Wireshark mailing list archives
Re: Undissected packet bytes
From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Wed, 4 Feb 2015 10:04:38 +0100
That's a possibility (I have to take a look at the dissectors you both mentioned, and I didn't it yet), but what I was looking for was a more general way to do that. If the dissector itself has to make this checks, it means that all dissectors code must be patched. If we find a way to do that after the dissector has finished, we could have a way to automatically find incomplete disssectors. On Wed, Feb 4, 2015 at 9:46 AM, Michal Labedzki <michal.labedzki () tieto com> wrote:
I use expert info about undecoded thing in Bluetooth dissectors. In proto.h: /** The data is undecoded, the protocol dissection is incomplete here, usually PI_WARN severity */ #define PI_UNDECODED 0x05000000 But I use it with PI_NOTE, because I treat PI_WARN more like a "bug" rather than incomplete dissections. On 3 February 2015 at 23:52, Alexis La Goutte <alexis.lagoutte () gmail com> wrote:There is some dissector (like ICMPv6, IEEE 802.11 or CAPWAP...) where there is already expert info about undecoded code... On Tue, Feb 3, 2015 at 6:15 PM, Evan Huus <eapache () gmail com> wrote:As far as I know this is not currently available, but it would probably be fairly useful and easy. You just need to iterate the proto tree and keep track of which byte ranges are claimed/unclaimed. proto_find_field_from_offset does something related to this (it is used for matching bytes to fields in the UI) so it's probably a good place to start. On Tue, Feb 3, 2015 at 12:08 PM, Dario Lombardo <dario.lombardo.ml () gmail com> wrote:Hi list I was wondering if there is a comfortable way to find out undissected bytes in packets. This would be useful to find incomplete dissectors. Any hint? Thanks! Dario.___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe -- Pozdrawiam / Best regards ------------------------------------------------------------------------------------------------------------- Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Undissected packet bytes Dario Lombardo (Feb 03)
- Re: Undissected packet bytes Evan Huus (Feb 03)
- Re: Undissected packet bytes Alexis La Goutte (Feb 03)
- Re: Undissected packet bytes Michal Labedzki (Feb 04)
- Re: Undissected packet bytes Dario Lombardo (Feb 04)
- Re: Undissected packet bytes Alexis La Goutte (Feb 03)
- Re: Undissected packet bytes Dario Lombardo (Feb 04)
- Re: Undissected packet bytes Evan Huus (Feb 04)
- Re: Undissected packet bytes Dario Lombardo (Feb 04)
- Re: Undissected packet bytes Evan Huus (Feb 04)
- Re: Undissected packet bytes Dario Lombardo (Feb 04)
- Re: Undissected packet bytes Evan Huus (Feb 04)
- Re: Undissected packet bytes Dario Lombardo (Feb 05)
- Re: Undissected packet bytes Evan Huus (Feb 05)
- Re: Undissected packet bytes Dario Lombardo (Feb 05)
- Re: Undissected packet bytes Dario Lombardo (Feb 05)
- Re: Undissected packet bytes Evan Huus (Feb 03)