Wireshark-dev: Re: [Wireshark-dev] Omnivorous Shark
From: mmann78@xxxxxxxxxxxx
Date: Fri, 31 Jan 2014 11:45:32 -0500 (EST)
Without looking at the details of the patch, my thoughts are:
1. I like the fact that a "workaround" has been created for insufficient heuristics. I just hope it doesn't have the unintended consequence of weaker heuristics being created.
2. What I don't like is getting non capture file support (hooks) "for free", therefore having Wirehark support non capture file types (outside of the handful that commonly come across network protocols). I've been (slowly) working on separating "Fileshark" functionality from Wireshark with the distinct difference of "capture file" vs "non-capture file" (or treating capture file as binary). Yes, writing a new GUI for non-capture files will be an arduous task (which is why I started with a command line interface to work out the architecture), but I still believe we want the distinction of "Wireshark" separate from "FileShark" and not have an "OmniShark" that does both just because the underlying architecture is generic enough to support it. I'd prefer the geneic architecture (with some futher tweaking) just do "double duty" for separate applications.
Michael
-----Original Message-----
From: Michal Labedzki <michal.labedzki@xxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Jan 31, 2014 8:15 am
Subject: [Wireshark-dev] Omnivorous Shark
From: Michal Labedzki <michal.labedzki@xxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Jan 31, 2014 8:15 am
Subject: [Wireshark-dev] Omnivorous Shark
Hello, There is a need to have a feedback about my propose of change (extend) default procedure of opening file in Wireshark. I propose add ability to choose format. Default behaviour is still "Automatic". New is component (GUI, list) where you can choose opening format. Use case: For example heuristic for "mp2t" fail on file in format VWR (VWR will be open as mp2t). Currently you are not able to open VWR in this case. Patch add possibility to open this file. https://code.wireshark.org/review/#/c/16/ Related to it is next patch: https://code.wireshark.org/review/#/c/17/ Example BTSNOOP files: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1427 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1426 First patch add possibility to open file in specified format, so there is a case to open log file in "Fileshark" mode. Fortunately seems that Wireshark is able to dissect header of file and all packet like normal Wireshark mode. -- Pozdrawiam / Best regards ------------------------------------------------------------------------------------------------------------- Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-dev] Omnivorous Shark
- From: Hadriel Kaplan
- Re: [Wireshark-dev] Omnivorous Shark
- Prev by Date: Re: [Wireshark-dev] do we continue to reference revision numbers?
- Next by Date: Re: [Wireshark-dev] do we continue to reference revision numbers?
- Previous by thread: Re: [Wireshark-dev] Omnivorous Shark
- Next by thread: Re: [Wireshark-dev] Omnivorous Shark
- Index(es):