Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] wireshark-users-request@xxxxxxxxxxxxx

From: DreamsCN <dreamscn@xxxxxxxxx>
Date: Thu, 17 Jun 2010 16:36:57 -0400


On Thu, Jun 17, 2010 at 3:00 PM, <wireshark-users-request@xxxxxxxxxxxxx> wrote:
Send Wireshark-users mailing list submissions to
       wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
       https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
       wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
       wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

  1. Is Wireshark what I'm looking for? (James Arthurs)
  2. Large Packet Captures (Charles Wu)
  3. Re: Large Packet Captures (Jaap Keuter)
  4. Re: Saving packet related information in  pinfo.private_data
     (Sidda Eraiah)
  5. Re: Is Wireshark what I'm looking for? (Martin Visser)
  6. Re: Secured way of using Wireshark (David H. Lipman)
  7. WLAN capture in Mac OSX - no IP packets (Alexandre Takacs)
  8. Re: WLAN capture in Mac OSX - no IP packets (Guy Harris)
  9. Re: WLAN capture in Mac OSX - no IP packets (Alexandre Takacs)
 10. Problems when capturing data with dumpcap (Oendogan, Osman)
 11. Problems when capturing data with dumpcap (Oendogan, Osman)
 12. Re: Problems when capturing data with dumpcap (Bill Meier)
 13. Re: Secured way of using Wireshark (Maynard, Chris)
 14. Troubleshooting VoIP RTP streams with Wireshark (Charles Wu)
 15. Tshark - Value to large for defined data type
     (mark-wade@xxxxxxxxxxx)
 16. Re: Secured way of using Wireshark (Jakub Zawadzki)
 17. Re: Secured way of using Wireshark (Maynard, Chris)


----------------------------------------------------------------------

Message: 1
Date: Wed, 16 Jun 2010 14:53:55 -0500
From: James Arthurs <sgt1190@xxxxxxxxx>
Subject: [Wireshark-users] Is Wireshark what I'm looking for?
To: wireshark-users@xxxxxxxxxxxxx
Message-ID:
       <AANLkTimP9nV-W9q9-8YwBzGVZBNP_-eTj-rPAI1mHBhc@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

I've installed Wireshark, had it capturing packets, looked through the
packets, and not finding what I'm looking for.

I have it setup on a standalone server running a product using Oracle.  I
have the client installed on the same system.  I want to log the activity
that occurs between those and other locally ran processes.  What I'm finding
in the capture is all communication in/out of the system, but nothing I can
tell is internal to the system itself.

I'm essentially wanting something like CurrPorts or TCPView, but seeing the
actual packets that are being passed between processes.

am I in the right place?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100616/f655e19d/attachment.htm

------------------------------

Message: 2
Date: Wed, 16 Jun 2010 15:32:04 -0500
From: Charles Wu <cwu@xxxxxxxxxxxxxx>
Subject: [Wireshark-users] Large Packet Captures
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <5A33F11B2D122D48AF94389FB60FBC20C796761F0C@convexch01>
Content-Type: text/plain; charset="us-ascii"

Hi,

We are looking to do some long term larger packet captures (e.g., 1 day / 3 day / etc) - is there some way to setup wireshark so that it doesn't crash (a write to disk mode or something?) or is this something that we should be using a more command line utility like tshark for?

Thanks

-Charles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100616/371cf816/attachment.htm

------------------------------

Message: 3
Date: Wed, 16 Jun 2010 22:50:20 +0200
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Subject: Re: [Wireshark-users] Large Packet Captures
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <5eebf11640a28c35e3354337b1a13664@xxxxxxxxx>
Content-Type: text/plain; charset="utf-8"



Hi,

Look into using the CLI tool dumpcap, writing to a circular
buffer.

Thanks,
Jaap

On Wed, 16 Jun 2010 15:32:04 -0500, Charles Wu
wrote:

Hi,

We are looking to do some long term larger packet
captures (e.g., 1 day / 3 day / etc) - is there some way to setup wireshark
so that it doesn't crash (a write to disk mode or something?) or is this
something that we should be using a more command line utility like tshark
for?

