forked from osmocom/wireshark
Docs+Packaging: Convert our man pages to Asciidoctor.
Convert doc/*.pod to Asciidoctor. This: * Means we use the same markup for our man pages, the guides, and release notes. * Lets us add versions to our man pages. * Gives us more formatting options, e.g. AsciiDoc supports `commands`, nested lists and makes it easy to include version information. The manpage backend doesn't seem to support tables very well, unfortunately. Convert our CMake configuration to produce *roff and html man pages using Asciidoctor. Add a "manarg" block macro which makes our synopses wrap correctly. Similar to the release notes, guides, and FAQ, if Asciidoctor isn't found the man pages won't be generated or installed. Move Asciidoctor to the list of package build dependencies in various places. This commit includes the conversion script (pod2adoc.py), which will be removed later. Line count sanity check: Man page .pod .adoc androiddump 260 280 asn2deb 93 105 capinfos 401 471 captype 54 55 ciscodump 241 269 dftest 42 42 dpauxmon 153 169 dumpcap 464 534 editcap 528 583 etwdump 136 156 extcap 157 181 idl2deb 91 103 idl2wrs 120 100 mergecap 206 207 mmdbresolve 75 75 randpkt 107 111 randpktdump 158 184 rawshark 558 610 reordercap 76 78 sdjournal 145 157 sshdump 272 302 text2pcap 274 312 tshark 2135 2360 udpdump 133 151 wireshark-filter 486 479 wireshark 2967 3420
This commit is contained in:
parent
9f1607ab47
commit
84ab55cf75
|
@ -1345,8 +1345,6 @@ ws_find_package(WinSparkle ENABLE_WINSPARKLE HAVE_SOFTWARE_UPDATE)
|
|||
|
||||
find_package( Asciidoctor 1.5 )
|
||||
|
||||
find_package(POD REQUIRED)
|
||||
|
||||
find_package(DOXYGEN)
|
||||
|
||||
# The SpeexDSP resampler is required iff building wireshark or sharkd.
|
||||
|
@ -1939,41 +1937,45 @@ set(INSTALL_FILES
|
|||
smi_modules
|
||||
wka
|
||||
docbook/ws.css
|
||||
${CMAKE_BINARY_DIR}/doc/AUTHORS-SHORT
|
||||
${CMAKE_BINARY_DIR}/doc/androiddump.html
|
||||
${CMAKE_BINARY_DIR}/doc/udpdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/capinfos.html
|
||||
${CMAKE_BINARY_DIR}/doc/captype.html
|
||||
${CMAKE_BINARY_DIR}/doc/ciscodump.html
|
||||
${CMAKE_BINARY_DIR}/doc/dftest.html
|
||||
${CMAKE_BINARY_DIR}/doc/dumpcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/editcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/extcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/mergecap.html
|
||||
${CMAKE_BINARY_DIR}/doc/randpkt.html
|
||||
${CMAKE_BINARY_DIR}/doc/randpktdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/etwdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/rawshark.html
|
||||
${CMAKE_BINARY_DIR}/doc/reordercap.html
|
||||
${CMAKE_BINARY_DIR}/doc/sshdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/text2pcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/tshark.html
|
||||
${CMAKE_BINARY_DIR}/doc/wireshark.html
|
||||
${CMAKE_BINARY_DIR}/doc/wireshark-filter.html
|
||||
)
|
||||
|
||||
if(MAXMINDDB_FOUND)
|
||||
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/mmdbresolve.html)
|
||||
endif()
|
||||
|
||||
if (BUILD_corbaidl2wrs)
|
||||
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/idl2wrs.html)
|
||||
endif()
|
||||
if (BUILD_xxx2deb)
|
||||
if (ASCIIDOCTOR_FOUND)
|
||||
list(APPEND INSTALL_FILES
|
||||
${CMAKE_BINARY_DIR}/doc/asn2deb.html
|
||||
${CMAKE_BINARY_DIR}/doc/idl2deb.html
|
||||
${CMAKE_BINARY_DIR}/doc/AUTHORS-SHORT
|
||||
${CMAKE_BINARY_DIR}/doc/androiddump.html
|
||||
${CMAKE_BINARY_DIR}/doc/udpdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/capinfos.html
|
||||
${CMAKE_BINARY_DIR}/doc/captype.html
|
||||
${CMAKE_BINARY_DIR}/doc/ciscodump.html
|
||||
${CMAKE_BINARY_DIR}/doc/dftest.html
|
||||
${CMAKE_BINARY_DIR}/doc/dumpcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/editcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/extcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/mergecap.html
|
||||
${CMAKE_BINARY_DIR}/doc/randpkt.html
|
||||
${CMAKE_BINARY_DIR}/doc/randpktdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/etwdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/rawshark.html
|
||||
${CMAKE_BINARY_DIR}/doc/reordercap.html
|
||||
${CMAKE_BINARY_DIR}/doc/sshdump.html
|
||||
${CMAKE_BINARY_DIR}/doc/text2pcap.html
|
||||
${CMAKE_BINARY_DIR}/doc/tshark.html
|
||||
${CMAKE_BINARY_DIR}/doc/wireshark.html
|
||||
${CMAKE_BINARY_DIR}/doc/wireshark-filter.html
|
||||
)
|
||||
if(MAXMINDDB_FOUND)
|
||||
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/mmdbresolve.html)
|
||||
endif()
|
||||
|
||||
if (BUILD_corbaidl2wrs)
|
||||
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/idl2wrs.html)
|
||||
endif()
|
||||
if (BUILD_xxx2deb)
|
||||
list(APPEND INSTALL_FILES
|
||||
${CMAKE_BINARY_DIR}/doc/asn2deb.html
|
||||
${CMAKE_BINARY_DIR}/doc/idl2deb.html
|
||||
)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(NOT WIN32)
|
||||
|
|
|
@ -39,12 +39,14 @@ if(ASCIIDOCTOR_EXECUTABLE)
|
|||
set (_asciidoctor_common_args
|
||||
# Doesn't work with AsciidoctorJ?
|
||||
# --failure-level=WARN
|
||||
# --trace
|
||||
--attribute build_dir=${CMAKE_CURRENT_BINARY_DIR}
|
||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/ws_utils.rb
|
||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/commaize-block.rb
|
||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/cveidlink-inline-macro.rb
|
||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/wsbuglink-inline-macro.rb
|
||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/wssalink-inline-macro.rb
|
||||
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/ws_utils.rb
|
||||
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/commaize-block.rb
|
||||
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/cveidlink-inline-macro.rb
|
||||
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/manarg-block.rb
|
||||
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb
|
||||
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/wssalink-inline-macro.rb
|
||||
)
|
||||
|
||||
set(_asciidoctor_common_command
|
||||
|
@ -83,7 +85,7 @@ if(ASCIIDOCTOR_EXECUTABLE)
|
|||
unset(_output_xml)
|
||||
ENDMACRO()
|
||||
|
||||
# Currently single page only.
|
||||
# Single page only, for the release notes and man pages.
|
||||
MACRO( ASCIIDOCTOR2HTML _asciidocsource )
|
||||
GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE )
|
||||
set( _output_html ${_source_base_name}.html )
|
||||
|
@ -124,6 +126,27 @@ if(ASCIIDOCTOR_EXECUTABLE)
|
|||
unset(_output_txt)
|
||||
ENDMACRO()
|
||||
|
||||
# Single page only, for the release notes and man pages.
|
||||
MACRO( ASCIIDOCTOR2MAN _asciidocsource _man_section)
|
||||
GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE )
|
||||
set( _output_man ${_source_base_name}.${_man_section} )
|
||||
|
||||
ADD_CUSTOM_COMMAND(
|
||||
OUTPUT
|
||||
${_output_man}
|
||||
COMMAND ${_asciidoctor_common_command}
|
||||
--backend manpage
|
||||
--out-file ${_output_man}
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource}
|
||||
DEPENDS
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource}
|
||||
${ARGN}
|
||||
)
|
||||
add_custom_target(generate_${_output_man} DEPENDS ${_output_man})
|
||||
set_asciidoctor_target_properties(generate_${_output_man})
|
||||
unset(_output_man)
|
||||
ENDMACRO()
|
||||
|
||||
# news: release-notes.txt
|
||||
# ${CMAKE_COMMAND} -E copy_if_different release-notes.txt ../NEWS
|
||||
|
||||
|
|
|
@ -1,84 +0,0 @@
|
|||
#
|
||||
# - Find pod2man and pod2html.
|
||||
#
|
||||
|
||||
find_program(POD2MAN_EXECUTABLE
|
||||
NAMES
|
||||
pod2man
|
||||
pod2man.bat
|
||||
PATHS
|
||||
/bin
|
||||
/usr/bin
|
||||
/usr/local/bin
|
||||
/sbin
|
||||
)
|
||||
|
||||
find_program(POD2HTML_EXECUTABLE
|
||||
NAMES
|
||||
pod2html
|
||||
pod2html.bat
|
||||
PATHS
|
||||
/bin
|
||||
/usr/bin
|
||||
/usr/local/bin
|
||||
/sbin
|
||||
)
|
||||
|
||||
# handle the QUIETLY and REQUIRED arguments and set POD2HTML_FOUND to TRUE if
|
||||
# all listed variables are TRUE
|
||||
include(FindPackageHandleStandardArgs)
|
||||
find_package_handle_standard_args(POD DEFAULT_MSG POD2MAN_EXECUTABLE POD2HTML_EXECUTABLE)
|
||||
|
||||
mark_as_advanced(
|
||||
POD2MAN_EXECUTABLE
|
||||
POD2HTML_EXECUTABLE
|
||||
)
|
||||
|
||||
# run pod2man and pod2html
|
||||
macro(pod2manhtml _sourcefile _manext)
|
||||
get_filename_component(_basefile ${_sourcefile} NAME)
|
||||
set(_outman ${_basefile}.${_manext})
|
||||
set(_outhtml ${_basefile}.html)
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT
|
||||
${_outman}
|
||||
COMMAND
|
||||
${PERL_EXECUTABLE} ${POD2MAN_EXECUTABLE}
|
||||
--section=${_manext}
|
||||
--center=\"The Wireshark Network Analyzer\"
|
||||
--release=${PROJECT_VERSION}
|
||||
${_sourcefile}.pod
|
||||
> ${_outman}
|
||||
DEPENDS
|
||||
${_sourcefile}.pod
|
||||
)
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT
|
||||
${_outhtml}
|
||||
COMMAND
|
||||
${PERL_EXECUTABLE} ${POD2HTML_EXECUTABLE}
|
||||
--title=\"${_basefile} - The Wireshark Network Analyzer ${CPACK_PACKAGE_VERSION}\"
|
||||
--css=ws.css
|
||||
--noindex
|
||||
${_sourcefile}.pod
|
||||
> ${_outhtml}
|
||||
DEPENDS
|
||||
${_sourcefile}.pod
|
||||
${CMAKE_SOURCE_DIR}/docbook/ws.css
|
||||
)
|
||||
endmacro(pod2manhtml)
|
||||
|
||||
#
|
||||
# Editor modelines - https://www.wireshark.org/tools/modelines.html
|
||||
#
|
||||
# Local variables:
|
||||
# c-basic-offset: 8
|
||||
# tab-width: 8
|
||||
# indent-tabs-mode: t
|
||||
# End:
|
||||
#
|
||||
# vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
||||
# :indentSize=8:tabSize=8:noTabs=false:
|
||||
#
|
|
@ -7,6 +7,8 @@
|
|||
# SPDX-License-Identifier: GPL-2.0-or-later
|
||||
#
|
||||
|
||||
find_package( Asciidoctor 1.5 )
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT AUTHORS-SHORT
|
||||
COMMAND ${PERL_EXECUTABLE}
|
||||
|
@ -18,98 +20,69 @@ add_custom_command(
|
|||
${CMAKE_SOURCE_DIR}/AUTHORS
|
||||
)
|
||||
|
||||
set(MAN1_INSTALL_FILES)
|
||||
set(MAN4_INSTALL_FILES)
|
||||
set(HTML_INSTALL_FILES)
|
||||
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/wireshark 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/androiddump 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/capinfos 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/captype 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/ciscodump 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dftest 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dumpcap 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/editcap 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mergecap 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/randpkt 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/randpktdump 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/etwdump 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/rawshark 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/reordercap 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sshdump 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/text2pcap 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/tshark 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/udpdump 1)
|
||||
macro (ASCIIDOCTOR2MANHTML _page_name _man_section)
|
||||
if(ASCIIDOCTOR_FOUND)
|
||||
ASCIIDOCTOR2HTML(${_page_name}.adoc)
|
||||
ASCIIDOCTOR2MAN(${_page_name}.adoc ${_man_section})
|
||||
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/extcap 4)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/wireshark-filter 4)
|
||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.html)
|
||||
if (${_man_section} EQUAL 1)
|
||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
|
||||
elseif (${_man_section} EQUAL 4)
|
||||
list(APPEND MAN4_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
|
||||
else()
|
||||
message(FATAL_ERROR "Unsupported manual page section ${_man_section} for ${_page_name}")
|
||||
endif()
|
||||
endif()
|
||||
endmacro()
|
||||
|
||||
ASCIIDOCTOR2MANHTML(wireshark 1)
|
||||
ASCIIDOCTOR2MANHTML(androiddump 1)
|
||||
ASCIIDOCTOR2MANHTML(capinfos 1)
|
||||
ASCIIDOCTOR2MANHTML(captype 1)
|
||||
ASCIIDOCTOR2MANHTML(ciscodump 1)
|
||||
ASCIIDOCTOR2MANHTML(dftest 1)
|
||||
ASCIIDOCTOR2MANHTML(dumpcap 1)
|
||||
ASCIIDOCTOR2MANHTML(editcap 1)
|
||||
ASCIIDOCTOR2MANHTML(mergecap 1)
|
||||
ASCIIDOCTOR2MANHTML(randpkt 1)
|
||||
ASCIIDOCTOR2MANHTML(randpktdump 1)
|
||||
ASCIIDOCTOR2MANHTML(etwdump 1)
|
||||
ASCIIDOCTOR2MANHTML(rawshark 1)
|
||||
ASCIIDOCTOR2MANHTML(reordercap 1)
|
||||
ASCIIDOCTOR2MANHTML(sshdump 1)
|
||||
ASCIIDOCTOR2MANHTML(text2pcap 1)
|
||||
ASCIIDOCTOR2MANHTML(tshark 1)
|
||||
ASCIIDOCTOR2MANHTML(udpdump 1)
|
||||
|
||||
ASCIIDOCTOR2MANHTML(extcap 4)
|
||||
ASCIIDOCTOR2MANHTML(wireshark-filter 4)
|
||||
|
||||
if(BUILD_dpauxmon AND HAVE_LIBNL3)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dpauxmon 1)
|
||||
ASCIIDOCTOR2MANHTML(dpauxmon 1)
|
||||
endif()
|
||||
|
||||
if(BUILD_sdjournal AND SYSTEMD_FOUND)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sdjournal 1)
|
||||
ASCIIDOCTOR2MANHTML(sdjournal 1)
|
||||
endif()
|
||||
|
||||
if(MAXMINDDB_FOUND)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mmdbresolve 1)
|
||||
ASCIIDOCTOR2MANHTML(mmdbresolve 1)
|
||||
endif()
|
||||
|
||||
if (BUILD_corbaidl2wrs)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/idl2wrs 1)
|
||||
ASCIIDOCTOR2MANHTML(idl2wrs 1)
|
||||
endif()
|
||||
|
||||
if (BUILD_xxx2deb)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/asn2deb 1)
|
||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/idl2deb 1)
|
||||
ASCIIDOCTOR2MANHTML(asn2deb 1)
|
||||
ASCIIDOCTOR2MANHTML(idl2deb 1)
|
||||
endif()
|
||||
|
||||
set(MAN1_INSTALL_FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/androiddump.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/capinfos.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/captype.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/dftest.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/dumpcap.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/editcap.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/mergecap.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/randpkt.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/randpktdump.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/etwdump.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/rawshark.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/reordercap.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/sshdump.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/text2pcap.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/tshark.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/udpdump.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark.1
|
||||
)
|
||||
|
||||
if(BUILD_dpauxmon AND HAVE_LIBNL3)
|
||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.1)
|
||||
endif()
|
||||
|
||||
if(BUILD_sdjournal AND SYSTEMD_FOUND)
|
||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.1)
|
||||
endif()
|
||||
|
||||
if(MAXMINDDB_FOUND)
|
||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.1)
|
||||
endif()
|
||||
|
||||
if (BUILD_corbaidl2wrs)
|
||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.1)
|
||||
endif()
|
||||
if (BUILD_xxx2deb)
|
||||
list(APPEND MAN1_INSTALL_FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/asn2deb.1
|
||||
${CMAKE_CURRENT_BINARY_DIR}/idl2deb.1
|
||||
)
|
||||
endif()
|
||||
|
||||
set(MAN4_INSTALL_FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/extcap.4
|
||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark-filter.4
|
||||
)
|
||||
|
||||
set(BUNDLE_RESOURCE_SHARE_MAN1_FILES ${MAN1_INSTALL_FILES} PARENT_SCOPE)
|
||||
set(BUNDLE_RESOURCE_SHARE_MAN4_FILES ${MAN4_INSTALL_FILES} PARENT_SCOPE)
|
||||
|
||||
|
@ -118,52 +91,6 @@ add_custom_target(manpages DEPENDS
|
|||
${MAN4_INSTALL_FILES}
|
||||
)
|
||||
|
||||
set(HTML_INSTALL_FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/androiddump.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/capinfos.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/captype.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/dftest.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/dumpcap.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/editcap.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/extcap.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/mergecap.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/randpkt.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/randpktdump.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/etwdump.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/rawshark.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/reordercap.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/sshdump.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/text2pcap.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/tshark.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/udpdump.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark-filter.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark.html
|
||||
)
|
||||
|
||||
if(BUILD_dpauxmon AND HAVE_LIBNL3)
|
||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.html)
|
||||
endif()
|
||||
|
||||
if(BUILD_sdjournal AND SYSTEMD_FOUND)
|
||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.html)
|
||||
endif()
|
||||
|
||||
if(MAXMINDDB_FOUND)
|
||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.html)
|
||||
endif()
|
||||
|
||||
if (BUILD_corbaidl2wrs)
|
||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.html)
|
||||
endif()
|
||||
if (BUILD_xxx2deb)
|
||||
list(APPEND HTML_INSTALL_FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/asn2deb.html
|
||||
${CMAKE_CURRENT_BINARY_DIR}/idl2deb.html
|
||||
)
|
||||
endif()
|
||||
|
||||
add_custom_target(
|
||||
docs ALL
|
||||
DEPENDS
|
||||
|
@ -174,19 +101,21 @@ add_custom_target(
|
|||
)
|
||||
set_target_properties(docs PROPERTIES FOLDER "Docs")
|
||||
|
||||
install(
|
||||
FILES
|
||||
${MAN1_INSTALL_FILES}
|
||||
DESTINATION
|
||||
${CMAKE_INSTALL_MANDIR}/man1
|
||||
)
|
||||
if(ASCIIDOCTOR_FOUND)
|
||||
install(
|
||||
FILES
|
||||
${MAN1_INSTALL_FILES}
|
||||
DESTINATION
|
||||
${CMAKE_INSTALL_MANDIR}/man1
|
||||
)
|
||||
|
||||
install(
|
||||
FILES
|
||||
${MAN4_INSTALL_FILES}
|
||||
DESTINATION
|
||||
${CMAKE_INSTALL_MANDIR}/man4
|
||||
)
|
||||
install(
|
||||
FILES
|
||||
${MAN4_INSTALL_FILES}
|
||||
DESTINATION
|
||||
${CMAKE_INSTALL_MANDIR}/man4
|
||||
)
|
||||
endif()
|
||||
|
||||
#
|
||||
# Installation of HTML manuals is done
|
||||
|
|
|
@ -1,55 +1,61 @@
|
|||
=begin man
|
||||
= androiddump(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
androiddump - Provide interfaces to capture from Android devices
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<androiddump>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-version> ]>
|
||||
S<[ B<--debug> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--adb-server-ip>=E<lt>IP addressE<gt> ]>
|
||||
S<[ B<--adb-server-tcp-port>=E<lt>TCP portE<gt> ]>
|
||||
S<[ B<--logcat-text>=E<lt>TRUE or FALSEE<gt> ]>
|
||||
S<[ B<--bt-server-tcp-port>=E<lt>TCP portE<gt> ]>
|
||||
S<[ B<--bt-forward-socket>=E<lt>TRUE or FALSEE<gt> ]>
|
||||
S<[ B<--bt-local-ip>=E<lt>IP addressE<gt> ]>
|
||||
S<[ B<--bt-local-tcp-port>=E<lt>TCP portE<gt> ]>
|
||||
[manarg]
|
||||
*androiddump*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-version* ]
|
||||
[ *--debug* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--adb-server-ip*=<IP address> ]
|
||||
[ *--adb-server-tcp-port*=<TCP port> ]
|
||||
[ *--logcat-text*=<TRUE or FALSE> ]
|
||||
[ *--bt-server-tcp-port*=<TCP port> ]
|
||||
[ *--bt-forward-socket*=<TRUE or FALSE> ]
|
||||
[ *--bt-local-ip*=<IP address> ]
|
||||
[ *--bt-local-tcp-port*=<TCP port> ]
|
||||
|
||||
B<androiddump>
|
||||
S< B<--extcap-interfaces> >
|
||||
S<[ B<--adb-server-ip>=E<lt>IP addressE<gt> ]>
|
||||
S<[ B<--adb-server-tcp-port>=E<lt>TCP portE<gt> ]>
|
||||
[manarg]
|
||||
*androiddump*
|
||||
*--extcap-interfaces*
|
||||
[ *--adb-server-ip*=<IP address> ]
|
||||
[ *--adb-server-tcp-port*=<TCP port> ]
|
||||
|
||||
B<androiddump>
|
||||
S< B<--extcap-interface>=E<lt>interfaceE<gt> >
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
[manarg]
|
||||
*androiddump*
|
||||
*--extcap-interface*=<interface>
|
||||
[ *--extcap-dlts* ]
|
||||
|
||||
B<androiddump>
|
||||
S< B<--extcap-interface>=E<lt>interfaceE<gt> >
|
||||
S<[ B<--extcap-config> ]>
|
||||
[manarg]
|
||||
*androiddump*
|
||||
*--extcap-interface*=<interface>
|
||||
[ *--extcap-config* ]
|
||||
|
||||
B<androiddump>
|
||||
S< B<--extcap-interface>=E<lt>interfaceE<gt> >
|
||||
S< B<--fifo>=E<lt>path to file or pipeE<gt> >
|
||||
S< B<--capture> >
|
||||
[manarg]
|
||||
*androiddump*
|
||||
*--extcap-interface*=<interface>
|
||||
*--fifo*=<path to file or pipe>
|
||||
*--capture*
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Androiddump> is a extcap tool that provide interfaces to capture from
|
||||
*Androiddump* is a extcap tool that provide interfaces to capture from
|
||||
Android device. There is only two requirements:
|
||||
|
||||
1. You must have Android SDK and add it PATH environment variable.
|
||||
|
@ -60,115 +66,132 @@ https://developer.android.com/sdk/index.html#Other
|
|||
2. You must have permission to Android devices. Some Android devices requires
|
||||
on-screen authentication.
|
||||
|
||||
|
||||
Supported interfaces:
|
||||
|
||||
=over 4
|
||||
|
||||
=item 1. Logcat Main (binary [<=Jelly Bean] or text)
|
||||
|
||||
=item 2. Logcat System (binary [<=Jelly Bean] or text)
|
||||
|
||||
=item 3. Logcat Events (binary [<=Jelly Bean] or text)
|
||||
|
||||
=item 4. Logcat Radio (binary [<=Jelly Bean] or text)
|
||||
|
||||
=item 5. Logcat Crash (text; from Lollipop)
|
||||
|
||||
=item 6. Bluetooth Hcidump [<=Jelly Bean]
|
||||
|
||||
=item 7. Bluetooth Bluedroid External Parser [Kitkat]
|
||||
|
||||
=item 8. Bluetooth BtsnoopNet [>=Lollipop]
|
||||
|
||||
=item 9. WiFi tcpdump [need tcpdump on phone]
|
||||
|
||||
=back
|
||||
1. Logcat Main (binary [++<=++Jelly Bean] or text)
|
||||
2. Logcat System (binary [++<=++Jelly Bean] or text)
|
||||
3. Logcat Events (binary [++<=++Jelly Bean] or text)
|
||||
4. Logcat Radio (binary [++<=++Jelly Bean] or text)
|
||||
5. Logcat Crash (text; from Lollipop)
|
||||
6. Bluetooth Hcidump [++<=++Jelly Bean]
|
||||
7. Bluetooth Bluedroid External Parser [Kitkat]
|
||||
8. Bluetooth BtsnoopNet [>=Lollipop]
|
||||
9. WiFi tcpdump [need tcpdump on phone]
|
||||
|
||||
Please note that it will work also for FirefoxOS or other Android-based stuffs.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-version
|
||||
|
||||
--extcap-version::
|
||||
+
|
||||
--
|
||||
Print extcapized version.
|
||||
--
|
||||
|
||||
=item --debug
|
||||
|
||||
--debug::
|
||||
+
|
||||
--
|
||||
Print additional messages.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --adb-server-ip=E<lt>IP addressE<gt>
|
||||
|
||||
--adb-server-ip=<IP address>::
|
||||
+
|
||||
--
|
||||
Use other then default (127.0.0.1) ADB daemon's IP address.
|
||||
--
|
||||
|
||||
=item --adb-server-tcp-port=E<lt>TCP portE<gt>
|
||||
|
||||
--adb-server-tcp-port=<TCP port>::
|
||||
+
|
||||
--
|
||||
Use other then default (5037) ADB daemon's TCP port.
|
||||
--
|
||||
|
||||
=item --logcat-text=E<lt>TRUE or FALSEE<gt>
|
||||
|
||||
--logcat-text=<TRUE or FALSE>::
|
||||
+
|
||||
--
|
||||
If TRUE then use text logcat rather then binary. This option has effect only on
|
||||
Logcat interfaces. This have no effect from Lollipop where is no binary Logcat
|
||||
available.
|
||||
|
||||
Defaults to FALSE.
|
||||
--
|
||||
|
||||
=item --bt-server-tcp-port=E<lt>TCP portE<gt>
|
||||
|
||||
--bt-server-tcp-port=<TCP port>::
|
||||
+
|
||||
--
|
||||
Use other then default Bluetooth server TCP port on Android side.
|
||||
On Lollipop defaults is 8872, earlier 4330.
|
||||
--
|
||||
|
||||
=item --bt-forward-socket=E<lt>TRUE or FALSEE<gt>
|
||||
|
||||
--bt-forward-socket=<TRUE or FALSE>::
|
||||
+
|
||||
--
|
||||
If TRUE then socket from Android side is forwarded to host side.
|
||||
|
||||
Defaults to FALSE.
|
||||
--
|
||||
|
||||
=item --bt-local-ip=E<lt>IP addressE<gt>
|
||||
|
||||
--bt-local-ip=<IP address>::
|
||||
+
|
||||
--
|
||||
Use other then default (127.0.0.1) IP address on host side for forwarded socket.
|
||||
--
|
||||
|
||||
=item --bt-local-tcp-port=E<lt>TCP portE<gt>
|
||||
|
||||
--bt-local-tcp-port=<TCP port>::
|
||||
+
|
||||
--
|
||||
Specify port to be used on host side for forwarded socket.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -220,7 +243,6 @@ To see interface DLTs:
|
|||
Example output:
|
||||
dlt {number=99}{name=BluetoothH4}{display=Bluetooth HCI UART transport layer plus pseudo-header}
|
||||
|
||||
|
||||
To see interface configuration options:
|
||||
|
||||
androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --extcap-config
|
||||
|
@ -229,32 +251,30 @@ To see interface configuration options:
|
|||
arg {number=0}{call=--adb-server-ip}{display=ADB Server IP Address}{type=string}{default=127.0.0.1}
|
||||
arg {number=1}{call=--adb-server-tcp-port}{display=ADB Server TCP Port}{type=integer}{range=0,65535}{default=5037}
|
||||
|
||||
|
||||
To capture:
|
||||
|
||||
androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --fifo=/tmp/bluetooth.pcapng --capture
|
||||
|
||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<Androiddump> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Androiddump* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Michal Labedzki <michal.labedzki[AT]tieto.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Michal Labedzki <michal.labedzki[AT]tieto.com>
|
||||
|
||||
|
||||
Contributors
|
||||
------------
|
||||
Roland Knall <rknall[AT]gmail.com>
|
||||
.Contributors
|
||||
[%hardbreaks]
|
||||
Roland Knall <rknall[AT]gmail.com>
|
||||
|
|
114
doc/asn2deb.adoc
114
doc/asn2deb.adoc
|
@ -1,82 +1,94 @@
|
|||
=begin man
|
||||
= asn2deb(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
asn2deb - Create a Debian package for BER monitoring from ASN.1
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<asn2deb>
|
||||
S<[ B<-a> E<lt>ASN.1 fileE<gt> ]>
|
||||
S<[ B<--asn>=E<lt>ASN.1 fileE<gt> ]>
|
||||
S<[ B<-d> E<lt>optsE<gt> ]>
|
||||
S<[ B<--dbopts>=E<lt>optsE<gt> ]>
|
||||
S<[ B<-e> E<lt>addressE<gt> ]>
|
||||
S<[ B<--email>=E<lt>addressE<gt> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<-n> E<lt>nameE<gt> ]>
|
||||
S<[ B<--name>=E<lt>nameE<gt> ]>
|
||||
S<[ B<-p> ]>
|
||||
S<[ B<--preserve> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<--version> ]>
|
||||
[manarg]
|
||||
*asn2deb*
|
||||
[ *-a* <ASN.1 file> ]
|
||||
[ *--asn*=<ASN.1 file> ]
|
||||
[ *-d* <opts> ]
|
||||
[ *--dbopts*=<opts> ]
|
||||
[ *-e* <address> ]
|
||||
[ *--email*=<address> ]
|
||||
[ *-h* ]
|
||||
[ *--help* ]
|
||||
[ *-n* <name> ]
|
||||
[ *--name*=<name> ]
|
||||
[ *-p* ]
|
||||
[ *--preserve* ]
|
||||
[ *-v* ]
|
||||
[ *--version* ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
This manual page documents briefly the B<asn2deb> command. B<asn2deb>
|
||||
This manual page documents briefly the *asn2deb* command. *asn2deb*
|
||||
takes an ASN.1 file as input and creates a Debian package from it. The package
|
||||
contains a loadable type table file for the Wireshark network analyser.
|
||||
The type table is generated by the ASN.1 compiler B<snacc>.
|
||||
The type table is generated by the ASN.1 compiler *snacc*.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -a E<lt>ASN.1 fileE<gt> --asn=E<lt>ASN.1 fileE<gt>
|
||||
== OPTIONS
|
||||
|
||||
-a <ASN.1 file> --asn=<ASN.1 file>::
|
||||
+
|
||||
--
|
||||
ASN.1 file to use (mandatory).
|
||||
--
|
||||
|
||||
=item -d E<lt>optsE<gt> --dbopts=E<lt>optsE<gt>
|
||||
|
||||
-d <opts> --dbopts=<opts>::
|
||||
+
|
||||
--
|
||||
options for dpkg-buildpackage.
|
||||
--
|
||||
|
||||
=item -e E<lt>addressE<gt> --email=E<lt>addressE<gt>
|
||||
|
||||
-e <address> --email=<address>::
|
||||
+
|
||||
--
|
||||
use e-mail address.
|
||||
--
|
||||
|
||||
=item -h --help
|
||||
|
||||
-h --help::
|
||||
+
|
||||
--
|
||||
print help and exit.
|
||||
--
|
||||
|
||||
=item -n E<lt>nameE<gt> --name=E<lt>nameE<gt>
|
||||
|
||||
-n <name> --name=<name>::
|
||||
+
|
||||
--
|
||||
use user name.
|
||||
--
|
||||
|
||||
=item -p --preserve
|
||||
|
||||
-p --preserve::
|
||||
+
|
||||
--
|
||||
do not overwrite files.
|
||||
--
|
||||
|
||||
=item -v --version
|
||||
|
||||
-v --version::
|
||||
+
|
||||
--
|
||||
print version and exit.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
/usr/bin/asn2deb -e me@foo.net -a bar.asn1 \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
A lot of tools are used, which you have to B<apt-get install>: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev,
|
||||
A lot of tools are used, which you have to *apt-get install*: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev,
|
||||
snacc.
|
||||
|
||||
=head1 COPYING
|
||||
== COPYING
|
||||
|
||||
This manual page was written by W. Borgert debacle@debian.org
|
||||
for Debian GNU/Linux (but may be used by others). Permission is granted
|
||||
|
@ -84,10 +96,10 @@ to copy, distribute and/or modify this document under the terms of the
|
|||
GNU General Public License, Version 2 or any later version published by
|
||||
the Free Software Foundation.
|
||||
|
||||
=head1 AUTHOR
|
||||
== AUTHOR
|
||||
|
||||
B<W. Borgert> Author.
|
||||
*W. Borgert* Author.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
== COPYRIGHT
|
||||
|
||||
Copyright (C) 2003, 2005 W. Borger
|
||||
|
|
|
@ -1,60 +1,62 @@
|
|||
=begin man
|
||||
= capinfos(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
capinfos - Prints information about capture files
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<capinfos>
|
||||
S<[ B<-a> ]>
|
||||
S<[ B<-A> ]>
|
||||
S<[ B<-b> ]>
|
||||
S<[ B<-B> ]>
|
||||
S<[ B<-c> ]>
|
||||
S<[ B<-C> ]>
|
||||
S<[ B<-d> ]>
|
||||
S<[ B<-D> ]>
|
||||
S<[ B<-e> ]>
|
||||
S<[ B<-E> ]>
|
||||
S<[ B<-F> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<-H> ]>
|
||||
S<[ B<-i> ]>
|
||||
S<[ B<-I> ]>
|
||||
S<[ B<-k> ]>
|
||||
S<[ B<-K> ]>
|
||||
S<[ B<-l> ]>
|
||||
S<[ B<-L> ]>
|
||||
S<[ B<-m> ]>
|
||||
S<[ B<-M> ]>
|
||||
S<[ B<-n> ]>
|
||||
S<[ B<-N> ]>
|
||||
S<[ B<-o> ]>
|
||||
S<[ B<-q> ]>
|
||||
S<[ B<-Q> ]>
|
||||
S<[ B<-r> ]>
|
||||
S<[ B<-R> ]>
|
||||
S<[ B<-s> ]>
|
||||
S<[ B<-S> ]>
|
||||
S<[ B<-t> ]>
|
||||
S<[ B<-T> ]>
|
||||
S<[ B<-u> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<-x> ]>
|
||||
S<[ B<-y> ]>
|
||||
S<[ B<-z> ]>
|
||||
E<lt>I<infile>E<gt>
|
||||
I<...>
|
||||
[manarg]
|
||||
*capinfos*
|
||||
[ *-a* ]
|
||||
[ *-A* ]
|
||||
[ *-b* ]
|
||||
[ *-B* ]
|
||||
[ *-c* ]
|
||||
[ *-C* ]
|
||||
[ *-d* ]
|
||||
[ *-D* ]
|
||||
[ *-e* ]
|
||||
[ *-E* ]
|
||||
[ *-F* ]
|
||||
[ *-h* ]
|
||||
[ *-H* ]
|
||||
[ *-i* ]
|
||||
[ *-I* ]
|
||||
[ *-k* ]
|
||||
[ *-K* ]
|
||||
[ *-l* ]
|
||||
[ *-L* ]
|
||||
[ *-m* ]
|
||||
[ *-M* ]
|
||||
[ *-n* ]
|
||||
[ *-N* ]
|
||||
[ *-o* ]
|
||||
[ *-q* ]
|
||||
[ *-Q* ]
|
||||
[ *-r* ]
|
||||
[ *-R* ]
|
||||
[ *-s* ]
|
||||
[ *-S* ]
|
||||
[ *-t* ]
|
||||
[ *-T* ]
|
||||
[ *-u* ]
|
||||
[ *-v* ]
|
||||
[ *-x* ]
|
||||
[ *-y* ]
|
||||
[ *-z* ]
|
||||
<__infile__>
|
||||
__...__
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Capinfos> is a program that reads one or more capture files and
|
||||
returns some or all available statistics (infos) of each E<lt>I<infile>E<gt>
|
||||
*Capinfos* is a program that reads one or more capture files and
|
||||
returns some or all available statistics (infos) of each <__infile__>
|
||||
in one of two types of output formats: long or table.
|
||||
|
||||
The long output is suitable for a human to read. The table output
|
||||
|
@ -64,41 +66,44 @@ a spreadsheet or database.
|
|||
The user specifies what type of output (long or table) and which
|
||||
statistics to display by specifying flags (options) that corresponding
|
||||
to the report type and desired infos. If no options are specified,
|
||||
B<Capinfos> will report all statistics available in "long" format.
|
||||
*Capinfos* will report all statistics available in "long" format.
|
||||
|
||||
Options are processed from left to right order with later options
|
||||
superseding or adding to earlier options.
|
||||
|
||||
B<Capinfos> is able to detect and read the same capture files that are
|
||||
supported by B<Wireshark>.
|
||||
*Capinfos* is able to detect and read the same capture files that are
|
||||
supported by *Wireshark*.
|
||||
The input files don't need a specific filename extension; the file
|
||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
||||
is a detailed description of the way B<Wireshark> handles this, which is
|
||||
the same way B<Capinfos> handles this.
|
||||
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||
is a detailed description of the way *Wireshark* handles this, which is
|
||||
the same way *Capinfos* handles this.
|
||||
|
||||
=head1 OPTIONS
|
||||
== OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -a
|
||||
|
||||
Displays the start time of the capture. B<Capinfos> considers
|
||||
-a::
|
||||
+
|
||||
--
|
||||
Displays the start time of the capture. *Capinfos* considers
|
||||
the earliest timestamp seen to be the start time, so the
|
||||
first packet in the capture is not necessarily the earliest -
|
||||
if packets exist "out-of-order", time-wise, in the capture,
|
||||
B<Capinfos> detects this.
|
||||
|
||||
=item -A
|
||||
*Capinfos* detects this.
|
||||
--
|
||||
|
||||
-A::
|
||||
+
|
||||
--
|
||||
Generate all infos. By default capinfos will display
|
||||
all infos values for each input file, but enabling
|
||||
any of the individual display infos options will
|
||||
disable the generate all option.
|
||||
--
|
||||
|
||||
=item -b
|
||||
|
||||
-b::
|
||||
+
|
||||
--
|
||||
Separate infos with ASCII SPACE (0x20) characters.
|
||||
This option is only useful when generating a table
|
||||
style report (-T). The various info values will be
|
||||
|
@ -109,22 +114,28 @@ NOTE: Since some of the header labels as well as some
|
|||
of the value fields contain SPACE characters. This
|
||||
option is of limited value unless one of the quoting
|
||||
options (-q or -Q) is also specified.
|
||||
--
|
||||
|
||||
=item -B
|
||||
|
||||
-B::
|
||||
+
|
||||
--
|
||||
Separate the infos with ASCII TAB characters.
|
||||
This option is only useful when generating a table
|
||||
style report (-T). The various info values will be
|
||||
separated (delimited) from one another with a single
|
||||
ASCII TAB character. The TAB character is the default
|
||||
delimiter when -T style report is enabled.
|
||||
--
|
||||
|
||||
=item -c
|
||||
|
||||
-c::
|
||||
+
|
||||
--
|
||||
Displays the number of packets in the capture file.
|
||||
--
|
||||
|
||||
=item -C
|
||||
|
||||
-C::
|
||||
+
|
||||
--
|
||||
Cancel processing any additional files if and
|
||||
when capinfos fails to open an input file
|
||||
or gets an error reading an input file.
|
||||
|
@ -137,117 +148,155 @@ an error reading from a file regardless whether
|
|||
the -C option is specified or not.
|
||||
Upon exit, capinfos will return an error status
|
||||
if any errors occurred during processing.
|
||||
--
|
||||
|
||||
=item -d
|
||||
|
||||
-d::
|
||||
+
|
||||
--
|
||||
Displays the total length of all packets in the file, in
|
||||
bytes. This counts the size of the packets as they appeared
|
||||
in their original form, not as they appear in this file.
|
||||
For example, if a packet was originally 1514 bytes and only
|
||||
256 of those bytes were saved to the capture file (if packets
|
||||
were captured with a snaplen or other slicing option),
|
||||
B<Capinfos> will consider the packet to have been 1514 bytes.
|
||||
|
||||
=item -D
|
||||
*Capinfos* will consider the packet to have been 1514 bytes.
|
||||
--
|
||||
|
||||
-D::
|
||||
+
|
||||
--
|
||||
Displays a count of the number of decryption secrets in the file.
|
||||
--
|
||||
|
||||
=item -e
|
||||
|
||||
Displays the end time of the capture. B<Capinfos> considers
|
||||
-e::
|
||||
+
|
||||
--
|
||||
Displays the end time of the capture. *Capinfos* considers
|
||||
the latest timestamp seen to be the end time, so the
|
||||
last packet in the capture is not necessarily the latest -
|
||||
if packets exist "out-of-order", time-wise, in the capture,
|
||||
B<Capinfos> detects this.
|
||||
|
||||
=item -E
|
||||
*Capinfos* detects this.
|
||||
--
|
||||
|
||||
-E::
|
||||
+
|
||||
--
|
||||
Displays the per-file encapsulation of the capture file.
|
||||
--
|
||||
|
||||
=item -F
|
||||
|
||||
-F::
|
||||
+
|
||||
--
|
||||
Displays additional capture file information.
|
||||
--
|
||||
|
||||
=item -h
|
||||
|
||||
-h::
|
||||
+
|
||||
--
|
||||
Prints the help listing and exits.
|
||||
--
|
||||
|
||||
=item -H
|
||||
|
||||
-H::
|
||||
+
|
||||
--
|
||||
Displays the SHA256, RIPEMD160, and SHA1 hashes for the file.
|
||||
SHA1 output may be removed in the future.
|
||||
--
|
||||
|
||||
=item -i
|
||||
|
||||
-i::
|
||||
+
|
||||
--
|
||||
Displays the average data rate, in bits/sec
|
||||
--
|
||||
|
||||
=item -I
|
||||
|
||||
-I::
|
||||
+
|
||||
--
|
||||
Displays detailed capture file interface information. This information
|
||||
is not available in table format.
|
||||
--
|
||||
|
||||
=item -k
|
||||
|
||||
-k::
|
||||
+
|
||||
--
|
||||
Displays the capture comment. For pcapng files, this is the comment from the
|
||||
section header block.
|
||||
--
|
||||
|
||||
=item -K
|
||||
|
||||
-K::
|
||||
+
|
||||
--
|
||||
Use this option to suppress printing capture comments. By default capture
|
||||
comments are enabled. Capture comments are relatively freeform and might
|
||||
contain embedded new-line characters and/or other delimiting characters
|
||||
making it harder for a human or machine to easily parse the capinfos output.
|
||||
Excluding capture comments can aid in post-processing of output.
|
||||
--
|
||||
|
||||
=item -l
|
||||
|
||||
-l::
|
||||
+
|
||||
--
|
||||
Display the snaplen (if any) for a file.
|
||||
snaplen (if available) is determined from the capture file header
|
||||
and by looking for truncated records in the capture file.
|
||||
--
|
||||
|
||||
=item -L
|
||||
|
||||
-L::
|
||||
+
|
||||
--
|
||||
Generate long report. Capinfos can generate two
|
||||
different styles of reports. The "long" report is
|
||||
the default style of output and is suitable for a
|
||||
human to use.
|
||||
--
|
||||
|
||||
=item -m
|
||||
|
||||
-m::
|
||||
+
|
||||
--
|
||||
Separate the infos with comma (,) characters. This option
|
||||
is only useful when generating a table style report (-T).
|
||||
The various info values will be separated (delimited)
|
||||
from one another with a single comma "," character.
|
||||
--
|
||||
|
||||
=item -M
|
||||
|
||||
-M::
|
||||
+
|
||||
--
|
||||
Print raw (machine readable) values in long reports.
|
||||
By default capinfos prints numeric values with human-readable SI
|
||||
suffixes, and shows human-readable file type and encapsulation.
|
||||
Table reports (-T) always print raw values.
|
||||
--
|
||||
|
||||
=item -n
|
||||
|
||||
-n::
|
||||
+
|
||||
--
|
||||
Displays a count of the number of resolved IPv4 addresses and a count of
|
||||
the number of resolved IPv6 addresses in the file.
|
||||
--
|
||||
|
||||
=item -N
|
||||
|
||||
-N::
|
||||
+
|
||||
--
|
||||
Do not quote the infos. This option is only useful
|
||||
when generating a table style report (-T). Excluding
|
||||
any quoting characters around the various values and
|
||||
using a TAB delimiter produces a very "clean" table
|
||||
report that is easily parsed with CLI tools. By
|
||||
default infos are B<NOT> quoted.
|
||||
|
||||
=item -o
|
||||
default infos are *NOT* quoted.
|
||||
--
|
||||
|
||||
-o::
|
||||
+
|
||||
--
|
||||
Displays "True" if packets exist in strict chronological order
|
||||
or "False" if one or more packets in the capture exists
|
||||
"out-of-order" time-wise.
|
||||
--
|
||||
|
||||
=item -q
|
||||
|
||||
-q::
|
||||
+
|
||||
--
|
||||
Quote infos with single quotes ('). This option is
|
||||
only useful when generating a table style report (-T).
|
||||
When this option is enabled, each value will be
|
||||
|
@ -255,9 +304,11 @@ encapsulated within a pair of single quote (')
|
|||
characters. This option (when used with the -m
|
||||
option) is useful for generating one type of CSV
|
||||
style file report.
|
||||
--
|
||||
|
||||
=item -Q
|
||||
|
||||
-Q::
|
||||
+
|
||||
--
|
||||
Quote infos with double quotes ("). This option is
|
||||
only useful when generating a table style report (-T).
|
||||
When this option is enabled, each value will be
|
||||
|
@ -265,69 +316,90 @@ encapsulated within a pair of double quote (")
|
|||
characters. This option (when used with the -m
|
||||
option) is useful for generating the most common
|
||||
type of CSV style file report.
|
||||
--
|
||||
|
||||
=item -r
|
||||
|
||||
-r::
|
||||
+
|
||||
--
|
||||
Do not generate header record. This option is only
|
||||
useful when generating a table style report (-T).
|
||||
If this option is specified then B<no> header record will be
|
||||
If this option is specified then *no* header record will be
|
||||
generated within the table report.
|
||||
--
|
||||
|
||||
=item -R
|
||||
|
||||
-R::
|
||||
+
|
||||
--
|
||||
Generate header record. This option is only useful
|
||||
when generating a table style report (-T). A header
|
||||
is generated by default. A header record (if generated)
|
||||
is the first line of data reported and includes labels
|
||||
for all the columns included within the table report.
|
||||
--
|
||||
|
||||
=item -s
|
||||
|
||||
-s::
|
||||
+
|
||||
--
|
||||
Displays the size of the file, in bytes. This reports
|
||||
the size of the capture file itself.
|
||||
--
|
||||
|
||||
=item -S
|
||||
|
||||
-S::
|
||||
+
|
||||
--
|
||||
Display the start and end times as seconds since January
|
||||
1, 1970. Handy for synchronizing dumps using B<editcap -t>.
|
||||
|
||||
=item -t
|
||||
1, 1970. Handy for synchronizing dumps using *editcap -t*.
|
||||
--
|
||||
|
||||
-t::
|
||||
+
|
||||
--
|
||||
Displays the capture type of the capture file.
|
||||
--
|
||||
|
||||
=item -T
|
||||
|
||||
-T::
|
||||
+
|
||||
--
|
||||
Generate a table report. A table report is a text file
|
||||
that is suitable for importing into a spreadsheet or
|
||||
database. Capinfos can build a tab delimited text file
|
||||
(the default) or several variations on Comma-separated
|
||||
values (CSV) files.
|
||||
--
|
||||
|
||||
=item -u
|
||||
|
||||
-u::
|
||||
+
|
||||
--
|
||||
Displays the capture duration, in seconds. This is the
|
||||
difference in time between the earliest packet seen and
|
||||
latest packet seen.
|
||||
--
|
||||
|
||||
=item -v
|
||||
|
||||
-v::
|
||||
+
|
||||
--
|
||||
Displays the tool's version and exits.
|
||||
--
|
||||
|
||||
=item -x
|
||||
|
||||
-x::
|
||||
+
|
||||
--
|
||||
Displays the average packet rate, in packets/sec
|
||||
--
|
||||
|
||||
=item -y
|
||||
|
||||
-y::
|
||||
+
|
||||
--
|
||||
Displays the average data rate, in bytes/sec
|
||||
--
|
||||
|
||||
=item -z
|
||||
|
||||
-z::
|
||||
+
|
||||
--
|
||||
Displays the average packet size, in bytes
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see a description of the capinfos options use:
|
||||
|
||||
|
@ -352,7 +424,6 @@ or
|
|||
|
||||
capinfos -TmQ mycapture.pcap
|
||||
|
||||
|
||||
To generate a TAB delimited table style report with just the
|
||||
filenames, capture type, capture encapsulation type and packet
|
||||
count for all the pcap files in the current directory use:
|
||||
|
@ -375,27 +446,26 @@ a text file called mycaptures.csv use:
|
|||
The resulting mycaptures.csv file can be easily imported
|
||||
into spreadsheet applications.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
|
||||
dumpcap(1), captype(1), pcap-filter(7) or tcpdump(8)
|
||||
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:mergecap.html[mergecap](1), xref:editcap.html[editcap](1), xref:tshark.html[tshark](1),
|
||||
xref:dumpcap.html[dumpcap](1), xref:captype.html[captype](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<Capinfos> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Capinfos* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Ian Schorr <ian[AT]ianschorr.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Ian Schorr <ian[AT]ianschorr.com>
|
||||
|
||||
|
||||
Contributors
|
||||
------------
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
Jim Young <jyoung[AT]gsu.edu>
|
||||
.Contributors
|
||||
[%hardbreaks]
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
Jim Young <jyoung[AT]gsu.edu>
|
||||
|
|
|
@ -1,54 +1,55 @@
|
|||
=begin man
|
||||
= captype(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
captype - Prints the types of capture files
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<captype>
|
||||
E<lt>I<infile>E<gt>
|
||||
I<...>
|
||||
[manarg]
|
||||
*captype*
|
||||
<__infile__>
|
||||
__...__
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Captype> is a program that opens one or more capture files and
|
||||
prints the capture file type of each E<lt>I<infile>E<gt>.
|
||||
*Captype* is a program that opens one or more capture files and
|
||||
prints the capture file type of each <__infile__>.
|
||||
|
||||
B<Captype> is able to detect and read the same capture files that are
|
||||
supported by B<Wireshark>.
|
||||
*Captype* is able to detect and read the same capture files that are
|
||||
supported by *Wireshark*.
|
||||
The input files don't need a specific filename extension; the file
|
||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
||||
is a detailed description of the way B<Wireshark> handles this, which is
|
||||
the same way B<Captype> handles this.
|
||||
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||
is a detailed description of the way *Wireshark* handles this, which is
|
||||
the same way *Captype* handles this.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
|
||||
dumpcap(1), capinfos(1), pcap-filter(7) or tcpdump(8)
|
||||
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:mergecap.html[mergecap](1), xref:editcap.html[editcap](1), xref:tshark.html[tshark](1),
|
||||
xref:dumpcap.html[dumpcap](1), xref:capinfos.html[capinfos](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<Captype> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Captype* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Ian Schorr <ian[AT]ianschorr.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Ian Schorr <ian[AT]ianschorr.com>
|
||||
|
||||
|
||||
Contributors
|
||||
------------
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
Jim Young <jyoung[AT]gsu.edu>
|
||||
.Contributors
|
||||
[%hardbreaks]
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
Jim Young <jyoung[AT]gsu.edu>
|
||||
|
|
|
@ -1,125 +1,149 @@
|
|||
=begin man
|
||||
= ciscodump(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
ciscodump - Provide interfaces to capture from a remote Cisco router through SSH.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<ciscodump>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
|
||||
S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
|
||||
S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
|
||||
S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
|
||||
S<[ B<--remote-filter>=E<lt>filterE<gt> ]>
|
||||
S<[ B<--sshkey>=E<lt>public key pathE<gt> ]>
|
||||
S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
|
||||
[manarg]
|
||||
*ciscodump*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--extcap-capture-filter*=<capture filter> ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--remote-host*=<IP address> ]
|
||||
[ *--remote-port*=<TCP port> ]
|
||||
[ *--remote-username*=<username> ]
|
||||
[ *--remote-password*=<password> ]
|
||||
[ *--remote-filter*=<filter> ]
|
||||
[ *--sshkey*=<public key path> ]
|
||||
[ *--remote-interface*=<interface> ]
|
||||
|
||||
[manarg]
|
||||
*ciscodump*
|
||||
*--extcap-interfaces*
|
||||
|
||||
B<ciscodump>
|
||||
S<B<--extcap-interfaces>>
|
||||
[manarg]
|
||||
*ciscodump*
|
||||
*--extcap-interface*=<interface>
|
||||
*--extcap-dlts*
|
||||
|
||||
B<ciscodump>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--extcap-dlts>>
|
||||
[manarg]
|
||||
*ciscodump*
|
||||
*--extcap-interface*=<interface>
|
||||
*--extcap-config*
|
||||
|
||||
B<ciscodump>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--extcap-config>>
|
||||
[manarg]
|
||||
*ciscodump*
|
||||
*--extcap-interface*=<interface>
|
||||
*--fifo*=<path to file or pipe>
|
||||
*--capture*
|
||||
*--remote-host=remoterouter*
|
||||
*--remote-port=22*
|
||||
*--remote-username=user*
|
||||
*--remote-interface*=<the router interface>
|
||||
|
||||
B<ciscodump>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--fifo>=E<lt>path to file or pipeE<gt>>
|
||||
S<B<--capture>>
|
||||
S<B<--remote-host=remoterouter>>
|
||||
S<B<--remote-port=22>>
|
||||
S<B<--remote-username=user>>
|
||||
S<B<--remote-interface>=E<lt>the router interfaceE<gt>>
|
||||
== DESCRIPTION
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
B<Ciscodump> is an extcap tool that relies on Cisco EPC to allow a user to run a remote capture
|
||||
*Ciscodump* is an extcap tool that relies on Cisco EPC to allow a user to run a remote capture
|
||||
on a Cisco router in a SSH connection. The minimum IOS version supporting this feature is 12.4(20)T. More details can be
|
||||
found here:
|
||||
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-embedded-packet-capture/datasheet_c78-502727.html
|
||||
|
||||
Supported interfaces:
|
||||
|
||||
=over 4
|
||||
1. cisco
|
||||
|
||||
=item 1. cisco
|
||||
|
||||
=back
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface and save it in place specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --remote-host=E<lt>remote hostE<gt>
|
||||
|
||||
--remote-host=<remote host>::
|
||||
+
|
||||
--
|
||||
The address of the remote host for capture.
|
||||
--
|
||||
|
||||
=item --remote-port=E<lt>remote portE<gt>
|
||||
|
||||
--remote-port=<remote port>::
|
||||
+
|
||||
--
|
||||
The SSH port of the remote host.
|
||||
--
|
||||
|
||||
=item --remote-username=E<lt>usernameE<gt>
|
||||
|
||||
--remote-username=<username>::
|
||||
+
|
||||
--
|
||||
The username for ssh authentication.
|
||||
--
|
||||
|
||||
=item --remote-password=E<lt>passwordE<gt>
|
||||
|
||||
--remote-password=<password>::
|
||||
+
|
||||
--
|
||||
The password to use (if not ssh-agent and pubkey are used). WARNING: the
|
||||
passwords are stored in plaintext and visible to all users on this system. It is
|
||||
recommended to use keyfiles with a SSH agent.
|
||||
--
|
||||
|
||||
=item --remote-filter=E<lt>filterE<gt>
|
||||
|
||||
--remote-filter=<filter>::
|
||||
+
|
||||
--
|
||||
The remote filter on the router. This is a capture filter that follows the Cisco
|
||||
IOS standards
|
||||
(https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html).
|
||||
|
@ -132,22 +156,27 @@ Examples:
|
|||
permit ip host MYHOST any, permit ip any host MYHOST (capture the traffic for MYHOST)
|
||||
|
||||
deny ip host MYHOST any, deny ip any host MYHOST, permit ip any any (capture all the traffic except MYHOST)
|
||||
--
|
||||
|
||||
=item --sshkey=E<lt>SSH private key pathE<gt>
|
||||
|
||||
--sshkey=<SSH private key path>::
|
||||
+
|
||||
--
|
||||
The path to a private key for authentication.
|
||||
--
|
||||
|
||||
=item --remote-interface=E<lt>remote interfaceE<gt>
|
||||
|
||||
--remote-interface=<remote interface>::
|
||||
+
|
||||
--
|
||||
The remote network interface to capture from.
|
||||
--
|
||||
|
||||
=item --extcap-capture-filter=E<lt>capture filterE<gt>
|
||||
|
||||
--extcap-capture-filter=<capture filter>::
|
||||
+
|
||||
--
|
||||
Unused (compatibility only).
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -200,7 +229,6 @@ To see interface configuration options:
|
|||
arg {number=8}{call=--remote-count}{display=Packets to capture}{type=unsigned}{required=true}
|
||||
{tooltip=The number of remote packets to capture.}
|
||||
|
||||
|
||||
To capture:
|
||||
|
||||
ciscodump --extcap-interface cisco --fifo=/tmp/cisco.pcap --capture --remote-host 192.168.1.10
|
||||
|
@ -209,7 +237,7 @@ To capture:
|
|||
|
||||
NOTE: Packet count is mandatory, hence the capture will start after this number.
|
||||
|
||||
=head1 KNOWN ISSUES
|
||||
== KNOWN ISSUES
|
||||
|
||||
The configuration of the capture on the routers is a multi-step process. If the SSH connection is interrupted during
|
||||
it, the configuration can be in an inconsistent state. That can happen also if the capture is stopped and ciscodump
|
||||
|
@ -222,20 +250,20 @@ buffer, ciscodump waits for the capture to complete and then issues the command
|
|||
specifies a number of packets above the currently captured, the show command is never shown. Not only is the count of
|
||||
the maximum number of captured packets, but it is also the _exact_ number of expected packets.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), sshdump(1)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:sshdump.html[sshdump](1)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<ciscodump> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*ciscodump* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
|
|
|
@ -1,33 +1,33 @@
|
|||
=begin man
|
||||
= dftest(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
dftest - Shows display filter byte-code, for debugging dfilter routines.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<dftest>
|
||||
S<[ E<lt>filterE<gt> ]>
|
||||
[manarg]
|
||||
*dftest*
|
||||
[ <filter> ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<dftest> is a simple tool which compiles a display filter and shows its bytecode.
|
||||
*dftest* is a simple tool which compiles a display filter and shows its bytecode.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item filter
|
||||
== OPTIONS
|
||||
|
||||
filter::
|
||||
+
|
||||
--
|
||||
The display filter expression. If needed it has to be quoted.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
Show how the IP protocol is filtered:
|
||||
|
||||
|
@ -37,6 +37,6 @@ Shows how frame 150 is filtered:
|
|||
|
||||
dftest "frame.number == 150"
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark-filter(4)
|
||||
xref:wireshark-filter.html[wireshark-filter](4)
|
||||
|
|
|
@ -1,100 +1,116 @@
|
|||
=begin man
|
||||
= dpauxmon(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
dpauxmon - Provide interfaces to capture DisplayPort AUX channel data.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<dpauxmon>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--interface_id>=E<lt>Interface ID to captureE<gt> ]>
|
||||
[manarg]
|
||||
*dpauxmon*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--extcap-capture-filter*=<capture filter> ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--interface_id*=<Interface ID to capture> ]
|
||||
|
||||
B<dpauxmon>
|
||||
S<B<--extcap-interfaces>>
|
||||
[manarg]
|
||||
*dpauxmon*
|
||||
*--extcap-interfaces*
|
||||
|
||||
B<dpauxmon>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--extcap-dlts>>
|
||||
[manarg]
|
||||
*dpauxmon*
|
||||
*--extcap-interface*=<interface>
|
||||
*--extcap-dlts*
|
||||
|
||||
B<dpauxmon>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--extcap-config>>
|
||||
[manarg]
|
||||
*dpauxmon*
|
||||
*--extcap-interface*=<interface>
|
||||
*--extcap-config*
|
||||
|
||||
B<dpauxmon>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--fifo>=E<lt>path to file or pipeE<gt>>
|
||||
S<B<--capture>>
|
||||
S<B<--interface_id=interface_id>>
|
||||
[manarg]
|
||||
*dpauxmon*
|
||||
*--extcap-interface*=<interface>
|
||||
*--fifo*=<path to file or pipe>
|
||||
*--capture*
|
||||
*--interface_id=interface_id*
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<dpauxmon> is an extcap tool that can capture DisplayPort AUX channel data
|
||||
*dpauxmon* is an extcap tool that can capture DisplayPort AUX channel data
|
||||
from linux kernel drivers using the generic netlink interface.
|
||||
|
||||
Supported interfaces:
|
||||
|
||||
=over 4
|
||||
1. dpauxmon
|
||||
|
||||
=item 1. dpauxmon
|
||||
|
||||
=back
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface and save it in place specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --interface_idt=E<lt>interface idE<gt>
|
||||
|
||||
--interface_idt=<interface id>::
|
||||
+
|
||||
--
|
||||
The interface for capture.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -134,20 +150,20 @@ To capture:
|
|||
|
||||
dpauxmon --extcap-interface=dpauxmon --fifo=/tmp/dpauxmon.pcap --capture --interface_id 0
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<dpauxmon> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*dpauxmon* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Dirk Eibach <dirk.eibach[AT]gdsys.cc>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Dirk Eibach <dirk.eibach[AT]gdsys.cc>
|
||||
|
|
534
doc/dumpcap.adoc
534
doc/dumpcap.adoc
|
@ -1,149 +1,154 @@
|
|||
=begin man
|
||||
= dumpcap(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
dumpcap - Dump network traffic
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<dumpcap>
|
||||
S<[ B<-a>|B<--autostop> E<lt>capture autostop conditionE<gt> ] ...>
|
||||
S<[ B<-b>|B<--ring-buffer> E<lt>capture ring buffer optionE<gt> ] ...>
|
||||
S<[ B<-B>|B<--buffer-size> E<lt>capture buffer sizeE<gt> ]>
|
||||
S<[ B<-c> E<lt>capture packet countE<gt> ]>
|
||||
S<[ B<-C> E<lt>byte limitE<gt> ]>
|
||||
S<[ B<-d> ]>
|
||||
S<[ B<-D>|B<--list-interfaces> ]>
|
||||
S<[ B<-f> E<lt>capture filterE<gt> ]>
|
||||
S<[ B<-g> ]>
|
||||
S<[ B<-h>|B<--help> ]>
|
||||
S<[ B<-i>|B<--interface> E<lt>capture interfaceE<gt>|rpcap://E<lt>hostE<gt>:E<lt>portE<gt>/E<lt>capture interfaceE<gt>|TCP@E<lt>hostE<gt>:E<lt>portE<gt>|- ]>
|
||||
S<[ B<-I>|B<--monitor-mode> ]>
|
||||
S<[ B<-k> E<lt>freqE<gt>,[E<lt>typeE<gt>],[E<lt>center_freq1E<gt>],[E<lt>center_freq2E<gt>] ]>
|
||||
S<[ B<-L>|B<--list-data-link-types> ]>
|
||||
S<[ B<-M> ]>
|
||||
S<[ B<-n> ]>
|
||||
S<[ B<-N> E<lt>packet limitE<gt> ]>
|
||||
S<[ B<-p>|B<--no-promiscuous-mode> ]>
|
||||
S<[ B<--ifdescr> E<lt>descriptionE<gt> ]>
|
||||
S<[ B<--ifname> E<lt>nameE<gt> ]>
|
||||
S<[ B<-P> ]>
|
||||
S<[ B<-q> ]>
|
||||
S<[ B<-s>|B<--snapshot-length> E<lt>capture snaplenE<gt> ]>
|
||||
S<[ B<-S> ]>
|
||||
S<[ B<-t> ]>
|
||||
S<[ B<-v>|B<--version> ]>
|
||||
S<[ B<-w> E<lt>outfileE<gt> ]>
|
||||
S<[ B<-y>|B<--linktype> E<lt>capture link typeE<gt> ]>
|
||||
S<[ B<--capture-comment> E<lt>commentE<gt> ]>
|
||||
S<[ B<--list-time-stamp-types> ]>
|
||||
S<[ B<--time-stamp-type> E<lt>typeE<gt> ]>
|
||||
[manarg]
|
||||
*dumpcap*
|
||||
[ *-a*|*--autostop* <capture autostop condition> ] ...
|
||||
[ *-b*|*--ring-buffer* <capture ring buffer option> ] ...
|
||||
[ *-B*|*--buffer-size* <capture buffer size> ]
|
||||
[ *-c* <capture packet count> ]
|
||||
[ *-C* <byte limit> ]
|
||||
[ *-d* ]
|
||||
[ *-D*|*--list-interfaces* ]
|
||||
[ *-f* <capture filter> ]
|
||||
[ *-g* ]
|
||||
[ *-h*|*--help* ]
|
||||
[ *-i*|*--interface* <capture interface>|rpcap://<host>:<port>/<capture interface>|TCP@<host>:<port>|- ]
|
||||
[ *-I*|*--monitor-mode* ]
|
||||
[ *-k* <freq>,[<type>],[<center_freq1>],[<center_freq2>] ]
|
||||
[ *-L*|*--list-data-link-types* ]
|
||||
[ *-M* ]
|
||||
[ *-n* ]
|
||||
[ *-N* <packet limit> ]
|
||||
[ *-p*|*--no-promiscuous-mode* ]
|
||||
[ *--ifdescr* <description> ]
|
||||
[ *--ifname* <name> ]
|
||||
[ *-P* ]
|
||||
[ *-q* ]
|
||||
[ *-s*|*--snapshot-length* <capture snaplen> ]
|
||||
[ *-S* ]
|
||||
[ *-t* ]
|
||||
[ *-v*|*--version* ]
|
||||
[ *-w* <outfile> ]
|
||||
[ *-y*|*--linktype* <capture link type> ]
|
||||
[ *--capture-comment* <comment> ]
|
||||
[ *--list-time-stamp-types* ]
|
||||
[ *--time-stamp-type* <type> ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Dumpcap> is a network traffic dump tool. It lets you capture packet
|
||||
data from a live network and write the packets to a file. B<Dumpcap>'s
|
||||
default capture file format is B<pcapng> format.
|
||||
When the B<-P> option is specified, the output file is written in the
|
||||
B<pcap> format.
|
||||
*Dumpcap* is a network traffic dump tool. It lets you capture packet
|
||||
data from a live network and write the packets to a file. *Dumpcap*'s
|
||||
default capture file format is *pcapng* format.
|
||||
When the *-P* option is specified, the output file is written in the
|
||||
*pcap* format.
|
||||
|
||||
Without any options set it will use the libpcap, Npcap, or WinPcap library to
|
||||
capture traffic from the first available network interface and writes
|
||||
the received raw packet data, along with the packets' time stamps into a
|
||||
pcap file.
|
||||
|
||||
If the B<-w> option is not specified, B<Dumpcap> writes to a newly
|
||||
If the *-w* option is not specified, *Dumpcap* writes to a newly
|
||||
created pcap file with a randomly chosen name.
|
||||
If the B<-w> option is specified, B<Dumpcap> writes to the file
|
||||
If the *-w* option is specified, *Dumpcap* writes to the file
|
||||
specified by that option.
|
||||
|
||||
Packet capturing is performed with the pcap library. The capture filter
|
||||
syntax follows the rules of the pcap library.
|
||||
|
||||
=head1 OPTIONS
|
||||
== OPTIONS
|
||||
|
||||
=over 4
|
||||
-a|--autostop <capture autostop condition>::
|
||||
+
|
||||
--
|
||||
Specify a criterion that specifies when *Dumpcap* is to stop writing
|
||||
to a capture file. The criterion is of the form __test:value__,
|
||||
where __test__ is one of:
|
||||
|
||||
=item -a|--autostop E<lt>capture autostop conditionE<gt>
|
||||
|
||||
Specify a criterion that specifies when B<Dumpcap> is to stop writing
|
||||
to a capture file. The criterion is of the form I<test:value>,
|
||||
where I<test> is one of:
|
||||
|
||||
B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
|
||||
*duration*:__value__ Stop writing to a capture file after __value__ seconds have
|
||||
elapsed. Floating point values (e.g. 0.5) are allowed.
|
||||
|
||||
B<files>:I<value> Stop writing to capture files after I<value> number of files
|
||||
*files*:__value__ Stop writing to capture files after __value__ number of files
|
||||
were written.
|
||||
|
||||
B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
|
||||
I<value> kB. If this option is used together with the -b option, dumpcap will
|
||||
*filesize*:__value__ Stop writing to a capture file after it reaches a size of
|
||||
__value__ kB. If this option is used together with the -b option, dumpcap will
|
||||
stop writing to the current capture file and switch to the next one if filesize
|
||||
is reached. Note that the filesize is limited to a maximum value of 2 GiB.
|
||||
|
||||
B<packets>:I<value> Stop writing to a capture file after I<value> packets
|
||||
have been written. Same as B<-c> E<lt>capture packet countE<gt>.
|
||||
*packets*:__value__ Stop writing to a capture file after __value__ packets
|
||||
have been written. Same as *-c* <capture packet count>.
|
||||
--
|
||||
|
||||
=item -b|--ring-buffer E<lt>capture ring buffer optionE<gt>
|
||||
-b|--ring-buffer <capture ring buffer option>::
|
||||
+
|
||||
--
|
||||
Cause *Dumpcap* to run in "multiple files" mode. In "multiple files" mode,
|
||||
*Dumpcap* will write to several capture files. When the first capture file
|
||||
fills up, *Dumpcap* will switch writing to the next file and so on.
|
||||
|
||||
Cause B<Dumpcap> to run in "multiple files" mode. In "multiple files" mode,
|
||||
B<Dumpcap> will write to several capture files. When the first capture file
|
||||
fills up, B<Dumpcap> will switch writing to the next file and so on.
|
||||
|
||||
The created filenames are based on the filename given with the B<-w> option,
|
||||
The created filenames are based on the filename given with the *-w* option,
|
||||
the number of the file and on the creation date and time,
|
||||
e.g. outfile_00001_20210714120117.pcap, outfile_00002_20210714120523.pcap, ...
|
||||
|
||||
With the I<files> option it's also possible to form a "ring buffer".
|
||||
With the __files__ option it's also possible to form a "ring buffer".
|
||||
This will fill up new files until the number of files specified,
|
||||
at which point B<Dumpcap> will discard the data in the first file and start
|
||||
writing to that file and so on. If the I<files> option is not set,
|
||||
at which point *Dumpcap* will discard the data in the first file and start
|
||||
writing to that file and so on. If the __files__ option is not set,
|
||||
new files filled up until one of the capture stop conditions match (or
|
||||
until the disk is full).
|
||||
|
||||
The criterion is of the form I<key:value>,
|
||||
where I<key> is one of:
|
||||
The criterion is of the form __key:value__,
|
||||
where __key__ is one of:
|
||||
|
||||
B<duration>:I<value> switch to the next file after I<value> seconds have
|
||||
*duration*:__value__ switch to the next file after __value__ seconds have
|
||||
elapsed, even if the current file is not completely filled up. Floating
|
||||
point values (e.g. 0.5) are allowed.
|
||||
|
||||
B<files>:I<value> begin again with the first file after I<value> number of
|
||||
*files*:__value__ begin again with the first file after __value__ number of
|
||||
files were written (form a ring buffer). This value must be less than 100000.
|
||||
Caution should be used when using large numbers of files: some filesystems do
|
||||
not handle many files in a single directory well. The B<files> criterion
|
||||
requires either B<duration>, B<interval> or B<filesize> to be specified to
|
||||
control when to go to the next file. It should be noted that each B<-b>
|
||||
not handle many files in a single directory well. The *files* criterion
|
||||
requires either *duration*, *interval* or *filesize* to be specified to
|
||||
control when to go to the next file. It should be noted that each *-b*
|
||||
parameter takes exactly one criterion; to specify two criterion, each must be
|
||||
preceded by the B<-b> option.
|
||||
preceded by the *-b* option.
|
||||
|
||||
B<filesize>:I<value> switch to the next file after it reaches a size of
|
||||
I<value> kB. Note that the filesize is limited to a maximum value of 2 GiB.
|
||||
*filesize*:__value__ switch to the next file after it reaches a size of
|
||||
__value__ kB. Note that the filesize is limited to a maximum value of 2 GiB.
|
||||
|
||||
B<interval>:I<value> switch to the next file when the time is an exact
|
||||
multiple of I<value> seconds. For example, use 3600 to switch to a new file
|
||||
*interval*:__value__ switch to the next file when the time is an exact
|
||||
multiple of __value__ seconds. For example, use 3600 to switch to a new file
|
||||
every hour on the hour.
|
||||
|
||||
B<packets>:I<value> switch to the next file after it contains I<value>
|
||||
*packets*:__value__ switch to the next file after it contains __value__
|
||||
packets.
|
||||
|
||||
B<printname>:I<filename> print the name of the most recently written file
|
||||
to I<filename> after the file is closed. I<filename> can be C<stdout> or C<->
|
||||
for standard output, or C<stderr> for standard error.
|
||||
*printname*:__filename__ print the name of the most recently written file
|
||||
to __filename__ after the file is closed. __filename__ can be `stdout` or `-`
|
||||
for standard output, or `stderr` for standard error.
|
||||
|
||||
Example: B<-b filesize:1000 -b files:5> results in a ring buffer of five files
|
||||
Example: *-b filesize:1000 -b files:5* results in a ring buffer of five files
|
||||
of size one megabyte each.
|
||||
--
|
||||
|
||||
=item -B|--buffer-size E<lt>capture buffer sizeE<gt>
|
||||
|
||||
-B|--buffer-size <capture buffer size>::
|
||||
+
|
||||
--
|
||||
Set capture buffer size (in MiB, default is 2 MiB). This is used by
|
||||
the capture driver to buffer packet data until that data can be written
|
||||
to disk. If you encounter packet drops while capturing, try to increase
|
||||
this size. Note that, while B<Dumpcap> attempts to set the buffer size
|
||||
this size. Note that, while *Dumpcap* attempts to set the buffer size
|
||||
to 2 MiB by default, and can be told to set it to a larger value, the
|
||||
system or interface on which you're capturing might silently limit the
|
||||
capture buffer size to a lower value or raise it to a higher value.
|
||||
|
@ -153,115 +158,137 @@ Windows. It is not available on UNIX systems with earlier versions of
|
|||
libpcap.
|
||||
|
||||
This option can occur multiple times. If used before the first
|
||||
occurrence of the B<-i> option, it sets the default capture buffer size.
|
||||
If used after an B<-i> option, it sets the capture buffer size for
|
||||
the interface specified by the last B<-i> option occurring before
|
||||
occurrence of the *-i* option, it sets the default capture buffer size.
|
||||
If used after an *-i* option, it sets the capture buffer size for
|
||||
the interface specified by the last *-i* option occurring before
|
||||
this option. If the capture buffer size is not set specifically,
|
||||
the default capture buffer size is used instead.
|
||||
--
|
||||
|
||||
=item -c E<lt>capture packet countE<gt>
|
||||
|
||||
-c <capture packet count>::
|
||||
+
|
||||
--
|
||||
Set the maximum number of packets to read when capturing live
|
||||
data. Same as B<-a packets:>E<lt>capture packet countE<gt>.
|
||||
|
||||
=item -C E<lt>byte limitE<gt>
|
||||
data. Same as *-a packets:*<capture packet count>.
|
||||
--
|
||||
|
||||
-C <byte limit>::
|
||||
+
|
||||
--
|
||||
Limit the amount of memory in bytes used for storing captured packets
|
||||
in memory while processing it.
|
||||
If used in combination with the B<-N> option, both limits will apply.
|
||||
If used in combination with the *-N* option, both limits will apply.
|
||||
Setting this limit will enable the usage of the separate thread per interface.
|
||||
--
|
||||
|
||||
=item -d
|
||||
|
||||
-d::
|
||||
+
|
||||
--
|
||||
Dump the code generated for the capture filter in a human-readable form,
|
||||
and exit.
|
||||
--
|
||||
|
||||
=item -D|--list-interfaces
|
||||
|
||||
Print a list of the interfaces on which B<Dumpcap> can capture, and
|
||||
-D|--list-interfaces::
|
||||
+
|
||||
--
|
||||
Print a list of the interfaces on which *Dumpcap* can capture, and
|
||||
exit. For each network interface, a number and an
|
||||
interface name, possibly followed by a text description of the
|
||||
interface, is printed. The interface name or the number can be supplied
|
||||
to the B<-i> option to specify an interface on which to capture.
|
||||
to the *-i* option to specify an interface on which to capture.
|
||||
|
||||
This can be useful on systems that don't have a command to list them
|
||||
(UNIX systems lacking B<ifconfig -a> or Linux systems lacking
|
||||
B<ip link show>). The number can be useful on Windows systems, where
|
||||
(UNIX systems lacking *ifconfig -a* or Linux systems lacking
|
||||
*ip link show*). The number can be useful on Windows systems, where
|
||||
the interface name might be a long name or a GUID.
|
||||
|
||||
Note that "can capture" means that B<Dumpcap> was able to open
|
||||
Note that "can capture" means that *Dumpcap* was able to open
|
||||
that device to do a live capture. Depending on your system you may need to
|
||||
run dumpcap from an account with special privileges (for example, as root)
|
||||
to be able to capture network traffic.
|
||||
If "B<dumpcap -D>" is not run from such an account, it will not list
|
||||
If "*dumpcap -D*" is not run from such an account, it will not list
|
||||
any interfaces.
|
||||
--
|
||||
|
||||
=item -f E<lt>capture filterE<gt>
|
||||
|
||||
-f <capture filter>::
|
||||
+
|
||||
--
|
||||
Set the capture filter expression.
|
||||
|
||||
The entire filter expression must be specified as a single argument (which means
|
||||
that if it contains spaces, it must be quoted).
|
||||
|
||||
This option can occur multiple times. If used before the first
|
||||
occurrence of the B<-i> option, it sets the default capture filter expression.
|
||||
If used after an B<-i> option, it sets the capture filter expression for
|
||||
the interface specified by the last B<-i> option occurring before
|
||||
occurrence of the *-i* option, it sets the default capture filter expression.
|
||||
If used after an *-i* option, it sets the capture filter expression for
|
||||
the interface specified by the last *-i* option occurring before
|
||||
this option. If the capture filter expression is not set specifically,
|
||||
the default capture filter expression is used if provided.
|
||||
|
||||
Pre-defined capture filter names, as shown in the GUI menu item Capture->Capture Filters,
|
||||
can be used by prefixing the argument with "predef:".
|
||||
Example: B<-f "predef:MyPredefinedHostOnlyFilter">
|
||||
|
||||
=item -g
|
||||
Example: *-f "predef:MyPredefinedHostOnlyFilter"*
|
||||
--
|
||||
|
||||
-g::
|
||||
+
|
||||
--
|
||||
This option causes the output file(s) to be created with group-read permission
|
||||
(meaning that the output file(s) can be read by other members of the calling
|
||||
user's group).
|
||||
--
|
||||
|
||||
=item -h|--help
|
||||
|
||||
-h|--help::
|
||||
+
|
||||
--
|
||||
Print the version and options and exits.
|
||||
--
|
||||
|
||||
=item -i|--interface E<lt>capture interfaceE<gt>|rpcap://E<lt>hostE<gt>:E<lt>portE<gt>/E<lt>capture interfaceE<gt>|TCP@E<lt>hostE<gt>:E<lt>portE<gt>|-
|
||||
|
||||
-i|--interface <capture interface>|rpcap://<host>:<port>/<capture interface>|TCP@<host>:<port>|-::
|
||||
+
|
||||
--
|
||||
Set the name of the network interface or pipe to use for live packet
|
||||
capture.
|
||||
|
||||
Network interface names should match one of the names listed in
|
||||
"B<dumpcap -D>" (described above); a number, as reported by
|
||||
"B<dumpcap -D>", can also be used. If you're using UNIX, "B<netstat
|
||||
-i>", "B<ifconfig -a>" or "B<ip link>" might also work to list interface names,
|
||||
although not all versions of UNIX support the B<-a> option to B<ifconfig>.
|
||||
"*dumpcap -D*" (described above); a number, as reported by
|
||||
"*dumpcap -D*", can also be used. If you're using UNIX, "*netstat
|
||||
-i*", "*ifconfig -a*" or "*ip link*" might also work to list interface names,
|
||||
although not all versions of UNIX support the *-a* option to *ifconfig*.
|
||||
|
||||
If no interface is specified, B<Dumpcap> searches the list of
|
||||
If no interface is specified, *Dumpcap* searches the list of
|
||||
interfaces, choosing the first non-loopback interface if there are any
|
||||
non-loopback interfaces, and choosing the first loopback interface if
|
||||
there are no non-loopback interfaces. If there are no interfaces at all,
|
||||
B<Dumpcap> reports an error and doesn't start the capture.
|
||||
*Dumpcap* reports an error and doesn't start the capture.
|
||||
|
||||
Pipe names should be either the name of a FIFO (named pipe) or "-" to
|
||||
read data from the standard input. On Windows systems, pipe names must be
|
||||
of the form "\\pipe\.\B<pipename>". Data read from pipes must be in
|
||||
of the form "\\pipe\.\*pipename*". Data read from pipes must be in
|
||||
standard pcapng or pcap format. Pcapng data must have the same
|
||||
endianness as the capturing host.
|
||||
|
||||
This option can occur multiple times. When capturing from multiple
|
||||
interfaces, the capture file will be saved in pcapng format.
|
||||
--
|
||||
|
||||
=item --ifdescr> E<lt>descriptionE<gt>
|
||||
--ifdescr> <description>::
|
||||
+
|
||||
--
|
||||
Use __description__ as the description in the capture file for the
|
||||
interface or pipe specified before it with *-i*.
|
||||
--
|
||||
|
||||
Use I<description> as the description in the capture file for the
|
||||
interface or pipe specified before it with B<-i>.
|
||||
|
||||
=item --ifname> E<lt>nameE<gt>
|
||||
|
||||
Use I<name> as the name in the capture file for the the interface or
|
||||
pipe specified before it with B<-i>.
|
||||
|
||||
=item -I|--monitor-mode
|
||||
--ifname> <name>::
|
||||
+
|
||||
--
|
||||
Use __name__ as the name in the capture file for the the interface or
|
||||
pipe specified before it with *-i*.
|
||||
--
|
||||
|
||||
-I|--monitor-mode::
|
||||
+
|
||||
--
|
||||
Put the interface in "monitor mode"; this is supported only on IEEE
|
||||
802.11 Wi-Fi interfaces, and supported only on some operating systems.
|
||||
|
||||
|
@ -273,99 +300,125 @@ if you are capturing in monitor mode and are not connected to another
|
|||
network with another adapter.
|
||||
|
||||
This option can occur multiple times. If used before the first
|
||||
occurrence of the B<-i> option, it enables the monitor mode for all interfaces.
|
||||
If used after an B<-i> option, it enables the monitor mode for
|
||||
the interface specified by the last B<-i> option occurring before
|
||||
occurrence of the *-i* option, it enables the monitor mode for all interfaces.
|
||||
If used after an *-i* option, it enables the monitor mode for
|
||||
the interface specified by the last *-i* option occurring before
|
||||
this option.
|
||||
--
|
||||
|
||||
=item -k E<lt>freqE<gt>,[E<lt>typeE<gt>],[E<lt>center_freq1E<gt>],[E<lt>center_freq2>E<gt>
|
||||
|
||||
-k <freq>,[<type>],[<center_freq1>],[<center_freq2>>::
|
||||
+
|
||||
--
|
||||
Set the channel on the interface; this is supported only on IEEE
|
||||
802.11 Wi-Fi interfaces, and supported only on some operating systems.
|
||||
|
||||
I<freq> is the frequency of the channel. I<type> is the type of the
|
||||
channel, for 802.11n and 802.11ac. The values for I<type> are
|
||||
|
||||
=over 8
|
||||
|
||||
=item NOHT
|
||||
__freq__ is the frequency of the channel. __type__ is the type of the
|
||||
channel, for 802.11n and 802.11ac. The values for __type__ are
|
||||
--
|
||||
|
||||
NOHT::
|
||||
+
|
||||
--
|
||||
Used for non-802.11n/non-802.1ac channels
|
||||
--
|
||||
|
||||
=item HT20
|
||||
|
||||
HT20::
|
||||
+
|
||||
--
|
||||
20 MHz channel
|
||||
--
|
||||
|
||||
=item HT40-
|
||||
|
||||
HT40-::
|
||||
+
|
||||
--
|
||||
40 MHz primary channel and a lower secondary channel
|
||||
--
|
||||
|
||||
=item HT40+
|
||||
|
||||
HT40+::
|
||||
+
|
||||
--
|
||||
40 MHz primary channel and a higher secondary channel
|
||||
--
|
||||
|
||||
=item HT80
|
||||
HT80::
|
||||
+
|
||||
--
|
||||
80 MHz channel, with __centerfreq1__ as its center frequency
|
||||
--
|
||||
|
||||
80 MHz channel, with I<centerfreq1> as its center frequency
|
||||
|
||||
=item VHT80+80
|
||||
|
||||
two 80 MHz channels combined, with I<centerfreq1> and I<centerfreq2> as
|
||||
VHT80+80::
|
||||
+
|
||||
--
|
||||
two 80 MHz channels combined, with __centerfreq1__ and __centerfreq2__ as
|
||||
the center frequencies of the two channels
|
||||
--
|
||||
|
||||
=item VHT160
|
||||
|
||||
160 MHz channel, with I<centerfreq1> as its center frequency
|
||||
|
||||
=back
|
||||
|
||||
=item -L|--list-data-link-types
|
||||
VHT160::
|
||||
+
|
||||
--
|
||||
160 MHz channel, with __centerfreq1__ as its center frequency
|
||||
--
|
||||
|
||||
-L|--list-data-link-types::
|
||||
+
|
||||
--
|
||||
List the data link types supported by the interface and exit. The reported
|
||||
link types can be used for the B<-y> option.
|
||||
link types can be used for the *-y* option.
|
||||
--
|
||||
|
||||
=item -M
|
||||
|
||||
When used with B<-D>, B<-L>, B<-S> or B<--list-time-stamp-types> print
|
||||
-M::
|
||||
+
|
||||
--
|
||||
When used with *-D*, *-L*, *-S* or *--list-time-stamp-types* print
|
||||
machine-readable output.
|
||||
The machine-readable output is intended to be read by B<Wireshark> and
|
||||
B<TShark>; its format is subject to change from release to release.
|
||||
|
||||
=item -n
|
||||
The machine-readable output is intended to be read by *Wireshark* and
|
||||
*TShark*; its format is subject to change from release to release.
|
||||
--
|
||||
|
||||
-n::
|
||||
+
|
||||
--
|
||||
Save files as pcapng. This is the default.
|
||||
--
|
||||
|
||||
=item -N E<lt>packet limitE<gt>
|
||||
|
||||
-N <packet limit>::
|
||||
+
|
||||
--
|
||||
Limit the number of packets used for storing captured packets
|
||||
in memory while processing it.
|
||||
If used in combination with the B<-C> option, both limits will apply.
|
||||
If used in combination with the *-C* option, both limits will apply.
|
||||
Setting this limit will enable the usage of the separate thread per interface.
|
||||
--
|
||||
|
||||
=item -p|--no-promiscuous-mode
|
||||
|
||||
I<Don't> put the interface into promiscuous mode. Note that the
|
||||
-p|--no-promiscuous-mode::
|
||||
+
|
||||
--
|
||||
__Don't__ put the interface into promiscuous mode. Note that the
|
||||
interface might be in promiscuous mode for some other reason; hence,
|
||||
B<-p> cannot be used to ensure that the only traffic that is captured is
|
||||
traffic sent to or from the machine on which B<Dumpcap> is running,
|
||||
*-p* cannot be used to ensure that the only traffic that is captured is
|
||||
traffic sent to or from the machine on which *Dumpcap* is running,
|
||||
broadcast traffic, and multicast traffic to addresses received by that
|
||||
machine.
|
||||
|
||||
This option can occur multiple times. If used before the first
|
||||
occurrence of the B<-i> option, no interface will be put into the
|
||||
occurrence of the *-i* option, no interface will be put into the
|
||||
promiscuous mode.
|
||||
If used after an B<-i> option, the interface specified by the last B<-i>
|
||||
If used after an *-i* option, the interface specified by the last *-i*
|
||||
option occurring before this option will not be put into the
|
||||
promiscuous mode.
|
||||
--
|
||||
|
||||
=item -P
|
||||
|
||||
-P::
|
||||
+
|
||||
--
|
||||
Save files as pcap instead of the default pcapng. In situations that require
|
||||
pcapng, such as capturing from multiple interfaces, this option will be
|
||||
overridden.
|
||||
--
|
||||
|
||||
=item -q
|
||||
|
||||
-q::
|
||||
+
|
||||
--
|
||||
When capturing packets, don't display the continuous count of packets
|
||||
captured that is normally shown when saving a capture to a file;
|
||||
instead, just display, at the end of the capture, a count of packets
|
||||
|
@ -374,51 +427,65 @@ BSDs, you can cause the current count to be displayed by typing your
|
|||
"status" character (typically control-T, although it
|
||||
might be set to "disabled" by default on at least some BSDs, so you'd
|
||||
have to explicitly set it to use it).
|
||||
--
|
||||
|
||||
=item -s|--snapshot-length E<lt>capture snaplenE<gt>
|
||||
|
||||
-s|--snapshot-length <capture snaplen>::
|
||||
+
|
||||
--
|
||||
Set the default snapshot length to use when capturing live data.
|
||||
No more than I<snaplen> bytes of each network packet will be read into
|
||||
No more than __snaplen__ bytes of each network packet will be read into
|
||||
memory, or saved to disk. A value of 0 specifies a snapshot length of
|
||||
262144, so that the full packet is captured; this is the default.
|
||||
|
||||
This option can occur multiple times. If used before the first
|
||||
occurrence of the B<-i> option, it sets the default snapshot length.
|
||||
If used after an B<-i> option, it sets the snapshot length for
|
||||
the interface specified by the last B<-i> option occurring before
|
||||
occurrence of the *-i* option, it sets the default snapshot length.
|
||||
If used after an *-i* option, it sets the snapshot length for
|
||||
the interface specified by the last *-i* option occurring before
|
||||
this option. If the snapshot length is not set specifically,
|
||||
the default snapshot length is used if provided.
|
||||
--
|
||||
|
||||
=item -S
|
||||
|
||||
-S::
|
||||
+
|
||||
--
|
||||
Print statistics for each interface once every second.
|
||||
--
|
||||
|
||||
=item -t
|
||||
|
||||
-t::
|
||||
+
|
||||
--
|
||||
Use a separate thread per interface.
|
||||
--
|
||||
|
||||
=item -v|--version
|
||||
|
||||
-v|--version::
|
||||
+
|
||||
--
|
||||
Print the version and exit.
|
||||
--
|
||||
|
||||
=item -w E<lt>outfileE<gt>
|
||||
|
||||
Write raw packet data to I<outfile>. Use "-" for stdout.
|
||||
|
||||
=item -y|--linktype E<lt>capture link typeE<gt>
|
||||
-w <outfile>::
|
||||
+
|
||||
--
|
||||
Write raw packet data to __outfile__. Use "-" for stdout.
|
||||
--
|
||||
|
||||
-y|--linktype <capture link type>::
|
||||
+
|
||||
--
|
||||
Set the data link type to use while capturing packets. The values
|
||||
reported by B<-L> are the values that can be used.
|
||||
reported by *-L* are the values that can be used.
|
||||
|
||||
This option can occur multiple times. If used before the first
|
||||
occurrence of the B<-i> option, it sets the default capture link type.
|
||||
If used after an B<-i> option, it sets the capture link type for
|
||||
the interface specified by the last B<-i> option occurring before
|
||||
occurrence of the *-i* option, it sets the default capture link type.
|
||||
If used after an *-i* option, it sets the capture link type for
|
||||
the interface specified by the last *-i* option occurring before
|
||||
this option. If the capture link type is not set specifically,
|
||||
the default capture link type is used if provided.
|
||||
--
|
||||
|
||||
=item --capture-comment E<lt>commentE<gt>
|
||||
|
||||
--capture-comment <comment>::
|
||||
+
|
||||
--
|
||||
Add a capture comment to the output file, if supported by the output
|
||||
file format.
|
||||
|
||||
|
@ -427,38 +494,41 @@ single file.
|
|||
|
||||
This option may be specified multiple times. Note that Wireshark
|
||||
currently only displays the first comment of a capture file.
|
||||
--
|
||||
|
||||
=item --list-time-stamp-types
|
||||
|
||||
--list-time-stamp-types::
|
||||
+
|
||||
--
|
||||
List time stamp types supported for the interface. If no time stamp type can be
|
||||
set, no time stamp types are listed.
|
||||
--
|
||||
|
||||
=item --time-stamp-type E<lt>typeE<gt>
|
||||
|
||||
--time-stamp-type <type>::
|
||||
+
|
||||
--
|
||||
Change the interface's timestamp method.
|
||||
--
|
||||
|
||||
=back
|
||||
== CAPTURE FILTER SYNTAX
|
||||
|
||||
=head1 CAPTURE FILTER SYNTAX
|
||||
See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist, xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8),
|
||||
or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters.
|
||||
|
||||
See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8),
|
||||
or, if that doesn't exist, L<https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters>.
|
||||
== SEE ALSO
|
||||
|
||||
=head1 SEE ALSO
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:mergecap.html[mergecap](1), xref:capinfos.html[capinfos](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3),
|
||||
xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
wireshark(1), tshark(1), editcap(1), mergecap(1), capinfos(1), pcap(3),
|
||||
pcap-filter(7) or tcpdump(8)
|
||||
== NOTES
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
B<Dumpcap> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Dumpcap* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
B<Dumpcap> is derived from the B<Wireshark> capturing engine code;
|
||||
*Dumpcap* is derived from the *Wireshark* capturing engine code;
|
||||
see the list of
|
||||
authors in the B<Wireshark> man page for a list of authors of that code.
|
||||
authors in the *Wireshark* man page for a list of authors of that code.
|
||||
|
|
429
doc/editcap.adoc
429
doc/editcap.adoc
|
@ -1,105 +1,110 @@
|
|||
=begin man
|
||||
= editcap(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
editcap - Edit and/or translate the format of capture files
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<editcap>
|
||||
S<[ B<-a> E<lt>frame:commentE<gt> ]>
|
||||
S<[ B<-A> E<lt>start timeE<gt> ]>
|
||||
S<[ B<-B> E<lt>stop timeE<gt> ]>
|
||||
S<[ B<-c> E<lt>packets per fileE<gt> ]>
|
||||
S<[ B<-C> [offset:]E<lt>choplenE<gt> ]>
|
||||
S<[ B<-E> E<lt>error probabilityE<gt> ]>
|
||||
S<[ B<-F> E<lt>file formatE<gt> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<-i> E<lt>seconds per fileE<gt> ]>
|
||||
S<[ B<-o> E<lt>change offsetE<gt> ]>
|
||||
S<[ B<-L> ]>
|
||||
S<[ B<-r> ]>
|
||||
S<[ B<-s> E<lt>snaplenE<gt> ]>
|
||||
S<[ B<-S> E<lt>strict time adjustmentE<gt> ]>
|
||||
S<[ B<-t> E<lt>time adjustmentE<gt> ]>
|
||||
S<[ B<-T> E<lt>encapsulation typeE<gt> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<--inject-secrets> E<lt>secrets typeE<gt>,E<lt>fileE<gt> ]>
|
||||
S<[ B<--discard-all-secrets> ]>
|
||||
S<[ B<--capture-comment> E<lt>commentE<gt> ]>
|
||||
S<[ B<--discard-capture-comment> ]>
|
||||
I<infile>
|
||||
I<outfile>
|
||||
S<[ I<packet#>[-I<packet#>] ... ]>
|
||||
[manarg]
|
||||
*editcap*
|
||||
[ *-a* <frame:comment> ]
|
||||
[ *-A* <start time> ]
|
||||
[ *-B* <stop time> ]
|
||||
[ *-c* <packets per file> ]
|
||||
[ *-C* [offset:]<choplen> ]
|
||||
[ *-E* <error probability> ]
|
||||
[ *-F* <file format> ]
|
||||
[ *-h* ]
|
||||
[ *-i* <seconds per file> ]
|
||||
[ *-o* <change offset> ]
|
||||
[ *-L* ]
|
||||
[ *-r* ]
|
||||
[ *-s* <snaplen> ]
|
||||
[ *-S* <strict time adjustment> ]
|
||||
[ *-t* <time adjustment> ]
|
||||
[ *-T* <encapsulation type> ]
|
||||
[ *-v* ]
|
||||
[ *--inject-secrets* <secrets type>,<file> ]
|
||||
[ *--discard-all-secrets* ]
|
||||
[ *--capture-comment* <comment> ]
|
||||
[ *--discard-capture-comment* ]
|
||||
__infile__
|
||||
__outfile__
|
||||
[ __packet#__[-__packet#__] ... ]
|
||||
|
||||
B<editcap>
|
||||
S< B<-d> > |
|
||||
S< B<-D> E<lt>dup windowE<gt> > |
|
||||
S< B<-w> E<lt>dup time windowE<gt> >
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<-I> E<lt>bytes to ignoreE<gt> ]>
|
||||
S<[ B<--skip-radiotap-header> ]>
|
||||
I<infile>
|
||||
I<outfile>
|
||||
[manarg]
|
||||
*editcap*
|
||||
*-d*
|
||||
*-D* <dup window>
|
||||
*-w* <dup time window>
|
||||
[ *-v* ]
|
||||
[ *-I* <bytes to ignore> ]
|
||||
[ *--skip-radiotap-header* ]
|
||||
__infile__
|
||||
__outfile__
|
||||
|
||||
B<editcap>
|
||||
S<[ B<-V> ]>
|
||||
[manarg]
|
||||
*editcap*
|
||||
[ *-V* ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Editcap> is a program that reads some or all of the captured packets from the
|
||||
I<infile>, optionally converts them in various ways and writes the
|
||||
resulting packets to the capture I<outfile> (or outfiles).
|
||||
*Editcap* is a program that reads some or all of the captured packets from the
|
||||
__infile__, optionally converts them in various ways and writes the
|
||||
resulting packets to the capture __outfile__ (or outfiles).
|
||||
|
||||
By default, it reads all packets from the I<infile> and writes them to the
|
||||
I<outfile> in pcapng file format.
|
||||
By default, it reads all packets from the __infile__ and writes them to the
|
||||
__outfile__ in pcapng file format.
|
||||
|
||||
The B<-A> and B<-B> option allow you to limit the time range from which packets
|
||||
are read from the I<infile>.
|
||||
The *-A* and *-B* option allow you to limit the time range from which packets
|
||||
are read from the __infile__.
|
||||
|
||||
An optional list of packet numbers can be specified on the command tail;
|
||||
individual packet numbers separated by whitespace and/or ranges of packet
|
||||
numbers can be specified as I<start>-I<end>, referring to all packets from
|
||||
I<start> to I<end>. By default the selected packets with those numbers will
|
||||
I<not> be written to the capture file. If the B<-r> flag is specified, the
|
||||
whole packet selection is reversed; in that case I<only> the selected packets
|
||||
numbers can be specified as __start__-__end__, referring to all packets from
|
||||
__start__ to __end__. By default the selected packets with those numbers will
|
||||
__not__ be written to the capture file. If the *-r* flag is specified, the
|
||||
whole packet selection is reversed; in that case __only__ the selected packets
|
||||
will be written to the capture file.
|
||||
|
||||
B<Editcap> can also be used to remove duplicate packets. Several different
|
||||
options (B<-d>, B<-D> and B<-w>) are used to control the packet window
|
||||
*Editcap* can also be used to remove duplicate packets. Several different
|
||||
options (*-d*, *-D* and *-w*) are used to control the packet window
|
||||
or relative time window to be used for duplicate comparison.
|
||||
|
||||
B<Editcap> can be used to assign comment strings to frame numbers.
|
||||
*Editcap* can be used to assign comment strings to frame numbers.
|
||||
|
||||
B<Editcap> is able to detect, read and write the same capture files that
|
||||
are supported by B<Wireshark>.
|
||||
*Editcap* is able to detect, read and write the same capture files that
|
||||
are supported by *Wireshark*.
|
||||
The input file doesn't need a specific filename extension; the file
|
||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
||||
is a detailed description of the way B<Wireshark> handles this, which is
|
||||
the same way B<Editcap> handles this.
|
||||
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||
is a detailed description of the way *Wireshark* handles this, which is
|
||||
the same way *Editcap* handles this.
|
||||
|
||||
B<Editcap> can write the file in several output formats. The B<-F>
|
||||
*Editcap* can write the file in several output formats. The *-F*
|
||||
flag can be used to specify the format in which to write the capture
|
||||
file; B<editcap -F> provides a list of the available output formats.
|
||||
file; *editcap -F* provides a list of the available output formats.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -a E<lt>framenum:commentE<gt>
|
||||
== OPTIONS
|
||||
|
||||
-a <framenum:comment>::
|
||||
+
|
||||
--
|
||||
For the specified frame number, assign the given comment string.
|
||||
Can be repeated for multiple frames. Quotes should be used with comment
|
||||
strings that include spaces.
|
||||
--
|
||||
|
||||
=item -A E<lt>start timeE<gt>
|
||||
|
||||
-A <start time>::
|
||||
+
|
||||
--
|
||||
Reads only the packets whose timestamp is on or after start time.
|
||||
The time is given in ISO 8601 format, either
|
||||
YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
|
||||
|
@ -107,9 +112,11 @@ YYYY-MM-DDTHH:MM:SS[.nnnnnnnnn][Z|±hh:mm] .
|
|||
The fractional seconds are optional, as is the time zone offset from UTC
|
||||
(in which case local time is assumed). Unix epoch timestamps
|
||||
(floating point format) are also accepted.
|
||||
--
|
||||
|
||||
=item -B E<lt>stop timeE<gt>
|
||||
|
||||
-B <stop time>::
|
||||
+
|
||||
--
|
||||
Reads only the packets whose timestamp is before stop time.
|
||||
The time is given in ISO 8601 format, either
|
||||
YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
|
||||
|
@ -117,24 +124,28 @@ YYYY-MM-DDTHH:MM:SS[.nnnnnnnnn][Z|±hh:mm] .
|
|||
The fractional seconds are optional, as is the time zone offset from UTC
|
||||
(in which case local time is assumed). Unix epoch timestamps
|
||||
(floating point format) are also accepted.
|
||||
--
|
||||
|
||||
=item -c E<lt>packets per fileE<gt>
|
||||
|
||||
-c <packets per file>::
|
||||
+
|
||||
--
|
||||
Splits the packet output to different files based on uniform packet counts
|
||||
with a maximum of <packets per file> each.
|
||||
|
||||
Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
|
||||
before the file extension (which may be null) of I<outfile>. The infix
|
||||
before the file extension (which may be null) of __outfile__. The infix
|
||||
consists of the ordinal number of the output file, starting with 00000,
|
||||
followed by the timestamp of its first packet. The timestamp is omitted if
|
||||
the input file does not contain timestamp information.
|
||||
|
||||
After the specified number of packets is written to the output file, the next
|
||||
output file is opened. The default is to use a single output file.
|
||||
This option conflicts with B<-i>.
|
||||
|
||||
=item -C [offset:]E<lt>choplenE<gt>
|
||||
This option conflicts with *-i*.
|
||||
--
|
||||
|
||||
-C [offset:]<choplen>::
|
||||
+
|
||||
--
|
||||
Sets the chop length to use when writing the packet data. Each packet is
|
||||
chopped by <choplen> bytes of data. Positive values chop at the packet
|
||||
beginning while negative values chop at the packet end.
|
||||
|
@ -153,21 +164,25 @@ bytes from up to two different areas of a packet in a single pass provided that
|
|||
you specify at least one chop length as a positive value and at least one as a
|
||||
negative value. All positive chop lengths are added together as are all
|
||||
negative chop lengths.
|
||||
--
|
||||
|
||||
=item -d
|
||||
|
||||
-d::
|
||||
+
|
||||
--
|
||||
Attempts to remove duplicate packets. The length and MD5 hash of the
|
||||
current packet are compared to the previous four (4) packets. If a
|
||||
match is found, the current packet is skipped. This option is equivalent
|
||||
to using the option B<-D 5>.
|
||||
|
||||
=item -D E<lt>dup windowE<gt>
|
||||
to using the option *-D 5*.
|
||||
--
|
||||
|
||||
-D <dup window>::
|
||||
+
|
||||
--
|
||||
Attempts to remove duplicate packets. The length and MD5 hash of the
|
||||
current packet are compared to the previous <dup window> - 1 packets.
|
||||
If a match is found, the current packet is skipped.
|
||||
|
||||
The use of the option B<-D 0> combined with the B<-v> option is useful
|
||||
The use of the option *-D 0* combined with the *-v* option is useful
|
||||
in that each packet's Packet number, Len and MD5 Hash will be printed
|
||||
to standard out. This verbose output (specifically the MD5 hash strings)
|
||||
can be useful in scripts to identify duplicate packets across trace
|
||||
|
@ -176,75 +191,93 @@ files.
|
|||
The <dup window> is specified as an integer value between 0 and 1000000 (inclusive).
|
||||
|
||||
NOTE: Specifying large <dup window> values with large tracefiles can
|
||||
result in very long processing times for B<editcap>.
|
||||
|
||||
=item -E E<lt>error probabilityE<gt>
|
||||
result in very long processing times for *editcap*.
|
||||
--
|
||||
|
||||
-E <error probability>::
|
||||
+
|
||||
--
|
||||
Sets the probability that bytes in the output file are randomly changed.
|
||||
B<Editcap> uses that probability (between 0.0 and 1.0 inclusive)
|
||||
*Editcap* uses that probability (between 0.0 and 1.0 inclusive)
|
||||
to apply errors to each data byte in the file. For instance, a
|
||||
probability of 0.02 means that each byte has a 2% chance of having an error.
|
||||
|
||||
This option is meant to be used for fuzz-testing protocol dissectors.
|
||||
--
|
||||
|
||||
=item -F E<lt>file formatE<gt>
|
||||
|
||||
-F <file format>::
|
||||
+
|
||||
--
|
||||
Sets the file format of the output capture file.
|
||||
B<Editcap> can write the file in several formats, B<editcap -F>
|
||||
*Editcap* can write the file in several formats, *editcap -F*
|
||||
provides a list of the available output formats. The default
|
||||
is the B<pcapng> format.
|
||||
|
||||
=item -h
|
||||
is the *pcapng* format.
|
||||
--
|
||||
|
||||
-h::
|
||||
+
|
||||
--
|
||||
Prints the version and options and exits.
|
||||
--
|
||||
|
||||
=item -i E<lt>seconds per fileE<gt>
|
||||
|
||||
-i <seconds per file>::
|
||||
+
|
||||
--
|
||||
Splits the packet output to different files based on uniform time
|
||||
intervals using a maximum interval of <seconds per file> each. Floating
|
||||
point values (e.g. 0.5) are allowed.
|
||||
|
||||
Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
|
||||
before the file extension (which may be null) of I<outfile>. The infix
|
||||
before the file extension (which may be null) of __outfile__. The infix
|
||||
consists of the ordinal number of the output file, starting with 00000,
|
||||
followed by the timestamp of its first packet. The timestamp is omitted if
|
||||
the input file does not contain timestamp information.
|
||||
|
||||
After packets for the specified time interval are written to the output file,
|
||||
the next output file is opened. The default is to use a single output file.
|
||||
This option conflicts with B<-c>.
|
||||
|
||||
=item -I E<lt>bytes to ignoreE<gt>
|
||||
This option conflicts with *-c*.
|
||||
--
|
||||
|
||||
-I <bytes to ignore>::
|
||||
+
|
||||
--
|
||||
Ignore the specified number of bytes at the beginning of the frame during MD5 hash calculation,
|
||||
unless the frame is too short, then the full frame is used.
|
||||
Useful to remove duplicated packets taken on several routers (different mac addresses for example)
|
||||
e.g. -I 26 in case of Ether/IP will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
|
||||
The default value is 0.
|
||||
--
|
||||
|
||||
=item -L
|
||||
|
||||
-L::
|
||||
+
|
||||
--
|
||||
Adjust the original frame length accordingly when chopping and/or snapping
|
||||
(in addition to the captured length, which is always adjusted regardless of
|
||||
whether B<-L> is specified or not). See also B<-C <choplen>> and B<-s <snaplen>>.
|
||||
|
||||
=item -o E<lt>change offsetE<gt>
|
||||
whether *-L* is specified or not). See also *-C <choplen*> and *-s <snaplen*>.
|
||||
--
|
||||
|
||||
-o <change offset>::
|
||||
+
|
||||
--
|
||||
When used in conjunction with -E, skip some bytes from the beginning of the packet
|
||||
from being changed. In this way some headers don't get changed, and the fuzzer is
|
||||
more focused on a smaller part of the packet. Keeping a part of the packet fixed
|
||||
the same dissector is triggered, that make the fuzzing more precise.
|
||||
--
|
||||
|
||||
=item -r
|
||||
|
||||
-r::
|
||||
+
|
||||
--
|
||||
Reverse the packet selection.
|
||||
Causes the packets whose packet numbers are specified on the command
|
||||
line to be written to the output capture file, instead of discarding them.
|
||||
--
|
||||
|
||||
=item -s E<lt>snaplenE<gt>
|
||||
|
||||
-s <snaplen>::
|
||||
+
|
||||
--
|
||||
Sets the snapshot length to use when writing the data.
|
||||
If the B<-s> flag is used to specify a snapshot length, packets in the
|
||||
If the *-s* flag is used to specify a snapshot length, packets in the
|
||||
input file with more captured data than the specified snapshot length
|
||||
will have only the amount of data specified by the snapshot length
|
||||
written to the output file.
|
||||
|
@ -255,32 +288,38 @@ to read the output file cannot handle packets larger than a certain size
|
|||
appear to reject Ethernet packets larger than the standard Ethernet MTU,
|
||||
making them incapable of handling gigabit Ethernet captures if jumbo
|
||||
packets were used).
|
||||
--
|
||||
|
||||
=item --seed E<lt>seedE<gt>
|
||||
|
||||
--seed <seed>::
|
||||
+
|
||||
--
|
||||
When used in conjunction with -E, set the seed for the pseudo-random number generator.
|
||||
This is useful for recreating a particular sequence of errors.
|
||||
--
|
||||
|
||||
=item --skip-radiotap-header
|
||||
|
||||
--skip-radiotap-header::
|
||||
+
|
||||
--
|
||||
Skip the radiotap header of each frame when checking for packet duplicates. This is useful
|
||||
when processing a capture created by combining outputs of multiple capture devices on the same
|
||||
channel in the vicinity of each other.
|
||||
--
|
||||
|
||||
=item -S E<lt>strict time adjustmentE<gt>
|
||||
|
||||
-S <strict time adjustment>::
|
||||
+
|
||||
--
|
||||
Time adjust selected packets to ensure strict chronological order.
|
||||
|
||||
The <strict time adjustment> value represents relative seconds
|
||||
specified as [-]I<seconds>[I<.fractional seconds>].
|
||||
specified as [-]__seconds__[__.fractional seconds__].
|
||||
|
||||
As the capture file is processed each packet's absolute time is
|
||||
I<possibly> adjusted to be equal to or greater than the previous
|
||||
__possibly__ adjusted to be equal to or greater than the previous
|
||||
packet's absolute timestamp depending on the <strict time
|
||||
adjustment> value.
|
||||
|
||||
If <strict time adjustment> value is 0 or greater (e.g. 0.000001)
|
||||
then B<only> packets with a timestamp less than the previous packet
|
||||
then *only* packets with a timestamp less than the previous packet
|
||||
will adjusted. The adjusted timestamp value will be set to be
|
||||
equal to the timestamp value of the previous packet plus the value
|
||||
of the <strict time adjustment> value. A <strict time adjustment>
|
||||
|
@ -289,38 +328,42 @@ necessary to ensure that the resulting capture file is in
|
|||
strict chronological order.
|
||||
|
||||
If <strict time adjustment> value is specified as a
|
||||
negative value, then the timestamp values of B<all>
|
||||
negative value, then the timestamp values of *all*
|
||||
packets will be adjusted to be equal to the timestamp value
|
||||
of the previous packet plus the absolute value of the
|
||||
E<lt>strict time adjustmentE<gt> value. A <strict time
|
||||
<strict time adjustment> value. A <strict time
|
||||
adjustment> value of -0 will result in all packets
|
||||
having the timestamp value of the first packet.
|
||||
|
||||
This feature is useful when the trace file has an occasional
|
||||
packet with a negative delta time relative to the previous
|
||||
packet.
|
||||
--
|
||||
|
||||
=item -t E<lt>time adjustmentE<gt>
|
||||
|
||||
-t <time adjustment>::
|
||||
+
|
||||
--
|
||||
Sets the time adjustment to use on selected packets.
|
||||
If the B<-t> flag is used to specify a time adjustment, the specified
|
||||
If the *-t* flag is used to specify a time adjustment, the specified
|
||||
adjustment will be applied to all selected packets in the capture file.
|
||||
The adjustment is specified as [-]I<seconds>[I<.fractional seconds>].
|
||||
For example, B<-t> 3600 advances the timestamp on selected packets by one
|
||||
hour while B<-t> -0.5 reduces the timestamp on selected packets by
|
||||
The adjustment is specified as [-]__seconds__[__.fractional seconds__].
|
||||
For example, *-t* 3600 advances the timestamp on selected packets by one
|
||||
hour while *-t* -0.5 reduces the timestamp on selected packets by
|
||||
one-half second.
|
||||
|
||||
This feature is useful when synchronizing dumps
|
||||
collected on different machines where the time difference between the
|
||||
two machines is known or can be estimated.
|
||||
--
|
||||
|
||||
=item -T E<lt>encapsulation typeE<gt>
|
||||
|
||||
-T <encapsulation type>::
|
||||
+
|
||||
--
|
||||
Sets the packet encapsulation type of the output capture file.
|
||||
If the B<-T> flag is used to specify an encapsulation type, the
|
||||
If the *-T* flag is used to specify an encapsulation type, the
|
||||
encapsulation type of the output capture file will be forced to the
|
||||
specified type.
|
||||
B<editcap -T> provides a list of the available types. The default
|
||||
*editcap -T* provides a list of the available types. The default
|
||||
type is the one appropriate to the encapsulation type of the input
|
||||
capture file.
|
||||
|
||||
|
@ -329,82 +372,95 @@ forces the encapsulation type of the output file to be the specified
|
|||
type; the packet headers of the packets will not be translated from the
|
||||
encapsulation type of the input capture file to the specified
|
||||
encapsulation type (for example, it will not translate an Ethernet
|
||||
capture to an FDDI capture if an Ethernet capture is read and 'B<-T
|
||||
fddi>' is specified). If you need to remove/add headers from/to a
|
||||
packet, you will need od(1)/text2pcap(1).
|
||||
capture to an FDDI capture if an Ethernet capture is read and '*-T
|
||||
fddi*' is specified). If you need to remove/add headers from/to a
|
||||
packet, you will need od(1)/xref:text2pcap.html[text2pcap](1).
|
||||
--
|
||||
|
||||
=item -v
|
||||
-v::
|
||||
+
|
||||
--
|
||||
Causes *editcap* to print verbose messages while it's working.
|
||||
|
||||
Causes B<editcap> to print verbose messages while it's working.
|
||||
|
||||
Use of B<-v> with the de-duplication switches of B<-d>, B<-D> or B<-w>
|
||||
Use of *-v* with the de-duplication switches of *-d*, *-D* or *-w*
|
||||
will cause all MD5 hashes to be printed whether the packet is skipped
|
||||
or not.
|
||||
--
|
||||
|
||||
=item -V
|
||||
|
||||
-V::
|
||||
+
|
||||
--
|
||||
Print the version and exit.
|
||||
--
|
||||
|
||||
=item -w E<lt>dup time windowE<gt>
|
||||
|
||||
-w <dup time window>::
|
||||
+
|
||||
--
|
||||
Attempts to remove duplicate packets. The current packet's arrival time
|
||||
is compared with up to 1000000 previous packets. If the packet's relative
|
||||
arrival time is I<less than or equal to> the <dup time window> of a previous packet
|
||||
arrival time is __less than or equal to__ the <dup time window> of a previous packet
|
||||
and the packet length and MD5 hash of the current packet are the same then
|
||||
the packet to skipped. The duplicate comparison test stops when
|
||||
the current packet's relative arrival time is greater than <dup time window>.
|
||||
|
||||
The <dup time window> is specified as I<seconds>[I<.fractional seconds>].
|
||||
The <dup time window> is specified as __seconds__[__.fractional seconds__].
