Wireshark-dev: Re: [Wireshark-dev] Capture filename not available at plugin init time
I see several problems with doing dumpcap first:
Best regards…Paul <?xml version="1.0" encoding="utf-8" standalone="yes"?> <source> <header headerline="false" skipheaderlines="0"> <description>Descriptor file for Apache access log in common format</description> <generator>Babel 3.0</generator> <gendate>2017-10-20</gendate> <gentime>19:18:22</gentime> <genzoffset>+1</genzoffset> <owner>Paul Offord</owner> <nativeformat>LogFormat "%h %l %u %t \"%r\" %>s %b" common</nativeformat> <example>192.168.1.87 - paulo [09/Jul/2012:08:25:35 +0100] "GET /Setup.php HTTP/1.1" 200 1824</example> <wsnamespace>apache</wsnamespace> <charencoding>ASCII</charencoding> </header> <records> <record type="1"> <eols enforce="true"> <eol>\n</eol> <eol>\r\n</eol> </eols> <delimiters> <delimiter> </delimiter> </delimiters> <missingvalues> <missingvalue>-</missingvalue> </missingvalues> <criteria> <criterium type="string" offset="*">*</criterium> </criteria> <columns> <column> <informat quoted="false">%i</informat> <name>host</name> <abbrev>bds.apache.host</abbrev> <blurb>This is the IP address of the client (remote host) which made the request to the server.</blurb> <type quoted="false">FT_IPvx</type> <display>BASE_NONE</display> <bitmask>0</bitmask> </column> <column> <informat quoted="false">%s</informat> <name>identid</name> <abbrev>bds.apache.identid</abbrev> <blurb>The identity of the client determined by a request to the identd server on the clients machine.</blurb> <type quoted="false">FT_STRINGZ</type> <display>BASE_NONE</display> <bitmask>0</bitmask> </column> <column> <informat quoted="false">%s</informat> <name>userid</name> <abbrev>bds.apache.userid</abbrev> <blurb>This is the userid of the person requesting the document as determined by HTTP authentication.</blurb> <type quoted="false">FT_STRINGZ</type> <display>BASE_NONE</display> <bitmask>0</bitmask> </column> <column> <informat quoted="false" start-bracket="[" end-bracket="]">[%d/%b/%Y:%H:%M:%S %z]</informat> <name>datetime</name> <abbrev>bds.apache.datetime</abbrev> <blurb>The time that the request was received.</blurb> <type>EVENT_DATETIME</type> <display>BASE_NONE</display> <bitmask>0</bitmask> </column> <column> <informat quoted="true">%s</informat> <name>request</name> <abbrev>bds.apache.request</abbrev> <blurb>The request line from the client is given in double quotes.</blurb> <type>FT_STRINGZ</type> <display>BASE_NONE</display> <bitmask>0</bitmask> </column> <column> <informat quoted="false">%d</informat> <name>response code</name> <abbrev>bds.apache.response-code</abbrev> <blurb>This is the status code that the server sends back to the client.</blurb> <type>FT_UINT32</type> <display>BASE_DEC</display> <bitmask>0</bitmask> </column> <column> <informat quoted="false">%d</informat> <name>bytes returned</name> <abbrev>bds.apache.sc-bytes</abbrev> <blurb>This indicates the size of the object returned to the client, not including the response headers.</blurb> <type>FT_UINT32</type> <display>BASE_DEC</display> <bitmask>0</bitmask> </column> </columns> <infofield>%4 - %5</infofield> </record> </records> </source> From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]
On Behalf Of Roland Knall Quite a few breweries I assume ;-) The real question here is dumpcap. That should be done first. Over the years, there was an effort to get this done every so months. But most people seem to give up silently. From my own experience of messing with ByteView, I can wholeheartedly understand the reasoning cheers On Fri, Nov 3, 2017 at 5:49 PM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
______________________________________________________________________ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ |
- References:
- [Wireshark-dev] Capture filename not available at plugin init time
- From: Paul Offord
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Roland Knall
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Paul Offord
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Roland Knall
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Paul Offord
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Roland Knall
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Paul Offord
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Graham Bloice
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Paul Offord
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Roland Knall
- [Wireshark-dev] Capture filename not available at plugin init time
- Prev by Date: Re: [Wireshark-dev] Capture filename not available at plugin init time
- Next by Date: [Wireshark-dev] g_free throwing an exception
- Previous by thread: Re: [Wireshark-dev] Capture filename not available at plugin init time
- Next by thread: [Wireshark-dev] g_free throwing an exception
- Index(es):