from:"Conall Prendergast"

[Wireshark-dev] Enrich tshark data

2017-09-08 Thread Conall Prendergast

Hi All,

Wireshark has the ability to enrich some of the numeric values it sees. For
example, if is sees a http status code of 200, it might print "OK" beside
it, because HTTP 200 means OK (This is just a guess, Im not sure what it
does for HTTP status codes).

Is it possible to add this kind of enrichment to tshark's json output?

Regards,
Conall

-- 


3 Custom House Plaza | IFSC | Dublin | D01 VY76 | Ireland | Tel.  +353 (1) 
291 0138 | Fax. +353 (1) 291 0131 

Asia Office - Suite 12.03, Level 12, Centrepoint North | Mid Valley City | 
59200 Kuala Lumpur | Malaysia | Tel. +603 2201 3375 

The information contained in this e-mail transmission is confidential and 
may be privileged. It is for the intended recipient only. Any views or 
opinions present are solely those of the author. If you are not the 
intended recipient you must not use, disclose, distribute, copy, print or 
rely on this e-mail. If you have received this e-mail in error, please 
immediately notify us by telephone at 353-1-2910138 or e-mail 
mailad...@anam.com and delete the email from your system
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] TCAP SRT analysis

2017-08-08 Thread Conall Prendergast

Hi All,

The TCAP SRT analysis is broken in 2.2.8 and 2.4. I have written a bug on
it here .

This was broken in this
 recent change,
which does fix another broken issue in v2.2.7.

Regards,
Conall

-- 


3 Custom House Plaza | IFSC | Dublin | D01 VY76 | Ireland | Tel.  +353 (1) 
291 0138 | Fax. +353 (1) 291 0131 

Asia Office - Suite 12.03, Level 12, Centrepoint North | Mid Valley City | 
59200 Kuala Lumpur | Malaysia | Tel. +603 2201 3375 

The information contained in this e-mail transmission is confidential and 
may be privileged. It is for the intended recipient only. Any views or 
opinions present are solely those of the author. If you are not the 
intended recipient you must not use, disclose, distribute, copy, print or 
rely on this e-mail. If you have received this e-mail in error, please 
immediately notify us by telephone at 353-1-2910138 or e-mail 
mailad...@anam.com and delete the email from your system
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs

2017-05-25 Thread Conall Prendergast

Hi All,

I have been analyzing a TCAP trace with wireshark with the tcap.srt and
tcap.persistentsrt options set to "TRUE".

This should correctly match TCAP Begins (using 2 pass analysis) with their
associated TCAP Ends, and vise-versa.

I have attached two files, "correct_matches.pcap" and
"incorrect_matches.pcap", that demonstrate some spurious behavior. These
two files are from the same feed, and "correct_matches.pcap" contains
packets 5, 11, 15, and 19 from "incorrect_matches.pcap".

"correct_matches.pcap" will correctly match packet 1 (TC_BEGIN) with packet
4 (TC_END), and packets 2 and 3 similarly, however, when these packets are
analysed with the rest of the feed (incorrect_matches.pcap), these very
same packets do not match up.

Instead, packet 5 (packet 1 from "correct_matches") matches with packet 15
(3) instead of packet 19 (4).

As you can guess, this is unexpected behavior.

So in summary, correct_maches.pcap contains:
1 => 4
2 => 3

incorrect_matches contains:
5 => 15
11 => x
x => 19

and the mapping of correct_matches to incorrect_matches is:
1 => 5
2 => 11
3 => 15
4 => 19


Any and all help is appreciated.
Thanks,
Conall

-- 


3 Custom House Plaza | IFSC | Dublin | D01 VY76 | Ireland | Tel.  +353 (1) 
291 0138 | Fax. +353 (1) 291 0131 

Asia Office - Suite 12.03, Level 12, Centrepoint North | Mid Valley City | 
59200 Kuala Lumpur | Malaysia | Tel. +603 2201 3375 

The information contained in this e-mail transmission is confidential and 
may be privileged. It is for the intended recipient only. Any views or 
opinions present are solely those of the author. If you are not the 
intended recipient you must not use, disclose, distribute, copy, print or 
rely on this e-mail. If you have received this e-mail in error, please 
immediately notify us by telephone at 353-1-2910138 or e-mail 
mailad...@anam.com and delete the email from your system


correct_matches.pcap
Description: Binary data


incorrect_matches.pcap
Description: Binary data
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Enrich tshark data

[Wireshark-dev] TCAP SRT analysis

[Wireshark-dev] TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs

3 matches

Site Navigation

Mail list logo

Footer information