|
||||
|
||||
The [.fractional seconds] component can be specified to nine (9) decimal
|
||||
places (billionths of a second) but most typical trace files have resolution
|
||||
to six (6) decimal places (millionths of a second).
|
||||
|
||||
NOTE: Specifying large <dup time window> values with large tracefiles can
|
||||
result in very long processing times for B<editcap>.
|
||||
result in very long processing times for *editcap*.
|
||||
|
||||
NOTE: The B<-w> option assumes that the packets are in chronological order.
|
||||
If the packets are NOT in chronological order then the B<-w> duplication
|
||||
NOTE: The *-w* option assumes that the packets are in chronological order.
|
||||
If the packets are NOT in chronological order then the *-w* duplication
|
||||
removal option may not identify some duplicates.
|
||||
--
|
||||
|
||||
=item --inject-secrets E<lt>secrets typeE<gt>,E<lt>fileE<gt>
|
||||
|
||||
Inserts the contents of E<lt>fileE<gt> into a Decryption Secrets Block (DSB)
|
||||
--inject-secrets <secrets type>,<file>::
|
||||
+
|
||||
--
|
||||
Inserts the contents of <file> into a Decryption Secrets Block (DSB)
|
||||
within the pcapng output file. This enables decryption without requiring
|
||||
additional configuration in protocol preferences.
|
||||
|
||||
The file format is described by E<lt>secrets typeE<gt> which can be one of:
|
||||
The file format is described by <secrets type> which can be one of:
|
||||
|
||||
I<tls> TLS Key Log as described at L<https://developer.mozilla.org/NSS_Key_Log_Format>
|
||||
I<wg> WireGuard Key Log, see L<https://gitlab.com/wireshark/wireshark/-/wikis/WireGuard#key-log-format>
|
||||
__tls__ TLS Key Log as described at https://developer.mozilla.org/NSS_Key_Log_Format
|
||||
__wg__ WireGuard Key Log, see https://gitlab.com/wireshark/wireshark/-/wikis/WireGuard#key-log-format
|
||||
|
||||
This option may be specified multiple times. The available options for
|
||||
E<lt>secrets typeE<gt> can be listed with B<--inject-secrets help>.
|
||||
|
||||
=item --discard-all-secrets
|
||||
<secrets type> can be listed with *--inject-secrets help*.
|
||||
--
|
||||
|
||||
--discard-all-secrets::
|
||||
+
|
||||
--
|
||||
Discard all decryption secrets from the input file when writing the
|
||||
output file. Does not discard secrets added by B<--inject-secrets> in
|
||||
output file. Does not discard secrets added by *--inject-secrets* in
|
||||
the same command line.
|
||||
--
|
||||
|
||||
=item --capture-comment E<lt>commentE<gt>
|
||||
|
||||
--capture-comment <comment>::
|
||||
+
|
||||
--
|
||||
Adds the given comment to the output file, if supported by the output
|
||||
file format. New comments will be added I<after> any comments present
|
||||
in the input file unless B<--discard-capture-comment> is also specified.
|
||||
file format. New comments will be added __after__ any comments present
|
||||
in the input file unless *--discard-capture-comment* is also specified.
|
||||
|
||||
This option may be specified multiple times. Note that Wireshark
|
||||
currently only displays the first comment of a capture file.
|
||||
--
|
||||
|
||||
=item --discard-capture-comment
|
||||
|
||||
--discard-capture-comment::
|
||||
+
|
||||
--
|
||||
Discard all capture file comments from the input file when writing the output
|
||||
file. Does not discard comments added by B<--capture-comment> in the same
|
||||
file. Does not discard comments added by *--capture-comment* in the same
|
||||
command line.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see more detailed description of the options use:
|
||||
|
||||
|
@ -450,7 +506,7 @@ To remove duplicate packets seen within the prior 100 frames use:
|
|||
|
||||
editcap -D 101 capture.pcapng dedup.pcapng
|
||||
|
||||
To remove duplicate packets seen I<equal to or less than> 1/10th of a second:
|
||||
To remove duplicate packets seen __equal to or less than__ 1/10th of a second:
|
||||
|
||||
editcap -w 0.1 capture.pcapng dedup.pcapng
|
||||
|
||||
|
@ -502,27 +558,26 @@ To add comment strings to the first 2 input frames, use:
|
|||
|
||||
editcap -a "1:1st frame" -a 2:Second capture.pcapng capture-comments.pcapng
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
pcap(3), wireshark(1), tshark(1), mergecap(1), dumpcap(1), capinfos(1),
|
||||
text2pcap(1), reordercap(1), od(1), pcap-filter(7) or tcpdump(8)
|
||||
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:mergecap.html[mergecap](1), xref:dumpcap.html[dumpcap](1), xref:capinfos.html[capinfos](1),
|
||||
xref:text2pcap.html[text2pcap](1), xref:reordercap.html[reordercap](1), od(1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<Editcap> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Editcap* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Richard Sharpe <sharpe[AT]ns.aus.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Richard Sharpe <sharpe[AT]ns.aus.com>
|
||||
|
||||
|
||||
Contributors
|
||||
------------
|
||||
Guy Harris <guy[AT]alum.mit.edu>
|
||||
Ulf Lamping <ulf.lamping[AT]web.de>
|
||||
.Contributors
|
||||
[%hardbreaks]
|
||||
Guy Harris <guy[AT]alum.mit.edu>
|
||||
Ulf Lamping <ulf.lamping[AT]web.de>
|
||||
|
|
138
doc/etwdump.adoc
138
doc/etwdump.adoc
|
@ -1,84 +1,104 @@
|
|||
=begin man
|
||||
= etwdump(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
etwdump - Provide an interface to read ETW
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<etwdump>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--iue>=E<lt>Should undecidable events be includedE<gt> ]>
|
||||
S<[ B<--etlfile>=E<lt>etl fileE<gt> ]>
|
||||
S<[ B<--params>=E<lt>filter parametersE<gt> ]>
|
||||
[manarg]
|
||||
*etwdump*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--iue*=<Should undecidable events be included> ]
|
||||
[ *--etlfile*=<etl file> ]
|
||||
[ *--params*=<filter parameters> ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<etwdump> is a extcap tool that provides access to a etl file.
|
||||
*etwdump* is a extcap tool that provides access to a etl file.
|
||||
It is only used to display event trace on Windows.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --iue=E<lt>Should undecidable events be includedE<gt>
|
||||
|
||||
--iue=<Should undecidable events be included>::
|
||||
+
|
||||
--
|
||||
Choose if the undecidable event is included.
|
||||
--
|
||||
|
||||
=item --etlfile=E<lt>Etl fileE<gt>
|
||||
|
||||
--etlfile=<Etl file>::
|
||||
+
|
||||
--
|
||||
Select etl file to display in Wireshark.
|
||||
--
|
||||
|
||||
=item --params=E<lt>filter parametersE<gt>
|
||||
|
||||
--params=<filter parameters>::
|
||||
+
|
||||
--
|
||||
Input providers, keyword and level filters for the etl file and live session.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -117,20 +137,20 @@ To capture:
|
|||
|
||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<etwdump> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*etwdump* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
---------------
|
||||
Odysseus Yang L<wiresharkyyh@outlook.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Odysseus Yang L<wiresharkyyh@outlook.com>
|
||||
|
|
104
doc/extcap.adoc
104
doc/extcap.adoc
|
@ -1,14 +1,15 @@
|
|||
=begin man
|
||||
= extcap(4)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
extcap - The extcap interface
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
The extcap interface is a versatile plugin interface that allows external binaries
|
||||
to act as capture interfaces directly in Wireshark. It is used in scenarios, where
|
||||
|
@ -41,39 +42,49 @@ can be found (it is not designed to be launched by hand). This is done on purpo
|
|||
only be extcap programs (executable, python scripts, ...) in the extcap folder to reduce the startup
|
||||
time and not have Wireshark trying to execute other file types.
|
||||
|
||||
|
||||
=head1 GRAMMAR ELEMENTS
|
||||
== GRAMMAR ELEMENTS
|
||||
|
||||
Grammar elements:
|
||||
|
||||
=over 4
|
||||
|
||||
=item arg (options)
|
||||
|
||||
arg (options)::
|
||||
+
|
||||
--
|
||||
argument for CLI calling
|
||||
--
|
||||
|
||||
=item number
|
||||
|
||||
number::
|
||||
+
|
||||
--
|
||||
Reference # of argument for other values, display order
|
||||
--
|
||||
|
||||
=item call
|
||||
|
||||
call::
|
||||
+
|
||||
--
|
||||
Literal argument to call (--call=...)
|
||||
--
|
||||
|
||||
=item display
|
||||
|
||||
display::
|
||||
+
|
||||
--
|
||||
Displayed name
|
||||
--
|
||||
|
||||
=item default
|
||||
|
||||
default::
|
||||
+
|
||||
--
|
||||
Default value, in proper form for type
|
||||
--
|
||||
|
||||
=item range
|
||||
|
||||
range::
|
||||
+
|
||||
--
|
||||
Range of valid values for UI checking (min,max) in proper form
|
||||
--
|
||||
|
||||
=item type
|
||||
|
||||
type::
|
||||
+
|
||||
--
|
||||
Argument type for UI filtering for raw, or UI type for selector:
|
||||
|
||||
integer
|
||||
|
@ -87,15 +98,16 @@ Argument type for UI filtering for raw, or UI type for selector:
|
|||
multicheck (display a textbox for selecting multiple options, values as strings)
|
||||
password (display a textbox with masked text)
|
||||
timestamp (display a calendar)
|
||||
--
|
||||
|
||||
=item value (options)
|
||||
|
||||
value (options)::
|
||||
+
|
||||
--
|
||||
Values for argument selection
|
||||
arg Argument # this value applies to
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
Example 1:
|
||||
|
||||
|
@ -128,30 +140,22 @@ Example 5:
|
|||
arg {number=0}{call=--start}{display=Start Time}{type=timestamp}
|
||||
arg {number=1}{call=--end}{display=End Time}{type=timestamp}
|
||||
|
||||
=head1 Security awareness
|
||||
== Security awareness
|
||||
|
||||
=over 4
|
||||
- Users running wireshark as root, we can't save you
|
||||
- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
|
||||
- Third-party capture programs run w/ whatever privs they're installed with
|
||||
- If an attacker can write to a system binary directory, we're game over anyhow
|
||||
- Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run
|
||||
|
||||
=item - Users running wireshark as root, we can't save you
|
||||
== SEE ALSO
|
||||
|
||||
=item - Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:androiddump.html[androiddump](1), xref:sshdump.html[sshdump](1), xref:randpktdump.html[randpktdump](1)
|
||||
|
||||
=item - Third-party capture programs run w/ whatever privs they're installed with
|
||||
== NOTES
|
||||
|
||||
=item - If an attacker can write to a system binary directory, we're game over anyhow
|
||||
|
||||
=item - Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run
|
||||
|
||||
=back
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1), randpktdump(1)
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
B<Extcap> is feature of B<Wireshark>. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Extcap* is feature of *Wireshark*. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
|
112
doc/idl2deb.adoc
112
doc/idl2deb.adoc
|
@ -1,80 +1,92 @@
|
|||
=begin man
|
||||
= idl2deb(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
idl2deb - Create a Debian package for CORBA monitoring from IDL
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<idl2deb>
|
||||
S<[ B<-d> E<lt>optsE<gt> ]>
|
||||
S<[ B<--dbopts>=E<lt>optsE<gt> ]>
|
||||
S<[ B<-e> E<lt>addressE<gt> ]>
|
||||
S<[ B<--email>=E<lt>addressE<gt> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<-i> E<lt>idlfileE<gt> ]>
|
||||
S<[ B<--idl>=E<lt>idlfileE<gt> ]>
|
||||
S<[ B<-n> E<lt>nameE<gt> ]>
|
||||
S<[ B<--name>=E<lt>nameE<gt> ]>
|
||||
S<[ B<-p> ]>
|
||||
S<[ B<--preserve> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<--version> ]>
|
||||
[manarg]
|
||||
*idl2deb*
|
||||
[ *-d* <opts> ]
|
||||
[ *--dbopts*=<opts> ]
|
||||
[ *-e* <address> ]
|
||||
[ *--email*=<address> ]
|
||||
[ *-h* ]
|
||||
[ *--help* ]
|
||||
[ *-i* <idlfile> ]
|
||||
[ *--idl*=<idlfile> ]
|
||||
[ *-n* <name> ]
|
||||
[ *--name*=<name> ]
|
||||
[ *-p* ]
|
||||
[ *--preserve* ]
|
||||
[ *-v* ]
|
||||
[ *--version* ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
This manual page documents briefly the B<idl2deb> command. B<idl2deb>
|
||||
This manual page documents briefly the *idl2deb* command. *idl2deb*
|
||||
takes an CORBA IDL file as input and creates a Debian package from it. The
|
||||
package contains a loadable module for the Wireshark network analyser.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -d E<lt>optsE<gt> --dbopts=E<lt>optsE<gt>
|
||||
== OPTIONS
|
||||
|
||||
-d <opts> --dbopts=<opts>::
|
||||
+
|
||||
--
|
||||
options for dpkg-buildpackage.
|
||||
--
|
||||
|
||||
=item -e E<lt>addressE<gt> --email=E<lt>addressE<gt>
|
||||
|
||||
-e <address> --email=<address>::
|
||||
+
|
||||
--
|
||||
use e-mail address.
|
||||
--
|
||||
|
||||
=item -h --help
|
||||
|
||||
-h --help::
|
||||
+
|
||||
--
|
||||
print help and exit.
|
||||
--
|
||||
|
||||
=item -i E<lt>idlfileE<gt> --idl=E<lt>idlfileE<gt>
|
||||
|
||||
-i <idlfile> --idl=<idlfile>::
|
||||
+
|
||||
--
|
||||
IDL file to use (mandatory)
|
||||
--
|
||||
|
||||
=item -n E<lt>nameE<gt> --name=E<lt>nameE<gt>
|
||||
|
||||
-n <name> --name=<name>::
|
||||
+
|
||||
--
|
||||
use user name.
|
||||
--
|
||||
|
||||
=item -p --preserve
|
||||
|
||||
-p --preserve::
|
||||
+
|
||||
--
|
||||
do not overwrite files.
|
||||
--
|
||||
|
||||
=item -v --version
|
||||
|
||||
-v --version::
|
||||
+
|
||||
--
|
||||
print version and exit.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
/usr/bin/idl2deb -e me@foo.net -i bar.idl \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
A lot of tools are used, which you have to B<apt-get install>: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev.
|
||||
A lot of tools are used, which you have to *apt-get install*: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev.
|
||||
|
||||
=head1 COPYING
|
||||
== COPYING
|
||||
|
||||
This manual page was written by W. Borgert debacle@debian.org
|
||||
for Debian GNU/Linux (but may be used by others). Permission is granted
|
||||
|
@ -82,10 +94,10 @@ to copy, distribute and/or modify this document under the terms of the
|
|||
GNU General Public License, Version 2 or any later version published by
|
||||
the Free Software Foundation.
|
||||
|
||||
=head1 AUTHOR
|
||||
== AUTHOR
|
||||
|
||||
B<W. Borgert> Author.
|
||||
*W. Borgert* Author.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
== COPYRIGHT
|
||||
|
||||
Copyright (C) 2003, 2005 W. Borger
|
||||
|
|
108
doc/idl2wrs.adoc
108
doc/idl2wrs.adoc
|
@ -1,51 +1,45 @@
|
|||
=begin man
|
||||
= idl2wrs(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
idl2wrs - CORBA IDL to Wireshark Plugin Generator
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<idl2wrs> E<lt>filenameE<gt>
|
||||
*idl2wrs* <filename>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<idl2wrs> is a program that takes a user specified B<CORBA IDL>
|
||||
file and generates B<"C"> source code for a B<Wireshark> "plugin".
|
||||
*idl2wrs* is a program that takes a user specified *CORBA IDL*
|
||||
file and generates *"C"* source code for a *Wireshark* "plugin".
|
||||
|
||||
This resulting file can be compiled as a B<Wireshark> plugin, and
|
||||
used to monitor B<GIOP/IIOP> traffic that is using this IDL.
|
||||
This resulting file can be compiled as a *Wireshark* plugin, and
|
||||
used to monitor *GIOP/IIOP* traffic that is using this IDL.
|
||||
|
||||
B<idl2wrs> is actually a shell script wrapper for two B<Python> programs.
|
||||
*idl2wrs* is actually a shell script wrapper for two *Python* programs.
|
||||
These programs are:
|
||||
|
||||
=over 4
|
||||
|
||||
=item * B<wireshark_be.py>
|
||||
|
||||
* *wireshark_be.py*
|
||||
Contains the main IDL Visitor Class
|
||||
|
||||
=item * B<wireshark_gen.py>
|
||||
|
||||
* *wireshark_gen.py*
|
||||
Contains the Source Code Generator Class
|
||||
|
||||
=back
|
||||
|
||||
B<idl2wrs> supports heuristic dissection of GIOP/IIOP traffic,
|
||||
*idl2wrs* supports heuristic dissection of GIOP/IIOP traffic,
|
||||
and some experimental code for explicit dissection, based on
|
||||
Object Key <-> Repository Id mapping.
|
||||
However, code for heuristic based plugins is
|
||||
generated by default, and users should consider this the preferred
|
||||
method unless you have some namespace collisions.
|
||||
|
||||
== OPTIONS
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
Currently there are no options. B<idl2wrs> can be invoked as follows.
|
||||
Currently there are no options. *idl2wrs* can be invoked as follows.
|
||||
|
||||
1. To write the C code to stdout.
|
||||
|
||||
|
@ -53,22 +47,18 @@ Currently there are no options. B<idl2wrs> can be invoked as follows.
|
|||
|
||||
eg: idl2wrs echo.idl
|
||||
|
||||
|
||||
2. To write to a file, just redirect the output.
|
||||
|
||||
idl2wrs echo.idl > packet-test.c
|
||||
|
||||
== ENVIRONMENT
|
||||
|
||||
*idl2wrs* will look for *wireshark_be.py* and *wireshark_gen.py* in
|
||||
*$PYTHONPATH/site-packages/* and if not found, will try the current
|
||||
directory *./*
|
||||
|
||||
|
||||
=head1 ENVIRONMENT
|
||||
|
||||
B<idl2wrs> will look for B<wireshark_be.py> and B<wireshark_gen.py> in
|
||||
B<$PYTHONPATH/site-packages/> and if not found, will try the current
|
||||
directory B<./>
|
||||
|
||||
The B<-p> option passed to omniidl (inside B<idl2wrs>) indicates where
|
||||
B<wireshark_be.py> and B<wireshark_gen.py> will be searched. This may
|
||||
The *-p* option passed to omniidl (inside *idl2wrs*) indicates where
|
||||
*wireshark_be.py* and *wireshark_gen.py* will be searched. This may
|
||||
need tweaking if you place these files somewhere else.
|
||||
|
||||
If it complains about being unable to find some modules (eg tempfile.py),
|
||||
|
@ -76,45 +66,35 @@ you may want to check if PYTHONPATH is set correctly.
|
|||
|
||||
eg: PYTHONPATH=/usr/lib/python1.5/
|
||||
|
||||
== SEE ALSO
|
||||
|
||||
=head1 SEE ALSO
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1)
|
||||
|
||||
wireshark(1), tshark(1)
|
||||
== NOTES
|
||||
|
||||
*idl2wrs* (including *wireshark_be.py* and *wireshark_gen.py*) are part of
|
||||
the *Wireshark* distribution. The latest version of *Wireshark* can
|
||||
be found at https://www.wireshark.org.
|
||||
|
||||
=head1 NOTES
|
||||
*idl2wrs* uses *omniidl*, an IDL parser, and can be found at
|
||||
http://omniorb.sourceforge.net/
|
||||
|
||||
B<idl2wrs> (including B<wireshark_be.py> and B<wireshark_gen.py>) are part of
|
||||
the B<Wireshark> distribution. The latest version of B<Wireshark> can
|
||||
be found at L<https://www.wireshark.org>.
|
||||
|
||||
B<idl2wrs> uses B<omniidl>, an IDL parser, and can be found at
|
||||
L<http://omniorb.sourceforge.net/>
|
||||
|
||||
=head1 TODO
|
||||
== TODO
|
||||
|
||||
Some of the more important things to do are:
|
||||
|
||||
=over 4
|
||||
* Improve Explicit dissection code.
|
||||
|
||||
=item *
|
||||
Improve Explicit dissection code.
|
||||
* Improve command line options.
|
||||
|
||||
=item *
|
||||
Improve command line options.
|
||||
* Improve decode algorithm when we have operation name collision.
|
||||
|
||||
=item *
|
||||
Improve decode algorithm when we have operation name collision.
|
||||
== AUTHORS
|
||||
|
||||
=back
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Frank Singleton <frank.singleton[AT]ericsson.com>
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Frank Singleton <frank.singleton[AT]ericsson.com>
|
||||
|
||||
|
||||
Contributors
|
||||
------------
|
||||
.Contributors
|
||||
[%hardbreaks]
|
||||
|
||||
|
|
|
@ -1,55 +1,57 @@
|
|||
=begin man
|
||||
= mergecap(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
mergecap - Merges two or more capture files into one
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<mergecap>
|
||||
S<[ B<-a> ]>
|
||||
S<[ B<-F> E<lt>I<file format>E<gt> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<-I> E<lt>I<IDB merge mode>E<gt> ]>
|
||||
S<[ B<-s> E<lt>I<snaplen>E<gt> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<-V> ]>
|
||||
S<B<-w> E<lt>I<outfile>E<gt>|->
|
||||
E<lt>I<infile>E<gt> [E<lt>I<infile>E<gt> I<...>]
|
||||
[manarg]
|
||||
*mergecap*
|
||||
[ *-a* ]
|
||||
[ *-F* <__file format__> ]
|
||||
[ *-h* ]
|
||||
[ *-I* <__IDB merge mode__> ]
|
||||
[ *-s* <__snaplen__> ]
|
||||
[ *-v* ]
|
||||
[ *-V* ]
|
||||
*-w* <__outfile__>|-
|
||||
<__infile__> [<__infile__> __...__]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Mergecap> is a program that combines multiple saved capture files into
|
||||
a single output file specified by the B<-w> argument. B<Mergecap> knows
|
||||
how to read B<pcap> and B<pcapng> capture files, including those of
|
||||
B<tcpdump>, B<Wireshark> and other tools that write captures in those
|
||||
*Mergecap* is a program that combines multiple saved capture files into
|
||||
a single output file specified by the *-w* argument. *Mergecap* knows
|
||||
how to read *pcap* and *pcapng* capture files, including those of
|
||||
*tcpdump*, *Wireshark* and other tools that write captures in those
|
||||
formats.
|
||||
|
||||
By default, B<Mergecap> writes the capture file in B<pcapng> format, and
|
||||
By default, *Mergecap* writes the capture file in *pcapng* format, and
|
||||
writes all of the packets from the input capture files to the output file.
|
||||
|
||||
B<Mergecap> is able to detect, read and write the same capture files that
|
||||
are supported by B<Wireshark>.
|
||||
*Mergecap* is able to detect, read and write the same capture files that
|
||||
are supported by *Wireshark*.
|
||||
The input files don't need a specific filename extension; the file
|
||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
||||
is a detailed description of the way B<Wireshark> handles this, which is
|
||||
the same way B<Mergecap> handles this.
|
||||
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||
is a detailed description of the way *Wireshark* handles this, which is
|
||||
the same way *Mergecap* handles this.
|
||||
|
||||
B<Mergecap> can write the file in several output formats.
|
||||
The B<-F> flag can be used to specify the format in which to write the
|
||||
capture file, B<mergecap -F> provides a list of the available output
|
||||
*Mergecap* can write the file in several output formats.
|
||||
The *-F* flag can be used to specify the format in which to write the
|
||||
capture file, *mergecap -F* provides a list of the available output
|
||||
formats.
|
||||
|
||||
Packets from the input files are merged in chronological order based on
|
||||
each frame's timestamp, unless the B<-a> flag is specified. B<Mergecap>
|
||||
each frame's timestamp, unless the *-a* flag is specified. *Mergecap*
|
||||
assumes that frames within a single capture file are already stored in
|
||||
chronological order. When the B<-a> flag is specified, packets are
|
||||
chronological order. When the *-a* flag is specified, packets are
|
||||
copied directly from each input file to the output file, independent of
|
||||
each frame's timestamp.
|
||||
|
||||
|
@ -57,37 +59,42 @@ The output file frame encapsulation type is set to the type of the input
|
|||
files if all input files have the same type. If not all of the input
|
||||
files have the same frame encapsulation type, the output file type is
|
||||
set to WTAP_ENCAP_PER_PACKET. Note that some capture file formats, most
|
||||
notably B<pcap>, do not currently support WTAP_ENCAP_PER_PACKET.
|
||||
notably *pcap*, do not currently support WTAP_ENCAP_PER_PACKET.
|
||||
This combination will cause the output file creation to fail.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -a
|
||||
== OPTIONS
|
||||
|
||||
-a::
|
||||
+
|
||||
--
|
||||
Causes the frame timestamps to be ignored, writing all packets from the
|
||||
first input file followed by all packets from the second input file. By
|
||||
default, when B<-a> is not specified, the contents of the input files
|
||||
default, when *-a* is not specified, the contents of the input files
|
||||
are merged in chronological order based on each frame's timestamp.
|
||||
|
||||
Note: when merging, B<mergecap> assumes that packets within a capture
|
||||
Note: when merging, *mergecap* assumes that packets within a capture
|
||||
file are already in chronological order.
|
||||
--
|
||||
|
||||
=item -F E<lt>file formatE<gt>
|
||||
|
||||
Sets the file format of the output capture file. B<Mergecap> can write
|
||||
the file in several formats; B<mergecap -F> provides a list of the
|
||||
available output formats. By default this is the B<pcapng> format.
|
||||
|
||||
=item -h
|
||||
-F <file format>::
|
||||
+
|
||||
--
|
||||
Sets the file format of the output capture file. *Mergecap* can write
|
||||
the file in several formats; *mergecap -F* provides a list of the
|
||||
available output formats. By default this is the *pcapng* format.
|
||||
--
|
||||
|
||||
-h::
|
||||
+
|
||||
--
|
||||
Prints the version and options and exits.
|
||||
--
|
||||
|
||||
=item -I E<lt>IDB merge modeE<gt>
|
||||
|
||||
-I <IDB merge mode>::
|
||||
+
|
||||
--
|
||||
Sets the Interface Description Block (IDB) merge mode to use during merging.
|
||||
B<mergecap -I> provides a list of the available IDB merge modes.
|
||||
*mergecap -I* provides a list of the available IDB merge modes.
|
||||
|
||||
Every input file has one or more IDBs, which describe the interface(s) the
|
||||
capture was performed on originally. This includes encapsulation type,
|
||||
|
@ -95,35 +102,25 @@ interface name, etc. When mergecap merges multiple input files, it has to
|
|||
merge these IDBs somehow for the new merged output file. This flag controls
|
||||
how that is accomplished. The currently available modes are:
|
||||
|
||||
=over 4
|
||||
|
||||
B<none>: No merging of IDBs is performed, and instead all IDBs are
|
||||
*none*: No merging of IDBs is performed, and instead all IDBs are
|
||||
copied to the merged output file.
|
||||
|
||||
=back
|
||||
|
||||
=over 4
|
||||
|
||||
B<all>: IDBs are merged only if all input files have the same number
|
||||
*all*: IDBs are merged only if all input files have the same number
|
||||
of IDBs, and each IDB matches their respective entry in the
|
||||
other files. This is the default mode.
|
||||
|
||||
=back
|
||||
|
||||
=over 4
|
||||
|
||||
B<any>: Any and all duplicate IDBs are merged into one IDB, regardless
|
||||
*any*: Any and all duplicate IDBs are merged into one IDB, regardless
|
||||
of what file they are in.
|
||||
|
||||
=back
|
||||
|
||||
Note that an IDB is only considered a matching duplicate if it has the same
|
||||
encapsulation type, name, speed, time precision, comments, description, etc.
|
||||
--
|
||||
|
||||
=item -s E<lt>snaplenE<gt>
|
||||
|
||||
-s <snaplen>::
|
||||
+
|
||||
--
|
||||
Sets the snapshot length to use when writing the data.
|
||||
If the B<-s> flag is used to specify a snapshot length, frames in the
|
||||
If the *-s* flag is used to specify a snapshot length, frames in the
|
||||
input file with more captured data than the specified snapshot length
|
||||
will have only the amount of data specified by the snapshot length
|
||||
written to the output file. This may be useful if the program that is
|
||||
|
@ -132,23 +129,28 @@ to read the output file cannot handle packets larger than a certain size
|
|||
appear to reject Ethernet frames larger than the standard Ethernet MTU,
|
||||
making them incapable of handling gigabit Ethernet captures if jumbo
|
||||
frames were used).
|
||||
--
|
||||
|
||||
=item -v
|
||||
|
||||
Causes B<mergecap> to print a number of messages while it's working.
|
||||
|
||||
=item -V
|
||||
-v::
|
||||
+
|
||||
--
|
||||
Causes *mergecap* to print a number of messages while it's working.
|
||||
--
|
||||
|
||||
-V::
|
||||
+
|
||||
--
|
||||
Print the version and exit.
|
||||
--
|
||||
|
||||
=item -w E<lt>outfileE<gt>|-
|
||||
|
||||
Sets the output filename. If the name is 'B<->', stdout will be used.
|
||||
-w <outfile>|-::
|
||||
+
|
||||
--
|
||||
Sets the output filename. If the name is '*-*', stdout will be used.
