Re: [Wireshark-dev] Programming against WireShark pcap processing engine

2011-03-13 Thread Abhik Sarkar 
Hi Per,

It you can see SMIL decoded in Wireshark or JPEG data, then there should be
a corresponding element in PDML as well. You will also need to use the
Decode As option in tshark in case the MMSC is using a non-standard port.

Regards,
Abhik

On Fri, Mar 11, 2011 at 5:08 PM, Per Steffensen st...@designware.dk wrote:

 Hi

 Thanks for you anwser, Abhik. I will consider your suggestion about
 exporting to PDML. Didnt even know that there where such a thing.

 As I understand you, tshark is able to do this for me and include e.g. full
 SMIL and images. As I understood another answer to my question, tshark is
 not able to extract content (like SMIL and images). Does anyone know which
 one it is - is tshark able to extract content for me or not? If it is then
 I might be able to live with using tshark, even though is sounds more
 correct to me to integrate via API with the engine instead of integrate by
 calling command-line stuff.

 Regards, Per Steffensen
 BTW: Does anyone know how to easily reply to posts from the digest mails I
 get from the mailing list. I do something stupid like constructing a new
 mail with the same subject (prefixed with Re:) and doing the quoting
 manually. But I not sure that it even ends up in the right thread that
 way, and I am sure that it is not able to figure out exactly which prior
 post I am anwsering and therefore where to put my new post in the
 thread-tree

  quote -

 How about exporting the captures to PDML format and then parsing the output
 XML in Java? I know it is CPU intensive and the PDML files could become
 quite large, but each layer (SMIL/images etc) would appear as separate
 entities and by doing some searching you might be able to extract what you
 want.

 You could first use Wireshark to export to PDML file just to see the format
 and understand if it is worth it. Then you can call tshark later to do the
 conversion for you automatically.

 HTH,
 Abhik

 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] New page, giving link-layer header type values and descriptions, added to www.tcpdump.org

2011-03-13 Thread Guy Harris 
http://www.tcpdump.org/linktypes.html

contains a description of all the existing link-layer header types for which 
there is either

1) an official standard;

2) a reasonably complete description;

3) a tcpdump or Wireshark dissector from which I could construct a 
reasonably complete description;

as well as a mention of the USER0 through USER15 types.  If the description 
wasn't available elsewhere on the Web, or in a published standard, I created a 
description page in the http://www.tcpdump.org/linktypes directory, and linked 
to it.

The table of link-layer header type values gives:

the LINKTYPE_ name for the type - currently, that's only used inside 
libpcap, and not exported, as there are no APIs to fetch it;

the value of that LINKTYPE_ name - that's what should be used in pcap 
and pcap-ng capture files;

the corresponding DLT_ name - that's what's returned by the libpcap 
APIs;

a description of the header.

The value for the DLT_ name is *NOT* given, as it may differ from platform to 
platform; in most cases, it's the same as the LINKTYPE_ value, but, in a few 
cases, a separate LINKTYPE_ value was assigned, in an attempt to cope with 
different BPF-bearing systems choosing different numeric values for the same 
DLT_ name.

It's linked to from the menu at the top of all pages.

I've checked in a change to the pcap-linktypes man page, in the libpcap trunk 
and 1.1 branch, to just refer to the Web page rather than to enumerate the 
link-layer header types.  The descriptions in pcap/bpf.h should also migrate to 
the linktypes.html page and subpages in the linktype directory.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe