Re: [Wireshark-dev] query regarding tables in wireshark

2014-03-03 Thread Guy Harris 

On Mar 2, 2014, at 10:31 PM, Rahul Rohit  wrote:

> What is the naming convention for this tables ??

If the field is specific to a protocol, the name begins with the protocol's 
"filter name", and is followed by a ".".  If it corresponds to a named field in 
the protocol, its name is the name of the field.

(Not all fields are specific to a protocol; for example, there's a dissector 
table for Ethernet types, but those are used in a *lot* of protocols, so it's 
just called "ethertype", not "eth.type".)

> can we define a table with name sctp.x.y.z ??

Yes.

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding tables in wireshark

2014-03-02 Thread Rahul Rohit 
Hi,
What is the naming convention for this tables ?? can we define a table with 
name sctp.x.y.z ??

Regards
Rahul Rohit

-Original Message-
From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Guy Harris
Sent: Monday, March 03, 2014 11:56 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] query regarding tables in wireshark


On Mar 2, 2014, at 9:58 PM, Rahul Rohit  wrote:

> can we define tables on our own

Only if you modify the source code.

> or should we always use pre-defined tables e.g. In sctp we have sctp.port and 
> sctp.ppi tables , are we bound to  use these 2 tables only for sctp or we may 
> also create our own table for sctp ??

You can do so only if you modify the SCTP dissector source code and recompile 
Wireshark.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe




===
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding tables in wireshark

2014-03-02 Thread Guy Harris 

On Mar 2, 2014, at 9:58 PM, Rahul Rohit  wrote:

> can we define tables on our own

Only if you modify the source code.

> or should we always use pre-defined tables e.g. In sctp we have sctp.port and 
> sctp.ppi tables , are we bound to  use these 2 tables only for sctp or we may 
> also create our own table for sctp ??

You can do so only if you modify the SCTP dissector source code and recompile 
Wireshark.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] query regarding tables in wireshark

2014-03-02 Thread Rahul Rohit 
Hi,
can we define tables on our own or should we always use pre-defined tables e.g. 
In sctp we have sctp.port and sctp.ppi tables , are we bound to  use these 2 
tables
only for sctp or we may also create our own table for sctp ??

regards
Rahul Rohit




===
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query related to dissect_xxx function

2014-02-24 Thread Evan Huus 
On Mon, Feb 24, 2014 at 5:07 AM, Guy Harris  wrote:
>
> On Feb 24, 2014, at 1:02 AM, Rahul Rohit  wrote:
>
>> I understand the point but just for the sake of curiosity I would like to 
>> know how the value of tree were to be decided i.e. when the value of tree 
>> would be 0 and when will it contain some valid address ??
>
> It will be NULL if the dissection being done at the time doesn't need to 
> build a protocol tree and it will be non-null if the dissection being done at 
> the time doesn't.
>
> The conditions under which a protocol tree needs to be built vary, and are 
> subject to change from release to release of Wireshark.
>
>> Is this true that when the user clicks a packet in the packet-pane of the 
>> Wireshark GUI then automatically tree was
>> Given some value ??
>
> That's one situation where a protocol tree will probably always need to be 
> built (we probably wouldn't gain much performance by caching the protocol 
> tree for every packet that's been selected, and we'd spend a lot of memory 
> building a protocol tree for every single packet and saving it in memory).

We would gain a lot of performance when filtering large files, but
memory use would be through the roof.

See https://www.wireshark.org/lists/wireshark-dev/201310/msg00118.html

> That is not, however, the only situation in which a protocol tree will need 
> to be built.
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query related to dissect_xxx function

2014-02-24 Thread Guy Harris 

On Feb 24, 2014, at 1:02 AM, Rahul Rohit  wrote:

> I understand the point but just for the sake of curiosity I would like to 
> know how the value of tree were to be decided i.e. when the value of tree 
> would be 0 and when will it contain some valid address ??

It will be NULL if the dissection being done at the time doesn't need to build 
a protocol tree and it will be non-null if the dissection being done at the 
time doesn't.

The conditions under which a protocol tree needs to be built vary, and are 
subject to change from release to release of Wireshark.

> Is this true that when the user clicks a packet in the packet-pane of the 
> Wireshark GUI then automatically tree was
> Given some value ??

That's one situation where a protocol tree will probably always need to be 
built (we probably wouldn't gain much performance by caching the protocol tree 
for every packet that's been selected, and we'd spend a lot of memory building 
a protocol tree for every single packet and saving it in memory).

That is not, however, the only situation in which a protocol tree will need to 
be built.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query related to dissect_xxx function

2014-02-24 Thread Rahul Rohit 
Hi,

<< This check was necessary in older versions of Wireshark, but not with recent 
versions. The only purpose it serves now is optimization, so you can safely 
remove it. >>

I understand the point but just for the sake of curiosity I would like to know 
how the value of tree were to be decided i.e. when the value of tree would be 0 
and when will it contain some valid address ??

Is this true that when the user clicks a packet in the packet-pane of the 
Wireshark GUI then automatically tree was
Given some value ??

Regards
Rahul Rohit






===
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query related to dissect_xxx function

2014-02-23 Thread Evan Huus 
This check was necessary in older versions of Wireshark, but not with
recent versions. The only purpose it serves now is optimization, so
you can safely remove it.

On Sun, Feb 23, 2014 at 5:25 AM, Rahul Rohit  wrote:
> Hi,
>
>
>
> The moment we enter dissect_xxx(tvb,pinfo,tree)
>
> We put a check on the value of tree i.e.
>
>
>
> If(tree)
>
> {
>
>   /* code for actual dissection
>
> }
>
>
>
> What does this check signify ?? somewhere it is written that it defines
> whether the user is looking for a detailed dissection or not ,could any body
> please
>
> throw light on this concept ?? How does tree gets any value and when ??
>
>
>
> regards
>
> Rahul Rohit
>
>
>
>
>
>
>
> ===
> Please refer to http://www.aricent.com/legal/email_disclaimer.html
> for important disclosures regarding this electronic communication.
> ===
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] query related to dissect_xxx function

2014-02-23 Thread Rahul Rohit 
Hi,

The moment we enter dissect_xxx(tvb,pinfo,tree)
We put a check on the value of tree i.e.

If(tree)
{
  /* code for actual dissection
}

What does this check signify ?? somewhere it is written that it defines whether 
the user is looking for a detailed dissection or not ,could any body please
throw light on this concept ?? How does tree gets any value and when ??

regards
Rahul Rohit





===
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding register of protocol

2014-02-19 Thread Evan Huus 
On Wed, Feb 19, 2014 at 9:37 AM, Rahul Rohit  wrote:
> Hi,
>
> If I have two protocols A and B, is it possible to register the handle of
> protocol B in the protocol table of A and to register the handle of protocol
> A in the
>
> Protocol table of  B at the same time.

Absolutely. Just create the tables in the proto_register_NAME
functions, and register in them in the proto_reg_handoff_NAME
functions.

Evan
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] query regarding register of protocol

2014-02-19 Thread Rahul Rohit 
Hi,
If I have two protocols A and B, is it possible to register the handle of 
protocol B in the protocol table of A and to register the handle of protocol A 
in the
Protocol table of  B at the same time.

Regards
Rahul Rohit








===
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding handoff function

2014-02-17 Thread Guy Harris 

On Feb 17, 2014, at 12:45 AM, Anders Broman  wrote:

> On Feb 17, 2014, at 08:29 AM, Rahul Rohit wrote:
> 
>> If the handoff function includes all  those protocols to which the packets 
>> can be forwarded for dissection from the current protocol, why the handoff 
>> function for sctp does not contain the handle of >NBAP protocol( As 
>> depending on the port value the packets from sctp can be forwarded to NBAP 
>> protocols , why  NBAP handle is not  in sctp handoff function ) ??
>  
> Because that’s not the way it works J
>  
> proto_reg_handoff_sctp()
>  
> Is called so the SCTP dissector can do its own registrations.
>  
> In void proto_register_sctp(void)
>  
>  
> The SCTP dissector registers two dissector tables.
> sctp_port_dissector_table = register_dissector_table("sctp.port", "SCTP 
> port", FT_UINT16, BASE_DEC);
> sctp_ppi_dissector_table  = register_dissector_table("sctp.ppi",  "SCTP 
> payload protocol identifier", FT_UINT32, BASE_HEX);
>  
> Any dissector wanting to be called from the SCTP dissector needs to register 
> in those tables in its own handoff routine. 

I.e., if protocol X has a payload that could be protocol Y, or Z, or W, 
depending on some value known to protocol X, it is not the responsibility of 
the dissector for protocol X's to know about protocols Y, Z, and W, it's the 
responsibility of the dissectors for protocols Y, Z, and W to know about 
protocol X and the appropriate values.

Therefore, the SCTP dissector doesn't need to know about the protocols that run 
on top of it; those protocols need to know about the SCTP port and PPI fields 
and the values that their protocols use.

That way, when a dissector for a new protocol is added, you don't have to 
change the dissector for the protocols atop which that protocol runs, you only 
have to add the new dissector.  For example, if some protocol uses the Ethernet 
type 0xDEAD, you can add a dissector for that protocol without having to modify 
the "Ethertype" dissector; you just have that dissector register its handle in 
the "ethertype" dissector table, with the value 0xDEAD.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding handoff function

2014-02-17 Thread Anders Broman 


From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rahul Rohit
Sent: den 17 februari 2014 08:29
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] query regarding handoff function

>Hi,
>If the handoff function includes all  those protocols to which the packets can 
>be forwarded for dissection from the current protocol, why the handoff 
>function for sctp does not contain the handle of >NBAP protocol( As depending 
>on the port value the packets from sctp can be forwarded to NBAP protocols , 
>why  NBAP handle is not  in sctp handoff function ) ??

Because that's not the way it works :)

proto_reg_handoff_sctp()

Is called so the SCTP dissector can do its own registrations.

In void proto_register_sctp(void)


The SCTP dissector registers two dissector tables.
sctp_port_dissector_table = register_dissector_table("sctp.port", "SCTP port", 
FT_UINT16, BASE_DEC);
sctp_ppi_dissector_table  = register_dissector_table("sctp.ppi",  "SCTP payload 
protocol identifier", FT_UINT32, BASE_HEX);

Any dissector wanting to be called from the SCTP dissector needs to register in 
those tables in its own handoff routine. In the menu bar there is an "internal" 
menu
In that menu you can get a list of the dissector tables and what's been 
registered in them.

Best regards
Anders

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] query regarding handoff function

2014-02-16 Thread Rahul Rohit 
Hi,
If the handoff function includes all  those protocols to which the packets can 
be forwarded for dissection from the current protocol, why the handoff function 
for sctp does not contain the handle of NBAP protocol( As depending on the port 
value the packets from sctp can be forwarded to NBAP protocols , why  NBAP 
handle is not  in sctp handoff function ) ??


Regards
Rahul Rohit




===
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query : How to decode MTP3 Message Over TCP using TALI??

2013-04-17 Thread Jeff Morriss 

On 04/16/13 11:42, friends you wrote:

I want to know how can I decode MTP3 messages encapsulated in TCP using
TALI header (rfc 3094) in WireShark??

TALI is enabled in "Enabled Protocol" list on WireShark. But there is no
option "Decode as -> TALI" on WireShark. I am using WireShark version
1.8.3 on Windows.


See:

http://ask.wireshark.org/questions/20472/query-how-to-decode-mtp3-message-over-tcp-using-tali


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query : How to decode MTP3 Message Over TCP using TALI??

2013-04-17 Thread friends you 
I want to know how can I decode MTP3 messages encapsulated in TCP using TALI 
header (rfc 3094) in WireShark??


TALI is enabled in "Enabled Protocol" list on WireShark. But there is no option 
"Decode as -> TALI" on WireShark. I am using WireShark version 1.8.3 on Windows.___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query.

2012-03-21 Thread Anders Broman 
Hi,
Have you tried typing the command rather than copy-paste as suggested?
nmake -f Makefile.nmake verify_tools

/Anders


From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of krishna hegde
Sent: den 21 mars 2012 12:43
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Query.

Can anybody help in updating the setup of  user guide for the users of Visual 
studio 2010.

My Query is not solved. Please check the mail below for my query. When I get 
reply from eh community I get the wrong link to look for solution.does not talk 
about the problem. Can any body help me solve this problem.

I am using Windows 7 as OS.Visual studio 2010 as the build tool.I  have copied 
the source build for Win32 fand placed under C:\wireshark. edited the  config 
file for the Visual studio 2010.

Also I am not clear about using the wget  to install libraries.

Thanks
Krishna

From: Bill Meier mailto:wmeier@DOMAIN.HIDDEN>>
Date: Fri, 16 Mar 2012 10:47:33 -0400


On 3/16/2012 3:16 AM, krishna hegde wrote:


Hello,

I am using the Visual studio 2010 for the building Wire shark Source . I
understand that Visual studio already has nmake utitiy.

I am getting the error as

Error 1 error U1065: invalid option '-' C:\Wireshark\NMAKE wireshark
Error 2 error MSB3073: The command "nmake -f Makefile.nmake distclean"
exited with code 2. C:\Program
Files\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets 33 6 wire shark

I tried using the nmake -f Makefile.nmake verify_tools

Still I am getting the same error Error 1 error U1065: invalid option '-'

Steps listed in the Website may not be up to date for Visual studio 2010
  source building  in Windows. Can Any one help me in this.



See:
http://ask.wireshark.org/questions/9493/wireshark-build-on-visual-studio-2010

Please let us know if the info helps to fix your problem.



If so, we'll need to update the Developer's Guide (or add a test to 
themakefile.nmake or something ).
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query.

2012-03-21 Thread krishna hegde 
Can anybody help in updating the setup of  user guide for the users of
Visual studio 2010.

My Query is not solved. Please check the mail below for my query. When I
get reply from eh community I get the wrong link to look for solution.does
not talk about the problem. Can any body help me solve this problem.

I am using Windows 7 as OS.Visual studio 2010 as the build tool.I
 have copied the source build for Win32 fand placed under C:\wireshark.
edited the  config file for the Visual studio 2010.

