Ask Your Question

Anders's profile - activity

2020-08-11 08:43:20 +0000 commented question tshark filtering with SCTP segmentation not working?

What version of Wireshark? Please raise a bug report including an example pcap.

2020-07-16 12:52:38 +0000 answered a question Ericsson Cs1 Plus decode problem

No, Ericsson CS1 is a proprietarry protocol and no public specification exists to my knowledge.

2020-07-16 12:52:38 +0000 received badge  Rapid Responder (source)
2020-07-16 11:59:29 +0000 answered a question Unknown RTP version 0

Probably that the packet you are looking at isn't RTP. Is encryption used? or possibly proprietarry signaling.

2020-07-16 11:59:29 +0000 received badge  Rapid Responder (source)
2020-07-16 06:49:35 +0000 answered a question How can I get Wireshark to decode ISO SES/PRES/ACSE on top of UDP?

Hi, It seams like it's only dissected over cotp heur_dissector_add("cotp", dissect_ses_heur, "SES over COTP", "ses_

2020-07-16 06:49:35 +0000 received badge  Rapid Responder (source)
2020-07-15 17:36:09 +0000 commented question heuristic dissector - Malformed packet - Same port different protocol

Not sure I get it, the rtp huer dissector claims a packet it shoudn't? You can dissable that particular dissector.

2020-07-12 12:15:46 +0000 received badge  Rapid Responder (source)
2020-07-12 12:15:46 +0000 answered a question Decode gsm data sent over HTTP2 in nsmsf-sms data

Raise a bug report including an example trace requesting an enhancement decoding this data.

2020-07-12 12:15:44 +0000 received badge  Rapid Responder (source)
2020-07-12 12:15:44 +0000 answered a question Decode gsm data sent over HTTP2 in nsmsf-sms data

Raise a bug report including an example trace requesting an enhancement decoding this data.

2020-07-08 12:34:14 +0000 commented answer IEC-104 (IEC 60870-5-104) protocol specifications

If you or your organisation are dealing with the protocol in any comersial way you probably should buy the stanndards...

2020-07-08 12:29:11 +0000 commented answer How to deactivate the warning "Trailing stray characters"?

So did you write a dissector for your protocol? If so you should adjust the dissector to show the string and the checksu

2020-07-01 10:43:10 +0000 received badge  Rapid Responder (source)
2020-07-01 10:43:10 +0000 answered a question Add an protocol into VOIP Call

Modify the code of ui/voip_calls.c and commit it back to us for inclusion into Wireshark.

2020-07-01 06:42:34 +0000 commented answer Decoding payload as ASN.1 DER/BER

pushed a patch

2020-06-30 14:20:09 +0000 received badge  Rapid Responder (source)
2020-06-30 14:20:09 +0000 answered a question Decoding payload as ASN.1 DER/BER

There is this code in packet-ber.c /* allow the dissection of BER/DER carried over a TCP transport by using "De

2020-06-22 13:44:08 +0000 commented answer Delta time with previous frame

If the two machines running wireshark have syncronised clocks, yes it will give you the time from that the packet was en

2020-06-22 09:02:21 +0000 commented answer Access to previous frame

A dissector can't do a re read. Every time a packet is displayed in the UI it's information is re-read from file. Packet

2020-06-22 08:26:17 +0000 received badge  Rapid Responder (source)
2020-06-22 08:26:17 +0000 answered a question Access to previous frame

The dissectors arwe only passed the content of the current packet. If any information from that packet is needed to diss

2020-06-19 11:05:02 +0000 commented question Dissector access to next frame data

Looking into the future so to speak sounds wrong and weird.

2020-06-12 11:10:42 +0000 received badge  Rapid Responder (source)
2020-06-12 11:10:42 +0000 answered a question How does Wireshark recognize QUIC packets

By port in preferences, you can do decode as on the UDP layer and select quick.

2020-06-12 11:07:52 +0000 answered a question How to dissect inside xml?

Only by adding code. There is hooks to dissect AVP contents in such a function you would have to parse the xml and decod

2020-06-12 11:07:52 +0000 received badge  Rapid Responder (source)
2020-05-26 08:52:47 +0000 received badge  Rapid Responder (source)
2020-05-26 08:52:47 +0000 answered a question Possible to add extra personalized labels to pcap file?

Go to Statistics->file properties, at the bottom you can add and save file comments. It shold be possible to do with

2020-05-26 08:50:01 +0000 commented answer Delta time with previous frame

It is not easy to set up and get good relable values but the theory is, take a trace near the sender with a accurate and

2020-05-15 07:03:48 +0000 commented question Dissector that decodes payload on another layer

If you could share a packet of your sample traffic we could have a look.

2020-05-14 13:10:49 +0000 commented answer Delta time with previous frame

Sorry I don't get that. RTP packets are sent with a fixed delta time, packatesation time. Witch depends on codec and sam

2020-05-14 13:09:57 +0000 commented answer Delta time with previous frame

Sorry I don't get that. RTP packets are sent with a fixed delta time, packatesation time. Witch depends on codec and sam

2020-05-14 10:21:24 +0000 answered a question Delta time with previous frame

Delta time is the time difference between the time stamps made by the capturing mechanism on the computer doing the capt

2020-05-14 10:21:24 +0000 received badge  Rapid Responder (source)
2020-05-14 10:15:50 +0000 commented question How to decode HTTP2 DATA stream

Hi, In the development version you can use "decode as" and select JSON which workls in some cases but I think code chan

2020-05-14 09:52:30 +0000 commented question HTTP2 stream and data not decoded

Hi, Not without code changes. I have suggested these cahnges to the support library used to decode http2 https://github.

2020-05-04 12:41:53 +0000 commented question Failed to build rpm

Yes I think you need to debug why these two names differ: Scanning dependencies of target rpm-package Generating pack

2020-05-04 11:40:24 +0000 commented question Failed to build rpm

cmake3 -G "Unix Makefiles" ../wireshark/ I don't remember if build-dir was supposed to be a sub dir to /wireshark for i

2020-05-04 06:32:27 +0000 commented question Failed to build rpm

What happens if you run cmake without any parameters?

2020-04-27 07:50:07 +0000 edited answer GSM DTAP malformed packet

Look at the IUA preferences, you probably want to uncheck Use GSM SAPI values

2020-04-27 07:49:48 +0000 edited answer GSM DTAP malformed packet

Look at the IUA preferences, you probably want to uncheck Use GSM SAPI values"

2020-04-25 13:25:38 +0000 commented question GSM DTAP malformed packet

Look at the iua preferences, you probably does not want the sapi as GSM.

2020-04-16 08:12:57 +0000 commented question Does pyshark support NGAP message?

pyshark is not a part of the Wireshark project you will have to ask that project(link?).

2020-04-09 11:41:55 +0000 commented question Wireshark can't sniff smartphones traffic even if it correctly sniffs laptop traffic

Are the smartphones connecting to your WiFi or the Mobile network?

2020-02-25 15:10:34 +0000 received badge  Rapid Responder (source)
2020-02-25 15:10:34 +0000 answered a question Why is registering dissector w/(WTAP_ENCAP_USER0) in code not working?

I think the problem is that the user dlt dissector owerrides your registration. Remove that line and register your disec

2020-01-08 11:48:09 +0000 commented question wireshark 3.2.0 support on RHEL 7.5

What do you mean,? Wireshark has many dependencies if all features is to be used.

2019-12-09 15:31:49 +0000 commented answer how can i get the source code with GUI for windows Op?

Your question is unclear. You can see the source code in your browser here https://code.wireshark.org/review/gitweb?p=wi