Re: [Wireshark-dev] rf5 file (k18)

Or that the file format has changed with k18. I wrote support for K12 files first, and had to MODIFY it to read K15 fikles. \L On Sat, Nov 16, 2013 at 3:36 PM, Guy Harris wrote: > > On Nov 15, 2013, at 8:55 AM, Noura KELLOUL wrote: > > > I need to open a rf5 file (k18) of tektronix by Wireshar

Re: [Wireshark-dev] Gently migrating to Git + Gerrit

On Thu, Aug 8, 2013 at 1:21 PM, Evan Huus wrote: > Similarly on Mac, it would be nice if the macosx-setup.sh script could > as much as possible be replaced with a set of homebrew packages (or > some other equivalent). +1 on that -- This information is top security. When you have read it, de

Re: [Wireshark-dev] [Wireshark-commits] rev 50846: /trunk/echld/ /trunk/echld/: Makefile.common child.c common.c dispatcher.c echld.h parent.c

Victim of merging changes... sorry! On Tue, Jul 23, 2013 at 3:48 PM, Joerg Mayer wrote: > On Tue, Jul 23, 2013 at 06:26:38PM +, l...@wireshark.org wrote: > > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=50846 > > > > User: lego > > Date: 2013/07/23 11:26 AM > > > > Log

Re: [Wireshark-dev] Epan Memory Leaks

On Sat, Jul 6, 2013 at 2:05 PM, Evan Huus wrote: > This morning, wmem finally hit the point that I was able to land some > changes to reduce leaks when calling epan_cleanup(). Yesterday, > running valgrind on 'tshark -v' showed over 500KB of leaked memory. > Now it shows 1,722 bytes. > WOW! >

Re: [Wireshark-dev] Wiretap subfiles

re, but I don't see how this would solve your > problem. I'm not sure exactly what you mean by 'open transaction' in > this context though, so perhaps that would clarify. > > On Fri, Jul 5, 2013 at 12:36 PM, Luis EG Ontanon wrote: > > Wiretap subfiles are to be

[Wireshark-dev] Wiretap subfiles

Wiretap subfiles are to be indexes of one or more capture files (the source) that (as long as they correctly reference the source) transparently work as if they were a a single capture file with the features of the source. I think they should contain a magic number, the source filename(s), basic

Re: [Wireshark-dev] [Wireshark-commits] rev 50198: /trunk/ui/qt/ /trunk/ui/qt/: capture_preferences_frame.cpp interface_tree.cpp main.cpp main_window_slots.cpp

I (proudly) still use vi... for quick edits and commit messages... :) On Thu, Jun 27, 2013 at 2:40 PM, Maynard, Chris < christopher.mayn...@gtech.com> wrote: > So I guess you use vi as an editor ... but maybe not this time? :) > I've done that from time to time as well when switching from vi to

Re: [Wireshark-dev] [Wireshark-commits] rev 50141: / /trunk/echld/: CMakeLists.txt echld_parent.c /trunk/: Makefile.am configure.ac echld_test.c

My idea is for echld to dynamically link epan after fork()ing the dispatcher from the client process and before initializing epan so that the client process "does not carry" epan and the dispatcher has a pristine initialized epan ready to be fork()ed that does not carry the entire client process' s

[Wireshark-dev] JSONshark -- Was: Applying for GSOC

The starting point is to define a message based interface for using epan. I believe the best place for doing that is the wiki with the help of the other developpers. Then there's the architechture of the system itself. For which I think we have two or three sub-projects here. I believe more peopl

Re: [Wireshark-dev] GUI functionality from plugins

Actually, funnel.h implements some GUI functionality that can be used by plugins. More functionality can be added to it. On Wed, Sep 19, 2012 at 9:34 AM, David Ameiss wrote: > Summary: I'd like to propose implementing a method of making GUI > functionality more accessible from plugins. > > We ha

Re: [Wireshark-dev] Possible memory leak in ui/gtk/funnel_stat.c:funnel_new_dialog and funnel_dlg_cb

the bellow patch should work... needs to be compiled and tested... Index: funnel_stat.c === --- funnel_stat.c (revision 43689) +++ funnel_stat.c (working copy) @@ -405,14 +405,16 @@ window_destroy(GTK_WIDGET(dd->win)

Re: [Wireshark-dev] emem.c:732: failed assertion [sort-of-SOLVED]

); + g_free(ptr); } /* clear them all out */ On Mon, Mar 1, 2010 at 7:20 PM, didier wrote: > Hi, > Le lundi 01 mars 2010 à 16:48 +0100, varname a écrit : >> Luis EG Ontanon wrote: >> >> Don't know if it's the only way, but changing

