The pcapng file format supports "backwards" reading.
-Original Message-
From: Wireshark-dev On Behalf Of Richard
Sharpe
Sent: den 26 februari 2021 18:39
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] 90GB pcap file get last frame time stamp
On Fri, Feb 26, 2021
int in limiting it to 7 octets.
> I infer from what Timmy Brolin, and from IEEE Std 802.3-2018, that there's no
> guarantee that the receiver will see all the preamble bits sent by the MAC
> layer, so I don't see this a indicating how long the packet was on the wire.
> At least
renamed "misaligned frame
> error".
> See, for example, this page of an Ethernet adapter manual:
> https://manualsdump.com/en/manuals/asante_technologies-asante_maccon_family_ethernet_network_cards_for_the_macintosh/142796/53
Ok!
Then I certainly cannot use that flag.
Regards,
Timmy Brolin
.
[cid:image003.png@01D70555.D93CD2C0]
And this is a mPacket with normal preamble:
[cid:image002.png@01D70556.BB213140]
-Original Message-
From: Wireshark-dev On Behalf Of Timmy
Brolin
Sent: den 16 februari 2021 13:27
To: Developer support list for Wireshark
Subject: Re
. I think they reduce it down to just one byte if I recall correctly.
Profinet uses a lot of small Ethernet frames, which makes the preamble a
significant waste of bandwidth for them.
-Original Message-
From: Wireshark-dev On Behalf Of Timmy
Brolin
Sent: den 16 februari 2021 13:03
To:
it is difficult to capture regardless. 1 bit
unalignment can not really occur, due to the preamble bit pattern.
Allowing for 2-bit unalignment indication would require defining two new bits
in EPB. Not sure how difficult that would be?
But I doubt it is worth it in practice.
Regards,
Timmy Broli
according to sections 99.3.3, 99.3.4, 99.3.6 and figure 99-6 should
be removed from Wireshark?
The intention is obviously that pcapng type “LINKTYPE_ETHERNET_MPACKET” should
be able to hold any and all valid Ethernet mPackets according to IEEE 802.3br.
Regards,
Timmy Brolin
From: Wireshark
.
Regards,
Timmy Brolin
From: Wireshark-dev On Behalf Of Jaap
Keuter
Sent: den 13 februari 2021 10:43
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] pcapng decoding error when preamble is shortened
Hi,
The capture file (View | Reload as File Format/Capture) contains an Interface
is what I have implemented here:
https://gitlab.com/wireshark/wireshark/-/merge_requests/2063
Regards,
Timmy Brolin
From: Wireshark-dev On Behalf Of Timmy
Brolin
Sent: den 24 november 2020 11:07
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How to properly finalize
does not?
Decoding failure when preamble is shortened:
[cid:image002.png@01D6FED5.BB3DFFA0]
Normal preamble, decoding successful:
[cid:image003.png@01D6FED5.BB3DFFA0]
I have attached a pcapng file with these two packets.
Timmy Brolin
M.SC. Computer Systems Engineering
HMS Industrial Networks
pposed to send a “QUIT” string to extcap to gracefully
stop a capture, 500ms before killing extcap?
I have tried having the extcap listening to “kbhit()” for stdin input, but I
get nothing.
Is this “QUIT” message from Wireshark not piped to extcap stdin?
Or am I reading the code completely wrong?
> > There seems to exist several alternative ways of doing it in Windows.
> >
> > Such as sending WM_QUIT or WM_CLOSE on the message queue,
>
> This assumes that the program you're trying to tell to terminate *has* a
> message queue to which it pays attention.
>
> Extcap programs are
which signal is
interrupting your code?
Did you try your code on unix?
On Mon, Nov 23, 2020 at 10:31 AM Timmy Brolin mailto:t...@hms.se>>
wrote:
I am writing a extcap plugin for Wireshark (Windows version). The documentation
on how Wireshark stops a extcap capture is a bit sketchy, but it
...
}
while( keepRunning );
fwrite( , sizeof(sISB), 1, fp ); // write interface statistics block to
pcapng file.
fclose(fp);
}
Regards,
Timmy Brolin
___
Sent via:Wireshark-dev mailing list
14 matches
Mail list logo