Thanks

-Charles


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100616/f5a3f46a/attachment.htm

------------------------------

Message: 4
Date: Wed, 16 Jun 2010 13:59:31 -0700
From: Sidda Eraiah <sidda.eraiah@xxxxxxxxxxx>
Subject: Re: [Wireshark-users] Saving packet related information in
       pinfo.private_data
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <AANLkTikoBsTlOTgJSOODxA_UFzLFSuxTyi5zSCMSweCW@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Jaap,

Thanks for your response. I looked up for some samples for accessing
reassembly functions and conversation related functions that are called from
Lua Dissector scripts and could not find any.

Please provide a sample in Lua for accessing conversation and reassembly
functions. Is this documented someplace?

Thanks in advance.

--
Best Regards,
Sidda


On Tue, Jun 15, 2010 at 11:41 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

> Hi,
>
> Two things:
> 1. There are reassembly functions available for dissectors to use. These
> might help you out.
>
> 2. The pinfo only lives for a single packet dissection, so that won't work.
>  What you need to do is look into conversations, see README.developer
> section 2.2.
>
> Thanks,
> Jaap
>
> Send from my iPhone
>
> On 15 jun 2010, at 19:13, Sidda Eraiah <sidda.eraiah@xxxxxxxxxxx> wrote:
>
> Hi
>
> I am writing a dissector for a custom protocol and have a situation where
> packets on the wire may contain one or more frames. Also one frame can
> straddle across many packets. When I detect that a frame is straddling
> across multiple packets I would like to be able to set some custom data on
> pinfo to say how far I have progressed in getting the frame during the first
> pass (while recording traffic). I need this information stored per packet,
> as the dissector is can be called on random packet (due to user selecting
> one packet in the UI).
>
> I tried using pinfo.private_data and set some value on it by the following
> code in the dissector method:
>
>          print("pinfo.private_data: "..tostring(pinfo.private_data))
>         pinfo.private_data = {"mydata", 1, 2, 3, 4}
>         print("pinfo.private_data: "..tostring(pinfo.private_data))
>         print(tostring(pinfo.private_data))
>
> This prints out the following:
>
>
> pinfo.private_data: userdata: 0x7fff1c257f20
> pinfo.private_data: userdata: 0x7fff1c257f20
> userdata: 0x7fff1c257f20
>
>
>
> As you see the data that I am trying to set is not being retained in
> pinfo.private_data.
>
> *Is there a way to store some private data on pinfo that is retained next
> time the dissector is called with the same packet? *
>
> Any workaround or suggestion is appreciated.
>
> I am using Version 1.2.7 of Wireshark on Ubuntu 10.04 LTS.
>
> --
> Best Regards,
> Sidda
>
> Director of Management Services
> >|< Kaazing Corporation >|<
> 888, Villa St. Suite #410, Mountain View, CA 94041, USA
>
> ___________________________________________________________________________
>
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:     <http://www.wireshark.org/lists/wireshark-users>
> http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users>
> https://wireshark.org/mailman/options/wireshark-users
>              <wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe<wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx
> ?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100616/e68207cc/attachment.htm

------------------------------

Message: 5
Date: Thu, 17 Jun 2010 07:43:28 +1000
From: Martin Visser <martinvisser99@xxxxxxxxx>
Subject: Re: [Wireshark-users] Is Wireshark what I'm looking for?
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <AANLkTinL2YsT_Xe_wmSU29na1gFM2M3xtXUOoQVaysBm@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

It does what you want out of the box, but not if you are running on Windows.
See http://wiki.wireshark.org/CaptureSetup/Loopback for more details.

To be honest it is much easier  to set up a separate PC or even run a
Virtual Machine instance of the client to do this.

