Re: [Wireshark-dev] Enable extcap by default or not
Hi Roland, For the BACnet mstpcap (RS485 serial packetizer, third party, open source), the users currently just drag-n-drop the mstpcap.exe file into the extcap folder, and it starts working as it should when Wireshark is launched. It only adds interfaces if the PC has serial ports detected/connected. Having it enabled by default avoids the hassle and support emails since it "just works", so that is what I prefer. Best Regards, Steve On Fri, Sep 9, 2016 at 12:42 AM, Roland Knallwrote: > Hello List > > There is currently a discussion going on in https://code.wireshark.org/ > review/#/c/17498 in regard to enabling extcap features by default or not. > > There are basically two sides to the argument: > > Cons - extcap interfaces are advanced features, which will not be used by > a majority of users. As more and more of those interfaces emerge, it > clutters up the list. Therefore disabling them by default and enabling them > when needed is ok. > > Pros - There are users out there, who use Wireshark solely together with > extcap interfaces. Lots of those users are not very familiar with Wireshark > in general. extcap was intended to bring capture device support to > Wireshark where otherwise it would not be present or very complicated to do > so. For those users to enable the support before using it seems like an > unnecessary hassle. > > I just wanted to get the meaning of the list, on how we should proceed > here, and if three are other arguments for or against enabling extcap by > default. > > To clarify, I am a Pro guy as I fear 3rd party users will not understand > this and this will lead to support cases which will generate the opinion > "Wireshark is overly complicated, let's use something else". > > regards > Roland > > > ___ > Sent via:Wireshark-dev mailing list > Archives:https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject= > unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Lightweight markup for release notes
I've been using Markdown for a lot of my recent documentation, since it is one of the plain-text markups understood by doxygen and also displayed on GitHub: https://help.github.com/articles/github-flavored-markdown Steve On Mon, Mar 4, 2013 at 4:33 PM, Jaap Keuter jaap.keu...@xs4all.nl wrote: On 03/04/2013 08:45 PM, Gerald Combs wrote: Would anyone object to using a lighter-weight markup language for the release notes such as Markdown or reStructuredText? I myself have been looking into AsciiDoc, for use with the Users and Developers Guide. It seems to me that the two projects you mentioned are a bit stale? AsciiDoc seems more capable of being used throughout as Wireshark's documentation format, maybe. Thanks, Jaap ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] RFD: Creating subdirectories in epan/dissectors/
Hello Joerg, [snip] What I'd like to do is put these dissectors that belong *to a single protocol* into a subdirectory of that name, i.e. move them to [snip] xmpp/packet-other.c xmpp/packet-other.h xmpp/packet-utils.c xmpp/packet-utils.h These kind of file names could be in every protocol... What do you think? Based on experience with another open source C project where I did segregate files into sub-folders and tried to simplify the file names by utilizing sub-directories, you will likely have file naming conflicts between protocols if you remove the protocol name from the file. C file names must be unique in the build (for most compilers and linkers that I have used). Best Regards, Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] real time capture with a different application
Hello Vijay, Im trying to do a live capture of 802.15.4 tinyos traffic using wireshark/tshark. I use another application which captures the traffic and writes to a file. Sounds interesting. I used a pipe to display the traffic on tshark. It did display the traffic but stopped after displaying the capture file. Now, I will write new captures as it comes, So is there an option to tell tshark/wireshark to listen on the pipe continuously and display the capture as it gets written to the pipe? I wrote a serial packet conversion utility that uses pipes and saves to a pcap file concurrently. Wireshark listens continuously. It was written in C and is ported to Linux and Windows: https://bacnet.svn.sourceforge.net/svnroot/bacnet/trunk/bacnet-stack/demo/mstpcap/main.c In my first try, I was saving 65535 packets at a time to the file, and that would cause the pipe to Wireshark to stop since I rewrote the header to the pipe. But I changed it to only rewrite the header to the file and not rewrite the header to the pipe, and that allowed the packets to go to the pipe and Wireshark continuously. Good luck! Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 38106: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-bacapp.c
