Wireshark-users: Re: [Wireshark-users] text2pcap_windowsXP
From: wsgd <wsgd@xxxxxxx>
Date: Mon, 23 Mar 2009 20:31:16 +0100
http://www.wireshark.org/docs/man-pages/text2pcap.html Olivier Faten SOLTANI a écrit :
Hi I'm using C++2005, and Windows XP. if it's possible to explan to me step by step how to use and excute text2pcap progrem. Regards Send Wireshark-users mailing list submissions towireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: TCP: window scaling (Sake Blok) 2. Re: TCP: window scaling (Jo Verstraelen) ---------------------------------------------------------------------- Message: 1 Date: Mon, 23 Mar 2009 13:17:51 +0100 From: "Sake Blok" <sake@xxxxxxxxxx> Subject: Re: [Wireshark-users] TCP: window scaling To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> Message-ID: <9685A7DC86AC47DD9CFD050F1CA5B048@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Jo, Both ends of the tcp connection need to support Window scaling for it to be used: "This option is an offer, not a promise; both sides must send Window Scale options in their SYN segments to enable window scaling in either direction." (From http://tools.ietf.org/html/rfc1323) In your trace, host 63.245.209.93 does not support Window scaling, as the SYN/ACK that it sends does not have the window scaling option. Therfore no window scaling will be used and Wireshark displays non-scaled values. Hope this helps, Cheers, Sake ----- Original Message ----- From: Jo Verstraelen To: Community support list for Wireshark Sent: Monday, March 23, 2009 11:58 AM Subject: Re: [Wireshark-users] TCP: window scaling Hi Sake, Here you go: http://denuitlaat.be/tcp/windowscaled1.pcap . It shows that a session is started with a SYN and the option ws is present (ws = 2). The segments following do not show a scaled window size. Regards, jo ------------------------------------------------------------------------------ From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok Sent: maandag 23 maart 2009 11:40 To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP: window scaling Hi Jo, The window size should consistently be displayed within one TCP session. Between sessions, there could be difference, because either there is no scaling, or the SYN, SYN/ACK were not present in the tracefile. If that does not explain the differences you see, could you provide a small capture showing this issue? Cheers, Sake ----- Original Message ----- From: Jo Verstraelen To: wireshark-users@xxxxxxxxxxxxx Sent: Monday, March 23, 2009 11:03 AM Subject: [Wireshark-users] TCP: window scaling Hi, Is there a reason why sometimes in a connection which received a window scaler (syn;syn,ack) , the window size is shown as "number (scaled)" and sometimes just as "number" (non scaled) in the next segments. Cause in the last case its not possible to know the exact window size as the window scale factor is non present in the segments after the syn; syn,ack. Kind regards, Jo ---------------------------------------------------------------------------- ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe ------------------------------------------------------------------------------ ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20090323/4d7e7f30/attachment.htm ------------------------------ Message: 2 Date: Mon, 23 Mar 2009 13:59:36 +0100 From: "Jo Verstraelen" <J.Verstraelen@xxxxxxxxxx> Subject: Re: [Wireshark-users] TCP: window scaling To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> Message-ID: <EAE313D9DF8760419A852DE40E654592049E14AC@SRV-SATURNUS.OPTION.local> Content-Type: text/plain; charset="us-ascii" Sake, That explains... But that doesn't change the fact that it is bizar, because the destination ip of the server in the pcap file is a webserver of the Mozilla corp. So a 100MBit+ webserver that does not support window scaling? Thanks for the info, jo ________________________________ From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok Sent: maandag 23 maart 2009 13:18 To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP: window scaling Jo, Both ends of the tcp connection need to support Window scaling for it to be used: "This option is an offer, not a promise; both sides must send Window Scale options in their SYN segments to enable window scaling in either direction." (From http://tools.ietf.org/html/rfc1323) In your trace, host 63.245.209.93 does not support Window scaling, as the SYN/ACK that it sends does not have the window scaling option. Therfore no window scaling will be used and Wireshark displays non-scaled values. Hope this helps, Cheers, Sake ----- Original Message ----- From: Jo Verstraelen <mailto:J.Verstraelen@xxxxxxxxxx> To: Community support list for Wireshark <mailto:wireshark-users@xxxxxxxxxxxxx> Sent: Monday, March 23, 2009 11:58 AM Subject: Re: [Wireshark-users] TCP: window scaling Hi Sake, Here you go: http://denuitlaat.be/tcp/windowscaled1.pcap . It shows that a session is started with a SYN and the option ws is present (ws = 2). The segments following do not show a scaled window size. Regards, jo ________________________________ From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok Sent: maandag 23 maart 2009 11:40 To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP: window scaling Hi Jo, The window size should consistently be displayed within one TCP session. Between sessions, there could be difference, because either there is no scaling, or the SYN, SYN/ACK were not present in the tracefile. If that does not explain the differences you see, could you provide a small capture showing this issue? Cheers, Sake ----- Original Message ----- From: Jo Verstraelen <mailto:J.Verstraelen@xxxxxxxxxx> To: wireshark-users@xxxxxxxxxxxxx Sent: Monday, March 23, 2009 11:03 AM Subject: [Wireshark-users] TCP: window scaling Hi, Is there a reason why sometimes in a connection which received a window scaler (syn;syn,ack) , the window size is shown as "number (scaled)" and sometimes just as "number" (non scaled) in the next segments. Cause in the last case its not possible to know the exact window size as the window scale factor is non present in the segments after the syn; syn,ack. Kind regards, Jo ________________________________ ________________________________________________________________________ ___ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe ________________________________ ________________________________________________________________________ ___ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20090323/4ad48d22/attachment.htm ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 34, Issue 46 ***********************************************___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
-- Wireshark Generic Dissector http://wsgd.free.fr
- References:
- [Wireshark-users] text2pcap_windowsXP
- From: Faten SOLTANI
- [Wireshark-users] text2pcap_windowsXP
- Prev by Date: [Wireshark-users] Wireshark 1.1.3 development release available
- Next by Date: [Wireshark-users] tshark - less verbose output
- Previous by thread: [Wireshark-users] text2pcap_windowsXP
- Next by thread: [Wireshark-users] Wireshark 1.1.3 development release available
- Index(es):