Wireshark-dev: [Wireshark-dev] i need a help
From: "SOLTANI FATEN" <Faten.Soltani@xxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Mar 2009 15:45:19 +0100
Hi I'm a new Wireshark user, and I'm asking if it's possible to decode a not pcap files (text files) by Wireshark. In the same time I'm thinking about the text2pcap function, but I don't know how to use it. Thaks for any help -----Message d'origine----- De : wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de wireshark-dev-request@xxxxxxxxxxxxx Envoyé : jeudi 12 mars 2009 15:26 À : wireshark-dev@xxxxxxxxxxxxx Objet : Wireshark-dev Digest, Vol 34, Issue 23 Send Wireshark-dev mailing list submissions to wireshark-dev@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-dev or, via email, send a message with subject or body 'help' to wireshark-dev-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-dev-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-dev digest..." Today's Topics: 1. Re: Win64 build support (Brian Daniel) 2. Adding new dissectors (Rayne) 3. Re: Try to use non formatting routines (Stig Bj?rlykke) 4. Another typo in wireshark.nsi [PATCH] (Anders Broman) 5. Re: Another typo in wireshark.nsi [PATCH] (Martin Mathieson) 6. Questiong regarding Wireshark (ksiva) ---------------------------------------------------------------------- Message: 1 Date: Wed, 11 Mar 2009 17:40:46 -0400 From: Brian Daniel <daniel_brian@xxxxxxxxxxxx> Subject: Re: [Wireshark-dev] Win64 build support To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <b66dd3f30903111440l7c27e5e4ie7e7cc5c91f78372@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="windows-1252" Cool thanks folks! Since http://buildbot.wireshark.org/trunk/waterfall shows failed on both wireshark win32 and win64, I'll hold off on my svn update until later tonight when both are green. On Wed, Mar 11, 2009 at 12:18 PM, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote: > You should now, along with updating SVN. I just checked in a change to use > WIRESHARK_TARGET_PLATFORM (note the fixed spelling) instead of PLATFORM. > > Config.nmake sets CPU according to WIRESHARK_TARGET_PLATFORM. You shouldn't > have > to set it yourself. > > Brian Daniel wrote: > > Yep, turns out I need to keep my setting: Platform=BPC > > Should I use WIRESHRK_TARGET_PLATFORM=win64 ?? > > For now, I'll try to temporarily change to Platform=win32 or win64 each > > time I launch the cmd.exe > > > > Also, what CPU= should I put for my Intel Core2 Quad Q6600? > > x86 is a solution for a very old Intel CPU. > > Many Thanks, > > Brian > > On Tue, Mar 10, 2009 at 8:26 PM, Guy Harris <guy@xxxxxxxxxxxx > > <mailto:guy@xxxxxxxxxxxx>> wrote: > > > > > > On Mar 10, 2009, at 5:08 PM, Gerald Combs wrote: > > > > > Should we use something more Wireshark-specific, e.g. > > > WIRESHRK_TARGET_PLATFORM > > > instead? > > > > That might work better. When Googling for information about this I > > found at least a couple of instances of some annoying bit of software > > insisting on setting the PLATFORM environment variable to some silly > > string such as BPC or HPC and breaking MSVC++ builds, so if we can > > avoid depending on PLATFORM at all, that might at least keep us from > > getting hosed by those programs. > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx > > <mailto:wireshark-dev@xxxxxxxxxxxxx>> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:wireshark-dev-request@xxxxxxxxxxxxx > > <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe > > > > > > > > ------------------------------------------------------------------------ > > > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:wireshark-dev-request@xxxxxxxxxxxxx > ?subject=unsubscribe > > > -- > Join us for Sharkfest?09 | Stanford University, June 15 ? 18 > http://www.cacetech.com/sharkfest.09/ > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090311/96484194/attachment.htm ------------------------------ Message: 2 Date: Wed, 11 Mar 2009 22:52:50 -0700 (PDT) From: Rayne <hjazz6@xxxxxxxxx> Subject: [Wireshark-dev] Adding new dissectors To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <147255.45314.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" Hi, I would like to know if adding a new dissector would require modifying/adding this dissector to the code of the dissector that may later call it. For example, I was looking at packet-gtp.c, and in proto_re_handoff_gtp(), dissector_add() was used to add UDP and if neccessary, TCP. Looking at dissector_add(), it appears that it would call dissector_add_handle() to add GTP as a sub-dissector to UDP and/or TCP. All of this is done only in packet-gtp.c and not in packet-udp.c or packet-tcp.c. If my reasoning is correct, am I right to say when I add a dissector, I need not modify the codes of the protocol layers below it? For example in this case, if I were to add the GTP dissector, I only need to specify and add the layers below it (UDP and/or TCP) in its own code. As for protocol layers above it, I would just use call_dissector whenever appropriate? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090311/d70073f3/attachment.htm ------------------------------ Message: 3 Date: Thu, 12 Mar 2009 09:00:07 +0100 From: Stig Bj?rlykke <stig@xxxxxxxxxxxxx> Subject: Re: [Wireshark-dev] Try to use non formatting routines To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <46bcbd8f0903120100i1bc3f7aepb1025f92a714d900@xxxxxxxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1 2009/3/11 Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx>: > On Wed, Mar 11, 2009 at 12:26:18PM -0400, Bill Meier wrote: >> To prevent this from getting lost: I suggest you submit it to >> bugs.wireshark.org as a patch request. > > Well first of all I'd like to know if for you it's ok to do so. > If not it's senseless to submit bugreport. Yes, please open a bug report (marked enhancement) for patches like this. We use bugzilla to keep a track of all submitted patches. I have committed this one (r27709) so you can open a bug report for your next patch :) -- Stig Bj?rlykke ------------------------------ Message: 4 Date: Thu, 12 Mar 2009 11:29:43 +0100 From: "Anders Broman" <anders.broman@xxxxxxxxxxxx> Subject: [Wireshark-dev] Another typo in wireshark.nsi [PATCH] To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <E48F3A0F80C4B642BF6A5FF3257DFBB906243A8E@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" Hi, Can some one apply this patch? <<wireshark.nsi.patch>> Regards Anders -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/b9f0cd14/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: wireshark.nsi.patch Type: application/octet-stream Size: 466 bytes Desc: wireshark.nsi.patch Url : http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/b9f0cd14/attachment.obj ------------------------------ Message: 5 Date: Thu, 12 Mar 2009 10:59:30 +0000 From: Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> Subject: Re: [Wireshark-dev] Another typo in wireshark.nsi [PATCH] To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <7b8c30e40903120359p33606d1ak89389198906c1bb6@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Done in 27710. On Thu, Mar 12, 2009 at 10:29 AM, Anders Broman <anders.broman@xxxxxxxxxxxx>wrote: > Hi, > Can some one apply this patch? > <<wireshark.nsi.patch>> > Regards > Anders > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/94e9b5c5/attachment.htm ------------------------------ Message: 6 Date: Wed, 11 Mar 2009 11:17:21 -0700 (PDT) From: ksiva <ksiva@xxxxxxxxx> Subject: [Wireshark-dev] Questiong regarding Wireshark To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <709449.26331.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii Hi there, [1] Is there a way to run a script that will monitor the packets and look for a specific event to happen (say sequence number of the packet or src/dest is unreachable - packet type) and command the wireshark to stop capturing (perhaps N seconds after the event occured). (Similar to what procomm plus offers a script to monitor a serial port console output.) i.e. A trigger to stop capture. [2] A way to auto-flush and auto-start-capture after M packets. Thanks, Siva ------------------------------ _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-dev End of Wireshark-dev Digest, Vol 34, Issue 23 *********************************************
- Prev by Date: Re: [Wireshark-dev] Another typo in wireshark.nsi [PATCH]
- Next by Date: [Wireshark-dev] convert a hexa form to pcap
- Previous by thread: Re: [Wireshark-dev] Another typo in wireshark.nsi [PATCH]
- Next by thread: [Wireshark-dev] convert a hexa form to pcap
- Index(es):
- Get Wireshark
- Download
- Code of Conduct