Regards, Martin

MartinVisser99@xxxxxxxxx


On Thu, Jun 17, 2010 at 5:53 AM, James Arthurs <sgt1190@xxxxxxxxx> wrote:

> I've installed Wireshark, had it capturing packets, looked through the
> packets, and not finding what I'm looking for.
>
> I have it setup on a standalone server running a product using Oracle.  I
> have the client installed on the same system.  I want to log the activity
> that occurs between those and other locally ran processes.  What I'm finding
> in the capture is all communication in/out of the system, but nothing I can
> tell is internal to the system itself.
>
> I'm essentially wanting something like CurrPorts or TCPView, but seeing the
> actual packets that are being passed between processes.
>
> am I in the right place?
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx
> ?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100617/d898378c/attachment.htm

------------------------------

Message: 6
Date: Wed, 16 Jun 2010 18:15:28 -0400
From: "David H. Lipman" <DLipman@xxxxxxxxxxx>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: wireshark-users@xxxxxxxxxxxxx
Message-ID: <hvbie1$93k$1@xxxxxxxxxxxxxxx>

From: "Nagendrababu Maseedu"
<Nagendra.Babu.Maseedu@xxxxxxxxxxxxx>


| ________________________________
| NOTICE: The information contained in this electronic mail transmission is intended by
| Convergys Corporation for the use of the named individual or entity to which it is
| directed and may contain information that is privileged or otherwise confidential. If
| you have received this electronic mail transmission in error, please delete it from
| your system without copying or forwarding it, and notify the sender of the error by
| reply email or by telephone (collect), so that the sender's address records can be
| corrected.

Please REMOVE such appended data before sending/posting.  It is really STUPID when sent to
an email list that is also available on a PUBLIC News Group !


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp





------------------------------

Message: 7
Date: Thu, 17 Jun 2010 03:45:31 +0200
From: Alexandre Takacs <admin@xxxxxxxxxxxxxx>
Subject: [Wireshark-users] WLAN capture in Mac OSX - no IP packets
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <972E7FDC-F41A-42A1-BFCE-FE57E88BF720@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

Folks

Relatively new to wireshark - please bear with me if I am missing something obvious.

I'd like to do packet capture on my WiFi network (which I have joined). I am only interested in data packets (specifically traffic form my iPhone).

I've installed WireShark and managed to have capture running in promiscuous mode. However I only see UDP packets from other devices, no IP...

Wha'ts up ?!

Any help / pointer most welcome

Regards

alex

------------------------------

Message: 8
Date: Wed, 16 Jun 2010 19:17:17 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] WLAN capture in Mac OSX - no IP packets
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <37A28491-A1B0-4967-8F29-78B81DD43EC1@xxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii


On Jun 16, 2010, at 6:45 PM, Alexandre Takacs wrote:

> I'd like to do packet capture on my WiFi network (which I have joined). I am only interested in data packets (specifically traffic form my iPhone).
>
> I've installed WireShark and managed to have capture running in promiscuous mode. However I only see UDP packets from other devices, no IP...

So what is the UDP traffic running over if it's not IP? :-)

I.e., what do you mean by "no IP packets"?  Do you mean "no TCP packets"?

If so, you're probably seeing only broadcast traffic.  The Wi-Fi adapters might not work in promiscuous mode; if you want to see traffic to and from other hosts, you might need to use monitor mode.

If you're running on Tiger, try capturing on wlt1 rather than en1.  If you're running on Leopard, try selecting 802.11 or 802.11+radio information headers.  If you're running on Snow Leopard, then either try that or, if there's a checkbox for monitor mode, try checking that.

Note that if your network is encrypted, you might have to capture the initial setup packets when the other machines join the network, and enter the password for the network, so that traffic to or from other machines can be decrypted.


------------------------------

Message: 9
Date: Thu, 17 Jun 2010 05:31:05 +0200
From: Alexandre Takacs <admin@xxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] WLAN capture in Mac OSX - no IP packets
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <B059CBA9-66BB-4388-A4A4-DA14D28D4B06@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

Hello

Thanks for your prompt response !

