I then saw a page that described my merge request, and added a comment with an attached PCAP file to use for testing. At the bottom was a 'close merge request' bu

Re: [Wireshark-dev] Trouble uploading Wireshark enhancement

On Fri, Oct 23, 2020 at 2:07 AM Jaap Keuter wrote: > > On 23 Oct 2020, at 04:21, Fulko Hew wrote: > > I've enhanced a Lua based dissector, and have also rewritten it > in 'C' so that it can be included in the next release of Wireshark. > > Now I'm try

[Wireshark-dev] Trouble uploading Wireshark enhancement

I've enhanced a Lua based dissector, and have also rewritten it in 'C' so that it can be included in the next release of Wireshark. Now I'm trying to submit it. My last submission was back in 2007, and things have changed a little since then. I believe? the latest doc on how to submit changes ar

Re: [Wireshark-dev] lua decoder accessing info from layers above

On Mon, Oct 12, 2020 at 8:34 PM John Thacker wrote: > > On Mon, Oct 12, 2020, 8:00 PM Fulko Hew wrote: > >> >> I'm trying to update/improve someone else's decoder written in Lua. >> It's for a simple UDP (and TCP) based protocol. >> But I need t

[Wireshark-dev] lua decoder accessing info from layers above

I'm trying to update/improve someone else's decoder written in Lua. It's for a simple UDP (and TCP) based protocol. But I need to be able to get access to the upper layer to be able to decode it easily. Can someone provide an example of how to determine if the higher layer was UDP or TCP? Thanks

Re: [Wireshark-dev] A description of Wireshark

On Wed, Jan 14, 2015 at 8:49 PM, Jeff Morriss wrote: > On 01/12/2015 04:08 PM, Jaap Keuter wrote: > ... snip ... > Here's my latest attempt; it's still a bit wordy but I like the idea of > advertising just how great Wireshark is. Of course the first bit comes > from the website's About page.

Re: [Wireshark-dev] On which platforms is there a need for Wireshark to have a "Language" preference?

On Thu, Nov 6, 2014 at 3:58 PM, Guy Harris wrote: ... snip ... > I'm *really* trying to understand the reasons why an additional "select the > language" > option, over and above a system "select the language" option, is useful, > and whether it's useful in *all* environments or only in ones whe

Re: [Wireshark-dev] (no subject)

On Thu, Mar 31, 2011 at 11:52 AM, Chaswi Przellczyk wrote: > > Dear Anders, > > I'm feeling a bit silly here, since "wireshark trunk" only makes sense to > me in using the trunk-branch of wireshark to do that and I have found three > of those >* 1.5 (unstable) trunk >* 1.4 (stable) trunk

Re: [Wireshark-dev] how to handle dissecting length encoded strings

On Mon, Mar 14, 2011 at 12:17 PM, Chris Maynard wrote: > Chris Maynard writes: > > Oops, I guess you still need to NULL-terminate context if n_oct is 0 The trouble is that tvb_get_nstringz0() calls tvb_get_nstringz() under the covers and its tvb_get_nstringz() that has the issue. It expects to

[Wireshark-dev] how to handle dissecting length encoded strings

I'm looking into a bug in a dissector, and I don't see what the 'right way' to fix it would be. Here's the existing code snippet: static int dissect_octet_string(tvbuff_t *tvb, proto_tree *tree, int offset, char flags) { guint32 n_oct, p_noct; char context[1024]; NORLEL(flags, n_oct,

Re: [Wireshark-dev] TCP data PDU decoding fails depending on TCP options field?

On Fri, Oct 1, 2010 at 3:19 PM, Sake Blok wrote: > On 1 okt 2010, at 20:35, Fulko Hew wrote: > > > On Fri, Oct 1, 2010 at 2:18 PM, Sake Blok wrote: > > Could you please open a bug report at http://bugs.wireshark.org and > attach the two tracefiles so that we don't lose

Re: [Wireshark-dev] TCP data PDU decoding fails depending on TCP options field?

On Fri, Oct 1, 2010 at 2:18 PM, Sake Blok wrote: > On 1 okt 2010, at 19:53, Fulko Hew wrote: > > > Imagine my surprise when Wireshark failed to decode the > > AgentX protocol inside some captured packets. It all > > depends on where the packets originated from (which O

[Wireshark-dev] TCP data PDU decoding fails depending on TCP options field?

