Wireshark mailing list archives

wireshark-users-request () wireshark org

From: DreamsCN <dreamscn () gmail com>
Date: Thu, 17 Jun 2010 16:36:57 -0400

On Thu, Jun 17, 2010 at 3:00 PM, <wireshark-users-request () wireshark org>wrote:

Send Wireshark-users mailing list submissions to
       wireshark-users () wireshark org

To subscribe or unsubscribe via the World Wide Web, visit
       https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
       wireshark-users-request () wireshark org

You can reach the person managing the list at
       wireshark-users-owner () wireshark org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

  1. Is Wireshark what I'm looking for? (James Arthurs)
  2. Large Packet Captures (Charles Wu)
  3. Re: Large Packet Captures (Jaap Keuter)
  4. Re: Saving packet related information in  pinfo.private_data
     (Sidda Eraiah)
  5. Re: Is Wireshark what I'm looking for? (Martin Visser)
  6. Re: Secured way of using Wireshark (David H. Lipman)
  7. WLAN capture in Mac OSX - no IP packets (Alexandre Takacs)
  8. Re: WLAN capture in Mac OSX - no IP packets (Guy Harris)
  9. Re: WLAN capture in Mac OSX - no IP packets (Alexandre Takacs)
 10. Problems when capturing data with dumpcap (Oendogan, Osman)
 11. Problems when capturing data with dumpcap (Oendogan, Osman)
 12. Re: Problems when capturing data with dumpcap (Bill Meier)
 13. Re: Secured way of using Wireshark (Maynard, Chris)
 14. Troubleshooting VoIP RTP streams with Wireshark (Charles Wu)
 15. Tshark - Value to large for defined data type
     (mark-wade () comcast net)
 16. Re: Secured way of using Wireshark (Jakub Zawadzki)
 17. Re: Secured way of using Wireshark (Maynard, Chris)


----------------------------------------------------------------------

Message: 1
Date: Wed, 16 Jun 2010 14:53:55 -0500
From: James Arthurs <sgt1190 () gmail com>
Subject: [Wireshark-users] Is Wireshark what I'm looking for?
To: wireshark-users () wireshark org
Message-ID:
       <AANLkTimP9nV-W9q9-8YwBzGVZBNP_-eTj-rPAI1mHBhc () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

I've installed Wireshark, had it capturing packets, looked through the
packets, and not finding what I'm looking for.

I have it setup on a standalone server running a product using Oracle.  I
have the client installed on the same system.  I want to log the activity
that occurs between those and other locally ran processes.  What I'm
finding
in the capture is all communication in/out of the system, but nothing I can
tell is internal to the system itself.

I'm essentially wanting something like CurrPorts or TCPView, but seeing the
actual packets that are being passed between processes.

am I in the right place?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100616/f655e19d/attachment.htm

------------------------------

Message: 2
Date: Wed, 16 Jun 2010 15:32:04 -0500
From: Charles Wu <cwu () cticonnect com>
Subject: [Wireshark-users] Large Packet Captures
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <5A33F11B2D122D48AF94389FB60FBC20C796761F0C@convexch01>
Content-Type: text/plain; charset="us-ascii"

Hi,

We are looking to do some long term larger packet captures (e.g., 1 day / 3
day / etc) - is there some way to setup wireshark so that it doesn't crash
(a write to disk mode or something?) or is this something that we should be
using a more command line utility like tshark for?

Thanks

-Charles
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100616/371cf816/attachment.htm

------------------------------

Message: 3
Date: Wed, 16 Jun 2010 22:50:20 +0200
From: Jaap Keuter <jaap.keuter () xs4all nl>
Subject: Re: [Wireshark-users] Large Packet Captures
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <5eebf11640a28c35e3354337b1a13664 () xs4all nl>
Content-Type: text/plain; charset="utf-8"



Hi,

Look into using the CLI tool dumpcap, writing to a circular
buffer.

Thanks,
Jaap

On Wed, 16 Jun 2010 15:32:04 -0500, Charles Wu
wrote:

Hi,

We are looking to do some long term larger packet
captures (e.g., 1 day / 3 day / etc) - is there some way to setup wireshark
so that it doesn't crash (a write to disk mode or something?) or is this
something that we should be using a more command line utility like tshark
for?