>> I'd like to do packet capture on my WiFi network (which I have joined). I am only interested in data packets (specifically traffic form my iPhone).
>>
>> I've installed WireShark and managed to have capture running in promiscuous mode. However I only see UDP packets from other devices, no IP...
>
> So what is the UDP traffic running over if it's not IP? :-)
>

Of course this should read no TCP ;)

>
> If so, you're probably seeing only broadcast traffic.  The Wi-Fi adapters might not work in promiscuous mode; if you want to see traffic to and from other hosts, you might need to use monitor mode.
>
> If you're running on Tiger, try capturing on wlt1 rather than en1.  If you're running on Leopard, try selecting 802.11 or 802.11+radio information headers.  If you're running on Snow Leopard, then either try that or, if there's a checkbox for monitor mode, try checking that.
>

Running 1.2.9 under SnowLeopard (10.6.4). Don't see a checkbox for monitor mode - Tried to switch to 802.11 mode: I certainly see much more noise (including lots of "malformed packets" - is this normal ?) but still not the TCP stuff I'm looking for (such as plain vanilla http traffic)

> Note that if your network is encrypted, you might have to capture the initial setup packets when the other machines join the network, and enter the password for the network, so that traffic to or from other machines can be decrypted.

Hmm... so what you are saying is that in an encrypted network I will not be able to access the plaintext content of the packets even if I have joined the network ?

Again many thanks for your help

Regards

alex



------------------------------

Message: 10
Date: Thu, 17 Jun 2010 17:46:00 +0200
From: "Oendogan, Osman" <osman.oendogan@xxxxxxxxxxx>
Subject: [Wireshark-users] Problems when capturing data with dumpcap
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <08E162FB776FF34898C0CC9CDBE6EF15034CA3CD@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Content-Type: text/plain; charset="iso-8859-9"

Hi,


       when capturing data via dumpcap, we encountered problems with packet dropping. The captured data is written on a named pipe (Solaris 10) from where it is read by our application for further proceeding. We see that when we do something with the data (within the same process where reading from pipe is done), we get the message dropped packages (approx. 10% of the captured packets).

       Can anyone give us any hints regarding the dropped packages when capturing data with dumpcap?

       Thanks a lot in advance

       Regards


       ----
       Osman ?ndo?an

       Siemens AG ?sterreich
       Siemens IT Solutions and Services
       SDE SVI OSS SAC

       Gudrunstrasse 11
       A-1100 Vienna, Austria
       Phone +43-51707-45773,
       Mobile +43-664-80117-45773,
       Fax    +43-51707-55712
       mailto:osman.oendogan@xxxxxxxxxxx

       Company Name: Siemens Aktiengesellschaft ?sterreich
       Legal Form: Stock Corporation
       Company Seat: Vienna
       Register Number: FN 60562 m
       Registered at: Commercial Court Vienna
       DVR-Number: 0001708

       Important Note: This e-mail  may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100617/fe756711/attachment.htm

------------------------------

Message: 11
Date: Thu, 17 Jun 2010 17:41:05 +0200
From: "Oendogan, Osman" <osman.oendogan@xxxxxxxxxxx>
Subject: [Wireshark-users] Problems when capturing data with dumpcap
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <08E162FB776FF34898C0CC9CDBE6EF15034CA3CA@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Content-Type: text/plain; charset="iso-8859-9"

Hi,

when capturing data via dumpcap, we encountered problems with packet dropping. The captured data is written on a named pipe (Solaris 10) from where it is read by our application for further proceeding. We see that when we do something with the data (within the same process where reading from pipe is done), we get the message dropped packages (approx. 10% of the captured packets).

Can anyone give us any hints regarding the dropped packages when capturing data with dumpcap?

