Wireshark-dev: [Wireshark-dev] Profiles and Configurations
From: Fred Marshall <fred@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 09 Apr 2010 09:41:09 -0700
|
Chris Maynard's post sure pointed me to the right place it appears!
Thanks for that. But, after going through it carefully and trying things, I'm still confused about profiles and configurations and/or configuration profiles. It doesn't seem to be working very smoothly for me and that's surprising. I'll try to be as clear as possible: 1) I would like to establish, name and Save "sets of settings" (I presume that is a "profile"): interface to be used, filename, ring buffer, promiscuous, capture filter, etc. etc. (I see mention of a Configuration File but don't find such files anywhere - perhaps that's not important). 2) I would like to invoke one of these Saved sets to start a capture. 3) I would like to invoke one of these, make some changes and Save to a new one. My perspective on a likely process would be: 1) Get Wireshark in a "state" of settings so that it's ready to capture in the manner desired. Getting there would start by invoking a Saved state, or not, and making manual entries, etc. 2) Save the new "state" with a name so it can be recalled. 3) Invoke a saved state at any time except during a capture. I'm not trying to reinvent the wheel here and much of what I've said above is likely "obvious" to more experienced users. But, my confusion is exactly about these kinds of steps. - What is the recommended way to Save a Configuration Profile? How do you start? How do you end? - What is the recommended way to invoke a Saved Configuration Profile? - What is the relationship with Interfaces? It seems I can specify an interface and then pull up a profile so that the profile shows up in the status bar but it doesn't change the interface that matches the profile????? Note that I'm using multiple interfaces and rather expect the interface to be part of the profile. But, maybe I'm wrong on this? It's the proper sequence of events that seems to be eluding me or just understanding the intent of the design so I can make efficient use of it. If I figure this out I'd likely contribute to the Wiki and/or Wishlist. Thanks for your patience, Fred wireshark-dev-request@xxxxxxxxxxxxx wrote: Send Wireshark-dev mailing list submissions to wireshark-dev@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-dev or, via email, send a message with subject or body 'help' to wireshark-dev-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-dev-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-dev digest..." Today's Topics: 1. Profiles and Configurations (Fred Marshall) 2. Re: Profiles and Configurations (Maynard, Chris) 3. time question (Brian Oleksa) 4. USB URB hex bytes not shown (Maynard, Chris) 5. Re: USB URB hex bytes not shown (Guy Harris) 6. Re: time question (Anders Broman) 7. Re: USB URB hex bytes not shown (Maynard, Chris) ---------------------------------------------------------------------- Message: 1 Date: Wed, 07 Apr 2010 18:00:17 -0700 From: Fred Marshall <fmarshall@xxxxxxx> Subject: [Wireshark-dev] Profiles and Configurations To: wireshark-dev@xxxxxxxxxxxxx Message-ID: <4BBD2AA1.7060106@xxxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed I'm posting here because it was suggested prior to adding to the wish list. I'm using multiple interfaces simultaneously and it would be really good if I could use a profile or configuration that was predefined and named. Now, this capability seems to be there already but I'll be darned if I can figure out how to use it reliably. There appear to be no instructions in this regard. Is this a reasonable thing to add to the wish list? Thanks, fred ------------------------------ Message: 2 Date: Thu, 8 Apr 2010 10:26:49 -0400 From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx> Subject: Re: [Wireshark-dev] Profiles and Configurations To: 'Developer support list for Wireshark' <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <FEA7253CE01175418CE6A9BE162A9155014773A5@xxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" Does this help? http://www.wireshark.org/docs/wsug_html_chunked/ChCustConfigProfilesSection.html - Chris -----Original Message----- From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Fred Marshall Sent: Wednesday, April 07, 2010 9:00 PM To: wireshark-dev@xxxxxxxxxxxxx Subject: [Wireshark-dev] Profiles and Configurations I'm posting here because it was suggested prior to adding to the wish list. I'm using multiple interfaces simultaneously and it would be really good if I could use a profile or configuration that was predefined and named. Now, this capability seems to be there already but I'll be darned if I can figure out how to use it reliably. There appear to be no instructions in this regard. Is this a reasonable thing to add to the wish list? Thanks, fred [snip] CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ------------------------------ Message: 3 Date: Thu, 08 Apr 2010 10:41:47 -0400 From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx> Subject: [Wireshark-dev] time question To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <4BBDEB2B.80100@xxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Wiresharkers I am trying to dissect the time in a particular packet. Here is it's format: "The time is the source computer's system time in Greenwich Mean Time (GMT)." The size is 32 bits or 4 bytes. What is the best method to use to dissect this time..?? I tired this...but did not have any luck: nstime_t t; guint64 msecs_since_the_epoch; struct tm *tmp; msecs_since_the_epoch = tvb_get_ntoh64(tvb, offset); t.secs = msecs_since_the_epoch / 1000; t.nsecs = (msecs_since_the_epoch % 1000)*1000000; /* milliseconds to nanoseconds */ tmp = gmtime(&t.secs); if (tmp != NULL) { proto_tree_add_time_format(time_sub_tree, hf_helen_time, tvb, offset, 4, &t, "Date: %s %2d, %d %02d:%02d:%02d UTC", mon_names[tmp->tm_mon], tmp->tm_mday, tmp->tm_year + 1900, tmp->tm_hour, tmp->tm_min, tmp->tm_sec); } offset += 4 Also...I am trying to dissect longitude, latitude and altitude. Here is it's format. The size is also 32 bits or 4 bytes. The <latitude>, <longitude>, and <altitude> fields contain values corresponding to GPS information for the MGEN source if it was available. The <latitude> and <longitude> fields are encoded as follows: <fieldValue> = (unsigned long)((<actualValue>+180.0)*60000.0) The <altitude> field is the direct representation of the altitude value available from the source's GPS system. I tried this but had no luck: longitude = tvb_get_ntoh64(tvb, offset); longitude = (longitude+180)*60000; proto_tree_add_uint_format(mgen_sub_tree, hf_helen_length, tvb, offset, 4, 0, "Longitude: %f", longitude); offset += 4; Thanks, Brian ------------------------------ Message: 4 Date: Thu, 8 Apr 2010 14:28:36 -0400 From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx> Subject: [Wireshark-dev] USB URB hex bytes not shown To: 'Developer support list for Wireshark' <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <FEA7253CE01175418CE6A9BE162A9155014773AD@xxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" For DLT_USB_LINUX, is there any good reason why the pcap_usb_header information (from libpcap's pcap/usb.h file) is only displayed in the "packet details" pane, but the hex bytes don't appear in the "packet bytes" pane? (See attached sample capture file containing a single frame depicting this.) Using SVN 32429 on Windows XP SP3 (32-bit). - Chris CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20100408/8cac5b25/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: usburbex.pcap Type: application/octet-stream Size: 88 bytes Desc: usburbex.pcap Url : http://www.wireshark.org/lists/wireshark-dev/attachments/20100408/8cac5b25/attachment.obj ------------------------------ Message: 5 Date: Thu, 8 Apr 2010 11:34:29 -0700 From: Guy Harris <guy@xxxxxxxxxxxx> Subject: Re: [Wireshark-dev] USB URB hex bytes not shown To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Message-ID: <07886FFF-BDD9-4DBA-9B75-512126119FAC@xxxxxxxxxxxx> Content-Type: text/plain; charset=windows-1252 On Apr 8, 2010, at 11:28 AM, Maynard, Chris wrote: |
- Follow-Ups:
- Re: [Wireshark-dev] Profiles and Configurations
- From: Maynard, Chris
- Re: [Wireshark-dev] Profiles and Configurations
- Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-7-x64
- Next by Date: Re: [Wireshark-dev] Problem
- Previous by thread: Re: [Wireshark-dev] Profiles and Configurations
- Next by thread: Re: [Wireshark-dev] Profiles and Configurations
- Index(es):