Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi, The unistim plugin was added to the repository in revision 22558. The buildbot builds are in the download section. Thanx, Jaap Jaap Keuter wrote: Hi, A unistim plugin for Wireshark is in the works. It's currently at the stage of fuzztesting, which shows some problems. Once that's done it's complete and added to the repository. Thanx, Jaap J P wrote: Hi Everyone, This may be off topic, but it may be useful in the development of the Unistim Plug in for Wireshark. Network Instruments has just released an add-on for Observer that will decode Unistim. The cost is approx $1000 per license. I would prefer not to purchase and use the Wireshark version being developed. -John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] save payload from RTP trace
Hi, sorry for my english :) I am writing plugin for wireshark, which will be decode payload from RTP-trace. payload was encoded using G.729. in this moment i can save payload from only one packet(20-30bytes decode to 20-30ms). Please, can anybody tell me how i can scan all packages in trace. i think the function is in wireshark SDK -- С уважением, Илья Куделин mailto:[EMAIL PROTECTED] icq# 154801384 jabberID [EMAIL PROTECTED] ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] save payload from RTP trace
The following links should help you get started... http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectConversation.html Best regards, Abhik. On 8/21/07, Илья Куделин [EMAIL PROTECTED] wrote: Hi, sorry for my english :) I am writing plugin for wireshark, which will be decode payload from RTP-trace. payload was encoded using G.729. in this moment i can save payload from only one packet(20-30bytes decode to 20-30ms). Please, can anybody tell me how i can scan all packages in trace. i think the function is in wireshark SDK -- С уважением, Илья Куделин mailto:[EMAIL PROTECTED] icq# 154801384 jabberID [EMAIL PROTECTED] ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] save payload from RTP trace
Hmmm... it seems that the src dir/gtk/rtp* file might also be of interest to you, especially rtp_player.c. Best regards, Abhik On 8/21/07, Abhik Sarkar [EMAIL PROTECTED] wrote: The following links should help you get started... http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectConversation.html Best regards, Abhik. On 8/21/07, Илья Куделин [EMAIL PROTECTED] wrote: Hi, sorry for my english :) I am writing plugin for wireshark, which will be decode payload from RTP-trace. payload was encoded using G.729. in this moment i can save payload from only one packet(20-30bytes decode to 20-30ms). Please, can anybody tell me how i can scan all packages in trace. i think the function is in wireshark SDK -- С уважением, Илья Куделин mailto:[EMAIL PROTECTED] icq# 154801384 jabberID [EMAIL PROTECTED] ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi Jaap, I went to http://www.wireshark.org/download/automated/win32/ but could only find build 22562. I am not sure exactly how patches are aggregated in the developmen releases. Does 22562 include your Unistim patch? The decodes that I get from a VoIP call do not seem to inidicate Unistim but rather a complex main port with no Unistim command decodes. Am I doing something wrong? Thanx, John ** *From*: Jaap Keuter [EMAIL PROTECTED] [EMAIL PROTECTED] *Date*: Tue, 21 Aug 2007 08:01:10 +0200 Hi, The unistim plugin was added to the repository in revision 22558. The buildbot builds are in the download section. Thanx, Jaap ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] warning while running wireshark
Hi, I'm building a plugin IPMB for Wireshark. All work well except when i start Wireshark i get a warning message as follow: your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2377: No such preference user_dlt_b.header_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2381: No such preference user_dlt_b.trailer_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2386: No such preference user_dlt_c.dlt (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2391: No such preference user_dlt_c.special_encap (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2395: No such preference user_dlt_c.payload (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2399: No such preference user_dlt_c.header_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2403: No such preference user_dlt_c.trailer_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2407: No such preference user_dlt_c.header_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2411: No such preference user_dlt_c.trailer_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2416: No such preference user_dlt_d.dlt (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2421: No such preference user_dlt_d.special_encap (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2425: No such preference user_dlt_d.payload (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2429: No such preference user_dlt_d.header_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2433: No such preference user_dlt_d.trailer_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2437: No such preference user_dlt_d.header_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2441: No such preference user_dlt_d.trailer_proto (applying your preferences once should remove this warning) Does anybody have an idea how i can apply my preferences to disable this warning? Thanks, Chanthy ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] warning while running wireshark
Toeung, Chanthy wrote: Hi, I'm building a plugin IPMB for Wireshark. All work well except when i start Wireshark i get a warning message as follow: your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2377: No such preference user_dlt_b.header_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2381: No such preference user_dlt_b.trailer_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2386: No such preference user_dlt_c.dlt (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2391: No such preference user_dlt_c.special_encap (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2395: No such preference user_dlt_c.payload (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2399: No such preference user_dlt_c.header_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2403: No such preference user_dlt_c.trailer_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2407: No such preference user_dlt_c.header_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2411: No such preference user_dlt_c.trailer_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2416: No such preference user_dlt_d.dlt (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2421: No such preference user_dlt_d.special_encap (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2425: No such preference user_dlt_d.payload (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2429: No such preference user_dlt_d.header_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2433: No such preference user_dlt_d.trailer_size (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2437: No such preference user_dlt_d.header_proto (applying your preferences once should remove this warning) 03:41:29 Warn /home/toeung/.wireshark/preferences line 2441: No such preference user_dlt_d.trailer_proto (applying your preferences once should remove this warning) Does anybody have an idea how i can apply my preferences to disable this warning? From the Edit menu, select Preferences, then click the Apply button. -- Regards, Graham Bloice ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] warning while running wireshark
On Tue, Aug 21, 2007 at 11:27:49AM -0400, Toeung, Chanthy wrote: 03:41:29 Warn /home/toeung/.wireshark/preferences line 2441: No such preference user_dlt_d.trailer_proto (applying your preferences once should remove this warning) Does anybody have an idea how i can apply my preferences to disable this warning? Menu - Edit - Preferences - Apply ciao Joerg -- Joerg Mayer [EMAIL PROTECTED] We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] warning while running wireshark
I got it. Thank all, Chanthy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joerg Mayer Sent: Tuesday, August 21, 2007 11:33 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] warning while running wireshark On Tue, Aug 21, 2007 at 11:27:49AM -0400, Toeung, Chanthy wrote: 03:41:29 Warn /home/toeung/.wireshark/preferences line 2441: No such preference user_dlt_d.trailer_proto (applying your preferences once should remove this warning) Does anybody have an idea how i can apply my preferences to disable this warning? Menu - Edit - Preferences - Apply ciao Joerg -- Joerg Mayer [EMAIL PROTECTED] We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi Jaap, Thanx for the speedy response. Here is the decode of a Unistim Packet from a call I