Wireshark · Ethereal-dev: Re: [Ethereal-dev] packet-smb.c:11327

Ethereal-dev: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxxxxxxx>

Date: Wed, 20 Feb 2002 16:02:40 -0600

On Wed, 20 Feb 2002 15:51:32 Guy Harris wrote:
> On Wed, Feb 20, 2002 at 11:53:53PM +1100, Ronnie Sahlberg wrote:
> > As i stated earlier,
> > tethereal is stateful, i.e. in order to dissect quite a lot of different
> > protocols it must remember stuff between packets.
> 
> Of course, if you're just using "-w" and not using a read filter, it
> doesn't bother dissecting the packets.
> 
> Unfortunately, I think he's *not* using "-w", but is piping the text
> output of Tethereal to some flavor of grep, so it does have to dissect
> the packets.
> 

Using gdb on the core file, one could actually extract the current
packet from the core file. I'm working on a script to do that.
Instead of using 'expect' to interact with gdb, I intend to call
gdb a few times, each time passing it a --command switch, giving it
a file of commands to run. I should be able to get the packet and save
it either as a text file for text2pcap to convert, or as a libpcap file.

--gilbert

Follow-Ups:
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Gilbert Ramirez

References:
- [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Marcin Gryszkalis
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Guy Harris
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Marcin Gryszkalis
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Guy Harris
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Ronnie Sahlberg
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Marcin Gryszkalis
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Ronnie Sahlberg
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
Next by Date: Re: [Ethereal-dev] gcc warnings about unused variables
Previous by thread: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
Next by thread: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$