Hi Guy and Chris, Assuming the reporter of bug 5769 is correct and the Info column displays the values of the low and high limits correctly, then the protocol is ENC_BIG_ENDIAN. All of the fields affected by r38106 are either FT_UINT8's or FT_BOOLEAN's spanning 1 byte, so endian-ness really doesn't matter, but if someone does the old copy-and-paste thing later on, [s]he might incorrectly copy an ENC_LITTLE_ENDIAN when it should be ENC_BIG_ENDIAN. I have access to the BACnet standard, and need to update the dissector to expand some enumerations and value strings soon (the standard keeps expanding, for some reason). Most likely the conversions are Big Endian as most encodings in BACnet are network byte order, and most likely the cause of TRUE in the fields is from copy-paste (I'm sure I'm guilty of that). I'll review the changes and submit a patch if it is needed. Is there any other cleanup in the BACnet dissector that needs attention? Best Regards, Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 36639: /trunk/epan/wslua/ /trunk/epan/wslua/: wslua_proto.c
You could now add Guy to the Wikipedia article (under Variations by others): http://en.wikipedia.org/wiki/Rose_is_a_rose_is_a_rose_is_a_rose (and it took me awhile to figure out the reference) Steve On Thu, Apr 14, 2011 at 8:45 AM, Graham Bloice graham.blo...@trihedral.com wrote: On 14/04/2011 14:39, Maynard, Chris wrote: -Original Message- http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=36639 User: guy Date: 2011/04/13 11:28 PM Log: Zero is zero is zero, as Gertrude Stein didn't say. So besides being incredibly smart, you are also a very funny guy, guy. :) Guy's little nuggets have to be watched for carefully, savoured and treasured. -- Regards, Graham Bloice ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ett
Hello Andreas, What stands 'ett' for? I found it as subtree array index, but can it somehow proniounced? Is it an abbreviation? Gerald posted last year about ett on this list: Gerald I _think_ it originally stood for Ethereal tree type. The first implementation used a set of #defines in packet.h, like so from revision 2: /* Tree types. Each dissect_* routine should have one for each add_subtree() call. */ #define ETT_IEEE8023 0 #define ETT_ETHER21 #define ETT_LLC 2 #define ETT_TOKEN_RING3 [ ... ] I think expansion tree type is a much better definition. /Gerald Best Regards, Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Fwd: rs485
Hello Agustin, I think it´s not possible to capture live data from rs485 using wireshark directly but if anyone have worked in it I'll be grateful for any help. I have been using the Wireshark pipe method to capture RS-485 traffic[1] - but it would be nicer if there was a generic IP method for incoming packets (i.e. sending the packets remotely over IP to the Ethernet interface from the capture utility). I have also used SNAP to send packets[2], but it doesn't work without root access (on Linux). Best Regards, Steve [1] https://bacnet.svn.sourceforge.net/svnroot/bacnet/trunk/bacnet-stack/demo/mstpcap/main.c [2] https://bacnet.svn.sourceforge.net/svnroot/bacnet/trunk/bacnet-stack/ports/linux/mstpsnap.c -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Feeding data to Wireshark in real time
Hello Kahou, Does that mean the file header of the pcap file is incorrect? The pcap file can be displayed on wireshark if I load it manually tho. There is a complete example of using a named pipe in C along with the pcap header and packet data at: https://bacnet.svn.sourceforge.net/svnroot/bacnet/trunk/bacnet-stack/demo/mstpcap/main.c Best Regards, Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Abillity to sniff serial line with wireshark?