Thanks a lot in advance

Regards


----
Osman ?ndo?an

Siemens AG ?sterreich
Siemens IT Solutions and Services
SDE SVI OSS SAC

Gudrunstrasse 11
A-1100 Vienna, Austria
Phone +43-51707-45773,
Mobile +43-664-80117-45773,
Fax    +43-51707-55712
mailto:osman.oendogan@xxxxxxxxxxx

Company Name: Siemens Aktiengesellschaft ?sterreich
Legal Form: Stock Corporation
Company Seat: Vienna
Register Number: FN 60562 m
Registered at: Commercial Court Vienna
DVR-Number: 0001708

Important Note: This e-mail  may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100617/363f554c/attachment.htm

------------------------------

Message: 12
Date: Thu, 17 Jun 2010 12:08:13 -0400
From: Bill Meier <wmeier@xxxxxxxxxxx>
Subject: Re: [Wireshark-users] Problems when capturing data with
       dumpcap
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <4C1A486D.5020506@xxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-9; format=flowed

Oendogan, Osman wrote:
> Hi,
>
>
>       when capturing data via dumpcap, we encountered problems with packet dropping. The captured data is written on a named pipe (Solaris 10) from where it is read by our application for further proceeding. We see that when we do something with the data (within the same process where reading from pipe is done), we get the message dropped packages (approx. 10% of the captured packets).
>
>       Can anyone give us any hints regarding the dropped packages when capturing data with dumpcap?
>

In general, packet dropping indicates a performance issue.  :)

http://wiki.wireshark.org/Performance has a few comments which may (or
may not) be helpful.




------------------------------

Message: 13
Date: Thu, 17 Jun 2010 12:23:13 -0400
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: "'David H. Lipman'" <DLipman@xxxxxxxxxxx>, 'Community support list
       for     Wireshark' <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <FEA7253CE01175418CE6A9BE162A915507C1285BDE@xxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

I guess you are unaware that many companies (such as the one I work for) have a policy in place on their mail servers whereby the various notices, disclaimers, etc. are automatically appended to any outgoing mail.  My company has been doing this at least as far back as 2004 (http://www.ethereal.com/lists/ethereal-dev/200407/msg00427.html).  At the time, I even contacted our IT group to ask that the disclaimers be removed from outgoing e-mails, particularly when they are being sent to open-source mailing lists such as this one.  But as you can tell by the annoying disclaimer that will inevitably be appended to this e-mail, I was unsuccessful.  As stupid as they are, these disclaimers are not likely to go away IMO.  In fact, I suspect they will only become more & more prevalent as more & more lawyers mandate that their companies "CYA".

- Chris


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of David H. Lipman
Sent: Wednesday, June 16, 2010 6:15 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] Secured way of using Wireshark

From: "Nagendrababu Maseedu"
<Nagendra.Babu.Maseedu@xxxxxxxxxxxxx>


| ________________________________
| NOTICE: The information contained in this electronic mail transmission is intended by
| Convergys Corporation for the use of the named individual or entity to which it is
| directed and may contain information that is privileged or otherwise confidential. If
| you have received this electronic mail transmission in error, please delete it from
| your system without copying or forwarding it, and notify the sender of the error by
| reply email or by telephone (collect), so that the sender's address records can be
| corrected.

Please REMOVE such appended data before sending/posting.  It is really STUPID when sent to
an email list that is also available on a PUBLIC News Group !

---> Nothing should follow this line ... but alas, the annoying disclaimer appears. <---
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



------------------------------

Message: 14
Date: Thu, 17 Jun 2010 12:15:39 -0500
From: Charles Wu <cwu@xxxxxxxxxxxxxx>
Subject: [Wireshark-users] Troubleshooting VoIP RTP streams with
       Wireshark
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <5A33F11B2D122D48AF94389FB60FBC20C796761F61@convexch01>
Content-Type: text/plain; charset="us-ascii"

Is there some way to actually listen to the audio RTP stream through Wireshark?

