Re: [Wireshark-dev] Has anyone created an XDR to Dissector tool?

On Fri, Sep 2, 2016 at 8:03 AM, Richard Sharpe wrote: > For those following along at home, here is a WIP patch against the > glibc master version of rpcgen. > > It builds and runs and generates an incomplete dissector at this > stage, but it shows where I think I am

Re: [Wireshark-dev] Extracting field values in a C post-dissector

I've hit a problem. WS scans the trace file twice. I need access to protocol fields (e.g. tcp.len and smb2.ses_id) during the first scan. Unfortunately with the C postdissector the tree value passed during the first scan is NULL. During the second scan I do get the tree. I guess the LUA

Re: [Wireshark-dev] VS 2013 Local Windows Debugger shows Qt5Core.dll is missing

On 5 September 2016 at 17:40, Paul Offord wrote: > Hi, > > > > I have built Wireshark in the master branch from a git pull that I did > today. I use VS 2013 on Windows 7 and Wireshark builds OK. I run the > Debug x64 build using Local Windows Debugger and I get an

Re: [Wireshark-dev] Remove of GTK interface

Hi, I have reports from internal users that the Qt interface does not work when connecting remotely by VNC or ssh -X to the sniffer so for me that’s a showstopper to get rid of GTK. Regards Anders From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf

Re: [Wireshark-dev] Remove of GTK interface

During the last Sharkfest, I heard from many users and power-users still some affection to GTK interface. It surprised me a bit, since when I switched to Qt, it was a matter of will. Resistance to change? Maybe. Something not to care about? Surely not. The switch-off of GTK will happen, but...

Re: [Wireshark-dev] Remove of GTK interface

Hi, Even though this is an expected course of events, there is no timeline as of yet. So even though the GTK UI may be lacking features it could still be part of 2.4. So for now it has to remain, and relevant changes should be made not to break it. Thanks, Jaap > On 05 Sep 2016, at 15:06,

[Wireshark-dev] PCAP NG files not closed properly any more?

Hi, Looking at a pcap-ng file just produced with the File viewer [MIME file format] I get [Packet size limited during capture: File-PCAPNG truncated] I'm looking at a problem where it seems we have no NRB block in the file any more. I have the option "Only use the profile "hosts" file set.

[Wireshark-dev] Remove of GTK interface

Hi As I understand correctly, the gtk interface is being phased out to a point, where it will not be included in 2.4 anymore. I am currently one the brink of adding new features to extcap, and doing so would need me to change some internal interfaces, some of which are used only by the gtk

Re: [Wireshark-dev] Extracting field values in a C post-dissector

Hi Guy, I think you are right. When I thought about it I realised that dissected field values don't get stored anywhere in a standard way and retrieving them from the tree is the only way to go. Luckily I only need a few values. If proto_find_finfo() is slow I might try writing something to