[Pilco Vivanco Rebeca <becospv@xxxxxxxxx>]

Thanks for your reply
>And check the link that sent me, but what is the difference between the
  End Packets and Packets and Bytes with End bytes.
>and review the description in the manual but I do not understand, which
is the diference ...
>I am  apologize for the inconvenience
>Best regards
Rebeca

2009/4/8 <wireshark-users-request@xxxxxxxxxxxxx>

Send Wireshark-users mailing list submissions to
       wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
       https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
       wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
       wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

  1. Re: Wireshark-users: Description Tools of Wireshark /
     Descripcion de barra de herramientas de wireshark
     (j.snelders@xxxxxxxxxx)
  2. Re: unable to see radiotap header (Aneeq Mahmood)
  3. Re: unable to see radiotap header (Guy Harris)
  4. Re: unable to see radiotap header (Aneeq Mahmood)
  5. Re: Decoding problem in ANSI MAP messages (Anders Broman)
  6. Re: Decoding problem in ANSI MAP messages (Anders Broman)
  7. Re: Decoding problem in ANSI MAP messages (Sanjay Nayak)
  8. Re: unable to see radiotap header (Guy Harris)


----------------------------------------------------------------------

Message: 1
Date: Tue, 7 Apr 2009 21:40:48 +0200
From: j.snelders@xxxxxxxxxx
Subject: Re: [Wireshark-users] Wireshark-users: Description Tools of
       Wireshark / Descripcion de barra de herramientas de wireshark
To: wireshark-users@xxxxxxxxxxxxx
Message-ID: <499F04890002D498@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="US-ASCII"

Hi Rebeca,

I suppose you are talking about Protocol Hierarchy Statistics.
You will find the explanation in the Wireshark User's Guide:
http://www.wireshark.org/docs/wsug_html_chunked/ChStatHierarchy.html

Hope this helps
Joan

On Mon, 6 Apr 2009 18:16:37 -0500 Pilco Vivanco Rebeca wrote:
>Hello everyone
>
>I have a query about the tools for Wireshark, specifically the statistics
column, I don`t understand the meaning that the end paket and the  endbytes
colum, and another question is:
>
>?what is the diference with the PACKET and BYTES column whit the END PACKET
and END BYTES?
>
>Please a wait for your answer in urgent because a have to analize some results.
>
>Rebeca






------------------------------

Message: 2
Date: Tue, 7 Apr 2009 21:44:07 +0200
From: Aneeq Mahmood <its.aneeq@xxxxxxxxx>
Subject: Re: [Wireshark-users] unable to see radiotap header
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <dfe2702f0904071244o492a5dd8y4b8af40a8753c142@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Well i used
iwconfig wlan0 mode monitor

and what i was interested in looking radiotap header inside wireshark but i
hardly caught any packets despite having an Ap feets away.
the question hence is how to see radiotap header  with wireshark :s

On Tue, Apr 7, 2009 at 7:48 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

>
> On Apr 7, 2009, at 6:03 AM, Aneeq Mahmood wrote:
>
> > I am running a Prism 2.5 card with HostAP driver on ubuntu. This
> > card is connected to my AP. The card is now in monitor mode and i
> > have set the IEEE 802.11 radiotap filter  to be present
>
> What do you mean by "the IEEE 802.11 radiotap filter"?  Do you mean
> you've used iwconfig, for example, to set the monitor-mode header to
> the radiotap header?
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx
> ?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20090407/ef756d37/attachment.htm

------------------------------

Message: 3
Date: Tue, 7 Apr 2009 13:13:47 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] unable to see radiotap header
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <ED9BC14C-1E84-4490-98C0-FB122A73B0A9@xxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Apr 7, 2009, at 12:44 PM, Aneeq Mahmood wrote:

> Well i used
> iwconfig wlan0 mode monitor
>
> and what i was interested in looking radiotap header inside
> wireshark but i hardly caught any packets despite having an Ap feets
> away.
> the question hence is how to see radiotap header  with wireshark :s

That sounds like two problems:

       1) not capturing many packets;

       2) not seeing radiotap headers.

I can't address the first problem - that's probably either a driver
issue or an adapter issue.

For the second problem, you *might* have to set the "monitor_type"
parameter to 3.  What version of the kernel are you using?


------------------------------

Message: 4
Date: Tue, 7 Apr 2009 22:43:49 +0200
From: Aneeq Mahmood <its.aneeq@xxxxxxxxx>
Subject: Re: [Wireshark-users] unable to see radiotap header
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <dfe2702f0904071343y3fc2ae05h962d1ceff9e4be5c@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Well to be honest, i have never heard anything about setting "monitor type "

my kernel is 2.6.24-16 generic

On Tue, Apr 7, 2009 at 10:13 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

>
> On Apr 7, 2009, at 12:44 PM, Aneeq Mahmood wrote:
>
> > Well i used
> > iwconfig wlan0 mode monitor
> >
> > and what i was interested in looking radiotap header inside
> > wireshark but i hardly caught any packets despite having an Ap feets
> > away.
> > the question hence is how to see radiotap header  with wireshark :s
>
> That sounds like two problems:
>
>        1) not capturing many packets;
>
>        2) not seeing radiotap headers.
>
> I can't address the first problem - that's probably either a driver
> issue or an adapter issue.
>
> For the second problem, you *might* have to set the "monitor_type"
> parameter to 3.  What version of the kernel are you using?
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx
> ?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20090407/2df9ff68/attachment.htm

------------------------------

Message: 5
Date: Wed, 8 Apr 2009 06:31:33 +0200
From: "Anders Broman" <a.broman@xxxxxxxxx>
Subject: Re: [Wireshark-users] Decoding problem in ANSI MAP messages
To: "'Community support list for Wireshark'"
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <56D1D1F883254B6CB31E0977E09AE39F@dittcb7aa3551c>
Content-Type: text/plain;       charset="iso-8859-1"

>Plz suggest what is the problem with it?
It's not implemented in the dissector.
Regards
Anders

-----Ursprungligt meddelande-----
Fr?n: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] F?r Sanjay Nayak
Skickat: den 7 april 2009 15:19
Till: wireshark-users@xxxxxxxxxxxxx
?mne: [Wireshark-users] Decoding problem in ANSI MAP messages

Hello

I want to decode the ANSI MAP SMS Delivery Point to Point ACK  Invoke
message in
the latest wireshark.