|
||||
This setting is mandatory.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To merge two capture files together into a third capture file, in which
|
||||
the last packet of one file arrives 100 seconds before the first packet
|
||||
|
@ -178,29 +180,28 @@ Then the final step would be to use :
|
|||
|
||||
to merge a.pcap and the shifted b.pcap into compare.pcap.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), text2pcap(1),
|
||||
pcap-filter(7) or tcpdump(8)
|
||||
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:editcap.html[editcap](1), xref:text2pcap.html[text2pcap](1),
|
||||
xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<Mergecap> is based heavily upon B<editcap> by Richard Sharpe
|
||||
*Mergecap* is based heavily upon *editcap* by Richard Sharpe
|
||||
<sharpe[AT]ns.aus.com> and Guy Harris <guy[AT]alum.mit.edu>.
|
||||
|
||||
B<Mergecap> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Mergecap* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Scott Renfro <scott[AT]renfro.org>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Scott Renfro <scott[AT]renfro.org>
|
||||
|
||||
|
||||
Contributors
|
||||
------------
|
||||
Bill Guyton <guyton[AT]bguyton.com>
|
||||
.Contributors
|
||||
[%hardbreaks]
|
||||
Bill Guyton <guyton[AT]bguyton.com>
|
||||
|
|
|
@ -1,23 +1,25 @@
|
|||
=begin man
|
||||
= mmdbresolve(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
mmdbresolve - Read IPv4 and IPv6 addresses and print their IP geolocation information.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<mmdbresolve>
|
||||
S<B<-f E<lt>dbfileE<gt>>>
|
||||
S<[ B<-f E<lt>dbfileE<gt>> ]>
|
||||
I<...>
|
||||
[manarg]
|
||||
*mmdbresolve*
|
||||
*-f <dbfile>*
|
||||
[ *-f <dbfile>* ]
|
||||
__...__
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<mmdbresolve> reads IPv4 and IPv6 addresses on stdin and prints their IP geolocation information
|
||||
*mmdbresolve* reads IPv4 and IPv6 addresses on stdin and prints their IP geolocation information
|
||||
on stdout. Each input line must contain exactly one address. Output is in INI format, with a section
|
||||
delimiter named after the query address followed by a set of "key: value" pairs. A comment
|
||||
beginning with "# End" is appended to each section.
|
||||
|
@ -25,17 +27,15 @@ beginning with "# End" is appended to each section.
|
|||
At startup an "[init]" section is printed that shows the status of each datbase and of mmdbresolve
|
||||
itself.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -f
|
||||
== OPTIONS
|
||||
|
||||
-f::
|
||||
+
|
||||
--
|
||||
Path to a MaxMind Database file. Multiple databases may be specified.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To resolve a single address:
|
||||
|
||||
|
@ -56,20 +56,20 @@ Example output:
|
|||
location.longitude: -97.822000
|
||||
# End 4.4.4.4
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<mmdbresolve> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*mmdbresolve* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
---------------
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
|
|
|
@ -122,7 +122,7 @@ include::../docbook/attributes.adoc[]
|
|||
continue
|
||||
|
||||
# Inline unordered and ordered list items
|
||||
item = re.match(r'=item\s*(\*\s+.*|\d+\.\s+.*)\s*$', podline)
|
||||
item = re.match(r'=item\s*([-\*]\s+.*|\d+\.\s+.*)\s*$', podline)
|
||||
if item:
|
||||
adoc_body += f'{item.group(1)}'
|
||||
continue
|
||||
|
|
|
@ -1,63 +1,68 @@
|
|||
=begin man
|
||||
= randpkt(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
randpkt - Random packet generator
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<randpkt>
|
||||
S<[ B<-b> E<lt>maxbytesE<gt> ]>
|
||||
S<[ B<-c> E<lt>countE<gt> ]>
|
||||
S<[ B<-t> E<lt>typeE<gt> ]>
|
||||
E<lt>filenameE<gt>
|
||||
[manarg]
|
||||
*randpkt*
|
||||
[ *-b* <maxbytes> ]
|
||||
[ *-c* <count> ]
|
||||
[ *-t* <type> ]
|
||||
<filename>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<randpkt> is a small utility that creates a B<pcap> trace file
|
||||
*randpkt* is a small utility that creates a *pcap* trace file
|
||||
full of random packets.
|
||||
|
||||
By creating many randomized packets of a certain type, you can
|
||||
test packet sniffers to see how well they handle malformed packets.
|
||||
The sniffer can never trust the data that it sees in the packet because
|
||||
you can always sniff a very bad packet that conforms to no standard.
|
||||
B<randpkt> produces I<very bad> packets.
|
||||
*randpkt* produces __very bad__ packets.
|
||||
|
||||
When creating packets of a certain type, B<randpkt> uses a sample
|
||||
packet that is stored internally to B<randpkt>. It uses this as the
|
||||
When creating packets of a certain type, *randpkt* uses a sample
|
||||
packet that is stored internally to *randpkt*. It uses this as the
|
||||
starting point for your random packets, and then adds extra random
|
||||
bytes to the end of this sample packet.
|
||||
|
||||
For example, if you choose to create random ARP packets, B<randpkt>
|
||||
For example, if you choose to create random ARP packets, *randpkt*
|
||||
will create a packet which contains a predetermined Ethernet II header,
|
||||
with the Type field set to ARP. After the Ethernet II header, it will
|
||||
put a random number of bytes with random values.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -b E<lt>maxbytesE<gt>
|
||||
== OPTIONS
|
||||
|
||||
-b <maxbytes>::
|
||||
+
|
||||
--
|
||||
Default 5000.
|
||||
|
||||
Defines the maximum number of bytes added to the sample packet.
|
||||
If you choose a B<maxbytes> value that is less than the size of the
|
||||
If you choose a *maxbytes* value that is less than the size of the
|
||||
sample packet, then your packets would contain only the sample
|
||||
packet... not much variance there! B<randpkt> exits on that condition.
|
||||
|
||||
=item -c E<lt>countE<gt>
|
||||
packet... not much variance there! *randpkt* exits on that condition.
|
||||
--
|
||||
|
||||
-c <count>::
|
||||
+
|
||||
--
|
||||
Default 1000.
|
||||
|
||||
Defines the number of packets to generate.
|
||||
--
|
||||
|
||||
=item -t E<lt>typeE<gt>
|
||||
|
||||
-t <type>::
|
||||
+
|
||||
--
|
||||
Default Ethernet II frame.
|
||||
|
||||
Defines the type of packet to generate:
|
||||
|
@ -85,10 +90,9 @@ Defines the type of packet to generate:
|
|||
udp User Datagram Protocol
|
||||
usb Universal Serial Bus
|
||||
usb-linux Universal Serial Bus with Linux specific header
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see a description of the randpkt options use:
|
||||
|
||||
|
@ -102,6 +106,6 @@ To generate a small capture file with just a single LLC frame use:
|
|||
|
||||
randpkt -b 100 -c 1 -t llc single_llc.pcap
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
pcap(3), editcap(1)
|
||||
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:editcap.html[editcap](1)
|
||||
|
|
|
@ -1,100 +1,126 @@
|
|||
=begin man
|
||||
= randpktdump(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
randpktdump - Provide an interface to generate random captures using randpkt
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<randpktdump>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--maxbytes>=E<lt>bytesE<gt> ]>
|
||||
S<[ B<--count>=E<lt>numE<gt> ]>
|
||||
S<[ B<--delay>=E<lt>msE<gt> ]>
|
||||
S<[ B<--random-type>=E<lt>true|falseE<gt> ]>
|
||||
S<[ B<--all-random>=E<lt>true|falseE<gt> ]>
|
||||
S<[ B<--type>=E<lt>packet typeE<gt> ]>
|
||||
[manarg]
|
||||
*randpktdump*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--maxbytes*=<bytes> ]
|
||||
[ *--count*=<num> ]
|
||||
[ *--delay*=<ms> ]
|
||||
[ *--random-type*=<true|false> ]
|
||||
[ *--all-random*=<true|false> ]
|
||||
[ *--type*=<packet type> ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<randpktdump> is a extcap tool that provides access to the random
|
||||
*randpktdump* is a extcap tool that provides access to the random
|
||||
packet generator (randpkt). It is mainly used for testing and
|
||||
educational purpose.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --maxbytes=E<lt>bytesE<gt>
|
||||
|
||||
--maxbytes=<bytes>::
|
||||
+
|
||||
--
|
||||
Set the max number of bytes per packet.
|
||||
--
|
||||
|
||||
=item --count=E<lt>numE<gt>
|
||||
|
||||
--count=<num>::
|
||||
+
|
||||
--
|
||||
Number of packets to generate (-1 for infinite).
|
||||
--
|
||||
|
||||
=item --delay=E<lt>msE<gt>
|
||||
|
||||
--delay=<ms>::
|
||||
+
|
||||
--
|
||||
Wait a number of milliseconds after writing each packet.
|
||||
--
|
||||
|
||||
=item --random-type
|
||||
|
||||
--random-type::
|
||||
+
|
||||
--
|
||||
Choose a random packet type for all packets if set to true.
|
||||
--
|
||||
|
||||
=item --all-random
|
||||
|
||||
--all-random::
|
||||
+
|
||||
--
|
||||
Choose a different random packet type for each packet if set to true.
|
||||
--
|
||||
|
||||
=item --type=E<lt>packet typeE<gt>
|
||||
|
||||
--type=<packet type>::
|
||||
+
|
||||
--
|
||||
Use the selected packet type. To list all the available packet type, run randpktdump --help.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -139,20 +165,20 @@ To capture:
|
|||
|
||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), randpkt(1)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:randpkt.html[randpkt](1)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<randpktdump> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*randpktdump* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
---------------
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
|
|
|
@ -1,47 +1,49 @@
|
|||
=begin man
|
||||
= rawshark(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
rawshark - Dump and analyze raw pcap data
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<rawshark>
|
||||
S<[ B<-d> E<lt>encap:linktypeE<gt>|E<lt>proto:protonameE<gt> ]>
|
||||
S<[ B<-F> E<lt>field to displayE<gt> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<-l> ]>
|
||||
S<[ B<-m> E<lt>bytesE<gt> ]>
|
||||
S<[ B<-n> ]>
|
||||
S<[ B<-N> E<lt>name resolving flagsE<gt> ]>
|
||||
S<[ B<-o> E<lt>preference settingE<gt> ] ...>
|
||||
S<[ B<-p> ]>
|
||||
S<[ B<-r> E<lt>pipeE<gt>|- ]>
|
||||
S<[ B<-R> E<lt>read (display) filterE<gt> ]>
|
||||
S<[ B<-s> ]>
|
||||
S<[ B<-S> E<lt>field formatE<gt> ]>
|
||||
S<[ B<-t> a|ad|adoy|d|dd|e|r|u|ud|udoy ]>
|
||||
S<[ B<-v> ]>
|
||||
[manarg]
|
||||
*rawshark*
|
||||
[ *-d* <encap:linktype>|<proto:protoname> ]
|
||||
[ *-F* <field to display> ]
|
||||
[ *-h* ]
|
||||
[ *-l* ]
|
||||
[ *-m* <bytes> ]
|
||||
[ *-n* ]
|
||||
[ *-N* <name resolving flags> ]
|
||||
[ *-o* <preference setting> ] ...
|
||||
[ *-p* ]
|
||||
[ *-r* <pipe>|- ]
|
||||
[ *-R* <read (display) filter> ]
|
||||
[ *-s* ]
|
||||
[ *-S* <field format> ]
|
||||
[ *-t* a|ad|adoy|d|dd|e|r|u|ud|udoy ]
|
||||
[ *-v* ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Rawshark> reads a stream of packets from a file or pipe, and prints a line
|
||||
*Rawshark* reads a stream of packets from a file or pipe, and prints a line
|
||||
describing its output, followed by a set of matching fields for each packet
|
||||
on stdout.
|
||||
|
||||
=head1 INPUT
|
||||
== INPUT
|
||||
|
||||
Unlike B<TShark>, B<Rawshark> makes no assumptions about encapsulation or
|
||||
input. The B<-d> and B<-r> flags must be specified in order for it to run.
|
||||
One or more B<-F> flags should be specified in order for the output to be
|
||||
Unlike *TShark*, *Rawshark* makes no assumptions about encapsulation or
|
||||
input. The *-d* and *-r* flags must be specified in order for it to run.
|
||||
One or more *-F* flags should be specified in order for the output to be
|
||||
useful. The other flags listed above follow the same conventions as
|
||||
B<Wireshark> and B<TShark>.
|
||||
*Wireshark* and *TShark*.
|
||||
|
||||
B<Rawshark> expects input records with the following format by default. This
|
||||
*Rawshark* expects input records with the following format by default. This
|
||||
matches the format of the packet header and packet data in a pcap-formatted
|
||||
file on disk.
|
||||
|
||||
|
@ -53,15 +55,15 @@ file on disk.
|
|||
uint8_t data[caplen]; /* Packet data */
|
||||
};
|
||||
|
||||
If B<-p> is supplied B<rawshark> expects the following format. This
|
||||
matches the I<struct pcap_pkthdr> structure and packet data used in
|
||||
If *-p* is supplied *rawshark* expects the following format. This
|
||||
matches the __struct pcap_pkthdr__ structure and packet data used in
|
||||
libpcap, Npcap, or WinPcap. This structure's format is platform-dependent; the
|
||||
size of the I<tv_sec> field in the I<struct timeval> structure could be
|
||||
32 bits or 64 bits. For B<rawshark> to work, the layout of the
|
||||
size of the __tv_sec__ field in the __struct timeval__ structure could be
|
||||
32 bits or 64 bits. For *rawshark* to work, the layout of the
|
||||
structure in the input must match the layout of the structure in
|
||||
B<rawshark>. Note that this format will probably be the same as the
|
||||
previous format if B<rawshark> is a 32-bit program, but will not
|
||||
necessarily be the same if B<rawshark> is a 64-bit program.
|
||||
*rawshark*. Note that this format will probably be the same as the
|
||||
previous format if *rawshark* is a 32-bit program, but will not
|
||||
necessarily be the same if *rawshark* is a 64-bit program.
|
||||
|
||||
struct rawshark_rec_s {
|
||||
struct timeval ts; /* Time stamp */
|
||||
|
@ -71,17 +73,17 @@ necessarily be the same if B<rawshark> is a 64-bit program.
|
|||
};
|
||||
|
||||
In either case, the endianness (byte ordering) of each integer must match the
|
||||
system on which B<rawshark> is running.
|
||||
system on which *rawshark* is running.
|
||||
|
||||
=head1 OUTPUT
|
||||
== OUTPUT
|
||||
|
||||
If one or more fields are specified via the B<-F> flag, B<Rawshark> prints
|
||||
If one or more fields are specified via the *-F* flag, *Rawshark* prints
|
||||
the number, field type, and display format for each field on the first line
|
||||
as "packet number" 0. For each record, the packet number, matching fields,
|
||||
and a "1" or "0" are printed to indicate if the field matched any supplied
|
||||
display filter. A "-" is used to signal the end of a field description and
|
||||
at the end of each packet line. For example, the flags B<-F ip.src -F
|
||||
dns.qry.type> might generate the following output:
|
||||
at the end of each packet line. For example, the flags *-F ip.src -F
|
||||
dns.qry.type* might generate the following output:
|
||||
|
||||
0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
|
||||
1 1="1" 0="192.168.77.10" 1 -
|
||||
|
@ -89,7 +91,7 @@ dns.qry.type> might generate the following output:
|
|||
3 0="192.168.77.10" 1 -
|
||||
4 0="74.125.19.104" 1 -
|
||||
|
||||
Note that packets 1 and 2 are DNS queries, and 3 and 4 are not. Adding B<-R "not dns"> still prints each line, but there's an indication
|
||||
Note that packets 1 and 2 are DNS queries, and 3 and 4 are not. Adding *-R "not dns"* still prints each line, but there's an indication
|
||||
that packets 1 and 2 didn't pass the filter:
|
||||
|
||||
0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
|
||||
|
@ -101,234 +103,261 @@ that packets 1 and 2 didn't pass the filter:
|
|||
Also note that the output may be in any order, and that multiple matching
|
||||
fields might be displayed.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -d E<lt>encapsulationE<gt>
|
||||
== OPTIONS
|
||||
|
||||
-d <encapsulation>::
|
||||
+
|
||||
--
|
||||
Specify how the packet data should be dissected. The encapsulation is of the
|
||||
form I<type:value>, where I<type> is one of:
|
||||
form __type:value__, where __type__ is one of:
|
||||
|
||||
B<encap>:I<name> Packet data should be dissected using the
|
||||
libpcap/Npcap/WinPcap data link type (DLT) I<name>, e.g. B<encap:EN10MB> for
|
||||
*encap*:__name__ Packet data should be dissected using the
|
||||
libpcap/Npcap/WinPcap data link type (DLT) __name__, e.g. *encap:EN10MB* for
|
||||
Ethernet. Names are converted using pcap_datalink_name_to_val().
|
||||
A complete list of DLTs can be found at
|
||||
L<https://www.tcpdump.org/linktypes.html>.
|
||||
https://www.tcpdump.org/linktypes.html.
|
||||
|
||||
B<encap>:I<number> Packet data should be dissected using the
|
||||
libpcap/Npcap/WinPcap LINKTYPE_ I<number>, e.g. B<encap:105> for raw IEEE
|
||||
802.11 or B<encap:101> for raw IP.
|
||||
*encap*:__number__ Packet data should be dissected using the
|
||||
libpcap/Npcap/WinPcap LINKTYPE_ __number__, e.g. *encap:105* for raw IEEE
|
||||
802.11 or *encap:101* for raw IP.
|
||||
|
||||
B<proto>:I<protocol> Packet data should be passed to the specified Wireshark
|
||||
protocol dissector, e.g. B<proto:http> for HTTP data.
|
||||
|
||||
=item -F E<lt>field to displayE<gt>
|
||||
*proto*:__protocol__ Packet data should be passed to the specified Wireshark
|
||||
protocol dissector, e.g. *proto:http* for HTTP data.
|
||||
--
|
||||
|
||||
-F <field to display>::
|
||||
+
|
||||
--
|
||||
Add the matching field to the output. Fields are any valid display filter
|
||||
field. More than one B<-F> flag may be specified, and each field can match
|
||||
multiple times in a given packet. A single field may be specified per B<-F>
|
||||
flag. If you want to apply a display filter, use the B<-R> flag.
|
||||
|
||||
=item -h
|
||||
field. More than one *-F* flag may be specified, and each field can match
|
||||
multiple times in a given packet. A single field may be specified per *-F*
|
||||
flag. If you want to apply a display filter, use the *-R* flag.
|
||||
--
|
||||
|
||||
-h::
|
||||
+
|
||||
--
|
||||
Print the version and options and exits.
|
||||
--
|
||||
|
||||
=item -l
|
||||
|
||||
-l::
|
||||
+
|
||||
--
|
||||
Flush the standard output after the information for each packet is
|
||||
printed. (This is not, strictly speaking, line-buffered if B<-V>
|
||||
was specified; however, it is the same as line-buffered if B<-V> wasn't
|
||||
specified, as only one line is printed for each packet, and, as B<-l> is
|
||||
printed. (This is not, strictly speaking, line-buffered if *-V*
|
||||
was specified; however, it is the same as line-buffered if *-V* wasn't
|
||||
specified, as only one line is printed for each packet, and, as *-l* is
|
||||
normally used when piping a live capture to a program or script, so that
|
||||
output for a packet shows up as soon as the packet is seen and
|
||||
dissected, it should work just as well as true line-buffering. We do
|
||||
this as a workaround for a deficiency in the Microsoft Visual C++ C
|
||||
library.)
|
||||
|
||||
This may be useful when piping the output of B<TShark> to another
|
||||
This may be useful when piping the output of *TShark* to another
|
||||
program, as it means that the program to which the output is piped will
|
||||
see the dissected data for a packet as soon as B<TShark> sees the
|
||||
see the dissected data for a packet as soon as *TShark* sees the
|
||||
packet and generates that output, rather than seeing it only when the
|
||||
standard output buffer containing that data fills up.
|
||||
--
|
||||
|
||||
=item -m E<lt>memory limit bytesE<gt>
|
||||
|
||||
-m <memory limit bytes>::
|
||||
+
|
||||
--
|
||||
Limit rawshark's memory usage to the specified number of bytes. POSIX
|
||||
(non-Windows) only.
|
||||
--
|
||||
|
||||
=item -n
|
||||
|
||||
-n::
|
||||
+
|
||||
--
|
||||
Disable network object name resolution (such as hostname, TCP and UDP port
|
||||
names), the B<-N> flag might override this one.
|
||||
|
||||
=item -N E<lt>name resolving flagsE<gt>
|
||||
names), the *-N* flag might override this one.
|
||||
--
|
||||
|
||||
-N <name resolving flags>::
|
||||
+
|
||||
--
|
||||
Turn on name resolving only for particular types of addresses and port
|
||||
numbers, with name resolving for other types of addresses and port
|
||||
numbers turned off. This flag overrides B<-n> if both B<-N> and B<-n> are
|
||||
present. If both B<-N> and B<-n> flags are not present, all name resolutions are
|
||||
numbers turned off. This flag overrides *-n* if both *-N* and *-n* are
|
||||
present. If both *-N* and *-n* flags are not present, all name resolutions are
|
||||
turned on.
|
||||
|
||||
The argument is a string that may contain the letters:
|
||||
|
||||
B<m> to enable MAC address resolution
|
||||
*m* to enable MAC address resolution
|
||||
|
||||
B<n> to enable network address resolution
|
||||
*n* to enable network address resolution
|
||||
|
||||
B<N> to enable using external resolvers (e.g., DNS) for network address
|
||||
*N* to enable using external resolvers (e.g., DNS) for network address
|
||||
resolution
|
||||
|
||||
B<t> to enable transport-layer port number resolution
|
||||
*t* to enable transport-layer port number resolution
|
||||
|
||||
B<d> to enable resolution from captured DNS packets
|
||||
*d* to enable resolution from captured DNS packets
|
||||
|
||||
B<v> to enable VLAN IDs to names resolution
|
||||
|
||||
=item -o E<lt>preferenceE<gt>:E<lt>valueE<gt>
|
||||
*v* to enable VLAN IDs to names resolution
|
||||
--
|
||||
|
||||
-o <preference>:<value>::
|
||||
+
|
||||
--
|
||||
Set a preference value, overriding the default value and any value read
|
||||
from a preference file. The argument to the option is a string of the
|
||||
form I<prefname:value>, where I<prefname> is the name of the
|
||||
form __prefname:value__, where __prefname__ is the name of the
|
||||
preference (which is the same name that would appear in the preference
|
||||
file), and I<value> is the value to which it should be set.
|
||||
|
||||
=item -p
|
||||
file), and __value__ is the value to which it should be set.
|
||||
--
|
||||
|
||||
-p::
|
||||
+
|
||||
--
|
||||
Assume that packet data is preceded by a pcap_pkthdr struct as defined in
|
||||
pcap.h. On some systems the size of the timestamp data will be different from
|
||||
the data written to disk. On other systems they are identical and this flag has
|
||||
no effect.
|
||||
--
|
||||
|
||||
=item -r E<lt>pipeE<gt>|-
|
||||
|
||||
Read packet data from I<input source>. It can be either the name of a FIFO
|
||||
-r <pipe>|-::
|
||||
+
|
||||
--
|
||||
Read packet data from __input source__. It can be either the name of a FIFO
|
||||
(named pipe) or ``-'' to read data from the standard input, and must have
|
||||
the record format specified above.
|
||||
|
||||
If you are sending data to rawshark from a parent process on Windows you
|
||||
should not close rawshark's standard input handle prematurely, otherwise
|
||||
the C runtime might trigger an exception.
|
||||
--
|
||||
|
||||
=item -R E<lt>read (display) filterE<gt>
|
||||
|
||||
-R <read (display) filter>::
|
||||
+
|
||||
--
|
||||
Cause the specified filter (which uses the syntax of read/display filters,
|
||||
rather than that of capture filters) to be applied before printing the output.
|
||||
--
|
||||
|
||||
=item -s
|
||||
|
||||
-s::
|
||||
+
|
||||
--
|
||||
Allows standard pcap files to be used as input, by skipping over the 24
|
||||
byte pcap file header.
|
||||
--
|
||||
|
||||
=item -S
|
||||
|
||||
-S::
|
||||
+
|
||||
--
|
||||
Use the specified format string to print each field. The following formats
|
||||
are supported:
|
||||
|
||||
B<%D> Field name or description, e.g. "Type" for dns.qry.type
|
||||
*%D* Field name or description, e.g. "Type" for dns.qry.type
|
||||
|
||||
B<%N> Base 10 numeric value of the field.
|
||||
*%N* Base 10 numeric value of the field.
|
||||
|
||||
B<%S> String value of the field.
|
||||
*%S* String value of the field.
|
||||
|
||||
For something similar to Wireshark's standard display ("Type: A (1)") you
|
||||
could use B<%D: %S (%N)>.
|
||||
|
||||
=item -t a|ad|adoy|d|dd|e|r|u|ud|udoy
|
||||
could use *%D: %S (%N)*.
|
||||
--
|
||||
|
||||
-t a|ad|adoy|d|dd|e|r|u|ud|udoy::
|
||||
+
|
||||
--
|
||||
Set the format of the packet timestamp printed in summary lines.
|
||||
The format can be one of:
|
||||
|
||||
B<a> absolute: The absolute time, as local time in your time zone,
|
||||
*a* absolute: The absolute time, as local time in your time zone,
|
||||
is the actual time the packet was captured, with no date displayed
|
||||
|
||||
B<ad> absolute with date: The absolute date, displayed as YYYY-MM-DD,
|
||||
*ad* absolute with date: The absolute date, displayed as YYYY-MM-DD,
|
||||
and time, as local time in your time zone, is the actual time and date
|
||||
the packet was captured
|
||||
|
||||
B<adoy> absolute with date using day of year: The absolute date,
|
||||
*adoy* absolute with date using day of year: The absolute date,
|
||||
displayed as YYYY/DOY, and time, as local time in your time zone,
|
||||
is the actual time and date the packet was captured
|
||||
|
||||
B<d> delta: The delta time is the time since the previous packet was
|
||||
*d* delta: The delta time is the time since the previous packet was
|
||||
captured
|
||||
|
||||
B<dd> delta_displayed: The delta_displayed time is the time since the
|
||||
*dd* delta_displayed: The delta_displayed time is the time since the
|
||||
previous displayed packet was captured
|
||||
|
||||
B<e> epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
|
||||
*e* epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
|
||||
|
||||
B<r> relative: The relative time is the time elapsed between the first packet
|
||||
*r* relative: The relative time is the time elapsed between the first packet
|
||||
and the current packet
|
||||
|
||||
B<u> UTC: The absolute time, as UTC, is the actual time the packet was
|
||||
*u* UTC: The absolute time, as UTC, is the actual time the packet was
|
||||
captured, with no date displayed
|
||||
|
||||
B<ud> UTC with date: The absolute date, displayed as YYYY-MM-DD,
|
||||
*ud* UTC with date: The absolute date, displayed as YYYY-MM-DD,
|
||||
and time, as UTC, is the actual time and date the packet was captured
|
||||
|
||||
B<udoy> UTC with date using day of year: The absolute date, displayed
|
||||
*udoy* UTC with date using day of year: The absolute date, displayed
|
||||
as YYYY/DOY, and time, as UTC, is the actual time and date the packet
|
||||
was captured
|
||||
|
||||
The default format is relative.
|
||||
--
|
||||
|
||||
=item -v
|
||||
|
||||
-v::
|
||||
+
|
||||
--
|
||||
Print the version and exit.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 READ FILTER SYNTAX
|
||||
== READ FILTER SYNTAX
|
||||
|
||||
For a complete table of protocol and protocol fields that are filterable
|
||||
in B<TShark> see the wireshark-filter(4) manual page.
|
||||
in *TShark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
|
||||
|
||||
=head1 FILES
|
||||
== FILES
|
||||
|
||||
These files contains various B<Wireshark> configuration values.
|
||||
These files contains various *Wireshark* configuration values.
|
||||
|
||||
=over 4
|
||||
|
||||
=item Preferences
|
||||
|
||||
The F<preferences> files contain global (system-wide) and personal
|
||||
Preferences::
|
||||
+
|
||||
--
|
||||
The __preferences__ files contain global (system-wide) and personal
|
||||
preference settings. If the system-wide preference file exists, it is
|
||||
read first, overriding the default settings. If the personal preferences
|
||||
file exists, it is read next, overriding any previous values. Note: If
|
||||
the command line option B<-o> is used (possibly more than once), it will
|
||||
the command line option *-o* is used (possibly more than once), it will
|
||||
in turn override values from the preferences files.
|
||||
|
||||
The preferences settings are in the form I<prefname:value>,
|
||||
The preferences settings are in the form __prefname:value__,
|
||||
one per line,
|
||||
where I<prefname> is the name of the preference
|
||||
and I<value> is the value to
|
||||
which it should be set; white space is allowed between B<:> and
|
||||
I<value>. A preference setting can be continued on subsequent lines by
|
||||
indenting the continuation lines with white space. A B<#> character
|
||||
where __prefname__ is the name of the preference
|
||||
and __value__ is the value to
|
||||
which it should be set; white space is allowed between *:* and
|
||||
__value__. A preference setting can be continued on subsequent lines by
|
||||
indenting the continuation lines with white space. A *#* character
|
||||
starts a comment that runs to the end of the line:
|
||||
|
||||
# Capture in promiscuous mode?
|
||||
# TRUE or FALSE (case-insensitive).
|
||||
capture.prom_mode: TRUE
|
||||
|
||||
The global preferences file is looked for in the F<wireshark> directory
|
||||
under the F<share> subdirectory of the main installation directory (for
|
||||
example, F</usr/local/share/wireshark/preferences>) on UNIX-compatible
|
||||
The global preferences file is looked for in the __wireshark__ directory
|
||||
under the __share__ subdirectory of the main installation directory (for
|
||||
example, __/usr/local/share/wireshark/preferences__) on UNIX-compatible
|
||||
systems, and in the main installation directory (for example,
|
||||
F<C:\Program Files\Wireshark\preferences>) on Windows systems.