Also I am not clear about using the *wget  to install libraries. *

Thanks
Krishna

*From*: Bill Meier >
*Date*: Fri, 16 Mar 2012 10:47:33 -0400

On 3/16/2012 3:16 AM, krishna hegde wrote:

Hello,

I am using the Visual studio 2010 for the building Wire shark Source . I
understand that Visual studio already has nmake utitiy.

I am getting the error as

Error 1 error U1065: invalid option '-' C:\Wireshark\NMAKE wireshark
Error 2 error MSB3073: The command "nmake -f Makefile.nmake distclean"
exited with code 2. C:\Program
Files\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets 33 6 wire shark

I tried using the nmake -f Makefile.nmake verify_tools

Still I am getting the same error Error 1 error U1065: invalid option '-'

Steps listed in the Website may not be up to date for Visual studio 2010
  source building  in Windows. Can Any one help me in this.


See:http://ask.wireshark.org/questions/9493/wireshark-build-on-visual-studio-2010

Please let us know if the info helps to fix your problem.


If so, we'll need to update the Developer's Guide (or add a test to
themakefile.nmake
or something ).
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2012-03-16 Thread Ed Beroset 
krishna hegde wrote:
>
>I am using the Visual studio 2010 for the building Wire shark Source . I
>understand that Visual studio already has nmake utitiy.
>
>I am getting the error as
>
>Error 1 error U1065: invalid option '-' C:\Wireshark\NMAKE wireshark Error
>2 error MSB3073: The command "nmake -f Makefile.nmake distclean" exited
>with code 2. C:\Program
>Files\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets 33 6 wire shark
>
>I tried using the nmake -f Makefile.nmake verify_tools
>
>Still I am getting the same error Error 1 error U1065: invalid option '-'

This has actually come up before.  The problem then was that the hyphen 
character had actually been cut-and-pasted from another document which didn't 
actually use the ASCII hyphen character (ASCII code 0x2d).  Perhaps that's the 
problem here as well.  

Ed
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2012-03-16 Thread Bill Meier 

On 3/16/2012 3:16 AM, krishna hegde wrote:

Hello,

I am using the Visual studio 2010 for the building Wire shark Source . I
understand that Visual studio already has nmake utitiy.

I am getting the error as

Error 1 error U1065: invalid option '-' C:\Wireshark\NMAKE wireshark
Error 2 error MSB3073: The command "nmake -f Makefile.nmake distclean"
exited with code 2. C:\Program
Files\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets 33 6 wire shark

I tried using the nmake -f Makefile.nmake verify_tools

Still I am getting the same error Error 1 error U1065: invalid option '-'

Steps listed in the Website may not be up to date for Visual studio 2010
  source building  in Windows. Can Any one help me in this.



See:
http://ask.wireshark.org/questions/9493/wireshark-build-on-visual-studio-2010

Please let us know if the info helps to fix your problem.

If so, we'll need to update the Developer's Guide (or add a test to the 
makefile.nmake or something ).


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query

2012-03-16 Thread krishna hegde 
Hello,

I am using the Visual studio 2010 for the building Wire shark Source . I
understand that Visual studio already has nmake utitiy.

I am getting the error as

Error 1 error U1065: invalid option '-' C:\Wireshark\NMAKE wireshark Error
2 error MSB3073: The command "nmake -f Makefile.nmake distclean" exited
with code 2. C:\Program
Files\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets 33 6 wire shark

I tried using the nmake -f Makefile.nmake verify_tools

Still I am getting the same error Error 1 error U1065: invalid option '-'

Steps listed in the Website may not be up to date for Visual studio 2010
 source building  in Windows. Can Any one help me in this.

Thanks
Krishna
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2012-03-01 Thread RUOFF, LARS (LARS)** CTR ** 

... not that there would have been any examples of recent submissions with that 
problem of course!
(And if there would have been, any similarity is purely coincidental!)

;-)
Lars



From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Anders Broman
Sent: jeudi 1 mars 2012 12:43
To: alexis.lagou...@gmail.com; Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query

Hi,
It can be an advantage to submit in smaller steps to get those reviewed and any 
quirks ironed out rather than submitting a huge fulfledged dissector.
Regards
Anders


From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Alexis La Goutte
Sent: den 1 mars 2012 12:31
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query

Hi,

Sur ! it is not a problem ! :-)

Regards

On Thu, Mar 1, 2012 at 12:11 PM, Tyson Key 
mailto:tyson@gmail.com>> wrote:
Hi Krishnamurthy,

Whilst I'm not a core developer, I don't see why that would be a
problem. (In fact, that's how I submitted some of my own dissectors).

Tyson.

On 1 March 2012 03:01, Krishnamurthy Mayya 
mailto:krishnamurthyma...@gmail.com>> wrote:
> Hi all,
> Is it ok if we create a new bug in wireshark bugzilla to say that we are
> working on writing the decoding module for these protocols and attach the
> patches, packets after we are done with it??
> I just wanted to avoid the duplicate work getting done by many. I am
> currently working on writing the decoding modules based on few RFCs and will
> actually take some time to submit it back.
>
> Thanks in advance for the reply.
>
> Thanks and regards
> Krishnamurthy Mayya
>
> ___
> Sent via:Wireshark-dev mailing list 
> mailto:wireshark-dev@wireshark.org>>
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> 
> mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe



--
  Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844
___
Sent via:Wireshark-dev mailing list 
mailto:wireshark-dev@wireshark.org>>
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev

mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2012-03-01 Thread Anders Broman 
Hi,
It can be an advantage to submit in smaller steps to get those reviewed and any 
quirks ironed out rather than submitting a huge fulfledged dissector.
Regards
Anders


From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Alexis La Goutte
Sent: den 1 mars 2012 12:31
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query

Hi,

Sur ! it is not a problem ! :-)

Regards

On Thu, Mar 1, 2012 at 12:11 PM, Tyson Key 
mailto:tyson@gmail.com>> wrote:
Hi Krishnamurthy,

Whilst I'm not a core developer, I don't see why that would be a
problem. (In fact, that's how I submitted some of my own dissectors).

Tyson.

On 1 March 2012 03:01, Krishnamurthy Mayya 
mailto:krishnamurthyma...@gmail.com>> wrote:
> Hi all,
> Is it ok if we create a new bug in wireshark bugzilla to say that we are
> working on writing the decoding module for these protocols and attach the
> patches, packets after we are done with it??
> I just wanted to avoid the duplicate work getting done by many. I am
> currently working on writing the decoding modules based on few RFCs and will
> actually take some time to submit it back.
>
> Thanks in advance for the reply.
>
> Thanks and regards
> Krishnamurthy Mayya
>
> ___
> Sent via:Wireshark-dev mailing list 
> mailto:wireshark-dev@wireshark.org>>
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> 
> mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe



--
  Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844
___
Sent via:Wireshark-dev mailing list 
mailto:wireshark-dev@wireshark.org>>
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev

mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2012-03-01 Thread Alexis La Goutte 
Hi,

Sur ! it is not a problem ! :-)

Regards

On Thu, Mar 1, 2012 at 12:11 PM, Tyson Key  wrote:

> Hi Krishnamurthy,
>
> Whilst I'm not a core developer, I don't see why that would be a
> problem. (In fact, that's how I submitted some of my own dissectors).
>
> Tyson.
>
> On 1 March 2012 03:01, Krishnamurthy Mayya 
> wrote:
> > Hi all,
> > Is it ok if we create a new bug in wireshark bugzilla to say that we are
> > working on writing the decoding module for these protocols and attach the
> > patches, packets after we are done with it??
> > I just wanted to avoid the duplicate work getting done by many. I am
> > currently working on writing the decoding modules based on few RFCs and
> will
> > actually take some time to submit it back.
> >
> > Thanks in advance for the reply.
> >
> > Thanks and regards
> > Krishnamurthy Mayya
> >
> >
> ___
> > Sent via:Wireshark-dev mailing list 
> > Archives:http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
>
>
> --
>   Fight Internet Censorship!
> http://www.eff.org
> http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
> 00447934365844
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2012-03-01 Thread Tyson Key 
Hi Krishnamurthy,

Whilst I'm not a core developer, I don't see why that would be a
problem. (In fact, that's how I submitted some of my own dissectors).

Tyson.

On 1 March 2012 03:01, Krishnamurthy Mayya  wrote:
> Hi all,
> Is it ok if we create a new bug in wireshark bugzilla to say that we are
> working on writing the decoding module for these protocols and attach the
> patches, packets after we are done with it??
> I just wanted to avoid the duplicate work getting done by many. I am
> currently working on writing the decoding modules based on few RFCs and will
> actually take some time to submit it back.
>
> Thanks in advance for the reply.
>
> Thanks and regards
> Krishnamurthy Mayya
>
> ___
> Sent via:    Wireshark-dev mailing list 
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



-- 
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query

2012-02-29 Thread Krishnamurthy Mayya 
Hi all,
Is it ok if we create a new bug in wireshark bugzilla to say that we are
working on writing the decoding module for these protocols and attach the
patches, packets after we are done with it??
I just wanted to avoid the duplicate work getting done by many. I am
currently working on writing the decoding modules based on few RFCs and
will actually take some time to submit it back.

Thanks in advance for the reply.

Thanks and regards
Krishnamurthy Mayya
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query on adding new field in trace record...

2011-10-11 Thread Guy Harris 

On Oct 11, 2011, at 12:13 AM, Krishna Khanal wrote:

> Yes, its "trace record" in .cap file format.

There is no such thing as ".cap file format"; there are at least two different 
capture file types for which the extension ".cap" is used - the NetXRay/Windows 
Sniffer format and the Microsoft Network Monitor format.  There are probably 
more, as the authors of network analyzers have not been as creative as they 
perhaps should have been when choosing extensions, so they just chose ".cap" 
for "capture".

To which of those formats are you referring?
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query on adding new field in trace record...

2011-10-11 Thread Krishna Khanal 
Thanks for quick reply.

Yes, its "trace record" in .cap file format.

Already there are 6 header fields in this record and i m adding 7th one.

Just to make it generic, lets say i want to add one new field in tcp header
to dump "ssthresh" in trace record and dissecting/displaying it using
wireshark.

On Tuesday, October 11, 2011, Guy Harris  wrote:
>
> On Oct 10, 2011, at 7:55 AM, Krishna Khanal wrote:
>
>>  When i add a new field in trace record header,
>
> To what "trace record header" are you referring?  Are these "trace
records" in some protocol?  If so, what protocol is it?  Or are they "trace
records" in some capture file format?  If so, what file format is it?
>
___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>

-- 
Regards,

Krishna Khanal
Citrix R&D India Pvt. Ltd., Bangalore
Mob.: 9738147827
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query on adding new field in trace record...

2011-10-10 Thread Guy Harris 

On Oct 10, 2011, at 7:55 AM, Krishna Khanal wrote:

>  When i add a new field in trace record header,

To what "trace record header" are you referring?  Are these "trace records" in 
some protocol?  If so, what protocol is it?  Or are they "trace records" in 
some capture file format?  If so, what file format is it?
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] query on adding new field in trace record...

2011-10-10 Thread Krishna Khanal 
Hi all,
 When i add a new field in trace record header, do i need to build
everything and intall new wireshark setup package or i can just create
plugin and use it? My understanding is that, plugin will work only if
dissection capability is added in wireshark but if new field is added in
trace record it wont work. Plugin is not working for me and i had to build
the complete package and install new setup.

-- 
Regards,

Krishna
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2010-12-30 Thread Guy Harris 

On Dec 30, 2010, at 9:58 PM, ronnie sahlberg wrote:

> rfc 791 and 792

...and, for ICMPv6, RFC 4443 and RFC 2460.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query

2010-12-30 Thread ronnie sahlberg 
rfc 791 and 792


On Fri, Dec 31, 2010 at 4:52 PM, prathiba meenu  wrote:
> Hi,
> Could you please tell what are all the things needed to calculate checkum of
> ICMP and ICMPv6?
>
> --
> Thanks & Regards,
> Prathiba.H
>
> ___
> Sent via:    Wireshark-dev mailing list 
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query

2010-12-30 Thread prathiba meenu 
Hi,
Could you please tell what are all the things needed to calculate checkum of
ICMP and ICMPv6?

-- 
Thanks & Regards,
Prathiba.H
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query regarding PPP PAP decoding

2010-10-16 Thread Alexis La Goutte 
On Tue, Oct 12, 2010 at 2:47 PM, Chris Maynard wrote:

>
>
> I don't think there's any particular reason why the bytes are not shown
> except
> that that's how the author of the PAP dissector (Laurent Rabret as far as I
> can
> tell) wrote the code way back in 2001.
>
> Feel free to submit a patch to add the bytes.
>

It would be best created a bug in the bugtracker (
https://bugs.wireshark.org/ ) with a sample of PPP PAP Traffic !


>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query regarding PPP PAP decoding

2010-10-12 Thread Chris Maynard 
  writes:

> Thats true. However I am wondering why is it not shown in the decoding (or the
middle ) pane? This is where all
> the other
> details are shown, then why not the Peer id and Password?
> Is it for some sort of "security"? It doesnt seem to help though,
> as the data is anywhere available in the "raw packet" view.

I don't think there's any particular reason why the bytes are not shown except
that that's how the author of the PAP dissector (Laurent Rabret as far as I can
tell) wrote the code way back in 2001.

Feel free to submit a patch to add the bytes.


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query regarding PPP PAP decoding

2010-10-12 Thread Tom Heyligen 
Hi,

If you want to see the values of the "Peer-ID" and "Password" fields,
you can select them, and view the corresponding highlighted bytes in the
bottom window (the "raw packet" view).

Best regards,
 Tom Heyligen


-Original Message-
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of
sippyemail-wiresh...@yahoo.com
Sent: dinsdag 12 oktober 2010 11:00
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Query regarding PPP PAP decoding

Hi,
I am new to PPP. I request your help in answeing the following 
query.

I had a request from one of my colleagues who is using
Wireshark 1.4.0 on Windows to decode PPP packets.
Its regarding the Peer Id and password fields in PPP PAP messages.
Why are they limited to showing only the length and not the whole
contents?

