[Wireshark-dev] Is it possible to create filterable field names based on parent tree?

In the Wi-SUN packet filters there are some information elements (IEs) with common/reused field names. In the example tree below the US-IE and BS-IE both have Dwell Interval, Clock Drift, Timing Accuracy, Channel Control, Regulatory Domain, and Channel Plan ID. The header_field_info for those fiel

[Wireshark-dev] Re: Is it possible to create filterable field names based on parent tree?

ression it could be a problem. Thanks for the help. James On Sat, Nov 16, 2024 at 7:38 PM John Thacker wrote: > > On Sat, Nov 16, 2024 at 9:18 PM James Ko wrote: > >> In the Wi-SUN packet filters there are some information elements (IEs) >> with common/reused field names.

[Wireshark-dev] Please review MR 3448 to fix race condition in 17013

Hi, Capture pipe mode is something I use regularly and the race condition identified in 17013 of capture parent (wireshark/tshark) reading the capture file before the source SHB is passed through dumpcap leads to empty captures which requires

Re: [Wireshark-dev] Tshark closing unexpectedly due to failure reading from file

Thanks Guy. That was my analysis since my last email as well. I just hadn't come up with a fix. ;-) I just have one question about the fix.. Is it okay to send multiple SP_FILE indications on the same file? If the pcapng stream inserts a new SHB to start a new section does dumpcap restart with a

Re: [Wireshark-dev] Tshark closing unexpectedly due to failure reading from file

Hi John, Thanks for your analysis. If you still have the strace logs would you attach them to the bug report together with your analysis? So I think the questions now are.. Why do we have the difference in read/write timing? What are the events that need to happen before the first bytes are writ

Re: [Wireshark-dev] Tshark closing unexpectedly due to failure reading from file

mental problem? > > On Thu, 19 Nov 2020 at 08:37, James Ko wrote: > >> @Guy. This is on ubuntu linux distribution. I'm using Xubuntu 18.04LTS >> and I believe Alastair is on Ubuntu 16.04LTS. >> Assuming the buffer/page/disk cache is not doing the right thing is

Re: [Wireshark-dev] Tshark closing unexpectedly due to failure reading from file

the latest release but I don't expect this will make much difference as the dumpcap/tshark interface has been around for years. James On Wed, Nov 18, 2020 at 9:22 PM Guy Harris wrote: > On Nov 18, 2020, at 4:25 PM, James Ko wrote: > > > I've been helping Alastair debug this

Re: [Wireshark-dev] Tshark closing unexpectedly due to failure reading from file

I've been helping Alastair debug this problem and this is as far as we got. I can only think of a race condition between dumpcap completing the packet writing to the file and tshark being able to read the expected number of new packets. I do see there is fflush() in capture_loop_write_pcapng_cb()

[Wireshark-dev] wiki EditorGroup permissions request

Please add my username, JamesKo, to the wiki EditorGroup so that I may add/contribute changes to WPANFamily pages. Thanks ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev

Re: [Wireshark-dev] Adding IEEE 802.15.4 DLT for meta data?

From: Wireshark-dev on behalf of James Ko Sent: Thursday, January 10, 2019 11:10 To: Guy Harris; Developer support list for Wireshark Subject: Re: [Wireshark-dev] Adding IEEE 802.15.4 DLT for meta data? Thanks Guy, I submitted my request for a link-type assignment but I see that the DLT_PPI is ge

Re: [Wireshark-dev] Adding IEEE 802.15.4 DLT for meta data?

: Monday, January 7, 2019 13:50 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Adding IEEE 802.15.4 DLT for meta data? On Jan 7, 2019, at 1:18 PM, James Ko wrote: > There are ongoing proposal in pcapng format for adding generic wireless meta > data options to the enhanced

[Wireshark-dev] Adding IEEE 802.15.4 DLT for meta data?

I've been looking at how to add additional meta data information to IEEE 802.15.4 packets which are not part of the packet itself but may be part of the capture interface or required to aid in decrypting packets. There are ongoing proposal in pcapng format for adding generic wireless meta data

Re: [Wireshark-dev] Windows dumpcap -i TCP@

th an appropriate COMMIT-ID) and push the resulting commit. Kind regards, Peter https://lekensteyn.nl (pardon my brevity, top-posting and formatting, sent from my phone) On October 4, 2018 7:34:44 PM GMT+02:00, James Ko wrote: >Thanks. I've been a bit confused myself from a concussion. > &

Re: [Wireshark-dev] Windows dumpcap -i TCP@

tober 3, 2018 11:03 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Windows dumpcap -i TCP@ On Wed, 3 Oct 2018 at 18:58, James Ko mailto:ko_2...@hotmail.com>> wrote: Can I petition for this as a fix rather than a feature since the -i TCP@ works in the Linux builds

Re: [Wireshark-dev] Windows dumpcap -i TCP@

: Re: [Wireshark-dev] Windows dumpcap -i TCP@ Ignore my last, I was confusing the change with another. The Release policy still applies though. On Wed, 3 Oct 2018 at 18:36, Graham Bloice mailto:graham.blo...@trihedral.com>> wrote: On Wed, 3 Oct 2018 at 18:31, James Ko mailt

Re: [Wireshark-dev] Windows dumpcap -i TCP@

6.x release? James ____ From: James Ko Sent: Wednesday, September 19, 2018 00:42 To: Developer support list for Wireshark Subject: Re: Windows dumpcap -i TCP@ Actually wireshark is not running on the Linux side and this is not using rpcap. I am using the TCP@ sockets st

Re: [Wireshark-dev] Windows dumpcap -i TCP@

the remote side? I think some work has ben done on rpcap recently so trying out the development version is an option. https://www.wireshark.org/download/automated/win64/ Regards Anders From: Wireshark-dev On Behalf Of James Ko Sent: den 18 september 2018 02:22 To: wireshark-dev@wireshark.org

[Wireshark-dev] Windows dumpcap -i TCP@

Hi, I am trying to connect to a remote PCAPNG stream from Windows using the TCP@ socket interface but the connection closes immediately after connecting. The same dumpcap command on linux works just fine to the remote TCP socket. No errors indicating any failure are printed from dumpcap.exe

Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap

dumpcap On 22 November 2017 at 18:13, James Ko mailto:jim.l...@hotmail.com>> wrote: Attached is my patch to get this working (with caveats). To support this involved reading the the pcapng block header and parsing the just the section header block for endianess. Then just rewrites t

Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap

Attached is my patch to get this working (with caveats). To support this involved reading the the pcapng block header and parsing the just the section header block for endianess. Then just rewrites the all blocks using the original/input endianess format to the pipe without looking much furthe