But the wireshark doesn't deocde the parameters individually.It
decodes all the parameters  as a single unit.

I have followed  the section 2.65 of the spec.

http://www.3gpp2.org/Public_html/specs/X.S0004-540-E_v2.0_070723.pdf
for the message.

For parameters the spec is


http://www.3gpp2.org/Public_html/specs/X.S0004-550-E_v2.0_070723.pdf

I am attaching the trace.

Plz suggest what is the problem with it?


Regd's
Sanjay



------------------------------

Message: 6
Date: Wed, 8 Apr 2009 08:29:24 +0200
From: "Anders Broman" <a.broman@xxxxxxxxx>
Subject: Re: [Wireshark-users] Decoding problem in ANSI MAP messages
To: "'Community support list for Wireshark'"
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <75FAD6725F9D4389BBFD0FDD40475BA6@dittcb7aa3551c>
Content-Type: text/plain;       charset="iso-8859-1"

Added in revision 27991.
/Anders
-----Ursprungligt meddelande-----
Fr?n: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] F?r Anders Broman
Skickat: den 8 april 2009 06:32
Till: 'Community support list for Wireshark'
?mne: Re: [Wireshark-users] Decoding problem in ANSI MAP messages

>Plz suggest what is the problem with it?
It's not implemented in the dissector.
Regards
Anders

-----Ursprungligt meddelande-----
Fr?n: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] F?r Sanjay Nayak
Skickat: den 7 april 2009 15:19
Till: wireshark-users@xxxxxxxxxxxxx
?mne: [Wireshark-users] Decoding problem in ANSI MAP messages

Hello

I want to decode the ANSI MAP SMS Delivery Point to Point ACK  Invoke
message in
the latest wireshark.


But the wireshark doesn't deocde the parameters individually.It
decodes all the parameters  as a single unit.

I have followed  the section 2.65 of the spec.

http://www.3gpp2.org/Public_html/specs/X.S0004-540-E_v2.0_070723.pdf
for the message.

For parameters the spec is


http://www.3gpp2.org/Public_html/specs/X.S0004-550-E_v2.0_070723.pdf

I am attaching the trace.

Plz suggest what is the problem with it?


Regd's
Sanjay

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



------------------------------

Message: 7
Date: Wed, 8 Apr 2009 12:10:09 +0530
From: Sanjay Nayak <sanjay.nayak.bdk@xxxxxxxxx>
Subject: Re: [Wireshark-users] Decoding problem in ANSI MAP messages
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
       <54246fd00904072340y2c594afepf86dcd71269256f7@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Hi Anders

Thanks for your suggestions and help.

Regd's
Sanjay

On 4/8/09, Anders Broman <a.broman@xxxxxxxxx> wrote:
> Added in revision 27991.
> /Anders
> -----Ursprungligt meddelande-----
> Fr?n: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] F?r Anders Broman
> Skickat: den 8 april 2009 06:32
> Till: 'Community support list for Wireshark'
> ?mne: Re: [Wireshark-users] Decoding problem in ANSI MAP messages
>
>>Plz suggest what is the problem with it?
> It's not implemented in the dissector.
> Regards
> Anders
>
> -----Ursprungligt meddelande-----
> Fr?n: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] F?r Sanjay Nayak
> Skickat: den 7 april 2009 15:19
> Till: wireshark-users@xxxxxxxxxxxxx
> ?mne: [Wireshark-users] Decoding problem in ANSI MAP messages
>
> Hello
>
> I want to decode the ANSI MAP SMS Delivery Point to Point ACK  Invoke
> message in
> the latest wireshark.
>
>
> But the wireshark doesn't deocde the parameters individually.It
> decodes all the parameters  as a single unit.
>
> I have followed  the section 2.65 of the spec.
>
> http://www.3gpp2.org/Public_html/specs/X.S0004-540-E_v2.0_070723.pdf
> for the message.
>
> For parameters the spec is
>
>
> http://www.3gpp2.org/Public_html/specs/X.S0004-550-E_v2.0_070723.pdf
>
> I am attaching the trace.
>
> Plz suggest what is the problem with it?
>
>
> Regd's
> Sanjay
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>


------------------------------

Message: 8
Date: Wed, 8 Apr 2009 00:00:03 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] unable to see radiotap header
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <B27BF23A-0B54-4204-9CD5-DDE5829F8C8C@xxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Apr 7, 2009, at 1:43 PM, Aneeq Mahmood wrote:

> my kernel is 2.6.24-16 generic

At least in the source to the 2.6.24.2 kernel I downloaded from
kernel.org, the hostap driver doesn't appear to support radiotap
headers.  If that's the case, you will not be able to get radiotap
headers from your adapter, as the software doesn't support it.
("iwconfig wlan0 mode monitor" isn't guaranteed to turn on radiotap
headers - especially if the driver for the adapter is incapable of
generating radiotap headers; it just puts the adapter into monitor
mode, which might have no radio header, or might have the Prism or AVS
radio header rather than the radiotap header.)


------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 35, Issue 16
***********************************************