ip.geoip.isp
ip.geoip.org
ip.geoip.src_asnum
ip.geoip.src_city
ip.geoip.src_country
ip.geoip.src_isp
ip.geoip.src_org
They are all strings, so you can filter using the contains and
matches
operators, e.g.
ip.geoip.asnum contains 17374
ip.geoip.city matches (?i)peculiar, mo
Peter
I've tried out the GeoIP API, but I don't see any results. My steps:
I've downloaded three .dat files from maxmind:
-rw-r--r--@ 1 rkm rkm 1138900 Jan 12 22:12 Downloads/GeoIP.dat
-rw-r--r-- 1 rkm rkm 2204468 Jan 12 22:12 Downloads/GeoIPASNum.dat
-rw-r--r--@ 1 rkm rkm 29945302 Jan 12
The last time I sent mail, I did not get a copy and ended up spamming
the list thinking something was broken.
I've noticed on GTK1-based builds that there are missing tabs under
'About-Wireshark'. The AUTHORS and the LICENSE tab are missing.
Also, under the Edit menu heading there is no
nlpid.h #defines Q2119 as 0x0c. However, the X.263 table I checked
from the ITU's web site
says this value is 0x0a. There are comments that indicate the same
values can have a slightly
different meaning depending on context, and I'm not intimately
familiar with this standard so I
nlpid.h #defines Q2119 as 0x0c. However, the X.263 table I checked
from the ITU's web site
says this value is 0x0a. There are comments that indicate the same
values can have a slightly
different meaning depending on context, and I'm not intimately
familiar with this standard so I
nlpid.h #defines Q2119 as 0x0c. However, the X.263 table I checked
from the ITU's web site
says this value is 0x0a. There are comments that indicate the same
value can have a slightly
different meaning depending on context, so I hesitate to just file a
bug report
Also, should I
In the past, I have come across some data that was one transport
layer carried in another (TCP carrying UDP). My first inclination
was to use Wireshark's 'Decode As...' option to force the port in
question to continue the dissection using the next transport layer
dissector. Is there a
Gentle developers,
I believe the new RTP Player placement has been discussed in the
mailing list in the past. I'm not sure anyone has noticed, but
the ability to type in the selection list on the left hand side is
quite a nice feature. However, I can no longer type 'r' t' 'p' and
go
Dear developers,
In the PDML produced by wireshark, are the pos and size
attributes base XML type nonNegativeInteger ? I would have thought
so, but
they are derived from field_info-start and field_info-length,
respectively. Both are type gint. Is it really valid for these
values
Dear developers,
From rawshark.c: set_link_type(const char *lt_arg):
if (dhandle) {
encap = WTAP_ENCAP_USER0;
pref_str = g_string_new(uat:user_dlts:);
/* This must match the format used in the user_dlts file */
g_string_sprintfa(pref_str,
\User 0
I'm studying wireshark and hope to contribute to the project, but not
sure where yet. Still learning some
of the guts probably will be for awhile.I was readin the
roadmap for Beyond 1.0 and saw
* Add privilege separation for dissection.
What does this mean exactly?
Armen,
I might be interested in such a tool. Also, by 'bootstrapping
portion' do you mean the one-time epan structure
initialization/destruction calls as well as the proper init/malloc/
free per-packet calls?
rkm
On Mar 12, 2008, at 5:28 PM, Armen Babikyan wrote:
Hello,
A few
12 matches
Mail list logo
