Le 4 juil. 2015 4:26 AM, Yang Luo hslu...@gmail.com a écrit :
Hi list,
Given that current Wireshark can't make use of NPcap because of the DLL
search path problem mentioned in
https://www.wireshark.org/lists/wireshark-dev/201506/msg00030.html, I'd
like to make a patch for Wireshark. As it is a
Howdy,
as part of the discussion for several recent bugs and gerrit changes to add
preference settings for various protocols to enable/disable heuristic
dissection, Michael Mann suggested we just provide a way to enabled/disable
*any* heuristic dissector (i.e., for all of them, automagically in
Hi Pascal, I hold the same opinion with you, because a user installing
NPcap implies that he wants to use it, I think I will make it this way:)
Cheers,
Yang
On Sat, Jul 4, 2015 at 6:07 PM, Pascal Quantin pascal.quan...@gmail.com
wrote:
Le 4 juil. 2015 4:26 AM, Yang Luo hslu...@gmail.com a
Since Netflow v9 is a Cisco-defined protocol, their own docs should arguably
trump the IETF RFC for their protocol. (personally I would read that RFC to
mean the number of packets/frames, not number of flows)
According to this:
Some thoughts:
1. There is already some code in place to have the heuristic dissector tables
displayed in a separate tab in the Enable Protocols dialog. Looks like a WIP
that was defed out (presumably until it was ready). grep HEUR_DISSECTOR_LIST
2. Because #1, I don't think the
(I think my previous attempt to send this failed, so resending)
A few months ago I updated the Netflow dissector to do sequence
analysis using the Sequence Number field within an Obvservation
Domain, based upon RFC 3954 and a capture file I was looking at.
RFC 3954 describes the field as
Out of interest why does NPcap not place its DLL's in System32\SysWow64 as
that is on the standard DLL search path?
On 4 July 2015 at 17:28, Yang Luo hslu...@gmail.com wrote:
Hi Pascal, I hold the same opinion with you, because a user installing
NPcap implies that he wants to use it, I think