Imagine my surprise when Wireshark failed to decode the AgentX protocol inside some captured packets. It all depends on where the packets originated from (which OS). Attached are two capture sessions of AgentX traffic. One decodes... Between a Linux box and a Linux box. One doesn't... Between a

Re: [Wireshark-dev] Discerning Ethernet 802.3 vs Ethernet II (or TCP/IP)

On Mon, Sep 29, 2008 at 1:15 PM, Pat Kujawa < [EMAIL PROTECTED] <[EMAIL PROTECTED]>>wrote: ... snip ... > In reading through packet-eth.c, it seems that the ethernet type is being > determined by checking a length field, but I don't understand where that > field is coming from ("etype = pntohs(&

Re: [Wireshark-dev] Live HTTP Header Inspection - 2nd attempt

On Fri, Sep 19, 2008 at 10:47 AM, Sheahan, John <[EMAIL PROTECTED]>wrote: > Hi guysno one answered my last post regarding this topic so I'm > posting it again. > > I am new to the list and have used the Wireshark gui alot in the past. I am > in need of writing a script to look at some live ht

Re: [Wireshark-dev] How/where do I add an attachment to a Bugzilla entry

On Nov 23, 2007 11:30 AM, Fulko Hew <[EMAIL PROTECTED]> wrote: > I'm trying to submit a bugzilla entry for my patches and new dissectors > but I can't find anything on the entry page that allows me to add my > patch file as an attachment. > > Am I missing something

[Wireshark-dev] How/where do I add an attachment to a Bugzilla entry

I'm trying to submit a bugzilla entry for my patches and new dissectors but I can't find anything on the entry page that allows me to add my patch file as an attachment. Am I missing something obvious, or should I include the patchset inline as part of the 'bug description'? ... And I'd like to g

Re: [Wireshark-dev] my added dissectors don't appear in the Makefile

On Nov 8, 2007 2:16 PM, Jeff Morriss <[EMAIL PROTECTED]> wrote: > Fulko Hew wrote: > > > > Im just wrapping up development on my enhancements and new > > dissectors for wireshark, and while preparing my patch set, I'm > > testing it by applying it to a

[Wireshark-dev] A #define MUST_DO_SELECT problem/question

I was just about to wrap-up my additions to wireshark by porting my enhancements from version 0.99.4 to the latest (0.99.6a 'ish) version from SVN when I encountered an 'issue'. Somewhere between these two versions, there was a change to capture_loop.h that enforces #define MUST_DO_SELECT on linux

[Wireshark-dev] my added dissectors don't appear in the Makefile

Im just wrapping up development on my enhancements and new dissectors for wireshark, and while preparing my patch set, I'm testing it by applying it to a virgin tarball. The developer instructions say I just had to add my src files to epan/dissectors/Makefile.common, and then I run 'configure' and

Re: [Wireshark-dev] Startup speed up - assembler usage

On Nov 7, 2007 8:20 AM, Kukosa, Tomas <[EMAIL PROTECTED]> wrote: > > profiling startup sequence (in Windows environment) the result is that > writing few small functions in assembler could speeded it up visibly. > My idea is to have some code pieces written in C but optionally written in > assembl

Re: [Wireshark-dev] Capture->Interface shows incorrect statistics

On 8/30/07, Stig Bjørlykke <[EMAIL PROTECTED]> wrote: > > Den 30. aug. 2007 kl. 18.35 skrev Fulko Hew: > > > The error _is_ in the ifdef, looking at that code... the ifdef > > polarity does not match > > the polarity in the comments, but the comments _do_ matc

Re: [Wireshark-dev] Capture->Interface shows incorrect statistics

On 8/30/07, Stig Bjørlykke <[EMAIL PROTECTED]> wrote: > > 2007/8/30, Fulko Hew <[EMAIL PROTECTED]>: > > I was looking at the results from the Capture->Interface statistics > display > > and the information I get from _my_ embedded system, and I thought > &g

[Wireshark-dev] Capture->Interface shows incorrect statistics

(on wireshark 0.99.4) I was looking at the results from the Capture->Interface statistics display and the information I get from _my_ embedded system, and I thought I had an error, but I don't think I do... In ./gtk/capture_if_dlg.c: update_if() the comments talks about the differences between wp

[Wireshark-dev] Cairo errors when running Wireshark on an embedded system

The good news is I no longer have my previous complaint about a misconfigured fonts.conf. (When I build the X client libraries it appears that fontconfig did not get built properly. When I explicitly rebuilt it manually, that resolved the issue.) Today's problem is while invoking Wireshark, I no

[Wireshark-dev] "No fonts found" error

The last (apparent) step in getting Wirehark built for an embedded system had given me a roadblock. When I run Wireshark I get: No fonts found; this probably means that the fontconfig library is not correctly configured. You may need to edit the fonts.conf configuration file. More information abo

Re: [Wireshark-dev] What is the process to submit patches for my new DLT support code?

[EMAIL PROTECTED] wrote on 07/23/2007 01:22:17 PM: > Fulko Hew wrote: > > a)What is the proper procedure to get my code/support for my new DLT type > >incorporated into the official release of PCAP? > > Send a patch to [EMAIL PROTECTED] I assume I should be fetching an

[Wireshark-dev] What is the process to submit patches for my new DLT support code?

a)What is the proper procedure to get my code/support for my new DLT type incorporated into the official release of PCAP? b) See Note 1 for a second question. The changes amount to: 1/ gencode.c: Add a 'case DLT_SITA'. 2/ pcap-bpf.h: Add '#define DLT_SITA 196'. 3/ pcap.c: Add "DLT_CHOICE(DLT_S

[Wireshark-dev] How to apply a custom translation/rendering method to the data in the bottom pane (hex data dumper)?

