headers
Maxim Bakushin | 13 Nov 11:55

Ethereal - how it reads data from NDIS

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

Hi, all.
 
I have a WinXP SP2 machine with a NDIS driver installed. Application running on this machine re-assembles VLAN-tagged Ethernet frames and sends them to a router via L2 switch.
When I run Ethereal (0.99.0, WinPcap 3.1) on this machine, I can see correct VLAN-tagged Ethernet frames sent to the destination, but when I monitor (with Ethereal) the LAN between that machine and L2 switch - the frames do not include the VLAN-tags. Its seems me strange.
So, my question is - what is source of information for Ethereal on the WinXP machine ?
Thanks in advance.
maximb
************************************************************************************** The contents of this email and any attachments are confidential, and are proprietary (Continue reading)

Permalink | Reply | 0 comments |
headers
Sean WANG | 13 Nov 08:03
Picon
Favicon

How to extract ONLY the info I want from captured data?

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

Hi,

I have a captured data file. How do I extract ONLY the info I am 
interested for each packet? I want the output file contain only (Source 
IP, Destination IP, Source Port, Destination Port, Protocol, Received 
Time).

Is there any command of Ethereal that I can use? Or do you have any 
other suggestions?
Thx a lot.

Regards,
Sean
Permalink | Reply | 0 comments |
headers
nnp | 12 Nov 20:02
Picon

Saving session in plain text

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

Hi,
I have a captured SIP session that I wish to replay using a python
script of mine. I require the saved packed dump to be in the form

REGISTER sip:127.0.0.1 SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:5066;rport;branch=z9hG4bKecjlzkte
Max-Forwards: 70
To: "Bleh <101>" <sip:101 <at> 127.0.0.1>
From: "Blah <101>" <sip:101 <at> 127.0.0.1>;tag=gaerh
Call-ID: dchafnkgbzxaavm <at> 127.0.0.1
CSeq: 396 REGISTER
Contact: <sip:101 <at> 127.0.0.1:5066>;expires=3600
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, REFER, NOTIFY, SUBSCRIBE
User-Agent: Bleh/0.4.2
Content-Length: 0

e.g plain text

I was wondering how I would go about getting ethereal to save the
session in this format. I could probably strip the libpcap headers
from each packet after I saved it but i'd prefer if there was an
easier way.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Connie Hughes | 10 Nov 20:58

paring gouge noble gas

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

absolutely resolved on remaining where she was. she cared for none of her friends; she wanted no
help<BR>"from the very beginning-from the first moment, i may almost say-of my acquaintance with
you,<BR>do nothing but wonder at such a want of penetration, or fear that perhaps, instead of his seeing
too<BR>could be prevailed on to receive her, offering his assistance, as far as it would go. but he found
lydia<BR>"i cannot fix on the hour, or the spot, or the look, or the words, which laid the foundation. it
is<BR>elizabeth was pleased to find his memory so exact; and he afterwards took occasion to ask
her,<BR>elizabeth made no answer; and without attempting to persuade her ladyship to return into
the<BR>elizabeth made no answer; and without attempting to persuade her ladyship to return into
the<BR>darcy's regard."<BR>but they were entirely ignorant of what had passed; and their raptures co
 ntinued, with little<BR>cousins, had more to say than he could well manage before the carr
 iage stopped at longbourn house.<BR>"yes, indeed, and received no inconsiderable pleasure from the
sight. do you often dance at st.<BR>addressed to their father, and written with all the solemnity of
gratitude which a twelvemonth's abode<BR>believed that the happy spirits which had seldom been
depressed before, were now so much affected as<BR>"you shall hear then-but prepare yourself for
something very dreadful. the first time of my ever<BR>compliment of the highest kind. they soon
outstripped the others, and when they had reached the<BR>"she is happy then," said her father drily; "and
her residence there will probably be of some<BR>"gracechurch street, monday, august 2.<BR>"you have.
yes, there was something in that ; i told you so from the first, you may remember."<BR>certainly am not. but
he is, beyond all comparison, the most agreeable man i ever saw-and if he<BR>"i must confess tha
 t he did not speak so well of wickham as he formerly did. he believed him to<BR>admitted n
 ot of a doubt, that all her friend's dislike would vanish, if she could suppose him to be in her<BR>ago, was
now brought forward again.<BR>"you have only proved by this," cried elizabeth, "that mr. bingley did not
do justice to his own<BR>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Leonardo Borda | 10 Nov 15:36
Picon

Ethereal via web

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

Hello,

	I have been using ethereal and I would like to know if exists a web interface to visualize it.
	If does not exist do you know any other software which has this feature? A web tcpdump for example?
	Does anyone know any?

Best regards,

Leonardo
Permalink | Reply | 0 comments |
headers
trefor.2.edwards | 10 Nov 12:06
Favicon

SNA and Etherreal

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

HI

I work on a VMS (Ex Digital & HP - Now Compaq VMS) operating system and have a SNA trace file in both raw binary format and ASCII Analyzed format.

What do I need to do to get wonderful Ethereal to analyze these captured traces?

Thanks

Trefor
<<SNA.ZIP>>

Attachment (SNA.ZIP): application/x-zip-compressed, 2042 bytes
(Continue reading)

Permalink | Reply | 2 comments |
headers
Justin Aborn | 9 Nov 19:07

How do I get Ethereal (Windows XP) to start using a new/added RADIUS dictionary.<something>?

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

I want to decode new vendor specific RADIUS attributes.

I added a new dictionary file to the Windows directory where all the
other radius dictionary files are (and working fine...):

	C:\Program Files\Ethereal\radius

But it's apparently not as simple as that.  Ethereal is still not
decoding the Vendor Specific Attributes specified in the added
dictionary file.

There must be some form of "install dictionary" process that I have not
found anything about in help/faq/READMEs/etc.

Any advice?

TIA

Justin
Permalink | Reply | 2 comments |
headers
Wireshark announcements | 1 Nov 02:40
Favicon

Wireshark 0.99.4 is now available


Wireshark 0.99.4 has been released.

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer.
   It is used for troubleshooting, analysis, development, and
   education.

What's New

  Bug Fixes

   The following vulnerabilities have been fixed. See the security
   advisory for details and a workaround.

     o The HTTP dissector could crash. (Bugs 1050 and 1079)
       Versions affected: 0.99.3.
       CVE-2006-5468

     o The LDAP dissector (and possibly others) could crash. (Bug
       1054)
       Versions affected: 0.99.3.
       CVE-2006-5740

     o The XOT dissector could attempt to allocate a large amount of
       memory and crash. (Bug 1133)
       Versions affected: 0.9.8 to 0.99.3.
       CVE-2006-4805
(Continue reading)

Permalink | Reply | 0 comments |
headers
Goran Å trok | 10 Oct 14:37
Picon

Question!

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

Hello!
 
In which tipe of file is saved ethereal trafic? How can I include ethereal trafic to the C or C++ source?
 
Thanks
_______________________________________________
Ethereal-users mailing list
Ethereal-users <at> ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users
Permalink | Reply | 0 comments |
headers
Alice O. | 9 Oct 15:31
Picon

Aumente los ingresos con nuestro equipo

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

Saludos,

Estamos realizando una campaña de selección del personal:

1. Asistente de pagos

Cantidad de vacancias: 23
Area: EEUU, Australia, Gran Bretaña, Europa
Compensasión: 400-500 EUR a la semana
Jornada: completa o parcial (5-7 horas a la semana)

Más información:

Exigencias:

Conocimientos básicos de diferentes sistemas (bancarios y no bancarios) de
pago.
Posibilidad de dedicarse al trabajo por lo menos 3-4 horas al díá.
Usuario del ordenador (Internet y Email)
Educación superior o especial no se necesita.

El trabajo es nada complicado, recibirá todo el soporte.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Hila Sheftel - Israel | 9 Oct 14:24
Favicon

Some question on SMB

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users <at> wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

Hi,
 
I tied unsuccefully to subscribe to this mailing list, so I hope it is O.K I am sending this ail anyway.
 
I am trying to learn a bit about SMB. I sniffed the copying of a file from a shared folder in the LAN I belong to to my desktop. From some reason, the file was copied 3 times to my computer (3 Read AndX Responses), and the exact same process [NT Create AndX Request, NT Create AndX Response, Trans2 Request (SET_file_info), Trans2 Response (Set_file_info), Read AndX Request, Read AndX Response (containing the file Data), Close Request, Close Response] was repeated. It think it is not due to timeouts, because the responses were received before the following requests were sent. I have no idea why it happens, but it adds a lot of redundent traffic. Have any idea wat is the problem? Moreover, in the above process, my computer tries to SET_FILE_INFO. Why does it do so (SET info) if it only COPIES the file?
(Continue reading)

Permalink | Reply | 0 comments |

Gmane