I sometimes need to use Wireshark to analyze communication issues with a particular protocol that my application uses. Wireshark already comes with a dissector for the protocol, and displays the communication in the best possible way I can imagine.
But I also need to view the actual communication together with events happening inside my application. The application is capable of generating various logs and traces. The information in them is actually more structured, but for the simplicity, let's say it is just a sequence of entries where each entry has a timestamp and a textual message.
Currently, I have to place the Wireshark and the logs alongside on the screen, and painfully correlate the timestamps in order to figure out how they belong together. In order to make my analysis much easier, I would like to view the information from my logs merged together with the communication protocol messages in Wireshark, properly sorted by their timestamps.
I found that Wireshark has a Merge capability, so this is where I am directing my investigation. I think that with some effort, I might be able to do the following:
1) Design my own "protocol", and generate PCAPNG file from my application, with the event timestamps and messages, and
2) Developer a Wireshark dissector for the above, so that I can view the events in Wireshark.
The first part of my question is whether my approach is the right one.
But I also wonder whether I cannot achieve what I want in some simpler way. Ideally, I would like to reuse something that already exists, and specifically, avoid developing a specialized dissector. Isn't there a protocol with identical features (just timestamps and textual messages), with a dissector that Wireshark already has, that I can use?
Maybe you could make use of syslog along with syslogd or rsyslogd?
One way to inject arbitrary messages into trace files without even having a syslog server is to make use of nc (netcat). For example:
echo -n "Hello World" | nc -w 0 -u 1.1.1.1 514
Wireshark will also dissect this message as syslog traffic. This can be useful when trying to insert "markers" into capture files near where an event of interest occurs.
In any case, making use of syslog facilities would save you from having to write your protocol.
Related
Is there any recommended way to inspect/plot the numeric values that are being sent through the ports between drake systems in real-time?. (something similar to rqt_plot in ROS). Apart from the SignalLogger or writing and wiring custom individual plotting Systems, is there any method to access the port values internally?
There's nothing as nice as rqt_plot as far as I know.
If you are able to alter your Diagram before calling DiagramBuilder::Build, you could add an LcmScopeSystem onto any vector-valued output port and then the port's contents will be transmitted on an LCM channel. You can add multiple scopes, but you currently have to add them one by one, ahead of time.
Once the data is onto an LCM channel, then you could use the provided drake-lcm-spy program which has the ability to show (very rudimentary) live plots:
cd drake
bazel build //lcmtypes:drake-lcm-spy
bazel-bin/lcmtypes/drake-lcm-spy &
Also tangentially related would be https://github.com/RobotLocomotion/drake/issues/5857, though that is not on any near-term roadmap.
I am working with two tcl files. One is a program that connects to a thermal scanner to get information from it via ethernet. I have integrated the other tcl GUI that can reflash the scanner via ethernet. How do I use the connection from the first one to use the flash utility on the second GUI? At first, the two GUI's were separate but I had to combine them for customers.
-let me know if you need any code, the programs are about 4000 lines long so I didnt want to put them on here.
A single TCP connection can only really be used by one process (at each end) at a time; trying to do otherwise causes confusion. Can you just get each program to talk to the thermal scanner directly? At least theoretically, it ought be able to support multiple simultaneous connections, and that'd be a simple way to work.
But if the device won't work that way, the easiest way to multiplex the communications is to have a single process that actually talks to the device and for the other programs to talk to that multiplexer process (probably via a local socket). The multiplexer doesn't need to have a GUI, but would be told to do things like “flash this file to the scanner” or “stream values out of the scanner”. The details of how to do all this will depend very much on what's actually going on with the communications, but the fcopy command is highly likely to be useful in this, as it can be used to efficiently stream data from one Tcl channel to another.
I am receiving SAP broadcasts, which I can normally use and play using the standalone vlc application.
I have been asked to provide a dump of the same. I have 2 questions:
I dont clearly understand what exactly dump is
How can I obtain the same?
There are multiple types of dumps, so you might first find out, what kind of dump is meant. It could be a database dump, which is similar to a backup, but usually it's a memory dump.
A memory dump or crash dump is a copy of the application including its memory at a specific point in time. Usually you want to create a dump exactly at the time an application is crashing or hanging. The dump will then be helpful to find the cause of the problem.
There are many ways to obtain a dump. First, Windows might do that for you, when it asks "Send information to Microsoft". Second, you can create it using Task Manager. Right click a process and choose "Create dump file". Third, there are many tools out there, e.g. Process Explorer or ProcDump, which all have pros and cons and serve different purposes.
To suggest a tool for your specific case, we would need more information. Exact wording might matter in this situation.
Update
In your particular case it looks like SAP means Service Advertising Protocol, which is related to the network. A broadcast is a message which is sent to everybody.
You could capture that one with Wireshark, but you would need a lot of network knowledge to get the filters set up. In this case the term "dump" probably refers to a something similar to a database dump, because SAP uses tables to store lists of services.
We have some computers on which we charge for printing documents. When a user prints, I would like to intercept the print job, prompt them for their username / password so I can charge their account, then allow the print job to continue through to the printer.
How can this be accomplished? Is it possible to write such a utility in .NET?
You really need to look at creating a Port Monitor for this. Far from simple. You could look at RedMon. BTW: Many printer vendors offer solutions to this which use codes that are embedded into the print stream (PCL/PS) and the data is collected and retained on the printer.
For example, Xerox has something called Standard Accounting. When enabled in the driver it embeds PJL codes like this:
#PJL COMMENT OID_ATT_ACCOUNTING_INFORMATION_AVP "XRX_USERID,xxxx";
Once the job has been printed the device makes reference to the user, number of pages etc. which can then be reported on.
The problem you will run into when doing this on the workstation / server is that detecting the number of pages printed can be difficult. If you are trying, for example, to charge by the page you might be able to parse the number of pages from the file, or run through a PCL or PS RIP and determine but if they have a flag for 2up or 4up on the page and that work is done by the printer and not the driver, you will charge the client for 4 pages when they really only printed 1. That is one of the many pitfalls.
I want to write a program which Controls all the web browsing activities on PC.
i.e. Checking all the websites users go to, filtering some of them, ... .
But I have no idea how to capture all the packets, processing them, and even act to some (think of filtering unwanted sites).
Any help, sample code, open source program...?
There are different levels you can put yourself in the middle of the communication:
By implementing a proxy and having the browser connect to the proxy
By implementing a firewall/snooper and handling the raw packets
By implementing a network driver and handling the raw packets
IMHO, number 1 is easiest. Look at SQUID for an example. Number 2 is doable too, take a look at fiddler. You could take a look at the Click Modular Router for option number 3.
Depending on the browser, maybe a simple browser plugin could do?