[Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86

2010-02-22 Thread buildbot-no-reply 
The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark 
(development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/Windows-XP-x86/builds/1008

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: windows-xp-x86

Build Reason: 
Build Source Stamp: 31961
Blamelist: guy

BUILD FAILED: failed nmake all

sincerely,
 -The Buildbot

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] buildbot failure in Wireshark (development) on Windows-7-x64

2010-02-22 Thread buildbot-no-reply 
The Buildbot has detected a new failure of Windows-7-x64 on Wireshark 
(development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/Windows-7-x64/builds/348

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: windows-7-x64

Build Reason: 
Build Source Stamp: 31961
Blamelist: guy

BUILD FAILED: failed nmake all

sincerely,
 -The Buildbot

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Need help regarding interpreting a pcap file.

2010-02-22 Thread Maynard, Chris 
If you're looking for information on the libpcap file format, you might find 
what you need here: http://wiki.wireshark.org/Development/LibpcapFileFormat.
 
But if you're looking for "a utility which should take the pcap as input and 
produce output on the screen in user freindly [sic] way.", well then look no 
further:  http://www.wireshark.org/download.html.  Well, OK there are plenty of 
other packet sniffers out there, so feel free to keeping looking.  Here's a 
start: http://en.wikipedia.org/wiki/Packet_analyzer#Notable_packet_analyzers.
 
Or maybe what you're really looking for is a way to add your own proprietary 
protocol dissector to Wireshark?  These should help you:
http://www.wireshark.org/docs/wsdg_html_chunked/
http://anonsvn.wireshark.org/viewvc/trunk/doc/README.developer?revision=31933&view=markup
 

 
 
Good luck.
- Chris



From: wireshark-dev-boun...@wireshark.org on behalf of prashanth joshi
Sent: Mon 2/22/2010 9:49 PM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Need help regarding interpreting a pcap file.


Hi all,
 
what is the format fo the data stored in the pcaps?
I have got a requirement where in I need to read a pcap and then the contents 
of the packets need to be displayed on the screen. The packets have proprietary 
information. How do I go about this? Any suggestions would be heartily welcome. 
The requirement is that of a utility which should take the pcap as input and 
produce out put on the screen in user freindly way.
 
Regards,
Prashanth

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
<>___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Need help regarding interpreting a pcap file.

2010-02-22 Thread prashanth joshi 
Hi all,
 
what is the format fo the data stored in the pcaps?
I have got a requirement where in I need to read a pcap and then the contents 
of the packets need to be displayed on the screen. The packets have proprietary 
information. How do I go about this? Any suggestions would be heartily welcome. 
The requirement is that of a utility which should take the pcap as input and 
produce out put on the screen in user freindly way.
 
Regards,
Prashanth


  ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wiki: Presentations about Wireshark

2010-02-22 Thread Jeff Morriss 

Hi folks,

Sometimes I've thought I read something in a presentation about 
Wireshark somewhere but I can't find the presentation.  So I started a 
Wiki page with links:

http://wiki.wireshark.org/Presentations

So far, most of the links are to the previous years' Sharkfest pages 
because, well, I've lost most of the other URLs I may have known about.


There isn't currently a link to this page from anywhere.  The best place 
I can think of is from the FrontPage (under "Miscellaneous") but I don't 
have permission to modify that page.  Suggestions (or someone else 
adding a link) would be appreciated.

Regards,
-Jeff

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Run Time Error

2010-02-22 Thread Maynard, Chris 
The link I sent was for the vs2008ee sp1 vcredist_x86.exe.  If that is
the problem, you would need the one for vs2005, either
http://www.microsoft.com/downloads/details.aspx?familyid=32bc1bee-a3f9-4
c13-9c99-220b62a191ee&displaylang=en

or
http://www.microsoft.com/downloads/details.aspx?familyid=200b2fd9-ae1a-4
a14-984d-389c36f85647&displaylang=en depending on which 2005 service
pack you're running.