Re: [Wireshark-dev] emem.c:732: failed assertion [sort-of-SOLVED]

On Mon, Mar 1, 2010 at 4:48 PM, varname wrote: > Luis EG Ontanon wrote: >>> Don't know if it's the only way, but changing the limit to 10MB fixed it >>> for my situation. >> >> It might have worked it arround until an 11Mb request overflows it again. >

Re: [Wireshark-dev] emem.c:732: failed assertion [sort-of-SOLVED]

On Mon, Mar 1, 2010 at 3:38 PM, varname wrote: > > just to follow up on this > > >> results in a failed assertion whenever http_media.len is rather large >> (I'm guessing larger than 5MB from the text of the assertion). The >> assertion itself: > > That was a typo, it's actually ~2.5MB, as its shi

Re: [Wireshark-dev] Extending wireshark with Python

alculator on an everyday basis. Keep on the good work. On Mon, Jun 1, 2009 at 3:31 PM, Sébastien Tandel wrote: > Hi Luis, > > I'm happy to see you're enthusiast! :) > > > On Sun, May 31, 2009 at 22:01, Luis EG Ontanon wrote: >> >> I made the Lua bindings an

Re: [Wireshark-dev] Extending wireshark with Python

I made the Lua bindings an application of the C API, not a simple export. (e.g. proto_item and proto_tree are combined instead of dealt individually, objects are managed in their scope so that deleted objects are not accessed by Lua). The reasons why I avoided just mapping the C API were many but

Re: [Wireshark-dev] UAT access from within the registration functions

ich, if changed, doesn't > lead to the calling of the apply_cb passed in prefs_register_protocol... > Perhaps there is a reason for it, but for now, my requirement is met and I > am submitting a new patch. > > Thanks again! > Abhik. > > On Fri, Apr 10, 2009 at 8:06 AM

Re: [Wireshark-dev] UAT access from within the registration functions

You can call uat_load() to have it loaded before preferences. 2009/3/25 Abhik Sarkar : > Hi All, > > I want to read some data from a UAT while I am still in the registration > functions. Going through the documentation and the code, it seems that all > UAT tables are loaded when preferences are

Re: [Wireshark-dev] Wireshark licence terms and dissectors

http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#LinkingWithGPL On Thu, Dec 18, 2008 at 3:59 PM, Rob Meades wrote: > Apologies if this is already known, but I couldn't find the answer in > the FAQ. > > We have created a dissector for Wireshark and would like to provide it > to our custo

Re: [Wireshark-dev] How to find duplicate packets with time interval less than 2ms

er "i" is already used (for (i)nterface), the "w" is taken too (for (w)ritefile). I'd add this param/feature as a "W" for duplicate time (W)indow. e.g. $ dumpcap ... -d -W 15 for 15ms Good work, This is a very useful feature IMHO. > > Petr > > Luis

Re: [Wireshark-dev] How to find duplicate packets with time interval less than 2ms

The issue there is that you'll need a buffer whose size is indeterminate (you can get way more than 4 packets in 2ms). So the buffer should adjust. BTW if you add a parameter for the time window it would be certainly more useful. On Fri, Nov 28, 2008 at 4:13 AM, Petr Janata <[EMAIL PROTECTED]>

Re: [Wireshark-dev] VoIP call analysis

On Wed, Nov 26, 2008 at 9:52 PM, Michael Lum <[EMAIL PROTECTED]> wrote: > > Hi Luis, thanks for responding, > You welcome. > > I wasn't expecting any tie in between the A-interface (Iu-CS) > signaling and MAP/TCAP. Just as an example a Location-Update flows from a BSC to the HLR. RAN -(RANAP/BSS

Re: [Wireshark-dev] sua (ansi / itu tcap payloads)

There are differences in how ANSI-TCAP and ITU-TCAP are encoded. These are used to guess what it is. Take a look to dissect_tcap() in asn1/tcap/packet-tcap-template.c:157 On Tue, Nov 25, 2008 at 5:53 PM, cco <[EMAIL PROTECTED]> wrote: > hi! > > how exactly does wireshark distinguish the sua pack

Re: [Wireshark-dev] VoIP call analysis

nother dialog as a whole for this. > Thanks. > > -- > Michael Lum Principal Software Engineer > 4600 Jacombs Road +1.604.276.0055 > Richmond, B.C. > Canada V6V 3B1 > Star Solutions > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PRO

Re: [Wireshark-dev] VoIP call analysis

if IOS5 uses the connection-less SCCP service SCCP-connection-tracking cannot help you. If it instead uses the Conection-Oriented SCCP service, you can take a look at how RANAP and BSSAP put "interesting information" into the SCCP data for the packet/connection. (Beware that in order to trace cal