Thanks

-Charles


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100616/f5a3f46a/attachment.htm

------------------------------

Message: 4
Date: Wed, 16 Jun 2010 13:59:31 -0700
From: Sidda Eraiah <sidda.eraiah () kaazing com>
Subject: Re: [Wireshark-users] Saving packet related information in
       pinfo.private_data
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID:
       <AANLkTikoBsTlOTgJSOODxA_UFzLFSuxTyi5zSCMSweCW () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Jaap,

Thanks for your response. I looked up for some samples for accessing
reassembly functions and conversation related functions that are called
from
Lua Dissector scripts and could not find any.

Please provide a sample in Lua for accessing conversation and reassembly
functions. Is this documented someplace?

Thanks in advance.

--
Best Regards,
Sidda


On Tue, Jun 15, 2010 at 11:41 PM, Jaap Keuter <jaap.keuter () xs4all nl>
wrote:

Hi,

Two things:
1. There are reassembly functions available for dissectors to use. These
might help you out.

2. The pinfo only lives for a single packet dissection, so that won't

work.

 What you need to do is look into conversations, see README.developer
section 2.2.

Thanks,
Jaap

Send from my iPhone

On 15 jun 2010, at 19:13, Sidda Eraiah <sidda.eraiah () kaazing com> wrote:

Hi

I am writing a dissector for a custom protocol and have a situation where
packets on the wire may contain one or more frames. Also one frame can
straddle across many packets. When I detect that a frame is straddling
across multiple packets I would like to be able to set some custom data

on

pinfo to say how far I have progressed in getting the frame during the

first

pass (while recording traffic). I need this information stored per

packet,

as the dissector is can be called on random packet (due to user selecting
one packet in the UI).

I tried using pinfo.private_data and set some value on it by the

following

code in the dissector method:

         print("pinfo.private_data: "..tostring(pinfo.private_data))
        pinfo.private_data = {"mydata", 1, 2, 3, 4}
        print("pinfo.private_data: "..tostring(pinfo.private_data))
        print(tostring(pinfo.private_data))

This prints out the following:


pinfo.private_data: userdata: 0x7fff1c257f20
pinfo.private_data: userdata: 0x7fff1c257f20
userdata: 0x7fff1c257f20



As you see the data that I am trying to set is not being retained in
pinfo.private_data.

*Is there a way to store some private data on pinfo that is retained next
time the dissector is called with the same packet? *

Any workaround or suggestion is appreciated.

I am using Version 1.2.7 of Wireshark on Ubuntu 10.04 LTS.

--
Best Regards,
Sidda

Director of Management Services

|< Kaazing Corporation >|<

888, Villa St. Suite #410, Mountain View, CA 94041, USA

___________________________________________________________________________


Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org

Archives:     <http://www.wireshark.org/lists/wireshark-users>
http://www.wireshark.org/lists/wireshark-users
Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users>
https://wireshark.org/mailman/options/wireshark-users
             <wireshark-users-request () wireshark org?subject=unsubscribe>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe<

wireshark-users-request () wireshark org?subject=unsubscribe>

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100616/e68207cc/attachment.htm

------------------------------

Message: 5
Date: Thu, 17 Jun 2010 07:43:28 +1000
From: Martin Visser <martinvisser99 () gmail com>
Subject: Re: [Wireshark-users] Is Wireshark what I'm looking for?
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID:
       <AANLkTinL2YsT_Xe_wmSU29na1gFM2M3xtXUOoQVaysBm () mail gmail com>
Content-Type: text/plain; charset="utf-8"

It does what you want out of the box, but not if you are running on
Windows.
See http://wiki.wireshark.org/CaptureSetup/Loopback for more details.

To be honest it is much easier  to set up a separate PC or even run a
Virtual Machine instance of the client to do this.

Regards, Martin

MartinVisser99 () gmail com


On Thu, Jun 17, 2010 at 5:53 AM, James Arthurs <sgt1190 () gmail com> wrote:

I've installed Wireshark, had it capturing packets, looked through the
packets, and not finding what I'm looking for.

I have it setup on a standalone server running a product using Oracle.  I
have the client installed on the same system.  I want to log the activity
that occurs between those and other locally ran processes.  What I'm

finding

in the capture is all communication in/out of the system, but nothing I

can

tell is internal to the system itself.

I'm essentially wanting something like CurrPorts or TCPView, but seeing

the

actual packets that are being passed between processes.

am I in the right place?

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100617/d898378c/attachment.htm

------------------------------

Message: 6
Date: Wed, 16 Jun 2010 18:15:28 -0400
From: "David H. Lipman" <DLipman () Verizon Net>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: wireshark-users () wireshark org
Message-ID: <hvbie1$93k$1 () dough gmane org>

From: "Nagendrababu Maseedu"
<Nagendra.Babu.Maseedu () convergys com>

| ________________________________
| NOTICE: The information contained in this electronic mail transmission is
intended by
| Convergys Corporation for the use of the named individual or entity to
which it is
| directed and may contain information that is privileged or otherwise
confidential. If
| you have received this electronic mail transmission in error, please
delete it from
| your system without copying or forwarding it, and notify the sender of
the error by
| reply email or by telephone (collect), so that the sender's address
records can be
| corrected.

Please REMOVE such appended data before sending/posting.  It is really
STUPID when sent to
an email list that is also available on a PUBLIC News Group !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

------------------------------

Message: 7
Date: Thu, 17 Jun 2010 03:45:31 +0200
From: Alexandre Takacs <admin () mobile-mail ch>
Subject: [Wireshark-users] WLAN capture in Mac OSX - no IP packets
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <972E7FDC-F41A-42A1-BFCE-FE57E88BF720 () mobile-mail ch>
Content-Type: text/plain; charset=us-ascii

Folks

Relatively new to wireshark - please bear with me if I am missing something
obvious.

I'd like to do packet capture on my WiFi network (which I have joined). I
am only interested in data packets (specifically traffic form my iPhone).

I've installed WireShark and managed to have capture running in promiscuous
mode. However I only see UDP packets from other devices, no IP...

Wha'ts up ?!

Any help / pointer most welcome

Regards

alex

------------------------------

Message: 8
Date: Wed, 16 Jun 2010 19:17:17 -0700
From: Guy Harris <guy () alum mit edu>
Subject: Re: [Wireshark-users] WLAN capture in Mac OSX - no IP packets
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <37A28491-A1B0-4967-8F29-78B81DD43EC1 () alum mit edu>
Content-Type: text/plain; charset=us-ascii

On Jun 16, 2010, at 6:45 PM, Alexandre Takacs wrote:

I'd like to do packet capture on my WiFi network (which I have joined). I

am only interested in data packets (specifically traffic form my iPhone).


I've installed WireShark and managed to have capture running in

promiscuous mode. However I only see UDP packets from other devices, no
IP...

So what is the UDP traffic running over if it's not IP? :-)

I.e., what do you mean by "no IP packets"?  Do you mean "no TCP packets"?

If so, you're probably seeing only broadcast traffic.  The Wi-Fi adapters
might not work in promiscuous mode; if you want to see traffic to and from
other hosts, you might need to use monitor mode.

If you're running on Tiger, try capturing on wlt1 rather than en1.  If
you're running on Leopard, try selecting 802.11 or 802.11+radio information
headers.  If you're running on Snow Leopard, then either try that or, if
there's a checkbox for monitor mode, try checking that.

Note that if your network is encrypted, you might have to capture the
initial setup packets when the other machines join the network, and enter
the password for the network, so that traffic to or from other machines can
be decrypted.


------------------------------

Message: 9
Date: Thu, 17 Jun 2010 05:31:05 +0200
From: Alexandre Takacs <admin () mobile-mail ch>
Subject: Re: [Wireshark-users] WLAN capture in Mac OSX - no IP packets
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <B059CBA9-66BB-4388-A4A4-DA14D28D4B06 () mobile-mail ch>
Content-Type: text/plain; charset=us-ascii

Hello

Thanks for your prompt response !

I'd like to do packet capture on my WiFi network (which I have joined).

I am only interested in data packets (specifically traffic form my iPhone).


I've installed WireShark and managed to have capture running in

promiscuous mode. However I only see UDP packets from other devices, no
IP...


So what is the UDP traffic running over if it's not IP? :-)


Of course this should read no TCP ;)


If so, you're probably seeing only broadcast traffic.  The Wi-Fi adapters

might not work in promiscuous mode; if you want to see traffic to and from
other hosts, you might need to use monitor mode.


If you're running on Tiger, try capturing on wlt1 rather than en1.  If

you're running on Leopard, try selecting 802.11 or 802.11+radio information
headers.  If you're running on Snow Leopard, then either try that or, if
there's a checkbox for monitor mode, try checking that.


