Setting ESP Preferences from commandline using tshark - wireshark

There is a scripting need where i have to set the ESP preferences using tshark commandline. Does any one have idea how to pass this preferences from tshark commandline Ex: below
tshark -R "sip" -2 -r 131104_pcap.pcap -o esp.enable_null_encryption_decode_heuristic:true
I tried using the above command but getting the error "unknown preference" (May be because -o specifies change in preferences rather than esap_sa) I am using wireshark 1.8 on my pc. I see a file esp_sa in \Appdata\wireshark\ with below line "IPv4","","","*","AES-CBC [RFC3602]","0x3732297C3619A67029FA2C045869EDE1","HMAC-MD5-96 [RFC2403]","0x2B9F652AC3C0E6AEF19B82B060F28E6A" after adding the same from GUI. Also i see preferences file in the same location
So Is there any way to change this esp_qa using tshark line ??

The above command (with, of course, a different SIP capture file) works with my 1.8 version of tshark (i.e. no "unknown preference" message).
So: is this a "regions and languages" localization issue ?
Are you able to specify any preference ? For example:
tshark -o tcp.summary_in_tree:false

Related

Using lcov with gcc-8

I am trying to determine my testcoverage. To do this I compile my program with a newer version of gcc:
CC=/usr/local/gcc8/bin/gcc FC=/usr/local/gcc8/bin/gfortran ./configure.sh -external cmake -d
After compiling this with the --coverage option I run my tests and this creates *.gcda, *.gcno and *.o.provides.build files. And if I run something like:
> $ /usr/local/gcc8/bin/gcov slab_dim.f90.gcda [±develop ●]
File '/Local/tmp/fleur/cdn/slab_dim.f90'
Lines executed:0.00% of 17
Creating 'slab_dim.f90.gcov'
Which shows me, that gcov runs fine. However if I try to run lcov on these results:
lcov -t "result" -o ex_test.info -c -d CMakeFiles/
I get error messages like these for every file:
Processing fleur.dir/hybrid/gen_wavf.F90.gcda
/Local/tmp/fleur/build.debug/CMakeFiles/fleur.dir/hybrid/gen_wavf.F90.gcno:version 'A82*', prefer '408R'
/Local/tmp/fleur/build.debug/CMakeFiles/fleur.dir/hybrid/gen_wavf.F90.gcno:no functions found
geninfo: WARNING: gcov did not create any files for /Local/tmp/fleur/build.debug/CMakeFiles/fleur.dir/hybrid/gen_wavf.F90.gcda!
This is the same error message I get when I use the systems standard /usr/bin/gcov
This leads me to believe that lcov calls the old gcov rather than the new one. How do I force gcov to use the new version?
The simplest solution I found was to run /usr/bin/gcov-8 instead of /usr/bin/gcov.
The $PATH environment variable needs to be to extended by /usr/local/gcc8/bin/
The source of the error is clear, from the fact that you get the same result by using /usr/bin/gcov. /usr/bin/gcov should be a link to a binary from the installed compiler, but in your case the link doesn't point to a binary within gcc 8.2 installation.
You can delete the link and re-create it to point to the correct gcov or you can setup something like update-alternatives to change the version of gcov when you change the default compiler.
The previous answer should work as well if you have a binary called gcov in /usr/local/gcc8/bin, because if you add that path, into your environment PATH first, it will be selected first.