made: Frame 31 (164 bytes on wire, 164 bytes captured) Ethernet II, Src: Cisco_01:54:01 (00:05:32:01:54:01), Dst: Nortel_e4:62:ab (00:15:9b:e4:62:ab) Internet Protocol, Src: 204.83.231.69 (204.83.231.69), Dst: 10.1.1.56 ( 10.1.1.56) User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: commplex-main (5000) Source port: commplex-main (5000) Destination port: commplex-main (5000) Length: 130 Checksum: 0x7e31 [correct] [Good Checksum: True] [Bad Checksum: False] Data (122 bytes) 00 00 e3 6f 02 01 17 05 0f 10 01 17 05 0f 10 02 ...o 0010 17 06 10 81 04 00 17 05 10 87 00 17 07 1b 04 00 0020 05 47 17 07 1b 04 01 05 52 17 07 1b 04 02 05 4f .G..R..O 0030 17 07 1b 04 03 05 4e 17 07 1b 04 04 05 4b 17 05 ..N..K.. 0040 0f 10 02 17 07 1b 04 20 05 34 17 07 1b 04 21 05 ... .4!. 0050 32 17 07 1b 04 22 05 32 17 07 1b 04 23 05 30 17 2.2#.0. 0060 0b 1b 04 00 05 47 52 4f 4e 4b 17 0a 1b 04 20 05 .GRONK . 0070 34 32 32 30 17 06 10 81 04 24 4220.$ Do you know what I am doing wrong so that I am seeing only data and not the Unistim Decode? Thanx, John *From*: Jaap Keuter [EMAIL PROTECTED] [EMAIL PROTECTED] *Date*: Tue, 21 Aug 2007 17:56:13 +0200 Hi, The beauty of subversion is that any change to the repository simply increments the revision number. If you know the tree to take from you can be assured that everything is in there. The buildbot builds from /trunk and that's where all the development is happening, so yes the build from revision 22562 should have it. Thanx, Jaap ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Can you attach a pcap file? Don Newton From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J P Sent: Tuesday, August 21, 2007 12:32 PM To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder Hi Jaap, Thanx for the speedy response. Here is the decode of a Unistim Packet from a call I made: Frame 31 (164 bytes on wire, 164 bytes captured) Ethernet II, Src: Cisco_01:54:01 (00:05:32:01:54:01), Dst: Nortel_e4:62:ab (00:15:9b:e4:62:ab) Internet Protocol, Src: 204.83.231.69 (204.83.231.69), Dst: 10.1.1.56 (10.1.1.56) User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: commplex-main (5000) Source port: commplex-main (5000) Destination port: commplex-main (5000) Length: 130 Checksum: 0x7e31 [correct] [Good Checksum: True] [Bad Checksum: False] Data (122 bytes) 00 00 e3 6f 02 01 17 05 0f 10 01 17 05 0f 10 02 ...o 0010 17 06 10 81 04 00 17 05 10 87 00 17 07 1b 04 00 0020 05 47 17 07 1b 04 01 05 52 17 07 1b 04 02 05 4f .G..R..O 0030 17 07 1b 04 03 05 4e 17 07 1b 04 04 05 4b 17 05 ..N..K.. 0040 0f 10 02 17 07 1b 04 20 05 34 17 07 1b 04 21 05 ... .4!. 0050 32 17 07 1b 04 22 05 32 17 07 1b 04 23 05 30 17 2.2#.0. 0060 0b 1b 04 00 05 47 52 4f 4e 4b 17 0a 1b 04 20 05 .GRONK . 0070 34 32 32 30 17 06 10 81 04 24 4220.$ Do you know what I am doing wrong so that I am seeing only data and not the Unistim Decode? Thanx, John From: Jaap Keuter [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Date: Tue, 21 Aug 2007 17:56:13 +0200 Hi, The beauty of subversion is that any change to the repository simply increments the revision number. If you know the tree to take from you can be assured that everything is in there. The buildbot builds from /trunk and that's where all the development is happening, so yes the build from revision 22562 should have it. Thanx, Jaap ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi, A decode is fine, but a capture file would be better. Thanx, Jaap J P wrote: Hi Jaap, Thanx for the speedy response. Here is the decode of a Unistim Packet from a call I made: Frame 31 (164 bytes on wire, 164 bytes captured) Ethernet II, Src: Cisco_01:54:01 (00:05:32:01:54:01), Dst: Nortel_e4:62:ab (00:15:9b:e4:62:ab) Internet Protocol, Src: 204.83.231.69 http://204.83.231.69 (204.83.231.69 http://204.83.231.69), Dst: 10.1.1.56 http://10.1.1.56 (10.1.1.56 http://10.1.1.56) User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: commplex-main (5000) Source port: commplex-main (5000) Destination port: commplex-main (5000) Length: 130 Checksum: 0x7e31 [correct] [Good Checksum: True] [Bad Checksum: False] Data (122 bytes) 00 00 e3 6f 02 01 17 05 0f 10 01 17 05 0f 10 02 ...o 0010 17 06 10 81 04 00 17 05 10 87 00 17 07 1b 04 00 0020 05 47 17 07 1b 04 01 05 52 17 07 1b 04 02 05 4f .G..R..O 0030 17 07 1b 04 03 05 4e 17 07 1b 04 04 05 4b 17 05 ..N..K.. 0040 0f 10 02 17 07 1b 04 20 05 34 17 07 1b 04 21 05 ... .4!. 0050 32 17 07 1b 04 22 05 32 17 07 1b 04 23 05 30 17 2.2#.0. 