Re: Omnivorous Shark

[mmann78 () netscape net]

Without looking at the details of the patch, my thoughts are:
 
1. I like the fact that a "workaround" has been created for insufficient heuristics.  I just hope it doesn't have the 
unintended consequence of weaker heuristics being created.
 
2. What I don't like is getting non capture file support (hooks) "for free", therefore having Wirehark support non 
capture file types (outside of the handful that commonly come across network protocols).  I've been (slowly) working on 
separating "Fileshark" functionality from Wireshark with the distinct difference of "capture file" vs "non-capture 
file" (or treating capture file as binary).  Yes, writing a new GUI for non-capture files will be an arduous task 
(which is why I started with a command line interface to work out the architecture), but I still believe we want the 
distinction of "Wireshark" separate from "FileShark" and not have an "OmniShark" that does both just because the 
underlying architecture is generic enough to support it.  I'd prefer the geneic architecture (with some futher 
tweaking) just do "double duty" for separate applications.

Michael



-----Original Message-----
From: Michal Labedzki <michal.labedzki () tieto com>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Fri, Jan 31, 2014 8:15 am
Subject: [Wireshark-dev] Omnivorous Shark


Hello,
There is a need to have a feedback about my propose of change (extend)
efault procedure of opening file in Wireshark. I propose add ability
o choose format. Default behaviour is still "Automatic". New is
omponent (GUI, list) where you can choose opening format.
Use case: For example heuristic for "mp2t" fail on file in format VWR
VWR will be open as mp2t). Currently you are not able to open VWR in
his case. Patch add possibility to open this file.
https://code.wireshark.org/review/#/c/16/
Related to it is next patch:
ttps://code.wireshark.org/review/#/c/17/
xample BTSNOOP files:
ttps://bugs.wireshark.org/bugzilla/attachment.cgi?id=1427
ttps://bugs.wireshark.org/bugzilla/attachment.cgi?id=1426
First patch add possibility to open file in specified format, so there
s a case to open log file in "Fileshark" mode. Fortunately seems that
ireshark is able to dissect header of file and all packet like normal
ireshark mode.
-- 
Pozdrawiam / Best regards
------------------------------------------------------------------------------------------------------------
ichał Łabędzki, Software Engineer
ieto Corporation
Product Development Services
http://www.tieto.com / http://www.tieto.pl
--
SCII: Michal Labedzki
ocation: Swobodna 1 Street, 50-088 Wrocław, Poland
oom: 5.01 (desk next to 5.08)
--
lease note: The information contained in this message may be legally
rivileged and confidential and protected from disclosure. If the
eader of this message is not the intended recipient, you are hereby
otified that any unauthorised use, distribution or copying of this
ommunication is strictly prohibited. If you have received this
ommunication in error, please notify us immediately by replying to
he message and deleting it from your computer. Thank You.
--
lease consider the environment before printing this e-mail.
--
ieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
zczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
zczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego
ejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON:
12023656. Kapitał zakładowy: 4 271500 PLN
__________________________________________________________________________
ent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
rchives:    http://www.wireshark.org/lists/wireshark-dev
nsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe