Wireshark-dev: [Wireshark-dev] convert ASCII files to Pcap files whithout using Text2pcap
From: "SOLTANI FATEN" <[email protected]>
Date: Tue, 17 Mar 2009 09:36:52 +0100
Hi everybody
I want to convert an ASCII file to Pcap file, without using Text2pcap, for example using Perl or another tool. I am open to any proposal
Best regards  




-----Message d'origine-----
De : [email protected] [mailto:[email protected]] De la part de [email protected]
Envoyé : mardi 17 mars 2009 00:30
À : [email protected]
Objet : Wireshark-dev Digest, Vol 34, Issue 31

Send Wireshark-dev mailing list submissions to
	[email protected]

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-dev
or, via email, send a message with subject or body 'help' to
	[email protected]

You can reach the person managing the list at
	[email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-dev digest..."


Today's Topics:

   1. buildbot failure in Wireshark (development) on	OSX-10.5-ppc
      ([email protected])
   2. Re: Using Wireshark packet parsers and pretty	printers
      (Ulisses Ara?jo Costa)
   3. Re: Hello to the list and a nested dissector (Gaetano Vocca)
   4. buildbot failure in Wireshark (development) on
      Solaris-10-SPARC ([email protected])
   5. buildbot failure in Wireshark (development) on
      Ubuntu-7.10-x86-64 ([email protected])
   6. buildbot failure in Wireshark (development) on	OSX-10.5-x86
      ([email protected])
   7. Re: [Wireshark-commits] rev 27748:	/trunk/plugins/profinet/
      /trunk/plugins/profinet/:	Makefile.common crc16.c crc16.h
      moduleinfo.h moduleinfo.nmake	packet-dcerpc-pn-io.c
      packet-pn-rt.c (Joerg Mayer)
   8. Re: [Wireshark-commits] rev	27748:/trunk/plugins/profinet/
      /trunk/plugins/profinet/:Makefile.common crc16.c crc16.h
      moduleinfo.h moduleinfo.nmakepacket-dcerpc-pn-io.c packet-pn-rt.c
      (Anders Broman)
   9. buildbot failure in Wireshark (development) on	OSX-10.5-ppc
      ([email protected])
  10. Re: [Wireshark-commits] rev 27748:	/trunk/plugins/profinet/
      /trunk/plugins/profinet/:	Makefile.common crc16.c crc16.h
      moduleinfo.h moduleinfo.nmake	packet-dcerpc-pn-io.c
      packet-pn-rt.c (Guy Harris)
  11. Re: [Wireshark-commits] rev 27748:	/trunk/plugins/profinet/
      /trunk/plugins/profinet/:	Makefile.common crc16.c crc16.h
      moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c
      packet-pn-rt.c (Ulf Lamping)


----------------------------------------------------------------------

Message: 1
Date: Mon, 16 Mar 2009 12:05:57 -0700
From: [email protected]
Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
	on	OSX-10.5-ppc
To: [email protected]
Message-ID: <[email protected]>

The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/709

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: osx-10.5-ppc

Build Reason: 
Build Source Stamp: HEAD
Blamelist: etxrab

BUILD FAILED: failed compile

sincerely,
 -The Buildbot



------------------------------

Message: 2
Date: Mon, 16 Mar 2009 19:44:00 +0000
From: Ulisses Ara?jo Costa <[email protected]>
Subject: Re: [Wireshark-dev] Using Wireshark packet parsers and pretty
	printers
To: Developer support list for Wireshark <[email protected]>
Message-ID:
	<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1

Thank you for your answers. For now I will start to use the PDML file.
Later on I will try to do it using the Wireshark API.

On Tue, Mar 10, 2009 at 01:27, Guy Harris <[email protected]> wrote:
>
> On Mar 9, 2009, at 5:27 PM, Richard Sharpe wrote:
>
>> At each layer it extracts the fields it needs and puts them into the
>> protocol tree or the columns, however, there is no library that allows
>> you to parse a packet and then say:
>>
>> ? give me the value of the field tcp.flags or smb.fid or so forth
>>
>> Ethereal is not organized that way.
>
> Well, not *entirely* true, but it's not as if there's some library
> that lets you do that *conveniently*.
>
> In reasonably recent versions of Ethereal - and thus in all versions
> of Wireshark, as the "epan" library was created before the program was
> renamed from Ethereal to Wireshark - the library (called "libethereal"
> in Ethereal, and "libwireshark" in Wireshark) has routines:
>
> ? ? ? ?epan_init() - initializes the library;
>
> ? ? ? ?epan_dissect_new() - allocates an epan_dissect_t structure to hold
> the context of a dissection, and returns a pointer to it;
>
> ? ? ? ?epan_dissect_prime_dfilter() - tells the library which fields you'll
> need to look at (although the API is *really* oriented towards
> "display filters" so you can't just do it by giving it the names of
> the fields);
>
> ? ? ? ?epan_dissect_run() - hand it an epan_dissect_t, the pseudo-header for
> the packet as returned by *another* Wireshark library (libwiretap),
> the raw packet data for the packet (as returned by libwiretap), and
> some other information;
>
> ? ? ? ?epan_dissect_free() - releases the epan_dissect_t when you're done
> with the dissection and have extracted the information you want from
> the result.
>
> The values of the fields can be found by looking in the protocol tree
> pointed to by the "tree" member of the epan_dissect_t; you'd have to
> walk through the tree looking for instances of the fields.
>
> As one can tell from the number of places where I just waved my hands
> rather than giving details, this is rather complicated. ?The library
> was *not* designed to be used by arbitrary applications, so the API is
> somewhat oriented towards its use in Wireshark and TShark.
>
> And, just to add to the complication, I didn't mention that Wireshark
> dissector maintain state between packets, which they might require in
> order to properly dissect packets, so somebody would want to use
> libwiretap to read an entire capture file, calling epan_dissect_new()/
> epan_dissect_prime_dfilter()/epan_dissect_run()/epan_dissect_free() on
> each of the packets.
>
> So I'm not sure it's possible to have a "simple" program that uses
> it. ?It might be easier to have TShark read the capture file and
> produce a version of the protocol tree as PDML, and have the program
> read the PDML file, as Stephen Donnelly suggested.
> ___________________________________________________________________________
> Sent via: ? ?Wireshark-dev mailing list <[email protected]>
> Archives: ? ?http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> ? ? ? ? ? ? mailto:[email protected]?subject=unsubscribe
>



-- 
Ulisses Costa - http://caos.di.uminho.pt/~ulisses/


------------------------------

Message: 3
Date: Mon, 16 Mar 2009 20:50:25 +0100
From: Gaetano Vocca <[email protected]>
Subject: Re: [Wireshark-dev] Hello to the list and a nested dissector
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed

Thank you Anders for your answer.
I have already parsed the asn by means of asn2wrs, I have also  
developed the dissection of the header, afterwards I use the  
call_tcap_dissector function from the asn1/tcap dissector to have the  
TCAP layer decoded and, in the end, I need to decode the TCAP  
component by means of my ASN1 protocol.
Now what I don't know is how to retrieve the Component content from  
the parsed TCAP and pass it to the dissection of the inner protocol.

Thanks again
Gaetano



------------------------------

Message: 4
Date: Mon, 16 Mar 2009 13:33:26 -0700
From: [email protected]
Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
	on	Solaris-10-SPARC
To: [email protected]
Message-ID: <[email protected]>

The Buildbot has detected a new failure of Solaris-10-SPARC on Wireshark (development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/Solaris-10-SPARC/builds/1289

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: solaris-10-sparc

Build Reason: 
Build Source Stamp: HEAD
Blamelist: etxrab,guy,tuexen

BUILD FAILED: failed compile

sincerely,
 -The Buildbot



------------------------------

Message: 5
Date: Mon, 16 Mar 2009 15:19:58 -0700
From: [email protected]
Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
	on	Ubuntu-7.10-x86-64
To: [email protected]
Message-ID: <[email protected]>

The Buildbot has detected a new failure of Ubuntu-7.10-x86-64 on Wireshark (development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/Ubuntu-7.10-x86-64/builds/789

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: ubuntu-7.10-x86

Build Reason: 
Build Source Stamp: HEAD
Blamelist: etxrab,guy,martinm,tuexen,ulfl,wmeier

BUILD FAILED: failed compile

sincerely,
 -The Buildbot



------------------------------

Message: 6
Date: Mon, 16 Mar 2009 15:32:03 -0700
From: [email protected]
Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
	on	OSX-10.5-x86
To: [email protected]
Message-ID: <[email protected]>

The Buildbot has detected a new failure of OSX-10.5-x86 on Wireshark (development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/OSX-10.5-x86/builds/1948

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: osx-10.5-x86

Build Reason: 
Build Source Stamp: HEAD
Blamelist: ulfl

BUILD FAILED: failed compile

sincerely,
 -The Buildbot



------------------------------

Message: 7
Date: Mon, 16 Mar 2009 23:45:40 +0100
From: Joerg Mayer <[email protected]>
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 27748:
	/trunk/plugins/profinet/ /trunk/plugins/profinet/:	Makefile.common
	crc16.c crc16.h moduleinfo.h moduleinfo.nmake	packet-dcerpc-pn-io.c
	packet-pn-rt.c
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii

On Mon, Mar 16, 2009 at 09:40:03PM +0000, [email protected] wrote:
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=27748
>  crc16 algorithm copied from Linux sources (GPL V2 only!)

So far the wireshark sources are v2 or later - so adding a gplv2 only file
is not something that should be done without asking *first*, because it
has effects for all of Wireshark. Or maybe there already were files that
are v2 only and I missed that?

Ciao
     Joerg
-- 
Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.


------------------------------

Message: 8
Date: Mon, 16 Mar 2009 23:56:37 +0100
From: "Anders Broman" <[email protected]>
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev
	27748:/trunk/plugins/profinet/
	/trunk/plugins/profinet/:Makefile.common crc16.c crc16.h	moduleinfo.h
	moduleinfo.nmakepacket-dcerpc-pn-io.c packet-pn-rt.c
To: "'Developer support list for Wireshark'"
	<[email protected]>
Message-ID: <4688C2F8058B4A22[email protected]>
Content-Type: text/plain;	charset="iso-8859-1"

Hi,
Isn't there a couple of crc versions in epan?
/Anders

-----Ursprungligt meddelande-----
Fr?n: [email protected]
[mailto:[email protected]] F?r Joerg Mayer
Skickat: den 16 mars 2009 23:46
Till: [email protected]
?mne: Re: [Wireshark-dev] [Wireshark-commits] rev
27748:/trunk/plugins/profinet/ /trunk/plugins/profinet/:Makefile.common
crc16.c crc16.h moduleinfo.h moduleinfo.nmakepacket-dcerpc-pn-io.c
packet-pn-rt.c

On Mon, Mar 16, 2009 at 09:40:03PM +0000, [email protected] wrote:
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=27748
>  crc16 algorithm copied from Linux sources (GPL V2 only!)

So far the wireshark sources are v2 or later - so adding a gplv2 only file
is not something that should be done without asking *first*, because it
has effects for all of Wireshark. Or maybe there already were files that
are v2 only and I missed that?

Ciao
     Joerg
-- 
Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe



------------------------------

Message: 9
Date: Mon, 16 Mar 2009 16:12:08 -0700
From: [email protected]
Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
	on	OSX-10.5-ppc
To: [email protected]
Message-ID: <[email protected]>

The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development).
Full details are available at:
 http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/713

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: osx-10.5-ppc

Build Reason: 
Build Source Stamp: HEAD
Blamelist: ulfl

BUILD FAILED: failed compile

sincerely,
 -The Buildbot



------------------------------

Message: 10
Date: Mon, 16 Mar 2009 16:18:06 -0700
From: Guy Harris <[email protected]>
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 27748:
	/trunk/plugins/profinet/	/trunk/plugins/profinet/:	Makefile.common
	crc16.c crc16.h	moduleinfo.h moduleinfo.nmake	packet-dcerpc-pn-io.c
	packet-pn-rt.c
To: Developer support list for Wireshark <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Mar 16, 2009, at 3:45 PM, Joerg Mayer wrote:

> On Mon, Mar 16, 2009 at 09:40:03PM +0000, [email protected] wrote:
>> http://anonsvn.wireshark.org/viewvc/viewvc.cgi? 
>> view=rev&revision=27748
>> crc16 algorithm copied from Linux sources (GPL V2 only!)
>
> So far the wireshark sources are v2 or later - so adding a gplv2  
> only file
> is not something that should be done without asking *first*, because  
> it
> has effects for all of Wireshark. Or maybe there already were files  
> that
> are v2 only and I missed that?

Is the only difference between the CRC16 in PROFINET and the ITU-T  
CRC16 implemented in epan/crc16.c the polynomial?  It looks as if the  
algorithm is the same in the PROFINET CRC16 and the "reflected" ITU-T  
CRC16:

	crc = initial value;
	for (all bytes in the buffer)
		crc = (crc >> 8) ^ table[(crc ^ byte from buffer) & 0xff];
	return crc;

so it might just be the table.  If so, could we just generate the  
appropriate table for the PROFINET polynomial, have epan/crc16.c  
export crc16_reflected(), and have the PROFINET CRC16 routine use  
crc16_reflected() and the appropriate table?


------------------------------

Message: 11
Date: Tue, 17 Mar 2009 00:29:13 +0100
From: Ulf Lamping <[email protected]>
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 27748:
	/trunk/plugins/profinet/ /trunk/plugins/profinet/:	Makefile.common
	crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c
	packet-pn-rt.c
To: Developer support list for Wireshark <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Joerg Mayer schrieb:
> On Mon, Mar 16, 2009 at 09:40:03PM +0000, [email protected] wrote:
>> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=27748
>>  crc16 algorithm copied from Linux sources (GPL V2 only!)
> 
> So far the wireshark sources are v2 or later - so adding a gplv2 only file
> is not something that should be done without asking *first*, because it
> has effects for all of Wireshark. Or maybe there already were files that
> are v2 only and I missed that?

I had in mind that we already have GPL V2 only files in Wireshark 
before, but I may be wrong here.


I can remove the two "GPL V2 only" files, as this is "only" a CRC16 
expert check here. That is the CCITT implementation of CRC16 which is 
not already existing in Wireshark AFAIK. Having the CCITT CRC16 in 
Wireshark would be probably a good idea anyway.

Some time ago when I actually implemented the stuff I couldn't find a 
GPL V2 or later implementation.

Question is: How to continue?

Regards, ULFL


------------------------------

_______________________________________________
Wireshark-dev mailing list
[email protected]
https://wireshark.org/mailman/listinfo/wireshark-dev


End of Wireshark-dev Digest, Vol 34, Issue 31
*********************************************