Wireshark-dev: [Wireshark-dev] i need a help
From: "SOLTANI FATEN" <[email protected]>
Date: Thu, 12 Mar 2009 15:45:19 +0100
Hi
I'm a new Wireshark user, and I'm asking if it's possible to decode a not pcap files (text files) by Wireshark. In the same time I'm thinking about the text2pcap function, but I don't know how to use it.
Thaks for any help


-----Message d'origine-----
De : [email protected] [mailto:[email protected]] De la part de [email protected]
Envoyé : jeudi 12 mars 2009 15:26
À : [email protected]
Objet : Wireshark-dev Digest, Vol 34, Issue 23

Send Wireshark-dev mailing list submissions to
	[email protected]

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-dev
or, via email, send a message with subject or body 'help' to
	[email protected]

You can reach the person managing the list at
	[email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-dev digest..."


Today's Topics:

   1. Re: Win64 build support (Brian Daniel)
   2. Adding new dissectors (Rayne)
   3. Re: Try to use non formatting routines (Stig Bj?rlykke)
   4. Another typo in wireshark.nsi [PATCH] (Anders Broman)
   5. Re: Another typo in wireshark.nsi [PATCH] (Martin Mathieson)
   6. Questiong regarding Wireshark (ksiva)


----------------------------------------------------------------------

Message: 1
Date: Wed, 11 Mar 2009 17:40:46 -0400
From: Brian Daniel <[email protected]>
Subject: Re: [Wireshark-dev] Win64 build support
To: Developer support list for Wireshark <[email protected]>
Message-ID:
	<[email protected]>
Content-Type: text/plain; charset="windows-1252"

Cool thanks folks! Since http://buildbot.wireshark.org/trunk/waterfall shows
failed on both wireshark win32 and win64, I'll hold off on my svn update
until later tonight when both are green.
On Wed, Mar 11, 2009 at 12:18 PM, Gerald Combs <[email protected]> wrote:

> You should now, along with updating SVN. I just checked in a change to use
> WIRESHARK_TARGET_PLATFORM (note the fixed spelling) instead of PLATFORM.
>
> Config.nmake sets CPU according to WIRESHARK_TARGET_PLATFORM. You shouldn't
> have
> to set it yourself.
>
> Brian Daniel wrote:
> > Yep, turns out I need to keep my setting: Platform=BPC
> > Should I use WIRESHRK_TARGET_PLATFORM=win64 ??
> > For now, I'll try to temporarily change to Platform=win32 or win64 each
> > time I launch the cmd.exe
> >
> > Also, what CPU= should I put for my Intel Core2 Quad Q6600?
> > x86 is a solution for a very old Intel CPU.
> > Many Thanks,
> > Brian
> > On Tue, Mar 10, 2009 at 8:26 PM, Guy Harris <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> >
> >     On Mar 10, 2009, at 5:08 PM, Gerald Combs wrote:
> >
> >     > Should we use something more Wireshark-specific, e.g.
> >     > WIRESHRK_TARGET_PLATFORM
> >     > instead?
> >
> >     That might work better.  When Googling for information about this I
> >     found at least a couple of instances of some annoying bit of software
> >     insisting on setting the PLATFORM environment variable to some silly
> >     string such as BPC or HPC and breaking MSVC++ builds, so if we can
> >     avoid depending on PLATFORM at all, that might at least keep us from
> >     getting hosed by those programs.
> >
> ___________________________________________________________________________
> >     Sent via:    Wireshark-dev mailing list <[email protected]
> >     <mailto:[email protected]>>
> >     Archives:    http://www.wireshark.org/lists/wireshark-dev
> >     Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >                 mailto:[email protected]
> >     <mailto:[email protected]>?subject=unsubscribe
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <[email protected]>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:[email protected]
> ?subject=unsubscribe
>
>
> --
> Join us for Sharkfest?09  |  Stanford University, June 15 ? 18
> http://www.cacetech.com/sharkfest.09/
> ___________________________________________________________________________
>  Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:[email protected]?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090311/96484194/attachment.htm 

------------------------------

Message: 2
Date: Wed, 11 Mar 2009 22:52:50 -0700 (PDT)
From: Rayne <[email protected]>
Subject: [Wireshark-dev] Adding new dissectors
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"

Hi,

I would like to know if adding a new dissector would require modifying/adding this dissector to the code of the dissector that may later call it.

For example, I was looking at packet-gtp.c, and in proto_re_handoff_gtp(), dissector_add() was used to add UDP and if neccessary, TCP. Looking at dissector_add(), it appears that it would call dissector_add_handle() to add GTP as a sub-dissector to UDP and/or TCP. All of this is done only in packet-gtp.c and not in packet-udp.c or packet-tcp.c.

If my reasoning is correct, am I right to say when I add a dissector, I need not modify the codes of the protocol layers below it? For example in this case, if I were to add the GTP dissector, I only need to specify and add the layers below it (UDP and/or TCP) in its own code. As for protocol layers above it, I would just use call_dissector whenever appropriate?

Thank you.



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090311/d70073f3/attachment.htm 

------------------------------

Message: 3
Date: Thu, 12 Mar 2009 09:00:07 +0100
From: Stig Bj?rlykke <[email protected]>
Subject: Re: [Wireshark-dev] Try to use non formatting routines
To: Developer support list for Wireshark <[email protected]>
Message-ID:
	<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1

2009/3/11 Jakub Zawadzki <[email protected]>:
> On Wed, Mar 11, 2009 at 12:26:18PM -0400, Bill Meier wrote:
>> To prevent this from getting lost: I suggest you submit it to
>> bugs.wireshark.org as a patch request.
>
> Well first of all I'd like to know if for you it's ok to do so.
> If not it's senseless to submit bugreport.

Yes, please open a bug report (marked enhancement) for patches like
this.  We use bugzilla to keep a track of all submitted patches.

I have committed this one (r27709) so you can open a bug report for
your next patch :)


-- 
Stig Bj?rlykke


------------------------------

Message: 4
Date: Thu, 12 Mar 2009 11:29:43 +0100
From: "Anders Broman" <[email protected]>
Subject: [Wireshark-dev] Another typo in wireshark.nsi [PATCH]
To: "Developer support list for Wireshark"
	<[email protected]>
Message-ID:
	<[email protected]xxxxx>
	
Content-Type: text/plain; charset="us-ascii"

Hi,
Can some one apply this patch?
 <<wireshark.nsi.patch>> 
Regards
Anders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/b9f0cd14/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wireshark.nsi.patch
Type: application/octet-stream
Size: 466 bytes
Desc: wireshark.nsi.patch
Url : http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/b9f0cd14/attachment.obj 

------------------------------

Message: 5
Date: Thu, 12 Mar 2009 10:59:30 +0000
From: Martin Mathieson <[email protected]>
Subject: Re: [Wireshark-dev] Another typo in wireshark.nsi [PATCH]
To: Developer support list for Wireshark <[email protected]>
Message-ID:
	<[email protected]>
Content-Type: text/plain; charset="iso-8859-1"

Done in 27710.

On Thu, Mar 12, 2009 at 10:29 AM, Anders Broman
<[email protected]>wrote:

>  Hi,
> Can some one apply this patch?
> <<wireshark.nsi.patch>>
> Regards
> Anders
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:[email protected]?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20090312/94e9b5c5/attachment.htm 

------------------------------

Message: 6
Date: Wed, 11 Mar 2009 11:17:21 -0700 (PDT)
From: ksiva <[email protected]>
Subject: [Wireshark-dev] Questiong regarding Wireshark
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii


Hi there,

[1] Is there a way to run a script that will monitor the packets and look for a specific event to happen (say sequence number of the packet or src/dest is unreachable - packet type) and command the wireshark to stop capturing (perhaps N seconds after the event occured).

(Similar to what procomm plus offers a script to monitor a serial port console output.) 

i.e. A trigger to stop capture.

[2] A way to auto-flush and auto-start-capture after M packets.


Thanks,
Siva



      


------------------------------

_______________________________________________
Wireshark-dev mailing list
[email protected]
https://wireshark.org/mailman/listinfo/wireshark-dev


End of Wireshark-dev Digest, Vol 34, Issue 23
*********************************************