For eg: the dissecting of the PAP message goes on something like this:
...
- PPP Password Authentication Protocol
   Code: Authenticate-Request (0x01)
   Identifier: 0x01
   Length: 22
 - Data (18 bytes)
- Peer Id length: 8 bytes
  Peer-Id (8 bytes)
- Password length: 8 bytes
  Password (8 bytes)

Why is the Peer Id and the password contents not shown?

Thanks,
Srinivasa Pradeep




___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query regarding PPP PAP decoding

2010-10-12 Thread sippyemail-wireshark 
> 
> If you want to see the values of the "Peer-ID" and
> "Password" fields,
> you can select them, and view the corresponding highlighted
> bytes in the
> bottom window (the "raw packet" view).
> 
Thats true. However I am wondering why is it not shown in the decoding (or the 
middle ) pane? This is where all the other
details are shown, then why not the Peer id and Password?
Is it for some sort of "security"? It doesnt seem to help though,
as the data is anywhere available in the "raw packet" view.


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query regarding PPP PAP decoding

2010-10-12 Thread sippyemail-wireshark 
Hi,
I am new to PPP. I request your help in answeing the following 
query.

I had a request from one of my colleagues who is using
Wireshark 1.4.0 on Windows to decode PPP packets.
Its regarding the Peer Id and password fields in PPP PAP messages.
Why are they limited to showing only the length and not the whole
contents?

For eg: the dissecting of the PAP message goes on something like this:
...
- PPP Password Authentication Protocol
   Code: Authenticate-Request (0x01)
   Identifier: 0x01
   Length: 22
 - Data (18 bytes)
- Peer Id length: 8 bytes
  Peer-Id (8 bytes)
- Password length: 8 bytes
  Password (8 bytes)

Why is the Peer Id and the password contents not shown?

Thanks,
Srinivasa Pradeep



___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query on User DLTs table.

2010-08-24 Thread upendra.allu 
Hello,



I have a query on "User DLTs table" window on Wireshark.

My main intention is to dissect Wireshark plug-ins as independent
plug-ins (I mean with out dissecting Data Link layer (Ethernet) and IP
layers, I directly want to dissect plug-ins on top of IP layer.

I found the following webpage useful for my purpose.

http://wiki.wireshark.org/HowToDissectAnything



In the webpage he explained on how to dissect HTTP plug-in as
independent plug-in, in the similar way I want to dissect my plug-ins.

My question here is, in Wireshark Edit --> Preferences window, on
selecting DLT_USER --> Edit, in User DLTs Table --> New window, we have
different DLT values ranging from 147 - 162, in the "Payload Protocol"
field it is accepting only some protocols (ex, HTTP, FTP, which I tried)
for User 0 (DLT=147).

If I give HTTP in that field, I can dissect HTTP layer directly without
its bottom layers. Now how can I define my plug-in names there so that I
also can also dissect my plug-ins directly? Do I have to define the
plug-in names some where in the code?

Please help in this.



Best regards,

Upendra






Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding field registration of unicode string

2010-07-26 Thread ajay seshadri 
Hi,

Can you please tell me the arguments of the g_free() function, to be used along 
with tvb_fake_unicode()? I couldn't find it in the developer document. Also, is 
it supposed to be called at the end of the dissector?

Thanks,
Ajay




From: Jaap Keuter 
To: Developer support list for Wireshark 
Sent: Tue, July 13, 2010 4:51:20 PM
Subject: Re: [Wireshark-dev] query regarding field registration of unicode 
string


Hi,
There's no direct support for Unicode strings in Wireshark.
What's been done, by the SMB dissector for instance, is that the Unicode string 
is extracted from the TVB and then converted to an ASCII string before being 
added to the protocol tree using proto_tree_add_string().
The TVB module provides you with some helper functions: tvb_*fake_unicode().
Thanks,
Jaap
On Tue, 13 Jul 2010 00:10:45 -0700 (PDT), ajay seshadri  
wrote:
Hello,
>
>I was going through the Wireshark Developer's guide to understand the 
>implementation of a dissector. 
>
>
>I had a doubt regarding the field registration of unicode string. Is there any 
>specific value for unicode string, or FT_NONE is to be used while setting up a 
>list of header fields using the array - hf[ ]?
>
>Thanks and Best Regards,
>Ajay Seshadri
>


  ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding field registration of unicode string

2010-07-13 Thread ajay seshadri 
Hi Jaap,

Thank you very much.

Regards,
Ajay





From: Jaap Keuter 
To: Developer support list for Wireshark 
Sent: Tue, July 13, 2010 4:51:20 PM
Subject: Re: [Wireshark-dev] query regarding field registration of unicode 
string


Hi,
There's no direct support for Unicode strings in Wireshark.
What's been done, by the SMB dissector for instance, is that the Unicode string 
is extracted from the TVB and then converted to an ASCII string before being 
added to the protocol tree using proto_tree_add_string().
The TVB module provides you with some helper functions: tvb_*fake_unicode().
Thanks,
Jaap
On Tue, 13 Jul 2010 00:10:45 -0700 (PDT), ajay seshadri  
wrote:
Hello,
>
>I was going through the Wireshark Developer's guide to understand the 
>implementation of a dissector. 
>
>
>I had a doubt regarding the field registration of unicode string. Is there any 
>specific value for unicode string, or FT_NONE is to be used while setting up a 
>list of header fields using the array - hf[ ]?
>
>Thanks and Best Regards,
>Ajay Seshadri
>


  ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query regarding field registration of unicode string

2010-07-13 Thread Jaap Keuter 


Hi, 

There's no direct support for Unicode strings in Wireshark.


What's been done, by the SMB dissector for instance, is that the
Unicode string is extracted from the TVB and then converted to an ASCII
string before being added to the protocol tree using
proto_tree_add_string(). 

The TVB module provides you with some helper
functions: tvb_*fake_unicode(). 

Thanks,
Jaap 

On Tue, 13 Jul 2010
00:10:45 -0700 (PDT), ajay seshadri  wrote:  

Hello,

I was going
through the Wireshark Developer's guide to understand the implementation
of a dissector. 

I had a doubt regarding the field registration of
unicode string. Is there any specific value for unicode string, or
FT_NONE is to be used while setting up a list of header fields using the
array - hf[ ]?

Thanks and Best Regards,
Ajay Seshadri  

 ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] query regarding field registration of unicode string

2010-07-13 Thread ajay seshadri 
Hello,

I was going through the Wireshark Developer's guide to understand the 
implementation of a dissector. 


I had a doubt regarding the field registration of unicode string. Is there any 
specific value for unicode string, or FT_NONE is to be used while setting up a 
list of header fields using the array - hf[ ]?

Thanks and Best Regards,
Ajay Seshadri



  ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on proto_reg_handoff_<>

2009-12-21 Thread Maynard, Chris 
You want new_create_dissector_handle().  find_dissector() is used to
obtain a handle for an already registered dissector.

 

Take a look at the example given in section 1.2 of doc/README.developer
and packet-cmp.c's handoff function as another example.

 

- Chris

 

 

From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Varun Gupta
Sent: Monday, December 21, 2009 7:00 AM
To: wireshark-dev@wireshark.org
Cc: Sanjay Dhand
Subject: [Wireshark-dev] Query on proto_reg_handoff_<>

 

Hi All,

 

 

I am new to wireshark development and having some doubt regarding my new
dissector development:

 

In my "proto_register_bsapb64()" I have done the 

{ 

 

   proto_bsapb64 = proto_register_protocol("ANSI BSMAP B64 Coding",

  "BSMAP BASE64", "bsapb64");

 

And 

 

new_register_dissector("bsapb64", dissect_bsapb64, proto_bsapb64);

}

 

And In "proto_reg_handoff_bsapb64()" function I want to do :

{

 

dissector_handle_t bsapb64_handle;

 



 

dissector_add_string("media_type", "application/FemtoInterfaceMsg",
bsapb64_handle);

}

 

So my doubt is to get the bsapb64_handle whether I should be doing
"new_create_dissector_handle(dissect_bsapb64, proto_bsapb64)" or
"find_dissector("bsapb64")"

I am really confused over there uses.

 

 

Any help would really be appreciated. Thanks.

 

Regards,

Varun

 



"DISCLAIMER: This message is proprietary to Aricent and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query on proto_reg_handoff_<>

2009-12-21 Thread Varun Gupta 
Hi All,


I am new to wireshark development and having some doubt regarding my new 
dissector development:

In my "proto_register_bsapb64()" I have done the
{

   proto_bsapb64 = proto_register_protocol("ANSI BSMAP B64 Coding",
  "BSMAP BASE64", "bsapb64");

And

new_register_dissector("bsapb64", dissect_bsapb64, proto_bsapb64);
}

And In "proto_reg_handoff_bsapb64()" function I want to do :
{

dissector_handle_t bsapb64_handle;



dissector_add_string("media_type", "application/FemtoInterfaceMsg", 
bsapb64_handle);
}

So my doubt is to get the bsapb64_handle whether I should be doing 
"new_create_dissector_handle(dissect_bsapb64, proto_bsapb64)" or 
"find_dissector("bsapb64")"
I am really confused over there uses.


Any help would really be appreciated. Thanks.

Regards,
Varun


"DISCLAIMER: This message is proprietary to Aricent and is intended solely for 
the use of the individual to whom it is addressed. It may contain privileged or 
confidential information and should not be circulated or used for any purpose 
other than for what it is intended. If you have received this message in error, 
please notify the originator immediately. If you are not the intended 
recipient, you are notified that you are strictly prohibited from using, 
copying, altering, or disclosing the contents of this message. Aricent accepts 
no responsibility for loss or damage arising from the use of the information 
transmitted by this email including damage from virus."
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query

2009-12-15 Thread nikhil tripathi 
Hi,

I added a new "xyz" plugin in wireshark and build sccussfully.I have a log 
file.Every time whin i opened log file it dissect according to Ethernet 
protocol.

I want to dissect it with my "xyz" plugin protocol.
So guide me how i achive this what are the changes require in library files.

Regards
Nikhil ___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] query proto tree within dissector

2009-10-23 Thread Jeff Morriss 
fruehwi...@gmail.com wrote:
> Hi,
> 
> my custom dissector defines some subtrees.
> 
> I added custom names for packet types like described here:
> http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html#id4724866
> -> Example 9.9. Naming the packet types.
> 
> Now wireshark shows names for the type-field of packets as expected.
> 
> Question:
> Is there a way to query the proto_tree after definition of subtries ??
> 
> 
> proto_tree_add_item(myprot_header_tree, hf_myprot_type, tvb, offset, 2, 
> FALSE);
> 
> where hf_myprot_type is the field which adds naming to type-byte of the 
> protocol
> 
> Is there a way to do somethin like this:
> 
> get_curren_stringvalue(hf_myprot_type);
> 

As far as I know, no.  You probably have to retrieve the value (using 
tvb_get_*()) and store it somewhere.
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] query proto tree within dissector

2009-10-21 Thread Fruehwirth 

Hi,

my custom dissector defines some subtrees.

I added custom names for packet types like described here:
http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html#id4724866
-> Example 9.9. Naming the packet types.

Now wireshark shows names for the type-field of packets as expected.

Question:
Is there a way to query the proto_tree after definition of subtries ??


proto_tree_add_item(myprot_header_tree, hf_myprot_type, tvb, offset, 2,  
FALSE);


where hf_myprot_type is the field which adds naming to type-byte of the  
protocol


Is there a way to do somethin like this:

get_curren_stringvalue(hf_myprot_type);


thx
Josef
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query about TCP reassembly

2009-07-15 Thread Munish Dayal 
Hi,

I have a protocol (lets call it "myproto") that runs atop TCP, and myproto 
messages are coming split across multiple TCP segments.
I have to reassemble myproto messages, that are variable in size.

myproto message header does not contain any length information about the total 
size of myproto message.
>From the myproto message header I can only know if it is the last message 
>fragment or there is more fragment to follow.
I have to reassemble myproto message fragments till I get a fragment that says 
it is the last one.

Can I use tcp_dissect_pdus() in this case?
If yes, how ?
If no, what is the way to reassemble such a protocol.

Thanks,
Munish


"DISCLAIMER: This message is proprietary to Aricent and is intended solely for 
the use of the individual to whom it is addressed. It may contain privileged or 
confidential information and should not be circulated or used for any purpose 
other than for what it is intended. If you have received this message in 
error,please notify the originator immediately. If you are not the intended 
recipient, you are notified that you are strictly prohibited from using, 
copying, altering, or disclosing the contents of this message. Aricent accepts 
no responsibility for loss or damage arising from the use of the information 
transmitted by this email including damage from virus."
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets usingcommand line options

2008-12-29 Thread Andrew Feren 

Also tcpreplay .

-Andrew

j.sneld...@telfort.nl wrote:

Hi Atdev,

Take a look at Bit-Twist:
http://bittwist.sourceforge.net/

Cheers
Joan

On Mon, 29 Dec 2008 18:08:47 +0530 atdev wrote:
  

Hi All,

Thank you Joan, it has really worked for me.
Can anyone please suggest a player which works in linux environment because
my wireshark setup is in linux system. Otherwise i need to use windows system
to play the packets and linux system to capture them.

regards,
Atdev.




   



___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

  
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets usingcommand line options

2008-12-29 Thread j . snelders 
Hi Atdev,

Take a look at Bit-Twist:
http://bittwist.sourceforge.net/

Cheers
Joan

On Mon, 29 Dec 2008 18:08:47 +0530 atdev wrote:
>Hi All,
>
>Thank you Joan, it has really worked for me.
>Can anyone please suggest a player which works in linux environment because
>my wireshark setup is in linux system. Otherwise i need to use windows system
>to play the packets and linux system to capture them.
>
>regards,
>Atdev.


   


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets usingcommand line options

2008-12-29 Thread atdev.queries 
Hi All,

Thank you Joan, it has really worked for me.
Can anyone please suggest a player which works in linux environment because my 
wireshark setup is in linux system. Otherwise i need to use windows system to 
play the packets and linux system to capture them.

regards,
Atdev.



From: wireshark-dev-boun...@wireshark.org on behalf of j.sneld...@telfort.nl
Sent: Tue 12/23/2008 12:36 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on loading packets usingcommand line options



Hi Atdev,

You can replay the packets using Colasoft Packet Player en capture the traffic
with TShark | Wireshark.

http://www.colasoft.com/download/products/packet_player.php

HTH
Joan

On Mon, 22 Dec 2008 18:56:01 +0530 atdev wrote:
>Hi All,
>
>Thanks for all your support.
>
>My new query: is it possible to create the traffic using the existing packets
>i have and capture them using wireshark.
>What i mean exactly is with the packets available with me  is it possible
>to create a traffic with in the system.
>And is it possible to run wireshark in capture mode to capture the generated
>traffic.
>
>If yes, could any one please explain me how it can be done?
>
>regards,
>Atdev.
>
>
>
>From: wireshark-dev-boun...@wireshark.org on behalf of j.sneld...@telfort.nl
>Sent: Sat 12/20/2008 3:11 AM
>To: Developer support list for Wireshark
>Subject: Re: [Wireshark-dev] Query on loading packetsusing command line
options
>
>
>
>
>On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote:
>>atdev.quer...@wipro.com wrote:
>>> Hi All,
>>>
>>> Thanks Joan and Gerald.
>>>
>>> Both of your approaches worked.
>>> But my New query is
>>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
>>> shall give me the output unsaved, i need to explicitly save it .
>>> But what i need is save it to the XXX location as specified and into
multiple
>files of say 200KB.
>>>
>>> I don't know the no.of files i am merging. There may be chance of "out
>>> of memory" when i load the merged output file. So it would be better
if
>
>>> I could save them into smaller files.
>
>I don't know if I understand you correctly.
>Do you first want to merge 2 or more files and next split the outputfile
>into multiple files?
>If so:
>mergecap -w   
>$ mergecap -w mergefile1_2.cap file1.cap file2.cap
>
>editcap -c   
>$ editcap -c 200 mergefile1_2.cap split.cap
>
>Do you want to capture and write the output to multiple files?
>If so, you can use TShark, Dumpcap or Wireshark.
>TShark/Dumpcap -i  -b NUM KB> -a  -w 
>$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap
>
>Wireshark: Capture -> Options -> Use Multiple Files
>
>https://www.wireshark.org/docs/man-pages/mergecap.html
>https://www.wireshark.org/docs/man-pages/editcap.html
>https://www.wireshark.org/docs/man-pages/tshark.html
>
>>
>>Try feeding the output into dumpcap instead of Wireshark:
>>
>>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b 
>>filesize:200
>
>Doesn't work for me:(
>
>>
>>http://www.wireshark.org/docs/man-pages/dumpcap.html
>>
>>--
>>Join us for Sharkfest?09  |  Stanford University, June 15 ? 18
>>http://www.cacetech.com/sharkfest.09/
>
>Of course
>>
>>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
>>___
>>Sent via:Wireshark-dev mailing list 
>>Archives:http://www.wireshark.org/lists/wireshark-dev
>>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
>
>
>
>___
>Sent via:Wireshark-dev mailing list 
>Archives:http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
>
>Please do not print this email unless it is absolutely necessary.
>
>The information contained in this electronic message and any attachments
>to this message are intended for the exclusive use of the addressee(s) and
>may contain proprietary, confidential or privileged information. If you
are
>not the intended recipient, you should not disseminate, distribute or copy
>this e-mail. Please notify the sender immediately and destroy all copies
>of this message and any attachments.
>
>WARNING: Computer viruses

Re: [Wireshark-dev] Query on loading packets using command lineoptions

2008-12-22 Thread j . snelders 
Hi Atdev,

Your command line:
> $mergecap -w merge1_2.cap input1.cap input2.cap|wireshark -w chopped.cap
-b filesize:200 -a files:4 -i 2 merge1_2.cap

If you want to split a capture file in multiple files, you have to use editcap
(and not Wireshark):
editcap -c
$ editcap -c 200 merge1_2.cap split.cap

Wireshark options -b (Capture output: ringbuffer) -a (Capture stop conditions:
autostop)
You only use the options -b and -a in Wireshark or TShark, if you want to
start a life capture and you want to send the output to multiple files.

For all the options take a look at wireshark -h or 
http://www.wireshark.org/docs/man-pages/wireshark.html


> Could any one explain me how to get the expected behaviour.
$mergecap -w merge1_2.cap input1.cap input2.cap 

$editcap -c 200 merge1_2.cap split.cap
The output will be something like:
split.cap-0
split.cap-1
split.cap-2
etc.

You can open those files with Wireshark or TShark.
$ wireshark -r split.cap-0
$ tshark -r split.cap-0

Hope this helps
Joan


On Mon, 22 Dec 2008 19:01:28 +0530 atdev wrote:
>Hi All,
>
>I tried the following command to load the packets.
>$mergecap -w merge1_2.cap input1.cap input2.cap|wireshark -w chopped.cap
>-b filesize:200 -a files:4 -i 2 merge1_2.cap
>
>But i havn't got any file as chopped.cap after the execution. It simply
loaded
>merge1_2.cap.
>Could any one explain me how to get the expected behaviour.
>
>thanks and regards,
>Atdev.


   


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-22 Thread j . snelders 
Hi Atdev,

You can replay the packets using Colasoft Packet Player en capture the traffic
with TShark | Wireshark.

http://www.colasoft.com/download/products/packet_player.php

HTH
Joan

On Mon, 22 Dec 2008 18:56:01 +0530 atdev wrote:
>Hi All,
>
>Thanks for all your support.
>
>My new query: is it possible to create the traffic using the existing packets
>i have and capture them using wireshark.
>What i mean exactly is with the packets available with me  is it possible
>to create a traffic with in the system.
>And is it possible to run wireshark in capture mode to capture the generated
>traffic.
>
>If yes, could any one please explain me how it can be done?
>
>regards,
>Atdev.
>
>
>
>From: wireshark-dev-boun...@wireshark.org on behalf of j.sneld...@telfort.nl
>Sent: Sat 12/20/2008 3:11 AM
>To: Developer support list for Wireshark
>Subject: Re: [Wireshark-dev] Query on loading packetsusing command line
options
>
>
>
>
>On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote:
>>atdev.quer...@wipro.com wrote:
>>> Hi All,
>>>
>>> Thanks Joan and Gerald.
>>>
>>> Both of your approaches worked.
>>> But my New query is
>>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
>>> shall give me the output unsaved, i need to explicitly save it .
>>> But what i need is save it to the XXX location as specified and into
multiple
>files of say 200KB.
>>>
>>> I don't know the no.of files i am merging. There may be chance of "out
>>> of memory" when i load the merged output file. So it would be better
if
>
>>> I could save them into smaller files.
>
>I don't know if I understand you correctly.
>Do you first want to merge 2 or more files and next split the outputfile
>into multiple files?
>If so:
>mergecap -w   
>$ mergecap -w mergefile1_2.cap file1.cap file2.cap
>
>editcap -c   
>$ editcap -c 200 mergefile1_2.cap split.cap
>
>Do you want to capture and write the output to multiple files?
>If so, you can use TShark, Dumpcap or Wireshark.
>TShark/Dumpcap -i  -b NUM KB> -a  -w 
>$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap
>
>Wireshark: Capture -> Options -> Use Multiple Files
>
>https://www.wireshark.org/docs/man-pages/mergecap.html
>https://www.wireshark.org/docs/man-pages/editcap.html
>https://www.wireshark.org/docs/man-pages/tshark.html
>
>>
>>Try feeding the output into dumpcap instead of Wireshark:
>>
>>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b 
>>filesize:200
>
>Doesn't work for me:(
>
>>
>>http://www.wireshark.org/docs/man-pages/dumpcap.html
>>
>>--
>>Join us for Sharkfest?09  |  Stanford University, June 15 ? 18
>>http://www.cacetech.com/sharkfest.09/
>
>Of course
>>
>>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
>>___
>>Sent via:Wireshark-dev mailing list 
>>Archives:http://www.wireshark.org/lists/wireshark-dev
>>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
>
>
>
>___
>Sent via:Wireshark-dev mailing list 
>Archives:http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
>
>Please do not print this email unless it is absolutely necessary. 
>
>The information contained in this electronic message and any attachments
>to this message are intended for the exclusive use of the addressee(s) and
>may contain proprietary, confidential or privileged information. If you
are
>not the intended recipient, you should not disseminate, distribute or copy
>this e-mail. Please notify the sender immediately and destroy all copies
>of this message and any attachments. 
>
>WARNING: Computer viruses can be transmitted via email. The recipient should
>check this email and any attachments for the presence of viruses. The company
>accepts no liability for any damage caused by any virus transmitted by this
>email. 
>
>www.wipro.com
>
>Bijlage: winmail.dat
>
>___
>Sent via:Wireshark-dev mailing list 
>Archives:http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


   


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command lineoptions

2008-12-22 Thread atdev.queries 
Hi All,

I tried the following command to load the packets.
$mergecap -w merge1_2.cap input1.cap input2.cap|wireshark -w chopped.cap -b 
filesize:200 -a files:4 -i 2 merge1_2.cap

But i havn't got any file as chopped.cap after the execution. It simply loaded 
merge1_2.cap.
Could any one explain me how to get the expected behaviour.

thanks and regards,
Atdev.



From: wireshark-dev-boun...@wireshark.org on behalf of Alex Lindberg
Sent: Sat 12/20/2008 6:32 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on loading packets using command lineoptions



I created a simple script for merging many files with the option of filtering 
using display filters.  Note the following script was intended for use on *inux 
systems.  Your mileage may very.

- MergePackets.sh 
#!/bin/sh

if [ "$2x" = "x" ];
then
echo "$0   []"
echo " "
echo "The purpose of this script is to take all capture files in a 
directory"
echo "and create a  single file that is filtered based on the input 
string."
echo " "
echo "This string could be an IP address, \"ip.addr == 1.1.1.1\""
echo "or a port nunmber \"tcp.port == 1720\", etc."
echo " "
echo "The input must be in a display filter format."
echo " "
echo "If you are using a wildcard in the , please inclose with \" 
\" marks"
echo " "
echo "If OutputFile is not specified, the output will be to stdout"
echo " "
exit 1
fi

# Change below if Wireshark is not installed and you are using Ethereal
SHARK=tshark
#SHARK=tethereal

# Create file list
FILELIST=`ls $1`
TEMPDIR=/tmp/foobar
mkdir $TEMPDIR
i=1
for I in $FILELIST;
do
echo "$i $I $2"
$SHARK -r $I -w $TEMPDIR/~$I-$i -R "$2" &>/dev/null
i=`echo $i+1|bc`
done

if [ "$3x" = "x" ];
then
# if here use stdout
OUTFILE="-"
else
OUTFILE=$3
fi

mergecap -w $OUTFILE $TEMPDIR/~*
rm -r $TEMPDIR

--- End MergePackets.sh ---

Good Luck
Alex Lindberg




___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com
<>___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packetsusing command line options

2008-12-22 Thread atdev.queries 
Hi All,

Thanks for all your support.

My new query: is it possible to create the traffic using the existing packets i 
have and capture them using wireshark.
What i mean exactly is with the packets available with me  is it possible to 
create a traffic with in the system.
And is it possible to run wireshark in capture mode to capture the generated 
traffic.

If yes, could any one please explain me how it can be done?

regards,
Atdev.



From: wireshark-dev-boun...@wireshark.org on behalf of j.sneld...@telfort.nl
Sent: Sat 12/20/2008 3:11 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on loading packetsusing command line options




On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote:
>atdev.quer...@wipro.com wrote:
>> Hi All,
>>
>> Thanks Joan and Gerald.
>>
>> Both of your approaches worked.
>> But my New query is
>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
>> shall give me the output unsaved, i need to explicitly save it .
>> But what i need is save it to the XXX location as specified and into multiple
files of say 200KB.
>>
>> I don't know the no.of files i am merging. There may be chance of "out
>> of memory" when i load the merged output file. So it would be better if

>> I could save them into smaller files.

I don't know if I understand you correctly.
Do you first want to merge 2 or more files and next split the outputfile
into multiple files?
If so:
mergecap -w   
$ mergecap -w mergefile1_2.cap file1.cap file2.cap

editcap -c   
$ editcap -c 200 mergefile1_2.cap split.cap

Do you want to capture and write the output to multiple files?
If so, you can use TShark, Dumpcap or Wireshark.
TShark/Dumpcap -i  -b  -a  -w 
$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap

Wireshark: Capture -> Options -> Use Multiple Files

https://www.wireshark.org/docs/man-pages/mergecap.html
https://www.wireshark.org/docs/man-pages/editcap.html
https://www.wireshark.org/docs/man-pages/tshark.html

>
>Try feeding the output into dumpcap instead of Wireshark:
>
>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200

Doesn't work for me:(

>
>http://www.wireshark.org/docs/man-pages/dumpcap.html
>
>--
>Join us for Sharkfest?09  |  Stanford University, June 15 ? 18
>http://www.cacetech.com/sharkfest.09/

Of course
>
>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
>___
>Sent via:Wireshark-dev mailing list 
>Archives:http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe





___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com
<>___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-19 Thread Alex Lindberg 
I created a simple script for merging many files with the option of filtering 
using display filters.  Note the following script was intended for use on *inux 
systems.  Your mileage may very.

