Home page logo
wireshark logo
Wireshark Mailing List

Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

List Archives


Latest Posts

IO graph issue in "view as time of day" Vishnu Bhatt (Oct 21)

In IO graph under statistics, if I tick "view as time of day" option and then copy as CSV and paste it to excel sheet,
I find an issue.

The time in the excel sheet is shown as:


But actually the data 1514bytes is the total number of bytes from 55.7 to 55.8 and not from 55.6 to 55.7. So the actual
output should have been as below:...

Harman HiQnet protocol Raphaƫl Doursenaud (Oct 21)
Hi everyone,

I'm currently working on a dissector for the Harman HiQnet protocol.

This is a protocol used for controlling pro-audio gear from Harman Group
vendors (AKG, BSS, Crown, dbx, JBL, Lexicon, Martin, Soundcraft and Studer).
More information can be found at http://hiqnet.harmanpro.com/

This is my first time writing a dissector so I would like to thank and
congratulate the people who wrote the documentation. It's tremendously...

Re: Feedback on WS 2 preview Guy Harris (Oct 20)
Presumably the scroll bar shows up in the preview as well (it shows up in a Qt build from the trunk), and the only
issue is whether "Automatic scrolling in live captures" works (as it is in the GTK+ version, including current trunk
builds) - it's set, but doesn't seem to be working in a built-from-the-trunk Qt version.

Please file this as a bug on the Wireshark Bugzilla.

Feedback on WS 2 preview John Boxall (Oct 20)
I recently installed the latest stable WS and the WS2 preview and noticed
one difference in behaviour in the WS2 preview packet list pane that I hope
can be changed.

In the current WS, once the packet list pane fills up a scroll bar is made
available to scroll the list. If you scroll to the end (bottom) the packet
list continues to show the latest packet as more and more are coming in. In
the WS 2 preview the last displayed packet is shown and...

Gerrit StartSSL OpenID provider Peter Wu (Oct 19)

Has anyone tried to link a StartSSL identity in Gerrit? I just tried to do so,
but get a 401 Unauthorized back in Gerrit.

Although not available in the UI, you can chose your own OpenID provider by
hitting one of the provider buttons (e.g. StartSSL), then cancel by hitting Esc
(Stop). Use Firebug to disable the submit event on the form and edit the hidden
form, then submit.

In my case, I chose for https://lekensteyn.startssl.com/ but now I...

Re: wireshark seems to not correctly follow WPA2 rekeying Alexis La Goutte (Oct 19)

it is possible to create a new issue with your pcap sample ?

Re: ARM Build Graham Bloice (Oct 18)
Maybe not so easy, I tried using CMake (3.02) but got the following in the
error log where CMake tries to identify the compiler:

Build started 18/10/2014 15:41:44.
on node 1 (default targets).
C:\Program Files
error MSB8022: Compiling Desktop applications...

Re: ARM Build Alexis La Goutte (Oct 18)
Hi Guy,

Thanks, now build without error on ARM hf :-)

May be a good idea to try also with VS2013 on ARM too...

Re: Functioning of FCS checkbox in IEE802.11 prot Guy Harris (Oct 18)
On Oct 17, 2014, at 8:25 AM, "Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco)" <emedward () cisco com>

There are three flavors of 802.11 packet provided to the 802.11 dissector:

1) packets from sources that indicate whether the packet includes the FCS, such as some capture file formats;

2) packets that include metadata that indicates whether the FCS is included, such 802.11+radiotap...

Functioning of FCS checkbox in IEE802.11 prot Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco) (Oct 18)
Hi Team,

Thanks for your attention!

This is regd the FCS representation in the 802.11 frames.

Most of the Cisco APs do have the last 4-byte of FCS, which is rightly represented in the wireshark captures.

Whereas, in a recent AP, we do not include this 4byte FCS.
So we go for the option in 'Edit-->Preferences-->Protocol-->IEEE 802.11-->Assume packets have FCS'
But still, wireshark treats the last 4-bytes as FCS; as a...

Re: ARM Build Guy Harris (Oct 16)
The compiler's wrong, but I redid the code a bit so that rapid_description will always be set. That's not an ARM
issue, except perhaps to the extent that the dataflow analysis has architecture-specific parts, with the ARM version
not recognizing that this isn't a problem (or with other versions not having the chance to incorrectly decide it is a

I've checked a change into the trunk, which simplifies the code a...

Re: ARM Build Guy Harris (Oct 16)

"Type char

Visual Studio 2013 Other Versions 1 out of 1 rated this helpful - Rate this topic

The char type is used to store the integer value of a member of the representable character set. That integer value is
the ASCII code corresponding to the specified character.

Microsoft Specific

Character values of type unsigned char have a range from 0 to 0xFF...

Re: ARM Build Guy Harris (Oct 16)
The warning was due to unsigned 8-bit values always being <= 0xFF.

A better fix is to extract the upper and lower nibbles and to make sure they're both >= 0xA, as a nibble is always <=
0xF (fewer tests, no special-casing of 0xFF). I checked that in, with the nibble extractions casting the result to
guchar to make sure no sign-extension is done on platforms with *signed* characters.

Checked into the trunk and backported to 1.12...

Re: ARM Build Graham Bloice (Oct 16)
On 15 October 2014 19:03, Alexis La Goutte <alexis.lagoutte () gmail com>

Visual Studio (VS2013 at least) as 32 & 64 bit ARM compilers. I've never
fired them up though. I wonder if CMake can be persuaded to make solution
files that include ARM compilation options.

Re: ARM Build Guy Harris (Oct 15)
...which may be running a compiler in which "char" is unsigned; I seem to remember that issue coming up with some
software in the past couple of months (possibly Wireshark, possibly libpcap or tcpdump).

We should probably make "s" a "const guchar *", and do the appropriate cast.

"static const char str_to_nibble[]" should be "static const gint8 str_to_nibble[]", and "char c, d" should...

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]