[Wireshark-dev] query regarding handoff function
Hi, If the handoff function includes all those protocols to which the packets can be forwarded for dissection from the current protocol, why the handoff function for sctp does not contain the handle of NBAP protocol( As depending on the port value the packets from sctp can be forwarded to NBAP protocols , why NBAP handle is not in sctp handoff function ) ?? Regards Rahul Rohit === Please refer to http://www.aricent.com/legal/email_disclaimer.html for important disclosures regarding this electronic communication. === ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Unable to recognise DTLS packets
Hi I used the command 'tshark -r "dtls_pcap.pcapng" -R "dtls" > dtls.txt' , for redirecting the informations of the packets diplayed in the pcap file dtls_pcap.pcapng into the text file dtls.txt. But,although the pcap file contained dtls packets,displayed when the 'Decode As' option was manually used, but the text file was blank,when filter used was "dtls".On the other hand ,when the filter used in the above command was "coap",the text file conatained packets,whose header was parsed as CoAP header,instead of dtls header. Please let me know how can I display dtls packets,with headers parsed as DTLS header using tshark in the command line. Thanks & Regards Tulika Bose Follow me on KNOME: https://knome.ultimatix.net/u/tulika.bose Tata Consultancy Services Limited Cell:- +918820214176 Mailto: tulika.b...@tcs.com Website: http://www.tcs.com Experience certainty. IT Services Business Solutions Consulting -wireshark-dev-boun...@wireshark.org wrote: - To: Developer support list for Wireshark From: Pascal Quantin Sent by: wireshark-dev-boun...@wireshark.org Date: 02/13/2014 01:37PM Subject: Re: [Wireshark-dev] Unable to recognise DTLS packets Hi, 2014-02-13 8:43 GMT+01:00 Tulika Bose : Hi Thanx a lot.I used the 'Decode as' option,and the DTLS header is getting parsed correctly.But it caused an issue,that for some some of the DTLS packets,the pprotocol field showed DTLSv1,while the other packets showed it as DTLS,although all the packets are of the same version.Is there any particular reason for such a difference in version. Secondly,I would like to get the packet displayed with the header information,through command line using tshark,and redirect the output to a text file.But when the filter string used is 'dtls',the file conatains no entries.On the other hand,when the filter string used with the same command is 'coap',packets get displayed,but then again the DTLS header is parsed as CoAP.I would like to get DTLS packets decoded as DTLS through command line.I am using version 10.4.Is there any other approach to do the same using the same version,or I need to update it? tshark -d option is your friend. See http://www.wireshark.org/docs/man-pages/tshark.html for details. Pascal. -Hauke Mehrtens wrote: - To: Developer support list for Wireshark , tulika.b...@tcs.com From: Hauke Mehrtens Date: 02/12/2014 06:02PM Subject: Re: [Wireshark-dev] Unable to recognise DTLS packets On 02/12/2014 01:02 PM, Tulika Bose wrote: > Dear All, >I have come across a problem with the display filter of dtls.The > version I am using is 1.10.4.I have some DTLS packets,where DTLS is used > over CoAP,and they have been captured in a .pcapng file. But when I > filter the packets using the string 'dtls',no packets get displayed.On > the other hand,when the filter string used is 'coap' or 'udp', packets > get displayed,because DTLS is using the same port as coap which is > 5683.But the problem is that the wireshark cannot recognise the DTLS > header,it parses the same as the CoAP header,although these are actually > dtls packets.It would be very kind of you,if you help me with the issue. > > Thanks & Regards > Tulika Bose Port 5683 is the default CoAP port and then the CoAP dissector is used by default. You can right click on the Package in wireshark and then click on "Decode As..." and select DTLS to decode it was DTLS. Wen you want to use DTLS with CoAP I would suggest you to use a nightly build or a 11.X version of wireshark, there are some improvements in wireshark regarding these two protocols. Hauke =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe___ Sent via:Wireshark-dev maili
Re: [Wireshark-dev] Feature request: option to auto scroll IO graph when scrollbar thumb is at right end of scrollbar
On Feb 15, 2014, at 11:56 PM, Reinhard Nissl wrote: > This feature is similar to how most IDEs behave in there output window. That behavior is hardly unique to IDEs, as per comments I added to the bug. The behavior in question makes sense to me. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] what is the meaning of function proto_register_subtree_array?
On Feb 16, 2014, at 7:55 AM, Bill Meier wrote: > Essentially: proto_register_subtree() registers variables (usually named > ett_...) which are used to store state as to whether a particular sub-tree is > expanded or not in the "packet-details" pane in the GUI. ...so that, if you've opened up a particular subtree (such as, for example, the top-level subtree for IPv4) in one packet, if you click on another packet, that particular subtree will be automatically opened. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Feature request: option to auto scroll IO graph when scrollbar thumb is at right end of scrollbar
Hi, https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9775 Bye. -- Dipl.-Inform. (FH) Reinhard Nissl mailto:rni...@gmx.de ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Display filter frame.time_delta > 0.1returns incorrect results
Hi, https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9774 Bye. -- Dipl.-Inform. (FH) Reinhard Nissl mailto:rni...@gmx.de ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] *** GMX Spamverdacht *** Re: Feature request: show context frames for frames matching display filter
Hi, Am 16.02.2014 16:57, schrieb Bill Meier: when investigating network issues with a display filter like frame.time_delta > 0.1 it would be useful to also see the previous 10 and next 5 frames of the matching frame for example, to get an idea what caused that delay. This feature is comparable to the context control options of the common utility grep: -A, -B or -C. Thanks for the suggestion. Please create an "enhancement request" at bugs.wireshark.org. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9773 Bye. -- Dipl.-Inform. (FH) Reinhard Nissl mailto:rni...@gmx.de ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Feature request: show context frames for frames matching display filter
On 2/16/2014 2:38 AM, Reinhard Nissl wrote: Hi, when investigating network issues with a display filter like frame.time_delta > 0.1 it would be useful to also see the previous 10 and next 5 frames of the matching frame for example, to get an idea what caused that delay. This feature is comparable to the context control options of the common utility grep: -A, -B or -C. Feel free to ask for further information. Thanks in advance. BTW: Wireshark (64-bit) 1.10.5 (SVN Rev 54262 from /trunk-1.10) Bye. Thanks for the suggestion. Please create an "enhancement request" at bugs.wireshark.org. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] what is the meaning of function proto_register_subtree_array?
On 2/16/2014 7:44 AM, 我想不无聊 wrote: when you register a protocol,you should do the following three steps, 1.proto_register_protocol(); 2.proto_register_field_array(); 3.proto_register_subtree_array() what does the third function proto_register_subtree_array do?why ?and do it for what reason? Essentially: proto_register_subtree() registers variables (usually named ett_...) which are used to store state as to whether a particular sub-tree is expanded or not in the "packet-details" pane in the GUI. See proto_item_add_subtree(...) in the code for pretty much any dissector. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] what is the meaning of function proto_register_subtree_array?
when you register a protocol,you should do the following three steps,1.proto_register_protocol(); 2.proto_register_field_array(); 3.proto_register_subtree_array() what does the third function proto_register_subtree_array do?why ?and do it for what reason?___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe