Re: [Wireshark-dev] Capture / decode 'CAN' messages ?

Hi Noel, capturing and decoding CAN messages using Wireshark would be a great help. I thought about this when I first heard about the new CAN socket implementations, unfortunately, I didn't find the time to dig deeper into this by myself. What's about you? Some things that should be considered:

[Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-ppc

The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/621 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-ppc Build Reason: Buil

[Wireshark-dev] How to do a multi-packet dissector

I am writing a Lua dissector for a streaming protocol that may spread a "record" over several TCP packets. What is a reasonable approach to take with this type of situation?? Thanks in advance. --- Bill Morita Cube 1040 503-495-9513 bill.mor...@arrisi.com ___

[Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86

The Buildbot has detected a new failure of OSX-10.5-x86 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-x86/builds/875 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-x86 Build Reason: Buil

Re: [Wireshark-dev] Need advice on modifying tvb

On Nov 24, 2009, at 11:42 AM, Beth wrote: > I am trying to rewrite an existing dissector for a proprietary > protocol that, in fact, is only a slight variation on a standard > protocol that is supported by a builtin Wireshark dissector. > > The proprietary frame begins with some special field

Re: [Wireshark-dev] How to build Wireshark 1.3.1

Julian Fielding wrote: > > Reddy Nagendra-GKTC37 wrote on Tue, 24 Nov 2009 12:26:30 +0800 > >> While Running 1.3.1 verify tools, I could not found win-setup.sh > [snip] > > That seems to be missing from wireshark-1.3.1.tar.gz. You can download > it from http://anonsvn.wireshark.org/viewvc/trunk/

Re: [Wireshark-dev] Need advice on modifying tvb

Beth wrote: > Change the builtin dissector? You sure that's not cheating? ;) > > Seriously though, that might be an option to consider - is there a way I > could turn on that setting automatically from my plugin? I would prefer > this to be a drop-in solution if possible, i.e. the end user si

Re: [Wireshark-dev] Need advice on modifying tvb

Change the builtin dissector? You sure that's not cheating? ;) Seriously though, that might be an option to consider - is there a way I could turn on that setting automatically from my plugin? I would prefer this to be a drop-in solution if possible, i.e. the end user simply drops the plugin in

Re: [Wireshark-dev] Need advice on modifying tvb

Hi, Le mardi 24 novembre 2009 à 15:05 -0500, Beth a écrit : > tvb_new_subset doesn't allow me to change the contents, does it? If > it does, then you are correct that would be the easiest way. But I > thought that tvb data was considered constant, and if you needed to > modify it then you should

Re: [Wireshark-dev] Need advice on modifying tvb

tvb_new_subset doesn't allow me to change the contents, does it? If it does, then you are correct that would be the easiest way. But I thought that tvb data was considered constant, and if you needed to modify it then you should create a new tvb. Somehow have to change that checksum of the frame

Re: [Wireshark-dev] How to show ip address by Lua in wireshark

In Lua, userdata is a different type from a string. The %s tells Wireshark to expect a string, but the ipv4() method returns a specialized format that is not necessarily printable. To print the address in the display tree, you need to find a way to convert those bytes to a string, or else find a

Re: [Wireshark-dev] Need advice on modifying tvb

Hi, What's wrong with tvb_new_subset() ? Thanks, Jaap Beth wrote: > I am trying to rewrite an existing dissector for a proprietary protocol > that, in fact, is only a slight variation on a standard protocol that is > supported by a builtin Wireshark dissector. > > The proprietary frame begins

[Wireshark-dev] Need advice on modifying tvb

I am trying to rewrite an existing dissector for a proprietary protocol that, in fact, is only a slight variation on a standard protocol that is supported by a builtin Wireshark dissector. The proprietary frame begins with some special fields, followed by a normal frame of the standard protocol BU

Re: [Wireshark-dev] How to build Wireshark 1.3.1

Reddy Nagendra-GKTC37 wrote on Tue, 24 Nov 2009 12:26:30 +0800 > While Running 1.3.1 verify tools, I could not found win-setup.sh [snip] That seems to be missing from wireshark-1.3.1.tar.gz. You can download it from http://anonsvn.wireshark.org/viewvc/trunk/tools/ I think most developers use Su

[Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86

The Buildbot has detected a new failure of OSX-10.5-x86 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-x86/builds/870 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-x86 Build Reason: Buil

Re: [Wireshark-dev] wireshark GUI vs tshark

Hi Brian, "This is my development code" is not an excuse. Cut away the crap, or structure it. "You forget to set initialized to TRUE in your handoff functions." means the in your handoff routines you have a semaphore, but you never set it to TRUE, even if the code has already executed. Next time

Re: [Wireshark-dev] wireshark GUI vs tshark

I don't have the time to examine your code but I think doc/README.developer will answer all of your questions. In particular, read all the warnings about using tvb_get_ptr() and examine the sample dissector included in the file, specifically the proto_reg_handoff_PROTOABBREV() function. But as Ja

[Wireshark-dev] Saving Voice Payload Directly from Telephony - VoIP Calls - Player Dialog

Hi Everyone, Can a Feature be added to save the Voice Payload shown in the Telephony - VoIP Calls - Player Dialog directly? Right now the only way I know how to save the Voice Payload is by going to Telephone - RTP Streams - Show All Streams - Selecting one stream - find reverse - analyze and the

Re: [Wireshark-dev] Internet Protocol: Header checksum BAD:True

http://wiki.wireshark.org/CaptureSetup/Offloading - Chris From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Rach, Darshan Sent: Tuesday, November 24, 2009 8:16 AM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Internet Protocol: He

[Wireshark-dev] Capture / decode 'CAN' messages ?

Hi all, Don't know if this is the correct wireshark-mailing-list to post my 'whish' to (but I hope it is.. as far as I could find, it should be ok). Anyone thought about capturing/decoding... 'CAN' messages ? Ref to http://en.wikipedia.org/wiki/SocketCAN Regards Noel. __

[Wireshark-dev] How to show ip address by Lua in wireshark

Hi, I tried to use Lua to parse my protocol. I just get the buffer and change it to different format in rule. I tried uint() or string() like this: datatree:add(buffer(offset, 2), "DHCP: " .. string.format("%04x", buffer(offset, 2):uint())) and it's ok. But when I tried to change the buffer to

[Wireshark-dev] Save while capturing

Hi, I'd like to save some packets without stopping the capture. It is impossible for the moment and I'd like to know why to work on that specific subject if it is allowed Thanks Yann Barilly ___ Sent via:Wireshark-dev ma