[Wireshark-dev] FAQ Comments

1. The list of capture file formats in Q 1.13 should be moved to Q 1.12 since it's about capture file formats. 2. The most common question asked on the IRC channel is "How can I use Wireshark to monitor traffic on my network?" The answer we have being giving is for people to use EtherApe

[Wireshark-dev] SampleCaptures vs Sample Captures on the wiki

There seem to be two divergent pages for sample captures. I think these two pages should be coalesced and one redirect to the other. Any preferences as to which should become the canonical samples page? I

[Wireshark-dev] Problems with HTTP Sample Captures

Two of the sample HTTP captures on the Sample Captures wiki page appear to be the wrong files: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=tcp-wireshark-file1.trace and http://wiki.wireshark.org/SampleCaptures?action=Attach

Re: [Wireshark-dev] Small patch to packet-xml.c to allow dissecting the XML within application/rss+xml streams

Patch committed. Kaul wrote: > Used by some RSS servers, it contains XML. > > Regards, > Yaniv. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Smallest patch to req_resp_hdrs.{c|h}

It looks like the req_resp_hdrs.c portion of the patch was not included. Could you resend it? Mike Kaul wrote: > This very small patch declares two variables passed to the function as > const, and re-arranges two lines so they'll appear after an 'if' > statement that if taken, won't need the a

Re: [Wireshark-dev] Optimization

Using various machine settings as a way to improve performance is a common topic on Linux kernel discussion lists. The summary though from what I've read is that for almost all cases the various tunings between i386 and i686 SSE rarely make any appreciable difference at all. A few specific case

Re: [Wireshark-dev] Patch process changes

+1 for using bugzilla to manage patches rather than the mailing lists. I recently created issues for two uncommitted patches that I had previously posted to the mailing list hoping that creating issues would encourage developer action. Gerald Combs wrote: > We've had a problem with patches sent

[Wireshark-dev] [PATCH] HTTP Chunked Body Desegmentation Problem

Enclosed is a patch with fixes problems with the desegmentation of chunked HTTP message bodies. The problem occurs with the current source because the TCP desegmentation code appears to obey literally the response asking for "one more byte" that the HTTP dissector was returning. Using the en

[Wireshark-dev] [PATCH] Add heur_dissector_delete

Enclosed is a patch which adds 'heur_dissector_delete' to epan/packet.[ch] This allows dynamic removal of heuristic dissectors based upon preferences. An example of use in a prefs reinit function : if( gUDP_HEUR ) { if( !udp_register_done ) { g_message( "Registering UDP Heuristic dissec

[Wireshark-dev] Broken HTTP de-chunking?

Enclosed is a small pcap capture extracted from a larger capture. I've had a lot of difficulty getting correct reassembly of the JXTA messages which are in the HTTP response. It seems that the chunked content is not being correctly recognized/re-assembled and the Response Body is never handed

[Wireshark-dev] [PATCH] 64-bit Linux "All Warnings are Errors" Fixes

Enclosed is an update of my previous patch. Now in .gz format! Mike linux_64.21889.patch.gz Description: GNU Zip compressed data ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Compile broken on 64-bit Linux -- packet-dtls.c

packet-dtls.c: In function 'dissect_dtls': packet-dtls.c:433: warning: cast to pointer from integer of different size I hope that with the recent emphasis on fixing warnings that all conversions between pointers and integers are now flagged as errors. For software like Wireshark which doesn't di

[Wireshark-dev] [patch] Update for packet-jxta.c

Adds support for dissecting the new version 2 binary wire format messages. Has been fuzz tested with a number of traces. Mike packet-jxta.diffs_20616.gz Description: GNU Zip compressed data ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org h

Re: [Wireshark-dev] [PATCH 2/2] plugins: New MPEG dissector

Cool dissector! You may want to register your dissector as part of the growing mime media type dissector type table. This would allow any dissector which generically handles mime content to dissect mpeg data. It's pretty easy to add media type support : dissector_add_string("media_type", "text

[Wireshark-dev] PATCH Mime types for text

The enclosed patch updates the set of mime types for line oriented text data per RFC 2046. Mike Index: epan/dissectors/packet-text-media.c === --- epan/dissectors/packet-text-media.c (revision 18881) +++ epan/dissectors/packet-text-

[Wireshark-dev] [PATCH] Process XML DTDs from install directory and user directory

(repost) The enclosed patch extends the way in which DTDs are loaded to allow DTD definitions to be located in both the default installation directory and in the user's .wireshark preferences folder. The patch doesn't provide any handling for duplicate DTD definitions. Mike dtd_loading.187

[Wireshark-dev] [Patch] Process all XML dtds directories

The enclosed patch extends the way in which the xml dissector loads DTD definitions. Rather than loading only a single dtd directory this patch will cause the contents of *both* the ~/.wireshark/dtds (user) and the /usr/local/share/wireshark/dtds (built-ins) to be loaded. The current dtd parsi

Re: [Wireshark-dev] WireShark Indent Style (was: Kismet protocol dissector)

ronnie sahlberg wrote: > hi > checked in. > > > i reindented your patch and changed some stuff like space between a > function name and the '(' Is there a standard 'indent' command line that would be appropriate for WireShark sources? For instance in the JXTA-C project (which I work on) we doc