Re: [Wireshark-dev] SCCP equivalents in SUA dissector

.[ds]lr .*ssn* .*.gti. *.[nr]i On Thu, Nov 20, 2008 at 11:40 AM, Abhik Sarkar <[EMAIL PROTECTED]> wrote: > Hi All, > > Just as the M3UA dissector added a section called "MTP3 equivalents" > in packets which make it possible to use MTP3 fields for filtering, > would it be fair to have SCCP equival

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 2978] Crash in Reassembly

2008/10/18, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2978 > > > Arun kaliraja.B <[EMAIL PROTECTED]> changed: > >What|Removed |Added >

Re: [Wireshark-dev] Making a dissector for a text proto using ISO 10646 (Unicode) in UCS-2(was: Using external DTD)

About XML/DTD: The XML dissector would need far more than FT_STRING_UNICODE to handle XML with multibyte encoded chars . The tvbparse API (on which the xml dissector) would need to be exteded to handle multi-byte chars. And some parts of how to do it aren't clear to me. What about multibyte chars

Re: [Wireshark-dev] Error while setting up check-out of code

Try to pass the proxy settings manually. e.g.: > HTTP_PROXY=1.2.3.4: > nmake -f Makefile.nmake setup \Lego On Mon, Sep 29, 2008 at 3:55 PM, Roshan Nair <[EMAIL PROTECTED]> wrote: > Hi, > > I am seeing thiis error while I execute the command "nmake -f Makefile.nmake > setup". The error I get i

Re: [Wireshark-dev] [Wireshark-commits] rev 26261: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-xml.c packet-xml.h

I'm curious about where does this lead... On Wed, Sep 24, 2008 at 12:42 PM, <[EMAIL PROTECTED]> wrote: > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=26261 > > User: kukosa > Date: 2008/09/24 03:42 AM > > Log: > put original tag name (not lowercase) into dissected xml structu

Re: [Wireshark-dev] XML Parser

trunk/diameter/dictionary.xml \Lego On Mon, Sep 22, 2008 at 4:48 PM, Luis EG Ontanon <[EMAIL PROTECTED]> wrote: > Well I wrote that lexer for Diameter to avoid yet-another-dep. I did > not expect yet more parsers to follow-suit. > > I myself hate XML and all the paraphernalia t

Re: [Wireshark-dev] error LNK2001: unresolved external symbol _mtp3_standard

I think it is enough to add mtp3_standard to libwireshark.def as other variables are and then re-link. On Mon, Sep 22, 2008 at 1:08 PM, Xiao Li <[EMAIL PROTECTED]> wrote: > Hello, > I have wrote a wireshark plugin and it was built successfully under > unix. But when building it under Windows,

Re: [Wireshark-dev] XML Parser

Well I wrote that lexer for Diameter to avoid yet-another-dep. I did not expect yet more parsers to follow-suit. I myself hate XML and all the paraphernalia that comes with it... my writing of the XML dissector was an unsuccesful exercise of de-mystification. I hate it even more after writing it!

Re: [Wireshark-dev] [Wireshark-commits] rev 26226: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-sctp.c

+ static guint last_frame - guint last_frame On Thu, Sep 18, 2008 at 12:06 AM, Luis EG Ontanon <[EMAIL PROTECTED]> wrote: > Does it work if you do > > guint last_frame = 0; > ... > if (framenum == 0) > framenum = ++last_frame; > > > On Wed, Sep 17, 2008 at 11:

Re: [Wireshark-dev] [Wireshark-commits] rev 26226: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-sctp.c

Does it work if you do guint last_frame = 0; ... if (framenum == 0) framenum = ++last_frame; On Wed, Sep 17, 2008 at 11:59 PM, <[EMAIL PROTECTED]> wrote: > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=26226 > > User: morriss > Date: 2008/09/17 02:59 PM > > Log: > If we're

Re: [Wireshark-dev] lua http.request and http.response structure

, x.label) end > Thanks, > Riccardo > > Luis EG Ontanon wrote: >> A bug in wireshark... >> That should't fail (not at least that way)! >> >> Can you open a bug in https://bugs.wireshark.org and attach to it both >> the code and a capture file that show

Re: [Wireshark-dev] lua http.request and http.response structure

tp_response_data) > > end > > > end > > > > but it gives me this error: > > ERROR:(ftype-tvbuff.c:133):val_repr_len: assertion failed > (rtype==FTREPR_DFILTER) > > Aborted > > > What's wrong with it? > > Thanks, > Riccardo > > Luis EG On

Re: [Wireshark-dev] lua http.request and http.response structure

es") but it gives an error when i > try to print it. > > Best Regards, > Riccardo > > Luis EG Ontanon wrote: >> I'm wrote preety much all of WS Lua's interface, and I am not aware of >> any such "structure"... >> >> There are tap-data str

Re: [Wireshark-dev] lua http.request and http.response structure

I'm wrote preety much all of WS Lua's interface, and I am not aware of any such "structure"... There are tap-data structures of lua that are extracted from header files of dissectors using code generated by epan/wslua/make-taps.pl which in turn is controlled by epan/wslua/taps . These are *willin

Re: [Wireshark-dev] with-lua does not compile

It appears like lua_State is not defined (like if the configure script actually found lua but it did not set up propperly CFLAGS and LDFLAGS). Can you get this to compile using just what you find in /usr/lib ? (CFLAGS=/usr/local/include LDFLAGS=/usr/local/lib) /*start*/ #include #include int ma

Re: [Wireshark-dev] Has anybody link wireshark to rrdtool?

I do not think you'll get much out of it. Wireshark is a memory eater, it is not made to be a long running process, little by little it uses all available memory until it crashes. IMHO, rrdtool databases make sense only for long running apps. On Tue, Aug 26, 2008 at 10:56 AM, <[EMAIL PROTECTED

Re: [Wireshark-dev] Wireshark Rx Interface Decoding

open a bug (https://bugs.wireshark.org), mark it as enhancement, attach rxpolicy.xml to it and add a copy of the line you added to dictionary.xml to the comment when you open it. On Fri, Aug 22, 2008 at 10:32 PM, Bastiani, David <[EMAIL PROTECTED]> wrote: > I have created an XML file for Rx inte

Re: [Wireshark-dev] Lint of packet-tcp.c

On Thu, Aug 21, 2008 at 10:50 PM, Ulf Lamping <[EMAIL PROTECTED]> wrote: > Anyway, I would try to avoid using commercial products for open source > development where reasonably possible ... It's already We. -- This information is top security. When you have read it, destroy yourself. -- Marsha

Re: [Wireshark-dev] [Wireshark-users] bug in sub-allocator emem.c - guard pages cause unnecessary 'out of memory' condition

Well, that's a "security feature" (some would call it band-aid security). That's why its's there even if it costs a lot. It's work is to be able to detect memory corruption conditions (and yes it does, we are still getting and fixing of crashes reported by this (buffer overflows) ). But on the oth

Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol dissector

My vote goes for 2) : Wireshark is a troubleshooting tool and a vulnerable key can be source of trouble. It would be plainly wrong not to notify of a potential source of trouble if we can. I wonder whether we actually need to decrypt? I think we just need to build a hash of broken keypairs indexe

Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol dissector

Insecurity people panic... security people take action... Security people that ban a program that finds/exploits a hole are not security people... security people makes sure a well known a very impacting vulnerabiliy is taken away. I think that letting users to know that e.g. their Bank's website

Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol dissector

I'd be against inclusion too... Wireshark is a Protocol-Analyzer not a Network Penetration Analysis tool or something similar. from that PoV it's just unappropriate... On the other hand someone has to tell the sysadmin to dump that key ASAP, bad guys know it's broken already. 65536 attempts to see

[Wireshark-dev] intense EP memory corruption checks

Hi folks, Last night I checked in a patch to emem.[ch] and packet.c to enable intense checking of EP canaries. Diverselly to the current checks done only once EP memory is being yield. With this one compiled in, if the env var WIRESHARK_DEBUG_EP_CANARY exists, it performs the canary check in seve

Re: [Wireshark-dev] Windows build environment changes

Does that mean that I just need to install the tools (MSVC2008+cygwin) do a checkout, make setup, and make all with no need anymore to modify any files? \Lego On Tue, Aug 5, 2008 at 7:13 PM, Gerald Combs <[EMAIL PROTECTED]> wrote: > I just set the default MSVC_VARIANT in config.nmake to MSVC2008

Re: [Wireshark-dev] old wiretap-0.3.1.dll in Wireshark 1.0.2win32installer

Preety quickly in relative terms... DJB pointed out the vulnerability back in July 2001... that would be more than 7 years (http://cr.yp.to/djbdns/forgery-cost.txt). \Lego On Mon, Aug 4, 2008 at 7:08 PM, Gerald Combs <[EMAIL PROTECTED]> wrote: > On Mon, 04 Aug 2008 11:29:54 +0200, Jaap Keuter <

Re: [Wireshark-dev] Build failure on Linux (GCC 3.4.6)

I think it's might be a fake. next_tvb is considered volatile... because dissector_try_port() does not specify the argument as constant so the compiler thinks it might change while popping the stack on a longjmp. Hi, does the attached patch gets rid of the warning? Luis On Mon, Aug 4, 2008 at 1:

[Wireshark-dev] lost debugging symbols in off tree build on leopard

I got a new Mac, new processor family (much hotter), new OS version, new checkout... Same configure options I used to use. It builds OK. But, as I launch gdb for wireshark, I get plenty of these warnings : warning: Could not find object file "/Users/lego/ws_trunk/build/epan/.libs/libwireshark.la

Re: [Wireshark-dev] Windows "build docs" step failing on xmllint of wslua_pinfo.xml

I don' get it: Why it fails on line 154 and doesn't do it 6 lines before on line 148 for an identical structure I guess removing the undocumented Grabage collectors from the docs should fix the prior. I'll check the results. tvb:__to

Re: [Wireshark-dev] Accessing SCTP data chunk length etc

the information about the length of the transported pdu is passed via the tvb. take a look at tvbuff.h On Mon, Jul 21, 2008 at 3:20 PM, Gastermann, Bernd Christian <[EMAIL PROTECTED]> wrote: > Dear Wireshark team! > > I am currently writing a wireshark plugin which dissects custom data chunks >

Re: [Wireshark-dev] [Wireshark-users] tshark and /tmp/etherXXXX files

Or... what happens if you try to open these files with wireshark? Does it crash? On Sat, Jul 19, 2008 at 4:31 AM, Luis EG Ontanon <[EMAIL PROTECTED]> wrote: > I guess these are very large files. Most people wouldn't bother if they > weren't. > > So I guess you are

Re: [Wireshark-dev] [Wireshark-users] tshark and /tmp/etherXXXX files

I guess these are very large files. Most people wouldn't bother if they weren't. So I guess you are doing long running captures and periodically tshark crashes http://wiki.wireshark.org/KnownBugs/OutOfMemory . You could "wrap" tshark in a script that cleans behind those files. A Developer wonder

Re: [Wireshark-dev] accessing field in IP header from L2TP dissector

He says the only interesting info there's in the IP header is the length. If he needs it to calculate the length of the payload. There's no need to access the IP header.The length of the payload data is passed to the dissector intrinsically by the tvb (tvb->length). L On Fri, Jul 18, 2008 at 11:0

Re: [Wireshark-dev] SVN #25615: "Wiretap code probably shouldn't abort the application either."

The one in k12.c is leftover debugging code, The asertion will never fail (not anymore). \Lego On Thu, Jul 17, 2008 at 6:36 PM, Bill Meier <[EMAIL PROTECTED]> wrote: > The Windows buildbot has been failing since about July 1 due to > checkAPIs -g abort errors for several wiretap files. > > One c

Re: [Wireshark-dev] How to register the plugins

On Wed, Jul 16, 2008 at 8:55 AM, <[EMAIL PROTECTED]> wrote: > > > It is a connection oriented message with CODT type > [...] > > I couldn't understand how bssap packet of same format (CODT) could able to > dissect without SSN no. but the one which I wrote couldn't dissect them > properly. For C

Re: [Wireshark-dev] cast increases required alignment of target type in packet-diameter.c

I think the cast to void* is OK. the GArray is created given sizeof(struct contained_t) so it is going to mallocate a block of N*sizeof(struct contained_t) and the very first struct contained_t will be aligned o the base of the block given by malloc (a void*), taking into account that compilers ar

Re: [Wireshark-dev] V5.2 and PRI protocols

V5.2 is not implemented and it has to be written (from scratch) there's an V5UA implementation but while semantically it is the same syntactically it's a different protocol. As per ISDN-PRI (DSS1), it uses Q.931 over LAP-B for call control and both are implemented. BTW neither V5.2 nor DSS1 are t

Re: [Wireshark-dev] How to register the plugins

Does it use Connection Oriented or Connection Less? SCCP and SUA carry the SSN number only in the CC message. So, In order to know which subdissector to use for CO messages other than CC SCCP/SUA mantains a table of connections, this is disabled by default (try enabling "Trace Associations" in SCC

Re: [Wireshark-dev] Wireshark version

I made sure it wasn't a typo. > > -martin > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Luis EG > Ontanon > Sent: Wednesday, July 09, 2008 9:03 AM > To: Developer support list for Wireshark > Subject: Re: [Wireshark

Re: [Wireshark-dev] Wireshark version

I saw a report on this ML of someone downloading the 1.0.0 installer from the 1.0.1 link... is this another case? On Wed, Jul 9, 2008 at 2:59 PM, Jeff Morriss <[EMAIL PROTECTED]> wrote: > > > Martin Corraine (mcorrain) wrote: >> Hello, >> >> Is there a reason the new version of the win32 Wiresha

Re: [Wireshark-dev] LUA development highlighting bytefield display with LUA

test > > And the filter I'm trying to use is MYPROTO.stuff correct? > > > -Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Luis EG > Ontanon > Sent: Friday, June 20, 2008 10:09 AM > To: Developer support list for Wireshark > Subjec

Re: [Wireshark-dev] LUA development highlighting bytefield display with LUA

myproto.field1 == 3", not "my_proto contains field1". The keyword contains is for another purposeL "my_proto contains 01:02:03" whould match only if the bytes belonging to my_proto contain the hex sequence 010203. > > -Original Message- > From: [EMAIL PRO

Re: [Wireshark-dev] Recursive dissection

with tvb_new_subset() you create a sub-tvb with the range you are interested in, then you can recur onto your function passing it that sub-tvb. On Wed, Jun 18, 2008 at 9:16 PM, Matt Poduska <[EMAIL PROTECTED]> wrote: > Hello, > > In order to accept into the Wireshark codebase, it was suggested tha

Re: [Wireshark-dev] Function explanation of WireShark

Use the SOUrce young padawan... what about tvbuff.h 2008/6/19 Jiabin Liao <[EMAIL PROTECTED]>: > Hi, > > Recently, I want to write a plug-in for WireShark. But I can do it smoothly, > for I always could not understand the examples in the source packeg, such as > packet-udp.c. The problem is I can

Re: [Wireshark-dev] LUA development highlighting bytefield display with LUA

and the second should highlight all but the first byte, > which it doesn't. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Luis EG > Ontanon > Sent: Tuesday, June 17, 2008 7:47 AM > To: Developer support list for Wiresha

Re: [Wireshark-dev] LUA development highlighting bytefield display with LUA

Lua uses the very same API that dissectors use. For protocol tree items created with Lua (when they are given a tvbRange) the bytes in the hex dump pane get highlighted as with any other dissector. On Mon, Jun 16, 2008 at 3:37 PM, Rowswell, Brent <[EMAIL PROTECTED]> wrote: > Hey there, > > I was

Re: [Wireshark-dev] LUA development changing column headers

uot;hpux_devid",COL_HPUX_DEVID}, {"dce_call",COL_DCE_CALL}, {NULL,0} }; On Mon, Jun 16, 2008 at 2:38 PM, Rowswell, Brent <[EMAIL PROTECTED]> wrote: > Thank you for getting back to me so quickly, > > So you're saying that I can edit the text in the pinfo.column

Re: [Wireshark-dev] LUA development changing column headers

You cannot add columns that way using Lua, Lua can use just the columns that are already there under pinfo.columns ... The outdated example you talk about does not create a column it just switches over the src and dst addresses. On Fri, Jun 13, 2008 at 12:04 AM, Rowswell, Brent <[EMAIL PROTECTED]

Re: [Wireshark-dev] SSL decryption breaks after retransmission

I personally believe not passing retransmitted frames is a better choice, besides that its implementation is narrower, I see it as natural for a transport protocol not to pass retransmissions to the upper layer. All in all the user has a link in the packet details to the originally-transmitted fram

Re: [Wireshark-dev] packet parsing question

You want to read doc/README.developer from the src tree. On Thu, May 29, 2008 at 4:31 PM, Piety, Timothy [USA] <[EMAIL PROTECTED]> wrote: > Hi, > > I am trying to figure out how wireshark actually does teh dissection of a > packet. I have a packet and I know the protocol, but do not have a parser

Re: [Wireshark-dev] Something has happened to the uat dialogs...

On Wed, May 28, 2008 at 8:27 PM, Guy Harris <[EMAIL PROTECTED]> wrote: > Sake Blok wrote: > >> I think these errors were introduced after the whole GTK-1 cleanup. > > No, the use of GTK_TREE_VIEW() on rep->clist goes back at least as fiar > as revision 20599, long before we got rid of GTK+ 1.2[.x]

Re: [Wireshark-dev] Lua and heuristic dissectors

No planning on anything... Still it shouldn't be too complex to add heuristic dissectors... We should: - change the current "lua dissector" (the wrapper that invokes the lua user function) to use the signature of a new-style dissector and pass the return of the lua function. - change the registe

Re: [Wireshark-dev] A question about how to improve the time resolution of ARRIVAL TIME?