Running 1.2.9 under SnowLeopard (10.6.4). Don't see a checkbox for monitor
mode - Tried to switch to 802.11 mode: I certainly see much more noise
(including lots of "malformed packets" - is this normal ?) but still not the
TCP stuff I'm looking for (such as plain vanilla http traffic)

Note that if your network is encrypted, you might have to capture the

initial setup packets when the other machines join the network, and enter
the password for the network, so that traffic to or from other machines can
be decrypted.

Hmm... so what you are saying is that in an encrypted network I will not be
able to access the plaintext content of the packets even if I have joined
the network ?

Again many thanks for your help

Regards

alex



------------------------------

Message: 10
Date: Thu, 17 Jun 2010 17:46:00 +0200
From: "Oendogan, Osman" <osman.oendogan () siemens com>
Subject: [Wireshark-users] Problems when capturing data with dumpcap
To: <wireshark-users () wireshark org>
Message-ID:
       <
08E162FB776FF34898C0CC9CDBE6EF15034CA3CD () atnets15na ww300 siemens net>

Content-Type: text/plain; charset="iso-8859-9"

Hi,


       when capturing data via dumpcap, we encountered problems with packet
dropping. The captured data is written on a named pipe (Solaris 10) from
where it is read by our application for further proceeding. We see that when
we do something with the data (within the same process where reading from
pipe is done), we get the message dropped packages (approx. 10% of the
captured packets).

       Can anyone give us any hints regarding the dropped packages when
capturing data with dumpcap?

       Thanks a lot in advance

       Regards


       ----
       Osman ?ndo?an

       Siemens AG ?sterreich
       Siemens IT Solutions and Services
       SDE SVI OSS SAC

       Gudrunstrasse 11
       A-1100 Vienna, Austria
       Phone +43-51707-45773,
       Mobile +43-664-80117-45773,
       Fax    +43-51707-55712
       mailto:osman.oendogan () siemens com

       Company Name: Siemens Aktiengesellschaft ?sterreich
       Legal Form: Stock Corporation
       Company Seat: Vienna
       Register Number: FN 60562 m
       Registered at: Commercial Court Vienna
       DVR-Number: 0001708

       Important Note: This e-mail  may contain trade secrets or
privileged, undisclosed or otherwise confidential information. If you have
received this e-mail in error, you are hereby notified that any review,
copying or distribution of it is strictly prohibited. Please inform us
immediately and destroy the original transmittal. Thank you for your
cooperation.




-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100617/fe756711/attachment.htm

------------------------------

Message: 11
Date: Thu, 17 Jun 2010 17:41:05 +0200
From: "Oendogan, Osman" <osman.oendogan () siemens com>
Subject: [Wireshark-users] Problems when capturing data with dumpcap
To: <wireshark-users () wireshark org>
Message-ID:
       <
08E162FB776FF34898C0CC9CDBE6EF15034CA3CA () atnets15na ww300 siemens net>

Content-Type: text/plain; charset="iso-8859-9"

Hi,

when capturing data via dumpcap, we encountered problems with packet
dropping. The captured data is written on a named pipe (Solaris 10) from
where it is read by our application for further proceeding. We see that when
we do something with the data (within the same process where reading from
pipe is done), we get the message dropped packages (approx. 10% of the
captured packets).

Can anyone give us any hints regarding the dropped packages when capturing
data with dumpcap?

Thanks a lot in advance

Regards


----
Osman ?ndo?an

Siemens AG ?sterreich
Siemens IT Solutions and Services
SDE SVI OSS SAC

Gudrunstrasse 11
A-1100 Vienna, Austria
Phone +43-51707-45773,
Mobile +43-664-80117-45773,
Fax    +43-51707-55712
mailto:osman.oendogan () siemens com

Company Name: Siemens Aktiengesellschaft ?sterreich
Legal Form: Stock Corporation
Company Seat: Vienna
Register Number: FN 60562 m
Registered at: Commercial Court Vienna
DVR-Number: 0001708

Important Note: This e-mail  may contain trade secrets or privileged,
undisclosed or otherwise confidential information. If you have received this
e-mail in error, you are hereby notified that any review, copying or
distribution of it is strictly prohibited. Please inform us immediately and
destroy the original transmittal. Thank you for your cooperation.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100617/363f554c/attachment.htm

------------------------------

Message: 12
Date: Thu, 17 Jun 2010 12:08:13 -0400
From: Bill Meier <wmeier () newsguy com>
Subject: Re: [Wireshark-users] Problems when capturing data with
       dumpcap
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <4C1A486D.5020506 () newsguy com>
Content-Type: text/plain; charset=ISO-8859-9; format=flowed

Oendogan, Osman wrote:

Hi,


      when capturing data via dumpcap, we encountered problems with

packet dropping. The captured data is written on a named pipe (Solaris 10)
from where it is read by our application for further proceeding. We see that
when we do something with the data (within the same process where reading
from pipe is done), we get the message dropped packages (approx. 10% of the
captured packets).


      Can anyone give us any hints regarding the dropped packages when

capturing data with dumpcap?


In general, packet dropping indicates a performance issue.  :)

http://wiki.wireshark.org/Performance has a few comments which may (or
may not) be helpful.




------------------------------

Message: 13
Date: Thu, 17 Jun 2010 12:23:13 -0400
From: "Maynard, Chris" <Christopher.Maynard () GTECH COM>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: "'David H. Lipman'" <DLipman () Verizon Net>, 'Community support list
       for     Wireshark' <wireshark-users () wireshark org>
Message-ID:
       <
FEA7253CE01175418CE6A9BE162A915507C1285BDE () RIMAILMBX2 gtk gtech com>
Content-Type: text/plain; charset="us-ascii"

I guess you are unaware that many companies (such as the one I work for)
have a policy in place on their mail servers whereby the various notices,
disclaimers, etc. are automatically appended to any outgoing mail.  My
company has been doing this at least as far back as 2004 (
http://www.ethereal.com/lists/ethereal-dev/200407/msg00427.html).  At the
time, I even contacted our IT group to ask that the disclaimers be removed
from outgoing e-mails, particularly when they are being sent to open-source
mailing lists such as this one.  But as you can tell by the annoying
disclaimer that will inevitably be appended to this e-mail, I was
unsuccessful.  As stupid as they are, these disclaimers are not likely to go
away IMO.  In fact, I suspect they will only become more & more prevalent as
more & more lawyers mandate that their companies "CYA".

- Chris


-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:
wireshark-users-bounces () wireshark org] On Behalf Of David H. Lipman
Sent: Wednesday, June 16, 2010 6:15 PM
To: wireshark-users () wireshark org
Subject: Re: [Wireshark-users] Secured way of using Wireshark

From: "Nagendrababu Maseedu"
<Nagendra.Babu.Maseedu () convergys com>


| ________________________________
| NOTICE: The information contained in this electronic mail transmission is
intended by
| Convergys Corporation for the use of the named individual or entity to
which it is
| directed and may contain information that is privileged or otherwise
confidential. If
| you have received this electronic mail transmission in error, please
delete it from
| your system without copying or forwarding it, and notify the sender of
the error by
| reply email or by telephone (collect), so that the sender's address
records can be
| corrected.

Please REMOVE such appended data before sending/posting.  It is really
STUPID when sent to
an email list that is also available on a PUBLIC News Group !

---> Nothing should follow this line ... but alas, the annoying disclaimer
appears. <---
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



------------------------------

Message: 14
Date: Thu, 17 Jun 2010 12:15:39 -0500
From: Charles Wu <cwu () cticonnect com>
Subject: [Wireshark-users] Troubleshooting VoIP RTP streams with
       Wireshark
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <5A33F11B2D122D48AF94389FB60FBC20C796761F61@convexch01>
Content-Type: text/plain; charset="us-ascii"

Is there some way to actually listen to the audio RTP stream through
Wireshark?

-Charles


------------------------------

Message: 15
Date: Thu, 17 Jun 2010 17:20:23 +0000 (UTC)
From: mark-wade () comcast net
Subject: [Wireshark-users] Tshark - Value to large for defined data
       type
To: wireshark-users () wireshark org
Message-ID:
       <
704148550.7549831276795223879.JavaMail.root () sz0109a westchester pa mail comcast net


Content-Type: text/plain; charset="utf-8"



Hello,



I am trying to use Tshark to read about 19,000 15MB files to get some
network statistics.? My plan (since Tshark can't read files out of a
directory) is to use mergecap to break the large number of files into?larger
files.? Basically I merged 1000, 15MB into one large file and had about 20
of these.? I know that Mergecap cant handle large files without a
workaround, which I have.? Problem is now that I have these 19 files that
range from 3GB to 15GB and now when I run?# tshark -r pcapfile -q -z
io,?phs??I get the error, The file pcapfile could not be opened: Value to
large for defined data type.



