Re: [Wireshark-dev] Display Filter Folders - a question to vote

[Ross Jacobs]

Hi Roland,

Personally, I would avoid this usage here as I read `&&` as "find the
packets where both of these display filters are valid".

(If I'm reading you correctly) would it be possible to use  `.` like
`Proto.HTTP` to mimic the expectation in display filters that right is a
component of left? I think // or any other unused operator is also
preferable.

Cheers,
Ross

On Tue, Apr 21, 2020 at 12:08 PM Roland Knall  wrote:

> Hi
>
> We have a new feature in Wireshark, where you can sort display filters
> into subfolders. See
> https://twitter.com/bubbasnmp/status/1252627399201742848 for an example
> use case.
>
> The current implementation requires the name of the folder to be part of
> the filter name, so in the case of the picture it would read "Proto &&
> HTTP" or "Proto && TCP", to create a folder "Proto" with the children
> "HTTP" and "TCP".
>
> Now the question is, if && is the correct delimiter. What do you think?
> Would // for instance make more sense?
>
> Please let me know
>
> cheers, Roland
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Extcap binaries on OSX

[Ross Jacobs]

It's 'darwin'

$ python
Python 3.7.2 (v3.7.2:9a3ffc0492, Dec 24 2018, 02:44:43)
[Clang 6.0 (clang-600.0.57)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys; sys.platform
'darwin'

Same on Python2.7.

On Fri, Dec 20, 2019 at 3:17 AM Dario Lombardo  wrote:

> Ok, thanks. And what does the python command "sys.platform" return?
>
> On Fri, Dec 20, 2019 at 11:46 AM Roland Knall  wrote:
>
>> run/Wireshark.app/Contents/MacOS/extcap
>>
>> cheers
>> Roland
>>
>> Am Fr., 20. Dez. 2019 um 10:31 Uhr schrieb Dario Lombardo <
>> lom...@gmail.com>:
>>
>>> Hi,
>>> I'm trying to debug some CI jobs on OSX but I don't have a OSX machine.
>>> I'm trying to find where the extcap binaries are put on OSX using cmake.
>>>
>>> Linux: run\extcap
>>> Windows: run\RelWithDebInfo\extcap
>>> OSX: ?
>>>
>>> Any help?
>>> Thanks.
>>> Dario.
>>>
>>> --
>>>
>>> Naima is online.
>>>
>>>
>>> ___
>>> Sent via:Wireshark-dev mailing list 
>>> Archives:https://www.wireshark.org/lists/wireshark-dev
>>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>>  mailto:wireshark-dev-requ...@wireshark.org
>>> ?subject=unsubscribe
>>
>>
>> ___
>> Sent via:Wireshark-dev mailing list 
>> Archives:https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>  mailto:wireshark-dev-requ...@wireshark.org
>> ?subject=unsubscribe
>
>
>
> --
>
> Naima is online.
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Two typos is wireshark manual

[Ross Jacobs]

Hi Nan,

Thanks for reaching out to the dev mailing list! Typos in documentation are
bugs. Please submit them as such on Wireshark's bugzilla
.
The category should be `main site - www.wireshark.org` as that is where the
documentation is.


Cheers,
Ross

On Mon, Oct 7, 2019 at 11:45 AM Nan Xiao  wrote:

> Hi Wireshark manual authors,
>
> Greeting from me!
>
> While reading Wireshark manual, I find maybe two typos:
>
> (1) Section 1.1
> (
> https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs
> ):
> > A network packet analyzer will try to capture network packets and tries
> to display that packet data as detailed as possible.
>
> Maybe following statement is better:
> > A network packet analyzer will try to capture network packets and
> display that packet data as detailed as possible.
>
> (2) Section 3.15
> (
> https://www.wireshark.org/docs/wsug_html_chunked/ChUseMainToolbarSection.html
> ):
>
> > The main toolbar provides provides quick access 
>
> There is a duplicated "provides".
>
>
> Best Regards
> Nan Xiao
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Calculating CRC5 of 11-bit data

[Ross Jacobs]

Hi Tomasz,

My vote is for table lookup along a one-byte boundary as all of the
existing CRC checkers in /wsutil currently use one. Notice how in our CRC16
and CRC32 implementations, we bitshift by 8 and 24 respectively. It should
be possible to compute any CRC along a one-byte boundary. This article
 goes
over how to implement non-CRC8 algorithms to do just that with a table
lookup.

PyCRC  was used to generate Wireshark's CRC6, CRC7, and
CRC11 algorithms. You may want to take a look at it and see if it can help
here. In this case, width=5 and poly=0x05 (assuming CRC5/USB found here
).

Cheers,
Ross

On Fri, Jul 19, 2019 at 9:28 AM Tomasz Moń  wrote:

> Hello,
>
> I am currently working on USB Link Layer dissector. It is supposed to
> be used with OpenVizsla FPGA-based USB hardware sniffer. USB Packets
> feature two CRC types: CRC-5/USB and CRC-16/USB.
>
> The CRC-16/USB is pretty straightforward. I have implemented it in [1]
> and it works fine with my captures.
>
> The CRC-5/USB is not so straightforward as it does not operate on the
> byte boundary. The CRC-5/USB is calculated on 11 bits of data. I think
> there are two possible approaches to check the CRC-5/USB in Wireshark:
> 1. Compute the CRC5 bitwise on the 11 bits of data, or
> 2. Compute the CRC5 with table-based algorithm on 2 bytes (11 bits
> data + 5 bits CRC) and relying on the CRC properties expect fixed
> output.
>
> Which approach would be preferred?
>
> Best Regards,
> Tomasz Moń
>
> [1] https://code.wireshark.org/review/#/c/34016/
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted

[Ross Jacobs]

My $0.02:

>  this could lead companies... to deny the use of the program, due to
wrongly identifying Wireshark as a hacking tool.

Wireshark is already a "hacker tool" de facto, regardless of the fact that
it performs passive network analysis. The first two results for "hacker
tools" on Google list Wireshark as a key tool. If we are worried about
password extraction, this is already possible with Wireshark for plaintext
FTP passwords. I do not think that individuals making this decision will
change their mind based on this feature alone.

So far, no individuals have come forward stating that this will negatively
affect them (i.e. if you one of these people, please speak up!)

On Sat, Jun 15, 2019 at 9:57 AM Tomasz Moń  wrote:

> On Fri, Jun 14, 2019 at 10:27 PM Roland Knall  wrote:
> > There is a patch currently waiting for inclusion. It would allow for
> dissectors to easily make credentials (username/password) available and
> present them in a tool window in Wireshark.
>
> I understand that you mean, that it'd be easy to present the
> credentials if the dissector is able to extract/derive the password.
> If the protocol is cryptographically secure, then without keys, the
> change in question won't have any impact, right?
>
> In other words, it is not about integrating some password cracking
> mechanism but rather API to simply present the decoded information?
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Git hooks

[Ross Jacobs]

Hi Dario,

You should take a look at pre-commit , which is
another way to enforce code quality. To run the tools in the tools folder,
you would add a script hook in a `.pre-commit-config.yaml`.
To initialize your repo with hooks, you would use `pre-commit install`.

It's also possible to use server checks on push, which gitlab is capable of
(to what extent is that already being done?).

Cheers,
Ross

On Mon, May 20, 2019 at 9:37 AM Dario Lombardo  wrote:

> Hi list
> In the current development process we're trying to enforce the
> contribution quality by providing git hooks that help the developer to push
> better changes.
> Those hooks are provided in the 'tools' directory. According to the
> developer instructions they must be copied to .git/hooks to be used by git.
> They're a copy, then they're not updated with git while their "original"
> is. This can be improved under unix by creating a hard link. Unfortunately
> there is no way to fully automate this process, but I think there is room
> for improvement.
>
> We could create a new directory under the tree called like 'git-hooks',
> and put all the git hooks we want under that. Then we change the developer
> instructions to use the command 'git config core.hooksPath git-hooks'. This
> approach would have many advantages:
> 1) it's the only way the wsdg tells to use
> 2) makes the hooks versioned
> 3) works on unix and on windows (although I haven't tried the hooks on
> windows)
>
> What about this approach? Any drawbacks I can't see?
> Dario.
>
> --
>
> Naima is online.
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Release lifetime and version number changes?

[Ross Jacobs]

@Jaap Every build is released to the public like 3.5, 3.6, 3.7, etc.
Current stable is 3.7 and development version is 3.8. Based on the docs (
https://docs.python.org/3.8/), the dev branch is alpha stage as it version
3.8.0a3. Once it becomes stable, 3.9 will become the developing version.

On Fri, Apr 19, 2019 at 10:19 PM Jaap Keuter  wrote:

> Does Python release *every* build to the general public, as Wireshark
> does? If so, how are these identified? I could only find specific defined
> releases, starting from Alpha so-and-so.
>
> On 12 Apr 2019, at 12:51, Ross Jacobs  wrote:
>
> I agree that even/odd is non-standard and confusing.
>
>
> > I’m not sure. How would we label the development branch? It’s currently
> 3.1.0 or is it 3.1.0rc0? (Version 3.1.0 (v3.1.0rc0-521-gdba02458)) would
> people understand?
>
> > But I’m ok  either way.
>
> I think the Python developer guide <https://devguide.python.org/devcycle/> 
> does
> this well:
>
>
> 3.1.0TN :
> * T = [a, b, rc] (alpha, beta, release candidate)
> * N = release number
>
> When development would be released, remove TN for release and increment
> the MINOR for development branch.
>
> Cheers,
> Ross
>
> On Fri, Apr 12, 2019 at 8:30 AM Anders Broman 
> wrote:
>
>>
>>
>>
>>
>> *From:* Wireshark-dev  *On Behalf
>> Of *graham.shanks via Wireshark-dev
>> *Sent:* den 12 april 2019 09:04
>> *To:* Developer support list for Wireshark 
>> *Cc:* graham.shanks 
>> *Subject:* Re: [Wireshark-dev] Release lifetime and version number
>> changes?
>>
>>
>>
>> >I think dropping the even/odd scheme is a good  idea.
>>
>> I’m not sure. How would we label the development branch? It’s currently
>> 3.1.0 or is it 3.1.0rc0? (Version 3.1.0 (v3.1.0rc0-521-gdba02458)) would
>> people understand?
>>
>> But I’m ok  either way.
>>
>>
>>
>> >Personally I'd go down to 2 active branches but then my group wouldn't
>> be adversely affected by  dropping the "old old stable" version since we
>> invariably use the stable version. More weight should be given to the
>> opinions of people who do >use old stable versions. I would point out
>> that the proposed change gives no firm guarantee on the supported lifetime
>> of a branch at all. Could it be as short as two months? Potentially,
>> since there would be nothing to stop us releasing a branch >a month
>> (unlikely,  but from the user's perspective they would have no control over
>> that)
>>
>>
>>
>> For me 2 active branches sounds good. We use the development branch any
>> way with our own ID marking.
>>
>> Regards
>>
>> Anders
>>
>>
>>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] CMake Error [CMAKE_MAKE_PROGRAM is not set] while building wireshark from source

[Ross Jacobs]

Looks like you need to install make
 as well as ninja.
Please verify that both `ninja --version` and `make --version` have valid
responses.

Ross

On Thu, Apr 18, 2019 at 12:16 PM Abhisek Techie 
wrote:

> Hi ,
>
> I am trying to build wireshark from source in *Ubuntu 18.04.2 LTS* and
> getting Cmake error  . I am following the instructions from the  link
> https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBuildFirstTime.html#_building_on_unix
>
> 1.Error details -I am getting the below error when I am issuing  cmake
> command
>
> uws@ubuntu:~/wireshark-ninja$ cmake -G Ninja ../wireshark
> *CMake Error: CMake was unable to find a build program corresponding to
> "Ninja".  CMAKE_MAKE_PROGRAM is not set.  You probably need to select a
> different build tool.*
> CMake Error: CMAKE_C_COMPILER not set, after EnableLanguage
> CMake Error: CMAKE_CXX_COMPILER not set, after EnableLanguage
> -- Configuring incomplete, errors occurred!
> See also "/home/uws/wireshark-ninja/CMakeFiles/CMakeOutput.log".
>
>
> 2.*CMakeOutput.log* has just the below line- .
>
> The system is: Linux - 4.18.0-17-generic - x86_64
>
> 3.Below are the contents of  *CMakeCache.txt *for your reference
>
> # This is the CMakeCache file.
> # For build in directory: /home/uws/wireshark-ninja
> # It was generated by CMake: /usr/bin/cmake
> # You can edit this file to change values found and used by cmake.
> # If you do not want to change any of the values, simply exit the editor.
> # If you do want to change a value, simply edit, save, and exit the editor.
> # The syntax for the file is as follows:
> # KEY:TYPE=VALUE
> # KEY is the name of a variable in the cache.
> # TYPE is a hint to GUIs for the type of VALUE, DO NOT EDIT TYPE!.
> # VALUE is the current value for the KEY.
>
> 
> # EXTERNAL cache entries
> 
>
> //Program used to build from build.ninja files.
> *CMAKE_MAKE_PROGRAM:FILEPATH=CMAKE_MAKE_PROGRAM-NOTFOUND*
>
> //Value Computed by CMake
> CMAKE_PROJECT_NAME:STATIC=wireshark
>
> //Value Computed by CMake
> wireshark_BINARY_DIR:STATIC=/home/uws/wireshark-ninja
>
> //Value Computed by CMake
> wireshark_SOURCE_DIR:STATIC=/home/uws/wireshark
>
>
> 
> # INTERNAL cache entries
> 
>
> //This is the directory where this CMakeCache.txt was created
> CMAKE_CACHEFILE_DIR:INTERNAL=/home/uws/wireshark-ninja
> //Major version of cmake used to create the current loaded cache
> CMAKE_CACHE_MAJOR_VERSION:INTERNAL=3
> //Minor version of cmake used to create the current loaded cache
> CMAKE_CACHE_MINOR_VERSION:INTERNAL=10
> //Patch version of cmake used to create the current loaded cache
> CMAKE_CACHE_PATCH_VERSION:INTERNAL=2
> //Path to CMake executable.
> CMAKE_COMMAND:INTERNAL=/usr/bin/cmake
> //Path to cpack program executable.
> CMAKE_CPACK_COMMAND:INTERNAL=/usr/bin/cpack
> //Path to ctest program executable.
> CMAKE_CTEST_COMMAND:INTERNAL=/usr/bin/ctest
> //Name of external makefile project generator.
> CMAKE_EXTRA_GENERATOR:INTERNAL=
> //Name of generator.
> CMAKE_GENERATOR:INTERNAL=Ninja
> //Name of generator platform.
> CMAKE_GENERATOR_PLATFORM:INTERNAL=
> //Name of generator toolset.
> CMAKE_GENERATOR_TOOLSET:INTERNAL=
> //Source directory with the top level CMakeLists.txt file for this
> // project
> CMAKE_HOME_DIRECTORY:INTERNAL=/home/uws/wireshark
> //ADVANCED property for variable: CMAKE_MAKE_PROGRAM
> CMAKE_MAKE_PROGRAM-ADVANCED:INTERNAL=1
> //number of local generators
> CMAKE_NUMBER_OF_MAKEFILES:INTERNAL=1
> //Platform information initialized
> CMAKE_PLATFORM_INFO_INITIALIZED:INTERNAL=1
> //Path to CMake installation.
> CMAKE_ROOT:INTERNAL=/usr/share/cmake-3.10
> //uname command
> CMAKE_UNAME:INTERNAL=/bin/uname
>
>
>
>
> Please suggest if I am missing something or what value should i set for
> CMAKE_MAKE_PROGRAM
>
> Regards,
> Abhisek
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Release lifetime and version number changes?

[Ross Jacobs]

I agree that even/odd is non-standard and confusing.


> I’m not sure. How would we label the development branch? It’s currently
3.1.0 or is it 3.1.0rc0? (Version 3.1.0 (v3.1.0rc0-521-gdba02458)) would
people understand?

> But I’m ok  either way.

I think the Python developer guide  does
this well:


3.1.0TN :
* T = [a, b, rc] (alpha, beta, release candidate)
* N = release number

When development would be released, remove TN for release and increment the
MINOR for development branch.

Cheers,
Ross

On Fri, Apr 12, 2019 at 8:30 AM Anders Broman 
wrote:

>
>
>
>
> *From:* Wireshark-dev  *On Behalf Of
> *graham.shanks via Wireshark-dev
> *Sent:* den 12 april 2019 09:04
> *To:* Developer support list for Wireshark 
> *Cc:* graham.shanks 
> *Subject:* Re: [Wireshark-dev] Release lifetime and version number
> changes?
>
>
>
> >I think dropping the even/odd scheme is a good  idea.
>
> I’m not sure. How would we label the development branch? It’s currently
> 3.1.0 or is it 3.1.0rc0? (Version 3.1.0 (v3.1.0rc0-521-gdba02458)) would
> people understand?
>
> But I’m ok  either way.
>
>
>
> >Personally I'd go down to 2 active branches but then my group wouldn't be
> adversely affected by  dropping the "old old stable" version since we
> invariably use the stable version. More weight should be given to the
> opinions of people who do >use old stable versions. I would point out
> that the proposed change gives no firm guarantee on the supported lifetime
> of a branch at all. Could it be as short as two months? Potentially,
> since there would be nothing to stop us releasing a branch >a month
> (unlikely,  but from the user's perspective they would have no control over
> that)
>
>
>
> For me 2 active branches sounds good. We use the development branch any
> way with our own ID marking.
>
> Regards
>
> Anders
>
>
>
>
>
> Sent from Samsung tablet.
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wireless Timeline?

[Ross Jacobs]

Better yet, post a link to the capture (google drive/dropbox) so it can be
evaluated.

On Wed, Apr 3, 2019 at 11:11 PM Simon Barber via Wireshark-dev <
wireshark-dev@wireshark.org> wrote:

> The timeline will not show up unless hardware timestamps are present for
> *all* frames in the capture, and there are no large negative jumps in time.
> Where does the capture file you are using come from?
>
> Simon
>
> On Wed, Apr 3, 2019 at 1:17 PM Do m  wrote:
>
>> Greetings...
>>
>> I came across this:
>> https://meraki.cisco.com/blog/2019/02/wireshark-where-did-the-time-go/
>>
>> Running wireshark 3.0 on Win10... can't seem to get the wireless timeline
>> to show up.  Am I missing something obvious (apart from configuring the
>> dissector preferences to enable the experimental feature?)
>>
>> --
>> regards,
>> -doug
>>
>> ___
>> Sent via:Wireshark-dev mailing list 
>> Archives:https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>  mailto:wireshark-dev-requ...@wireshark.org
>> ?subject=unsubscribe
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Statistical Analysis of pcapng files

[Ross Jacobs]

Hi Paul,

It looks like there is a package called crafter
 to work with pcap files, which fits
with extracting/processing. If are you looking for something more you may
want to be more detailed in your use case.

Cheers,
Ross



On Wed, Apr 3, 2019 at 8:08 PM -0- -1-  wrote:

> I am a statistician and would like to extract and process Wireshark
> capture files with R Statistical language.  Before I reinvent yet another
> wheel, is anyone aware of code or apps that already do this?
>
> Thanks,
> Paul
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] extcap tools

[Ross Jacobs]

Hi All,

I am confused by differences in extcap between the CLI and the GUI. By
default (in 3.0.0 on both Windows, Macos), extcap tools are presented as
interfaces on the capture page.
[image: Screen Shot 2019-03-23 at 8.11.37 PM.png]

*Questions*
1. In the Wireshark GUI, if you go to About > Plugins, you can see the
extcap directories. Is it possible to get the extcap directory using a CLI
command like tshark, dumpcap, etc.?
2. Why does dumpcap -D not show the same interfaces that the GUI does?

Cheers,
Ross
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe