Re: [Wireshark-dev] Branching in subtree for different packet dissection.
On Sun, May 09, 2010 at 08:04:24PM -0700, Craig Bumpstead wrote: What I need to do now is branch in the dissect of the sub-tree when the 6th byte in the data is a certain value. Is there an array that holds that information that i can search??? The data is contained in the tvbuff, which you can grab a value from using xxx = tvb_get_guint8(tvb, offset); -- Steve ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
I get the same error with dumpcap as well.
I went back to 32687 (there seem to be some major changes to dumpcap in
32688) and dumpcap works, but tshark gives the original error I reported:
E:\wireshark-src\wireshark-gtk2dumpcap -i 2
File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288
Packets: 31 Packets dropped: 0
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
Then, I went back to 32682 (there are changes in 32683 to column-utils) and
now it works at least.
So, I am staying here for now!
On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar sarkar.ab...@gmail.comwrote:
Hi Joan,
I am getting that error on both tshark and Wireshark with my build (32727)
on Windows (32 bit). I tried doing a distclean; verify_tools; setup and
build. It compiles without error, but refuses to capture. Looks like I chose
a bad time to code a few changes ;-)
I haven't got around to investigating the issue in detail (yet)... I hope
someone beats me to it.
Regards,
Abhik
On Sun, May 9, 2010 at 10:34 PM, j.snelders j.sneld...@telfort.nl wrote:
Hi all,
SVN 32686
I get the same error (column-utils.c:879:???) running TShark on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
SVN 32692 and higher (the latest version I tried is SVN-32727):
Unable to capture with Wireshark and TShark, because The capture session
could not be initiated () on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
Windows XP Service Pack 3, build 2600
$ tshark -D
1. \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} (Intel(R) PRO/1000
MT Network Connection)
$ tshark -i 1
Capturing on Intel(R) PRO/1000 MT Network Connection
tshark: The capture session could not be initiated ().
Please check that \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} is
the proper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
0 packets captured
Any ideas?
Thanks
Joan
On Thu, 6 May 2010 10:37:13 -0400 Chris Maynard wrote:
Yes, I?m seeing the same thing on Windows with the same SVN version,
32686.
From: wireshark-dev-boun...@x [mailto:
wireshark-dev-boun...@x]
On Behalf Of Abhik Sarkar
Sent: Thursday, May 06, 2010 10:00 AM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] tshark (Windows) not working
Hi All,
I can't get tshark to work anymore. I get this error:
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
It seems to be related to the changes related to the timestamps which Stig
has been working on. Is anyone else facing issues?
I am on revision 32686.
Thanks,
Abhik.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org
?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Regarding Compilation of Dissector
Hi All, I am beginner for the wireshark and packet dissection. Using, few sample dissector, I have created my own custom dissector. But, I don't know how to compile the code to find out the bugs, if any. Kindly, help me. Thanking in Advance. Thanks Regards, Vishal Kumar Singh Software Engineer A R I C E N T ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
Currently I am unable to even get that far. I’m at SVN32735 on Windows XP SP3
(32-bit) with cygwin 1.7.5(0.225/5/3), and after a “distclean”, compiling with
VS2008EE fails due to a zlib-related manifest error. Here’s the relevant
output:
Microsoft (R) Program Maintenance Utility Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
'zlib1.dll' is up-to-date
if not exist C:\wireshark-win32-libs\zlib123 mkdir
C:\wireshark-win32-libs\zlib123
if not exist C:\wireshark-win32-libs\zlib123\lib mkdir
C:\wireshark-win32-libs\zlib123\lib
if not exist C:\wireshark-win32-libs\zlib123\include mkdir
C:\wireshark-win32-libs\zlib123\include
mt.exe -nologo -manifest zlib1.dll.manifest
-outputresource:zlib1.dll;2
zlib1.dll.manifest : general error c1010070: Failed to load and parse the
manifest. The system cannot find the file specified.
NMAKE : fatal error U1077: 'C:\Program Files\Microsoft
SDKs\Windows\v6.0A\bin\mt.exe' : return code '0x1f'
Stop.
In case it was due to the SDK, I tried to update it to the latest from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c17ba869-9671-4330-a63e-1fd44e0e2505displaylang=en
… but no luck:
Microsoft (R) Program Maintenance Utility Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
'zlib1.dll' is up-to-date
if not exist C:\wireshark-win32-libs\zlib123 mkdir
C:\wireshark-win32-libs\zlib123
if not exist C:\wireshark-win32-libs\zlib123\lib mkdir
C:\wireshark-win32-libs\zlib123\lib
if not exist C:\wireshark-win32-libs\zlib123\include mkdir
C:\wireshark-win32-libs\zlib123\include
mt.exe -nologo -manifest zlib1.dll.manifest
-outputresource:zlib1.dll;2
zlib1.dll.manifest : general error c1010070: Failed to load and parse the
manifest. The system cannot find the file specified.