 

If that doesn't help, then see the other suggestions below ... or the
additional suggestion from Bill.  A quick way to determine if it's your
dissector or not that's causing the problem is to simply remove it from
the Makefile.common, recompile and then see if wireshark runs.  If it
does, well then you know it's something in your dissector and not
something with your environment.

 

- Chris

 

From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rajesh P S
Sent: Monday, February 22, 2010 2:15 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Run Time Error

 

No. I am using VS2005. Initially it was working fine. I followed Dev
guide properly. In between I dont know what happened. Currently I am
using windows Xp service pack 2. and wireshark version 1.1x .

On Tue, Feb 23, 2010 at 12:27 AM, Maynard, Chris
 wrote:

Are you actually using VS2008EE or something else?  Did you closely
follow the developer guide?   You might want to re-read it and verify
everything.  You could try "nmake -f Makefile distclean" and then
recompile the whole thing; that often fixes a lot of problems.  You
might also choose to compile and test an "off-the-shelf" version first
to make sure everything is correct before adding any of your own
customizations.  Other usual questions might help resolve the problem,
e.g. which version of Windows are your running - XP, Vista, which
service pack, etc.?  Which version of Wireshark are you building -
1.0.x, 1.2.x, 1.3.x, SVN, ...? 

 

 

From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rajesh P S
Sent: Monday, February 22, 2010 1:36 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Run Time Error

 

Hi,

Initially it was  working fine. Only last time when I made changes to my
source file (packet-oqtp.c)  and tried to open wireshark.exe , its
giving me this error. I tried your above suggestion but it dint work.
may i know wat all the other details that you want from my side to get
fair knowledge about this issue? 

 

Thanks in advance

Rajesh

On Mon, Feb 22, 2010 at 8:40 PM, Maynard, Chris
 wrote:

Without more information, if I had to guess, it looks like you might not
have the right redistributable package installed.  If you followed the
developer's guide
(http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html) and
are using VS2008EE SP1, be sure to install the corresponding
vcredist_x86.exe SP1 package on the target machine.  Download it from
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=a5c84275-3b97-4
ab7-a40d-3802b2af5fc2&displaylang=en.

 

- Chris

 

 

From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rajesh P S
Sent: Monday, February 22, 2010 1:13 AM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Run Time Error

 

Hi,

I am working on Wireshark packet analyzer. I am facing one problem with
it. When I try to open wireshark.exe, I am getting Run time error . I
have attached the snapshot with this mail. please help me out in this.

 

Thanks and Regards

Rajesh

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

 

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

 

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive t

Re: [Wireshark-dev] Run Time Error

2010-02-22 Thread Bill Meier 
>> *From:* wireshark-dev-boun...@wireshark.org [mailto:
>> wireshark-dev-boun...@wireshark.org] *On Behalf Of *Rajesh P S
>> *Sent:* Monday, February 22, 2010 1:13 AM
>> *To:* wireshark-dev@wireshark.org
>> *Subject:* [Wireshark-dev] Run Time Error
>>
>>
>>
>> Hi,
>>
>> I am working on Wireshark packet analyzer. I am facing one problem with it.
>> When I try to open wireshark.exe, I am getting Run time error . I have
>> attached the snapshot with this mail. please help me out in this.

Another possibility:

Did you change something in the hf[] array ?

You will get run-time errors for things like:

FT_STRING which doesn't have a BASE_NONE


and so on.

See tmp_fld_check_assert() in epan/proto.c for all the tests applied


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Save extracted data from reassembled packets

2010-02-22 Thread Stig Bjørlykke 
On 21. feb. 2010, at 20.00, Peter Smith wrote:

> I have the following code to get the reassembled WSP payload out of packet in 
> wireshark
> 
> ===
> wsp_extractor = Field.new("wsp")

Wireshark does not currently support handling FT_PROTOCOL as a field extractor. 
 I suppose in this situation the FT_PROTOCOL should be handled as a byte array, 
and maybe this is the best handling.  I have just committed revision 31951 with 
a fix for this, please try a automated build[1] in an hour or so.

[1] http://www.wireshark.org/download/automated/


-- 
Stig Bjørlykke


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Run Time Error

2010-02-22 Thread Rajesh P S 
No. I am using VS2005. Initially it was working fine. I followed Dev guide
properly. In between I dont know what happened. Currently I am using windows
Xp service pack 2. and wireshark version 1.1x .

On Tue, Feb 23, 2010 at 12:27 AM, Maynard, Chris <
christopher.mayn...@gtech.com> wrote:

>  Are you actually using VS2008EE or something else?  Did you closely
> follow the developer guide?   You might want to re-read it and verify
> everything.  You could try “nmake –f Makefile distclean” and then recompile
> the whole thing; that often fixes a lot of problems.  You might also choose
> to compile and test an “off-the-shelf” version first to make sure everything
> is correct before adding any of your own customizations.  Other usual
> questions might help resolve the problem, e.g. which version of Windows are
> your running – XP, Vista, which service pack, etc.?  Which version of
> Wireshark are you building – 1.0.x, 1.2.x, 1.3.x, SVN, …?
>
>
>
>
>
> *From:* wireshark-dev-boun...@wireshark.org [mailto:
> wireshark-dev-boun...@wireshark.org] *On Behalf Of *Rajesh P S
> *Sent:* Monday, February 22, 2010 1:36 PM
> *To:* Developer support list for Wireshark
> *Subject:* Re: [Wireshark-dev] Run Time Error
>
>
>
> Hi,
>
> Initially it was  working fine. Only last time when I made changes to my
> source file (packet-oqtp.c)  and tried to open wireshark.exe , its giving me
> this error. I tried your above suggestion but it dint work. may i know wat
> all the other details that you want from my side to get fair knowledge about
> this issue?
>
>
>
> Thanks in advance
>
> Rajesh
>
> On Mon, Feb 22, 2010 at 8:40 PM, Maynard, Chris <
> christopher.mayn...@gtech.com> wrote:
>
> Without more information, if I had to guess, it looks like you might not
> have the right redistributable package installed.  If you followed the
> developer’s guide (
> http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html) and are
> using VS2008EE SP1, be sure to install the corresponding vcredist_x86.exe
> SP1 package on the target machine.  Download it from
> http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=a5c84275-3b97-4ab7-a40d-3802b2af5fc2&displaylang=en
> .
>
>
>
> - Chris
>
>
>
>
>
> *From:* wireshark-dev-boun...@wireshark.org [mailto:
> wireshark-dev-boun...@wireshark.org] *On Behalf Of *Rajesh P S
> *Sent:* Monday, February 22, 2010 1:13 AM
> *To:* wireshark-dev@wireshark.org
> *Subject:* [Wireshark-dev] Run Time Error
>
>
>
> Hi,
>
> I am working on Wireshark packet analyzer. I am facing one problem with it.
> When I try to open wireshark.exe, I am getting Run time error . I have
> attached the snapshot with this mail. please help me out in this.
>
>
>
> Thanks and Regards
>
> Rajesh
>
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
>
> and for the exclusive use of the intended recipient. If you receive this
>
> email in error, please delete it from your system immediately and
>
> notify us either by email, telephone or fax. You should not copy,
>
> forward, or otherwise disclose the content of the email.
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
>
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
> and for the exclusive use of the intended recipient. If you receive this
> email in error, please delete it from your system immediately and
> notify us either by email, telephone or fax. You should not copy,
> forward, or otherwise disclose the content of the email.
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Run Time Error

2010-02-22 Thread Maynard, Chris 
Are you actually using VS2008EE or something else?  Did you closely
follow the developer guide?   You might want to re-read it and verify
everything.  You could try "nmake -f Makefile distclean" and then
recompile the whole thing; that often fixes a lot of problems.  You
might also choose to compile and test an "off-the-shelf" version first
to make sure everything is correct before adding any of your own
customizations.  Other usual questions might help resolve the problem,
e.g. which version of Windows are your running - XP, Vista, which
service pack, etc.?  Which version of Wireshark are you building -
1.0.x, 1.2.x, 1.3.x, SVN, ...? 

 

 

From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rajesh P S
Sent: Monday, February 22, 2010 1:36 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Run Time Error

 

Hi,

Initially it was  working fine. Only last time when I made changes to my
source file (packet-oqtp.c)  and tried to open wireshark.exe , its
giving me this error. I tried your above suggestion but it dint work.
may i know wat all the other details that you want from my side to get
fair knowledge about this issue? 

 

Thanks in advance

Rajesh

On Mon, Feb 22, 2010 at 8:40 PM, Maynard, Chris
 wrote:

Without more information, if I had to guess, it looks like you might not
have the right redistributable package installed.  If you followed the
developer's guide
(http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html) and
are using VS2008EE SP1, be sure to install the corresponding
vcredist_x86.exe SP1 package on the target machine.  Download it from
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=a5c84275-3b97-4
ab7-a40d-3802b2af5fc2&displaylang=en.

 

- Chris

 

 

From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rajesh P S
Sent: Monday, February 22, 2010 1:13 AM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Run Time Error

 

Hi,

I am working on Wireshark packet analyzer. I am facing one problem with
it. When I try to open wireshark.exe, I am getting Run time error . I
have attached the snapshot with this mail. please help me out in this.

 

Thanks and Regards

Rajesh

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

 

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Run Time Error

2010-02-22 Thread Rajesh P S 
Hi,
Initially it was  working fine. Only last time when I made changes to my
source file (packet-oqtp.c)  and tried to open wireshark.exe , its giving me
this error. I tried your above suggestion but it dint work. may i know wat
all the other details that you want from my side to get fair knowledge about
this issue?

Thanks in advance
Rajesh

On Mon, Feb 22, 2010 at 8:40 PM, Maynard, Chris <
christopher.mayn...@gtech.com> wrote:

>  Without more information, if I had to guess, it looks like you might not
> have the right redistributable package installed.  If you followed the
> developer’s guide (
> http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html) and are
> using VS2008EE SP1, be sure to install the corresponding vcredist_x86.exe
> SP1 package on the target machine.  Download it from
> http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=a5c84275-3b97-4ab7-a40d-3802b2af5fc2&displaylang=en
> .
>
>
>
> - Chris
>
>
>
>
>
> *From:* wireshark-dev-boun...@wireshark.org [mailto:
> wireshark-dev-boun...@wireshark.org] *On Behalf Of *Rajesh P S
> *Sent:* Monday, February 22, 2010 1:13 AM
> *To:* wireshark-dev@wireshark.org
> *Subject:* [Wireshark-dev] Run Time Error
>
>
>
> Hi,
>
> I am working on Wireshark packet analyzer. I am facing one problem with it.
> When I try to open wireshark.exe, I am getting Run time error . I have
> attached the snapshot with this mail. please help me out in this.
>
>
>
> Thanks and Regards
>
> Rajesh
>
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
> and for the exclusive use of the intended recipient. If you receive this
> email in error, please delete it from your system immediately and
> notify us either by email, telephone or fax. You should not copy,
> forward, or otherwise disclose the content of the email.
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Save extracted data from reassembled packets

2010-02-22 Thread Peter Smith 
If I use print(type(wsp_pdu)) it show me userdata type which is not in the
switch statement in epan/wslua/wsula_field.c. The problem is that I can't
find any function that could convert this userdata type to any other usable
type to work with...

On the other hand using print("USERDATA LENGTH: " .. wsp_pdu.len) works fine
and gives me apparently the correct length of the field data reassembled
from multiple packets. Here is the output:
USERDATA LENGTH: 8706
USERDATA LENGTH: 36097
USERDATA LENGTH: 32302
... skipped ...


