Wireshark-bugs: [Wireshark-bugs] [Bug 3454] Feature Request: Add protocol sub-field to the bootp
Date: Wed, 12 Aug 2009 08:26:28 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3454


Ivan Sy <ivan_jr@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ivan_jr@xxxxxxxxx




--- Comment #2 from Ivan Sy <ivan_jr@xxxxxxxxx>  2009-08-12 08:26:17 PDT ---
Hi!

this maybe an old but post, but who knows he might still need this or someone
else in the future (like i just did...)

im not proposing this patch, but for sean (or others), you may see
http://www.wireshark.org/develop.html
and apply the patch below so you can get this stuff to work.

tshark.exe -r <file-capture> -T fields -e eth.src -e bootp.option.hostname

and it will give you tab delimited output of
xx:xx:xx:xx:xx:xx      hostname


now I just had a new wishlist and (ill try to add it up to the wiki)

that tshark (or even wireshark) will have the ability to send the result of a
filter and construct it in a syslog message to send it to a central remote
syslog server.

imagine this:
using tshark to determine if the DHCP message transaction when port-mirror a
network, ex:

tshark -slog 192.168.1.1 -smsg "The DHCP server %ip.src% gave
%bootp.hw.mac_addr% the IP address: %bootp.ip.client%"


Thanks!!!

and it will send a message to a syslog server


Index: epan/dissectors/packet-bootp.c
===================================================================
--- epan/dissectors/packet-bootp.c      (revision 29393)
+++ epan/dissectors/packet-bootp.c      (working copy)
@@ -134,6 +134,7 @@
 static int hf_bootp_option_type = -1;
 static int hf_bootp_option_length = -1;
 static int hf_bootp_option_value = -1;
+static int hf_bootp_option_hostname = -1;

 static gint ett_bootp = -1;
 static gint ett_bootp_flags = -1;
@@ -957,6 +958,10 @@

        /* Special cases */
        switch (code) {
+       case 12:        /* DHCP option hostname */
+               if (optlen > 1)
+                       proto_tree_add_item(v_tree, hf_bootp_option_hostname,
tvb, voff+2, optlen, FALSE);
+               break;

        case 21:        /* Policy Filter */
                if (optlen == 8) {
@@ -4270,6 +4275,10 @@
         FT_BYTES, BASE_NONE, NULL, 0x0,
         "Bootp/Dhcp option value", HFILL }},

+    { &hf_bootp_option_hostname,
+      { "Hostname",    "bootp.option.hostname",
+        FT_STRING, BASE_NONE, NULL, 0x0,
+        "Hostname", HFILL }},
   };

   static gint *ett[] = {


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.