Wireshark mailing list archives
Remaining Wireshak stuff during FOSDEM
From: Joerg Mayer <jmayer () loplof de>
Date: Sun, 5 Feb 2012 15:55:38 +0100
Hello everyone, here's the remaining wireshark/sniffing related stuff that I remember talking about. Ciao Jörg Friday: Dinnertalk (just ideas, not discussed in detail): - Something I can't remember - In order to reduce the impact of buffer overflows and similar mistakes separate out the dissection code into it's own executable like it was done with dumpcap. This process could then be run in a sandbox and talk to the Wireshark process via filehandles or whatever. This would also significantly reduce the work required to show several traces in one process, as the dissection code would not need to be touched. - Maybe verify GPL compliance of commercial software calling Wireshark's dissection code via Microsoft's COM mechanism (with and without process switching). Who can we ask about this? EFF? - Idea: Offer a translated (capture filter syntax) version when a user enters a display filter into a capture filter place (e.g. "Did you mean 'host 1.2.3.4'?" after the user entered ip.addr==1.2.3.4). FOSDEM beer event (after a beer or so): - Wireshark doesn't have any catchy code names for releases like the Linux kernel has. Use shark species like "smashing Sphyrna mokarran". Send out Sake to provide pictures ;-) Saturday: - Visiting introduction Cmake talk as FOSDEM (Graham, Jörg, Martin, Sake) by Bill Hoffman and Alexander Neundorf. - The minemu talk was interesting https://minemu.org/mediawiki/index.php?title=Minemu but probably not relevant for Wireshark testing. Dinnertalk (with Harald Welte): - Sniffing sim-card traffic - decode as + any type of payload (not layer specific) + at any place + saveable - Change protocol tables and save that (i.e. change the default port of a protocol and save that). Provide a fixed port (or whatever selector is used) for heuristic protocols - Inverse to desegmentation: at some layer there are e.g. 13 higher level pdus inside one frame. Convert this into 13 separate packets (or whatever). - Ability to "ignore" (i.e. don't show) lower level protocols - Show context of filtered packets (like diff -C 3 ...) - Ability to filter on the info column - Provide an option to show the info column when running "tshark -V ..." - CSN1 decoding is manually coded right now - and wrong in some places. Automatic creation like ASN.1 possible but rather hard problem. Sunday: - Coreboot talk: Interesting project but irrelevant to Wireshark unless we want to put Wireshark into the bios ;-) Nothing Wireshark specific happend. -- Joerg Mayer <jmayer () loplof de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Remaining Wireshak stuff during FOSDEM Joerg Mayer (Feb 05)
- Re: Remaining Wireshak stuff during FOSDEM Sylvain Munaut (Feb 05)