0060 0b 1b 04 00 05 47 52 4f 4e 4b 17 0a 1b 04 20 05 .GRONK . 0070 34 32 32 30 17 06 10 81 04 24 4220.$ Do you know what I am doing wrong so that I am seeing only data and not the Unistim Decode? Thanx, John *From*: Jaap Keuter [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] *Date*: Tue, 21 Aug 2007 17:56:13 +0200 Hi, The beauty of subversion is that any change to the repository simply increments the revision number. If you know the tree to take from you can be assured that everything is in there. The buildbot builds from /trunk and that's where all the development is happening, so yes the build from revision 22562 should have it. Thanx, Jaap ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Cairo errors when running Wireshark on an embedded system
The good news is I no longer have my previous complaint about a misconfigured fonts.conf. (When I build the X client libraries it appears that fontconfig did not get built properly. When I explicitly rebuilt it manually, that resolved the issue.) Today's problem is while invoking Wireshark, I now get the following error message: Error: Cairo 1.2.6 does not yet support the requested image format: Depth: 8 Alpha mask: 0x Red mask: 0x00e0 Green mask: 0x001c Blue mask: 0x0003 Please file an enhancement request (quoting the above) at: http://bugs.freedesktop.org/enter_bug.cgi?product=cairo Now I don't think this is a bug, its my build environment, or how I ./configured Cairo... but whats missing? Any help, or clues are appreciated. TIA Fulko ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi, I do not see a UNISTIM plug-in in the C:\Program Files\Wireshark\plugins\0.99.7-SVN-22562 directory or an updated RUDP.DLLfile. Does one have to do something specific to enable or download the UNISTIM decoder? I am running Version 0.99.7-SVN-22562 (SVN Rev 22562) Thanx, John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Good reason to convert it to a regular dissector! ;-) (Sorry, couldn't help it...) Luis EG Ontanon wrote: It's missing from packaging/nsis/wireshark.nsi so it's not being included in the installer. On 8/21/07, J P [EMAIL PROTECTED] wrote: Hi, I do not see a UNISTIM plug-in in the C:\Program Files\Wireshark\plugins\0.99.7-SVN-22562 directory or an updated RUDP.DLL file. Does one have to do something specific to enable or download the UNISTIM decoder? I am running Version 0.99.7-SVN-22562 (SVN Rev 22562) Thanx, John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
J P wrote: I do not see a UNISTIM plug-in in the C:\Program Files\Wireshark\plugins\0.99.7-SVN-22562 directory or an updated RUDP.DLL file. Does one have to do something specific to enable or download the UNISTIM decoder? I am running Version 0.99.7-SVN-22562 (SVN Rev 22562) Yes, if you're running a Windows version of Wireshark that you haven't built yourself - you have to be running SVN version 22563, as I just checked in a change to fix the installer scripts to install the UNISTIM plugin; the SVN checkin that added the plugin didn't update those scripts, so the Windows installer for SVN version 22562 doesn't install the UNISTIM plugin. I suspect that build will be on the Wireshark Web site within a couple of hours (the last build appeared to take about an hour and a half). I can't guarantee that, though. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi, Ahh crap. Installers, you think you've got them all. Not so :/ Thanx, Jaap Guy Harris wrote: J P wrote: I do not see a UNISTIM plug-in in the C:\Program Files\Wireshark\plugins\0.99.7-SVN-22562 directory or an updated RUDP.DLL file. Does one have to do something specific to enable or download the UNISTIM decoder? I am running Version 0.99.7-SVN-22562 (SVN Rev 22562) Yes, if you're running a Windows version of Wireshark that you haven't built yourself - you have to be running SVN version 22563, as I just checked in a change to fix the installer scripts to install the UNISTIM plugin; the SVN checkin that added the plugin didn't update those scripts, so the Windows installer for SVN version 22562 doesn't install the UNISTIM plugin. I suspect that build will be on the Wireshark Web site within a couple of hours (the last build appeared to take about an hour and a half). I can't guarantee that, though. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi, I can tell you that it's decoded fine. A call to 2600 and a few seconds RTP with you blowing in the mic twice ;) Just give the buildbot a little time to spit out the build of revision 22563. Thanx, Jaap J P wrote: Hi, Attached is a capture file for a call made in our lab. -John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Win2000 Error: wireshark.exe is not a valid Win32 application