-Charles


------------------------------

Message: 15
Date: Thu, 17 Jun 2010 17:20:23 +0000 (UTC)
From: mark-wade@xxxxxxxxxxx
Subject: [Wireshark-users] Tshark - Value to large for defined data
       type
To: wireshark-users@xxxxxxxxxxxxx
Message-ID:
       <704148550.7549831276795223879.JavaMail.root@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Content-Type: text/plain; charset="utf-8"



Hello,



I am trying to use Tshark to read about 19,000 15MB files to get some network statistics.? My plan (since Tshark can't read files out of a directory) is to use mergecap to break the large number of files into?larger files.? Basically I merged 1000, 15MB into one large file and had about 20 of these.? I know that Mergecap cant handle large files without a workaround, which I have.? Problem is now that I have these 19 files that range from 3GB to 15GB and now when I run?# tshark -r pcapfile -q -z io,?phs??I get the error, The file pcapfile could not be opened: Value to large for defined data type.



Anythoughts?



Thanks,?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20100617/c71202fb/attachment.htm

------------------------------

Message: 16
Date: Thu, 17 Jun 2010 19:45:14 +0200
From: Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <20100617174514.GA12664@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-2

On Thu, Jun 17, 2010 at 12:23:13PM -0400, Maynard, Chris wrote:
> I guess you are unaware that many companies (such as the one I work for) have a policy in place on their mail servers whereby the various notices, disclaimers, etc. are automatically appended to any outgoing mail.  My company has been doing this at least as far back as 2004 (http://www.ethereal.com/lists/ethereal-dev/200407/msg00427.html).  At the time, I even contacted our IT group to ask that the disclaimers be removed from outgoing e-mails, particularly when they are being sent to open-source mailing lists such as this one.  But as you can tell by the annoying disclaimer that will inevitably be appended to this e-mail, I was unsuccessful.  As stupid as they are, these disclaimers are not likely to go away IMO.

Piece of advice from http://www.cygwin.com/ml/#disclaimer-bounce might help.

> If your company servers automatically add it, either persuade your
> sysadmins to turn it off for the lists, post from home, or use a free
> web-based e-mail service. There's enough of them out there.

--
Non-Proprietary (External Use Only - if swallowed, consult a doctor)
This email and any files transmitted with it are full of nonsense.
If you read it, you owe me the contents of your wallet.
CAUTION: Contents may have settled in packing or shipping. Void basically everywhere.


------------------------------

Message: 17
Date: Thu, 17 Jun 2010 14:32:14 -0400
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: 'Community support list for Wireshark'
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <FEA7253CE01175418CE6A9BE162A915507C1285BE0@xxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

Well, personally I don't think it would be a good idea to do what redhat has done, but if Gerald decides to change the post policy to bounce all e-mails with such notices and disclaimers appended to them, then so be it.

Other than that, this topic has already been discussed in the past (follow this thread if you really care: http://www.ethereal.com/lists/ethereal-dev/200409/msg00231.html), so nearly 6 years later, I don't really care to spend any more of my time on it.

- Chris

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jakub Zawadzki
Sent: Thursday, June 17, 2010 1:45 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Secured way of using Wireshark

On Thu, Jun 17, 2010 at 12:23:13PM -0400, Maynard, Chris wrote:
> I guess you are unaware that many companies (such as the one I work for) have a policy in place on their mail servers whereby the various notices, disclaimers, etc. are automatically appended to any outgoing mail.  My company has been doing this at least as far back as 2004 (http://www.ethereal.com/lists/ethereal-dev/200407/msg00427.html).  At the time, I even contacted our IT group to ask that the disclaimers be removed from outgoing e-mails, particularly when they are being sent to open-source mailing lists such as this one.  But as you can tell by the annoying disclaimer that will inevitably be appended to this e-mail, I was unsuccessful.  As stupid as they are, these disclaimers are not likely to go away IMO.

Piece of advice from http://www.cygwin.com/ml/#disclaimer-bounce might help.

> If your company servers automatically add it, either persuade your
> sysadmins to turn it off for the lists, post from home, or use a free
> web-based e-mail service. There's enough of them out there.

--
Non-Proprietary (External Use Only - if swallowed, consult a doctor)
This email and any files transmitted with it are full of nonsense.
If you read it, you owe me the contents of your wallet.
CAUTION: Contents may have settled in packing or shipping. Void basically everywhere.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 49, Issue 16
***********************************************