Would you like me to send the captures to you at [EMAIL PROTECTED]
[EMAIL PROTECTED]  We are not having problems with all users, all
domains. Inbound and outbound.

On 4/19/07, [EMAIL PROTECTED] <

Send Wireshark-users mailing list submissions to

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to

You can reach the person managing the list at

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."

Today's Topics:

  1. trouble w/ tshark static build on linux
  2. Re: capturing msn web cam traffic with wireshark.
     (Wonkyun*^^* Lee)
  3. Re: capturing msn web cam traffic with wireshark. (Guy Harris)
  4. Bizarre mail issue on network, Please someone,    help. (S R)
  5. Re: Bizarre mail issue on network, Please someone,        help.
     (Sake Blok)


Message: 1
Date: Wed, 18 Apr 2007 17:54:09 -0700
Subject: [Wireshark-users] trouble w/ tshark static build on linux
To: wireshark-users@wireshark.org
Content-Type: text/plain; charset="us-ascii"; format=flowed

I've successfully statically built tethereal before on linux, but
when I tried with tshark/wireshark 0.99.5, I keep getting errors like
can't find -lgmodule

I've tried
--enable-static --disable-wireshark --enable-tshark --disable-gtk2
and lots of other options to configure, with no success.
(configure seems to work OK, but make fails.)

I just want to get a static build of tshark.

This is on Fedora Core 6; I also tried on RHEL4.

I do have glib and gtk and gmodule, etc.



Message: 2
Date: Thu, 19 Apr 2007 10:43:12 +0900
From: "Wonkyun*^^* Lee" <[EMAIL PROTECTED]>
Subject: Re: [Wireshark-users] capturing msn web cam traffic with
To: wireshark-users@wireshark.org
Content-Type: text/plain; format=flowed

> > I am trying to capture traffic using Msn messenger, espec. with web
> > cam.
>You're trying to capture traffic with a webcam?  You mean by, for
>example, pointing a webcam at the screen while Wireshark is doing a
>live traffic capture, to display what Wireshark is showing? :-)
>Or do you mean you're trying to capture network traffic being put onto
>the network by a webcam?
What I meant was, I want to capture traffic during 'WebCam/Video
conversation', ie when i have video-convesation w/ my friend or someone.
using msn messnger webcam feature.

there is equipment that we are trying to release in public, which allows
have video conversation, it's something like video-telephone.
when i use this equipment, and wireshark, i can capture traffic with a
protocol ; H.263. and..G.722 , etc.
and it also tells me about their video type(qcif, cif ...), codec, and
bit-rate, picture type, etc....

but i cannot capture any of these things with msn messenger video
conversation, is it b/c it's encrypted?
all i see was just 'udp' protocol saying nothing..

is there anyway that i can see and analyze these things?

I want to see their picture coding type(i-frame, p-frame), time for
receiving each frame so i can calculate their frame rates, and so on...

I also tryed with SKYPE, but i know that it uses their own codec, so there
is no way to capture video frames, and analyze them.
but as far as i know, msn messnger uses standard codec, so it can co-work
with other messngers like yahoo or AOL..

I don't know whether you understand what i am trying to say, but i hope

cheers.. need help here..
plz tell me about other tools or some kind of dissectos that allow me to
these things..

> > Is there any way that i can capture video codec, or video traffic?
> >
> > some kind of frame rate or something..
> >
> > I also tried with Skype, but i cannot find the way to do it..
>You can capture *any* sort of network traffic with Wireshark.
>Whether Wireshark can *dissect* that traffic, and show it as anything
>other than raw hex data, is another matter.
>And, even if it can dissect it, it won't display it as video.
>Wireshark's a network analyzer, not a video player, although some
>dissectors might support saving the contents of a video stream within
>a capture in some video format, just as it can save some VoIP traffic
>in an audio format.
>What *exactly* is it you're trying to do here?
>Wireshark-users mailing list

Express yourself instantly with MSN Messenger! Download today it's FREE!


Message: 3
Date: Wed, 18 Apr 2007 19:03:52 -0700
From: Guy Harris <[EMAIL PROTECTED]>
Subject: Re: [Wireshark-users] capturing msn web cam traffic with
To: Community support list for Wireshark
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

On Apr 18, 2007, at 6:43 PM, Wonkyun*^^* Lee wrote:

> but i cannot capture any of these things with msn messenger video
> conversation, is it b/c it's encrypted?
> all i see was just 'udp' protocol saying nothing..

That doesn't necessarily mean you can't *capture* them.  It could just
mean that Wireshark can't *dissect* them; it might have no dissector
for whatever protocol MSN Messenger is using, or it might not
recognize the traffic as being MSN Messenger video traffic.

According to this page:


the protocol it uses is RTP, for which Wireshark has a dissector.
However, RTP doesn't have a standard port number, so Wireshark can't
recognize RTP traffic based on the UDP port number; it would either
have to be told that a particular session is RTP traffic, or look at
the packet and try to guess whether it's RTP traffic or not.

To tell Wireshark that traffic to or from a particular port is RTP
traffic, select one of the UDP packets by clicking on it, and then
select "Dceode As..." from the "Analyze" menu.  Tell it to dissect
traffic to or from one of the given transport-layer ports as RTP.

To get it to try to guess whether traffic is RTP traffic or not,
select "Preferences" from the "Edit" menu, open up the "Protocols"
list, select "RTP" from the list, turn on the "Try to decode RTP
outside of conversations" option, and click "OK".

That doesn't guarantee that it'll recognize the codec, however.

> I also tryed with SKYPE, but i know that it uses their own codec, so
> there
> is no way to capture video frames, and analyze them.

It's possible to capture those frames with Wireshark (or TShark, or
tcpdump/WinDump, or...).  It's not possible to *analyze* them in
Wireshark or TShark without a dissector being written for the protocol
it uses and for the codec it uses.


Message: 4
Date: Wed, 18 Apr 2007 23:18:15 -0400
Subject: [Wireshark-users] Bizarre mail issue on network, Please
       someone,        help.
To: wireshark-users@wireshark.org
Content-Type: text/plain; charset="iso-8859-1"


I was wondering if someone would be so kind as to help me in figuring out
strange mail problem I'm having.  I'm having a ton of retransmissions with
mail, and it's sitting it the queue on my relay server.  I thought at
it was some problem with my firewalls, but I'm starting to think that's
the case.  I've run a capture on my relay server, and I'm starting to
it may be something with my switch/router.... something in between - and
perhaps these messages aren't even making it to the firewall.

I'm having some problems interpreting this log, but it appears at times
I'm not getting an ACK from my router, so I retransmit, which continues
2 days until the timeout and the msg bounces with a rejection notice.

However, it's even more bizarre because I haven't located any packet loss.
I don't think it's an MTU problem, and the only time I can replicate the
email issue is by attempting to send .html attachments (not
embedded)  They
aren't being received inbound and not reaching the recipient outbound.

This is a major issue, as it's backing up my queues, and we have some
applications that mail html attachments for reporting, etc.

Can anyone help me? I have dissected about everything I can think
of.  There
are no rules on my Firewalls to prevent any attachments, no filtering is
turned on with my mail server or firewall.

TIA!!  I hope you all can find it in your heart to help me retain my

-------------- next part --------------
An HTML attachment was scrubbed...


Message: 5
Date: Thu, 19 Apr 2007 07:26:42 +0200
From: Sake Blok <[EMAIL PROTECTED]>
Subject: Re: [Wireshark-users] Bizarre mail issue on network, Please
       someone,        help.
To: Community support list for Wireshark
Content-Type: text/plain; charset=us-ascii

On Wed, Apr 18, 2007 at 11:18:15PM -0400, S R wrote:
> I'm having some problems interpreting this log, but it appears at times
> I'm not getting an ACK from my router, so I retransmit, which continues
> 2 days until the timeout and the msg bounces with a rejection notice.

I assume that with "log" you refer to the capture made on the
With the ACK you are refering to a TCP-ACK coming from the smtp server
you are trying to send mail to? With retransmit, do you mean a TCP
retransmit, or do you mean that the TCP-session ends and the smtp-daemon
"retries" sending it after it's configured interval? Since you say this
continues for two days ending with a rejection notice. I assume you
were talking about the second option.

> However, it's even more bizarre because I haven't located any packet
> I don't think it's an MTU problem, and the only time I can replicate the
> email issue is by attempting to send .html attachments (not
embedded)  They
> aren't being received inbound and not reaching the recipient outbound.

Does this happen with only one recipient domain or with all domains
you are tryin to send ".html" attachements too? ie can it be that the
problem is caused by the remote site instead of yours?

> Can anyone help me? I have dissected about everything I can think
of.  There
> are no rules on my Firewalls to prevent any attachments, no filtering is
> turned on with my mail server or firewall.

Could you send me a (binary) capture file of one SMTP session in which
the message is not fully deliverd?




Wireshark-users mailing list

End of Wireshark-users Digest, Vol 11, Issue 32

Wireshark-users mailing list

Reply via email to