- MergePackets.sh 
#!/bin/sh

if [ "$2x" = "x" ];
then
echo "$0   []"
echo " "
echo "The purpose of this script is to take all capture files in a 
directory"
echo "and create a  single file that is filtered based on the input 
string."
echo " "
echo "This string could be an IP address, \"ip.addr == 1.1.1.1\""
echo "or a port nunmber \"tcp.port == 1720\", etc."
echo " "
echo "The input must be in a display filter format."
echo " "
echo "If you are using a wildcard in the , please inclose with \" 
\" marks"
echo " "
echo "If OutputFile is not specified, the output will be to stdout"
echo " "
exit 1
fi

# Change below if Wireshark is not installed and you are using Ethereal
SHARK=tshark
#SHARK=tethereal

# Create file list
FILELIST=`ls $1`
TEMPDIR=/tmp/foobar
mkdir $TEMPDIR
i=1
for I in $FILELIST;
do
echo "$i $I $2"
$SHARK -r $I -w $TEMPDIR/~$I-$i -R "$2" &>/dev/null
i=`echo $i+1|bc`
done

if [ "$3x" = "x" ];
then
# if here use stdout
OUTFILE="-"
else
OUTFILE=$3
fi

mergecap -w $OUTFILE $TEMPDIR/~*
rm -r $TEMPDIR

--- End MergePackets.sh ---

Good Luck
Alex Lindberg



  
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-19 Thread j . snelders 

On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote:
>atdev.quer...@wipro.com wrote:
>> Hi All,
>>  
>> Thanks Joan and Gerald.
>>  
>> Both of your approaches worked.
>> But my New query is
>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
>> shall give me the output unsaved, i need to explicitly save it .
>> But what i need is save it to the XXX location as specified and into multiple
files of say 200KB.
>>  
>> I don't know the no.of files i am merging. There may be chance of "out
>> of memory" when i load the merged output file. So it would be better if

>> I could save them into smaller files.

I don't know if I understand you correctly.
Do you first want to merge 2 or more files and next split the outputfile
into multiple files?
If so:
mergecap -w
$ mergecap -w mergefile1_2.cap file1.cap file2.cap

editcap -c
$ editcap -c 200 mergefile1_2.cap split.cap
  
Do you want to capture and write the output to multiple files?
If so, you can use TShark, Dumpcap or Wireshark.
TShark/Dumpcap -i  -b  -a  -w 
$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap
 
Wireshark: Capture -> Options -> Use Multiple Files
 
https://www.wireshark.org/docs/man-pages/mergecap.html
https://www.wireshark.org/docs/man-pages/editcap.html
https://www.wireshark.org/docs/man-pages/tshark.html

>
>Try feeding the output into dumpcap instead of Wireshark:
>
>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200

Doesn't work for me:(

>
>http://www.wireshark.org/docs/man-pages/dumpcap.html
>
>-- 
>Join us for Sharkfest?09  |  Stanford University, June 15 ? 18
>http://www.cacetech.com/sharkfest.09/

Of course
>
>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
>___
>Sent via:Wireshark-dev mailing list 
>Archives:http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


   


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-19 Thread Gerald Combs 
atdev.quer...@wipro.com wrote:
> Hi All,
>  
> Thanks Joan and Gerald.
>  
> Both of your approaches worked.
> But my New query is
> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
> shall give me the output unsaved, i need to explicitly save it .
> But what i need is save it to the XXX location as specified and into multiple 
> files of say 200KB.
>  
> I don't know the no.of files i am merging. There may be chance of "out of 
> memory" when i load the merged output file. So it would be better if  I could 
> save them into smaller files.

Try feeding the output into dumpcap instead of Wireshark:

mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200

http://www.wireshark.org/docs/man-pages/dumpcap.html

-- 
Join us for Sharkfest’09  |  Stanford University, June 15 – 18
http://www.cacetech.com/sharkfest.09/

EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-18 Thread atdev.queries 
Hi All,

Thanks Joan and Gerald.

Both of your approaches worked.
But my New query is
mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
shall give me the output unsaved, i need to explicitly save it .
But what i need is save it to the XXX location as specified and into multiple 
files of say 200KB.

I don't know the no.of files i am merging. There may be chance of "out of 
memory" when i load the merged output file. So it would be better if  I could 
save them into smaller files.

please help me.

regards,
Atdev.



From: wireshark-dev-boun...@wireshark.org on behalf of j.sneld...@telfort.nl
Sent: Thu 12/18/2008 1:35 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on loading packets usingcommand line options




>-- Oorspronkelijk bericht --
>Date: Wed, 17 Dec 2008 07:39:03 -0800
>From: Gerald Combs 
>To: Developer support list for Wireshark 
>Subject: Re: [Wireshark-dev] Query on loading packets using command
>   lineoptions
>Reply-To: Developer support list for Wireshark 
>
>
>j.sneld...@telfort.nl wrote:
>> Hi Atdev,
>>
>> You can ust the pipe sign | , but this will start Wireshark twice.
>> wireshark -r packet1.pcap | wireshark -r packet2.cap
>>
>>
>> Or you can create file sets.
>> Rename your files like this:
>> packet1_0_2008121700.pcap
>> packet1_1_2008121700.pcap
>>
>> Start Wireshark and load on of the files.
>> Got to File -> File Set -> List Files
>> Load the other file by selecting it.
>>
>> Somehow this won't work by using the command line to start Wireshark.
>
>Does this work?
>
>mergecap -w - file1.pcap file2.pcap | wireshark -k -i -

No, this one does:
$ mergecap -w mergepacket1_and_2.pcap packet1.pcap packet2.pcap | wireshark
-r
mergepacket1_and_2.pcap




___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com
<>___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-17 Thread j . snelders 

>-- Oorspronkelijk bericht --
>Date: Wed, 17 Dec 2008 07:39:03 -0800
>From: Gerald Combs 
>To: Developer support list for Wireshark 
>Subject: Re: [Wireshark-dev] Query on loading packets using command
>   lineoptions
>Reply-To: Developer support list for Wireshark 
>
>
>j.sneld...@telfort.nl wrote:
>> Hi Atdev,
>> 
>> You can ust the pipe sign | , but this will start Wireshark twice.
>> wireshark -r packet1.pcap | wireshark -r packet2.cap
>> 
>> 
>> Or you can create file sets.
>> Rename your files like this:
>> packet1_0_2008121700.pcap
>> packet1_1_2008121700.pcap
>> 
>> Start Wireshark and load on of the files.
>> Got to File -> File Set -> List Files
>> Load the other file by selecting it.
>> 
>> Somehow this won't work by using the command line to start Wireshark.
>
>Does this work?
>
>mergecap -w - file1.pcap file2.pcap | wireshark -k -i -

No, this one does:
$ mergecap -w mergepacket1_and_2.pcap packet1.pcap packet2.pcap | wireshark
-r
mergepacket1_and_2.pcap

   


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-17 Thread Gerald Combs 
j.sneld...@telfort.nl wrote:
> Hi Atdev,
> 
> You can ust the pipe sign | , but this will start Wireshark twice.
> wireshark -r packet1.pcap | wireshark -r packet2.cap
> 
> 
> Or you can create file sets.
> Rename your files like this:
> packet1_0_2008121700.pcap
> packet1_1_2008121700.pcap
> 
> Start Wireshark and load on of the files.
> Got to File -> File Set -> List Files
> Load the other file by selecting it.
> 
> Somehow this won't work by using the command line to start Wireshark.

Does this work?

mergecap -w - file1.pcap file2.pcap | wireshark -k -i -
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-17 Thread j . snelders 
Hi Atdev,

You can ust the pipe sign | , but this will start Wireshark twice.
wireshark -r packet1.pcap | wireshark -r packet2.cap


Or you can create file sets.
Rename your files like this:
packet1_0_2008121700.pcap
packet1_1_2008121700.pcap

Start Wireshark and load on of the files.
Got to File -> File Set -> List Files
Load the other file by selecting it.

Somehow this won't work by using the command line to start Wireshark.

Hope this helps
Joan

   


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command lineoptions

2008-12-17 Thread atdev.queries 
Hi,

Abhik: Thanks for your advice.

But my requirment is to load these packets one after the other for the same 
instance of wireshark.

regards,
Atdev.



From: wireshark-dev-boun...@wireshark.org on behalf of Abhik Sarkar
Sent: Wed 12/17/2008 1:36 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on loading packets using command lineoptions



Hi,

Once instance of Wireshark can only load one capture file at a time...
hence the behaviour you are seeing. If you want to load multiple
captures in one go, you will probably want to either use mergecap or
start multiple instances of WS.

HTH
Abhik

On Wed, Dec 17, 2008 at 10:40 AM,   wrote:
> Hi all,
>
> When i tried to load the packets which i captured as
>  $ wireshark -r packet1.pacp it has loaded me properly.
> But when i tried
> $ wireshark -r packet1.cap -r packet2.cap
> only second packet(packet2.cap) got loaded and not packet1.cap.
>
> Could  any one please say me how to load two packets one after other using
> command line options.
> Please say me wheather we can load simultaneously one packet after the other
> using command line options.
>
> Thanks in advance,
>
> regards,
> Atdev.
>
> Please do not print this email unless it is absolutely necessary.
>
> The information contained in this electronic message and any attachments to
> this message are intended for the exclusive use of the addressee(s) and may
> contain proprietary, confidential or privileged information. If you are not
> the intended recipient, you should not disseminate, distribute or copy this
> e-mail. Please notify the sender immediately and destroy all copies of this
> message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient should
> check this email and any attachments for the presence of viruses. The
> company accepts no liability for any damage caused by any virus transmitted
> by this email.
>
> www.wipro.com
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com
<>___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Query on loading packets using command line options

2008-12-17 Thread Abhik Sarkar 
Hi,

Once instance of Wireshark can only load one capture file at a time...
hence the behaviour you are seeing. If you want to load multiple
captures in one go, you will probably want to either use mergecap or
start multiple instances of WS.

HTH
Abhik

On Wed, Dec 17, 2008 at 10:40 AM,   wrote:
> Hi all,
>
> When i tried to load the packets which i captured as
>  $ wireshark -r packet1.pacp it has loaded me properly.
> But when i tried
> $ wireshark -r packet1.cap -r packet2.cap
> only second packet(packet2.cap) got loaded and not packet1.cap.
>
> Could  any one please say me how to load two packets one after other using
> command line options.
> Please say me wheather we can load simultaneously one packet after the other
> using command line options.
>
> Thanks in advance,
>
> regards,
> Atdev.
>
> Please do not print this email unless it is absolutely necessary.
>
> The information contained in this electronic message and any attachments to
> this message are intended for the exclusive use of the addressee(s) and may
> contain proprietary, confidential or privileged information. If you are not
> the intended recipient, you should not disseminate, distribute or copy this
> e-mail. Please notify the sender immediately and destroy all copies of this
> message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient should
> check this email and any attachments for the presence of viruses. The
> company accepts no liability for any damage caused by any virus transmitted
> by this email.
>
> www.wipro.com
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query on loading packets using command line options

2008-12-16 Thread atdev.queries 
Hi all,

When i tried to load the packets which i captured as
 $ wireshark -r packet1.pacp it has loaded me properly.
But when i tried
$ wireshark -r packet1.cap -r packet2.cap
only second packet(packet2.cap) got loaded and not packet1.cap.

Could  any one please say me how to load two packets one after other using 
command line options.
Please say me wheather we can load simultaneously one packet after the other 
using command line options.

Thanks in advance,

regards,
Atdev.

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Query regarding MAPI

2008-11-05 Thread prashanth s 
Hi all,

Pls any one could tell me what does a MAPI stub data contain? What is MAPI
Stub data used for?

Regards,
Prashanth
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on HTTP

2008-10-24 Thread prashanth s 
Hi Abhik,

thanks very much for the reply.
N A very happy diwali to u and all the wireshark group :)

Regards,
Prashanth

On Tue, Oct 21, 2008 at 8:20 PM, Abhik Sarkar <[EMAIL PROTECTED]>wrote:

> Perhaps netcat (http://m.nu/program/util/netcat/netcat.html) is of some
> help.
>
> On Tue, Oct 21, 2008 at 2:43 PM, prashanth joshi
> <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I need to test HTTP for such commands as PUT, GET, DELETE, POST,LOGIN,
> > CONNECT.
> > How do I do this? I did a little search and thought telnet could be used
> to
> > test http. However I could not find any suitable information on testing
> > HTTP.
> > I am afraid this is not the right forum for a question on HTTP. But I
> could
> > not get any mailing list on HTTP. So i am posting the same here. If any
> body
> > of u could help me with the solution, I would be greatefull to u.
> >
> > Regards,
> > Prashanth
> >
> >
> >
> >
> > ___
> > Wireshark-dev mailing list
> > Wireshark-dev@wireshark.org
> > https://wireshark.org/mailman/listinfo/wireshark-dev
> >
> >
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on HTTP

2008-10-21 Thread Abhik Sarkar 
Perhaps netcat (http://m.nu/program/util/netcat/netcat.html) is of some help.

On Tue, Oct 21, 2008 at 2:43 PM, prashanth joshi
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> I need to test HTTP for such commands as PUT, GET, DELETE, POST,LOGIN,
> CONNECT.
> How do I do this? I did a little search and thought telnet could be used to
> test http. However I could not find any suitable information on testing
> HTTP.
> I am afraid this is not the right forum for a question on HTTP. But I could
> not get any mailing list on HTTP. So i am posting the same here. If any body
> of u could help me with the solution, I would be greatefull to u.
>
> Regards,
> Prashanth
>
>
>
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Query on HTTP

2008-10-21 Thread prashanth joshi 
Hi,

I need to test HTTP for such commands as PUT, GET, DELETE, POST,LOGIN, CONNECT.
How do I do this? I did a little search and thought telnet could be used to 
test http. However I could not find any suitable information on testing HTTP.
I am afraid this is not the right forum for a question on HTTP. But I
could not get any mailing list on HTTP. So i am posting the same here.
If any body of u could help me with the solution, I would be greatefull
to u.

Regards,
Prashanth





  ___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Guy Harris 

On Jul 3, 2008, at 2:43 PM, Kumar, Hemant wrote:

> What I want to know is that whether such a tree like structure which  
> appears in the details pane is possible in the Filter Expression  
> Dialog Box?
> And I don't want to register fields like tcp.flags.syn rather  
> register them individually i.e. register flags separately, syn  
> separately and let the wireshark make the filter expression  
> depending upon the selection in the Filter expression dialog box.

That's not possible, and there's no workaround.  You have to give  
fields their full name.  If you have several message types with a  
"flags" field, *and* that "flags" field is the same in all those  
message types, you could register a "proto.flags" field, and  
"proto.flags.XXX" fields for the flags in the "flags" field.