Anythoughts?



Thanks,?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20100617/c71202fb/attachment.htm

------------------------------

Message: 16
Date: Thu, 17 Jun 2010 19:45:14 +0200
From: Jakub Zawadzki <darkjames () darkjames ath cx>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: Community support list for Wireshark
       <wireshark-users () wireshark org>
Message-ID: <20100617174514.GA12664 () darkjames ath cx>
Content-Type: text/plain; charset=iso-8859-2

On Thu, Jun 17, 2010 at 12:23:13PM -0400, Maynard, Chris wrote:

I guess you are unaware that many companies (such as the one I work for)

have a policy in place on their mail servers whereby the various notices,
disclaimers, etc. are automatically appended to any outgoing mail.  My
company has been doing this at least as far back as 2004 (
http://www.ethereal.com/lists/ethereal-dev/200407/msg00427.html).  At the
time, I even contacted our IT group to ask that the disclaimers be removed
from outgoing e-mails, particularly when they are being sent to open-source
mailing lists such as this one.  But as you can tell by the annoying
disclaimer that will inevitably be appended to this e-mail, I was
unsuccessful.  As stupid as they are, these disclaimers are not likely to go
away IMO.

Piece of advice from http://www.cygwin.com/ml/#disclaimer-bounce might
help.

If your company servers automatically add it, either persuade your
sysadmins to turn it off for the lists, post from home, or use a free
web-based e-mail service. There's enough of them out there.


--
Non-Proprietary (External Use Only - if swallowed, consult a doctor)
This email and any files transmitted with it are full of nonsense.
If you read it, you owe me the contents of your wallet.
CAUTION: Contents may have settled in packing or shipping. Void basically
everywhere.


------------------------------

Message: 17
Date: Thu, 17 Jun 2010 14:32:14 -0400
From: "Maynard, Chris" <Christopher.Maynard () GTECH COM>
Subject: Re: [Wireshark-users] Secured way of using Wireshark
To: 'Community support list for Wireshark'
       <wireshark-users () wireshark org>
Message-ID:
       <
FEA7253CE01175418CE6A9BE162A915507C1285BE0 () RIMAILMBX2 gtk gtech com>
Content-Type: text/plain; charset="us-ascii"

Well, personally I don't think it would be a good idea to do what redhat
has done, but if Gerald decides to change the post policy to bounce all
e-mails with such notices and disclaimers appended to them, then so be it.

Other than that, this topic has already been discussed in the past (follow
this thread if you really care:
http://www.ethereal.com/lists/ethereal-dev/200409/msg00231.html), so
nearly 6 years later, I don't really care to spend any more of my time on
it.

- Chris

-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:
wireshark-users-bounces () wireshark org] On Behalf Of Jakub Zawadzki
Sent: Thursday, June 17, 2010 1:45 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Secured way of using Wireshark

On Thu, Jun 17, 2010 at 12:23:13PM -0400, Maynard, Chris wrote:

I guess you are unaware that many companies (such as the one I work for)

have a policy in place on their mail servers whereby the various notices,
disclaimers, etc. are automatically appended to any outgoing mail.  My
company has been doing this at least as far back as 2004 (
http://www.ethereal.com/lists/ethereal-dev/200407/msg00427.html).  At the
time, I even contacted our IT group to ask that the disclaimers be removed
from outgoing e-mails, particularly when they are being sent to open-source
mailing lists such as this one.  But as you can tell by the annoying
disclaimer that will inevitably be appended to this e-mail, I was
unsuccessful.  As stupid as they are, these disclaimers are not likely to go
away IMO.

Piece of advice from http://www.cygwin.com/ml/#disclaimer-bounce might
help.

If your company servers automatically add it, either persuade your
sysadmins to turn it off for the lists, post from home, or use a free
web-based e-mail service. There's enough of them out there.


--
Non-Proprietary (External Use Only - if swallowed, consult a doctor)
This email and any files transmitted with it are full of nonsense.
If you read it, you owe me the contents of your wallet.
CAUTION: Contents may have settled in packing or shipping. Void basically
everywhere.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users () wireshark org
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 49, Issue 16
***********************************************

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

wireshark-users-request () wireshark org DreamsCN (Jun 17)