forked from osmocom/wireshark
parent
42a4ebe633
commit
7056661eac
|
@ -41,7 +41,7 @@
|
||||||
*
|
*
|
||||||
* For a time there was an error in iplogging and the ip length, flags, and id
|
* For a time there was an error in iplogging and the ip length, flags, and id
|
||||||
* were byteswapped. We will check for this and handle it before handing to
|
* were byteswapped. We will check for this and handle it before handing to
|
||||||
* ethereal.
|
* wireshark.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static gboolean csids_read(wtap *wth, int *err, gchar **err_info,
|
static gboolean csids_read(wtap *wth, int *err, gchar **err_info,
|
||||||
|
|
|
@ -58,7 +58,7 @@ Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
|
||||||
[.. ]- 48-[02 04]
|
[.. ]- 48-[02 04]
|
||||||
|
|
||||||
|
|
||||||
Alternative HEX only output, slightly more efficient and all ethereal needs:
|
Alternative HEX only output, slightly more efficient and all wireshark needs:
|
||||||
------------------------------------------------------------------------------
|
------------------------------------------------------------------------------
|
||||||
From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
|
From 00-D0-C0-D2-4D-60 [MF1] to AA-00-04-00-FC-94 [PSERVB]
|
||||||
Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
|
Protocol 08-00 00 00-00-00-00-00, 50 byte buffer at 10-OCT-2001 10:20:45.17
|
||||||
|
|
|
@ -160,7 +160,7 @@ static gboolean libpcap_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
|
||||||
* variants use for different encapsulation types, we check what
|
* variants use for different encapsulation types, we check what
|
||||||
* <pcap.h> defined to determine how to interpret them, so that we
|
* <pcap.h> defined to determine how to interpret them, so that we
|
||||||
* interpret them the way the libpcap with which we're building
|
* interpret them the way the libpcap with which we're building
|
||||||
* Ethereal/Wiretap interprets them (which, if it doesn't support
|
* Wireshark/Wiretap interprets them (which, if it doesn't support
|
||||||
* them at all, means we don't support them either - any capture files
|
* them at all, means we don't support them either - any capture files
|
||||||
* using them are foreign, and we don't hazard a guess as to which
|
* using them are foreign, and we don't hazard a guess as to which
|
||||||
* platform they came from; we could, I guess, choose the most likely
|
* platform they came from; we could, I guess, choose the most likely
|
||||||
|
@ -185,7 +185,7 @@ static const struct {
|
||||||
* These are the values that are almost certainly the same
|
* These are the values that are almost certainly the same
|
||||||
* in all libpcaps (I've yet to find one where the values
|
* in all libpcaps (I've yet to find one where the values
|
||||||
* in question are used for some purpose other than the
|
* in question are used for some purpose other than the
|
||||||
* one below, but...), and that Wiretap and Ethereal
|
* one below, but...), and that Wiretap and Wireshark
|
||||||
* currently support.
|
* currently support.
|
||||||
*/
|
*/
|
||||||
{ 0, WTAP_ENCAP_NULL }, /* null encapsulation */
|
{ 0, WTAP_ENCAP_NULL }, /* null encapsulation */
|
||||||
|
@ -227,7 +227,7 @@ static const struct {
|
||||||
* I also don't see anything immediately obvious that munges
|
* I also don't see anything immediately obvious that munges
|
||||||
* the address field for sync PPP, either.
|
* the address field for sync PPP, either.
|
||||||
*
|
*
|
||||||
* Ethereal currently assumes that if the first octet of a
|
* Wireshark currently assumes that if the first octet of a
|
||||||
* PPP frame is 0xFF, it's the address field and is followed
|
* PPP frame is 0xFF, it's the address field and is followed
|
||||||
* by a control field and a 2-byte protocol, otherwise the
|
* by a control field and a 2-byte protocol, otherwise the
|
||||||
* address and control fields are absent and the frame begins
|
* address and control fields are absent and the frame begins
|
||||||
|
@ -272,7 +272,7 @@ static const struct {
|
||||||
/*
|
/*
|
||||||
* These are the values that libpcap 0.5 and later use in
|
* These are the values that libpcap 0.5 and later use in
|
||||||
* capture file headers, in an attempt to work around the
|
* capture file headers, in an attempt to work around the
|
||||||
* confusion decried above, and that Wiretap and Ethereal
|
* confusion decried above, and that Wiretap and Wireshark
|
||||||
* currently support.
|
* currently support.
|
||||||
*/
|
*/
|
||||||
{ 100, WTAP_ENCAP_ATM_RFC1483 },
|
{ 100, WTAP_ENCAP_ATM_RFC1483 },
|
||||||
|
@ -430,7 +430,7 @@ static const struct {
|
||||||
*
|
*
|
||||||
* We put these *after* the entries for the platform-independent
|
* We put these *after* the entries for the platform-independent
|
||||||
* libpcap type values for those Wiretap encapsulation types, so
|
* libpcap type values for those Wiretap encapsulation types, so
|
||||||
* that Ethereal chooses the platform-independent libpcap type
|
* that Wireshark chooses the platform-independent libpcap type
|
||||||
* value for those encapsulatioin types, not the platform-dependent
|
* value for those encapsulatioin types, not the platform-dependent
|
||||||
* one.