NMAKE : fatal error U1077: 'C:\Program Files\Microsoft
SDKs\Windows\v7.0\bin\mt.exe' : return code '0x1f'
Stop.
Anyone else seeing this?
- Chris
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Abhik Sarkar
Sent: Monday, May 10, 2010 5:01 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] tshark (Windows) not working
I get the same error with dumpcap as well.
I went back to 32687 (there seem to be some major changes to dumpcap in 32688)
and dumpcap works, but tshark gives the original error I reported:
E:\wireshark-src\wireshark-gtk2dumpcap -i 2
File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288
Packets: 31 Packets dropped: 0
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
Then, I went back to 32682 (there are changes in 32683 to column-utils) and now
it works at least.
So, I am staying here for now!
On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar
sarkar.ab...@gmail.commailto:sarkar.ab...@gmail.com wrote:
Hi Joan,
I am getting that error on both tshark and Wireshark with my build (32727) on
Windows (32 bit). I tried doing a distclean; verify_tools; setup and build. It
compiles without error, but refuses to capture. Looks like I chose a bad time
to code a few changes ;-)
I haven't got around to investigating the issue in detail (yet)... I hope
someone beats me to it.
Regards,
Abhik
On Sun, May 9, 2010 at 10:34 PM, j.snelders
j.sneld...@telfort.nlmailto:j.sneld...@telfort.nl wrote:
Hi all,
SVN 32686
I get the same error (column-utils.c:879:???) running TShark on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
SVN 32692 and higher (the latest version I tried is SVN-32727):
Unable to capture with Wireshark and TShark, because The capture session
could not be initiated () on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
Windows XP Service Pack 3, build 2600
$ tshark -D
1. \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} (Intel(R) PRO/1000
MT Network Connection)
$ tshark -i 1
Capturing on Intel(R) PRO/1000 MT Network Connection
tshark: The capture session could not be initiated ().
Please check that \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} is
the proper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
0 packets captured
Any ideas?
Thanks
Joan
On Thu, 6 May 2010 10:37:13 -0400 Chris Maynard wrote:
Yes, I?m seeing the same thing on Windows with the same SVN version, 32686.
From: wireshark-dev-boun...@x
[mailto:wireshark-dev-boun...@xmailto:wireshark-dev-boun...@x]
On Behalf Of Abhik Sarkar
Sent: Thursday, May 06, 2010 10:00 AM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] tshark (Windows) not working
Hi All,
I can't get tshark to work anymore. I get this error:
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R)
Re: [Wireshark-dev] tshark (Windows) not working
Actually, the SDK upgrade was done because I was seeing some other mt.exe
errors I hadn’t seen before such as “–n” option not supported when parsing the
–nologo argument. Obviously the problem below is due to the missing
zlib1.dll.manifest file. I am current as far as “nmake –f Makefile.nmake
setup” is concerned.
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Maynard, Chris
Sent: Monday, May 10, 2010 1:05 PM
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] tshark (Windows) not working
Currently I am unable to even get that far. I’m at SVN32735 on Windows XP SP3
(32-bit) with cygwin 1.7.5(0.225/5/3), and after a “distclean”, compiling with
VS2008EE fails due to a zlib-related manifest error. Here’s the relevant
output:
Microsoft (R) Program Maintenance Utility Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
'zlib1.dll' is up-to-date
if not exist C:\wireshark-win32-libs\zlib123 mkdir
C:\wireshark-win32-libs\zlib123
if not exist C:\wireshark-win32-libs\zlib123\lib mkdir
C:\wireshark-win32-libs\zlib123\lib
if not exist C:\wireshark-win32-libs\zlib123\include mkdir
C:\wireshark-win32-libs\zlib123\include
mt.exe -nologo -manifest zlib1.dll.manifest
-outputresource:zlib1.dll;2
zlib1.dll.manifest : general error c1010070: Failed to load and parse the
manifest. The system cannot find the file specified.
NMAKE : fatal error U1077: 'C:\Program Files\Microsoft
SDKs\Windows\v6.0A\bin\mt.exe' : return code '0x1f'
Stop.
In case it was due to the SDK, I tried to update it to the latest from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c17ba869-9671-4330-a63e-1fd44e0e2505displaylang=en
… but no luck:
Microsoft (R) Program Maintenance Utility Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
'zlib1.dll' is up-to-date
if not exist C:\wireshark-win32-libs\zlib123 mkdir
C:\wireshark-win32-libs\zlib123
if not exist C:\wireshark-win32-libs\zlib123\lib mkdir
C:\wireshark-win32-libs\zlib123\lib
if not exist C:\wireshark-win32-libs\zlib123\include mkdir
C:\wireshark-win32-libs\zlib123\include
mt.exe -nologo -manifest zlib1.dll.manifest
-outputresource:zlib1.dll;2
zlib1.dll.manifest : general error c1010070: Failed to load and parse the
manifest. The system cannot find the file specified.
NMAKE : fatal error U1077: 'C:\Program Files\Microsoft
SDKs\Windows\v7.0\bin\mt.exe' : return code '0x1f'
Stop.
Anyone else seeing this?
- Chris
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Abhik Sarkar
Sent: Monday, May 10, 2010 5:01 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] tshark (Windows) not working
I get the same error with dumpcap as well.
I went back to 32687 (there seem to be some major changes to dumpcap in 32688)
and dumpcap works, but tshark gives the original error I reported:
E:\wireshark-src\wireshark-gtk2dumpcap -i 2
File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288
Packets: 31 Packets dropped: 0
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
Then, I went back to 32682 (there are changes in 32683 to column-utils) and now
it works at least.
So, I am staying here for now!
On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar
sarkar.ab...@gmail.commailto:sarkar.ab...@gmail.com wrote:
Hi Joan,
I am getting that error on both tshark and Wireshark with my build (32727) on
Windows (32 bit). I tried doing a distclean; verify_tools; setup and build. It
compiles without error, but refuses to capture. Looks like I chose a bad time
to code a few changes ;-)
I haven't got around to investigating the issue in detail (yet)... I hope
someone beats me to it.
Regards,
Abhik
On Sun, May 9, 2010 at 10:34 PM, j.snelders
j.sneld...@telfort.nlmailto:j.sneld...@telfort.nl wrote:
Hi all,
SVN 32686
I get the same error (column-utils.c:879:???) running TShark on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
SVN 32692 and higher (the latest version I tried is SVN-32727):
Unable to capture with Wireshark and TShark, because The capture session
could not be initiated () on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
Windows XP Service Pack 3, build 2600
$ tshark -D
1. \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} (Intel(R) PRO/1000
MT Network Connection)
$ tshark -i 1
Capturing on Intel(R) PRO/1000 MT Network Connection
tshark: The capture session could not be initiated ().
Please check that \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} is
the proper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
0 packets captured
Any
Re: [Wireshark-dev] Regarding Compilation of Dissector
The developer guide should be able to help you. http://www.wireshark.org/docs/wsdg_html_chunked/ - Chris From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Vishal Kumar Singh Sent: Monday, May 10, 2010 7:37 AM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Regarding Compilation of Dissector Hi All, I am beginner for the wireshark and packet dissection. Using, few sample dissector, I have created my own custom dissector. But, I don't know how to compile the code to find out the bugs, if any. Kindly, help me. Thanking in Advance. Thanks Regards, Vishal Kumar Singh Software Engineer A R I C E N T CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
Can you try r32697?
Abhik Sarkar wrote:
I get the same error with dumpcap as well.
I went back to 32687 (there seem to be some major changes to dumpcap in
32688) and dumpcap works, but tshark gives the original error I reported:
E:\wireshark-src\wireshark-gtk2dumpcap -i 2
File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288
Packets: 31 Packets dropped: 0
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
Then, I went back to 32682 (there are changes in 32683 to column-utils)
and now it works at least.
So, I am staying here for now!
On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar sarkar.ab...@gmail.com
mailto:sarkar.ab...@gmail.com wrote:
Hi Joan,
I am getting that error on both tshark and Wireshark with my build
(32727) on Windows (32 bit). I tried doing a distclean;
verify_tools; setup and build. It compiles without error, but
refuses to capture. Looks like I chose a bad time to code a few
changes ;-)
I haven't got around to investigating the issue in detail (yet)... I
hope someone beats me to it.
Regards,
Abhik
On Sun, May 9, 2010 at 10:34 PM, j.snelders j.sneld...@telfort.nl
mailto:j.sneld...@telfort.nl wrote:
Hi all,
SVN 32686
I get the same error (column-utils.c:879:???) running TShark on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
SVN 32692 and higher (the latest version I tried is SVN-32727):
Unable to capture with Wireshark and TShark, because The
capture session
could not be initiated () on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
Windows XP Service Pack 3, build 2600
$ tshark -D
1. \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} (Intel(R)
PRO/1000
MT Network Connection)
$ tshark -i 1
Capturing on Intel(R) PRO/1000 MT Network Connection
tshark: The capture session could not be initiated ().
Please check that
\Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} is
the proper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
0 packets captured
Any ideas?
