Wireshark · Wireshark-users: Re: [Wireshark-users] embed comments and notes into trace?

Wireshark-users: Re: [Wireshark-users] embed comments and notes into trace?

From: "Alan Jay Weiner" <a.weiner@xxxxxxxxxx>

Date: Fri, 21 Nov 2008 10:33:28 -0500

Hi Charles,
Thanks!  That's a great way to test my idea; see if it's as useful as I
expect.

I gave it a quick try - had to find a Windows version of netcat  (no
problem; just google it).  I got it to talk to itself, but Wireshark didn't
see the packets - I'm running on VMware with virtual NICs and network so
it's an odd setup.  (works fine for my normal development work)

I think it should work; I'll try it again soon.

- Al -

Personally, I'd google to double-check URLs, but I found the Windows version
of netcat at:
http://www.hackosis.com/wp-content/uploads/2007/12/nc111nt.zip
and mirrored at http://joncraton.org/files/nc111nt.zip
(both are identical, and include source)

----------------------------------------------------------------------------
Alan Jay Weiner / Valid8.com, Inc. - Conform, Perform & Excel(tm)
500 W Cummings Park, Suite #2700, Woburn, MA 01801, USA
a.weiner@xxxxxxxxxx / Tel:+1-781-938-1221 x112, Fax +1-781-207-0550
http://www.VALID8.com 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Donaldson
Charles-MGI1064
Sent: Wednesday, November 19, 2008 3:58 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] embed comments and notes into trace?

Ignore this if you are doing post edits to a capture.

Otherwise, I have used netcat - nc on some systems - during test
automation to insert test sequence delimiters. And then decode the
frames as telnet. So, a server would run 'while [ 1 ]; do netcat -lp
6200; done' and the test script would run 'echo "something is about to
happen" | netcat <server-ip> 6200'. Both netcat sessions - the endless
loop and the delimiter - can be run on the same machine as sniffer -
Wireshark.

Regards,
Charles Donaldson
charlesdonaldson@xxxxxxxxxxxx

-----Original Message-----
From: Gerald Combs [mailto:gerald@xxxxxxxxxxxxx] 
Sent: Wednesday, November 19, 2008 12:03 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] embed comments and notes into trace?

Alan Jay Weiner wrote:
> Does anyone know of a protocol I can use in this way?  It seems to me 
> I remember something like this, but I'll be darned if I can find it 
> now.  I can mis-use something - send a DNS query to "starting doing 
> something-or-other" but the info line will have other cruft on it 
> ("standard query A starting doing something-or-other").

Instead of using a dummy protocol, you might want to use a file format
that lets you add comments directly to packets, such as pcap-ng:

http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
http://wiki.wireshark.org/Development/PcapNg

Experimental support is currently in Wireshark, in wiretap/pcapng.[ch].

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users

References:
- [Wireshark-users] embed comments and notes into trace?
  - From: Alan Jay Weiner
- Re: [Wireshark-users] embed comments and notes into trace?
  - From: Gerald Combs
- Re: [Wireshark-users] embed comments and notes into trace?
  - From: Donaldson Charles-MGI1064

Prev by Date: [Wireshark-users] Fw: Report Vulnerability WireShark 1.0.4 - SVRT-Bkis
Next by Date: [Wireshark-users] SMB Broadcast Traffic
Previous by thread: [Wireshark-users] problem with capturing SIP packets using Tshark
Next by thread: Re: [Wireshark-users] embed comments and notes into trace?
Index(es):
- Date
- Thread