On Mon, Feb 22, 2010 at 5:20 PM, Beth  wrote:

> Is the field a boolean?  Lua support for boolean fields was fixed for 1.3.x
> in bug 4049.  It just got added to the 1.2 trunk and should be available in
> release 1.2.7.
>
> If it's not a boolean, make sure its type is in the switch statement in
> epan/wslua/wsula_field.c (and the similar one in wslua_tree.c).  That's
> where the error message is generated.
>
>
>
> On Mon, Feb 22, 2010 at 9:38 AM, Peter Smith  wrote:
>
>> I also tried to use a similar code as in previously mentioned
>> presentation:
>>
>> ===
>> wsp_extractor = Field.new("wsp")
>> tap = Listener.new(nil,"wsp")
>> function tap.packet(pinfo,tvb,userdata)
>> local wsp_pdu =  wsp_extractor()
>> if wsp_pdu then
>>  print(wsp_pdu.value)
>> end
>> end
>> ===
>>
>> In this case I get another error:
>> [string "wsp.lua"]:6: FT_ not yet supported
>>
>> So I am stuck for now...
>>
>>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Save extracted data from reassembled packets

2010-02-22 Thread Beth 
Is the field a boolean?  Lua support for boolean fields was fixed for 1.3.x
in bug 4049.  It just got added to the 1.2 trunk and should be available in
release 1.2.7.

If it's not a boolean, make sure its type is in the switch statement in
epan/wslua/wsula_field.c (and the similar one in wslua_tree.c).  That's
where the error message is generated.


On Mon, Feb 22, 2010 at 9:38 AM, Peter Smith  wrote:

> I also tried to use a similar code as in previously mentioned presentation:
>
> ===
> wsp_extractor = Field.new("wsp")
> tap = Listener.new(nil,"wsp")
> function tap.packet(pinfo,tvb,userdata)
> local wsp_pdu =  wsp_extractor()
> if wsp_pdu then
>  print(wsp_pdu.value)
> end
> end
> ===
>
> In this case I get another error:
> [string "wsp.lua"]:6: FT_ not yet supported
>
> So I am stuck for now...
>
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Run time ERROR

2010-02-22 Thread Sharabhalingappa, Rajesh 
Hi,

When I try to open wireshark.exe, it is  giving me a Run time error. I have 
attached the  snapshot of it. Please help me out in this.

[cid:image001.png@01CAB3B2.86873940]

Thanks and Regards
Rajesh P S



This message is confidential and intended only for the addressee. If you have 
received this message in error, please immediately notify the 
postmas...@nds.com and delete it from your system as well as any copies. The 
content of e-mails as well as traffic data may be monitored by NDS for 
employment and security purposes.
To protect the environment please do not print this e-mail unless necessary.

An NDS Group Limited company. www.nds.com
<>___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Run Time Error

2010-02-22 Thread Maynard, Chris 
Without more information, if I had to guess, it looks like you might not
have the right redistributable package installed.  If you followed the
developer's guide
(http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html) and
are using VS2008EE SP1, be sure to install the corresponding
vcredist_x86.exe SP1 package on the target machine.  Download it from
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=a5c84275-3b97-4
ab7-a40d-3802b2af5fc2&displaylang=en.

 

- Chris

 

 

From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rajesh P S
Sent: Monday, February 22, 2010 1:13 AM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Run Time Error

 

Hi,

I am working on Wireshark packet analyzer. I am facing one problem with
it. When I try to open wireshark.exe, I am getting Run time error . I
have attached the snapshot with this mail. please help me out in this.

 

Thanks and Regards

Rajesh

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Save extracted data from reassembled packets

2010-02-22 Thread Peter Smith 
I also tried to use a similar code as in previously mentioned presentation:

===
wsp_extractor = Field.new("wsp")
tap = Listener.new(nil,"wsp")
function tap.packet(pinfo,tvb,userdata)
local wsp_pdu =  wsp_extractor()
if wsp_pdu then
print(wsp_pdu.value)
end
end
===

In this case I get another error:
[string "wsp.lua"]:6: FT_ not yet supported

So I am stuck for now...


On Mon, Feb 22, 2010 at 4:23 PM, Peter Smith  wrote:

> Yes, that was the starting point but I have already tried numerous other
> ways to get the data out of the extracted field with no luck. I found a
> similar sample from this presentation for Sharkfest'09 available here:
> http://www.cacetech.com/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf
>
> Here is the code sample from it:
>
> ===
> -- Register a field value
> udp_len_f = Field.new ("udp.length")
>
> local function menuable_tap ()
> function tap.packet (pinfo, buffer, userdata)
> -- Fetch the UDP length
>  local udp_len = udp_len_f()
> if udp_len and udp_len.value > 400 then
> -- Do something with big UDP packages
>  end
> end
> end
> ===
>
> Apparently the reassembled data is contained within userdata structure
> passed to tap.packet function but I could not find a way to either print or
> save that data anyhow. I have already posted on Lua list hoping to get a way
> to access the userdata type but it turned out that lua is only getting a
> pointer via this userdata type to the actual reassembled packet data. So
> there should be some wireshark specific function to access and use that
> data. Unfortunately, I spent 3 days on it already and have not found that
> function yet.
>
> Hopefully someone on wireshark list will help me here...
>
> Apparently the range method is not usefull for the reassemled packets
> because it works with tvb buffer which is a buffer for the current packet
> only so it can't access the previous packets with the rest of the
> reassembled data. I guess that's why we get those "expired tvb" errors
> when accessing previous packets...
>
>
> On Mon, Feb 22, 2010 at 4:00 PM, varname  wrote:
>
>> Peter Smith wrote:
>> > If the reassembled data comes from several packets I get the following
>> > error:
>> > tshark: Lua: on packet 164 Error During execution of Listener Packet
>> > Callback:
>> > expired tvb
>>
>> Using your code I was able to get to the same point (I'm basically
>> trying to do the same thing, but for HTTP packets). If any HTTP packet
>> is a reassembled one I get the same error.
>>
>> May I ask if you got the idea for this from this [1] thread on the users
>> list?
>>
>>
>> [1] http://www.wireshark.org/lists/wireshark-users/200707/msg00156.html
>>
>>
>> ___
>> Sent via:Wireshark-dev mailing list 
>> Archives:http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-requ...@wireshark.org
>> ?subject=unsubscribe
>>
>
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Save extracted data from reassembled packets

2010-02-22 Thread Peter Smith 
Yes, that was the starting point but I have already tried numerous other
ways to get the data out of the extracted field with no luck. I found a
similar sample from this presentation for Sharkfest'09 available here:
http://www.cacetech.com/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf

Here is the code sample from it:

===
-- Register a field value
udp_len_f = Field.new ("udp.length")

local function menuable_tap ()
function tap.packet (pinfo, buffer, userdata)
-- Fetch the UDP length
local udp_len = udp_len_f()
if udp_len and udp_len.value > 400 then
-- Do something with big UDP packages
end
end
end
===

Apparently the reassembled data is contained within userdata structure
passed to tap.packet function but I could not find a way to either print or
save that data anyhow. I have already posted on Lua list hoping to get a way
to access the userdata type but it turned out that lua is only getting a
pointer via this userdata type to the actual reassembled packet data. So
there should be some wireshark specific function to access and use that
data. Unfortunately, I spent 3 days on it already and have not found that
function yet.

Hopefully someone on wireshark list will help me here...

Apparently the range method is not usefull for the reassemled packets
because it works with tvb buffer which is a buffer for the current packet
only so it can't access the previous packets with the rest of the
reassembled data. I guess that's why we get those "expired tvb" errors when
accessing previous packets...