Thanks
Joan
On Thu, 6 May 2010 10:37:13 -0400 Chris Maynard wrote:
Yes, I?m seeing the same thing on Windows with the same SVN
version, 32686.
From: wireshark-dev-boun...@x
[mailto:wireshark-dev-boun...@x
mailto:wireshark-dev-boun...@x]
On Behalf Of Abhik Sarkar
Sent: Thursday, May 06, 2010 10:00 AM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] tshark (Windows) not working
Hi All,
I can't get tshark to work anymore. I get this error:
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
It seems to be related to the changes related to the timestamps
which Stig
has been working on. Is anyone else facing issues?
I am on revision 32686.
Thanks,
Abhik.
___
Sent via:Wireshark-dev mailing list
wireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
--
Join us for Sharkfest ’10! · Wireshark® Developer and User Conference
Stanford University, June 14-17 · http://www.cacetech.com/sharkfest.10/
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
Re: [Wireshark-dev] tshark (Windows) not working
Maynard, Chris wrote: Actually, the SDK upgrade was done because I was seeing some other mt.exe errors I hadn’t seen before such as “–n” option not supported when parsing the –nologo argument. Obviously the problem below is due to the missing zlib1.dll.manifest file. I am current as far as “nmake –f Makefile.nmake setup” is concerned. From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Maynard, Chris Sent: Monday, May 10, 2010 1:05 PM To: 'Developer support list for Wireshark' Subject: Re: [Wireshark-dev] tshark (Windows) not working Currently I am unable to even get that far. I’m at SVN32735 on Windows XP SP3 (32-bit) with cygwin 1.7.5(0.225/5/3), and after a “distclean”, compiling with VS2008EE fails due to a zlib-related manifest error. Here’s the relevant output: Microsoft (R) Program Maintenance Utility Version 9.00.30729.01 Copyright (C) Microsoft Corporation. All rights reserved. 'zlib1.dll' is up-to-date if not exist C:\wireshark-win32-libs\zlib123 mkdir C:\wireshark-win32-libs\zlib123 if not exist C:\wireshark-win32-libs\zlib123\lib mkdir C:\wireshark-win32-libs\zlib123\lib if not exist C:\wireshark-win32-libs\zlib123\include mkdir C:\wireshark-win32-libs\zlib123\include mt.exe -nologo -manifest zlib1.dll.manifest -outputresource:zlib1.dll;2 zlib1.dll.manifest : general error c1010070: Failed to load and parse the manifest. The system cannot find the file specified. NMAKE : fatal error U1077: 'C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\mt.exe' : return code '0x1f' Stop. In case it was due to the SDK, I tried to update it to the latest from here: http://www.microsoft.com/downloads/details.aspx?FamilyID=c17ba869-9671-4330-a63e-1fd44e0e2505displaylang=en … but no luck: Microsoft (R) Program Maintenance Utility Version 9.00.30729.01 Copyright (C) Microsoft Corporation. All rights reserved. 'zlib1.dll' is up-to-date if not exist C:\wireshark-win32-libs\zlib123 mkdir C:\wireshark-win32-libs\zlib123 if not exist C:\wireshark-win32-libs\zlib123\lib mkdir C:\wireshark-win32-libs\zlib123\lib if not exist C:\wireshark-win32-libs\zlib123\include mkdir C:\wireshark-win32-libs\zlib123\include mt.exe -nologo -manifest zlib1.dll.manifest -outputresource:zlib1.dll;2 zlib1.dll.manifest : general error c1010070: Failed to load and parse the manifest. The system cannot find the file specified. NMAKE : fatal error U1077: 'C:\Program Files\Microsoft SDKs\Windows\v7.0\bin\mt.exe' : return code '0x1f' Stop. Anyone else seeing this? - Chris Note: A while back I found that VS2010 (VC10) no longer generates manifest files as a default. (search for previous -dev EMails on using VC10). Did updating the SDK update the compilier ?? From your link above ... The Windows SDK for Windows 7 and .NET Framework 3.5 SP1 provides the documentation, samples, header files, libraries, and tools (including C++ compilers) Bill ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
