Re: [Wireshark-dev] Wireshark & monitoring in the enterprise environment

2009-02-08 Thread Martin Sustrik 
Jaap,

Sorry for annoyance. I was subscribed to the dev list as I've wrote some 
code for Wireshark before thus I have somehow managed to send the post 
here. It obviously belongs to the users list.

Martin

Jaap Keuter wrote:
> Hi,
> 
> If there's any list for it, it's wireshark-users, not wireshark-dev.
> 
> Thanx,
> Jaap
> 
> Martin Sustrik wrote:
>> Hi all,
>>
>> I've written an article about monitoring business data, things like 
>> "invoices" or "stock quotes", using Wireshark:
>>
>> http://www.zeromq.org/code:traffic-monitoring
>>
>> If there's anybody interested in business messaging on the list I would 
>> appreciate any pointers to handy and/or fancy features, tips & tricks 
>> etc. with respect to monitoring and analysis of network data in the 
>> enterprise environment.
>>
>> Thanks.
>> Martin
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark & monitoring in the enterprise environment

2009-02-08 Thread Martin Sustrik 
Hi all,

I've written an article about monitoring business data, things like 
"invoices" or "stock quotes", using Wireshark:

http://www.zeromq.org/code:traffic-monitoring

If there's anybody interested in business messaging on the list I would 
appreciate any pointers to handy and/or fancy features, tips & tricks 
etc. with respect to monitoring and analysis of network data in the 
enterprise environment.

Thanks.
Martin
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] AMQP dissector patch

2007-05-31 Thread Martin Sustrik 
Steve,

The problem is that the code is generated from the protocol 
specification. If I was to find out which parameters actually need _U_ 
and which do note, the code generation would get considerably more 
complex (two passes instead of single one).

Martin

From: Stephen Fisher <[EMAIL PROTECTED]>
Date: Mon, 21 May 2007 14:02:33 -0700

On Mon, May 21, 2007 at 02:30:59PM +0200, Martin Sustrik wrote:

 > Here's the patch for following issues:
 >
 > - If there are several AMQP frames in single TCP packet, all of them are
 > shown in the 'info' column
 > - AMQP heartbeat is dissected correctly, it doesn't assert any more
 >
 > Can you please apply the patch to the SVN?

I have one question before applying the patch.  Both in your patch and
in the existing code, many functions have _U_ for every paramter in
functions, even when those variables are used within the function.  Any
idea why that is?


Steve

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] AMQP dissector patch

2007-04-06 Thread Martin Sustrik 

Hi Ronnie,

I've corrected AMQP dissector to handle heartbeats corectly. Diff is 
attached. Can you check it in, please?


Thanks.
Martin
0a1
> 
9,10d9
<  * $Id: packet-amqp.c 21254 2007-03-28 22:16:43Z sahlberg $
<  *
2089a2089,2094
> case AMQP_FRAME_TYPE_HEARTBEAT:
> if (check_col(pinfo->cinfo, COL_INFO)) {
> col_append_str(pinfo->cinfo, COL_INFO, "Heartbeat ");
> col_set_fence(pinfo->cinfo, COL_INFO);
> }
> break;
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] (Fwd) Re: Patch to AMQP dissector

2007-03-28 Thread Martin Sustrik 
Ronnie,

> Why do you change all function argumentns to use _U_ ?
> 
> _U_ is only used to mark a parameter as unused so that the compiler
> will not emit any warnings "parameter foo is never used".
> 
> You only set this _U_ for arguments that are indeed never used inside
> the function to suppress these kinds of compiler warnings.
>  
> Can you resubmit the patch after removing and reviewing these _U_ changes?

The problem here is that we are generating the code. In case we want to 
remove obsolete _U_s we would have to do generation in 2 passes (1st 
pass collects all the variables that will be actually used in the code, 
2nd pass generates the code). Is the issue critical for you?

Martin
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Patch to AMQP dissector

2007-03-27 Thread Martin Sustrik 

Hi Ronnie,

here's a patch to AMQP dissector. The only change is that when there are 
seceral AMQP frames in single TCP packet, all of them are referred in 
the info column.