This is what I get when I try and run my wireshark build on Windows 2000. It works fine on Windows XP and 2003. My build is based off the 0.99.6 release source. One thing I noticed was that when trying to install the Visual C++ 2005 Redistributable (during the Wireshark install), it gave a Error 1723. There is a problem with this Windows Installer package Is there any compatibility issues with this and Windows 2000? Someone had this problem before, but it seems no solution was found: [Wireshark-dev] Error: wireshark.exe is not a valied Win32 application http://www.wireshark.org/lists/wireshark-dev/200706/msg00123.html Also, the Windows 2000 problems to avoid in http://wiki.wireshark.org/BuildingAndInstalling I don't understand. I'm using Visual C++ 2005 Express Edition, Platform SDK Server 2003 R2, and C-Runtime redistributable for Visual C++ 2005 Express Edition (vcredist_x86.exe) for the installer. Any help is greatly appreciated. Thanks! Greg - Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] First frame not in IO Graphs?
Hi. I observe that the first frame in a capture is not showing in the IO Graphs. Is this a design feature or a bug? -- Stig Bjørlykke ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] First frame not in IO Graphs?
IO graphs ignore the first frame looks much more like something in a bug report slogan than a feature description in the release notes. On 8/21/07, Stig Bjørlykke [EMAIL PROTECTED] wrote: Hi. I observe that the first frame in a capture is not showing in the IO Graphs. Is this a design feature or a bug? -- Stig Bjørlykke ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
J P, Sorry I don't have anything useful to add to your question, but do you think you could fix your posts to have correct In-Reply-To or References headers, such that you don't break the threading? Normally I'd post a link about fixing your exchange server, but it looks like you're using gmail, so quite how you've managed this is a bit of a mystery... Cheers Richard J P wrote: Hi, I do not see a UNISTIM plug-in in the C:\Program Files\Wireshark\plugins\0.99.7-SVN-22562 directory or an updated RUDP.DLL file. Does one have to do something specific to enable or download the UNISTIM decoder? I am running Version 0.99.7-SVN-22562 (SVN Rev 22562) Thanx, John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Thanx everyone - the new build works great for decoding UNISTIM! Is there anyway to get the UNISTIM calls to show up under STATISTICS - VOIP CALLS so that I can play back the audio? OR is there another way to play back the Audio for UNISTIM calls? Thanx again! -John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin denied: [Bug 1606] Improve preferences for Netflow
Richard van der Hoff [EMAIL PROTECTED] has denied Andrew Feren [EMAIL PROTECTED]'s request for review_for_checkin: Bug 1606: Improve preferences for Netflow http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1606 ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi, Then it the unistim dissector should feed the voip call tap with relevant info. I'm not sure this can be done from a plugin. You can always get the audio by means of RTP analysis. Get all streams, pick out the stream(s) of interest, save it to an .au file and play that. Sure, the voip call analysis feature helps here, but this works now. Thanx, Jaap J P wrote: Thanx everyone - the new build works great for decoding UNISTIM! Is there anyway to get the UNISTIM calls to show up under STATISTICS - VOIP CALLS so that I can play back the audio? OR is there another way to play back the Audio for UNISTIM calls? Thanx again! -John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin granted: [Bug 1698] Desegment Chunked HTTP Bodies
Richard van der Hoff [EMAIL PROTECTED] has granted Mike Duigou [EMAIL PROTECTED]'s request for review_for_checkin: Bug 1698: Desegment Chunked HTTP Bodies http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1698 --- Additional Comments from Richard van der Hoff [EMAIL PROTECTED] Applied as revision 22570. Thank you for the patch, and sorry for the delay. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
But for sccp and h248 (for which the dissector keeps call information on its own) other protocols are managed by a tap, mgcp is a plugin protocol but still it has its voip calls interface if the tap is found it gets tapped else it doesn't. BTW. is the code that ugly/rarely-used for this to be a plugin? Or should we get it into libsdissectors? On 8/21/07, Jaap Keuter [EMAIL PROTECTED] wrote: Hi, Then it the unistim dissector should feed the voip call tap with relevant info. I'm not sure this can be done from a plugin. You can always get the audio by means of RTP analysis. Get all streams, pick out the stream(s) of interest, save it to an .au file and play that. Sure, the voip call analysis feature helps here, but this works now. Thanx, Jaap J P wrote: Thanx everyone - the new build works great for decoding UNISTIM! Is there anyway to get the UNISTIM calls to show up under STATISTICS - VOIP CALLS so that I can play back the audio? OR is there another way to play back the Audio for UNISTIM calls? Thanx again! -John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi Jaap, Sorry to be kind of dense but... How do I perform RTP analysis with Wireshark so that I can: - How do I get all streams? - How do I select a stream(s) of interest? - How do I save the stream to an .au file? Thanx! John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin denied: [Bug 1723] Enhancement of text2cap for parsing flexibility
Richard van der Hoff [EMAIL PROTECTED] has denied Jack Yu [EMAIL PROTECTED]'s request for review_for_checkin: Bug 1723: Enhancement of text2cap for parsing flexibility http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1723 ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin denied: [Bug 1723] Enhancement of text2cap for parsing flexibility
Richard van der Hoff [EMAIL PROTECTED] has denied Jack Yu [EMAIL PROTECTED]'s request for review_for_checkin: Bug 1723: Enhancement of text2cap for parsing flexibility http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1723 ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin granted: [Bug 1724] [PATCH] packet-bootp.c: enhancement to decode DHCP option 249
Richard van der Hoff [EMAIL PROTECTED] has granted Francois-Xavier Le Bail [EMAIL PROTECTED]'s request for review_for_checkin: Bug 1724: [PATCH] packet-bootp.c: enhancement to decode DHCP option 249 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1724 --- Additional Comments from Richard van der Hoff [EMAIL PROTECTED] applied as revision 22576. Thank you very much. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin granted: [Bug 1753] mpeg: Further improvements to the MPEG decoder
Richard van der Hoff [EMAIL PROTECTED] has granted Shaun Jackman [EMAIL PROTECTED]'s request for review_for_checkin: Bug 1753: mpeg: Further improvements to the MPEG decoder http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1753 --- Additional Comments from Richard van der Hoff [EMAIL PROTECTED] applied as revision 22577. Thank you very much! ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Network Instruments Observer - Unistim Decoder
Hi Jaap, I got the audio working. Thanx so much for spear heading the Unistim decoder! -John ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin granted: [Bug 1722] TCP reassembly missing payload of FIN packet, when DESEGMENT_UNTIL_FIN is set
Richard van der Hoff [EMAIL PROTECTED] has granted yin sun [EMAIL PROTECTED]'s request for review_for_checkin: Bug 1722: TCP reassembly missing payload of FIN packet, when DESEGMENT_UNTIL_FIN is set http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1722 --- Additional Comments from Richard van der Hoff [EMAIL PROTECTED] I'm inclined to accept this. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] JXTA dissector memory leak?
Andrej Mikus wrote:
On Wed, 28.Mar.07 16:41:59 -0700, Stephen Fisher wrote:
The dissector file packet-jxta.c has a comment saying that an allocation
is a memory leak:
if (NULL != found_addr) {
found_addr-type = AT_URI;
found_addr-len = strlen(*current_token);
/* FIXME 20050605 bondolo THIS ALLOCATION IS A MEMORY LEAK! */
found_addr-data = g_strdup(*current_token);
}
Anyone familiar enough with this dissector to fix it easily?
Should be enough just to change g_strdup to ep_strdup or se_strdup.
See README.malloc for more details.
[Wow, came on this old email thread by accident!]
Changed to se_strdup() in rev 22579. (That address is used in a
conversation structure which makes it seasonal.)
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Memory leak
Didier wrote: On Thu, 19 Jul 2007 14:16:49 -0400, Jeff Morriss wrote Didier wrote: Hi, 1) It seems that since some glib 2.0 version g_mem_chunk_destroy doesn't free The docs certainly seem to indicate that the memory should actually be freed: http://www.gtk.org/api/2.6/glib/glib-Memory-Chunks.html#g-mem-chunk-destroy and my (basic) attempt to follow the code goes down to g_slice_free1() which appears to at least _try_ to free the memory. Am I missing something? In my understanding now g-mem-chunk-destroy only free the mem chunk object (aka sizeof structure g_mem_chunk) not the allocated memory as with gtk1. You have to call g_mem_chunk_free for each allocated chunk. Sorry, I just didn't have time to come back to this until recently. I'm not seeing that leak, at least on Linux. Each atom is 131,072 bytes big. Reloading a 170,000 packet trace file many times does not show any growth in memory usage for Wireshark. If what you're saying is true then I should see /huge/ memory leak each time the file is reloaded, non? Interestingly, I /do/ see memory usage growth on Windows as viewed by the Task Manager with the same file, but I think I read once not to trust what that tool tells you about memory usage... 2)COPY_ADDRESS is still misused in a lot of place it g_malloc address space but many don't free it. There is (also) an SE_COPY_ADDRESS; is there any reason not to make all COPY_ADDRESS calls seasonal? One good reason is that the fragmentation/reassembly routines use COPY_ADDRESS and they _do_ clean up after themselves (and we probably want them to continue to do so to limit memory usage). It makes sense for some but a lot of them are in taps code with a live time between ep and se. Some leaks are on every access cf. dissectors/packet-jxta.c packet-jxta is storing the address in its conversation data--which should be seasonal. I just made it (and the rest of epan/dissectors/) use SE_COPY_ADDRESS (or, in some cases, SET_ADDRESS). I'll have to look at the taps another day... ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] review_for_checkin requested: [Bug 1741] Privilege separation patch
Gerald Combs [EMAIL PROTECTED] has asked for review_for_checkin: Bug 1741: Privilege separation patch http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1741 --- Additional Comments from Gerald Combs [EMAIL PROTECTED] As Joerg suggested, simply nudge the user and point them to better security instead of picking them up with a forklift and moving them there by force. Remove the non-privileged user code, along with Nikns' AUTHORS entry, since that was the last of the code from his patch. In TShark, warn the user if they have elevavated privileges. Do the same in Wireshark, and provide an option to disable the warning. Add doxygen tags for privileges.h. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch]
Joerg Mayer wrote: I don't mind the message (see above) but I don't like the forced drop of privs. I've modified the proposed patch to simply warn the user instead of dropping privs forcefully. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] OS X and Win32 buildbots unhappy with mpeg.c
I've checked in a change that should fix this. A couple of rules for developers: 1) If you're doing 64-bit arithmetic, and assigning the result to a 32-bit quantity: 1) make sure that either the result will always fit in 32 bits, you check for results that don't fit and handle that case with the appropriate error handling, or you're willing to live with a bogus result if it doesn't fit; 2) once you've done any checking for results that don't fit, if you're doing any, explicitly cast the result to the type of the item to which you're assigning it, so that the compiler knows you're aware of the issue and have done what you consider appropriate, and won't warn you about it. 2) Do NOT create 64-bit integral constants by sticking LL at the end of the constant; MSVC++ 6.0, for example, doesn't recognize that. Instead, wrap the constant in G_GINT64_CONSTANT(), e.g. don't do 0x123456789abcLL, do G_GINT64_CONSTANT(0x123456789abc). The latter of those is covered in the Portability section of doc/ README.developer; that section lists a number of rules for portability, many of which are there because of code submitted to Ethereal/Wireshark that, for example, worked in GCC but failed in other compilers. The former of those arguably should be covered in doc/README.developer as well. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] OS X and Win32 buildbots unhappy with mpeg.c
On Aug 21, 2007, at 8:34 PM, Maynard, Chris wrote: There is still a problem compiling packet-mpeg-pes.c. Similar code, same problem, same fix checked in. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