As per my earlier mail, displaying the field list as a multi-level  
tree could be done without that.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Kumar, Hemant 
Hello

Thanks!!
Yes I completely agree with you but tcp.flags.syn appears because we have 
already registered a field with the name tcp.flags.syn.

What I want to know is that whether such a tree like structure which appears in 
the details pane is possible in the Filter Expression Dialog Box?
And I don't want to register fields like tcp.flags.syn rather register them 
individually i.e. register flags separately, syn separately and let the 
wireshark make the filter expression depending upon the selection in the Filter 
expression dialog box.

I guess this has not been implemented for Filter Expression Box, but still I 
wanted to know if it is possible to work around.

Thanks
Hemant


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar
Sent: Thursday, July 03, 2008 1:36 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Isn't _something_ like what you want already present. I agree it is
not _exactly_ the same, but it is very similar. Taking your example of
the TCP protocol:
- Select any frame.
- In the Packet Details pane
 - click + to expand the TCP protocol
 - click + to expand the Flags.
- Select a flag of your choice (e.g. SYN)
- Right-click and choose "Prepare a filter > Selected", and
""tcp.flags.syn == X" appears in the display filter field!

Regards,
Abhik.

On Thu, Jul 3, 2008 at 11:09 PM, Kumar, Hemant <[EMAIL PROTECTED]> wrote:
> So that if user wants to select fetch all the messages having subfield == X
>
> He should go in the expression window and not put Protocol.Field.subfield ==
> X, but rather just go on hitting on the + buttons and the subtree should
> appear below it and he can set the parameter for that field and the
> wireshark will automatically form the expression based on the user selction
> of trees and subtrees so basically I don't want to put
>
>
>
> Protocol.Field.subfield beforehand in the expression window but rather just
> firstly just Protocol will appear then on hitting + for protocol, Field will
> apper and then on hittin + for Field subfield should appear and then user
> can set subfield == x and in the expression bar, automatically wireshark
> will put the expression Protocol.Field.subfield.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Abhik Sarkar 
Isn't _something_ like what you want already present. I agree it is
not _exactly_ the same, but it is very similar. Taking your example of
the TCP protocol:
- Select any frame.
- In the Packet Details pane
 - click + to expand the TCP protocol
 - click + to expand the Flags.
- Select a flag of your choice (e.g. SYN)
- Right-click and choose "Prepare a filter > Selected", and
""tcp.flags.syn == X" appears in the display filter field!

Regards,
Abhik.

On Thu, Jul 3, 2008 at 11:09 PM, Kumar, Hemant <[EMAIL PROTECTED]> wrote:
> So that if user wants to select fetch all the messages having subfield == X
>
> He should go in the expression window and not put Protocol.Field.subfield ==
> X, but rather just go on hitting on the + buttons and the subtree should
> appear below it and he can set the parameter for that field and the
> wireshark will automatically form the expression based on the user selction
> of trees and subtrees so basically I don't want to put
>
>
>
> Protocol.Field.subfield beforehand in the expression window but rather just
> firstly just Protocol will appear then on hitting + for protocol, Field will
> apper and then on hittin + for Field subfield should appear and then user
> can set subfield == x and in the expression bar, automatically wireshark
> will put the expression Protocol.Field.subfield.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Guy Harris 
Kumar, Hemant wrote:

> But what I am actually looking for is when the user goes for setting
> subfields type so as to filter messages of his interest, he should
> see a  tree structure with subfields beneath the main field.
> 
> That is for example for tcp it should not appear as
> Tcp.flags.cwr
> Tcp.flags.ecn
> Tcp.flags.urg
> Tcp.flags.ack and so on rather it should appear as
> 
> Tcp+
> Flags+
> cwr
> ecn
> urg
>   ack
> 
> By clicking on the + the subtree should appear

"Appear" where?  Presumably not in the protocol tree, because that's how 
it *does* appear there.  It sounds as if you mean in the "Filter 
Expression" dialog box.

> So I don't want to register fields like ged125.service_control rather
> just register Service control which is going to be common to several
> other messages separately and then relate it to those messages in the
> dissect_function()while feeding the information from tvb_buffer in to
> the field. Ofcourse , this is possible but then in the expression window
> simply appears service_control and ged125+
> Service_control.
> 
> Please shed some light on this aspect whether it is possible to this is 
> wireshark.

It's not.

We could probably have the code that constructs the tree view in the 
"Filter Expression" dialog box check, if there's a field 
"foo.bar.bletch", whether there's a "foo.bar" field, and, if so, put 
"foo.bar.bletch" into a tree under "foo.bar" rather than at the top level.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Jeff Morriss 


Kumar, Hemant wrote:
> Thanks Martin and Abhik!! For the replies.
> 
> But what I am actually looking for is when the user goes for setting 
> subfields type so as to filter messages of his interest, he should see a tree 
> structure with subfields beneath the main field.
> 
> That is for example for tcp it should not appear as
> Tcp.flags.cwr
> Tcp.flags.ecn
> Tcp.flags.urg
> Tcp.flags.ack and so on rather it should appear as
> 
> Tcp+
> Flags+
> cwr
> ecn
> urg
>   ack
> 
> By clicking on the + the subtree should appear

That's not (currently) possible in the Expression UI.

> So I don't want to register fields like ged125.service_control rather
> Just register Service control which is going to be common to several other 
> messages separately and then relate it to those messages in the 
> dissect_function()while feeding the information from tvb_buffer in to the 
> field. Ofcourse  , this is possible but then in the expression window
> simply appears service_control and ged125+
> Service_control.
> 
> Please shed some light on this aspect whether it is possible to this is 
> wireshark.

No, you would have to create many hf_ entries, one for each message + 
parameter combination.  (Personally I think that design would constrain 
the power of the filter mechanism but I don't know what you're doing.)

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Martin Corraine (mcorrain) 
Hello Hemant,

I'm still not sure what your trying to do. I'm sorry. Are you having
trouble setting up the trees and subtrees? Or do you want to, when
searching for a particular message type, just display those trees
relating to your search? That I don't think is possible unless you add
more code. Wireshark won't just do that automatically. 

martin

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kumar, Hemant
Sent: Thursday, July 03, 2008 1:31 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Thanks Martin and Abhik!! For the replies.

But what I am actually looking for is when the user goes for setting
subfields type so as to filter messages of his interest, he should see a
tree structure with subfields beneath the main field.

That is for example for tcp it should not appear as Tcp.flags.cwr
Tcp.flags.ecn Tcp.flags.urg Tcp.flags.ack and so on rather it should
appear as

Tcp+
Flags+
cwr
ecn
urg
  ack

By clicking on the + the subtree should appear

So I don't want to register fields like ged125.service_control rather
Just register Service control which is going to be common to several
other messages separately and then relate it to those messages in the
dissect_function()while feeding the information from tvb_buffer in to
the field. Ofcourse  , this is possible but then in the expression
window simply appears service_control and ged125+
Service_control.

Please shed some light on this aspect whether it is possible to this is
wireshark.

Thanks
Hemant



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Corraine (mcorrain)
Sent: Thursday, July 03, 2008 5:28 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hello Hemant,

The ged125 protocol that I'm finishing right now has a lot of
sub-messages. I would create a field registration of this message type
that has several sub messages below it. So, for instance I can search
"ged125.service_control" for all those messages. Now, if I want to
search for a particular service control I can search by doing this
"ged125.service_control == 20". Below is the field registration. All the
various sub-types are in a value_string array. Hope this helps.

{ &hf_ged125_service_control_MessageSubvalue,
{ "Message value", "ged125.service_control", FT_UINT32,
BASE_DEC, VALS(vals_service_control_message_subvalues), 0x0,
"Sub-Service Control Message value", HFILL }}


-Martin


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar
Sent: Thursday, July 03, 2008 2:26 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hi Hemant,

As far as I know nesting of header fields is not possible... check out
epan/proto.h where the field info structures are defined. What you could
do is something like have:
hf_message_type
hf_field1
hf_field2

Then, the display filter would be "message.type==1 && field1.value==X"
or "message.type==2 && field1.value==X). You can then (in the protocol
tree) next the fields under message types by using subtrees... This is
done for the protocol I am most familiar with (SMPP) and you can check
in packet-smpp.c how the common DCS field is handled in a submit_sm and
a data_sm.

HTH
Abhik

On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <[EMAIL PROTECTED]>
wrote:
> Hello
>
>  Another query that has surfaced up while doing the design for
dissector module is , whether there is a concept of tree and subtree
while registration of the fields?
>
> Actually, I have a set of messages and all of them have a common field

> which again contains subfields. So under the current situation for 
> registration of fields
>
> I have to register the same field again and again for different 
> messages with different names like
>
>
>
> Message1.field1.field2
>
> Message2.field1.field2 and so .
>
>
>
> So that in the expression window user should not get confused with a
common parameter for all the messages.
>
>
>
> Is there any way out so that in the expression window when the user
wants to set some parameter for field2 so as to collect only message 1 ,
he should be able to see a tree under message1 and and then again a
subtree for field1 ,whose branch contains a set of parameters including
field2  and so on and appropriately set the required parameter for a
particular message.
>
> If there is a way out then I will be able to share a common dissect 
> function for a particular field tyoe across all the messages otherwise

> I have to register
>
> Cus

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Kumar, Hemant 
Thanks Martin and Abhik!! For the replies.

But what I am actually looking for is when the user goes for setting subfields 
type so as to filter messages of his interest, he should see a tree structure 
with subfields beneath the main field.

That is for example for tcp it should not appear as
Tcp.flags.cwr
Tcp.flags.ecn
Tcp.flags.urg
Tcp.flags.ack and so on rather it should appear as

Tcp+
Flags+
cwr
ecn
urg
  ack

By clicking on the + the subtree should appear

So I don't want to register fields like ged125.service_control rather
Just register Service control which is going to be common to several other 
messages separately and then relate it to those messages in the 
dissect_function()while feeding the information from tvb_buffer in to the 
field. Ofcourse  , this is possible but then in the expression window
simply appears service_control and ged125+
Service_control.

Please shed some light on this aspect whether it is possible to this is 
wireshark.

Thanks
Hemant



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Corraine 
(mcorrain)
Sent: Thursday, July 03, 2008 5:28 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hello Hemant,

The ged125 protocol that I'm finishing right now has a lot of
sub-messages. I would create a field registration of this message type
that has several sub messages below it. So, for instance I can search
"ged125.service_control" for all those messages. Now, if I want to
search for a particular service control I can search by doing this
"ged125.service_control == 20". Below is the field registration. All the
various sub-types are in a value_string array. Hope this helps.

{ &hf_ged125_service_control_MessageSubvalue,
{ "Message value", "ged125.service_control", FT_UINT32,
BASE_DEC,
VALS(vals_service_control_message_subvalues), 0x0,
"Sub-Service Control Message value", HFILL }}


-Martin


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar
Sent: Thursday, July 03, 2008 2:26 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hi Hemant,

As far as I know nesting of header fields is not possible... check out
epan/proto.h where the field info structures are defined. What you could
do is something like have:
hf_message_type
hf_field1
hf_field2

Then, the display filter would be "message.type==1 && field1.value==X"
or "message.type==2 && field1.value==X). You can then (in the protocol
tree) next the fields under message types by using subtrees... This is
done for the protocol I am most familiar with (SMPP) and you can check
in packet-smpp.c how the common DCS field is handled in a submit_sm and
a data_sm.

HTH
Abhik

On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <[EMAIL PROTECTED]>
wrote:
> Hello
>
>  Another query that has surfaced up while doing the design for
dissector module is , whether there is a concept of tree and subtree
while registration of the fields?
>
> Actually, I have a set of messages and all of them have a common field

> which again contains subfields. So under the current situation for
> registration of fields
>
> I have to register the same field again and again for different
> messages with different names like
>
>
>
> Message1.field1.field2
>
> Message2.field1.field2 and so .
>
>
>
> So that in the expression window user should not get confused with a
common parameter for all the messages.
>
>
>
> Is there any way out so that in the expression window when the user
wants to set some parameter for field2 so as to collect only message 1 ,
he should be able to see a tree under message1 and and then again a
subtree for field1 ,whose branch contains a set of parameters including
field2  and so on and appropriately set the required parameter for a
particular message.
>
> If there is a way out then I will be able to share a common dissect
> function for a particular field tyoe across all the messages otherwise

> I have to register
>
> Customized fields for various messages and also have to write
> customized dissectors with the customized variables for particular
> message type.In this way
>
> For the same field in different messages I have to write several
instances of the same function containing different names of the fields
and subfield which are actually the one and same.
>
>
>
> Any help will be highly appreciated.
>
>
>
> Thanks
>
> Hemant
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris
> Sent: Wednesday

Re: [Wireshark-dev] Query on Field Registration

2008-07-03 Thread Martin Corraine (mcorrain) 
Hello Hemant,

The ged125 protocol that I'm finishing right now has a lot of
sub-messages. I would create a field registration of this message type
that has several sub messages below it. So, for instance I can search
"ged125.service_control" for all those messages. Now, if I want to
search for a particular service control I can search by doing this
"ged125.service_control == 20". Below is the field registration. All the
various sub-types are in a value_string array. Hope this helps.

{ &hf_ged125_service_control_MessageSubvalue,
{ "Message value", "ged125.service_control", FT_UINT32,
BASE_DEC,
VALS(vals_service_control_message_subvalues), 0x0,
"Sub-Service Control Message value", HFILL }}


-Martin


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar
Sent: Thursday, July 03, 2008 2:26 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hi Hemant,

As far as I know nesting of header fields is not possible... check out
epan/proto.h where the field info structures are defined. What you could
do is something like have:
hf_message_type
hf_field1
hf_field2

Then, the display filter would be "message.type==1 && field1.value==X"
or "message.type==2 && field1.value==X). You can then (in the protocol
tree) next the fields under message types by using subtrees... This is
done for the protocol I am most familiar with (SMPP) and you can check
in packet-smpp.c how the common DCS field is handled in a submit_sm and
a data_sm.

HTH
Abhik

On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <[EMAIL PROTECTED]>
wrote:
> Hello
>
>  Another query that has surfaced up while doing the design for
dissector module is , whether there is a concept of tree and subtree
while registration of the fields?
>
> Actually, I have a set of messages and all of them have a common field

> which again contains subfields. So under the current situation for 
> registration of fields
>
> I have to register the same field again and again for different 
> messages with different names like
>
>
>
> Message1.field1.field2
>
> Message2.field1.field2 and so .
>
>
>
> So that in the expression window user should not get confused with a
common parameter for all the messages.
>
>
>
> Is there any way out so that in the expression window when the user
wants to set some parameter for field2 so as to collect only message 1 ,
he should be able to see a tree under message1 and and then again a
subtree for field1 ,whose branch contains a set of parameters including
field2  and so on and appropriately set the required parameter for a
particular message.
>
> If there is a way out then I will be able to share a common dissect 
> function for a particular field tyoe across all the messages otherwise

> I have to register
>
> Customized fields for various messages and also have to write  
> customized dissectors with the customized variables for particular 
> message type.In this way
>
> For the same field in different messages I have to write several
instances of the same function containing different names of the fields
and subfield which are actually the one and same.
>
>
>
> Any help will be highly appreciated.
>
>
>
> Thanks
>
> Hemant
>
>
> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris
> Sent: Wednesday, July 02, 2008 11:09 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Query on Field Registration
>
> Kumar, Hemant wrote:
>
>> I just wanted to put up one query regarding field registration in 
>> packet-xx.c .Is there any limit on the number of fields which we can 
>> register?
>
> No.
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> https://wireshark.org/mailman/listinfo/wireshark-dev
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-02 Thread Abhik Sarkar 
Hi Hemant,

As far as I know nesting of header fields is not possible... check out
epan/proto.h where the field info structures are defined. What you
could do is something like have:
hf_message_type
hf_field1
hf_field2

Then, the display filter would be "message.type==1 && field1.value==X"
or "message.type==2 && field1.value==X). You can then (in the protocol
tree) next the fields under message types by using subtrees... This is
done for the protocol I am most familiar with (SMPP) and you can check
in packet-smpp.c how the common DCS field is handled in a submit_sm
and a data_sm.

HTH
Abhik

On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <[EMAIL PROTECTED]> wrote:
> Hello
>
>  Another query that has surfaced up while doing the design for dissector 
> module is , whether there is a concept of tree and subtree while registration 
> of the fields?
>
> Actually, I have a set of messages and all of them have a common field which 
> again contains subfields. So under the current situation for registration of 
> fields
>
> I have to register the same field again and again for different messages with 
> different names like
>
>
>
> Message1.field1.field2
>
> Message2.field1.field2 and so .
>
>
>
> So that in the expression window user should not get confused with a common 
> parameter for all the messages.
>
>
>
> Is there any way out so that in the expression window when the user wants to 
> set some parameter for field2 so as to collect only message 1 , he should be 
> able to see a tree under message1 and and then again a subtree for field1 
> ,whose branch contains a set of parameters including field2  and so on and 
> appropriately set the required parameter for a particular message.
>
> If there is a way out then I will be able to share a common dissect function 
> for a particular field tyoe across all the messages otherwise I have to 
> register
>
> Customized fields for various messages and also have to write  customized 
> dissectors with the customized variables for particular message type.In this 
> way
>
> For the same field in different messages I have to write several instances of 
> the same function containing different names of the fields and subfield which 
> are actually the one and same.
>
>
>
> Any help will be highly appreciated.
>
>
>
> Thanks
>
> Hemant
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris
> Sent: Wednesday, July 02, 2008 11:09 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Query on Field Registration
>
> Kumar, Hemant wrote:
>
>> I just wanted to put up one query regarding field registration in
>> packet-xx.c .Is there any limit on the number of fields which we can
>> register?
>
> No.
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> https://wireshark.org/mailman/listinfo/wireshark-dev
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-02 Thread Kumar, Hemant 
Hello

 Another query that has surfaced up while doing the design for dissector module 
is , whether there is a concept of tree and subtree while registration of the 
fields?

Actually, I have a set of messages and all of them have a common field which 
again contains subfields. So under the current situation for registration of 
fields

I have to register the same field again and again for different messages with 
different names like



Message1.field1.field2

Message2.field1.field2 and so .



So that in the expression window user should not get confused with a common 
parameter for all the messages.



Is there any way out so that in the expression window when the user wants to 
set some parameter for field2 so as to collect only message 1 , he should be 
able to see a tree under message1 and and then again a subtree for field1 
,whose branch contains a set of parameters including field2  and so on and 
appropriately set the required parameter for a particular message.

If there is a way out then I will be able to share a common dissect function 
for a particular field tyoe across all the messages otherwise I have to register

Customized fields for various messages and also have to write  customized 
dissectors with the customized variables for particular message type.In this way

For the same field in different messages I have to write several instances of 
the same function containing different names of the fields and subfield which 
are actually the one and same.



Any help will be highly appreciated.



Thanks

Hemant


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris
Sent: Wednesday, July 02, 2008 11:09 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Kumar, Hemant wrote:

> I just wanted to put up one query regarding field registration in
> packet-xx.c .Is there any limit on the number of fields which we can
> register?

No.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query on Field Registration

2008-07-02 Thread Guy Harris 
Kumar, Hemant wrote:

> I just wanted to put up one query regarding field registration in 
> packet-xx.c .Is there any limit on the number of fields which we can 
> register?

No.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Query on Field Registration

2008-07-02 Thread Kumar, Hemant 
Hello

I just wanted to put up one query regarding field registration in packet-xx.c 
.Is there any limit on the number of fields which we can register?
As I am writing a dissector module for 30+ interfaces and a lot of messages 
have common fields and so to distinguish them I have to write 4-5 instances for 
the same
Field which occurs in different messages spread across different interfaces.

Awaiting a quick response as this will decide my design.

Thanks in advance
Hemant Kumar
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query related to versions in moduleinfo.h and moduleinfo.nmake

2008-02-27 Thread A Verma 
Hi,
Thanks Jaap!

2 things:
1. If I am doing everything correctly why do I get these errors: :-(
2. I tried doing a make all after I gave nothing againts the
MODULE_VERSION_EXTRA, like this:
MODULE_VERSION_EXTRA=
I got 2 errors then.

Can you pls let me know how to correct point 1.

Thanks!
regards,
Ashna

On 2/28/08, Jaap Keuter <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> These two files are related. They both convey version information
> to the user. The contents of moduleinfo.h is expressed through the
> Wireshark about dialog, on the plugins tab, while the contents of
> moduleinfo.nmake is expressed through the Windows resource mechanism.
>
> The format is MAJOR.MINOR.MICRO.EXTRA.
>
> Since the VERSION string is a string EXTRA can be void.
>
> MODULE_VERSION_* is an unsigned integer so has to be set to a value.
> therefore MODULE_VERSION_EXTRA is normally set to 0. They way you set
> them is correct.
>
> You should keep them synchronized manually, since we have not devised
> a way to do this automatically.
>
> Thanx,
> Jaap
>
> A Verma wrote:
> > Hi,
> > I have a query. I am making a dll called yyy.dll.
> >
> > Now in the folder c:\wireshark\plugins\yyy there are 2 files:
> > 1. moduleinfo.h
> > 2. moduleinfo.nmake
> >
> > Is there any relation between the version in
> > "#define VERSION "0.6.5" in moduleinfo.h
> > and between
> >
> > "# The version
> > MODULE_VERSION_MAJOR=0
> > MODULE_VERSION_MINOR=6
> > MODULE_VERSION_MICRO=5
> > MODULE_VERSION_EXTRA=0" in moduleinfo.nmake?
> >
> > I have tried to keep them the same. I am doing correctly?
> >
> > Or should i have done:
> > "# The version
> > MODULE_VERSION_MAJOR=0
> > MODULE_VERSION_MINOR=0
> > MODULE_VERSION_MICRO=6
> > MODULE_VERSION_EXTRA=5" ?
> >
> > Pls suggest me. Thanks so much!
> > regards,
> > Ash
> >
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query related to versions in moduleinfo.h and moduleinfo.nmake

2008-02-27 Thread Jaap Keuter 
Hi,

These two files are related. They both convey version information
to the user. The contents of moduleinfo.h is expressed through the
Wireshark about dialog, on the plugins tab, while the contents of
moduleinfo.nmake is expressed through the Windows resource mechanism.

The format is MAJOR.MINOR.MICRO.EXTRA.

Since the VERSION string is a string EXTRA can be void.

MODULE_VERSION_* is an unsigned integer so has to be set to a value.
therefore MODULE_VERSION_EXTRA is normally set to 0. They way you set
them is correct.

You should keep them synchronized manually, since we have not devised
a way to do this automatically.

Thanx,
Jaap

A Verma wrote:
> Hi,
> I have a query. I am making a dll called yyy.dll.
>  
> Now in the folder c:\wireshark\plugins\yyy there are 2 files:
> 1. moduleinfo.h
> 2. moduleinfo.nmake
>  
> Is there any relation between the version in
> "#define VERSION "0.6.5" in moduleinfo.h
> and between
>  
> "# The version
> MODULE_VERSION_MAJOR=0
> MODULE_VERSION_MINOR=6
> MODULE_VERSION_MICRO=5
> MODULE_VERSION_EXTRA=0" in moduleinfo.nmake?
>  
> I have tried to keep them the same. I am doing correctly?
>  
> Or should i have done:
> "# The version
> MODULE_VERSION_MAJOR=0
> MODULE_VERSION_MINOR=0
> MODULE_VERSION_MICRO=6
> MODULE_VERSION_EXTRA=5" ?
>  
> Pls suggest me. Thanks so much!
> regards,
> Ash
>  

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Query related to versions in moduleinfo.h and moduleinfo.nmake

2008-02-27 Thread A Verma 
Hi,
I have a query. I am making a dll called yyy.dll.

Now in the folder c:\wireshark\plugins\yyy there are 2 files:
1. moduleinfo.h
2. moduleinfo.nmake

Is there any relation between the version in
"#define VERSION "0.6.5" in moduleinfo.h
and between

"# The version
MODULE_VERSION_MAJOR=0
MODULE_VERSION_MINOR=6
MODULE_VERSION_MICRO=5
MODULE_VERSION_EXTRA=0" in moduleinfo.nmake?

I have tried to keep them the same. I am doing correctly?

Or should i have done:
"# The version
MODULE_VERSION_MAJOR=0
MODULE_VERSION_MINOR=0
MODULE_VERSION_MICRO=6
MODULE_VERSION_EXTRA=5" ?

Pls suggest me. Thanks so much!
regards,
Ash
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] query regarding wimax r1 interface code

2007-08-22 Thread Harvey, Michael 
The M2M-TLV and Wimax plugins are poorly documented. Hopefully this will
help:

 

Wimax is not an ethernet protocol, so it is wrapped in the "M2M-TLV"
protocol for transmission over ethernet. M2M encodes data into TLVs.

 

The Wimax MAC assembles PDUs into "bursts" for transmission. These
bursts are carried intact onto the M2M protocol. Since burst length may
exceed ethernet frame length, the TLVs may be fragmented.

 

M2M TLVs and fragments are entirely separate from Wimax TLVs and PDU
fragmentation. The M2M dissector identifies "wimax pdu burst" TLVs,
reassembles them if fragmented, and passes the entire burst to the Wimax
dissector. Thus the Wimax dissector receives a burst that is identical
to what is passed between the Wimax MAC and PHY.

 

The Wimax dissector is completely independent of any concept of
Ethernet. It is designed to be called as a secondary dissector from some
other protocol. You could replace M2M with anything.

 

DISSECTOR REGISTRATION

 

plugins/m2m/packet-m2m.c : proto_register_protocol()

plugins/m2m/packet-m2m.c : proto_reg_handoff_m2m()

 

  registers M2M as an ethernet protocol

 

plugins/wimax/packet-wimax.c : proto_register_wimax()

plugins/wimax/wimax_pdu_decoder.c : proto_register_wimax_pdu()

 

  registers the Wimax dissector as a "utility" protocol

  Wimax dissector is only invoked by other dissectors

 

DECODING

 

[wireshark]

 

  wireshark grabs an ethernet frame, and sees that an M2M dissector is
registered to handle it

 

plugins/m2m/packet-m2m.c : dissect_m2m()

 

  separates M2M packet into TLVs, looks for "wimax pdu burst tlv"

 

plugins/m2m/packet-m2m.c : pdu_burst_decoder()

 

  displays tlv info on wireshark tree

  reassembles fragmented burst-tlvs

  finds wimax dissector and calls it with reassembled burst-tlv:

wimax_pdu_burst_handle = find_dissector("wimax_pdu_burst_handler");

call_dissector(wimax_pdu_burst_handle, pdu_tvb, pinfo, tree);

  (invokes dissect_wimax_pdu_decoder())

 

plugins/wimax/wimax_pdu_decoder.c : dissect_wimax_pdu_decoder()

 

  separates a burst into individual PDUs and/or padding

  classifies PDU types as bandwidth req, signaling, or data

  sends data PDUs to dissect_mac_header_generic_decoder()

 

plugins/wimax/mac_hd_generic_decoder.c :
dissect_mac_header_generic_decoder()

 

  handles mac pdus: packing, fragmentation, subheaders, CRC

  if pdu has payload, classifies pdu as mgmt or data based on CID value

(mgmt cid range is configurable in GUI as a property of the wimax
dissector)

  if pdu is determined to be a mgmt message, passes it to
dissect_mac_mgmt_msg_decoder()

 

plugins/wimax/mac_mgmt_msg_decoder.c : dissect_mac_mgmt_msg_decoder()

 

  determines mgmt message type and calls appropriate decoder function

 

 

NOTES

 

With the exceptions of dissect_m2m() and dissect_wimax_pdu_decoder(),
functions are invoked directly, not via call_dissector().

 

Originally this was implemented with each management message being
registered as a separate dissector for flexibility, and they
communicated using call_dissector(). We changed this to direct function
calls because it made filtering awkward, as all the filter IDs were
scattered around. Treating Wimax as a single monolithic dissector kept
the filter IDs grouped together for easy reference.

