Ask Your Question

Anders's profile - activity

2019-11-13 09:14:25 +0000 commented question Different protocols recognized by tshark on Windows and Linux

Check tcp preferences on both machines.

2019-11-13 08:18:04 +0000 commented question How do you pull phone number IPs?

Not enough context to answer.

2019-11-08 10:54:30 +0000 commented question How to decode TCP message into diameter CCR-U gx message?

Add the ports used to the diameter preferences.

2019-11-06 10:08:52 +0000 received badge  Rapid Responder (source)
2019-11-06 10:08:52 +0000 answered a question ASCII to Integer in Dissector

You should use FT_STRING for the hf. If you need the value internaly in your dissector you have to convert the string to

2019-10-04 12:07:41 +0000 received badge  Rapid Responder (source)
2019-10-04 12:07:41 +0000 answered a question I found that in my wlan-capture file. Expert Info (Note/Undecoded): Dissector for 802.11 IE Tag (20/40 BSS Intolerant Channel Report) code not implemented.Could you tell me what is happening?

Wireshark does not yet dissect this IE.

2019-09-18 10:41:10 +0000 commented question Multiple file capture mode not working for nRF52 BLE sniffer

I think you ought to report this to Nordic. I would guess it has to do with writing new file headers when switching file

2019-09-06 19:10:45 +0000 commented question Build Wireshark 2.6.1 32 bits with Microsoft Visual Studio 2017

Do you have the qt version corresponding to your msvc version?

2019-09-03 06:47:52 +0000 commented answer 5G SM OTA message decodes fail

I don't think a date has been set but it can be a while, like mid 2020.

2019-08-27 06:55:52 +0000 commented question how to use libwireshark to parse the pcap captured packets ?

libwireshark isb't really built to be a standalone library so you are probably on your own figuring out how to use it. N

2019-08-27 06:54:00 +0000 commented question how to separate out tshark as separate project?

You are probably better off by editing the list of dissectors then.

2019-08-27 06:20:34 +0000 commented question how to separate out tshark as separate project?

Why would you want to do that? Building the project creates executables that makes it possible to deploy tshark only.

2019-08-27 06:16:21 +0000 commented question how to use libwireshark to parse the pcap captured packets ?

Not sure I get it. Wireshark has dissectors for enip and cip I think. Can't you use/extend them?

2019-08-19 14:40:41 +0000 commented answer Can Wireshark parse and decode LPPe?

Open a bug report with an enhancement request and attach a sample pcap.

2019-08-19 04:21:05 +0000 commented question I want to capture concurrently and save it as multiple files where each file has its own distinct capture filter?

You would have to run a tshark process per capture filter. Not sure how feasible that would be.

2019-08-15 11:06:08 +0000 commented answer 5G SM OTA message decodes fail

Yes you need to provide a pcap, preferably in a bug report.

2019-08-15 07:02:20 +0000 commented answer 5G SM OTA message decodes fail

Hi, You should get it from here or build from source to have the latest as this is ongoing development. As Jaap says nex

2019-08-15 07:01:10 +0000 commented answer 5G SM OTA message decodes fail

Hi, You should get it from here or build from source to have the latest as this is ongoing development. As Jaap says nex

2019-08-15 04:21:04 +0000 answered a question 5G SM OTA message decodes fail

You need to use the development version where the 5G protocol decoding is updated.

2019-08-15 04:21:04 +0000 received badge  Rapid Responder (source)
2019-08-13 13:39:31 +0000 commented answer Is the media-type application/problem+json supported?

Ok, I have checked in the patch now.

2019-08-13 13:17:40 +0000 commented answer Is the media-type application/problem+json supported?

Added https://code.wireshark.org/review/#/c/34270/ but without a trace it can't be verified.

2019-08-13 11:54:42 +0000 received badge  Rapid Responder (source)
2019-08-13 11:54:42 +0000 answered a question Is the media-type application/problem+json supported?

Does Wireshak keep a matrix compliance list with all media-types supported? No Is Wireshark able to decode a a

2019-08-09 12:56:48 +0000 commented answer Which version of Wireshark to use to decode NGAP ( 38.413 version 15.3.0) messages ?