As the subject line asks, is there a function I can invoke in a dissector to change the way the bottom pane of the display opperates. I'd like to affect two different things: 1/ I'd like all the data to be masked first before being displayed as hex (just like stripping a parity bit) 2/ I ne

Re: [Wireshark-dev] what parameters for dissector_add() for a non-nested protocol

[EMAIL PROTECTED] wrote on 07/18/2007 11:29:00 AM: > Well thats what (I think) I'm now doing, and yet, the value > isn't registered, because the 'default' dissector gets called, > not my ipars dissector. > > Obviously I'm not getting something right. ... snip ... I'm following up on my own post

Re: [Wireshark-dev] what parameters for dissector_add() for a non-nested protocol

[EMAIL PROTECTED] wrote on 07/16/2007 06:12:02 PM: ... snip ... > You could, for example, ... snip ... >acn_dissector_table = register_dissector_table("acn.proto", "ACN > protocol number", FT_UINT32, BASE_HEX); > > have the dissector for your private WTAP type do > >

Re: [Wireshark-dev] what parameters for dissector_add() for a non-nested protocol

Wow. thanks for that great explanation. It makes me wonder if I'm not missing any API documentation somewhere? And if I'm not... stuff like this should be there. It would certainly save you a lot of time answering what are probably basic developer philosophy issues. BTW. I have read the README.de

Re: [Wireshark-dev] what parameters for dissector_add() for a non-nested protocol

A follow-up answer to my original post (for posterity sake)... fulko hew wrote on 07/16/2007 10:02:37 AM: > I've scoured the READMEs and dissectors for details on the parameters > for disector_add(). It seems as though all the cases are different > than my (simple) case, so I

[Wireshark-dev] what parameters for dissector_add() for a non-nested protocol

I've scoured the READMEs and dissectors for details on the parameters for disector_add(). It seems as though all the cases are different than my (simple) case, so I'm at a loss as to how to register my sub-protocol, so it gets called properly. I have a private WTAP type for which I have written

[Wireshark-dev] how do I create a dissector that doesn't set the Protocol column?

I'm making progress on my proprietary capture device, and the next step is to create a dissector. The first stages are OK, but now I'm trying to capture and dissect packets with my WTAP type. One of the issues is that there are existing well known protocols embedded in my captured packets that I

Re: [Wireshark-dev] GPL license question

[EMAIL PROTECTED] wrote on 07/11/2007 03:44:13 PM: > Do you really think this case is a "borderline" one if the plugin is > using the wireshark dissection API? No, I am not saying anything. I don't know enough about the details of Wireshark plug-in/dissector development. I'm still trying to f

Re: [Wireshark-dev] GPL license question

[EMAIL PROTECTED] wrote on 07/11/2007 01:16:26 PM: > Hi, > > Actually I disagree ;) > > From reading below the question is "is it an independent and separate > work"? The GNU FAQ says its not: > http://www.gnu.org/licenses/gpl-faq.html#GPLAndPlugins Unfortunately, the FAQ is a FAQ and not the

Re: [Wireshark-dev] GPL license question

[EMAIL PROTECTED] wrote on 07/11/2007 10:45:27 AM: > No, you can't keep the code for you nor limit the distribution of the > plugin object code. It is the basic principle of the GPL. If you're > distributing/selling your plugin, you have to distribute the code. And > everyone receiving (paying f

Re: [Wireshark-dev] capturing data from a propietary device

[EMAIL PROTECTED] wrote on 07/10/2007 07:41:52 PM: > > On Jul 10, 2007, at 1:42 PM, [EMAIL PROTECTED] wrote: > > > I'm trying to figure out how to format (or where to place the data) > > in the pcap buffer when capturing my WAN protocols. > > > > I've built a system that will capture the data an

Re: [Wireshark-dev] capturing data from a propietary device

[EMAIL PROTECTED] wrote on 07/10/2007 05:00:59 PM: > [EMAIL PROTECTED] schrieb: > > I'm trying to figure out how to format (or where to place the data) > > in the pcap buffer when capturing my WAN protocols. > > > > I've built a system that will capture the data and feed it via pcap to > > wires

[Wireshark-dev] capturing data from a propietary device

ireshark to go looking in there. I have tried to look through docs and mailing lists, but I haven't found anything to help me yet. :-( Can anyone out there please enlighten me? TIA Fulko Hew This document is strictly confidential and intended only for use by the addressee unless othe

Re: [Wireshark-dev] non-existant default interface

Guy Harris wrote: >On Feb 13, 2007, at 11:51 AM, [EMAIL PROTECTED] wrote: > > >>The problem is that there is code in gtk/capture_dlg.c at line 677 >>that looks to see if you had specified an interface on the command >>line, and failing that, then extract the 'capture.device' entry >>from the wires

[Wireshark-dev] non-existant default interface

Hi all: I am developing/enhancing Wireshark/PCAP to support capturing and displaying traffic (both IP based protocols on Ethernets as well as industry specific WAN protocols) from our LAN/WAN routers. I have enhanced Pcap to get and return _my_ list of available interfaces from our devices and r