Wireshark

[John Watlington]

A version of wireshark which is patched to monitor the new mesh
protocol is available at:

(older, F7 version)
http://dev.laptop.org/~wad/wireshark-0.99.5.mesh.patch
http://dev.laptop.org/~wad/wireshark-0.99.5-1.i386.rpm
http://dev.laptop.org/~wad/wireshark-gnome-0.99.5-1.i386.rpm

(current, F8 version)
http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.patch
http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.i386.rpm
http://dev.laptop.org/~wad/wireshark-gnome-0.99.7.mesh.i386.rpm

I'm still not seeing RREQ traffic, but I haven't played
around with the new version much.

Enjoy,
wad

On Feb 21, 2008, at 2:54 PM, Javier Cardona wrote:

> On 2/21/08, John Watlington <wad at laptop.org> wrote:
>>
>>  Thanks for the reply.   What is your estimate of the difficulty
>>  in supporting the new mesh format ?
>>
>>  We were really hoping to examine the simple mesh traffic
>>  carefully next week, and this puts a big crimp in those plans.
>
> It would take me about three hours, including testing, generating the
> patch, etc.  I don't have that time this week but may work on it early
> next week.
>
> Javier
>
>>  wad
>>
>>
>>  On Feb 21, 2008, at 1:20 PM, Javier Cardona wrote:
>>
>>> John,
>>>
>>> The patch was up to date up until we had to change the format of
>>> broadcast traffic.  It has not been updated since.  Unicast traffic
>>> should still be parsed correctly.  Please contact Ronak if you  
>>> want us
>>> to work on this.
>>>
>>> Cheers,
>>>
>>> Javier
>>>
>>> On 2/21/08, John Watlington <wad at laptop.org> wrote:
>>>>
>>>>  Yeah, but I was hoping not to have to parse each packet  
>>>> manually to
>>>>  determine if it is carrying data (TCP,UDP,etc.) or Path/Route
>>>> discovery
>>>>  traffic.
>>>>
>>>>  So nobody has patched wireshark to actually decipher mesh  
>>>> traffic ?
>>>>
>>>>  wad
>>>>
>>>>
>>>>  On Feb 21, 2008, at 9:31 AM, Ricardo Carrano wrote:
>>>>
>>>>> Isn't the LLC traffic what you're looking for?
>>>>> I see a lot of multicast traffic on your file, particularly to
>>>>> 01:00:5e:7f:47:31. They are LLC.
>>>>>
>>>>> On Thu, Feb 21, 2008 at 10:38 AM, John Watlington <wad at laptop.org>
>>>>> wrote:
>>>>>
>>>>> My screen looks like the screen shot you sent when looking at
>>>>> that data.   I can see the mesh headers on the pings.
>>>>>
>>>>> Take a look at the data I pointed to.   It tried to record a  
>>>>> session
>>>>> of a number of laptops collaborating.   I set the capture mask
>>>>> to 7 (beacons, link layer, and data).   But all I see in wireshark
>>>>> is beacons and LLC traffic.
>>>>>
>>>>> Given your data and screenshot, this is user error not misapplied
>>>>> patch...   Still, is there any way to dig deeper into simple mesh
>>>>> traffic ?
>>>>>
>>>>> wad
>>>>>
>>>>> On Feb 21, 2008, at 8:15 AM, Ricardo Carrano wrote:
>>>>>
>>>>>> <capture.dump>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Javier Cardona
>>> cozybit Inc.
>>
>>
>
>
> -- 
> Javier Cardona
> cozybit Inc.