On Mon, Feb 22, 2010 at 4:00 PM, varname  wrote:

> Peter Smith wrote:
> > If the reassembled data comes from several packets I get the following
> > error:
> > tshark: Lua: on packet 164 Error During execution of Listener Packet
> > Callback:
> > expired tvb
>
> Using your code I was able to get to the same point (I'm basically
> trying to do the same thing, but for HTTP packets). If any HTTP packet
> is a reassembled one I get the same error.
>
> May I ask if you got the idea for this from this [1] thread on the users
> list?
>
>
> [1] http://www.wireshark.org/lists/wireshark-users/200707/msg00156.html
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Save extracted data from reassembled packets

2010-02-22 Thread varname 
Peter Smith wrote:
> If the reassembled data comes from several packets I get the following
> error:
> tshark: Lua: on packet 164 Error During execution of Listener Packet
> Callback:
> expired tvb

Using your code I was able to get to the same point (I'm basically 
trying to do the same thing, but for HTTP packets). If any HTTP packet 
is a reassembled one I get the same error.

May I ask if you got the idea for this from this [1] thread on the users 
list?


[1] http://www.wireshark.org/lists/wireshark-users/200707/msg00156.html

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] need to read pcaps to develop a display system for the packets

2010-02-22 Thread prashanth joshi 
Yeah. That seemed to be feesible to me as well. But my boss wants a utility 
that he can run from his machine.
 
Regards,
Prashanth 
--- On Mon, 2/22/10, Abhik Sarkar  wrote:


From: Abhik Sarkar 
Subject: Re: [Wireshark-dev] need to read pcaps to develop a display system for 
the packets
To: "Developer support list for Wireshark" 
Date: Monday, February 22, 2010, 7:44 AM


Why not write a dissector for your proprietary protocol and distribute it only 
within your company only (if that's what you are about)? That would allow you 
to:
- Work with the familiar interface of Wireshark and use all the facilities 
available
- Use tshark to export the fields of your protocol into something like PDML and 
use that XML for input into another application.

Hope that helps
Abhik.


On Mon, Feb 22, 2010 at 5:29 PM, prashanth joshi 
 wrote:






Yeah. looks pretty like that for now. The basic requirement would be like 
having a utility,  to which pcaps can be input and the out put should be our 
proprietary fields of the packet displayed in a graphical format(maybe using c 
or pyhton itself.) 
But I have no clue as of now about how to proceed further. Any suggestions and 
pointers to acvance me further would be greatly appreciated.
 
Regards,
Prashanth

--- On Mon, 2/22/10, Jakub Zawadzki  wrote:


From: Jakub Zawadzki 
Subject: Re: [Wireshark-dev] need to read pcaps to develop a display system for 
the packets
To: "Developer support list for Wireshark" 
Date: Monday, February 22, 2010, 6:01 AM





Hello,

On Mon, Feb 22, 2010 at 05:21:29PM +0530, prashanth s wrote:
> I need to develop an application that reads a pcap as input and then diplays
> the packet contents in a style that should make it easy for the reader to
> understand - perhaps in the way wireshark does it. I have just come to know
> that libcap library is used by the applications to capture packets and then 
> to display them.

So maybe you could write new frontend for wireshark?
IMHO it would be great if wireshark would have ncurses frontend :)

Cheers.
___
Sent via:    Wireshark-dev mailing list 
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
Sent via:    Wireshark-dev mailing list 
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


-Inline Attachment Follows-


___
Sent via:    Wireshark-dev mailing list 
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] need to read pcaps to develop a display system for the packets

2010-02-22 Thread Abhik Sarkar 
Why not write a dissector for your proprietary protocol and distribute it
only within your company only (if that's what you are about)? That would
allow you to:
- Work with the familiar interface of Wireshark and use all the facilities
available
- Use tshark to export the fields of your protocol into something like PDML
and use that XML for input into another application.

Hope that helps
Abhik.

