2023-12-31 22:44:17 +0000 | received badge | ● Famous Question (source) |
2023-02-13 06:51:24 +0000 | received badge | ● Notable Question (source) |
2023-02-13 06:51:24 +0000 | received badge | ● Popular Question (source) |
2020-12-23 22:46:04 +0000 | commented question | Nokia Siemens Network ASN.1 Specifications for MSS CDRs Hi! If you're referring to Nokia DX-type MSS, we don't use ASN.1 for our CDRs - they're an internal binary format that |
2020-12-23 22:45:50 +0000 | commented question | Nokia Siemens Network ASN.1 Specifications for MSS CDRs Hi! If you're referring to Nokia DX-type MSS, we don't use ASN.1 for our CDRs - they're an internal binary format that |
2020-12-23 22:37:39 +0000 | marked best answer | Capitalising hex strings in dissector field output? Hello, Is there a way to capitalise hex output in the field output like we can with the string formatter "0x%04X"? I'm using that to add the details to the INFO column but not sure how to get similar formatting in the dissected fields: For example, I have the field is being output like below: But I'd prefer to have the hex number printed as 0xCFDC (just makes it simpler for us to see the message number). I am poking around the source for proto_tree_add_item to pin down where the actual hex digit printing occurs ... haven't figured it out yet. In my dissector I'm doing this: Thanks, Brett. |
2020-12-23 22:29:13 +0000 | answered a question | Nokia Siemens Network ASN.1 Specifications for MSS CDRs Hi! If you're referring to Nokia DX-type MSS, we don't use ASN.1 for our CDRs - they're an internal binary format that |
2020-12-23 22:21:10 +0000 | commented answer | Windows10 compile of WS 3.4.2 fails due to Perl modules Thanks for the info Graham, especially about forcing cmake to re-check. Yeah, I wasn't aware of that cygwin/perl issue. |
2020-12-23 02:50:42 +0000 | received badge | ● Rapid Responder (source) |
2020-12-23 02:50:42 +0000 | answered a question | Windows10 compile of WS 3.4.2 fails due to Perl modules Ahh, okay did more research (didn't have any luck earlier). Reinstalled Strawberry Perl and that didn't help. I've got |
2020-12-23 00:16:13 +0000 | asked a question | Windows10 compile of WS 3.4.2 fails due to Perl modules Windows10 compile of WS 3.4.2 fails due to Perl modules Hi, I'm having a bit of difficulty compiling 3.4.2 - I've compi |
2020-07-13 19:40:26 +0000 | marked best answer | Inconsistent g_snprintf behaviour (Wireshark 3.2.5) Hello, I'm continuing working on my dissector and am stumped on this behaviour. We have a timestamp field in a message that I've written a custom callback function for. This is the structure of the timestamp, starting at octet 43 within this particular internal message (little endian): And this is the CF I wrote to output the timestamp correctly: The other relevant bits in my dissector: ... and ... This works most of the time, but sometimes it is giving a weird output for the 1/100s field. Working okay: Not working: The 1/100s field is being output as a dword even though the variable is a single byte and the format string specifies %02X: What am I missing? I see the same behaviour in 64-bit 3.2.5 compiled on both Win10 and macOS. |
2020-07-13 19:40:21 +0000 | commented answer | Inconsistent g_snprintf behaviour (Wireshark 3.2.5) Dah! Of course! Much obliged Graham, thanks. I shouldn't be using gint8 at all, so have replaced them all (not just i |
2020-07-13 11:39:14 +0000 | edited question | Inconsistent g_snprintf behaviour (Wireshark 3.2.5) Inconsistent g_snprintf behaviour (Wireshark 3.2.5) Hello, I'm continuing working on my dissector and am stumped on thi |
2020-07-13 11:33:06 +0000 | asked a question | Inconsistent g_snprintf behaviour (Wireshark 3.2.5) Inconsistent g_snprintf behaviour (Wireshark 3.2.5) Hello, I'm continuing working on my dissector and am stumped on thi |
2020-06-25 07:56:04 +0000 | commented answer | Capitalising hex strings in dissector field output? I'd be happy with that. For me, I just find it instantly clearer to read 0xABCD rather than 0xabcd. |
2020-06-25 06:05:07 +0000 | commented answer | Capitalising hex strings in dissector field output? I had originally tried calling the val_to_str within the g_snprintf function but this caused Wireshark to crash when it |
2020-06-25 06:03:30 +0000 | commented answer | Capitalising hex strings in dissector field output? I had originally tried calling the val_to_str within the g_snprintf function but this caused Wireshark to crash when it |
2020-06-25 05:55:20 +0000 | commented answer | Capitalising hex strings in dissector field output? It also meant I could customise the output of the internal program block IDs we use - they're stored as a word value but |
2020-06-25 05:54:31 +0000 | received badge | ● Editor (source) |
2020-06-25 05:54:31 +0000 | edited answer | Capitalising hex strings in dissector field output? Thanks for the advice Chuck - using BASE_CUSTOM was exactly what I needed! A little convoluted but I found a good examp |
2020-06-25 05:41:36 +0000 | commented answer | Capitalising hex strings in dissector field output? It also meant I could customise the output of the internal program block IDs we use - they're stored as a word value but |
2020-06-25 04:19:06 +0000 | received badge | ● Rapid Responder (source) |
2020-06-25 04:19:06 +0000 | answered a question | Capitalising hex strings in dissector field output? Thanks for the advice Chuck - using BASE_CUSTOM was exactly what I needed! A little convoluted but I found a good examp |
2020-06-24 21:16:08 +0000 | commented question | Capitalising hex strings in dissector field output? Ha ha, indeed! It's also a good way to figure out how things work. I did consider BASE_CUSTOM when I came upon it in t |
2020-06-24 21:15:47 +0000 | commented question | Capitalising hex strings in dissector field output? Ha ha, indeed! It's also a good way to figure out how things work. I did consider BASE_CUSTOM when I came upon it in t |
2020-06-24 08:19:41 +0000 | commented answer | Using SLL dissector output in own dissector? I was thinking all day that "ditting" the modified file was something that had to be done on Windows so the build step w |
2020-06-24 08:11:16 +0000 | received badge | ● Commentator |
2020-06-24 08:11:16 +0000 | commented answer | Using SLL dissector output in own dissector? LOL, okay, no worries! Maybe I didn't do it right the first time - for my initial implementation, I'd been testing on m |
2020-06-24 06:56:32 +0000 | commented question | Capitalising hex strings in dissector field output? Nope and nope. I've modified in EPAN/PROTO.C and also a similar one I found in EPAN/PRINT.C and neither had any effect: |
2020-06-24 06:42:42 +0000 | commented question | Capitalising hex strings in dissector field output? Ah huh, in PROTO.C I think I've found where the actual formatting is done? So I could get it to print all hex strings c |
2020-06-24 06:42:26 +0000 | commented question | Capitalising hex strings in dissector field output? Ah huh, in PROTO.C I think I've found where the actual printing is done? So I could get it to print all hex strings cap |
2020-06-24 06:26:36 +0000 | commented question | Capitalising hex strings in dissector field output? I guess one workaround would be to simply use the column editing mode to copy the hex number in my dmxMessageNumber arra |
2020-06-24 06:18:53 +0000 | asked a question | Capitalising hex strings in dissector field output? Capitalising hex strings in dissector field output? Hello, Is there a way to capitalise hex output in the field output |
2020-06-24 00:03:38 +0000 | commented answer | Using SLL dissector output in own dissector? Okay, don't know if this is right but it seems to work well enough for me. I modified this line in CMakeLists.txt by |
2020-06-23 23:27:08 +0000 | commented answer | Using SLL dissector output in own dissector? Sorry Graham, you're going to have to explain how to "dit" my updated source file - I have searched but can't find any i |
2020-06-20 00:21:19 +0000 | commented answer | Using SLL dissector output in own dissector? Hi there Graham! Yep, followed them exactly and I got it compiled last night. I actually run my work Win10 machine as |
2020-06-18 23:48:28 +0000 | marked best answer | Using SLL dissector output in own dissector? Hello, I've cobbled together my very first dissector today to decode an internal company protocol, identified by EtherType = 0x88aa. We capture traffic in a Linux-derived computer unit using tcpdump and so the Wireshark trace includes "Linux cooked capture" of the first few octets. I've worked around this and managed to get my dissector working on the "unicast to us (0)" packets just as I need: However I'd like to also decode the "sent by us (4)" packets too: My dissector really needs to start at octet 2 as this is the payload I want to decode. So is there any way, in my dissector, I can check the sll.pkttype value that the SLL dissector generates? If it's LINUX_SLL_OUTGOING (0x0004) then my dissector can handle the rest of the message, but my dissector can only see from octet 16, after the SLL dissector has had its fill. Will continue researching. |
2020-06-18 23:48:28 +0000 | received badge | ● Scholar (source) |
2020-06-18 23:47:43 +0000 | commented answer | Using SLL dissector output in own dissector? Ahhh, perfect, thanks Jaap! That works perfectly - and now I'm understanding more about how they work. Thanks to the |
2020-06-18 09:25:39 +0000 | commented question | Using SLL dissector output in own dissector? "I guess what I want to do, a bit of a kludge but as long as it works for solving faults, is decode from octet 2 onwards |
2020-06-18 09:24:27 +0000 | commented question | Using SLL dissector output in own dissector? "I guess what I want to do, a bit of a kludge but as long as it works for solving faults, is decode from octet 2 onwards |