Super - thanks much. With code too!
Now, should I play with this new button Tool, or debug my coreos boot
script...
Best regards - BobG
On 5/7/20 12:38 PM, Maynard, Chris via Wireshark-users wrote:
It seems like the desired functionality is to inject a "marker" packet
into the capture? If so, you could use an external program, something
like /ping/ or /nc/, to do that. I tend to use a separate script for
this, something such as:
#!/bin/sh
if (( ${#} < 1 ))
then
echo "Usage: $0 <message> [host]"
exit 0
fi
if (( ${#} < 2 ))
then
# Send a syslog message $1 to host 1.1.1.1
echo "${1}" | nc -w 1 -u 1.1.1.1 514
else
# Send a syslog message $1 to the host $2
echo "${1}" | nc -w 1 -u ${2} 514
fi
However, if you want something like this integrated with Wireshark,
then it is possible with Lua. Here’s a sample “proof-of-concept” Lua
script that will send a packet whenever you click the send button. I
successfully tested this on Windows (with Cygwin tools installed for
/nc/) , but I did need to run Wiresahrk as an administrator for this
to work. I’ve illustrated two commands, /ping/ and /nc/, but you can
tailor it however you wish. Here’s the contents of the marker.lua
file that you can experiment with:
if not gui_enabled() then
return
end
local count = 1
local function marker_window()
local win = TextWindow.new("Marker");
win:set("Marker " .. count)
win:add_button("Send", function()
-- Choose a command; here are a couple of examples:
local cmd = "echo " .. win:get_text() .. "| nc -w 1 -u 1.1.1.1
514"
--local cmd = "ping -n 1 -l 100 1.1.1.1"
os.execute (cmd)
count = count + 1
win:set("Marker " .. count)
end)
end
register_menu("Marker", marker_window, MENU_TOOLS_UNSORTED)
You can call it splat.lua and rename /“Marker”/ to /“Splat”/ if you
prefer that. The file should be stored in your Wireshark plugins
directory. If Wireshark is running, you’ll need to restart it. Refer
to _https://wiki.wireshark.org/Lua/Examples#dialogs_and_TextWindows_
for more information or to the Lua section of the Wireshark
Developer’s Guide:
_https://www.wireshark.org/docs/wsdg_html_chunked/wslua_menu_example.html_.
Hope it helps.
- Chris
-----Original Message-----
From: Wireshark-users <wireshark-users-boun...@wireshark.org> On
Behalf Of Bob Gustafson
Sent: Thursday, May 7, 2020 12:48 PM
To: wireshark-users@wireshark.org; Jaap Keuter <jaap.keu...@xs4all.nl>
Subject: Re: [Wireshark-users] Newbee - propose Splat Button
Thanks Jaap.
I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens -
no mark... Ahh, when I move cursor off packet to be marked, I see
marked packet as white on black rather than white on blue.
The functionality I'm looking for is to actually store the user button
(splat) in the saved file. But maybe I don't need that if I just keep
Wireshark open on my screen. Also, other users may use the saved file
for other purposes - parse and act. Having a splat actually in the
saved file might not be so good. But then, those folks probably would
not be looking at the screen anyway.
I will do my experiments again (and again) and use the Mark feature.
It may be good enough.
Thanks much - BobG
On 5/7/20 11:08 AM, Jaap Keuter wrote:
> Hi Bob,
>
> Good to hear the program is helpful for your quest.
>
> As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a packet from the list, hit ⌘M (on macOS) /
probably Ctrl+M (on others). You can also find the option in the Edit
menu. Unfortunately these marks are not (yet) saved to the capture
file, but remain as long as the capture is loaded.
>
> Hope it helps,
> Jaap
>
>
>> On 7 May 2020, at 17:43, Bob Gustafson <bob...@rcn.com
<mailto:bob...@rcn.com>> wrote:
>>
>> Hi list
>>
>> I'm in the process of working through the initial boot of a new box, a new
os (coreos), and a new (to me) iPXE.
>>
>> It is a trial and error process for me - my coding is a bit sloppy and I don't read all of the instructions the
first time around.
>>
>> Wireshark has been very helpful as the boot process is between the new box and a host (Fedora31) I can see all of
the successes and failures that hit the net.
>>
>> -----
>>
>> To increase my visibility, rather than using a boot script, I am keying in the boot steps by hand (kernel, initrd,
...) and then observing the results on my minicom screen and on wireshark.
>>
>> This is a long process (given my errors..).
>>
>> I can copy the lines on my minicom screen and copy the lines from wireshark for subsequent inspection with a cup of
coffee.
>>
>> It would really be nice if I could mouse over to the Wireshark window during my actions and click on a special BUTTON,
which would enter a blank (or default or TBD text) into a new line on
the Wireshark packet transcript window. The SPLAT.
>>
>> Then, when I look at the minicom save, and the wireshark save, I can see roughly what I did at various places in
time without having to ponder the Time column in wireshark.
>>
>> Thanks for your attention, keep safe, wash hands
>>
>> Bob Gustafson
>>
CONFIDENTIALITY NOTICE: This message is the property of International
Game Technology PLC and/or its subsidiaries and may contain
proprietary, confidential or trade secret information. This message is
intended solely for the use of the addressee. If you are not the
intended recipient and have received this message in error, please
delete this message from your system. Any unauthorized reading,
distribution, copying, or other use of this message or its attachments
is strictly prohibited.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