That version is using 3GPP TS 38.413 V15.4.0 (2019-07) but that should work. Can you raise a bug report with a small pca

2019-08-09 10:22:41 +0000 answered a question Which version of Wireshark to use to decode NGAP ( 38.413 version 15.3.0) messages ?

You need to use the development version https://www.wireshark.org/download/automated/

2019-08-09 10:22:41 +0000 received badge  Rapid Responder (source)
2019-07-18 18:57:50 +0000 commented question Why aren't the AVPs I added to the DIAMETER dictionary working?

Seems like the vendor flag is not set.

2019-07-08 10:52:30 +0000 answered a question How to open SSCOP/ALCAP protocol stack pcap?

No one has commited code to Wireshark to read this DLT so you would have to wrire it in that case.

2019-07-08 10:52:30 +0000 received badge  Rapid Responder (source)
2019-06-28 13:00:07 +0000 commented question Can I join a SIP frame with the next Continuation frame?

If this is over TCP it means reassembly failed. Do you have out-of-order or duplicated packets? What version of Wireshar

2019-06-12 17:49:07 +0000 commented question NGAP handover request message malformed

Bug opened here

2019-06-12 13:56:08 +0000 commented question NGAP handover request message malformed

Open a bug report and attach a pcap.

2019-06-04 15:35:20 +0000 commented question Custom vendor-specific diameter dictionary xml

Why not just add the missing enums to dictionary.xml?

2019-05-23 07:08:09 +0000 commented question RTP Streams show very strange results - Packets vs Packets lost not adding up, Max Jitter of 33554451.441

If you have packets out of order or duplicated packets it's possible the calculation get starnge results.

2019-05-22 18:47:13 +0000 commented answer How to handle memory growth in tshark while reading from a captured file.

It's not so easy some structures are handled by the protocol dissectors them selfs and may or may not be possible to tur

2019-05-15 10:37:55 +0000 commented answer Infer machine boot time/up-time from network packets?

If the exercise is just to determin boot time and uptime and the host is Linux based I would design a process polling th

2019-05-14 07:07:19 +0000 edited answer Not decoding MAP

Check which ssn:s are defined in GSM MAP prefernces.

2019-05-14 07:07:03 +0000 received badge  Rapid Responder (source)
2019-05-14 07:07:03 +0000 answered a question Not decoding MAP

Check which ssn:s are defined in GSM MAP prefrences.

2019-05-08 04:04:18 +0000 received badge  Rapid Responder (source)
2019-05-08 04:04:18 +0000 answered a question Does Wireshark have support for 5G core network messaging?

Yes, but the encapsulated ngap is not dissected. Nas 5gs is.

2019-04-18 12:44:53 +0000 commented question Why new wireshark GUI compiled from git does not connect to Xserver?

At work we had similar problem some one suggested https://sourceforge.net/projects/vcxsrv/

2019-04-17 21:02:25 +0000 received badge  Rapid Responder (source)
2019-04-17 21:02:25 +0000 answered a question Can Wireshark decode DIAMETER packets without the IP or transport layer?

Wireshark reads various file types like pcap. If you create a pcap file with a user dlt and the rest diameter packet dat

2019-04-17 16:30:11 +0000 commented answer PFCP dissector for 3GPP 29.244 Sx interface

Not that I know of. Looking at the data part I couldn't see any length octets that would be part of an ie.

2019-04-17 12:07:42 +0000 commented answer PFCP dissector for 3GPP 29.244 Sx interface

As far as I can see the message header is malformed, the protocol has provissions for private IEs and the dissector shou

2019-04-17 12:07:12 +0000 commented answer PFCP dissector for 3GPP 29.244 Sx interface

As far as I can see the message header is malformed, the protocol has provissions for private IEs and the dissector shou

2019-04-17 10:16:12 +0000 commented question wireshark 3.0.1 and lua on Debian stretch - cmake issues

Have you tried running tools/debian_setup.sh? To install required packages. Do you have liblua5.2-dev?