|
* one.
|
||||||
*/
|
*/
|
||||||
|
@ -468,7 +468,7 @@ static const struct {
|
||||||
*
|
*
|
||||||
* We don't yet handle DLT_C_HDLC, but we can handle DLT_LOOP
|
* We don't yet handle DLT_C_HDLC, but we can handle DLT_LOOP
|
||||||
* (it's just like DLT_NULL, only with the AF_ value in network
|
* (it's just like DLT_NULL, only with the AF_ value in network
|
||||||
* rather than host byte order - Ethereal figures out the
|
* rather than host byte order - Wireshark figures out the
|
||||||
* byte order from the data, so we don't care what byte order
|
* byte order from the data, so we don't care what byte order
|
||||||
* it's in), so if DLT_LOOP is defined as 12, interpret 12
|
* it's in), so if DLT_LOOP is defined as 12, interpret 12
|
||||||
* as WTAP_ENCAP_NULL, otherwise, unless DLT_C_HDLC is defined
|
* as WTAP_ENCAP_NULL, otherwise, unless DLT_C_HDLC is defined
|
||||||
|
@ -762,7 +762,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
|
||||||
* in AIX libpcap rather than PPP in standard libpcap, as
|
* in AIX libpcap rather than PPP in standard libpcap, as
|
||||||
* you're probably more likely to be handing an AIX libpcap
|
* you're probably more likely to be handing an AIX libpcap
|
||||||
* token-ring capture than an old (pre-libpcap 0.4) PPP capture
|
* token-ring capture than an old (pre-libpcap 0.4) PPP capture
|
||||||
* to Ethereal.
|
* to Wireshark.
|
||||||
*/
|
*/
|
||||||
aix = FALSE; /* assume it's not AIX */
|
aix = FALSE; /* assume it's not AIX */
|
||||||
if (hdr.version_major == 2 && hdr.version_minor == 2) {
|
if (hdr.version_major == 2 && hdr.version_minor == 2) {
|
||||||
|
@ -883,7 +883,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
|
||||||
* RH 6.1 has a tcpdump that writes out files that can't
|
* RH 6.1 has a tcpdump that writes out files that can't
|
||||||
* be read by any software that expects non-modified headers
|
* be read by any software that expects non-modified headers
|
||||||
* if the magic number isn't the modified magic number (e.g.,
|
* if the magic number isn't the modified magic number (e.g.,
|
||||||
* any normal version of tcpdump, and Ethereal if we don't
|
* any normal version of tcpdump, and Wireshark if we don't
|
||||||
* do this gross heuristic).
|
* do this gross heuristic).
|
||||||
*
|
*
|
||||||
* If this file had the modified magic number, it may be
|
* If this file had the modified magic number, it may be
|
||||||
|
|
|
@ -490,7 +490,7 @@ gboolean network_instruments_dump_open(wtap_dumper *wdh, gboolean cant_seek, int
|
||||||
time(&system_time);
|
time(&system_time);
|
||||||
current_time = localtime(&system_time);
|
current_time = localtime(&system_time);
|
||||||
memset(&comment, 0x00, sizeof(comment));
|
memset(&comment, 0x00, sizeof(comment));
|
||||||
sprintf(comment, "This capture was saved from Ethereal on %s", asctime(current_time));
|
sprintf(comment, "This capture was saved from Wireshark on %s", asctime(current_time));
|
||||||
|
|
||||||
/* create the file header */
|
/* create the file header */
|
||||||
if (fseek(wdh->fh, 0, SEEK_SET) == -1) {
|
if (fseek(wdh->fh, 0, SEEK_SET) == -1) {
|
||||||
|
|
|
@ -651,7 +651,7 @@ static gboolean visual_dump_close(wtap_dumper *wdh, int *err)
|
||||||
vfile_hdr.max_length = htoles(65535);
|
vfile_hdr.max_length = htoles(65535);
|
||||||
vfile_hdr.file_flags = htoles(1); /* indexes are present */
|
vfile_hdr.file_flags = htoles(1); /* indexes are present */
|
||||||
vfile_hdr.file_version = htoles(1);
|
vfile_hdr.file_version = htoles(1);
|
||||||
strcpy(vfile_hdr.description, "Ethereal file");
|
strcpy(vfile_hdr.description, "Wireshark file");
|
||||||
|
|
||||||
/* Translate the encapsulation type */
|
/* Translate the encapsulation type */
|
||||||
switch (wdh->encap)
|
switch (wdh->encap)
|
||||||
|
|
Loading…
Reference in New Issue