Hi,
Note when writing code for inclusion in the project you are better off working
against trunk. I would advice
To do anonymous svn checkout of trunk and add your dissector there. I would
also suggest to do a minimal basic
Dissector first put that in a bug report and have that reviewed in that w
Hi,
Some random ideas that some one with unlimited time on their hands could dig
into :-)
Seriously - I thought I'd just scribble down some things I've idly been
thinking about to see if it spurs any interest in implementing them or why it's
a bad idea.
If any one is interested in any of the ite
My link was for an svn client to retrieve the files. Your link is to see
the repository via viewvc in your browser. As as appropriate for your
needs, but as you were asking about svn revisions I thought you were
interested in the former.
From: wireshark-dev-boun...@wireshark.org
[mailto:wires
Title: Re: [Wireshark-dev] Random feature and enhancements ideas (topics for Sharkfests developers room?)
Hi Anders,
- The defined blocks are capture oriented should we define some analysis re-saving oriented ones.
- UDP/TCP/SCTP... port map similar to the NRB (think decode as)
- Read
Are you using SetEnv.cmd from the SDK? If so, there shouldn't be any need
to then call either vcvarsxxx.bat, SetEnv will do it all.
The approach, I've used for many years, is to make sure you have an SDK
installed (which has other benefits such as bug fixes, newer compilers and
libraries etc.,
Hi,
Can anyone give me thorough reference on how exactly
wireshark work while displaying packet on linux. Where do I start to get
insights of design of wireshark. What is the code flow, from which file I start
browsing the code. I will greatly help me understand wirshark existi
There are READMEs in the doc subdirectory.
README.developer is a good starting point.
Otherwise, most of the code is pretty straightforward so it shouldnt
be too hard to just read it.
On Thu, May 10, 2012 at 8:52 PM, Singh, Anand wrote:
> Hi,
>
> Can anyone give me thorough
Hi,
Can you please let me know how does it talk with raw packets.
Is it using existing TCP stack or is it directly communication with lower level
drivers like phy/Mac layer. & Where do I find that code section where we
accessing raw buffers.
Regards
Anand
-Original Message-
On Thu, May 10, 2012 at 4:28 AM, Singh, Anand wrote:
> Hi,
>Can you please let me know how does it talk with raw packets.
> Is it using existing
> TCP stack or is it directly communication with lower level drivers like
> phy/Mac layer. &
> Where do I find that code section where
On Wed, May 09, 2012 at 02:57:45PM +, Christopher Maynard wrote:
> Jakub Zawadzki writes:
>
> > There's already packet_info structure which is always private for current
> > dissection. The easiest fix would be to move all global variables
> > to packet_info structure. Anyone against it?
>
Perhaps the answer can be found in the documentation ?
On Thu, May 10, 2012 at 9:28 PM, Singh, Anand wrote:
> Hi,
> Can you please let me know how does it talk with raw packets.
> Is it using existing TCP stack or is it directly communication with lower
> level drivers like phy/
-Original Message-
From: wireshark-dev-boun...@wireshark.org
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Jakub Zawadzki
Sent: den 10 maj 2012 13:38
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Using global variables to store
dissection?information
My use of the vcvars scripts may be obsolete, I was following setup
instructions I wrote
several years ago (probably adapted from even older docs I found somewhere
online).
I'll try using just SetEnv.Cmd , thanks for the tip.
Hi folks,
I have been using the pcapng icmp2.pcapng (which seems to have an
error in each Packet Block in that the length of the packet blocks is
off by two bytes, it seems) to test my changes.
I now have Wireshark 1.7.2 (SVN Rev 42330) plus mods that can accept
icmp2.pcapng in via a pipe.
I hav
You're quite right, all I need is SetEnv.Cmd with the appropriate target as
the arg. Thanks!
I did run into one more issue, when I rebuilt everything for x64: When I
tried to start wireshark.exe I got an Application Error dialog, saying "The
application was unable to start correctly (0xc07b)
On May 10, 2012, at 4:28 AM, Singh, Anand wrote:
> Can you please let me know how does it talk with raw packets.
> Is it using existing TCP stack or is it directly communication with lower
> level drivers like phy/Mac layer.
If you mean "how does it capture raw packets", it uses
Hi all,
I'm using conversation tracking and ran into an issue. My code looks like
this (as suggested in the README.developer):
conv = find_conversation(pinfo->fd->num,
&pinfo->src,
&pinfo->dst,
pinfo->ptype,
pinfo->srcport,
pinfo->destport,
0);
if(conv != NULL) { get con
On Thu, 10 May 2012 10:26:46 -0600 Tobias Weiss wrote
>I'm using conversation tracking and ran into an issue. My code looks like this
>(as suggested in the README.developer):
>
>conv = find_conversation(pinfo->fd->num,
>&pinfo->src,
>&pinfo->dst,
>pinfo->ptype,
>
Hi folks,
The problem with my changes to support pcap-ng through pipes seems to
be that I am not communicating linktype correctly.
What is the secret?
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___
Sent via:Wireshark-d
Richard Sharpe wrote:
> Hi folks,
>
> The problem with my changes to support pcap-ng through pipes seems to
> be that I am not communicating linktype correctly.
>
> What is the secret?