Hi Bill, No, I didn't update the compiler, only the SDK. Within the Overview section of the SDK page, it mentions the following: This SDK is compatible with Visual Studio® 2008, including Visual Studio Express Editions, ... See: http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=c17ba869-9671-4330-a63e-1fd44e0e2505 But again, the problem seems to be related to this missing zlib1.dll.manifest file. Searching for all manifests following a distclean reveals only the following: cmayn...@hqcmaynard2 /cygdrive/c/wireshark-win32-libs $ find . -name \*.manifest ./gtk2/bin/gtk-update-icon-cache.exe.manifest cmayn...@hqcmaynard2 /cygdrive/c/wireshark/vs2008ee $ find . -name \*.manifest ./packaging/u3/win32/u3util.exe.manifest ./plugins/agentx/agentx.dll.manifest ./plugins/artnet/artnet.dll.manifest ./plugins/ciscosm/ciscosm.dll.manifest ./plugins/enttec/enttec.dll.manifest ./plugins/infiniband/infiniband.dll.manifest ./plugins/lwres/lwres.dll.manifest ./plugins/opsi/opsi.dll.manifest ./plugins/pcli/pcli.dll.manifest ./plugins/rlm/rlm.dll.manifest ./plugins/rtnet/rtnet.dll.manifest ./plugins/rudp/rudp.dll.manifest ./plugins/sbus/sbus.dll.manifest ./plugins/v5ua/v5ua.dll.manifest - Chris Meier, Bill wrote: Note: A while back I found that VS2010 (VC10) no longer generates manifest files as a default. (search for previous -dev EMails on using VC10). Did updating the SDK update the compilier ?? From your link above ... The Windows SDK for Windows 7 and .NET Framework 3.5 SP1 provides the documentation, samples, header files, libraries, and tools (including C++ compilers) Bill CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Adding libxml2 to my dissector
Hi I am developing my own dissector and it is going well till I am stocked by this problem. My protocol has XML in it and I want to check the XML data against a XSD. The dissector is a developed as a plugin and runs fine till I added the limxml2 library. Since I am running on the windows platform, I took the binary from ftp://ftp.zlatkovic.com/libxml/ and updated the nmake file. I added the include directory and the linking to the xmllib2.lib. The dissector compiles nicely and the dissector compiled dll is copied to the wireshark plugin directory. Now when I try to start wireshark I get the message 'couldn't load module ...' Is there anything to debug this, or does somebody know what I am doing wrong? Thanks in advance Richard ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Adding libxml2 to my dissector
I tried to use the existing XML package. I started at square 1 for the XML dissector. When looking to the wiki page of the XML dissector, I took this DTD ?wireshark:protocol protocol_name=this media=application/this hierarchy=yes ? !DOCTYPE this [ !ELEMENT that (other|another|#PCDATA) !-- #PCDATA is assumed to be there even it isn't -- !ATTLIST that one CDATA #REQUIRED two CDATA #IMPLIED !-- we don't care of #REQUIRED, #IMPLIED or other #THINGS -- !ELEMENT other (#PCDATA) !ELEMENT another (#PCDATA) ] The Wiki says that it will create these filters this this.that this.that.one this.that.two this.that.other this.that.another which is correct. But I got additional filters as well called this.other and this.anothor which is not valid for the xml expected this aaa that one=bbb ccc otherddd/other /that eee /this As I understand the DTD correctly, the elements other and another are always a child of the element that. In this case there are just two extra filters, but in my case it ends up with a lot of unnecessary filters, which is confusing for the users. And this is just filtering, the wiki says that not data checking is available Richard -Oorspronkelijk bericht- Van: luis.onta...@gmail.com [mailto:luis.onta...@gmail.com] Namens Luis EG Ontanon Verzonden: maandag 10 mei 2010 22:51 Aan: di...@jnkr.eu Onderwerp: Re: [Wireshark-dev] Adding libxml2 to my dissector Why not you pass the buffer containing XML to wireshark's own xml dissector. If you add the DTDs to the .../dtds directory the contents of the xml will be filterable. On Mon, May 10, 2010 at 10:42 PM, Fam Dijns di...@jnkr.eu wrote: Hi I am developing my own dissector and it is going well till I am stocked by this problem. My protocol has XML in it and I want to check the XML data against a XSD. The dissector is a developed as a plugin and runs fine till I added the limxml2 library. Since I am running on the windows platform, I took the binary from ftp://ftp.zlatkovic.com/libxml/ and updated the nmake file. I added the include directory and the linking to the xmllib2.lib. The dissector compiles nicely and the dissector compiled dll is copied to the wireshark plugin directory. Now when I try to start wireshark I get the message 'couldn't load module ...' Is there anything to debug this, or does somebody know what I am doing wrong? Thanks in advance Richard ___ Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
As a quick dirty test, I made the following change to Makefile.nmake, and
SVN32737 compiled just fine.