|
||||
__C:\Program Files\Wireshark\preferences__) on Windows systems.
|
||||
|
||||
The personal preferences file is looked for in
|
||||
F<$XDG_CONFIG_HOME/wireshark/preferences>
|
||||
(or, if F<$XDG_CONFIG_HOME/wireshark> does not exist while F<$HOME/.wireshark>
|
||||
is present, F<$HOME/.wireshark/preferences>) on
|
||||
UNIX-compatible systems and F<%APPDATA%\Wireshark\preferences> (or, if
|
||||
%APPDATA% isn't defined, F<%USERPROFILE%\Application
|
||||
Data\Wireshark\preferences>) on Windows systems.
|
||||
__$XDG_CONFIG_HOME/wireshark/preferences__
|
||||
(or, if __$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
|
||||
is present, __$HOME/.wireshark/preferences__) on
|
||||
UNIX-compatible systems and __%APPDATA%\Wireshark\preferences__ (or, if
|
||||
%APPDATA% isn't defined, __%USERPROFILE%\Application
|
||||
Data\Wireshark\preferences__) on Windows systems.
|
||||
--
|
||||
|
||||
=item Disabled (Enabled) Protocols
|
||||
|
||||
The F<disabled_protos> files contain system-wide and personal lists of
|
||||
Disabled (Enabled) Protocols::
|
||||
+
|
||||
--
|
||||
The __disabled_protos__ files contain system-wide and personal lists of
|
||||
protocols that have been disabled, so that their dissectors are never
|
||||
called. The files contain protocol names, one per line, where the
|
||||
protocol name is the same name that would be used in a display filter
|
||||
|
@ -337,29 +366,33 @@ for the protocol:
|
|||
http
|
||||
tcp # a comment
|
||||
|
||||
The global F<disabled_protos> file uses the same directory as the global
|
||||
The global __disabled_protos__ file uses the same directory as the global
|
||||
preferences file.
|
||||
|
||||
The personal F<disabled_protos> file uses the same directory as the
|
||||
The personal __disabled_protos__ file uses the same directory as the
|
||||
personal preferences file.
|
||||
--
|
||||
|
||||
=item Name Resolution (hosts)
|
||||
|
||||
If the personal F<hosts> file exists, it is
|
||||
Name Resolution (hosts)::
|
||||
+
|
||||
--
|
||||
If the personal __hosts__ file exists, it is
|
||||
used to resolve IPv4 and IPv6 addresses before any other
|
||||
attempts are made to resolve them. The file has the standard F<hosts>
|
||||
attempts are made to resolve them. The file has the standard __hosts__
|
||||
file syntax; each line contains one IP address and name, separated by
|
||||
whitespace. The same directory as for the personal preferences file is
|
||||
used.
|
||||
|
||||
Capture filter name resolution is handled by libpcap on UNIX-compatible
|
||||
systems and Npcap or WinPcap on Windows. As such the Wireshark personal
|
||||
F<hosts> file will not be consulted for capture filter name resolution.
|
||||
|
||||
=item Name Resolution (subnets)
|
||||
__hosts__ file will not be consulted for capture filter name resolution.
|
||||
--
|
||||
|
||||
Name Resolution (subnets)::
|
||||
+
|
||||
--
|
||||
If an IPv4 address cannot be translated via name resolution (no exact
|
||||
match is found) then a partial match is attempted via the F<subnets> file.
|
||||
match is found) then a partial match is attempted via the __subnets__ file.
|
||||
|
||||
Each line of this file consists of an IPv4 address, a subnet mask length
|
||||
separated only by a / and a name separated by whitespace. While the address
|
||||
|
@ -375,40 +408,44 @@ A partially matched name will be printed as "subnet-name.remaining-address".
|
|||
For example, "192.168.0.1" under the subnet above would be printed as
|
||||
"ws_test_network.1"; if the mask length above had been 16 rather than 24, the
|
||||
printed address would be ``ws_test_network.0.1".
|
||||
--
|
||||
|
||||
=item Name Resolution (ethers)
|
||||
|
||||
The F<ethers> files are consulted to correlate 6-byte hardware addresses to
|
||||
names. First the personal F<ethers> file is tried and if an address is not
|
||||
found there the global F<ethers> file is tried next.
|
||||
Name Resolution (ethers)::
|
||||
+
|
||||
--
|
||||
The __ethers__ files are consulted to correlate 6-byte hardware addresses to
|
||||
names. First the personal __ethers__ file is tried and if an address is not
|
||||
found there the global __ethers__ file is tried next.
|
||||
|
||||
Each line contains one hardware address and name, separated by
|
||||
whitespace. The digits of the hardware address are separated by colons
|
||||
(:), dashes (-) or periods (.). The same separator character must be
|
||||
used consistently in an address. The following three lines are valid
|
||||
lines of an F<ethers> file:
|
||||
lines of an __ethers__ file:
|
||||
|
||||
ff:ff:ff:ff:ff:ff Broadcast
|
||||
c0-00-ff-ff-ff-ff TR_broadcast
|
||||
00.00.00.00.00.00 Zero_broadcast
|
||||
|
||||
The global F<ethers> file is looked for in the F</etc> directory on
|
||||
The global __ethers__ file is looked for in the __/etc__ directory on
|
||||
UNIX-compatible systems, and in the main installation directory (for
|
||||
example, F<C:\Program Files\Wireshark>) on Windows systems.
|
||||
example, __C:\Program Files\Wireshark__) on Windows systems.
|
||||
|
||||
The personal F<ethers> file is looked for in the same directory as the personal
|
||||
The personal __ethers__ file is looked for in the same directory as the personal
|
||||
preferences file.
|
||||
|
||||
Capture filter name resolution is handled by libpcap on UNIX-compatible
|
||||
systems and Npcap or WinPcap on Windows. As such the Wireshark personal
|
||||
F<ethers> file will not be consulted for capture filter name resolution.
|
||||
__ethers__ file will not be consulted for capture filter name resolution.
|
||||
--
|
||||
|
||||
=item Name Resolution (manuf)
|
||||
|
||||
The F<manuf> file is used to match the 3-byte vendor portion of a 6-byte
|
||||
Name Resolution (manuf)::
|
||||
+
|
||||
--
|
||||
The __manuf__ file is used to match the 3-byte vendor portion of a 6-byte
|
||||
hardware address with the manufacturer's name; it can also contain well-known
|
||||
MAC addresses and address ranges specified with a netmask. The format of the
|
||||
file is the same as the F<ethers> files, except that entries of the form:
|
||||
file is the same as the __ethers__ files, except that entries of the form:
|
||||
|
||||
00:00:0C Cisco
|
||||
|
||||
|
@ -423,14 +460,16 @@ significant bits, or 5 bytes, and would match addresses from
|
|||
00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF. The mask need not be a
|
||||
multiple of 8.
|
||||
|
||||
The F<manuf> file is looked for in the same directory as the global
|
||||
The __manuf__ file is looked for in the same directory as the global
|
||||
preferences file.
|
||||
--
|
||||
|
||||
=item Name Resolution (services)
|
||||
Name Resolution (services)::
|
||||
+
|
||||
--
|
||||
The __services__ file is used to translate port numbers into names.
|
||||
|
||||
The F<services> file is used to translate port numbers into names.
|
||||
|
||||
The file has the standard F<services> file syntax; each line contains one
|
||||
The file has the standard __services__ file syntax; each line contains one
|
||||
(service) name and one transport identifier separated by white space. The
|
||||
transport identifier includes one port number and one transport protocol name
|
||||
(typically tcp, udp, or sctp) separated by a /.
|
||||
|
@ -439,120 +478,133 @@ An example is:
|
|||
|
||||
mydns 5045/udp # My own Domain Name Server
|
||||
mydns 5045/tcp # My own Domain Name Server
|
||||
--
|
||||
|
||||
=item Name Resolution (ipxnets)
|
||||
|
||||
The F<ipxnets> files are used to correlate 4-byte IPX network numbers to
|
||||
names. First the global F<ipxnets> file is tried and if that address is not
|
||||
Name Resolution (ipxnets)::
|
||||
+
|
||||
--
|
||||
The __ipxnets__ files are used to correlate 4-byte IPX network numbers to
|
||||
names. First the global __ipxnets__ file is tried and if that address is not
|
||||
found there the personal one is tried next.
|
||||
|
||||
The format is the same as the F<ethers>
|
||||
The format is the same as the __ethers__
|
||||
file, except that each address is four bytes instead of six.
|
||||
Additionally, the address can be represented as a single hexadecimal
|
||||
number, as is more common in the IPX world, rather than four hex octets.
|
||||
For example, these four lines are valid lines of an F<ipxnets> file:
|
||||
For example, these four lines are valid lines of an __ipxnets__ file:
|
||||
|
||||
C0.A8.2C.00 HR
|
||||
c0-a8-1c-00 CEO
|
||||
00:00:BE:EF IT_Server1
|
||||
110f FileServer3
|
||||
|
||||
The global F<ipxnets> file is looked for in the F</etc> directory on
|
||||
The global __ipxnets__ file is looked for in the __/etc__ directory on
|
||||
UNIX-compatible systems, and in the main installation directory (for
|
||||
example, F<C:\Program Files\Wireshark>) on Windows systems.
|
||||
example, __C:\Program Files\Wireshark__) on Windows systems.
|
||||
|
||||
The personal F<ipxnets> file is looked for in the same directory as the
|
||||
The personal __ipxnets__ file is looked for in the same directory as the
|
||||
personal preferences file.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 ENVIRONMENT VARIABLES
|
||||
|
||||
=over 4
|
||||
|
||||
=item WIRESHARK_CONFIG_DIR
|
||||
== ENVIRONMENT VARIABLES
|
||||
|
||||
WIRESHARK_CONFIG_DIR::
|
||||
+
|
||||
--
|
||||
This environment variable overrides the location of personal configuration
|
||||
files. It defaults to F<$XDG_CONFIG_HOME/wireshark> (or F<$HOME/.wireshark> if
|
||||
files. It defaults to __$XDG_CONFIG_HOME/wireshark__ (or __$HOME/.wireshark__ if
|
||||
the former is missing while the latter exists). On Windows,
|
||||
F<%APPDATA%\Wireshark> is used instead. Available since Wireshark 3.0.
|
||||
|
||||
=item WIRESHARK_DEBUG_WMEM_OVERRIDE
|
||||
__%APPDATA%\Wireshark__ is used instead. Available since Wireshark 3.0.
|
||||
--
|
||||
|
||||
WIRESHARK_DEBUG_WMEM_OVERRIDE::
|
||||
+
|
||||
--
|
||||
Setting this environment variable forces the wmem framework to use the
|
||||
specified allocator backend for *all* allocations, regardless of which
|
||||
backend is normally specified by the code. This is mainly useful to developers
|
||||
when testing or debugging. See I<README.wmem> in the source distribution for
|
||||
when testing or debugging. See __README.wmem__ in the source distribution for
|
||||
details.
|
||||
--
|
||||
|
||||
=item WIRESHARK_RUN_FROM_BUILD_DIRECTORY
|
||||
|
||||
WIRESHARK_RUN_FROM_BUILD_DIRECTORY::
|
||||
+
|
||||
--
|
||||
This environment variable causes the plugins and other data files to be loaded
|
||||
from the build directory (where the program was compiled) rather than from the
|
||||
standard locations. It has no effect when the program in question is running
|
||||
with root (or setuid) permissions on *NIX.
|
||||
--
|
||||
|
||||
=item WIRESHARK_DATA_DIR
|
||||
|
||||
WIRESHARK_DATA_DIR::
|
||||
+
|
||||
--
|
||||
This environment variable causes the various data files to be loaded from
|
||||
a directory other than the standard locations. It has no effect when the
|
||||
program in question is running with root (or setuid) permissions on *NIX.
|
||||
--
|
||||
|
||||
=item ERF_RECORDS_TO_CHECK
|
||||
|
||||
ERF_RECORDS_TO_CHECK::
|
||||
+
|
||||
--
|
||||
This environment variable controls the number of ERF records checked when
|
||||
deciding if a file really is in the ERF format. Setting this environment
|
||||
variable a number higher than the default (20) would make false positives
|
||||
less likely.
|
||||
--
|
||||
|
||||
=item IPFIX_RECORDS_TO_CHECK
|
||||
|
||||
IPFIX_RECORDS_TO_CHECK::
|
||||
+
|
||||
--
|
||||
This environment variable controls the number of IPFIX records checked when
|
||||
deciding if a file really is in the IPFIX format. Setting this environment
|
||||
variable a number higher than the default (20) would make false positives
|
||||
less likely.
|
||||
--
|
||||
|
||||
=item WIRESHARK_ABORT_ON_DISSECTOR_BUG
|
||||
|
||||
If this environment variable is set, B<Rawshark> will call abort(3)
|
||||
WIRESHARK_ABORT_ON_DISSECTOR_BUG::
|
||||
+
|
||||
--
|
||||
If this environment variable is set, *Rawshark* will call abort(3)
|
||||
when a dissector bug is encountered. abort(3) will cause the program to
|
||||
exit abnormally; if you are running B<Rawshark> in a debugger, it
|
||||
exit abnormally; if you are running *Rawshark* in a debugger, it
|
||||
should halt in the debugger and allow inspection of the process, and, if
|
||||
you are not running it in a debugger, it will, on some OSes, assuming
|
||||
your environment is configured correctly, generate a core dump file.
|
||||
This can be useful to developers attempting to troubleshoot a problem
|
||||
with a protocol dissector.
|
||||
--
|
||||
|
||||
=item WIRESHARK_ABORT_ON_TOO_MANY_ITEMS
|
||||
|
||||
If this environment variable is set, B<Rawshark> will call abort(3)
|
||||
WIRESHARK_ABORT_ON_TOO_MANY_ITEMS::
|
||||
+
|
||||
--
|
||||
If this environment variable is set, *Rawshark* will call abort(3)
|
||||
if a dissector tries to add too many items to a tree (generally this
|
||||
is an indication of the dissector not breaking out of a loop soon enough).
|
||||
abort(3) will cause the program to exit abnormally; if you are running
|
||||
B<Rawshark> in a debugger, it should halt in the debugger and allow
|
||||
*Rawshark* in a debugger, it should halt in the debugger and allow
|
||||
inspection of the process, and, if you are not running it in a debugger,
|
||||
it will, on some OSes, assuming your environment is configured correctly,
|
||||
generate a core dump file. This can be useful to developers attempting to
|
||||
troubleshoot a problem with a protocol dissector.
|
||||
--
|
||||
|
||||
=back
|
||||
== SEE ALSO
|
||||
|
||||
=head1 SEE ALSO
|
||||
xref:wireshark-filter.html[wireshark-filter](4), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:dumpcap.html[dumpcap](1),
|
||||
xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
wireshark-filter(4), wireshark(1), tshark(1), editcap(1), pcap(3), dumpcap(1),
|
||||
text2pcap(1), pcap-filter(7) or tcpdump(8)
|
||||
== NOTES
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
B<Rawshark> is part of the B<Wireshark> distribution. The latest version of
|
||||
B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Rawshark* is part of the *Wireshark* distribution. The latest version of
|
||||
*Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
B<Rawshark> uses the same packet dissection code that B<Wireshark> does, as
|
||||
well as using many other modules from B<Wireshark>; see the list of authors
|
||||
in the B<Wireshark> man page for a list of authors of that code.
|
||||
*Rawshark* uses the same packet dissection code that *Wireshark* does, as
|
||||
well as using many other modules from *Wireshark*; see the list of authors
|
||||
in the *Wireshark* man page for a list of authors of that code.
|
||||
|
||||
|
|
|
@ -1,23 +1,25 @@
|
|||
=begin man
|
||||
= reordercap(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
reordercap - Reorder input file by timestamp into output file
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<reordercap>
|
||||
S<[ B<-n> ]>
|
||||
S<[ B<-v> ]>
|
||||
E<lt>I<infile>E<gt> E<lt>I<outfile>E<gt>
|
||||
[manarg]
|
||||
*reordercap*
|
||||
[ *-n* ]
|
||||
[ *-v* ]
|
||||
<__infile__> <__outfile__>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Reordercap> is a program that reads an input capture file and rewrites the
|
||||
*Reordercap* is a program that reads an input capture file and rewrites the
|
||||
frames to an output capture file, but with the frames sorted by increasing
|
||||
timestamp.
|
||||
|
||||
|
@ -25,52 +27,52 @@ This functionality may be useful when capture files have been created by
|
|||
combining frames from more than one well-synchronised source, but the
|
||||
frames have not been combined in strict time order.
|
||||
|
||||
B<Reordercap> writes the output capture file in the same format as the input
|
||||
*Reordercap* writes the output capture file in the same format as the input
|
||||
capture file.
|
||||
|
||||
B<Reordercap> is able to detect, read and write the same capture files that
|
||||
are supported by B<Wireshark>.
|
||||
*Reordercap* is able to detect, read and write the same capture files that
|
||||
are supported by *Wireshark*.
|
||||
The input file doesn't need a specific filename extension; the file
|
||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
||||
is a detailed description of the way B<Wireshark> handles this, which is
|
||||
the same way B<reordercap> handles this.
|
||||
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||
is a detailed description of the way *Wireshark* handles this, which is
|
||||
the same way *reordercap* handles this.
|
||||
|
||||
=head1 OPTIONS
|
||||
== OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -n
|
||||
|
||||
When the B<-n> option is used, B<reordercap> will not write out the output
|
||||
-n::
|
||||
+
|
||||
--
|
||||
When the *-n* option is used, *reordercap* will not write out the output
|
||||
file if it finds that the input file is already in order.
|
||||
--
|
||||
|
||||
=item -v
|
||||
|
||||
-v::
|
||||
+
|
||||
--
|
||||
Print the version and exit.
|
||||
--
|
||||
|
||||
=back
|
||||
== SEE ALSO
|
||||
|
||||
=head1 SEE ALSO
|
||||
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:editcap.html[editcap](1), xref:mergecap.html[mergecap](1),
|
||||
xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), mergecap(1),
|
||||
text2pcap(1), pcap-filter(7) or tcpdump(8)
|
||||
== NOTES
|
||||
|
||||
=head1 NOTES
|
||||
*Reordercap* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
B<Reordercap> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
|
||||
It may make sense to move this functionality into B<editcap>, or perhaps
|
||||
B<mergecap>, in which case B<reordercap> could be retired.
|
||||
It may make sense to move this functionality into *editcap*, or perhaps
|
||||
*mergecap*, in which case *reordercap* could be retired.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Martin Mathieson <martin.r.mathieson[AT]googlemail.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Martin Mathieson <martin.r.mathieson[AT]googlemail.com>
|
||||
|
||||
|
|
|
@ -1,87 +1,99 @@
|
|||
=begin man
|
||||
= sdjournal(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
sdjournal - Provide an interface to capture systemd journal entries.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<sdjournal>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--start-from>=E<lt>entry countE<gt> ]>
|
||||
[manarg]
|
||||
*sdjournal*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--start-from*=<entry count> ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<sdjournal> is an extcap tool that allows one to capture systemd
|
||||
*sdjournal* is an extcap tool that allows one to capture systemd
|
||||
journal entries. It can be used to correlate system events with
|
||||
network traffic.
|
||||
|
||||
Supported interfaces:
|
||||
|
||||
=over 4
|
||||
1. sdjournal
|
||||
|
||||
=item 1. sdjournal
|
||||
|
||||
=back
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface and write raw packet data to the location specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --start-from=E<lt>entry countE<gt>
|
||||
|
||||
Start from the last E<lt>entry countE<gt> entries, similar to the
|
||||
"-n" or "--lines" argument for the L<tail(1)> command. Values prefixed
|
||||
with a B<+> sign start from the beginning of the journal, otherwise
|
||||
--start-from=<entry count>::
|
||||
+
|
||||
--
|
||||
Start from the last <entry count> entries, similar to the
|
||||
"-n" or "--lines" argument for the tail(1) command. Values prefixed
|
||||
with a *+* sign start from the beginning of the journal, otherwise
|
||||
the count starts from the end. The default value is 10. To include
|
||||
all entries use B<+0>.
|
||||
all entries use *+0*.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -126,20 +138,20 @@ To capture all entries since the system was booted:
|
|||
|
||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<sdjournal> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*sdjournal* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Gerald Combs <gerald[AT]wireshark.org>
|
||||
|
|
234
doc/sshdump.adoc
234
doc/sshdump.adoc
|
@ -1,58 +1,64 @@
|
|||
=begin man
|
||||
= sshdump(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<sshdump>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
|
||||
S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
|
||||
S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
|
||||
S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
|
||||
S<[ B<--sshkey>=E<lt>public key pathE<gt> ]>
|
||||
S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--remote-capture-command>=E<lt>capture commandE<gt> ]>
|
||||
S<[ B<--remote-sudo> ]>
|
||||
[manarg]
|
||||
*sshdump*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--extcap-capture-filter*=<capture filter> ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--remote-host*=<IP address> ]
|
||||
[ *--remote-port*=<TCP port> ]
|
||||
[ *--remote-username*=<username> ]
|
||||
[ *--remote-password*=<password> ]
|
||||
[ *--sshkey*=<public key path> ]
|
||||
[ *--remote-interface*=<interface> ]
|
||||
[ *--remote-capture-command*=<capture command> ]
|
||||
[ *--remote-sudo* ]
|
||||
|
||||
B<sshdump>
|
||||
S<B<--extcap-interfaces>>
|
||||
[manarg]
|
||||
*sshdump*
|
||||
*--extcap-interfaces*
|
||||
|
||||
B<sshdump>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--extcap-dlts>>
|
||||
[manarg]
|
||||
*sshdump*
|
||||
*--extcap-interface*=<interface>
|
||||
*--extcap-dlts*
|
||||
|
||||
B<sshdump>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--extcap-config>>
|
||||
[manarg]
|
||||
*sshdump*
|
||||
*--extcap-interface*=<interface>
|
||||
*--extcap-config*
|
||||
|
||||
B<sshdump>
|
||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
||||
S<B<--fifo>=E<lt>path to file or pipeE<gt>>
|
||||
S<B<--capture>>
|
||||
S<B<--remote-host=myremotehost>>
|
||||
S<B<--remote-port=22>>
|
||||
S<B<--remote-username=user>>
|
||||
S<B<--remote-interface=eth2>>
|
||||
S<B<--remote-capture-command='tcpdump -U -i eth0 -w-'>>
|
||||
[manarg]
|
||||
*sshdump*
|
||||
*--extcap-interface*=<interface>
|
||||
*--fifo*=<path to file or pipe>
|
||||
*--capture*
|
||||
*--remote-host=myremotehost*
|
||||
*--remote-port=22*
|
||||
*--remote-username=user*
|
||||
*--remote-interface=eth2*
|
||||
*--remote-capture-command='tcpdump -U -i eth0 -w-'*
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Sshdump> is an extcap tool that allows one to run a remote capture
|
||||
*Sshdump* is an extcap tool that allows one to run a remote capture
|
||||
tool over a SSH connection. The requirement is that the capture
|
||||
executable must have the capabilities to capture from the wanted
|
||||
interface.
|
||||
|
@ -69,7 +75,7 @@ The feature is functionally equivalent to run commands like
|
|||
|
||||
Typically sshdump is not invoked directly. Instead it can be configured through
|
||||
the Wireshark graphical user interface or its command line. The following will
|
||||
start Wireshark and start capturing from host B<remotehost>:
|
||||
start Wireshark and start capturing from host *remotehost*:
|
||||
|
||||
$ wireshark '-oextcap.sshdump.remotehost:"remotehost"' -i sshdump -k
|
||||
|
||||
|
@ -81,96 +87,120 @@ To explicitly control the remote capture command:
|
|||
|
||||
Supported interfaces:
|
||||
|
||||
=over 4
|
||||
1. ssh
|
||||
|
||||
=item 1. ssh
|
||||
|
||||
=back
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface and write raw packet data to the location specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --remote-host=E<lt>remote hostE<gt>
|
||||
|
||||
--remote-host=<remote host>::
|
||||
+
|
||||
--
|
||||
The address of the remote host for capture.
|
||||
--
|
||||
|
||||
=item --remote-port=E<lt>remote portE<gt>
|
||||
|
||||
--remote-port=<remote port>::
|
||||
+
|
||||
--
|
||||
The SSH port of the remote host.
|
||||
--
|
||||
|
||||
=item --remote-username=E<lt>usernameE<gt>
|
||||
|
||||
--remote-username=<username>::
|
||||
+
|
||||
--
|
||||
The username for ssh authentication.
|
||||
--
|
||||
|
||||
=item --remote-password=E<lt>passwordE<gt>
|
||||
|
||||
--remote-password=<password>::
|
||||
+
|
||||
--
|
||||
The password to use (if not ssh-agent and pubkey are used). WARNING: the
|
||||
passwords are stored in plaintext and visible to all users on this system. It is
|
||||
recommended to use keyfiles with a SSH agent.
|
||||
--
|
||||
|
||||
=item --sshkey=E<lt>SSH private key pathE<gt>
|
||||
|
||||
--sshkey=<SSH private key path>::
|
||||
+
|
||||
--
|
||||
The path to a private key for authentication.
|
||||
--
|
||||
|
||||
=item --remote-interface=E<lt>remote interfaceE<gt>
|
||||
|
||||
--remote-interface=<remote interface>::
|
||||
+
|
||||
--
|
||||
The remote network interface to capture from.
|
||||
--
|
||||
|
||||
=item --remote-capture-command=E<lt>capture commandE<gt>
|
||||
|
||||
--remote-capture-command=<capture command>::
|
||||
+
|
||||
--
|
||||
A custom remote capture command that produces the remote stream that is shown in Wireshark.
|
||||
The command must be able to produce a PCAP stream written to STDOUT. See below for more
|
||||
examples.
|
||||
|
||||
If using tcpdump, use the B<-w-> option to ensure that packets are written to
|
||||
standard output (stdout). Include the B<-U> option to write packets as soon as
|
||||
If using tcpdump, use the *-w-* option to ensure that packets are written to
|
||||
standard output (stdout). Include the *-U* option to write packets as soon as
|
||||
they are received.
|
||||
|
||||
When specified, this command will be used as is, options such as the capture
|
||||
filter (B<--extcap-capture-filter>) will not be appended.
|
||||
filter (*--extcap-capture-filter*) will not be appended.
|
||||
--
|
||||
|
||||
=item --extcap-capture-filter=E<lt>capture filterE<gt>
|
||||
|
||||
The capture filter. It corresponds to the value provided via the B<tshark -f>
|
||||
--extcap-capture-filter=<capture filter>::
|
||||
+
|
||||
--
|
||||
The capture filter. It corresponds to the value provided via the *tshark -f*
|
||||
option, and the Capture Filter field next to the interfaces list in the
|
||||
Wireshark interface.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -253,20 +283,20 @@ to show up twice in wireshark (for instance to handle multiple profiles), we can
|
|||
sshdump-host1 and sshdump-host2. Each binary will show up an interface name same as the executable
|
||||
name. Those executables not being "sshdump" will show up as "custom version" in the interface description.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<Sshdump> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*Sshdump* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
-------- ------
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
|
|
|
@ -1,57 +1,59 @@
|
|||
=begin man
|
||||
= text2pcap(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
text2pcap - Generate a capture file from an ASCII hexdump of packets
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<text2pcap>
|
||||
S<[ B<-a> ]>
|
||||
S<[ B<-d> ]>
|
||||
S<[ B<-D> ]>
|
||||
S<[ B<-e> E<lt>l3pidE<gt> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<-i> E<lt>protoE<gt> ]>
|
||||
S<[ B<-l> E<lt>typenumE<gt> ]>
|
||||
S<[ B<-n> ]>
|
||||
S<[ B<-N> E<lt>intf-nameE<gt> ]>
|
||||
S<[ B<-m> E<lt>max-packetE<gt> ]>
|
||||
S<[ B<-o> hex|oct|dec ]>
|
||||
S<[ B<-q> ]>
|
||||
S<[ B<-s> E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt> ]>
|
||||
S<[ B<-S> E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt> ]>
|
||||
S<[ B<-t> E<lt>timefmtE<gt> ]>
|
||||
S<[ B<-T> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
|
||||
S<[ B<-u> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<-4> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
|
||||
S<[ B<-6> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
|
||||
E<lt>I<infile>E<gt>|-
|
||||
E<lt>I<outfile>E<gt>|-
|
||||
[manarg]
|
||||
*text2pcap*
|
||||
[ *-a* ]
|
||||
[ *-d* ]
|
||||
[ *-D* ]
|
||||
[ *-e* <l3pid> ]
|
||||
[ *-h* ]
|
||||
[ *-i* <proto> ]
|
||||
[ *-l* <typenum> ]
|
||||
[ *-n* ]
|
||||
[ *-N* <intf-name> ]
|
||||
[ *-m* <max-packet> ]
|
||||
[ *-o* hex|oct|dec ]
|
||||
[ *-q* ]
|
||||
[ *-s* <srcport>,<destport>,<tag> ]
|
||||
[ *-S* <srcport>,<destport>,<ppi> ]
|
||||
[ *-t* <timefmt> ]
|
||||
[ *-T* <srcport>,<destport> ]
|
||||
[ *-u* <srcport>,<destport> ]
|
||||
[ *-v* ]
|
||||
[ *-4* <srcip>,<destip> ]
|
||||
[ *-6* <srcip>,<destip> ]
|
||||
<__infile__>|-
|
||||
<__outfile__>|-
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Text2pcap> is a program that reads in an ASCII hex dump and writes the
|
||||
data described into a B<pcap> or B<pcapng> capture file. B<text2pcap> can
|
||||
*Text2pcap* is a program that reads in an ASCII hex dump and writes the
|
||||
data described into a *pcap* or *pcapng* capture file. *text2pcap* can
|
||||
read hexdumps with multiple packets in them, and build a capture file of
|
||||
multiple packets. B<text2pcap> is also capable of generating dummy
|
||||
multiple packets. *text2pcap* is also capable of generating dummy
|
||||
Ethernet, IP and UDP, TCP, or SCTP headers, in order to build fully
|
||||
processable packet dumps from hexdumps of application-level data only.
