http://permalink.gmane.org/gmane.network.wireshark.devel hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.network.wireshark.devel/10721 Peter Johansson 2008-07-05T14:36:09 http://permalink.gmane.org/gmane.network.wireshark.devel/10720 jgroups/COPYING is the GPLv2, so you've taken care of the biggest licensing issue there. Just follow all the constraints in that document; there's no licensing issue with making binaries available, as long as the source from which the binaries were built is available (lots of GPLed software is available in binary form, including Wireshark). Guy Harris 2008-07-04T18:32:30 http://permalink.gmane.org/gmane.network.wireshark.devel/10719 Hello I have written a draft version of a plugin for JGroups (see http://www.jgroups.org). The plugin source is freely available at http://javagroups.cvs.sourceforge.net/javagroups/wireshark-plugin. Rather than requiring users to download wireshark, download the plugin and then modify the wireshark distribution by hand to incorporate the plugin, we would like to make prepared wireshark binaries freely available on the JGroups SourceForge project, complied for a few of the most common OSs. Are there any licensing issues to be taken into account before doing this? Richard Richard Achmatowicz 2008-07-04T18:04:45 http://permalink.gmane.org/gmane.network.wireshark.devel/10718 The Buildbot has detected a new failure of Ubuntu-7.10-x86-64 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Ubuntu-7.10-x86-64/builds/65 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: ubuntu-7.10-x86 Build Reason: Build Source Stamp: HEAD Blamelist: wmeier BUILD FAILED: failed shell_8 sincerely, -The Buildbot buildbot-no-reply-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org 2008-07-04T16:31:34 http://permalink.gmane.org/gmane.network.wireshark.devel/10717 hello, On Fri, 2008-07-04 at 13:30 +0200, Jaap Keuter wrote: The bug has been filed: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2681 and a review for the attached patch has been requested. Cheers, Paolo -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Scopri le tue passioni con Leonardo.it! * Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7614&d=4-7 Paolo Abeni 2008-07-04T12:56:47 http://permalink.gmane.org/gmane.network.wireshark.devel/10716 Hi, Better file a bugreport on bugs.wireshark.org so this won't get lost. Thanx, Jaap Paolo Abeni wrote: Jaap Keuter 2008-07-04T11:30:33 http://permalink.gmane.org/gmane.network.wireshark.devel/10715 I have re-read a previos mail and I think the file I was searching for is packet-skinny.c. CallInfoMessage has the field 'CallIdentifier' but I'm not sure if it is worth for my porposes I will keep on searching and appreciate any help María de Fátima Requena Cabot (2488) +34 91 787 23 00 alhambra-eidos.es   -----Mensaje original----- De: wireshark-dev-bounces-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org [mailto:wireshark-dev-bounces< at >wireshark.org] En nombre de Maria de Fatima Requena Enviado el: viernes, 04 de julio de 2008 11:08 Para: Developer support list for Wireshark Asunto: [Wireshark-dev] same call Hi again If you remember I am trying to record skinny calls. I have one problem. When the sniffer is between two telephones, the Call Manager sends the same signaling for both of them, but with different id's, so I am doing tricks to associate both calls and having just one of them into account. I am trying to find if there is any Skinny message field which lets me know that two different conference i Maria de Fatima Requena 2008-07-04T10:07:34 http://permalink.gmane.org/gmane.network.wireshark.devel/10714 Hi again If you remember I am trying to record skinny calls. I have one problem. When the sniffer is between two telephones, the Call Manager sends the same signaling for both of them, but with different id's, so I am doing tricks to associate both calls and having just one of them into account. I am trying to find if there is any Skinny message field which lets me know that two different conference id's belong to the same physical call. Could you please tell me if it does exists or at least in which Wireshark file can I find the structure of all skinny messages? Thanks in advance María de Fátima Requena Cabot (2488) +34 91 787 23 00 alhambra-eidos.es   Maria de Fatima Requena 2008-07-04T09:07:35 http://permalink.gmane.org/gmane.network.wireshark.devel/10713 hello, the attached patch fix some glitches in the ssl decryption code, namely: - the StringInfo allocator is allowed to return a NULL pointer if the requested data length is 0 - the cipher_suites table is expanded and many wrong values are now fixed - some duplicate code about ssl session state checking is unified into the proper location - the ssl session structure is now properly initialize (a couple of fields where manged in the wrong way) - added some more verbose debug messages I tested the new code against the pcap trace available on the web site and it work properly. The patch is against svn revision 25668. cheers, Paolo -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: VOGLIA DI VACANZE ? * I Costahotels sono gli alberghi specializzati in tour enogastronomici nell'entroterra Romagnolo. Rimini, Riccione, Misano. Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=8034&d=4-7 Paolo Abeni 2008-07-04T07:02:06 http://permalink.gmane.org/gmane.network.wireshark.devel/10712 On Jul 3, 2008, at 2:43 PM, Kumar, Hemant wrote: That's not possible, and there's no workaround. You have to give fields their full name. If you have several message types with a "flags" field, *and* that "flags" field is the same in all those message types, you could register a "proto.flags" field, and "proto.flags.XXX" fields for the flags in the "flags" field. As per my earlier mail, displaying the field list as a multi-level tree could be done without that. Guy Harris 2008-07-03T22:00:00 http://permalink.gmane.org/gmane.network.wireshark.devel/10711 Hello Thanks!! Yes I completely agree with you but tcp.flags.syn appears because we have already registered a field with the name tcp.flags.syn. What I want to know is that whether such a tree like structure which appears in the details pane is possible in the Filter Expression Dialog Box? And I don't want to register fields like tcp.flags.syn rather register them individually i.e. register flags separately, syn separately and let the wireshark make the filter expression depending upon the selection in the Filter expression dialog box. I guess this has not been implemented for Filter Expression Box, but still I wanted to know if it is possible to work around. Thanks Hemant -----Original Message----- From: wireshark-dev-bounces-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org [mailto:wireshark-dev-bounces-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org] On Behalf Of Abhik Sarkar Sent: Thursday, July 03, 2008 1:36 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Query on Field Registration Isn't Kumar, Hemant 2008-07-03T21:43:32 http://permalink.gmane.org/gmane.network.wireshark.devel/10710 Isn't _something_ like what you want already present. I agree it is not _exactly_ the same, but it is very similar. Taking your example of the TCP protocol: - Select any frame. - In the Packet Details pane - click + to expand the TCP protocol - click + to expand the Flags. - Select a flag of your choice (e.g. SYN) - Right-click and choose "Prepare a filter > Selected", and ""tcp.flags.syn == X" appears in the display filter field! Regards, Abhik. On Thu, Jul 3, 2008 at 11:09 PM, Kumar, Hemant <kumarh-zC7DfRvBq/JWk0Htik3J/w< at >public.gmane.org> wrote: Abhik Sarkar 2008-07-03T20:36:19 http://permalink.gmane.org/gmane.network.wireshark.devel/10709 Martin Corraine (mcorrain 2008-07-03T19:57:58 http://permalink.gmane.org/gmane.network.wireshark.devel/10708 Kumar, Hemant 2008-07-03T19:09:02 http://permalink.gmane.org/gmane.network.wireshark.devel/10707 "Appear" where? Presumably not in the protocol tree, because that's how it *does* appear there. It sounds as if you mean in the "Filter Expression" dialog box. It's not. We could probably have the code that constructs the tree view in the "Filter Expression" dialog box check, if there's a field "foo.bar.bletch", whether there's a "foo.bar" field, and, if so, put "foo.bar.bletch" into a tree under "foo.bar" rather than at the top level. Guy Harris 2008-07-03T19:09:11 http://permalink.gmane.org/gmane.network.wireshark.devel/10706 Kumar, Hemant wrote: That's not (currently) possible in the Expression UI. No, you would have to create many hf_ entries, one for each message + parameter combination. (Personally I think that design would constrain the power of the filter mechanism but I don't know what you're doing.) Jeff Morriss 2008-07-03T18:56:34 http://permalink.gmane.org/gmane.network.wireshark.devel/10705 Hello Hemant, I'm still not sure what your trying to do. I'm sorry. Are you having trouble setting up the trees and subtrees? Or do you want to, when searching for a particular message type, just display those trees relating to your search? That I don't think is possible unless you add more code. Wireshark won't just do that automatically. martin -----Original Message----- From: wireshark-dev-bounces-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org [mailto:wireshark-dev-bounces-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org] On Behalf Of Kumar, Hemant Sent: Thursday, July 03, 2008 1:31 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Query on Field Registration Thanks Martin and Abhik!! For the replies. But what I am actually looking for is when the user goes for setting subfields type so as to filter messages of his interest, he should see a tree structure with subfields beneath the main field. That is for example for tcp it should not appear as Tcp.flags.cwr Tcp.flags.ecn Tcp.flags.urg Tcp.f Martin Corraine (mcorrain 2008-07-03T18:14:23 http://permalink.gmane.org/gmane.network.wireshark.devel/10704 Thanks Martin and Abhik!! For the replies. But what I am actually looking for is when the user goes for setting subfields type so as to filter messages of his interest, he should see a tree structure with subfields beneath the main field. That is for example for tcp it should not appear as Tcp.flags.cwr Tcp.flags.ecn Tcp.flags.urg Tcp.flags.ack and so on rather it should appear as Tcp+ Flags+ cwr ecn urg ack By clicking on the + the subtree should appear So I don't want to register fields like ged125.service_control rather Just register Service control which is going to be common to several other messages separately and then relate it to those messages in the dissect_function()while feeding the information from tvb_buffer in to the field. Ofcourse , this is possible but then in the expression window simply appears service_control and ged125+ Service_control. Please shed some light on this aspect w Kumar, Hemant 2008-07-03T17:30:36 http://permalink.gmane.org/gmane.network.wireshark.devel/10703 Hello Hemant, The ged125 protocol that I'm finishing right now has a lot of sub-messages. I would create a field registration of this message type that has several sub messages below it. So, for instance I can search "ged125.service_control" for all those messages. Now, if I want to search for a particular service control I can search by doing this "ged125.service_control == 20". Below is the field registration. All the various sub-types are in a value_string array. Hope this helps. { &hf_ged125_service_control_MessageSubvalue, { "Message value", "ged125.service_control", FT_UINT32, BASE_DEC, VALS(vals_service_control_message_subvalues), 0x0, "Sub-Service Control Message value", HFILL }} -Martin -----Original Message----- From: wireshark-dev-bounces-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org [mailto:wireshark-dev-bounces-IZ8446WsY0/dtAWm4Da02A< at >public.gmane.org] On Behalf Of Abhik Sarkar Sent: Thursday, July 03, 2008 2:26 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Martin Corraine (mcorrain 2008-07-03T12:27:44 http://permalink.gmane.org/gmane.network.wireshark.devel/10702 Hi Hemant, As far as I know nesting of header fields is not possible... check out epan/proto.h where the field info structures are defined. What you could do is something like have: hf_message_type hf_field1 hf_field2 Then, the display filter would be "message.type==1 && field1.value==X" or "message.type==2 && field1.value==X). You can then (in the protocol tree) next the fields under message types by using subtrees... This is done for the protocol I am most familiar with (SMPP) and you can check in packet-smpp.c how the common DCS field is handled in a submit_sm and a data_sm. HTH Abhik On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <kumarh-zC7DfRvBq/JWk0Htik3J/w< at >public.gmane.org> wrote: Abhik Sarkar 2008-07-03T06:25:36 http://permalink.gmane.org/gmane.network.wireshark.devel/10701 This is the dissector for the FIX Protocol: http://anonsvn.wireshark.org/wireshark/trunk/epan/dissectors/packet-fix.c It is also included when you download Wireshark source code. Steve Stephen Fisher 2008-07-03T05:35:53 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.network.wireshark.devel