Index: Makefile.nmake
===
--- Makefile.nmake (revision 32737)
+++ Makefile.nmake (working copy)
@@ -626,7 +626,8 @@
if not exist $(ZLIB_DIR) mkdir $(ZLIB_DIR)
if not exist $(ZLIB_DIR)\lib mkdir $(ZLIB_DIR)\lib
if not exist $(ZLIB_DIR)\include mkdir $(ZLIB_DIR)\include
-!IFDEF MANIFEST_INFO_REQUIRED
+!IFDEF 0
+#MANIFEST_INFO_REQUIRED
mt.exe -nologo -manifest zlib1.dll.manifest
-outputresource:zlib1.dll;2
!ENDIF
copy zlib1.dll $(ZLIB_DIR)
Unfortunately, I'm still seeing the same problem as Joan reported earlier with
tshark:
C:\wireshark\vs2008eewireshark-gtk2\tshark.exe -i 3
Capturing on Intel(R) 82567LM Gigabit Network Connection (Microsoft's Packet
Scheduler)
tshark: The capture session could not be initiated ().
Please check that \Device\NPF_{7798FBA2-0E70-403F-BFD4-76F44AFB62FD} is the
proper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
0 packets captured
C:\wireshark\vs2008ee
The same problem occurs when running Wireshark, so the problem isn't limited to
tshark. At Gerald's suggestion, I rolled back to r32697, did a distclean and
complete rebuild, but the above problem still persists. I even tried
uninstalling/reinstalling WinPcap-1.1.1, but it also had no effect.
- Chris
-Original Message-
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Maynard, Chris
Sent: Monday, May 10, 2010 4:08 PM
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] tshark (Windows) not working
Hi Bill,
No, I didn't update the compiler, only the SDK. Within the Overview section of
the SDK page, it mentions the following:
This SDK is compatible with Visual Studio® 2008, including Visual Studio
Express Editions, ...
See:
http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=c17ba869-9671-4330-a63e-1fd44e0e2505
But again, the problem seems to be related to this missing
zlib1.dll.manifest file. Searching for all manifests following a distclean
reveals only the following:
cmayn...@hqcmaynard2 /cygdrive/c/wireshark-win32-libs
$ find . -name \*.manifest
./gtk2/bin/gtk-update-icon-cache.exe.manifest
cmayn...@hqcmaynard2 /cygdrive/c/wireshark/vs2008ee
$ find . -name \*.manifest
./packaging/u3/win32/u3util.exe.manifest
./plugins/agentx/agentx.dll.manifest
./plugins/artnet/artnet.dll.manifest
./plugins/ciscosm/ciscosm.dll.manifest
./plugins/enttec/enttec.dll.manifest
./plugins/infiniband/infiniband.dll.manifest
./plugins/lwres/lwres.dll.manifest
./plugins/opsi/opsi.dll.manifest
./plugins/pcli/pcli.dll.manifest
./plugins/rlm/rlm.dll.manifest
./plugins/rtnet/rtnet.dll.manifest
./plugins/rudp/rudp.dll.manifest
./plugins/sbus/sbus.dll.manifest
./plugins/v5ua/v5ua.dll.manifest
- Chris
Meier, Bill wrote:
Note: A while back I found that VS2010 (VC10) no longer generates
manifest files as a default. (search for previous -dev EMails on using
VC10).
Did updating the SDK update the compilier ??
From your link above ...
The Windows SDK for Windows 7 and .NET Framework 3.5 SP1 provides the
documentation, samples, header files, libraries, and tools (including
C++ compilers)
Bill
[snip]
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] OUI extended ethertype dissector
On May 6, 2010, at 11:22 AM, zajpv76...@snkmail.com wrote: I'm working on a dissector for a protocol with the OUI extended ethertype (0x88b7 defined in ieee802a), At least as I read section 12.3 of IEEE Std 802a-2003, the space of protocol IDs for a given OUI is the same as the space of protocol IDs for a given OUI in SNAP: NOTE 1—The requirement for global uniqueness of protocol identifiers means that if protocol identifier X has been allocated for use by protocol Y, then that protocol identifier can be used with either SNAP or the OUI Extended Ethertype to identify Protocol Y. Conversely, it means that protocol identifier X cannot be used to identify any other protocol. Wireshark already handles SNAP, so the code to 0x88b7 should work the same way. Unfortunately, that Guy Harris person who wrote the 802a dissector didn't notice that, so, whilst it works the same way as the SNAP dissector, it doesn't use the same tables that the SNAP dissector does; I'll ask him to fix it. :-) and a fixed OUI and protocol ID following that. Can someone help me figure out how to use the ieee802a dissector to only dissect the packets I want? The best results I've received so far are with dissector_add(ethertype, 0x88b7, handle), but that obviously dissects all extended ethertypes. ...and either 1) has no effect or 2) steals the handling of 0x88b7 out from under the 802a dissector depending on the order in which the two dissectors' calls to dissector_add() are done, so you don't want to do that. What you want to do, for now, is: 1) create a dissector table for your OUI, to map protocol IDs to dissectors; 2) call ieee802a_add_oui() to register your OUI with that dissector table; 3) call dissector_add() to add your protocol ID/IDs to your dissector table. For examples of how to do that, see one of the dissectors that uses llc_add_oui() - ieee802a_add_oui() works in the same fashion. I'll merge llc_add_oui() and ieee802a_add_oui() so that the OUI/protocol ID pairs work the same for SNAP and 802a; when that's done, you'd use the merged routine instead of ieee802a_add_oui(). (I'll probably give the merged routine some snappy imaginative name such as snap_ieee802a_add_oui().) That change will be in the development builds (1.3.x) and in the future 1.4.x release line, but will not be in the 1.0.x or 1.2.x release lines. And I couldn't figure out how to use ieee802a_add_oui, or even if that's what I need in this case. Yes, that's what you need in this case; for now, look at the dissectors using llc_add_oui() - and the dissectors that register in the dissector tables created by the dissectors using llc_add_oui() - for examples of how to do this. epan/dissectors/packet-nt-oui.c is a disssector using llc_add_oui(); epan/dissectors/packet-nt-sonmp.c is a dissector registering in a dissector table created by epan/dissectors/packet-nt-oui.c ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Extracting multiple FieldInfo values from a Field in Lua
I'm trying to extract the outer and inner ip.src fields in an ICMP time-to-live exceeded packet using Lua. If I create a listener that runs the following: ip_src_f = Field.new(ip.src) local ip_src = ip_src_f() local src = tostring(ip_src.value) I can only see the lowest-layer ip.src field. According to the User's Guide, calling a field's method obtains *all* of the FieldInfo values for that field. Adding a debug printf to Field__call in wslua_field.c shows it pushing two ip.src values into the stack for each ICMP packet, so Lua is presumably receiving them. Does anyone know how to access them within the script? The Lua API also provides a all_field_infos() function which returns the entire dissection tree. Are there any examples that show how to use it? -- Join us for Sharkfest ’10! · Wireshark® Developer and User Conference Stanford University, June 14-17 · http://www.cacetech.com/sharkfest.10/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Regarding Compilation of Dissector
Try this as well: http://www.codeproject.com/KB/IP/custom_dissector.aspx From: Vishal Kumar Singh vishal.is...@gmail.com To: wireshark-dev@wireshark.org Sent: Mon, 10 May, 2010 9:36:53 PM Subject: [Wireshark-dev] Regarding Compilation of Dissector Hi All, I am beginner for the wireshark and packet dissection. Using, few sample dissector, I have created my own custom dissector. But, I don't know how to compile the code to find out the bugs, if any. Kindly, help me. Thanking in Advance. Thanks Regards, Vishal Kumar Singh Software Engineer A R I C E N T ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tshark (Windows) not working
It's still the same, Gerald :(
E:\wireshark-srcgrep 32697 *
tshark.c: * $Id: tshark.c 32697 2010-05-06 23:51:37Z gerald $
E:\wireshark-srcdumpcap -i 6
The capture session could not be initiated ().
Please check that \Device\NPF_{96896B6D-2F50-4415-B46F-6A59A1382DB1} is
the pr
oper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
E:\wireshark-src
On Mon, May 10, 2010 at 11:17 PM, Gerald Combs ger...@wireshark.org wrote:
Can you try r32697?
Abhik Sarkar wrote:
I get the same error with dumpcap as well.
I went back to 32687 (there seem to be some major changes to dumpcap in
32688) and dumpcap works, but tshark gives the original error I reported:
E:\wireshark-src\wireshark-gtk2dumpcap -i 2
File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288
Packets: 31 Packets dropped: 0
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
Then, I went back to 32682 (there are changes in 32683 to column-utils)
and now it works at least.
So, I am staying here for now!
On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar sarkar.ab...@gmail.com
mailto:sarkar.ab...@gmail.com wrote:
Hi Joan,
I am getting that error on both tshark and Wireshark with my build
(32727) on Windows (32 bit). I tried doing a distclean;
verify_tools; setup and build. It compiles without error, but
refuses to capture. Looks like I chose a bad time to code a few
changes ;-)
I haven't got around to investigating the issue in detail (yet)... I
hope someone beats me to it.
Regards,
Abhik
On Sun, May 9, 2010 at 10:34 PM, j.snelders j.sneld...@telfort.nl
mailto:j.sneld...@telfort.nl wrote:
Hi all,
SVN 32686
I get the same error (column-utils.c:879:???) running TShark on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
SVN 32692 and higher (the latest version I tried is SVN-32727):
Unable to capture with Wireshark and TShark, because The
capture session
could not be initiated () on:
64-bit Windows 7, build 7600
64-bit Windows Server 2008 R2, build 7600
Windows XP Service Pack 3, build 2600
$ tshark -D
1. \Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} (Intel(R)
PRO/1000
MT Network Connection)
$ tshark -i 1
Capturing on Intel(R) PRO/1000 MT Network Connection
tshark: The capture session could not be initiated ().
Please check that
\Device\NPF_{E859D76E-155B-4512-ACB6-B1B2A07914DB} is
the proper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
0 packets captured
Any ideas?
Thanks
Joan
On Thu, 6 May 2010 10:37:13 -0400 Chris Maynard wrote:
Yes, I?m seeing the same thing on Windows with the same SVN
version, 32686.
From: wireshark-dev-boun...@x
[mailto:wireshark-dev-boun...@x
mailto:wireshark-dev-boun...@x]
On Behalf Of Abhik Sarkar
Sent: Thursday, May 06, 2010 10:00 AM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] tshark (Windows) not working
Hi All,
I can't get tshark to work anymore. I get this error:
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
It seems to be related to the changes related to the timestamps
which Stig
has been working on. Is anyone else facing issues?
I am on revision 32686.
Thanks,
Abhik.
___
Sent via:Wireshark-dev mailing list
wireshark-dev@wireshark.org mailto:wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Re: [Wireshark-dev] tshark (Windows) not working
PS: Interestingly, when I open the Interface List dialog in Wireshark, it
shows live values in Packet and Packet/s columns for the interface.
However, when I Start the capture on the same interface, then it gives the
error below.
On Tue, May 11, 2010 at 7:44 AM, Abhik Sarkar sarkar.ab...@gmail.comwrote:
It's still the same, Gerald :(
E:\wireshark-srcgrep 32697 *
tshark.c: * $Id: tshark.c 32697 2010-05-06 23:51:37Z gerald $
E:\wireshark-srcdumpcap -i 6
The capture session could not be initiated ().
Please check that \Device\NPF_{96896B6D-2F50-4415-B46F-6A59A1382DB1} is
the pr
oper interface.
Help can be found at:
http://wiki.wireshark.org/WinPcap
http://wiki.wireshark.org/CaptureSetup
E:\wireshark-src
On Mon, May 10, 2010 at 11:17 PM, Gerald Combs ger...@wireshark.orgwrote:
Can you try r32697?
Abhik Sarkar wrote:
I get the same error with dumpcap as well.
I went back to 32687 (there seem to be some major changes to dumpcap in
32688) and dumpcap works, but tshark gives the original error I
reported:
E:\wireshark-src\wireshark-gtk2dumpcap -i 2
File: C:\DOCUME~1\sarkara\LOCALS~1\Temp\wiresharka01288
Packets: 31 Packets dropped: 0
E:\wireshark-src\wireshark-gtk2tshark -i 2
Capturing on Intel(R) 82567LM Gigabit Network Connection
**
ERROR:column-utils.c:879:???: code should not be reached
E:\wireshark-src\wireshark-gtk2
Then, I went back to 32682 (there are changes in 32683 to column-utils)
and now it works at least.
So, I am staying here for now!
On Mon, May 10, 2010 at 10:02 AM, Abhik Sarkar sarkar.ab...@gmail.com
mailto:sarkar.ab...@gmail.com wrote:
Hi Joan,
I am getting that error on both tshark and Wireshark with my build
(32727) on Windows (32 bit). I tried doing a distclean;
verify_tools; setup and build. It compiles without error, but
refuses to capture. Looks like I chose a bad time to code a few
changes ;-)
I haven't got around to investigating the issue in detail (yet)... I
hope someone beats me to it.
Regards,
Abhik
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Extracting multiple FieldInfo values from a Field in Lua
Hi,
In case the field occurrence is more than 1 then result of the Field.new will
be a table/array and not just 1 value.
Try something like this:
ip_src_f = Field.new(ip.src)
local ip_src_table = { ip_src_f() }
for i,ip_src in ipairs(p_src_table) do
local src = tostring(ip_src.value)
--
end
Regards,
Tamas
-Original Message-
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Gerald Combs
Sent: Tuesday, 11 May 2010 11:00 AM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Extracting multiple FieldInfo values from a Field in
Lua
I'm trying to extract the outer and inner ip.src fields in an ICMP
time-to-live exceeded packet using Lua. If I create a listener that runs the
following:
ip_src_f = Field.new(ip.src)
local ip_src = ip_src_f()
local src = tostring(ip_src.value)
I can only see the lowest-layer ip.src field. According to the User's Guide,
calling a field's method obtains *all* of the FieldInfo values for that field.
Adding a debug printf to Field__call in wslua_field.c shows it pushing two
ip.src values into the stack for each ICMP packet, so Lua is presumably
receiving them. Does anyone know how to access them within the script?
The Lua API also provides a all_field_infos() function which returns the entire
dissection tree. Are there any examples that show how to use it?
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