On Mon, Feb 22, 2010 at 5:29 PM, prashanth joshi <
prashanthsjoshi2...@yahoo.com> wrote:

> Yeah. looks pretty like that for now. The basic requirement would be like
> having a utility,  to which pcaps can be input and the out put should be our
> proprietary fields of the packet displayed in a graphical format(maybe using
> c or pyhton itself.)
> But I have no clue as of now about how to proceed further. Any suggestions
> and pointers to acvance me further would be greatly appreciated.
>
> Regards,
> Prashanth
>
> --- On *Mon, 2/22/10, Jakub Zawadzki * wrote:
>
>
> From: Jakub Zawadzki 
> Subject: Re: [Wireshark-dev] need to read pcaps to develop a display system
> for the packets
> To: "Developer support list for Wireshark" 
> Date: Monday, February 22, 2010, 6:01 AM
>
>
> Hello,
>
> On Mon, Feb 22, 2010 at 05:21:29PM +0530, prashanth s wrote:
> > I need to develop an application that reads a pcap as input and then
> diplays
> > the packet contents in a style that should make it easy for the reader to
> > understand - perhaps in the way wireshark does it. I have just come to
> know
> > that libcap library is used by the applications to capture packets and
> then to display them.
>
> So maybe you could write new frontend for wireshark?
> IMHO it would be great if wireshark would have ncurses frontend :)
>
> Cheers.
> ___
> Sent via:Wireshark-dev mailing list 
> http://us.mc544.mail.yahoo.com/mc/compose?to=wireshark-...@wireshark.org>
> >
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  
> mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
>
> __
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] need to read pcaps to develop a display system for the packets

2010-02-22 Thread prashanth joshi 
Yeah. looks pretty like that for now. The basic requirement would be like 
having a utility,  to which pcaps can be input and the out put should be our 
proprietary fields of the packet displayed in a graphical format(maybe using c 
or pyhton itself.) 
But I have no clue as of now about how to proceed further. Any suggestions and 
pointers to acvance me further would be greatly appreciated.
 
Regards,
Prashanth

--- On Mon, 2/22/10, Jakub Zawadzki  wrote:


From: Jakub Zawadzki 
Subject: Re: [Wireshark-dev] need to read pcaps to develop a display system for 
the packets
To: "Developer support list for Wireshark" 
Date: Monday, February 22, 2010, 6:01 AM


Hello,

On Mon, Feb 22, 2010 at 05:21:29PM +0530, prashanth s wrote:
> I need to develop an application that reads a pcap as input and then diplays
> the packet contents in a style that should make it easy for the reader to
> understand - perhaps in the way wireshark does it. I have just come to know
> that libcap library is used by the applications to capture packets and then 
> to display them.

So maybe you could write new frontend for wireshark?
IMHO it would be great if wireshark would have ncurses frontend :)

Cheers.
___
Sent via:    Wireshark-dev mailing list 
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] need to read pcaps to develop a display system for the packets

2010-02-22 Thread Jakub Zawadzki 
Hello,

On Mon, Feb 22, 2010 at 05:21:29PM +0530, prashanth s wrote:
> I need to develop an application that reads a pcap as input and then diplays
> the packet contents in a style that should make it easy for the reader to
> understand - perhaps in the way wireshark does it. I have just come to know
> that libcap library is used by the applications to capture packets and then 
> to display them.

So maybe you could write new frontend for wireshark?
IMHO it would be great if wireshark would have ncurses frontend :)

Cheers.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] need to read pcaps to develop a display system for the packets

2010-02-22 Thread prashanth s 
Hi all,

I need to develop an application that reads a pcap as input and then diplays
the packet contents in a style that should make it easy for the reader to
understand - perhaps in the way wireshark does it. I have just come to know
that libcap library is used by the applications to capture packets and then
to display them.
Could any one please suggest me pointers on this to start work with? Which
would be better? Using C, C++ for the display mechanisms or using python?

Regards,
Prashanth
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe