[Wireshark-dev] I want to make a specific sniffer based on Wireshark/Tshark
Hi fellow developers! Since I haven't received any response yet, I want to re-post it to this mailing-list. So, I want to make my own packet sniffer based from Wireshark or Tshark. It should only read my RFID tag which transmits probe requests using 802.11 protocoland bypass any other data. I know that Wireshark has packet capture filter, but I need to make more than a filter for my Last Project. I need to develop my own sniffer in Linux OS. Although my programming skill is not perfect, but I can code. The probe requests, though, differ from other wifi node's, such as laptops, probe request. There are two things which are different: 1. the the radiotap header 2. the destination address and the BSS Id 1. The radiotap header of the tag is instead same with AP's probe response on which the present flags is 2f 48 00 00. whilst my laptop's probe request is 04 80 02 00. So, I think I can identify my tag by its radiotap header and frame control. How can I filter out the radiotap header? Do I need to make my own dissector? 2. The destination address and the BSS Id of the tag's probe request is set to be broadcast (i.e ff ff ff ff ff ff). It differs from other node's Probe Request which is MAC address of target AP. So, based on this terms, where can I start? what environment is the best to code and test my program? I'm using Backtrack 5 r1 as my OS. Is it good for programming or I should change it? I use BT because wireshark adn aircrack is already built up there. One more thing, I need to use "airmon-ng start wlan0" to make my laptop's wireless adapter become in promiscuous mode. Can I add this capability to my packet sniffer? Thanks. Sincerely yours, Yohannes A. Siregar 13207200 Electrical Engineering 2007 Bandung Institute of Technology cellphone: +62-856-9767-1516 home phone: +62-21-821-2045 Dari: Jaap Keuter Kepada: Yohannes Affandy Siregar ; Developer support list for Wireshark Dikirim: Rabu, 21 Desember 2011 15:14 Judul: Re: [Wireshark-dev] Student Project. I want to reduce and add some functionalities in Wireshark. On 2011-12-21 05:39, Yohannes Affandy Siregar wrote: > Greetings fellow developers! > > I'm a student taking Electrical Engineering specializing Computer > Engineering and am still learning a lot about Wireless and Programming.. > I'm working on my last project in University. > > I now have to make a packet sniffer program which utilizes wireless > adapter in my laptop to read an RFID tag using 802.11 b/g protocol. > Using Backtrack 4 r2 as my OS, I could put my wifi adapter into monitor > mode and then used Wireshark to read the presence of the tag. It transmits > probe request and data inside it.. I already could see it. But, that's > not enough. Now, my professor wants me to make Wireshark to read only my > tag and not other WAP. Also he wants it to read the tag just once in a > period of time. and, I need to parse the MAC address of the tag too.. my > sniffer program has to proceed the MAC Address of the tag to a database > center. > > Can I change the source code of Wireshark to do those things: reads only > from specific type of clients, filters MAC address so that no same MAC > address recorded, and proceeds the MAC address and info in the tag to a > database server? Has anyone ever done this before? > > Thank you very much... > > Sincerely yours, > Yohannes A. Siregar Hi, > Now, my professor wants me to make Wireshark to read only my > tag and not other WAP. How do you identify 'my tag' apart from all other transmissions? Assuming by MAC address you can setup a capture filter for it. > Also he wants it to read the tag just once in a period of time. Assuming you filtered away all other traffic you could setup a display filter for that, working of the frame delta time. > and, I need to parse the MAC address of the tag too. Which brings us back to the first question: how to identify your tag if you can't work from the MAC address? > my sniffer program has to proceed the MAC Address of the tag to a database > center. Wireshark does GUI output, not helpful in this case. What you should look at then in tshark. It does the same thing, just text based. Much easier for online processing of captured info. Thanks, Jaap ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] development of protocol dissector for PSC in MPLS packages
Hi, is there any developer developing a protocol dissector for PSC over MPLS-TP? I would like to add the dissector if possible. Any comments? Kind regards, Sebastian Krüger -- Sebastian Krüger Dipl.Ing. Electronic, Communication-Protocols Uppsala, Sweden ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Development of PSC via MPLS-TP
Hi, is there any developer working on a protocol dissector for PSC over MPLS-TP (GAchCh 0x024)?? Otherwise I would like to start the development this week. I've seen that there is already support for BFD. So it would be easy to implement PSC in the same way. Any comments? Kind regards, Sebastian Krüger -- Sebastian Krüger Dipl.Ing. Eletronic and Network Communication Uppsala, Sweden ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] GOOSE dissector update
Hi Developers, I’ve updated the GOOSE dissector ASN.1 file to be able to display data for UTC timestamps. Could you please update the asn1/goose/goose.asn file with the attached one. Thanks, Martin. goose.asn Description: goose.asn ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Building plugins for both win32 & win64
I am very eager to know the answer since I am currently fighting to build both. I don't know how I did it but in fact, I 've got 2 folders: -wireshark-win32-lib -wireshark-win64-lib I think I have built correctly all libs in the 2 directories, but whenever I try compiling wireshark in 32 bits (set WIRESHARK_TARGET_PLATFORM=win32 within a x86 visual command prompt), I've got this error: "inffas32.obj : fatal error LNK1112: module machine type 'X86' conflicts with target machine type 'x64'" I've got no pb compiling into 64bits. (I call vcvars64bits,set WIRESHARK_TARGET_PLATFORM=win64). any help/doc on this could be useful. On Sat, Jan 14, 2012 at 5:45 PM, Weir, Alan wrote: > Am I correct in saying that in order to build a plugin for both win32 and > win64 that I have to install the source twice and build each version. Then > copy my plugin into each source tree and build the two executables. > > > > If so, then, with the recent discussions regarding moving to powershell and > or msbuild would it be possible to direct the built files into target > specific subfolders (i.e win32 and win64) in the same way that Visual Studio > does. In that way the source only needs to be installed once and the two > targets can be built side be side. > > > > Alan > > > > > ___ > Sent via: Wireshark-dev mailing list > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Building plugins for both win32 & win64
I am very eager to know the answer since I am currently fighting to build both. I don't know how I did it but in fact, I 've got 2 folders: -wireshark-win32-lib -wireshark-win64-lib I think I have built correctly all libs in the 2 directories, but whenever I try compiling wireshark in 32 bits (set WIRESHARK_TARGET_PLATFORM=win32 within a x86 visual command prompt), I've got this error: "inffas32.obj : fatal error LNK1112: module machine type 'X86' conflicts with target machine type 'x64'" I've got no pb compiling into 64bits. (I call vcvars64bits,set WIRESHARK_TARGET_PLATFORM=win64). any help/doc on this could be useful. On Sat, Jan 14, 2012 at 5:45 PM, Weir, Alan wrote: > Am I correct in saying that in order to build a plugin for both win32 and > win64 that I have to install the source twice and build each version. Then > copy my plugin into each source tree and build the two executables. > > > > If so, then, with the recent discussions regarding moving to powershell and > or msbuild would it be possible to direct the built files into target > specific subfolders (i.e win32 and win64) in the same way that Visual Studio > does. In that way the source only needs to be installed once and the two > targets can be built side be side. > > > > Alan > > > > > ___ > Sent via: Wireshark-dev mailing list > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Building plugins for both win32 & win64
> -Original Message- > From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- > boun...@wireshark.org] On Behalf Of Teto > Sent: 19 January 2012 17:17 > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Building plugins for both win32 & win64 > > I am very eager to know the answer since I am currently fighting to build > both. > I don't know how I did it but in fact, I 've got 2 folders: > -wireshark-win32-lib > -wireshark-win64-lib > > I think I have built correctly all libs in the 2 directories, but whenever I > try There's not much building, mostly downloading. It is best to keep them separate though. > compiling wireshark in 32 bits (set > WIRESHARK_TARGET_PLATFORM=win32 within a x86 visual command > prompt), I've got this error: > > "inffas32.obj : fatal error LNK1112: module machine type 'X86' > conflicts with target machine type 'x64'" > Have you done a 'nmake -f Makefile.nmake clean' when switching between build types? Check after this that there are no object files left lying around 'dir /s *.obj' and delete them if there are. As the builds are done in-tree if you don't clean all the previous types object files out they will cause issues with the build of the current type. > I've got no pb compiling into 64bits. (I call vcvars64bits,set > WIRESHARK_TARGET_PLATFORM=win64). > > any help/doc on this could be useful. > > On Sat, Jan 14, 2012 at 5:45 PM, Weir, Alan wrote: > > Am I correct in saying that in order to build a plugin for both win32 > > and > > win64 that I have to install the source twice and build each version. > > Then copy my plugin into each source tree and build the two executables. > > > > > > > > If so, then, with the recent discussions regarding moving to > > powershell and or msbuild would it be possible to direct the built > > files into target specific subfolders (i.e win32 and win64) in the > > same way that Visual Studio does. In that way the source only needs to > > be installed once and the two targets can be built side be side. > > > > > > > > Alan > > > > > > ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Building plugins for both win32 & win64
Yea, I've had to do a "distclean" when switching between the two "platforms" since they share common folders (and thus object files). Alan's methodology of installing the source twice and keeping both "platforms" separate is probably the only way to avoid the "distclean" and why there's the suggestion of keeping object file folders "platform specfic" when switching/upgrading to powershell or msbuild. Mike -Original Message- From: Graham Bloice To: mattator ; 'Developer support list for Wireshark' Sent: Thu, Jan 19, 2012 12:41 pm Subject: Re: [Wireshark-dev] Building plugins for both win32 & win64 > -Original Message- > From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- > boun...@wireshark.org] On Behalf Of Teto > Sent: 19 January 2012 17:17 > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Building plugins for both win32 & win64 > > I am very eager to know the answer since I am currently fighting to build > both. > I don't know how I did it but in fact, I 've got 2 folders: > -wireshark-win32-lib > -wireshark-win64-lib > > I think I have built correctly all libs in the 2 directories, but whenever I try There's not much building, mostly downloading. It is best to keep them separate though. > compiling wireshark in 32 bits (set > WIRESHARK_TARGET_PLATFORM=win32 within a x86 visual command > prompt), I've got this error: > > "inffas32.obj : fatal error LNK1112: module machine type 'X86' > conflicts with target machine type 'x64'" > Have you done a 'nmake -f Makefile.nmake clean' when switching between build types? Check after this that there are no object files left lying around 'dir /s *.obj' and delete them if there are. As the builds are done in-tree if you don't clean all the previous types object files out they will cause issues with the build of the current type. > I've got no pb compiling into 64bits. (I call vcvars64bits,set > WIRESHARK_TARGET_PLATFORM=win64). > > any help/doc on this could be useful. > > On Sat, Jan 14, 2012 at 5:45 PM, Weir, Alan wrote: > > Am I correct in saying that in order to build a plugin for both win32 > > and > > win64 that I have to install the source twice and build each version. > > Then copy my plugin into each source tree and build the two executables. > > > > > > > > If so, then, with the recent discussions regarding moving to > > powershell and or msbuild would it be possible to direct the built > > files into target specific subfolders (i.e win32 and win64) in the > > same way that Visual Studio does. In that way the source only needs to > > be installed once and the two targets can be built side be side. > > > > > > > > Alan > > > > > > ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Ronnie's Wireshark presentation / attaching files to the Presentations page on the wiki
Great! Unfortunately I can't seem to get the file up there: every time I've tried the connection gets reset. I tried with a tiny file and it worked fine. The presentation is only 1.4 Mb but is it likely that size is an issue? Gerald Combs wrote: I'm OK with putting it on the wiki. If you're concerned about the file size I can put it on the main site. On 1/18/12 2:01 PM, ronnie sahlberg wrote: I am ok with putting the presentation on the wiki. On Thu, Jan 19, 2012 at 1:37 AM, Jeff Morriss wrote: Hi Ronnie, Gerald, et al, This page on the wiki: http://wiki.wireshark.org/Presentations Points, among other things, to a presentation Ronnie made back in 2008 showing some of the cool things you can do with Wireshark. Unfortunately the link has since gone bad. I happen to have a copy of the presentation locally (I had referred to it in some internal training I did). Would it be acceptable to attach it to the wiki? The presentation says at the bottom: Storage Developer Conference 2008 © 2008 Insert Copyright Information Here. All Rights Reserved. Or would it be a bad precedent to start attaching potentially large files there? Regards, -Jeff ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Reassembling fragmented messages
Hi,
I've just subscribe to this list to find some successful experience on
reassembling packets.
I'm trying to use the developers guide to help me on doing it, but I had no
success until this moment.
I'm creating a new dissector and for simple messages it works fine, but
nothing works neither when adding fragments in a hash table nor when
reassembling the packets.
Let me show the incoming packets, at first, to make the problem more clear.
In the .log file -also created by myself-, I have the following:
The packet with the total size to be reassembled is this one
*18:25:13.257*
*00 00 0C 00 05 AA FF 00 00 8F .*
Where *00 0C 00 05 *means:
*01 - TX*
*0C - My protocol*
*00 05 - 2 bytes length*
*
*
And *A0 12 00 00 8F** *means:
*AA - Command class*
*FF - Instruction*
*00 - Don't care*
*00 - Don't care*
*>> 8F - The TOTAL length of the bytes to be received by the ME. <<*
*
*
And as the answer from SIM card, I have the following:
*18:25:13.264*
*00 01 0C 00 72 FF D0 81 8C 81 03 01 25 00 82 02 81 *
*10 82 85 0C 53 65 72 76 69 09 6F 73 20 54 49 4D 8F *
*20 0D 02 4D 65 75 20 4D 65 6E 75 20 54 49 4D 8F 05 *
*30 03 53 6F 6E 73 8F 07 04 43 61 6E 61 69 73 8F 0E *
*40 05 43 68 61 74 20 64 6F 20 62 6C 61 68 21 8F 08 *
*50 06 44 65 73 61 66 69 6F 8F 0A 07 41 67 65 6E 64 *
*60 61 20 4C 44 8F 0B 08 54 49 4D 20 41 67 65 6E 64 *
*70 61 8F 0C 09 54 49 ..*
Where *01 0C 00 72 FF *means:
*01 - RX*
*0C - ISO7816-3 protocol*
*00 72 - 2 bytes length*
*FF - The instruction received for this answer being sent.*
The *FF* is the received instruction value and the following bytes -from
D0 to 49 - are part of HALF of full message.
The second and last part of the message is the following:
*18:25:13.265*
*00 01 0C 00 20 4D 20 54 6F 72 70 65 64 6F 8F 0A 0B *
*10 54 49 4D 20 43 6F 66 72 65 8F 07 0C 45 2D 6D 61 *
*20 69 6C 9F FF *
Where the first 4 bytes are the same header as the former* but now *there
is no identification with any instruction received, since the only TX came
in the first message, so we have:
TX -->
<-- RX(PART 1)
<-- RX(PART 2)
Ok, so I need to sum part 1 (from 6th byte -'D0'- to the last byte -'49' )
with the part 2 (from 5th byte -'4D'- to the last -'6C'-)
Now, the code:
save_fragmented = pinfo->fragmented;
pinfo->fragmented = TRUE;
nRXCounter = pinfo->fd->num;
frag_msg = fragment_add_seq_check (tvb, 1, pinfo,
nRXCounter, // guint32 ID for fragments belonging together -
Is the same for the two parts of the message.
iso7816_fragment_table, // list of message fragments
iso7816_reassembled_table,// list of reassembled messages
nFrameCounter++,// guint32 fragment sequence number - static
variable starting at 0 value, working fine.
tvb_reported_length(tvb), // guint32 fragment length
!bGetNextRXFragment); // More fragments? */
bGetNextRXFragment = TRUE;
nLastRXLength = nLastRXLength-(len-3);
pinfo->fragmented = save_fragmented;
In the first RX received, it will add the tvb in the hash table, but in the
second, due to the bGetNextRXFragment = TRUE; it will call the *
fragment_add_seq_check* with the last parameter being *FALSE, *what I
understand is that I need to change it to FALSE when I know that there is
no more fragments, right??
There is any other parameter to pass/set in this function to signalize that
there are no more fragments and the message can be reassembled?
I tried to change everything, use another functions, but it doesn't work and
* **frag_msg* is NEVER a valid value, on the Wireshark I see only it adding
fragments forever.
To check the answer for that, i have:
if (frag_msg) /* Reassembled */{
col_append_str(pinfo->cinfo, COL_INFO,"REASSEMBLED");
nFrameCounter = 0;
}
else /* Not last packet of reassembled Message */{
col_append_fstr(pinfo->cinfo, COL_INFO,"(Message fragment # %u)",
nFrameCounter++);
}
if(new_tvb){
col_append_fstr(pinfo->cinfo, COL_INFO,"new_tvb OK");
}
else{
col_append_fstr(pinfo->cinfo, COL_INFO,"* new_tvb NULL");
}
And what I see in the Wireshark is :
8 18:25:13.264000 MyProtocol Equipment PROT 118 (Message fragment # 0)*
new_tvb NULL
9 18:25:13.265000 MyProtocol Equipment PROT 36 (Message fragment # 1)*
new_tvb NULL
Does anyone know how can I check if I'm doing everything needed to
reassemble the fragments with no problems? I'm doing something wrong but I
could not find what.
Thanks in advance for you all.
--
Francesco Jacomel.
___
Sent via:Wireshark-dev mailing list
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
Re: [Wireshark-dev] Ronnie's Wireshark presentation / attaching files to the Presentations page on the wiki
I don't think it's related to the file size: I was able to upload a ~5 Mb PDF just fine. It just doesn't like Ronnie's presentation. Until I gzip'd it: then it uploaded fine (the gzip did not shrink the file appreciably). Weird. Maybe the wiki doesn't like something about the contents? Jeff Morriss wrote: Great! Unfortunately I can't seem to get the file up there: every time I've tried the connection gets reset. I tried with a tiny file and it worked fine. The presentation is only 1.4 Mb but is it likely that size is an issue? Gerald Combs wrote: I'm OK with putting it on the wiki. If you're concerned about the file size I can put it on the main site. On 1/18/12 2:01 PM, ronnie sahlberg wrote: I am ok with putting the presentation on the wiki. On Thu, Jan 19, 2012 at 1:37 AM, Jeff Morriss wrote: Hi Ronnie, Gerald, et al, This page on the wiki: http://wiki.wireshark.org/Presentations Points, among other things, to a presentation Ronnie made back in 2008 showing some of the cool things you can do with Wireshark. Unfortunately the link has since gone bad. I happen to have a copy of the presentation locally (I had referred to it in some internal training I did). Would it be acceptable to attach it to the wiki? The presentation says at the bottom: Storage Developer Conference 2008 © 2008 Insert Copyright Information Here. All Rights Reserved. Or would it be a bad precedent to start attaching potentially large files there? Regards, -Jeff ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] How do display filters work internally?
Hello List,
I fail to understand how display filters work internally. I'm still trying
to get my generic ip.addr filter working, but I seem to lack some understanding
on how display filters work.
It looks like putting an "alien" protocol filter into the hf array will work,
as ip.version inside packet-ipv6.c shows: The field is shown and filterable.
Putting the ip.addr field vom packet-ip.c into all uses of ipv4 addresses
(everything of type FT_IPv4) will show it, but it won't be filterable (neither
existence nor value).
Can someone please fill in some info how display filtering works?
Thanks
Joerg
--
Joerg Mayer
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
Index: epan/proto.c
===
--- epan/proto.c (revision 40592)
+++ epan/proto.c (working copy)
@@ -244,6 +244,9 @@
/* special-case header field used within proto.c */
int hf_text_only = -1;
+/* Handle pseudo fields */
+extern int hf_ip_addr;
+
/* Structure for information about a protocol */
struct _protocol {
const char *name; /* long description */
@@ -257,6 +260,9 @@
gboolean is_private; /* TRUE is protocol is private */
};
+/* Prevent recursion adding pseudo elements */
+static gboolean adding_pseudo = FALSE;
+
/* List of all protocols */
static GList *protocols = NULL;
@@ -1203,6 +1209,7 @@
const char *string;
nstime_t time_stamp;
GPtrArray *ptrs;
+ proto_item *item;
/* there is a possibility here that we might raise an exception
* and thus would lose track of the field_info.