Hello J.Büsch, Is there any chance to let wireshark open a specific serial port and sniff whatever comes on that link? You can use a named pipe for sniffing serial, but you need to packetize the serial data first. Here is the Wiki page about pipes: http://wiki.wireshark.org/CaptureSetup/Pipes I wrote a command line utility in C to packetize BACnet MS/TP serial data, save in pcap format to a file, and forward to a named pipe on Linux or Windows: https://bacnet.svn.sourceforge.net/svnroot/bacnet/trunk/bacnet-stack/demo/mstpcap/main.c Best Regards, Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] RADIUS dissector changes
Hello Armen, I wanted to get some tips on the best quick and dirty dev environment to setup to get this to a tested patch stage. See the following URL from the Developer Guide http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html - Development Environment - Compiler (no idea gcc?) Microsoft Visual C++ 2008 Express Edition - SVN client (thinking tortoiseSVN) Yes. - Diff tool (WinMerge looks appropriate as it has patch/diff file creation available) Yes. (and integrates into TortoiseSVN Good luck! Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Wireshark and Windows 7
FYI A colleague of mine downloaded wireshark-win32-1.2.2.exe yesterday from Wireshark.org, and the Winpcap installer did not work in Windows 7. He checked on Winpcap's website and the new version of the installer worked fine, and that solved his problem. Best Regards, Steve -- http://steve.kargs.net/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] [PATCH] BACnet Network Layer decoding fixes
Hello Developers, For the BACnet dissector: 1. Moved all the network layer message type decodings under the network layer control bit check to prevent malformed packets. 2. Added the decoding of the optional network number for the Who-Is-Router-To-Network message type. 3. Added the decoding for the Establish-Connection-To-Network and Disconnect-Connection-To-Network network layer messages. 4. Corrected Initialize-Routing-Table and Initialize-Routing-Table-Ack decoding. 5. Added Network layer info under Column Info. I validated the results using a capture generated by VTS3, a BACnet test tool from http://vts.SourceForge.net. I also fuzz tested with my captures. Best Regards, Steve packet-bacnet.patch.gz Description: GNU Zip compressed data ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] [PATCH] BACnet Network Layer decoding fixes
Hi Richard, Please can you attach the patch to a bug as detailed in the developers' guide - http://www.wireshark.org/docs/wsdg_html/#ChSrcSend - such that it doesn't get lost? Sure! See http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1760 Sorry about that. Infrequent Wireshark contributors/maintainers like me don't always keep up with the latest developer process rules. Best Regards, Steve -- http://steve.kargs.net/ ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] [PATCH] BACnet bacapp fixes for bug 1670
Hello Developers, Attached is a patch that fixes bug 1670 and related issues. For the BACnet GetEventInformation-ACK request dissector: 1. Corrected BitString decoding for acknowledgedTransitions and eventEnable. 2. Corrected the ability to decode more than one event. 3. Grouped each item of the sequence using subtrees. Added more informative text to Priority and Timestamp. 4. Corrected eventState to use BACnetEventState enumeration instead of BACnetEventStateFilter. I validated the results with the capture attached to the bug report. I also fuzz tested for awhile with my captures with no failures. Best Regards, Steve -- http://steve.kargs.net/ packet-bacapp.patch.gz Description: GNU Zip compressed data ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Introduction and first questions/suggestions
Hi Simon, I help maintain the BACnet (bacnet, bacapp, bvlc) dissectors in WireShark. Sorry I didn't see your post sooner - I normally just scan the subject lines for BACnet or BACapp or BVLC. Either under Chapter GUI or Dissection: When a protocol is used on another port than Wireshark expects it to be (such as BACnet on UDP port 48560) the context sensitive menu Item Decode as... is GREAT, but finding what I need is not so great since only an abreviation (in above example BVLC) can be selected without any way of help. I suggest a tooltip when hovering over a selected protocol item with the same content as in help -- Supported Protocols (in above example BVLC: BACnet Virtual Link Control). Do you have a capture for this? If so, I can look at what is required for WireShark to analyze BACnet/IP on a UDP/IP port other than 47808. Dissector specific Item 19. What's the reason, the APDU part of BACnet/IP is not dissected? Is it just the workload (for which a solution can be found) or there a technical reason such as variable length, the BACnet specific solution of segmenting or other? The APDU portion is dissected and mostly complete since Ethereal 0.10.11. I will update the wishlist: http://wiki.wireshark.org/WishList Best Regards, Steve ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] [PATCH] BACnet bacapp additions
Hi Developers, I added some text for enumerations that were added with addenda recently approved for the BACnet standard. I compiled the changes using Linux/GCC. The patch is a diff made using svn diff. Best Regards, Steve bacapp.patch.gz Description: GNU Zip compressed data ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] [PATCH] BACnet bacapp additions
Hi Sebastien, Can you share a pcap trace of BACnet? There is a directory of unorganized BACnet captures in a directory on my website: http://kargs.net/captures/ You can use them for whatever you want. Arbitrary BACnet traces can also be generated using the BACnet VTS tool (vts.sourceforge.net) or by using BACnet stack demo applications (bacnet.sourceforge.net), or commercial tools from Polarsoft, Cimetrics, or SCADA Engine. Best Regards, Steve ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] [PATCH] BACnet bacapp signed value and priority
Hello Developers! I made a small change in packet-bacapp.c to fix the following: 1. Corrected Signed value decoding for a one octet value. 2. Corrected Priority values to decode as Unsigned values. Best Regards, Steve packet-bacapp.c.patch.gz Description: application/gzip ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev