Hi All,
As far as I know, in general, pcap_loop() function of libpcap library is
preferred over pcap_next_ex() function.
Is it related to some kind of fact that pcap_loop() is more
robust/reliable/efficient ?
Thanks.
___
Sen
Hi All,
I wrote a small program which calls pcap_next_ex() function to read packets
while processing a bunch of PCAP files (offline mode) "sequentially" - one
after another.
However, pcap_next_ex() generates a segmentation fault (I observed this
using GNU gdb).
By the way, my program also produc
Hi All,
I wonder how I can detect if there is a VPN connection (remote access or
site-to-site) between any two IPs using wireshark in either online or
offline mode ?
Which parameters should I observe in Wireshark to be able to come to a
decision ?
Thanks.
e out what interactions took
place between the ends of a connection in a common timeline.
It was good to verify this.
Thanks.
On Thu, Sep 3, 2009 at 10:26 PM, Sake Blok wrote:
> On Thu, Sep 03, 2009 at 09:17:26AM +0300, Selçuk Cevher wrote:
> >
> >Is the output of "Follow
Hi All,
Is the output of "Follow TCP Stream" command, with the "Entire Conversation"
option in drop-down list selected, strictly ordered ?
I am guessing that it is not.
As far as I know, this is theoritically not possible since as an observer in
the middle of the communication, it is impossible
Hi,
I made some tests with Wireshark using some sample PCAP files.
I noticed that Wireshark stores the sequence number of the first segment
belonging to a specific connection that it comes across in the PCAP file as
the ISN (initial sequence number) of that connection.
I always thought that ther
, Guy Harris wrote:
>
> On Aug 12, 2009, at 11:52 PM, Selçuk Cevher wrote:
>
> > On the other hand, the development guide also says that a single TCP
> > segment can carry multiple application messages at the same time.
> >
> > In this case, it can not be assum
Hi All,
I am new to Wireshark development and, at this stage, mostly interested in
inner workings of Wireshark.
First, I want to make sure that what I currently know about Wireshark is
correct.
In section 9.4.2 "How to reassemble split TCP Packets" of Wireshark's
development guide, I saw that an
Hi,
Does Wireshark's TCP plugin only use port numbers or some other additional
mechanisms to identify the application layer traffic ?
To me, using only port numbers does not make sense.
If it uses other mechanisms for traffic identification, what are these ?
For example, in case of POP3 and SMT
Is it src or dest port or both that you are checking ?
On Tue, Jul 14, 2009 at 9:56 AM, Siva S wrote:
> Hi,
>
>I'm using udp port no 4635 in one machine. Also, I tried out with
> different port nos. Wireshark on different machine within the same
> subnet is not capturing this udp data. If I'
Hi Everybody,
If I create a new dissector as a plug-in while wireshark is running, should
I recompile wireshark, which will interrupt its execution ? or is it capable
of adapting itself to the newly added plug-in dissectors without its
execution being interrupted ?
Thanks.
___
Hi All,
I am pretty new in wireshark development.
Hence, I need some guidance from the experts ...
I am especially interested in wireshark 's plug-in framework for protocol
dissectors, and so am trying to have a good understanding of its inner
workings.
As far as I know, wireshark uses protocol
Hi Everybody,
First of all, I am not sure if this is the right place to ask this question.
How can I determine the protocol running on data link layer (i.e., Ethernet,
Wi-Fi 802.11, etc) while analyzing packets in a "merged" dumped file with
pcap format if the pcap file contains a mixture of pack
13 matches
Mail list logo
