Wireshark-users: Re: [Wireshark-users] text2pcap_windowsXP

From: wsgd <wsgd@xxxxxxx>
Date: Mon, 23 Mar 2009 20:31:16 +0100
http://www.wireshark.org/docs/man-pages/text2pcap.html

Olivier

Faten SOLTANI a �crit :
Hi
I'm using C++2005, and Windows XP.
if it's possible to explan to me step by step  how to use and excute
text2pcap progrem.
Regards




 Send Wireshark-users mailing list submissions to
	wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
	wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
	wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Re: TCP: window scaling (Sake Blok)
   2. Re: TCP: window scaling (Jo Verstraelen)


----------------------------------------------------------------------

Message: 1
Date: Mon, 23 Mar 2009 13:17:51 +0100
From: "Sake Blok" <sake@xxxxxxxxxx>
Subject: Re: [Wireshark-users] TCP: window scaling
To: "Community support list for Wireshark"
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <9685A7DC86AC47DD9CFD050F1CA5B048@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Jo,

Both ends of the tcp connection need to support Window scaling for it to
be used:

"This option is an offer, not a promise; both sides must send Window Scale
options in their SYN segments to enable window scaling in either
direction."
(From http://tools.ietf.org/html/rfc1323)

In your trace, host 63.245.209.93 does not support Window scaling, as the
SYN/ACK that it sends does not have the window scaling option. Therfore no
window scaling will be used and Wireshark displays non-scaled values.

Hope this helps,
Cheers,
     Sake
  ----- Original Message -----
  From: Jo Verstraelen
  To: Community support list for Wireshark
  Sent: Monday, March 23, 2009 11:58 AM
  Subject: Re: [Wireshark-users] TCP: window scaling


  Hi Sake,



  Here you go: http://denuitlaat.be/tcp/windowscaled1.pcap .
  It shows that a session is started with a SYN and the option ws is
present (ws = 2). The segments following do not show a scaled window
size.



  Regards,

  jo




------------------------------------------------------------------------------

  From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
  Sent: maandag 23 maart 2009 11:40
  To: Community support list for Wireshark
  Subject: Re: [Wireshark-users] TCP: window scaling



  Hi Jo,



  The window size should consistently be displayed within one TCP session.
Between sessions, there could be difference, because either there is no
scaling, or the SYN, SYN/ACK were not present in the tracefile. If that
does not explain the differences you see, could you provide a small
capture showing this issue?



  Cheers,

  Sake



    ----- Original Message -----

    From: Jo Verstraelen

    To: wireshark-users@xxxxxxxxxxxxx

    Sent: Monday, March 23, 2009 11:03 AM

    Subject: [Wireshark-users] TCP: window scaling



    Hi,



    Is there a reason why sometimes in a connection which received a
window scaler (syn;syn,ack) , the window size is

    shown as "number (scaled)" and sometimes just as "number" (non scaled)
in the next segments. Cause in the last case its not

    possible to know the exact window size as the window scale factor is
non present in the segments after the syn; syn,ack.

    Kind regards,

    Jo






----------------------------------------------------------------------------

    ___________________________________________________________________________
    Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
    Archives:    http://www.wireshark.org/lists/wireshark-users
    Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
                 mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



------------------------------------------------------------------------------


  ___________________________________________________________________________
  Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
  Archives:    http://www.wireshark.org/lists/wireshark-users
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
               mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090323/4d7e7f30/attachment.htm

------------------------------

Message: 2
Date: Mon, 23 Mar 2009 13:59:36 +0100
From: "Jo Verstraelen" <J.Verstraelen@xxxxxxxxxx>
Subject: Re: [Wireshark-users] TCP: window scaling
To: "Community support list for Wireshark"
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	<EAE313D9DF8760419A852DE40E654592049E14AC@SRV-SATURNUS.OPTION.local>
Content-Type: text/plain; charset="us-ascii"

Sake,



That explains...
But that doesn't change the fact that it is bizar, because the
destination ip of the server in the pcap file is a webserver of the
Mozilla corp. So a 100MBit+ webserver that does not support window
scaling?



Thanks for the info,

jo



________________________________

From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: maandag 23 maart 2009 13:18
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] TCP: window scaling



Jo,



Both ends of the tcp connection need to support Window scaling for it to
be used:



"This option is an offer, not a promise; both sides must send Window
Scale options in their SYN segments to enable window scaling in either
direction."

(From http://tools.ietf.org/html/rfc1323)



In your trace, host 63.245.209.93 does not support Window scaling, as
the SYN/ACK that it sends does not have the window scaling option.
Therfore no window scaling will be used and Wireshark displays
non-scaled values.



Hope this helps,

Cheers,

     Sake

	----- Original Message -----

	From: Jo Verstraelen <mailto:J.Verstraelen@xxxxxxxxxx>

	To: Community support list for Wireshark
<mailto:wireshark-users@xxxxxxxxxxxxx>

	Sent: Monday, March 23, 2009 11:58 AM

	Subject: Re: [Wireshark-users] TCP: window scaling



	Hi Sake,



	Here you go: http://denuitlaat.be/tcp/windowscaled1.pcap .
	It shows that a session is started with a SYN and the option ws
is present (ws = 2). The segments following do not show a scaled window
size.



	Regards,

	jo




________________________________


	From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
	Sent: maandag 23 maart 2009 11:40
	To: Community support list for Wireshark
	Subject: Re: [Wireshark-users] TCP: window scaling



	Hi Jo,



	The window size should consistently be displayed within one TCP
session. Between sessions, there could be difference, because either
there is no scaling, or the SYN, SYN/ACK were not present in the
tracefile. If that does not explain the differences you see, could you
provide a small capture showing this issue?



	Cheers,

	Sake



		----- Original Message -----

		From: Jo Verstraelen <mailto:J.Verstraelen@xxxxxxxxxx>

		To: wireshark-users@xxxxxxxxxxxxx

		Sent: Monday, March 23, 2009 11:03 AM

		Subject: [Wireshark-users] TCP: window scaling



		Hi,



		Is there a reason why sometimes in a connection which
received a window scaler (syn;syn,ack) , the window size is

		shown as "number (scaled)" and sometimes just as
"number" (non scaled) in the next segments. Cause in the last case its
not

		possible to know the exact window size as the window
scale factor is non present in the segments after the syn; syn,ack.

		Kind regards,

		Jo






________________________________



________________________________________________________________________
___
		Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
		Archives:
http://www.wireshark.org/lists/wireshark-users
		Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


________________________________



________________________________________________________________________
___
	Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
	Archives:    http://www.wireshark.org/lists/wireshark-users
	Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090323/4ad48d22/attachment.htm

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 34, Issue 46
***********************************************



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe




--
Wireshark Generic Dissector http://wsgd.free.fr