To obtain nanosecond (1e-9) precision with a PC running windows is possible... To have <1ms (1e-3) variance for timestamps on windows (and most unices as well) is utopy. AFAIK not even with QNX you can get close to us (1e-6). Machines that do capture with ns precision actually do so directly in

Re: [Wireshark-dev] own dissector doesn't work with root

Wireshark won't load plugins not owned by root if running as root. That is to avoid someone writing a plugin that (e.g.) executes a shell with root priviledges in a system where wireshark is allowed by sudo. # chown root your_plugin By the way WS as of 1.0 does not require to be run as root anymo

Re: [Wireshark-dev] request help for packet capture using libpcap

Nothing captured? Unflushed output? 24 bytes is the pcap file header and no packets. On Tue, May 6, 2008 at 1:10 PM, <[EMAIL PROTECTED]> wrote: > > > Hello , > > I have been trying to write a small application using libpcap library. > Purpose is to capture some live network packets(say 100 pac

Re: [Wireshark-dev] Compiling with VS-2005

you can either build it yourself with MSVC6 (that's what we use for official releases) or just publish it so that it comes with official releases. On Mon, May 5, 2008 at 3:38 PM, Barry Constantine <[EMAIL PROTECTED]> wrote: > > > > > I recently wrote my first dissector and compiled with Microsoft

Re: [Wireshark-dev] Help: How to add files to Wireshark

On unix: make clean ./autogen.sh ./configure make On windows: nmake -f Makefile.nmake clean nmake -f Makefile.nmake all On Wed, Apr 30, 2008 at 3:20 PM, goitom kahsay <[EMAIL PROTECTED]> wrote: > Hi Jaap, > > Thank you very much for every thing. > > > But the added file does not compile.

Re: [Wireshark-dev] Do we require lua version 5.1 for the lua plugin?

For practical reasons I removed lua 5.0.x support when I migrated wslua into epan. I thought I had modified the autogen stuff to reflect this. I think we should look for lua_getfield() to verify if we are using the right version. Luis On Tue, Apr 29, 2008 at 7:45 AM, Joerg Mayer <[EMAIL PROTEC

Re: [Wireshark-dev] how to modify tvbuff_t* tvb

Do not. If you need to modify the buffer get a (ep) copy of the buffer and work on it. On Mon, Apr 28, 2008 at 11:29 AM, prakash chowbey <[EMAIL PROTECTED]> wrote: > hi, > as we extract a particular octet from a tvb (of type tvbuff_t*) using > tvb_get_guint8(tvb , offset); > how can we assign(

Re: [Wireshark-dev] [Wireshark-commits] rev 25171: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-umts_fp.c

On Sat, Apr 26, 2008 at 3:34 AM, Jeff Morriss <[EMAIL PROTECTED]> wrote: > > I get what he's saying but I just don't get it: why would the compiler > convert from int to unsigned short *before* it has to send the value into > the call to dowork()? E.g., 'x' should be an int until I (explicitly or

Re: [Wireshark-dev] [Wireshark-commits] rev 25171: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-umts_fp.c

On Fri, Apr 25, 2008 at 10:17 PM, Jeff Morriss <[EMAIL PROTECTED]> wrote: > Guy Harris wrote: > > http://www.cs.berkeley.edu/~wychen/cs261/proposal.htm > > If Figure 1 is really a problem then my understanding of C just went out > the window... I wouldn't have got this by myself withou

Re: [Wireshark-dev] Windows Build Error: ascend-scanner.c(1737) : error C2220: warning treated as error - no object file generated

It's a matter with flex 2.5.35 take a look to http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2493 On Wed, Apr 23, 2008 at 12:20 PM, Edward king <[EMAIL PROTECTED]> wrote: > Hi, > I am trying to do my first build of Wireshark on Windows platform using: > > VC6.0 > Cygwin > GNU bash, version 3.

Re: [Wireshark-dev] how do you get SDP dissector info to useitwitha new dissector?

Needs any of this info or > additional info you first have to add it to this information to the SDP data > structure then the RTP dissector Should hand it to your payload dissector > which should be called from the RTP dissector or possibly the payload > Dissector could pick it up fro

Re: [Wireshark-dev] [Wireshark-commits] rev 25148: /trunk/epan/ /trunk/epan/: oids.c

On Wed, Apr 23, 2008 at 12:54 AM, Joerg Mayer <[EMAIL PROTECTED]> wrote: > On Tue, Apr 22, 2008 at 07:31:07PM +, [EMAIL PROTECTED] wrote: > > From LEGO: > > Shouldn't the commit message name Luis as the author? > It does! -- This information is top security. When you have read it, destr

Re: [Wireshark-dev] how do you get SDP dissector info to use it with a new dissector?

