Wireshark-users: [Wireshark-users] A question about display fileds
From: "Scott Sheppard" <[email protected]>
Date: Thu, 6 Sep 2007 13:09:36 -0000
Hello 

I am doing a study where I need to look at sequence numbers and vlan tags. 
I can see this in the user interface of WS without any problem. I would
however like to export the packets to a CSV file for use with Excel or as
fodder for a parsing script.  Again I can do this. 
However the exported data is just what is seen in the summary field and I am
interested in listing all the fields from a Frame, Ethernet, IP header etc.
I do not need the payload bytes. 

Can this be accomplished?

Thank you.

Scott Sheppard

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected]
Sent: Thursday, September 06, 2007 02:34
To: [email protected]
Subject: Wireshark-users Digest, Vol 16, Issue 6


Send Wireshark-users mailing list submissions to
	[email protected]

To subscribe or unsubscribe via the World Wide Web, visit
	http://www.wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
	[email protected]

You can reach the person managing the list at
	[email protected]

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Re: Increase Length of Description Fields (Chris Alton)
   2. Re: Unable to compile static build of TShark on Fedora 7
      (Barry Gould)
   3. NCP Protocol Info field (Gerry McCafferty)
   4. Re: Unable to compile static build of TShark	on	Fedora 7
      (Stephen Fisher)
   5. 3GPP2 A11 parsing error (Horyong Choi)


----------------------------------------------------------------------

Message: 1
Date: Wed, 5 Sep 2007 07:14:39 -0700
From: Chris Alton <[email protected]>
Subject: Re: [Wireshark-users] Increase Length of Description Fields
To: Community support list for Wireshark
	<[email protected]>
Message-ID:
	
<[email protected]xxxxx.micro
soft.com>
	
Content-Type: text/plain; charset="utf-8"

Any of the database protocols. TNS, TDS etc. Mainly trying to get the
queries being executed. A lot of the times these queries can be quiet large.

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Stephen Fisher
Sent: Tuesday, September 04, 2007 4:01 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Increase Length of Description Fields

On Tue, Sep 04, 2007 at 10:30:37AM -0700, Chris Alton wrote:

> Is there any way to increase the size of the display fields in the 
> dissected packet info section?
>
> There are a few instances where the info gets truncated and the only 
> way to get it out of the packet is to use the packet bytes and 
> reassemble it manually.

There is no way to widen those fields at this time.  Out of curiosity, which
protocol's traffic is giving you such long fields?


Steve
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users

------------------------------

Message: 2
Date: Wed, 05 Sep 2007 15:12:52 -0700
From: Barry Gould <[email protected]>
Subject: Re: [Wireshark-users] Unable to compile static build of
	TShark on Fedora 7
To: <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 05:45 PM 9/4/2007, Guy Harris wrote:
>If so, you will have to configure with --without-plugins.

OK, I tried
./configure --enable-wireshark=no --enable-static=yes --without-plugins

and still got a -lgmodule-2.0 error

so I tried
./configure --enable-wireshark=no --enable-static=yes 
--without-plugins  --disable-gmodule

and still got a -lgmodule-2.0 error


and if I do this:
$ ./configure --enable-wireshark=no --without-krb5 --without-ssl
--disable-text2pcap --enable-dftest=no --enable-randpct=no --enable-ipv6=no
--enable-threads=no --without-portaudio --disable-gtk2 --without-lua
--enable-dftest=no --enable-static=yes --with-net-snmp=no --with-ucd-snmp=no
--without-adns --disable-gtkplus --disable-gmodule --disable-shared
--disable-dependency-tracking --without-plugins

I get some other errors (below)

The Wireshark package has been configured with the following options.
                     Build wireshark : no
                        Build tshark : yes
                      Build capinfos : yes
                       Build editcap : yes
                       Build dumpcap : yes
                      Build mergecap : yes
                     Build text2pcap : no
                       Build idl2wrs : yes
                       Build randpkt : yes
                        Build dftest : no

                      Install setuid : no
                         Use plugins : no
                    Build lua plugin : no
                    Build rtp_player : no
                 Use GTK+ v2 library : no
                    Use pcap library : yes
                    Use zlib library : yes
                    Use pcre library : no
                Use kerberos library : no
                Use GNU ADNS library : no
              Use GNU crypto library : no
              Use SSL crypto library : no
            Use IPv6 name resolution : no
                Use Net-SNMP library : no
                  Use gnutls library : no

