Ke's profile - activity

Hi,

I am trying to understand the PDML output from Wireshark. For example, I have an output:

<field name="goose.confRev" showname="confRev: 1" size="1" pos="118" show="1" value="01"/>

And according to the documentation in the Wireshark repo, show is the value we can use for the filter.

My question is, when I have this output for a malformed packet

<field name="_ws.expert.severity" showname="Severity level: Error" size="0" pos="0" show="8388608"/>

<field name="_ws.expert.group" showname="Group: Malformed" size="0" pos="0" show="117440512"/>

is there any special meaning behind the value of show (8388608, 117440512), just like 404 HTTP response.

Best regards

sorry I didn't notice there is a status line in the very bottom! Yes, and the only missing part will be the offset.

Customize frame details window Hi, i would like to know if it is possible to show the length, the position of a field i

PDML output Hi, I am trying to understand the PDML output from Wireshark. For example, I have an output: <field na

Extract Information from Wireshark Hi community! Our project aims to analyze the pcap file based on the dissection data

Goose Packet Expert Information for "Index & Tag" Dear Wireshark Community, This problem is an extension of issue o

Many thanks for your kindly help!! I will try it!

Thanks! I really appreciated for your help! It is Lua plugin right? I will study it!

Thanks! I really appreciated for your help! It is Lua plugin right? I will study it!

thanks for the info, I have added the issue

Hi, my team wants to show detailed expert information for Goose packet (IEC61850). The current wireshark shows:

[Malformed Packet: GOOSE]

  [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]

    [Malformed Packet (Exception Occurred)]

    [Severity level: Error]

    [Group: Malformed]

We want to show the detailed information for the malformed part, for example:

the numDatSetEntries's length is 0 in our malformed packet. According to the Goose protocol, the length should be 1. We want to show that this packet is malformed because of the "numDatSetEntries" field. And ideally also show the reason for it.

I have struggled a lot reading the code about the asn1 dissector, any hint for doing this, or is it possible with existing function?

Thanks for reading my question!

We are trying to add C code, but open to other options as long as it does the job. (btw, I am still studyng the code, ha

We are trying to add C code, but open to other options as long as it does the job. (btw, I am still studyng the code, ha

Thanks for the reply, the build info is: 3.7.0 (v3.7.0rc0-1455-gf43ce70fd9cc) I only add the expert info with the c

Goose Packet Expert Information for "Index & Tag" Dear Wireshark Community, This problem is an extension of issue o

Goose Packet Expert Information for "Index & Tag" Dear Wireshark Community, We are trying to show detailed expert i

Goose Packet Expert Information for "Index & Tag" Dear Wireshark Community, We are trying to show detailed expert i

Goose Packet Expert Information for "Index & Tag" Dear Wireshark Community, We are trying to show detailed expert i

thanks for the reply, do you mean I have to submit the report to wireshark's gitlab repo?

Detailed Expert Information for Goose Packet Hi, my team wants to show detailed expert information for Goose packet (IEC