Wireshark-dev: Re: [Wireshark-dev] Need help on Reassembly and building ethereal on windows.
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 15 Nov 2006 08:58:55 +0000
Yes. The current tcp reassembly code is rewritten and it has also fixed the issue you mention. (When fixing that issue, it also uncovered a bug with HTTP reassembly that was also fixed recently) Please use the latest SVN version of wireshark sources. On 11/15/06, Anders Broman <a.broman@xxxxxxxxx> wrote:
Hi, The TCP reassembly code has been re-written since 0.10.8 Especially addressing the problem you are seeing I think. The GTP dissector has also been updated. As Jaap noted use the latest SVN version. On http://wiki.wireshark.org there are some instructions on how To build with Cygwin. BR Anders -----Ursprungligt meddelande----- Från: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Jaap Keuter Skickat: den 14 november 2006 21:16 Till: Developer support list for Wireshark Ämne: Re: [Wireshark-dev] Need help on Reassembly and building ethereal on windows. Hi, Two remarks: 1. Why use such ancient source code? 2. Detailed development instruction can be found in the Developer Guide found on the website www.wireshark.org Thanx, Jaap On Tue, 14 Nov 2006, Annie Misha wrote: > Hi all, > We have added E-GCDR parsing support for GTP' protocol into Ethereal. The code addition has been made in the file packet-gtp.c. We are facing two issues here. > > 1. Packet reassembly: > Our code works fine when we have a Single GTP' PDU which starts in the beginning of the TCP segment and ends in the same segment. > > When we have a PDU that is segmented and spanning multiple TCP segments, the PDU is not assembled and parsed completely. The code parses only the first segment and gives a Malformed packet error. A GTP' PDU can begin anywhere in a TCP segment. There can be more that one GTP' PDU (Data record request) or only a portion of one in a single segment. But here, when a GTP PDU starts in the middle of the TCP segment then ethereal does not recognize this. It would be great help if you can throw some light on this and your valuable suggestions to resolve the issue. > > > (We have tried using the tcp_dissect_pdus function - but this solves only one half of the issue. That is on using this, if a GTP' request starts in the beginning of the TCP segment and spans 1 and half segment, the code parses the complete request by combining the first and half of second segment. However it fails to identify the next GTP' request which is present in the next half of the second segment.) > > (Please note we have identified this issue by building an exe in Linux) > > 2. Building Ethereal on Windows: > -------------------------------------------------- > We are trying to build Ethereal exe for windows using cygwin (including our code changes). When we execute the ./configure command for this, we get the following error: > > checking for GTK+ - version >= 2.0.0... no > *** Could not run GTK+ test program, checking why... > *** The test program failed to compile or link. See the file config.log for the > *** exact error that occured. This usually means GTK+ is incorrectly installed. > checking for pkg-config... (cached) /usr/bin/pkg-config > checking for GLIB - version >= 2.0.0... yes (version 2.10.3) > checking whether GLib supports loadable modules... yes > checking for inttypes.h... (cached) yes > checking whether inttypes.h defines the PRI[doxu]64 macros... yes > checking for gethostbyname... yes > checking for connect... yes > checking whether to use libpcap for packet capture... yes > checking for extraneous pcap header directories... not found > checking pcap.h usability... no > checking pcap.h presence... no > checking for pcap.h... no > configure: error: Header file pcap.h not found; if you installed libpcap > from source, did you also do "make install-incl", and if you installed a > binary package of libpcap, is there also a developer's package of libpcap, > and did you also install that package? > > Can someone please tell us what needs to be done here? It would be of great help if you could give us the exact procedure for building the exe for Windows. Do we have to set the PATH to any specific directory. Do we have to install any additional packages. If so, what are the additional packages to be installed? Your help in overcoming these bottlenecks will be very much appreciated. Thanks in advance. > > Version used: ethereal-0.10.8-SVN-13012 > > Thanks, > Annie.D > > > --------------------------------- > Find out what India is talking about on - Yahoo! Answers India > Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
- References:
- Re: [Wireshark-dev] Need help on Reassembly and building ethereal on windows.
- From: Jaap Keuter
- Re: [Wireshark-dev] Need help on Reassembly and building ethereal on windows.
- From: Anders Broman
- Re: [Wireshark-dev] Need help on Reassembly and building ethereal on windows.
- Prev by Date: Re: [Wireshark-dev] Question about two File: libpcap(tcpdump, Ethereal, etc.) , Redhat Linux 6.1 libpcap(tcpdump) ............
- Next by Date: Re: [Wireshark-dev] Replace ntohl() with g_ntohl() -> automated check?
- Previous by thread: Re: [Wireshark-dev] Need help on Reassembly and building ethereal on windows.
- Next by thread: Re: [Wireshark-dev] Need help on Reassembly and building ethereal on windows.
- Index(es):