Can you check it in?

Thanks.
Martin


wireshark.amqp.r21226.diff.gz
Description: GNU Zip compressed data
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] AMQP dissector - alpha version

2007-03-21 Thread Martin Sustrik 
Hi,

GPL is ok. The only concern is that I don't like an idea of publishing 
the thing to the public before I have it reviewed by people from AMQP 
working group. Something like: send them so/dll, collect the comments, 
incorporate them into the product, submit it to Wireshark.

If that's not possible, we'll have to submit it to wireshark first and 
ask for comments later.

Thanks.
Martin

Jaap Keuter wrote:
> Hi,
> 
> I don't understand. Do you want to share the object/DLL, or the complete
> WS source code, or create a patch? Or are you worried about distribution
> in the GPL sense?
> 
> Thanx,
> Jaap
> 
> On Thu, 22 Mar 2007, Martin Sustrik wrote:
> 
>> Hi,
>>
>> The question I've actually wanted to ask was: "Is there a way
>> to distribute plugin dissectors separately from the Wireshark codebase?"
>> The idea being that we review the plugin internally in AMQP working
>> group before submitting it to you.
>>
>> Thanks.
>> Martin
>>
>> ronnie sahlberg wrote:
>>> For inclusion into mainline wireshark,
>>> please send the patch to the list for revies (unless it is very large
>>> in case a url is better)
>>>
>>> also please provide a few example captures that we can use to test the
>>> dissector with.
>>>
>>>
>>>
>>> On 3/21/07, Martin Sustrik <[EMAIL PROTECTED]> wrote:
>>>> Hi all,
>>>>
>>>> I've written dissector for AMQP protocol (www.amqp.org).
>>>>
>>>> It's in alpha version and I would like to distribute it among AMQP
>>>> working group members to get comments/suggestions.
>>>>
>>>> Do you think it is appropriate to incorporate alpha version into
>>>> Wireshark codebase?
>>>>
>>>> Or is there some other process already used in situations like this one?
>>>>
>>>> Thanks.
>>>> Martin
>>>> ___
>>>> Wireshark-dev mailing list
>>>> Wireshark-dev@wireshark.org
>>>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>>>
>>> ___
>>> Wireshark-dev mailing list
>>> Wireshark-dev@wireshark.org
>>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>> ___
>> Wireshark-dev mailing list
>> Wireshark-dev@wireshark.org
>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>
>>
> 
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] AMQP dissector - alpha version

2007-03-21 Thread Martin Sustrik 
Hi,

The question I've actually wanted to ask was: "Is there a way
to distribute plugin dissectors separately from the Wireshark codebase?" 
The idea being that we review the plugin internally in AMQP working 
group before submitting it to you.

Thanks.
Martin

ronnie sahlberg wrote:
> For inclusion into mainline wireshark,
> please send the patch to the list for revies (unless it is very large
> in case a url is better)
> 
> also please provide a few example captures that we can use to test the
> dissector with.
> 
> 
> 
> On 3/21/07, Martin Sustrik <[EMAIL PROTECTED]> wrote:
>> Hi all,
>>
>> I've written dissector for AMQP protocol (www.amqp.org).
>>
>> It's in alpha version and I would like to distribute it among AMQP
>> working group members to get comments/suggestions.
>>
>> Do you think it is appropriate to incorporate alpha version into
>> Wireshark codebase?
>>
>> Or is there some other process already used in situations like this one?
>>
>> Thanks.
>> Martin
>> ___
>> Wireshark-dev mailing list
>> Wireshark-dev@wireshark.org
>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] AMQP dissector - alpha version

2007-03-21 Thread Martin Sustrik 
Hi all,

I've written dissector for AMQP protocol (www.amqp.org).

It's in alpha version and I would like to distribute it among AMQP 
working group members to get comments/suggestions.

Do you think it is appropriate to incorporate alpha version into 
Wireshark codebase?

Or is there some other process already used in situations like this one?

Thanks.
Martin
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev