headers
Richard Turner | 22 May 2013 19:21

What is the use of pointer "cap_file_" in QtShark

In Wireshark/ui/qt/main_window.h there is a private member variable 
defined as:

capture_file *cap_file_;

I think it's a pointer to the global variable "cfile" (defined in tshark.c).

Is it true that we keep this pointer only to verify the validity of 
cfile (we set cap_file_ to NULL when the capture file is closed)?

Regards,
-Richard Turner

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 2 comments |
headers
Anders Broman | 22 May 2013 18:12
Picon
Favicon

Add an option to tshark to give the prefix or whole tempfile name?

Hi,

We have some automated scripts that uses tshark occasionally dumpcap crashes and leaves huge files in /tmp to fix that we write to a named file which

Causes its own problems. A solution could be to provide tshark with the name or the prefix of the tempfile to be able to clean up or over write the file.

Would someone be willing to implement this? I think it should be possible to use long option names tempfilename?

 

Regards

Anders

 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Richard Turner | 22 May 2013 07:19

Keep getting "unresolved external symbol" error when trying to use "summary_fill_in"

Hello,

I'm trying to implement the statistics summary window in QtShark, but 
when I use these two functions I keep getting LNK2019 "unresolved 
external symbol" error from my VS2010 compiler:

summary_fill_in(&cfile, &summary);
summary_fill_in_capture(&cfile, &global_capture_opts, &summary);

both are located in summary.c

I've tested using the two functions in main.cpp(which properly included 
the headers needed), and I got the same link error.

The headers I've included are as follows:
#include <string.h>
#include <time.h>
#include "config.h"
#include <glib.h>
#include "qt_ui_utils.h"
#include <epan/strutil.h>
#include <wiretap/wtap.h>
#include "globals.h"
#include "file.h"
#include "summary.h"
#include "version_info.h"

#ifdef HAVE_LIBPCAP
#include "../capture.h"
#include "ui/capture_globals.h"
#include "../capture-pcap-util.h"
#endif

Regards,
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 7 comments |
headers
Hardik Patel | 21 May 2013 11:59
Picon

TCP packet reassemble problem

Hello,

I am developing plugin in wireshark, which is working fine for single TCP packet.

My dissector tvb buffer start correctly after tcp checksum at the offset of 0035.

But in case of Reassembled packets, i can see that my tvb buffer for dissector pointing at the start of frame at 0000.


so how can i make my tvb buffer pointing at the end of tcp checksum as it should do.??

because of this problem my dissector wrongly dissecting frame.



Regards,
Hardik Patel
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Fabio Tarabelloni | 20 May 2013 21:49
Picon

ZigBee APS decription

Hi,

I updated the repository and after the sources compile process wireshark does't decript the APS command. If I open the same capture with release software the problem is not present.
(note: I compiled the current trunk sources in linux)

Fabio.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Anders Broman | 20 May 2013 20:36

Unexpected tap behaviour

Hi,
I just implemented the export_pdu tap for Diameter as well as SIP to my 
surprise if I don't define
a filter only SIP packets get experted from a file with both Diameter 
and SIP. If I specify a filter of
"diameter or SIP" both gets exported. I would have expected both to be 
exported with no filter. Could any one shed
some light on what's going on?
Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 2 comments |
headers
Alexis La Goutte | 20 May 2013 17:20
Picon

Kept support of Visual Studio 2005

Hi,

i found this line (in ui/gtk/summary_dialog.c)

#if (defined _WIN32) && (_MSC_VER < 1500)
  /* calling localtime() on MSVC 2005 with huge values causes it to crash */
  /* XXX - find the exact value that still does work */
  /* XXX - using _USE_32BIT_TIME_T might be another way to circumvent this problem */
  if (ti_time > 2000000000) {
      ti_tm = NULL;
  } else
#endif
  ti_tm = localtime(&ti_time);


and i ask if you need to kept the support of VS2005.

I search in mailing archive and not found specifically a topic about this.

May be cleanup the support of VS2005 with 1.11 ? 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 5 comments |
headers
Daniele Pala | 19 May 2013 14:38
Picon

COTP dissector problems

Hello, I've written a simple RFC 1006 implementation (https://github.com/danielePala/tosi) and used Wireshark to monitor the generated traffic. I'm seeing some problems, I attach a capture file to illustrate them, generated by the test cases of my implementation:

1. A lot of packets are marked as malformed, with reference to the T.125 protocol (which I never intended to implement). See, for example, packet number 4 of the capture file.

2. It seems that the ER (error) TPDU is not recognized, see packet number 26 for example.

3. RFC 1006 defines a non-standard TPDU to support expedited data (see page 14 of the standard, http://tools.ietf.org/html/rfc1006), but this is not recognized, see packet number 132 for example.

Of course, the attached capture file can be also generated by re-running the tests of my package.

NOTE: I'm using Wireshark 1.8.2 shipped with Debian Wheezy, however, in the changelogs of the more recent versions I haven't found mentions to these issues, so I suppose they are still there.

Best regards,
Daniele Pala
Attachment (tosi.gz): application/x-gzip, 5131 bytes
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
kunal bansal | 19 May 2013 15:36
Picon

GSOC Project:Process information

based on post
http://www.wireshark.org/lists/wireshark-dev/201305/msg00039.html
&
http://www.wireshark.org/lists/wireshark-dev/201305/msg00118.html

i got to know that the implementation has already been done in linux but we have to devise a UI via wireshark for the same

Besides For Windows:
honeevent can also be implemented using  winpcap
though using netshdump (which works via ETW, a good realtime support)works great to create a log file but it doesn't seems an option because it uses higher administrative rights.
So if we really want to realtime access we need to make a script using ETW on windows.

hone_notify can work as it is
.

FOR Mac OSX

As mentioned in my proposal,using dtrace scripts is a nice option.

conntrack DTrace script for Solaris and Opensolaris to monitor all outgoing TCP and UDP connections by process, user and port.

It has some filtering capabilities allowing to filter traffic by port, process or user.

 https://github.com/kunalbansal16/demo/blob/master/wiresharkdemo/mac%20os/dtrace/conntrack.d


Regards,
Kunal Bansal
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
gobejishvili | 17 May 2013 14:01
Picon

Wireshark 1.6.7 Memory Corruption

Hello,

 I'm Security Researcher, found memory corruption vulnerability in Wireshark 1.6.7 version 64BIT, vulnerability detect to kubuntu x64. Drag and drop can to make memory corruption.
After running it in GDB.

Program received signal SIGSEGV, Segmentation fault.
0x000055555568527f in dnd_open_file_cmd ()

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Edwin Abraham | 17 May 2013 13:38
Picon

Info for Sharkfest'13

Is there any session that will be held in a online sense.
I am interested in attending. But I won't be able to come due to the distance.
--
Edwin Abraham,
Skype ID: edwin_abraham12
BITS-Pilani, K.K. Birla Goa Campus, India
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@...>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |

Gmane