If this turns out to be tricky, you might consider whether using text2pcap
would be easier. This takes a hex dump of your packets and generates a
pcap file. It ships with Wireshark and its manpage is at
http://www.wireshark.org/docs/man-pages/text2pcap.html. To use this you'll
need to write
Isn't your DLL written in C++? You're not mixing new free are you?
Storage got with new must be returned with delete, new [ ] with delete [ ]
but only malloc() with free().
Andy.
gogr...@wi.rr.com
To
Developer support list for Wireshark wireshark-dev@wireshark.org
cc
bcc
Subject
Re:
Abhik,
text2pcap was designed to read hex dumps in od format ie: with a character
representation of the data on the right. If, like me, you have to create a
hex dump from some other source to act as input to text2pcap, then it's
your responsibility to ensure that there's something on the right
PROTECTED]
01/05/2008 12:36
On Thu, May 1, 2008 at 2:38 PM, Andy Lawman [EMAIL PROTECTED] wrote:
Abhik,
text2pcap was designed to read hex dumps in od format ie: with a
character
representation of the data on the right. If, like me, you have to create
a
hex dump from some other source
I'm afraid I can't help with questions 1 2, but I think 3 is
straightforward:
The header length in IPv4 is a 4 bit quantity in units of 4 bytes. 5
yields 20 - the length of an IPv4 header with no options specified. So
that's 20 bytes from the start of the IPv4 header (0x45) to the end of it.
Actually, what I suggested will only give one side of the conversa\tion
that you're interested in. However,
(ip.addr==ADDR1 and tcp.port==PORT1) and (ip.addr=ADDR2 and
tcp.port==PORT2)
should do the trick.
Andy.
Andy Lawman [EMAIL PROTECTED]
To
Developer support list for Wireshark
Try somthing along the lines of ip.src==ADDR1 and ip.dst=ADDR2 and
tcp.srcport==PORT1 and tcp.dstport==PORT2.
So not a bug.
Andy.
Kukosa, Tomas [EMAIL PROTECTED]
To
wireshark-dev@wireshark.org
cc
bcc
Subject
[Wireshark-dev] Conversation filters
Kukosa, Tomas [EMAIL PROTECTED]
Please
I've also been developing a dissector and have followed much the same path
as you. I'm developing at home on XP, distributing at work mainly on 2000,
but with some PCs on XP. All is well except, oddly, the XP installations
at work. First I checked the version of vcredist.exe I was using, but
Amit,
A general way to get more information about what's wrong is to start
tshark up from a comand line. When doing this (on Windows) the same error
message as with Wireshark appears on the console, but a more detailed one
appears in a pop-up window. In this case I think it will name the