@@ -1688,6 +1695,19 @@
if (ptrs)
g_ptr_array_add(ptrs, new_fi);
+ /* Add pseudo elements for some types */
+ if (adding_pseudo == TRUE) {
+ adding_pseudo = FALSE;
+ return pi;
+ }
+ switch(new_fi->hfinfo->type) {
+ case FT_IPv4:
+ adding_pseudo = TRUE;
+ item = proto_tree_add_item(tree, hf_ip_addr, tvb, start, length, ENC_BIG_ENDIAN);
+ PROTO_ITEM_SET_HIDDEN(item);
+ default:
+ break;
+ }
return pi;
}
@@ -2088,7 +2108,7 @@
proto_tree_add_ipv4(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start,
gint length, guint32 value)
{
- proto_item *pi;
+ proto_item *pi, *item;
field_info *new_fi;
header_field_info *hfinfo;
@@ -2099,6 +2119,14 @@
pi = proto_tree_add_pi(tree, hfindex, tvb, start, &length, &new_fi);
proto_tree_set_ipv4(new_fi, value);
+ if ( adding_pseudo == TRUE ) {
+ adding_pseudo = FALSE;
+ return pi;
+ }
+ adding_pseudo = TRUE;
+ item = proto_tree_add_item(tree, hf_ip_addr, tvb, start, length, ENC_BIG_ENDIAN);
+ PROTO_ITEM_SET_HIDDEN(item);
+
return pi;
}
Index: epan/dissectors/packet-ip.c
===
--- epan/dissectors/packet-ip.c (revision 40592)
+++ epan/dissectors/packet-ip.c (working copy)
@@ -104,7 +104,7 @@
static int hf_ip_dst_host = -1;
static int hf_ip_src = -1;
static int hf_ip_src_host = -1;
-static int hf_ip_addr = -1;
+int hf_ip_addr = -1;
static int hf_ip_host = -1;
static int hf_ip_flags = -1;
static int hf_ip_flags_sf = -1;
@@ -1035,9 +1035,6 @@
dst_host = get_hostname(addr);
proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
offset + optoffset, 4, addr);
- item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
- offset + optoffset, 4, addr);
- PROTO_ITEM_SET_HIDDEN(item);
item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
offset + optoffset, 4, dst_host);
PROTO_ITEM_SET_GENERATED(item);
@@ -1960,8 +1957,6 @@
ip_to_str(iph->ip_src.data));
}
proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
-item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
-PROTO_ITEM_SET_HIDDEN(item);
item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
src_host);
PROTO_ITEM_SET_GENERATED(item);
@@ -2042,9 +2037,6 @@
}
else {
proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
- item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
- addr);
- PROTO_ITEM_SET_HIDDEN(item);
item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
4, dst_host);
PROTO_ITEM_SET_GENERATED(item);
@@ -2251,7 +2243,7 @@
NULL, 0x0, NULL, HFILL }},
{ &hf_ip_addr,
- { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
+ { "IP Address", "ip.addr", FT_IPv4, BASE_NONE,
NULL, 0x0, NULL, HFILL }},
{ &hf_ip_host,
___
Sent via:Wireshark-dev mailing list
Archives:http://www.wireshark.org/list
Re: [Wireshark-dev] Ronnie's Wireshark presentation / attaching files to the Presentations page on the wiki
Weird. The error log on the server shows this: The timeout specified has expired: mod_wsgi (pid=22671): Unable to get bucket brigade for request., referer: http://wiki.wireshark.org/Presentations?action=AttachFile I uncompressed the file on the server and updated the attachment link accordingly. On 1/19/12 2:35 PM, Jeff Morriss wrote: > I don't think it's related to the file size: I was able to upload a ~5 > Mb PDF just fine. It just doesn't like Ronnie's presentation. > > Until I gzip'd it: then it uploaded fine (the gzip did not shrink the > file appreciably). Weird. Maybe the wiki doesn't like something about > the contents? > > Jeff Morriss wrote: >> Great! Unfortunately I can't seem to get the file up there: every >> time I've tried the connection gets reset. >> >> I tried with a tiny file and it worked fine. The presentation is only >> 1.4 Mb but is it likely that size is an issue? >> >> Gerald Combs wrote: >>> I'm OK with putting it on the wiki. If you're concerned about the file >>> size I can put it on the main site. >>> >>> On 1/18/12 2:01 PM, ronnie sahlberg wrote: I am ok with putting the presentation on the wiki. On Thu, Jan 19, 2012 at 1:37 AM, Jeff Morriss wrote: > Hi Ronnie, Gerald, et al, > > This page on the wiki: > > http://wiki.wireshark.org/Presentations > > Points, among other things, to a presentation Ronnie made back in 2008 > showing some of the cool things you can do with Wireshark. > Unfortunately the > link has since gone bad. > > I happen to have a copy of the presentation locally (I had referred > to it in > some internal training I did). Would it be acceptable to attach it > to the > wiki? > > The presentation says at the bottom: > >> Storage Developer Conference 2008 >> © 2008 Insert Copyright Information Here. All Rights Reserved. > > Or would it be a bad precedent to start attaching potentially large > files > there? > > Regards, > -Jeff ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe >>> >>> >> >> > > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Trying QtShark on Windows
On 1/17/12 4:00 AM, Anders Broman wrote: > Hi, > At the first attempt it crashed for me because I had a USER_DLT pointing > to a proprietary Plug-in. > The reason for the crash is that there is no repoert failure fn defined in: > epan_init(register_all_protocols,register_all_protocol_handoffs, > NULL, NULL, NULL, NULL, NULL, NULL > // splash_update, (gpointer) splash_win, > // > failure_alert_box,open_failure_alert_box,read_failure_alert_box, > // write_failure_alert_box > ); > And I suspect that plugins are not loaded when using QtShark, should > EXTRA_BINFILESin QtShark.pro be pointing to wireshark-gtk2/plugins/xxx/ > or should we collect the needed stuff in a Qt dir? Can you try r40600? You'll probably have to add WIRESHARK_RUN_FROM_BUILD_DIRECTORY to your Run Environment (Projects→Run Settings). ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 34196: /trunk/ /trunk/: configure.in
On 10/20/2011 10:45 AM, Jeff Morriss wrote: jma...@wireshark.org wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=34196 User: jmayer Date: 2010/09/22 11:45 PM Log: Enable Python in HEAD to find problems during testing. Any objections to reverting this and disabling Python by default? Bug 6448 says it doesn't actually work. And last night my Valgrind runs were yielding pages of memory leaks and/or other errors from the Python stuff--enough so that I just disabled it so I could see things I was actually interested in. I just remembered this... Since no one objected, I disabled Python by default in r40602. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 40602: /trunk/ /trunk/: CMakeLists.txt CMakeOptions.txt configure.in
On 01/19/2012 10:20 PM, morr...@wireshark.org wrote:
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=40602
User: morriss
Date: 2012/01/19 07:20 PM
Log:
Bug 6448 says the embedded Python stuff does not really work.
And if I run Valgrind with Python enabled, I get pages of errors related to
it.
So: disable Python by default.
Directory: /trunk/
ChangesPathAction
+2 -2 CMakeLists.txt Modified
+1 -1 CMakeOptions.txtModified
Could someone familiar with CMake tell me if this part of this change is
correct?
-if(HAVE_LIBPYTHON)
+if(PYTHON_FOUND)
set(HAVE_PYTHON 1)
set(PYTHON_DIR
"${CMAKE_INSTALL_PREFIX}/lib/wireshark/python/${CPACK_PACKAGE_VERSION}")
endif()
Doing that was the only way I could allow enabling/disabling Python just
by changing the default option value in CMakeOptions.txt .
It seems to make sense to me because I find *no* other references to
HAVE_LIBPYTHON in any of the CMake stuff, but then it's the same with
the rest of the HAVE_LIB* variables...
___
Sent via:Wireshark-dev mailing list
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 40601: /trunk/epan/ /trunk/epan/: packet.c packet.h
On Jan 19, 2012, at 6:43 PM, wme...@wireshark.org wrote: > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=40601 > > User: wmeier > Date: 2012/01/19 06:43 PM > > Log: > Add 'heur_dissector_set_enabled()' to allow a dissector to enable/disable > heuristic dissection; > Rename some vars; > Do some minor re-indentation and whitespace changes. Hmm. Should this be done from the enable/disable dissectors dialog? E.g., if a protocol has both key-based (uint or string or whatever we add in the future) and heuristic dissectors, should there be checkboxes to control the key-based and heuristic dissectors, and if it has only a heuristic dissector, should there be an entry for it? ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
