Wireshark-bugs: [Wireshark-bugs] [Bug 3454] Feature Request: Add protocol sub-field to the bootp
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3454
Ivan Sy <ivan_jr@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ivan_jr@xxxxxxxxx
--- Comment #2 from Ivan Sy <ivan_jr@xxxxxxxxx> 2009-08-12 08:26:17 PDT ---
Hi!
this maybe an old but post, but who knows he might still need this or someone
else in the future (like i just did...)
im not proposing this patch, but for sean (or others), you may see
http://www.wireshark.org/develop.html
and apply the patch below so you can get this stuff to work.
tshark.exe -r <file-capture> -T fields -e eth.src -e bootp.option.hostname
and it will give you tab delimited output of
xx:xx:xx:xx:xx:xx hostname
now I just had a new wishlist and (ill try to add it up to the wiki)
that tshark (or even wireshark) will have the ability to send the result of a
filter and construct it in a syslog message to send it to a central remote
syslog server.
imagine this:
using tshark to determine if the DHCP message transaction when port-mirror a
network, ex:
tshark -slog 192.168.1.1 -smsg "The DHCP server %ip.src% gave
%bootp.hw.mac_addr% the IP address: %bootp.ip.client%"
Thanks!!!
and it will send a message to a syslog server
Index: epan/dissectors/packet-bootp.c
===================================================================
--- epan/dissectors/packet-bootp.c (revision 29393)
+++ epan/dissectors/packet-bootp.c (working copy)
@@ -134,6 +134,7 @@
static int hf_bootp_option_type = -1;
static int hf_bootp_option_length = -1;
static int hf_bootp_option_value = -1;
+static int hf_bootp_option_hostname = -1;
static gint ett_bootp = -1;
static gint ett_bootp_flags = -1;
@@ -957,6 +958,10 @@
/* Special cases */
switch (code) {
+ case 12: /* DHCP option hostname */
+ if (optlen > 1)
+ proto_tree_add_item(v_tree, hf_bootp_option_hostname,
tvb, voff+2, optlen, FALSE);
+ break;
case 21: /* Policy Filter */
if (optlen == 8) {
@@ -4270,6 +4275,10 @@
FT_BYTES, BASE_NONE, NULL, 0x0,
"Bootp/Dhcp option value", HFILL }},
+ { &hf_bootp_option_hostname,
+ { "Hostname", "bootp.option.hostname",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "Hostname", HFILL }},
};
static gint *ett[] = {
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.