 

You may see "proto_register_xxx()" functions scattered throughout the
mgmt message decoder files. I'm not sure whether these are being
called/registered or not, but I know they aren't being used. Anyway it
could be confusing.

 

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] query regarding wimax r1 interface code

2007-08-21 Thread Amit Paliwal 
Hi Everyone,

I was going through the code of R1 interface but i am finding it hard to 
get a cryatal clear picture of how it works. Can anyone please explain 
with example, like say we receive RNG_REQ Message than which functions are 
called. 

Like first of all dissect_wimax() will be called and so on and where are 
we parsing the header.

mac_mgmt_msg_decoder.c file contains decoder for all messages but how and 
when it is called is not clear.

please help me out.

_
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query Regrading collection of data packets

2007-08-18 Thread Abhik Sarkar 
Apologies... the link in the earlier mail was from the user guide.
This is the link from the developer's guide:
http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html

On 8/18/07, Abhik Sarkar <[EMAIL PROTECTED]> wrote:
> Hi Vaibhav,
>
> I believe the reassembly section of the developer's guide might give
> you some hints:
> http://www.wireshark.org/docs/wsug_html_chunked/ChAdvReassemblySection.html
>
> For examples, you can check out
> - packet-smpp and packet-gsm_sms_ud. In these, data from multiple SMPP
> PDUs are passed to the GSM SMS UD dissector to form one SMS
> - packet-syslog and packet-mtp3. In this the data is not from multiple
> syslog packets, but it has a simple example of one dissector passing
> data to another dissector in a new tvb.
>
> Hope this helps
> Abhik.
>
>
> On 18-Aug-2007 14:56:03 ZE5B, [EMAIL PROTECTED]
> <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >
> >
> > Hi,
> >
> > This is possible if I want to collect 2 or more previous  data packets and
> > sent it to some other dissector in tvb format.
> >
> >
> >
> > Thanks & Regards,
> > Vaibhav
> >
> > ***  Aricent-Unclassified   ***
> >
> > "DISCLAIMER: This message is proprietary to Aricent  and is intended solely
> > for the use of
> > the individual to whom it is addressed. It may contain privileged or
> > confidential information and should not be
> > circulated or used for any purpose other than for what it is intended. If
> > you have received this message in error,
> > please notify the originator immediately. If you are not the intended
> > recipient, you are notified that you are strictly
> > prohibited from using, copying, altering, or disclosing the contents of
> > this message. Aricent accepts no responsibility for
> > loss or damage arising from the use of the information transmitted by this
> > email including damage from virus."
> >
> >
> >
> > ___
> > Wireshark-dev mailing list
> > Wireshark-dev@wireshark.org
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query Regrading collection of data packets

2007-08-18 Thread Abhik Sarkar 
Hi Vaibhav,

I believe the reassembly section of the developer's guide might give
you some hints:
http://www.wireshark.org/docs/wsug_html_chunked/ChAdvReassemblySection.html

For examples, you can check out
- packet-smpp and packet-gsm_sms_ud. In these, data from multiple SMPP
PDUs are passed to the GSM SMS UD dissector to form one SMS
- packet-syslog and packet-mtp3. In this the data is not from multiple
syslog packets, but it has a simple example of one dissector passing
data to another dissector in a new tvb.

Hope this helps
Abhik.


On 18-Aug-2007 14:56:03 ZE5B, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
>
>
>
>
> Hi,
>
> This is possible if I want to collect 2 or more previous  data packets and
> sent it to some other dissector in tvb format.
>
>
>
> Thanks & Regards,
> Vaibhav
>
> ***  Aricent-Unclassified   ***
>
> "DISCLAIMER: This message is proprietary to Aricent  and is intended solely
> for the use of
> the individual to whom it is addressed. It may contain privileged or
> confidential information and should not be
> circulated or used for any purpose other than for what it is intended. If
> you have received this message in error,
> please notify the originator immediately. If you are not the intended
> recipient, you are notified that you are strictly
> prohibited from using, copying, altering, or disclosing the contents of
> this message. Aricent accepts no responsibility for
> loss or damage arising from the use of the information transmitted by this
> email including damage from virus."
>
>
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Query Regrading collection of data packets

2007-08-18 Thread vaibhav . agarwal 





Hi,

This is possible if I want to collect 2 or more previous  data packets and
sent it to some other dissector in tvb format.



Thanks & Regards,
Vaibhav

***  Aricent-Unclassified   ***

"DISCLAIMER: This message is proprietary to Aricent  and is intended solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query regrading removing header

2007-08-16 Thread Martin Mathieson 
On 16-Aug-2007 18:47:37 ZE5B, [EMAIL PROTECTED] <
[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> If I have frame like for eg:-
>
> 45 60 76 87 23 97 00
>
> Now in this frame starting 2 bit is header of one dissector now I want to
> pass that frame to other dissector after removing the haeder.
> If i change the tvb then header remove in form of bytes not in bits.
>
> Please tell How to pass the frame to other dissector after removing the 2
> bits from the frame or how to set the tvb then next dissector only read
> the
> frame after 2 bits.
>
>
> Thanks & Regards,
> Vaibhav



If you really want a new tvb with just those bits, you'd need to:
- allocate a new buffer to hold the data
- copy in the data, shifted along by 2 bits
- pass your new tvb to the subdissector

I'm not checking the spec here, but if you're talking about handing off FP
Transport blocks to a new MAC dissector:
- DCH TBs are byte-aligned
- HSDPA frames are always 4 bits into a byte because of padding
- for EDCH the TSN begins always at the 3rd bit (the FP dissector currently
already handles this field)

i.e. can't the MAC dissector work out which offset to look at if you must
pass the tvb with the original byte alignment?

Martin
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query regrading removing header

2007-08-16 Thread Abhik Sarkar 
I doubt you make a dissector remove only 2 bits from a buffer, but you
might be able to use a combination of bitfields and bitmasks to either
read only the first two bits or ignore them.

PS: Do I understand correctly that you have a dissector which only
dissects two bits? Sounds strange, though I am sure I misunderstood
you.

On 16-Aug-2007 18:47:37 ZE5B, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
>
>
>
>
> Hi,
>
> If I have frame like for eg:-
>
> 45 60 76 87 23 97 00
>
> Now in this frame starting 2 bit is header of one dissector now I want to
> pass that frame to other dissector after removing the haeder.
> If i change the tvb then header remove in form of bytes not in bits.
>
> Please tell How to pass the frame to other dissector after removing the 2
> bits from the frame or how to set the tvb then next dissector only read the
> frame after 2 bits.
>
>
> Thanks & Regards,
> Vaibhav
>
> ***  Aricent-Unclassified   ***
>
> "DISCLAIMER: This message is proprietary to Aricent  and is intended solely
> for the use of
> the individual to whom it is addressed. It may contain privileged or
> confidential information and should not be
> circulated or used for any purpose other than for what it is intended. If
> you have received this message in error,
> please notify the originator immediately. If you are not the intended
> recipient, you are notified that you are strictly
> prohibited from using, copying, altering, or disclosing the contents of
> this message. Aricent accepts no responsibility for
> loss or damage arising from the use of the information transmitted by this
> email including damage from virus."
>
>
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Query regrading removing header

2007-08-16 Thread vaibhav . agarwal 





Hi,

If I have frame like for eg:-

45 60 76 87 23 97 00

Now in this frame starting 2 bit is header of one dissector now I want to
pass that frame to other dissector after removing the haeder.
If i change the tvb then header remove in form of bytes not in bits.

Please tell How to pass the frame to other dissector after removing the 2
bits from the frame or how to set the tvb then next dissector only read the
frame after 2 bits.


Thanks & Regards,
Vaibhav

***  Aricent-Unclassified   ***

"DISCLAIMER: This message is proprietary to Aricent  and is intended solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query regrading RRC decoder

2007-08-16 Thread Anders Broman (AL/EAB) 
Hi,
The RRC dissector is kind of standalone now and only called for some RRC
messages tunneled in GSM MAP
(I think it was) but can be called by name from any other dissector.

I don't have any deeper knowledge of the GSM/UMTS protocol stack on the
Iu(?) interfaces.
From your previous posts I guess that you want to decode those messages
sent over UDP
Are those messages generated by a trace tool or some Nokia proprietary
solution or specified by
3GPP in some spec (which?).

Again from previous post it sounded like those messages are
UDP/FP/MAC/RRC?

Wireshark can't decode these messages without code changes.

If you would want to atempt those code changes  from Martin's post I
infer that the
FP part could be dissected by the UMTS FP dissector(I forgot the name of
the file) providing
Some additional information was given to the dissector by preferences or
a intermediate
Dissector for the UDP trace or transport format used by your
application.

I don't think we have a MAC (3GPP spec ref?) dissector so one have to be
written.
Some one mentioned that this layer may be Encrypted. Is that the case
for your trace?
If so you might have to add decryption to get to RRC.

It would be easier to anser your questions given some more background.
Reagrds
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 16 augusti 2007 11:52
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Query regrading RRC decoder






Hi,

wireshark 0.99.6 have a RRC decoder but I want to know RRC decoder how
to work.
Means, RRC seating over which protocol.
If I wants to RRC over FP it is possible or not.


Thanks & Regards,
Vaibhav

***  Aricent-Unclassified   ***

"DISCLAIMER: This message is proprietary to Aricent  and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Query regrading RRC decoder

2007-08-15 Thread vaibhav . agarwal 





Hi,

wireshark 0.99.6 have a RRC decoder but I want to know RRC decoder how to
work.
Means, RRC seating over which protocol.
If I wants to RRC over FP it is possible or not.


Thanks & Regards,
Vaibhav

***  Aricent-Unclassified   ***

"DISCLAIMER: This message is proprietary to Aricent  and is intended solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query Regarding debugging

2007-08-13 Thread Luis EG Ontanon 
On windows NULL and invalid-pointer dereferences take you to
packet-frame.c:312 where it shows the exception in the tree and keeps
going.

On *nix it just crashes.

On the other hand on win on some THROWS cause crashes as __except pops
the sigjmp  stack and then the END_TRY calls except_pop() on an empty
stack.

I been wandering and attempting various solutions without success for
this "bug on a bug handler".


On 8/13/07, Richard van der Hoff <[EMAIL PROTECTED]> wrote:
> Luis EG Ontanon wrote:
> > putting some printfs is possible (there are some issues on why you
> > might want to avoid it during protocol registration) but the Access
> > Violation is probably due to a NULL or ivalid pointer passed to
> > printf.
>
> [Dissector bug...] implies a wireshark-internal exception, does it not?
> (As opposed to a segfault.)
>
> Most likely thing is that it's not the printf at all, but a tvb_*
> function you are also calling, with bad arguments.
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Propertarianism joined to capitalist vigor destroyed meaningful
commercial competition, but when it came to making good software,
anarchism won.
-- Eben Moglen
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query Regarding debugging

2007-08-13 Thread Richard van der Hoff 
Luis EG Ontanon wrote:
> putting some printfs is possible (there are some issues on why you
> might want to avoid it during protocol registration) but the Access
> Violation is probably due to a NULL or ivalid pointer passed to
> printf.

[Dissector bug...] implies a wireshark-internal exception, does it not? 
(As opposed to a segfault.)

Most likely thing is that it's not the printf at all, but a tvb_* 
function you are also calling, with bad arguments.

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query Regarding debugging

2007-08-13 Thread Graham Bloice 
[EMAIL PROTECTED] wrote:
> 
> 
> 
> Hi,
> 
> If I want put some printf in c file, it is possible or not.
> because I have changed in packet_umts_fp.c, after changing the file  it
> gives error at the time of decoding.
> [Dissector bug, protocol FP: STATUS_ACCESS_VIOLATION: dissector accessed an
> invalid memory address]
> 

If you are running under win32, run it under the VS debugger:

1.  Start WS.
2.  In VS, choose either Build | Start Debug | Attach To Process (VC 6) or
Tools | Attach To Process (VS2005) and select the WS process.
3.  Open your capture, when exception is hit, you will enter the VS debugger.
4.  When prompted, point VS at your source file location.

-- 
Regards,

Graham Bloice
Software Developer
Trihedral UK Limited
Tel: +44 (0)1224 258910
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query Regarding debugging

2007-08-13 Thread Luis EG Ontanon 
putting some printfs is possible (there are some issues on why you
might want to avoid it during protocol registration) but the Access
Violation is probably due to a NULL or ivalid pointer passed to
printf.

On 13-Aug-2007 19:28:23 ZE5B, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi,
>
> If I want put some printf in c file, it is possible or not.
> because I have changed in packet_umts_fp.c, after changing the file  it
> gives error at the time of decoding.
> [Dissector bug, protocol FP: STATUS_ACCESS_VIOLATION: dissector accessed an
> invalid memory address]
>
> please tell how to debug this problem.
>
>
> Thanks & Regards,
> Vaibhav
>
> ***  Aricent-Unclassified   ***
>
> "DISCLAIMER: This message is proprietary to Aricent  and is intended solely
> for the use of
> the individual to whom it is addressed. It may contain privileged or
> confidential information and should not be
> circulated or used for any purpose other than for what it is intended. If
> you have received this message in error,
> please notify the originator immediately. If you are not the intended
> recipient, you are notified that you are strictly
> prohibited from using, copying, altering, or disclosing the contents of
> this message. Aricent accepts no responsibility for
> loss or damage arising from the use of the information transmitted by this
> email including damage from virus."
>
>
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Propertarianism joined to capitalist vigor destroyed meaningful
commercial competition, but when it came to making good software,
anarchism won.
-- Eben Moglen
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Query Regarding debugging

2007-08-13 Thread vaibhav . agarwal 




Hi,

If I want put some printf in c file, it is possible or not.
because I have changed in packet_umts_fp.c, after changing the file  it
gives error at the time of decoding.
[Dissector bug, protocol FP: STATUS_ACCESS_VIOLATION: dissector accessed an
invalid memory address]

please tell how to debug this problem.


Thanks & Regards,
Vaibhav

***  Aricent-Unclassified   ***

"DISCLAIMER: This message is proprietary to Aricent  and is intended solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

  1   2   >