make an lp script into functioning printer

I'm trying to print to separate printers simultaneously in Ubuntu 14.04
From all of my reading the best option I've seen is to write a script
that sends an lp command to the separate printers.
This is the script I've written so far
!/bin/bash
lp -d printer "$#"
lp -d printer2 "$#"
where printer and printer 2 are the actual printers installed on the system
This script works from a terminal, however I would like to be able to send print jobs directly to a "printer" that is actually the script I've written.
How can I make this lp script into a "printer"
Ok I didn't find a way to do this the way I originally intended, however it is possible with tea4CUPS
great cups backend tool with an easy config file
http://www.pykota.com/software/tea4cups/download
The install instructions are on the download page.
As for printing to multiple printers, add this command in the config file for every printer you wish to print to.
prehook_firstprinter: /usr/bin/lp -d Name of Printer -o raw $TEADATAFILE
Here are the simplest instructions I could write
1. download the tea4cups.gz
Extract it to the home folder, rename it to tea4cups
Open a terminal and run these commands
sudo cp /home/manifester/tea4cups/tea4cups.conf /etc/cups
sudo cp /home/manifester/tea4cups/tea4cups /usr/lib/cups/backend/
sudo chmod 700 /usr/lib/cups/backend/tea4cups
Run this command
sudo gedit /etc/cups/tea4cups.conf
Paste this in the bottom of the document
prehook_firstprinter: /usr/bin/lp -d Name of Printer yes the literal name in the printer window -o raw $TEADATAFILE
you will need a new line for every printer you have, so if you want to print to 3 printers you will need three of the above line each having the name of the printer it will be talking to.
save and close everything
open a terminal and run
sudo service cups restart
open a web browser and go to the browser cups controller
http://localhost:631/admin
go to Add Printer
you should see a printer named "tea4CUPSnothing"
If you don't see it go back and press "Find Printers"
it should be there
Change the info of the printer to "Print all" for all type fields"
Press Continue
The generic printer driver works because the printer doesn't actually exist.
Press Continue
Set Defaults
you should be done, go to your printer window on ubuntu and do a test print.

How to extract the "info" field from a pcap file?

I have a pcap file with me and I opened it in Wireshark, I want to extract a specific field basically the "Info" field from the pcap trace and port it to a text file, which I can then parse and use for data analysis. I looked up certain StackOverflow posts and those posts mentioned to use TShark, but I couldn't find any way of extracting the "info" field using TShark. It would be great if someone could point me to an automated way of dumping field specific data to a text file. I have also pasted the image of the wireshark dump for convenience.
With tshark version 1.12.0 or later:
tshark -r inFile.pcap -T fields -e _ws.col.Info > outFile.csv
tshark -r FILE -T fields -e col.info
All of these options are documented in the manual: http://www.wireshark.org/docs/man-pages/tshark.html

start capturing with command line in libpcap format

I try to start capturing with Wireshark using command line but the default output file is pcap extension but Wireshark - pcapng file type and I need libpcap file type.
My command is
tshark.exe" -i interfacenumber -W MyFile.pcap
I also tried
tshark.exe" -i 1 -F libpcap -W MyFile.pcap
and in this case no file created on my disk although I can see the packets in the command line window
tshark.exe -i 1 -F libpcap -w MyFile.pcap`
is the right answer (note the lower case 'w').
(-W does something different. There's lot's of tshark options, so you need to look carefully at the tshark -h output to make sure you're using the right option).
Since the -F libpcap option is not working for me either, I'm using another command line tool in the same directory:
editcap -F libpcap currentFile.pcap(ng) libpcapConvertedFile.pcap where "currentFile.whatever" is the pcapng-formatted file and "libpcapConvertedFile.whatever" is the outputted legacy libpcap format.
I run this once tshark is done capturing the original file.
I think that in the newest Wireshark versions (1.8.x or 1.10.x) you cannot start capturing in libpcap format and the default format is pcapng (also pcap extension - try to use verion 1.6.x)
That's what solve my problem
http://www.wireshark.org/download/win64/all-versions/
http://www.wireshark.org/download/win32/all-versions/

gedit cannot open shoes2.run

I've just downloaded shoes but can't get them out the box.
double clicked on shoes2.run in ubuntu intrepid and gedit opened with the following message:
Could not open the file /home/mark/Marks files/2…ng/Programming/shoes2.run using the Unicode (UTF-8) character coding.
Please check that you are not trying to open a binary file.
Select a different character coding from the menu and try again.
It offered a dropdown with 2 options and a retry button:
Current locale (UTF-8)
Western (ISO-8859-15)
Neither of them are recognized.
How do i get it running?
m-
I had this same problem. try sudo chmoding the file :
sudo chmod 777 shoes2.run
then try running it as a script
./shoes2.run
that should work.
I am still trying to get shoes2 in my path so I can run it easily like the previous version (which I got through apt-get) right now I have to run it as a script each time I use it.
Good Luck!

Resources