I do not understand what you want to do. If all you want is to get RTP's media dissected just invoking the sdp dissector to dissect the sdp buffer might be enough. SDP will take care of "registering" the RTP converstations definded in it so that related media packets are passed to RTP and that RTP

Re: [Wireshark-dev] Should we support GTK+ 2.0[.x] and 2.2[.x], or just 2.4 and later?

Should the fact that the "Older Versions" section in http://www.gtk.org/download-linux.html does not show anyone bellow 2.4 be taken as a hint on what to do? On Mon, Apr 21, 2008 at 7:06 PM, Bill Meier <[EMAIL PROTECTED]> wrote: > Guy Harris wrote: > > > Ulf Lamping wrote: > > > >> > >> So t

Re: [Wireshark-dev] Problem with init.lua

revision 25044 changes the directory where it looks for the file. On Tue, Apr 15, 2008 at 2:04 PM, Maynard, Chris <[EMAIL PROTECTED]> wrote: > With SVN 25042, I now see this lua-related error on Windows XP: > > 'dfilter.lib' is up-to-date > cd .. > cd wslua > NMAKE /

Re: [Wireshark-dev] SNMPv3 auth/priv password length

revision 25043 removes this useless check, Thanks. On Tue, Apr 15, 2008 at 1:07 PM, Freudenberger, Markus <[EMAIL PROTECTED]> wrote: > Hi Everyone, > > For a test setup I need the set passwords for SNMPv3 auth and priv with > a characters length < 8. > Actually in version 1.0.0 , there is a le

Re: [Wireshark-dev] Problem with init.lua

checked in 25042, that should tell you what's failing. On Tue, Apr 15, 2008 at 11:00 AM, Anders Broman <[EMAIL PROTECTED]> wrote: > > > > > Hi, > I get this when starting up WS and I think during compile too: > > Lua: syntax error during precompilation of > `C:\wireshark\wireshark-gtk2\init.lua':

Re: [Wireshark-dev] se_tree_foreach() not compiling under XP

Hello, se_tree_foreach is not listed in libwireshark.def, *nix.so don't use it while windows dlls do. On Sun, Apr 13, 2008 at 6:39 PM, <[EMAIL PROTECTED]> wrote: > > > > > Hello > > I can't compile my code with the function se_tree_foreach (from emem.h), I > got following error (if I comment ou

Re: [Wireshark-dev] Wireshark decoding error- protocol DNS - section Flags for AD and CD bits information

Hi, Thanks for the detailed report and traces (traces are always very appreciated). You better open a bug in http://bugs.wireshark.org that way we do keep track of this. Or else we risk just loosing track of it. Thanks, Luis On Fri, Apr 11, 2008 at 12:29 PM, März, Frank <[EMAIL PROTECTED]> wrot

Re: [Wireshark-dev] Triggers

On Thu, Apr 10, 2008 at 11:03 PM, Guy Harris <[EMAIL PROTECTED]> wrote: > Luis EG Ontanon wrote: [snip] > > I did not notice the load-peak while playing with it but I believe I > > should have felt it in my very slow PPC mac... do pcap_dispatch works > > differen

Re: [Wireshark-dev] Triggers

erently in linux and bsds? (Guy?) Thanks Luis On Thu, Apr 10, 2008 at 10:13 PM, Jason <[EMAIL PROTECTED]> wrote: > Luis EG Ontanon wrote: > > > As far as triggers go a while ago I checked in trigcap.c. > > > > Nice. > > > > > It

Re: [Wireshark-dev] wslua: reading raw file?

So, That's not called a dissector but a file format. And NO, lua cannot be used to describe file formats. That would had been simply sluggish (at least the attemt I gave to it besides being an ugly hack it was simply unusable). If the file format is of general interest would be probably better wr

Re: [Wireshark-dev] [Wireshark-users] wireshark statistic function (sum)

On Tue, Apr 8, 2008 at 2:46 PM, Sake Blok <[EMAIL PROTECTED]> wrote: > BEWARE: > > "One important thing to note here is that the field that the calculation > is based on MUST also be part of the filter string or else the calculation > will fail." > > (from the manpage of tshark) We ought to c

Re: [Wireshark-dev] Redefining gtk version in uat_gui.c?

I probably just copied these from another file (color filters maybe?). I never noticed this. On Mon, Apr 7, 2008 at 6:18 AM, Stephen Fisher <[EMAIL PROTECTED]> wrote: > Why does this code at the top of gtk/uat_gui.c redefine > GTK_MAJOR_VERSION to 1 if it is >= 2?? > > if GTK_MAJOR_VERSION >= 2

  1   2   3   >