IIRC Wireshark gets the linktype of the interfaces BEFORE the capture
starts. But I never actually worked in t
Jakub Zawadzki wrote:
On Wed, May 09, 2012 at 02:57:45PM +, Christopher Maynard wrote:
Jakub Zawadzki writes:
There's already packet_info structure which is always private for current
dissection. The easiest fix would be to move all global variables
to packet_info structure. Anyone again
Thanks, this is working just fine.
But in that case I suggest an update to README.developer as I copied the
buggy source-code from there.
Tobi
Stephen Fisher
Sent by: wireshark-dev-boun...@wireshark.org
05/10/2012 01:07 PM
Please respond to
Developer support list for Wireshark
To
Devel
On Thu, 10 May 2012 15:54:44 -0600 Tobias Weiss wrote
>
>Thanks, this is working just fine.
>
>But in that case I suggest an update to README.developer as I copied the buggy
>source-code from there.
Which section(s) were you copying the source code from?
Section 2.2.3 (The example conversation code using se_alloc'd memory) from
the trunk.
Tobi
Stephen Fisher
Sent by: wireshark-dev-boun...@wireshark.org
05/10/2012 05:59 PM
Please respond to
Developer support list for Wireshark
To
Developer support list for Wireshark
cc
Subject
Re: [Wir
On May 10, 2012, at 2:06 PM, Jeff Morriss wrote:
> Richard Sharpe wrote:
>> Hi folks,
>>
>> The problem with my changes to support pcap-ng through pipes seems to
>> be that I am not communicating linktype correctly.
>>
>> What is the secret?
>
> IIRC Wireshark gets the linktype of the interfac
On Thu, May 10, 2012 at 4:14 PM, Guy Harris wrote:
>
> On May 10, 2012, at 2:06 PM, Jeff Morriss wrote:
>
>> Richard Sharpe wrote:
>>> Hi folks,
>>>
>>> The problem with my changes to support pcap-ng through pipes seems to
>>> be that I am not communicating linktype correctly.
>>>
>>> What is the
On Thu, May 10, 2012 at 6:18 PM, Richard Sharpe
wrote:
> On Thu, May 10, 2012 at 4:14 PM, Guy Harris wrote:
>>
>> On May 10, 2012, at 2:06 PM, Jeff Morriss wrote:
>>
>>> Richard Sharpe wrote:
Hi folks,
The problem with my changes to support pcap-ng through pipes seems to
be th
On May 10, 2012, at 6:49 PM, Richard Sharpe wrote:
> If I forcibly set the linktype to 1 when reading the first header (the
> SHB) during pcap_live_open, then things work as I expect.
1 is LINKTYPE_ETHERNET. Does it still work if you forcibly set the linktype to
1 and send down the pipe a capt
On Thu, May 10, 2012 at 7:05 PM, Guy Harris wrote:
>
> On May 10, 2012, at 6:49 PM, Richard Sharpe wrote:
>
>> If I forcibly set the linktype to 1 when reading the first header (the
>> SHB) during pcap_live_open, then things work as I expect.
>
> 1 is LINKTYPE_ETHERNET. Does it still work if you
On May 10, 2012, at 7:11 PM, Richard Sharpe wrote:
> On Thu, May 10, 2012 at 7:05 PM, Guy Harris wrote:
>
>> The messages from dumpcap to Wireshark on the sync pipe just say things such
>> as "there
>> are N more packets to read from the capture file" or "I've stopped writing
>> to that captu
On May 10, 2012, at 1:24 AM, Anders Broman wrote:
> Reduce Memory usage:
> - In frame_data.h it should be possible to cut down on the nstime_t
> structures by only having abs_ts and the others could be offsets to that or
> something similar thus saving a couple of bytes per packet.
"Time since
On May 10, 2012, at 1:24 AM, Anders Broman wrote:
> - In the reassembly routines If I remember correctly, I might be wrong I
> think we may waste memory for TCP. Fragments and reassembled fragments?
> - It might be possible to store file pointer and length rather than the
> fragment data an
On May 10, 2012, at 1:24 AM, Anders Broman wrote:
> Filtering:
> - We have a string with per packet protocols, could that string be saved and
> used in filtering - don't dissect the packet if it does not contain the
> filtered protocol.
If you're referring to the "frame.protocols", that is, un
Guy Harris skrev 2012-05-11 05:03:
On May 10, 2012, at 1:24 AM, Anders Broman wrote:
Filtering:
- We have a string with per packet protocols, could that string be saved and
used in filtering - don't dissect the packet if it does not contain the
filtered protocol.
If you're referring to the "
On May 10, 2012, at 9:22 PM, Anders Broman wrote:
> Guy Harris skrev 2012-05-11 05:03:
>> On May 10, 2012, at 1:24 AM, Anders Broman wrote:
>>
>>> Filtering:
>>> - We have a string with per packet protocols, could that string be saved
>>> and used in filtering - don't dissect the packet if it d
Guy Harris skrev 2012-05-11 05:02:
On May 10, 2012, at 1:24 AM, Anders Broman wrote:
- In the reassembly routines If I remember correctly, I might be wrong I think
we may waste memory for TCP. Fragments and reassembled fragments?
- It might be possible to store file pointer and length rat
Guy Harris skrev 2012-05-11 06:32:
On May 10, 2012, at 9:22 PM, Anders Broman wrote:
Guy Harris skrev 2012-05-11 05:03:
On May 10, 2012, at 1:24 AM, Anders Broman wrote:
Filtering:
- We have a string with per packet protocols, could that string be saved and
used in filtering - don't dissect
37 matches
Mail list logo
