Wireshark

Mon Feb 25 15:02:45 EST 2008

Applies the patch and compiled but failed to execute (on Ubuntu)...

14:43:34          Err  file about_dlg.c: line 250 (splash_update): assertion
failed: (ul_sofar <= ul_count)
Aborted (core dumped)

Any ideas? Has someone tried this on Ubuntu?

On Mon, Feb 25, 2008 at 4:37 AM, John Watlington <wad at laptop.org> wrote:

>
> A version of wireshark which is patched to monitor the new mesh
> protocol is available at:
>
> (older, F7 version)
> http://dev.laptop.org/~wad/wireshark-0.99.5.mesh.patch<http://dev.laptop.org/%7Ewad/wireshark-0.99.5.mesh.patch>
> http://dev.laptop.org/~wad/wireshark-0.99.5-1.i386.rpm<http://dev.laptop.org/%7Ewad/wireshark-0.99.5-1.i386.rpm>
> http://dev.laptop.org/~wad/wireshark-gnome-0.99.5-1.i386.rpm<http://dev.laptop.org/%7Ewad/wireshark-gnome-0.99.5-1.i386.rpm>
>
> (current, F8 version)
> http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.patch<http://dev.laptop.org/%7Ewad/wireshark-0.99.7.mesh.patch>
> http://dev.laptop.org/~wad/wireshark-0.99.7.mesh.i386.rpm<http://dev.laptop.org/%7Ewad/wireshark-0.99.7.mesh.i386.rpm>
> http://dev.laptop.org/~wad/wireshark-gnome-0.99.7.mesh.i386.rpm<http://dev.laptop.org/%7Ewad/wireshark-gnome-0.99.7.mesh.i386.rpm>
>
> I'm still not seeing RREQ traffic, but I haven't played
> around with the new version much.
>
> Enjoy,
> wad
>
> On Feb 21, 2008, at 2:54 PM, Javier Cardona wrote:
>
> > On 2/21/08, John Watlington <wad at laptop.org> wrote:
> >>
> >>  Thanks for the reply.   What is your estimate of the difficulty
> >>  in supporting the new mesh format ?
> >>
> >>  We were really hoping to examine the simple mesh traffic
> >>  carefully next week, and this puts a big crimp in those plans.
> >
> > It would take me about three hours, including testing, generating the
> > patch, etc.  I don't have that time this week but may work on it early
> > next week.
> >
> > Javier
> >
> >>  wad
> >>
> >>
> >>  On Feb 21, 2008, at 1:20 PM, Javier Cardona wrote:
> >>
> >>> John,
> >>>
> >>> The patch was up to date up until we had to change the format of
> >>> broadcast traffic.  It has not been updated since.  Unicast traffic
> >>> should still be parsed correctly.  Please contact Ronak if you
> >>> want us
> >>> to work on this.
> >>>
> >>> Cheers,
> >>>
> >>> Javier
> >>>
> >>> On 2/21/08, John Watlington <wad at laptop.org> wrote:
> >>>>
> >>>>  Yeah, but I was hoping not to have to parse each packet
> >>>> manually to
> >>>>  determine if it is carrying data (TCP,UDP,etc.) or Path/Route
> >>>> discovery
> >>>>  traffic.
> >>>>
> >>>>  So nobody has patched wireshark to actually decipher mesh
> >>>> traffic ?
> >>>>
> >>>>  wad
> >>>>
> >>>>
> >>>>  On Feb 21, 2008, at 9:31 AM, Ricardo Carrano wrote:
> >>>>
> >>>>> Isn't the LLC traffic what you're looking for?
> >>>>> I see a lot of multicast traffic on your file, particularly to
> >>>>> 01:00:5e:7f:47:31. They are LLC.
> >>>>>
> >>>>> On Thu, Feb 21, 2008 at 10:38 AM, John Watlington <wad at laptop.org>
> >>>>> wrote:
> >>>>>
> >>>>> My screen looks like the screen shot you sent when looking at
> >>>>> that data.   I can see the mesh headers on the pings.
> >>>>>
> >>>>> Take a look at the data I pointed to.   It tried to record a
> >>>>> session
> >>>>> of a number of laptops collaborating.   I set the capture mask
> >>>>> to 7 (beacons, link layer, and data).   But all I see in wireshark
> >>>>> is beacons and LLC traffic.
> >>>>>
> >>>>> Given your data and screenshot, this is user error not misapplied
> >>>>> patch...   Still, is there any way to dig deeper into simple mesh
> >>>>> traffic ?
> >>>>>
> >>>>> wad
> >>>>>
> >>>>> On Feb 21, 2008, at 8:15 AM, Ricardo Carrano wrote:
> >>>>>
> >>>>>> <capture.dump>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Javier Cardona
> >>> cozybit Inc.
> >>
> >>
> >
> >
> > --
> > Javier Cardona
> > cozybit Inc.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080225/a18a13d8/attachment.html>