osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

From Jan Šafránek: 

dftest and randpkt are installed during make install, but they are not
documented in any man page.
This is a start. It's more or less a compilation of information found elsewhere.

svn path=/trunk/; revision=33504
This commit is contained in:
Jaap Keuter 2010-07-13 21:21:38 +00:00
parent db478debbd
commit 526a2946a3
4 changed files with 179 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configure.in
View File

@ -959,10 +959,13 @@ AC_ARG_ENABLE(dftest,
if test "x$enable_dftest" = "xyes" ; then
dftest_bin="dftest\$(EXEEXT)"
dftest_man="dftest.1"
else
dftest_bin=""
dftest_man=""
fi
AC_SUBST(dftest_bin)
AC_SUBST(dftest_man)
# Enable/disable randpkt
@ -974,10 +977,13 @@ AC_ARG_ENABLE(randpkt,
if test "x$enable_randpkt" = "xyes" ; then
randpkt_bin="randpkt\$(EXEEXT)"
randpkt_man="randpkt.1"
else
randpkt_bin=""
randpkt_man=""
fi
AC_SUBST(randpkt_bin)
AC_SUBST(randpkt_man)

39
doc/Makefile.am
View File

@ -70,13 +70,16 @@ man1_MANS = \
@editcap_man@ \
@dumpcap_man@ \
@idl2wrs_man@ \
@rawshark_man@
@rawshark_man@ \
@dftest_man@ \
@randpkt_man@
man4_MANS = @wiresharkfilter_man@
man_MANS =
pkgdata_DATA = AUTHORS-SHORT $(top_srcdir)/docbook/ws.css wireshark.html \
tshark.html wireshark-filter.html capinfos.html editcap.html \
idl2wrs.html mergecap.html text2pcap.html dumpcap.html rawshark.html
idl2wrs.html mergecap.html text2pcap.html dumpcap.html rawshark.html \
dftest.html randpkt.html
#
# Build the short version of the authors file for the about dialog
@ -236,6 +239,32 @@ rawshark.html: rawshark.pod ../config.h $(top_srcdir)/docbook/ws.css
--noindex \
$(srcdir)/rawshark.pod > rawshark.html
dftest.1: dftest.pod ../config.h
$(POD2MAN) \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/dftest.pod > dftest.1
dftest.html: dftest.pod ../config.h $(top_srcdir)/docbook/ws.css
$(POD2HTML) \
--title="dftest - The Wireshark Network Analyzer $(VERSION)" \
--css=$(top_srcdir)/docbook/ws.css \
--noindex \
$(srcdir)/dftest.pod > dftest.html
randpkt.1: randpkt.pod ../config.h
$(POD2MAN) \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/randpkt.pod > randpkt.1
randpkt.html: randpkt.pod ../config.h $(top_srcdir)/docbook/ws.css
$(POD2HTML) \
--title="randpkt - The Wireshark Network Analyzer $(VERSION)" \
--css=$(top_srcdir)/docbook/ws.css \
--noindex \
$(srcdir)/randpkt.pod > randpkt.html
CLEANFILES = \
wireshark-filter.pod \
wireshark.pod \
@ -258,7 +287,11 @@ CLEANFILES = \
idl2wrs.1 \
idl2wrs.html \
rawshark.1 \
rawshark.html
rawshark.html \
dftests.1 \
dftests.html \
randpkt.1 \
randpkt.html
DISTCLEANFILES = \
pod2htmi.tmp \

37
doc/dftest.pod Normal file
View File

@ -0,0 +1,37 @@
=head1 NAME
dftest - Shows display filter byte-code, for debugging dfilter routines.
=head1 SYNOPSIS
B<dftest>
S<[ E<lt>filterE<gt> ]>
=head1 DESCRIPTION
B<dftest> is a simple tool which compiles a display filter and shows its bytecode.
=head1 OPTIONS
=over 4
=item filter
The display filter expression. If needed it has to be quoted.
=back
=head1 EXAMPLES
Show how the IP protocol is filtered:
dftest ip
Shows how frame 150 is filtered:
dftest "frame.number == 150"
=head1 SEE ALSO
wireshark-filter(4)

100
doc/randpkt.pod Normal file
View File

@ -0,0 +1,100 @@
=head1 NAME
randpkt - Random Packet Generator
=head1 SYNOPSIS
B<randpkt>
S<[ B<-b> E<lt>maxbytesE<gt> ]>
S<[ B<-c> E<lt>countE<gt> ]>
S<[ B<-t> E<lt>typeE<gt> ]>
E<lt>filenameE<gt>
=head1 DESCRIPTION
B<randpkt> is a small utility that creates a B<libpcap> trace file
full of random packets.
By creating many randomized packets of a certain type, you can
test packet sniffers to see how well they handle malformed packets.
The sniffer can never trust the data that it sees in the packet because
you can always sniff a very bad packet that conforms to no standard.
B<randpkt> produces I<very bad> packets.
When creating packets of a certain type, B<randpkt> uses a sample
packet that is stored internally to B<randpkt>. It uses this as the
starting point for your random packets, and then adds extra random
bytes to the end of this sample packet.
For example, if you choose to create random ARP packets, B<randpkt>
will create a packet which contains a predetermined Ethernet II header,
with the Type field set to ARP. After the Ethernet II header, it will
put a random number of bytes with random values.
=head1 OPTIONS
=over 4
=item -b E<lt>maxbytesE<gt>
Default 5000.
Defines the maximum number of bytes added to the sample packet.
If you choose a B<maxbytes> value that is less than the size of the
sample packet, then your packets would contain only the sample
packet... not much variance there! B<randpkt> exits on that condition.
=item -c E<lt>countE<gt>
Default 1000.
Defines the number of packets to generate.
=item -t E<lt>typeE<gt>
Default Ethernet II frame.
Defines the type of packet to generate:
arp Address Resolution Protocol
bgp Border Gateway Protocol
bvlc BACnet Virtual Link Control
dns Domain Name Service
eth Ethernet
fddi Fiber Distributed Data Interface
giop General Inter-ORB Protocol
icmp Internet Control Message Protocol
ip Internet Protocol
llc Logical Link Control
m2m WiMAX M2M Encapsulation Protocol
megaco MEGACO
nbns NetBIOS-over-TCP Name Service
ncp2222 NetWare Core Protocol
sctp Stream Control Transmission Protocol
syslog Syslog message
tds TDS NetLib
tcp Transmission Control Protocol
tr Token-Ring
udp User Datagram Protocol
usb Universal Serial Bus
usb-linux Universal Serial Bus with Linux specific header
=back
=head1 EXAMPLES
To see a description of the randpkt options use:
randpkt
To generate a capture file with 1000 DNS packets use:
randpkt -b 500 -t dns rand_dns.pcap
To generate a small capture file with just a single LLC frame use:
randpkt -b 100 -c 1 -t llc single_llc.pcap
=head1 SEE ALSO
pcap(3), editcap(1)