$ make -j2
...
make[3]: Entering directory `/usr/src/wireshark-0.99.6/wiretap'
/bin/sh ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I.
  -I/usr/local/include -I/usr/local/include -Werror
-D_U_="__attribute__((unused))" -g -O2 -Wall -W
-Wdeclaration-after-statement -Wendif-labels -Wpointer-arith
-Wbad-function-cast -Wcast-qual -Wwrite-strings -Wstrict-prototypes
-Wmissing-declarations -Wno-pointer-sign -Wcast-align
-I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/local/include
-I/usr/local/include -c -o libwiretap_la-erf.lo `test -f 'erf.c' || echo
'./'`erf.c
  gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include
-Werror "-D_U_=__attribute__((unused))" -g -O2 -Wall -W
-Wdeclaration-after-statement -Wendif-labels -Wpointer-arith
-Wbad-function-cast -Wcast-qual -Wwrite-strings -Wstrict-prototypes
-Wmissing-declarations -Wno-pointer-sign -Wcast-align
-I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/local/include
-I/usr/local/include -c erf.c -o libwiretap_la-erf.o
cc1: warnings being treated as errors
erf.c: In function 'erf_open':
erf.c:152: warning: const qualifier ignored on asm
erf.c:211: warning: const qualifier ignored on asm
erf.c:215: warning: const qualifier ignored on asm
erf.c: In function 'erf_read_header':
erf.c:364: warning: const qualifier ignored on asm
erf.c:408: warning: const qualifier ignored on asm
erf.c:443: warning: const qualifier ignored on asm
erf.c:458: warning: const qualifier ignored on asm
erf.c:458: warning: const qualifier ignored on asm
erf.c:458: warning: const qualifier ignored on asm
erf.c:458: warning: const qualifier ignored on asm
erf.c:459: warning: const qualifier ignored on asm
erf.c:468: warning: const qualifier ignored on asm
erf.c:468: warning: const qualifier ignored on asm
erf.c:468: warning: const qualifier ignored on asm
erf.c:468: warning: const qualifier ignored on asm
erf.c:469: warning: const qualifier ignored on asm
erf.c:478: warning: const qualifier ignored on asm
erf.c:478: warning: const qualifier ignored on asm
erf.c:478: warning: const qualifier ignored on asm
erf.c:478: warning: const qualifier ignored on asm
erf.c:479: warning: const qualifier ignored on asm
make[3]: *** [libwiretap_la-erf.lo] Error 1
make[3]: Leaving directory `/usr/src/wireshark-0.99.6/wiretap'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/src/wireshark-0.99.6/wiretap'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/wireshark-0.99.6'
make: *** [all] Error 2




Thanks,
Barry



------------------------------

Message: 3
Date: Thu, 6 Sep 2007 10:42:36 +1000
From: Gerry McCafferty <[email protected]>
Subject: [Wireshark-users] NCP Protocol Info field
To: [email protected]
Message-ID:
	
<[email protected]xxxxx>
	
Content-Type: text/plain; charset="utf-8"

Quick question about the Info fields of ncp.ndsverb == 0x1 fields (NDS 
Resolve Name) in Wireshark 0.99.6a in Windows XP. 

If it is a servername, then for some reason the fully qualified name (e.g. 
\T=TREE\O=OU\CN=SERVER) is appended with a string similar to ?\?wp 
?w???????wj?0g then after that there are another 5 characters that differ 
with each packet, but at least one is a double-byte ASCII character of a 
square with four 0 in it (like when you try and display Chinese characters 
without the correct fonts).

I know that this is cosmetic, but this didn't appear in Ethereal 0.99.0 
loaded on the same machine from my memory. Any idea why this is happening?

Regards,

Gerry McCafferty
Server Support 
IBM Global Services A/NZ
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20070906/b3647849
/attachment.htm 

------------------------------

Message: 4
Date: Wed, 5 Sep 2007 20:09:12 -0600
From: Stephen Fisher <[email protected]>
Subject: Re: [Wireshark-users] Unable to compile static build of
	TShark	on	Fedora 7
To: Community support list for Wireshark
	<[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii

On Wed, Sep 05, 2007 at 03:12:52PM -0700, Barry Gould wrote:

> and if I do this:

> --disable-gtk2

> $ make -j2
> cc1: warnings being treated as errors
> erf.c: In function 'erf_open':
> erf.c:152: warning: const qualifier ignored on asm

Disabling GTK2 disables GLIB v2 as well.  On some systems, including my
MacOS X machine, GLIB1 is causing the warnings above.  This was recently
discussed on the (-dev?) mailing list, but I don't remember the specifics.
Removing --disable-gtk2 should work around this problem (or add
--disable-warnings-as-errors to the configure script).


Steve


------------------------------

Message: 5
Date: Thu, 6 Sep 2007 11:33:48 +0900
From: "Horyong Choi" <[email protected]>
Subject: [Wireshark-users] 3GPP2 A11 parsing error
To: <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"

As you see the Table 4.2.13-3 of 3GPP2 A.S0009-B v1.0 HRPD IOS-B, A11
RRQ-CVSE-Active Start Airlink Record-Subtype 108 is expressed to Subnet.

But wireshark show to Unknown 3GPP2 Attribute (Type:26, SubType:108).

See the under picture.



 

In the next version can I see the correct information?

 

Best Regards.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20070906/d366e57c
/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 31230 bytes
Desc: not available
Url :
http://www.wireshark.org/lists/wireshark-users/attachments/20070906/d366e57c
/attachment.jpeg 

------------------------------

_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 16, Issue 6
**********************************************