|
||||
|
||||
B<Text2pcap> understands a hexdump of the form generated by I<od -Ax
|
||||
-tx1 -v>. In other words, each byte is individually displayed, with
|
||||
*Text2pcap* understands a hexdump of the form generated by __od -Ax
|
||||
-tx1 -v__. In other words, each byte is individually displayed, with
|
||||
spaces separating the bytes from each other. Each line begins with an offset
|
||||
describing the position in the packet, each new packet starts with an offset
|
||||
of 0 and there is a space separating the offset from the following bytes.
|
||||
The offset is a hex number (can also be octal or decimal - see B<-o>),
|
||||
The offset is a hex number (can also be octal or decimal - see *-o*),
|
||||
of more than two hex digits.
|
||||
|
||||
Here is a sample dump that B<text2pcap> can recognize:
|
||||
Here is a sample dump that *text2pcap* can recognize:
|
||||
|
||||
000000 00 0e b6 00 00 02 00 0e b6 00 00 01 08 00 45 00
|
||||
000010 00 28 00 00 00 00 ff 01 37 d1 c0 00 02 01 c0 00
|
||||
|
@ -75,10 +77,10 @@ also ignored. An offset of zero is indicative of starting a new
|
|||
packet, so a single text file with a series of hexdumps can be
|
||||
converted into a packet capture with multiple packets. Packets may be
|
||||
preceded by a timestamp. These are interpreted according to the format
|
||||
given on the command line (see B<-t>). If not, the first packet
|
||||
given on the command line (see *-t*). If not, the first packet
|
||||
is timestamped with the current time the conversion takes place. Multiple
|
||||
packets are written with timestamps differing by one microsecond each.
|
||||
In general, short of these restrictions, B<text2pcap> is pretty liberal
|
||||
In general, short of these restrictions, *text2pcap* is pretty liberal
|
||||
about reading in hexdumps and has been tested with a variety of
|
||||
mangled outputs (including being forwarded through email multiple
|
||||
times, with limited line wrap etc.)
|
||||
|
@ -87,188 +89,224 @@ There are a couple of other special features to note. Any line where
|
|||
the first non-whitespace character is '#' will be ignored as a
|
||||
comment. Any line beginning with #TEXT2PCAP is a directive and options
|
||||
can be inserted after this command to be processed by
|
||||
B<text2pcap>. Currently there are no directives implemented; in the
|
||||
*text2pcap*. Currently there are no directives implemented; in the
|
||||
future, these may be used to give more fine grained control on the
|
||||
dump and the way it should be processed e.g. timestamps, encapsulation
|
||||
type etc.
|
||||
|
||||
B<Text2pcap> also allows the user to read in dumps of
|
||||
*Text2pcap* also allows the user to read in dumps of
|
||||
application-level data, by inserting dummy L2, L3 and L4 headers
|
||||
before each packet. The user can elect to insert Ethernet headers,
|
||||
Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each
|
||||
packet. This allows Wireshark or any other full-packet decoder to
|
||||
handle these dumps.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item -a
|
||||
== OPTIONS
|
||||
|
||||
-a::
|
||||
+
|
||||
--
|
||||
Enables ASCII text dump identification. It allows one to identify the start of
|
||||
the ASCII text dump and not include it in the packet even if it looks like HEX.
|
||||
|
||||
B<NOTE:> Do not enable it if the input file does not contain the ASCII text dump.
|
||||
|
||||
=item -d
|
||||
*NOTE:* Do not enable it if the input file does not contain the ASCII text dump.
|
||||
--
|
||||
|
||||
-d::
|
||||
+
|
||||
--
|
||||
Displays debugging information during the process. Can be used
|
||||
multiple times to generate more debugging information.
|
||||
--
|
||||
|
||||
=item -D
|
||||
|
||||
-D::
|
||||
+
|
||||
--
|
||||
The text before the packet starts either with an I or O indicating that
|
||||
the packet is inbound or outbound. This is used when generating dummy headers.
|
||||
The indication is only stored if the output format is pcapng.
|
||||
--
|
||||
|
||||
=item -e E<lt>l3pidE<gt>
|
||||
|
||||
-e <l3pid>::
|
||||
+
|
||||
--
|
||||
Include a dummy Ethernet header before each packet. Specify the L3PID
|
||||
for the Ethernet header in hex. Use this option if your dump has Layer
|
||||
3 header and payload (e.g. IP header), but no Layer 2
|
||||
encapsulation. Example: I<-e 0x806> to specify an ARP packet.
|
||||
encapsulation. Example: __-e 0x806__ to specify an ARP packet.
|
||||
|
||||
For IP packets, instead of generating a fake Ethernet header you can
|
||||
also use I<-l 101> to indicate a raw IP packet to Wireshark. Note that
|
||||
I<-l 101> does not work for any non-IP Layer 3 packet (e.g. ARP),
|
||||
whereas generating a dummy Ethernet header with I<-e> works for any
|
||||
also use __-l 101__ to indicate a raw IP packet to Wireshark. Note that
|
||||
__-l 101__ does not work for any non-IP Layer 3 packet (e.g. ARP),
|
||||
whereas generating a dummy Ethernet header with __-e__ works for any
|
||||
sort of L3 packet.
|
||||
--
|
||||
|
||||
=item -h
|
||||
|
||||
-h::
|
||||
+
|
||||
--
|
||||
Displays a help message.
|
||||
--
|
||||
|
||||
=item -i E<lt>protoE<gt>
|
||||
|
||||
-i <proto>::
|
||||
+
|
||||
--
|
||||
Include dummy IP headers before each packet. Specify the IP protocol
|
||||
for the packet in decimal. Use this option if your dump is the payload
|
||||
of an IP packet (i.e. has complete L4 information) but does not have
|
||||
an IP header with each packet. Note that an appropriate Ethernet header
|
||||
is automatically included with each packet as well.
|
||||
Example: I<-i 46> to specify an RSVP packet (IP protocol 46). See
|
||||
L<https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml> for
|
||||
Example: __-i 46__ to specify an RSVP packet (IP protocol 46). See
|
||||
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml for
|
||||
the complete list of assigned internet protocol numbers.
|
||||
--
|
||||
|
||||
=item -l
|
||||
|
||||
-l::
|
||||
+
|
||||
--
|
||||
Specify the link-layer header type of this packet. Default is Ethernet
|
||||
(1). See L<https://www.tcpdump.org/linktypes.html> for the complete list
|
||||
(1). See https://www.tcpdump.org/linktypes.html for the complete list
|
||||
of possible encapsulations. Note that this option should be used if
|
||||
your dump is a complete hex dump of an encapsulated packet and you wish
|
||||
to specify the exact type of encapsulation. Example: I<-l 7> for ARCNet
|
||||
to specify the exact type of encapsulation. Example: __-l 7__ for ARCNet
|
||||
packets encapsulated BSD-style.
|
||||
--
|
||||
|
||||
=item -m E<lt>max-packetE<gt>
|
||||
|
||||
-m <max-packet>::
|
||||
+
|
||||
--
|
||||
Set the maximum packet length, default is 262144.
|
||||
Useful for testing various packet boundaries when only an application
|
||||
level datastream is available. Example:
|
||||
|
||||
I<od -Ax -tx1 -v stream | text2pcap -m1460 -T1234,1234 - stream.pcap>
|
||||
__od -Ax -tx1 -v stream | text2pcap -m1460 -T1234,1234 - stream.pcap__
|
||||
|
||||
will convert from plain datastream format to a sequence of Ethernet
|
||||
TCP packets.
|
||||
--
|
||||
|
||||
=item -n
|
||||
|
||||
-n::
|
||||
+
|
||||
--
|
||||
Write the file in pcapng format rather than pcap format.
|
||||
--
|
||||
|
||||
=item -N E<lt>intf-nameE<gt>
|
||||
|
||||
-N <intf-name>::
|
||||
+
|
||||
--
|
||||
Specify a name for the interface included when writing a pcapng format
|
||||
file. By default no name is defined.
|
||||
--
|
||||
|
||||
=item -o hex|oct|dec
|
||||
|
||||
-o hex|oct|dec::
|
||||
+
|
||||
--
|
||||
Specify the radix for the offsets (hex, octal or decimal). Defaults to
|
||||
hex. This corresponds to the C<-A> option for I<od>.
|
||||
|
||||
=item -q
|
||||
hex. This corresponds to the `-A` option for __od__.
|
||||
--
|
||||
|
||||
-q::
|
||||
+
|
||||
--
|
||||
Be completely quiet during the process.
|
||||
--
|
||||
|
||||
=item -s E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt>
|
||||
|
||||
-s <srcport>,<destport>,<tag>::
|
||||
+
|
||||
--
|
||||
Include dummy SCTP headers before each packet. Specify, in decimal, the
|
||||
source and destination SCTP ports, and verification tag, for the packet.
|
||||
Use this option if your dump is the SCTP payload of a packet but does
|
||||
not include any SCTP, IP or Ethernet headers. Note that appropriate
|
||||
Ethernet and IP headers are automatically also included with each
|
||||
packet. A CRC32C checksum will be put into the SCTP header.
|
||||
--
|
||||
|
||||
=item -S E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt>
|
||||
|
||||
-S <srcport>,<destport>,<ppi>::
|
||||
+
|
||||
--
|
||||
Include dummy SCTP headers before each packet. Specify, in decimal, the
|
||||
source and destination SCTP ports, and a verification tag of 0, for the
|
||||
packet, and prepend a dummy SCTP DATA chunk header with a payload
|
||||
protocol identifier if I<ppi>. Use this option if your dump is the SCTP
|
||||
protocol identifier if __ppi__. Use this option if your dump is the SCTP
|
||||
payload of a packet but does not include any SCTP, IP or Ethernet
|
||||
headers. Note that appropriate Ethernet and IP headers are
|
||||
automatically included with each packet. A CRC32C checksum will be put
|
||||
into the SCTP header.
|
||||
--
|
||||
|
||||
=item -t E<lt>timefmtE<gt>
|
||||
|
||||
Treats the text before the packet as a date/time code; I<timefmt> is a
|
||||
-t <timefmt>::
|
||||
+
|
||||
--
|
||||
Treats the text before the packet as a date/time code; __timefmt__ is a
|
||||
format string of the sort supported by strptime(3).
|
||||
Example: The time "10:15:14.5476" has the format code "%H:%M:%S."
|
||||
|
||||
B<NOTE:> The subsecond component delimiter must be specified (.) but no
|
||||
*NOTE:* The subsecond component delimiter must be specified (.) but no
|
||||
pattern is required; the remaining number is assumed to be fractions of
|
||||
a second.
|
||||
|
||||
B<NOTE:> Date/time fields from the current date/time are
|
||||
*NOTE:* Date/time fields from the current date/time are
|
||||
used as the default for unspecified fields.
|
||||
--
|
||||
|
||||
=item -T E<lt>srcportE<gt>,E<lt>destportE<gt>
|
||||
|
||||
-T <srcport>,<destport>::
|
||||
+
|
||||
--
|
||||
Include dummy TCP headers before each packet. Specify the source and
|
||||
destination TCP ports for the packet in decimal. Use this option if
|
||||
your dump is the TCP payload of a packet but does not include any TCP,
|
||||
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
||||
are automatically also included with each packet.
|
||||
Sequence numbers will start at 0.
|
||||
--
|
||||
|
||||
=item -u E<lt>srcportE<gt>,E<lt>destportE<gt>
|
||||
|
||||
-u <srcport>,<destport>::
|
||||
+
|
||||
--
|
||||
Include dummy UDP headers before each packet. Specify the source and
|
||||
destination UDP ports for the packet in decimal. Use this option if
|
||||
your dump is the UDP payload of a packet but does not include any UDP,
|
||||
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
||||
are automatically also included with each packet.
|
||||
Example: I<-u1000,69> to make the packets look like TFTP/UDP packets.
|
||||
|
||||
=item -v
|
||||
Example: __-u1000,69__ to make the packets look like TFTP/UDP packets.
|
||||
--
|
||||
|
||||
-v::
|
||||
+
|
||||
--
|
||||
Print the version and exit.
|
||||
--
|
||||
|
||||
=item -4 E<lt>srcipE<gt>,E<lt>destipE<gt>
|
||||
|
||||
-4 <srcip>,<destip>::
|
||||
+
|
||||
--
|
||||
Prepend dummy IP header with specified IPv4 dest and source address.
|
||||
This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
|
||||
Use this option to apply "custom" IP addresses.
|
||||
Example: I<-4 10.0.0.1,10.0.0.2> to use 10.0.0.1 and 10.0.0.2 for all IP packets.
|
||||
|
||||
=item -6 E<lt>srcipE<gt>,E<lt>destipE<gt>
|
||||
Example: __-4 10.0.0.1,10.0.0.2__ to use 10.0.0.1 and 10.0.0.2 for all IP packets.
|
||||
--
|
||||
|
||||
-6 <srcip>,<destip>::
|
||||
+
|
||||
--
|
||||
Prepend dummy IP header with specified IPv6 dest and source address.
|
||||
This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
|
||||
Use this option to apply "custom" IP addresses.
|
||||
Example: I<-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334> to
|
||||
Example: __-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334__ to
|
||||
use fe80::202:b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets.
|
||||
--
|
||||
|
||||
=back
|
||||
== SEE ALSO
|
||||
|
||||
=head1 SEE ALSO
|
||||
od(1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:mergecap.html[mergecap](1),
|
||||
xref:editcap.html[editcap](1), strptime(3), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||
|
||||
od(1), pcap(3), wireshark(1), tshark(1), dumpcap(1), mergecap(1),
|
||||
editcap(1), strptime(3), pcap-filter(7) or tcpdump(8)
|
||||
== NOTES
|
||||
|
||||
=head1 NOTES
|
||||
*Text2pcap* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
B<Text2pcap> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Ashok Narayanan <ashokn[AT]cisco.com>
|
||||
|
|
1699
doc/tshark.adoc
1699
doc/tshark.adoc
File diff suppressed because it is too large
Load Diff
130
doc/udpdump.adoc
130
doc/udpdump.adoc
|
@ -1,83 +1,101 @@
|
|||
=begin man
|
||||
= udpdump(1)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
udpdump - Provide an UDP receiver that gets packets from network devices (like Aruba routers) and exports them in PCAP format.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<udpdump>
|
||||
S<[ B<--help> ]>
|
||||
S<[ B<--version> ]>
|
||||
S<[ B<--extcap-interfaces> ]>
|
||||
S<[ B<--extcap-dlts> ]>
|
||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
||||
S<[ B<--extcap-config> ]>
|
||||
S<[ B<--capture> ]>
|
||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
||||
S<[ B<--port>=E<lt>portE<gt> ]>
|
||||
S<[ B<--payload>=E<lt>typeE<gt> ]>
|
||||
[manarg]
|
||||
*udpdump*
|
||||
[ *--help* ]
|
||||
[ *--version* ]
|
||||
[ *--extcap-interfaces* ]
|
||||
[ *--extcap-dlts* ]
|
||||
[ *--extcap-interface*=<interface> ]
|
||||
[ *--extcap-config* ]
|
||||
[ *--capture* ]
|
||||
[ *--fifo*=<path to file or pipe> ]
|
||||
[ *--port*=<port> ]
|
||||
[ *--payload*=<type> ]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<udpdump> is a extcap tool that provides an UDP receiver that listens for exported datagrams coming from
|
||||
*udpdump* is a extcap tool that provides an UDP receiver that listens for exported datagrams coming from
|
||||
any source (like Aruba routers) and exports them in PCAP format. This provides the user two basic
|
||||
functionalities: the first one is to have a listener that prevents the localhost to send back an ICMP
|
||||
port-unreachable packet. The second one is to strip out the lower layers (layer 2, IP, UDP) that are useless
|
||||
(are used just as export vector). The format of the exported datagrams are EXPORTED_PDU, as specified in
|
||||
https://gitlab.com/wireshark/wireshark/-/raw/master/epan/exported_pdu.h
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item --help
|
||||
== OPTIONS
|
||||
|
||||
--help::
|
||||
+
|
||||
--
|
||||
Print program arguments.
|
||||
--
|
||||
|
||||
=item --version
|
||||
|
||||
--version::
|
||||
+
|
||||
--
|
||||
Print program version.
|
||||
--
|
||||
|
||||
=item --extcap-interfaces
|
||||
|
||||
--extcap-interfaces::
|
||||
+
|
||||
--
|
||||
List available interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
||||
|
||||
--extcap-interface=<interface>::
|
||||
+
|
||||
--
|
||||
Use specified interfaces.
|
||||
--
|
||||
|
||||
=item --extcap-dlts
|
||||
|
||||
--extcap-dlts::
|
||||
+
|
||||
--
|
||||
List DLTs of specified interface.
|
||||
--
|
||||
|
||||
=item --extcap-config
|
||||
|
||||
--extcap-config::
|
||||
+
|
||||
--
|
||||
List configuration options of specified interface.
|
||||
--
|
||||
|
||||
=item --capture
|
||||
|
||||
--capture::
|
||||
+
|
||||
--
|
||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||
--
|
||||
|
||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
||||
|
||||
--fifo=<path to file or pipe>::
|
||||
+
|
||||
--
|
||||
Save captured packet to file or send it through pipe.
|
||||
--
|
||||
|
||||
=item --port=E<lt>portE<gt>
|
||||
|
||||
--port=<port>::
|
||||
+
|
||||
--
|
||||
Set the listener port. Port 5555 is the default.
|
||||
--
|
||||
|
||||
=item --payload=E<lt>typeE<gt>
|
||||
|
||||
--payload=<type>::
|
||||
+
|
||||
--
|
||||
Set the payload of the exported PDU. Default: data.
|
||||
--
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
== EXAMPLES
|
||||
|
||||
To see program arguments:
|
||||
|
||||
|
@ -114,20 +132,20 @@ To capture:
|
|||
|
||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||
|
||||
=head1 NOTES
|
||||
== NOTES
|
||||
|
||||
B<udpdump> is part of the B<Wireshark> distribution. The latest version
|
||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
||||
*udpdump* is part of the *Wireshark* distribution. The latest version
|
||||
of *Wireshark* can be found at https://www.wireshark.org.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
L<https://www.wireshark.org/docs/man-pages>.
|
||||
https://www.wireshark.org/docs/man-pages.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
Original Author
|
||||
---------------
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
.Original Author
|
||||
[%hardbreaks]
|
||||
Dario Lombardo <lomato[AT]gmail.com>
|
||||
|
|
|
@ -1,24 +1,25 @@
|
|||
=begin man
|
||||
= wireshark-filter(4)
|
||||
:doctype: manpage
|
||||
include::../docbook/attributes.adoc[]
|
||||
:stylesheet: ws.css
|
||||
:linkcss:
|
||||
:copycss: ../docbook/{stylesheet}
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=end man
|
||||
|
||||
=head1 NAME
|
||||
== NAME
|
||||
|
||||
wireshark-filter - Wireshark display filter syntax and reference
|
||||
|
||||
=head1 SYNOPSIS
|
||||
== SYNOPSIS
|
||||
|
||||
B<wireshark> [other options]
|
||||
S<[ B<-Y> "display filter expression" | B<--display-filter> "display filter expression" ]>
|
||||
*wireshark* [other options]
|
||||
[.nowrap]#[ *-Y* "display filter expression" | *--display-filter* "display filter expression" ]#
|
||||
|
||||
B<tshark> [other options]
|
||||
S<[ B<-Y> "display filter expression" | B<--display-filter> "display filter expression" ]>
|
||||
*tshark* [other options]
|
||||
[.nowrap]#[ *-Y* "display filter expression" | *--display-filter* "display filter expression" ]#
|
||||
|
||||
=head1 DESCRIPTION
|
||||
== DESCRIPTION
|
||||
|
||||
B<Wireshark> and B<TShark> share a powerful filter engine that helps remove
|
||||
*Wireshark* and *TShark* share a powerful filter engine that helps remove
|
||||
the noise from a packet trace and lets you see only the packets that interest
|
||||
you. If a packet meets the requirements expressed in your filter, then it
|
||||
is displayed in the list of packets. Display filters let you compare the
|
||||
|
@ -26,14 +27,14 @@ fields within a protocol against a specific value, compare fields against
|
|||
fields, and check the existence of specified fields or protocols.
|
||||
|
||||
Filters are also used by other features such as statistics generation and
|
||||
packet list colorization (the latter is only available to B<Wireshark>). This
|
||||
packet list colorization (the latter is only available to *Wireshark*). This
|
||||
manual page describes their syntax. A comprehensive reference of filter fields
|
||||
can be found within Wireshark and in the display filter reference at
|
||||
L<https://www.wireshark.org/docs/dfref/>.
|
||||
https://www.wireshark.org/docs/dfref/.
|
||||
|
||||
=head1 FILTER SYNTAX
|
||||
== FILTER SYNTAX
|
||||
|
||||
=head2 Check whether a field or protocol exists
|
||||
=== Check whether a field or protocol exists
|
||||
|
||||
The simplest filter allows you to check for the existence of a protocol or
|
||||
field. If you want to see all packets which contain the IP protocol, the
|
||||
|
@ -43,7 +44,7 @@ that contain a Token-Ring RIF field, use "tr.rif".
|
|||
Think of a protocol or field in a filter as implicitly having the "exists"
|
||||
operator.
|
||||
|
||||
=head2 Comparison operators
|
||||
=== Comparison operators
|
||||
|
||||
Fields can also be compared against values. The comparison operators
|
||||
can be expressed either through English-like abbreviations or through
|
||||
|
@ -56,7 +57,7 @@ C-like symbols:
|
|||
ge, >= Greater than or Equal to
|
||||
le, <= Less than or Equal to
|
||||
|
||||
=head2 Search and match operators
|
||||
=== Search and match operators
|
||||
|
||||
Additional operators exist expressed only in English, not C-like syntax:
|
||||
|
||||
|
@ -90,12 +91,12 @@ You can force case sensitivity using
|
|||
|
||||
wsp.header.user_agent matches "(?-i)cldc"
|
||||
|
||||
This is an example of PCRE's B<(?>optionB<)> construct. B<(?-i)> performs a
|
||||
This is an example of PCRE's *(?*option*)* construct. *(?-i)* performs a
|
||||
case-sensitive pattern match but other options can be specified as well. More
|
||||
information can be found in the
|
||||
L<pcrepattern(3)|https://www.pcre.org/original/doc/html/pcrepattern.html> man page.
|
||||
pcrepattern(3)|https://www.pcre.org/original/doc/html/pcrepattern.html man page.
|
||||
|
||||
=head2 Functions
|
||||
=== Functions
|
||||
|
||||
The filter language has the following functions:
|
||||
|
||||
|
@ -120,7 +121,7 @@ byte fields. For example:
|
|||
|
||||
gives you all the odd packets.
|
||||
|
||||
=head2 Protocol field types
|
||||
=== Protocol field types
|
||||
|
||||
Each protocol field is typed. The types are:
|
||||
|
||||
|
@ -241,7 +242,7 @@ String literals prefixed with 'r' are called "raw strings". Such strings treat
|
|||
backslash as a literal character. Double quotes may still be escaped with
|
||||
backslash but note that backslashes are always preserved in the result.
|
||||
|
||||
=head2 The slice operator
|
||||
=== The slice operator
|
||||
|
||||
You can take a slice of a field if the field is a text string or a
|
||||
byte array.
|
||||
|
@ -257,7 +258,7 @@ Another example is:
|
|||
|
||||
You can use the slice operator on a protocol name, too.
|
||||
The "frame" protocol can be useful, encompassing all the data captured
|
||||
by B<Wireshark> or B<TShark>.
|
||||
by *Wireshark* or *TShark*.
|
||||
|
||||
token[0:5] ne 0.0.0.1.1
|
||||
llc[0] eq aa
|
||||
|
@ -272,7 +273,7 @@ The following syntax governs slices:
|
|||
[i:] start_offset = i, end_offset = end_of_field
|
||||
|
||||
Offsets can be negative, in which case they indicate the
|
||||
offset from the B<end> of the field. The last byte of the field is at offset
|
||||
offset from the *end* of the field. The last byte of the field is at offset
|
||||
-1, the last but one byte is at offset -2, and so on.
|
||||
Here's how to check the last four bytes of a frame:
|
||||
|
||||
|
@ -300,7 +301,7 @@ Slices can be combined. You can concatenate them using the comma operator:
|
|||
This concatenates offset 1, offsets 3-5, and offset 9 to the end of the ftp
|
||||
data.
|
||||
|
||||
=head2 The membership operator
|
||||
=== The membership operator
|
||||
|
||||
A field may be checked for matches against a set of values simply with the
|
||||
membership operator. For instance, you may find traffic on common HTTP/HTTPS
|
||||
|
@ -322,7 +323,7 @@ The set of values can also contain ranges:
|
|||
ip.addr in {10.0.0.5 .. 10.0.0.9 192.168.1.1..192.168.1.9}
|
||||
frame.time_delta in {10 .. 10.5}
|
||||
|
||||
=head2 Type conversions
|
||||
=== Type conversions
|
||||
|
||||
If a field is a text string or a byte array, it can be expressed in whichever
|
||||
way is most convenient.
|
||||
|
@ -337,7 +338,7 @@ A range can also be expressed in either way:
|
|||
frame[60:2] gt 50.51
|
||||
frame[60:2] gt "PQ"
|
||||
|
||||
=head2 Bit field operations
|
||||
=== Bit field operations
|
||||
|
||||
It is also possible to define tests with bit field operations. Currently the
|
||||
following bit field operation is supported:
|
||||
|
@ -363,7 +364,7 @@ have the same number of bytes as the slice itself, as in:
|
|||
|
||||
ip[42:2] & 40:ff
|
||||
|
||||
=head2 Logical expressions
|
||||
=== Logical expressions
|
||||
|
||||
Tests can be combined using logical expressions.
|
||||
These too are expressible in C-like syntax or with English-like
|
||||
|
@ -407,7 +408,7 @@ filter. The other ip.addr could equal 192.168.4.1 and the packet would
|
|||
still be displayed.
|
||||
The second filter says "don't show me any packets that have an
|
||||
ip.addr field equal to 192.168.4.1". If one ip.addr is 192.168.4.1,
|
||||
the packet does not pass. If B<neither> ip.addr field is 192.168.4.1,
|
||||
the packet does not pass. If *neither* ip.addr field is 192.168.4.1,
|
||||
then the packet is displayed.
|
||||
|
||||
It is easy to think of the 'ne' and 'eq' operators as having an implicit
|
||||
|
@ -425,7 +426,7 @@ multicast packets to address 224.1.2.3, then using:
|
|||
ip.dst ne 224.1.2.3
|
||||
|
||||
may be too restrictive. Filtering with "ip.dst" selects only those
|
||||
B<IP> packets that satisfy the rule. Any other packets, including all
|
||||
*IP* packets that satisfy the rule. Any other packets, including all
|
||||
non-IP packets, will not be displayed. To display the non-IP
|
||||
packets as well, you can use one of the following two expressions:
|
||||
|
||||
|
@ -437,50 +438,42 @@ lets "ip.dst ne 224.1.2.3" filter out the unwanted IP packets. The
|
|||
second filter has already been explained above where filtering with
|
||||
multiply occurring fields was discussed.
|
||||
|
||||
=head1 FILTER FIELD REFERENCE
|
||||
== FILTER FIELD REFERENCE
|
||||
|
||||
The entire list of display filters is too large to list here. You can
|
||||
can find references and examples at the following locations:
|
||||
|
||||
=over 4
|
||||
* The online Display Filter Reference: https://www.wireshark.org/docs/dfref/
|
||||
|
||||
=item *
|
||||
The online Display Filter Reference: L<https://www.wireshark.org/docs/dfref/>
|
||||
* __View:Internals:Supported Protocols__ in Wireshark
|
||||
|
||||
=item *
|
||||
I<View:Internals:Supported Protocols> in Wireshark
|
||||
* `tshark -G fields` on the command line
|
||||
|
||||
=item *
|
||||
C<tshark -G fields> on the command line
|
||||
* The Wireshark wiki: https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters
|
||||
|
||||
=item *
|
||||
The Wireshark wiki: L<https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters>
|
||||
== NOTES
|
||||
|
||||
=back
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
The B<wireshark-filter(4)> manpage is part of the B<Wireshark> distribution.
|
||||
The latest version of B<Wireshark> can be found at
|
||||
L<https://www.wireshark.org>.
|
||||
The *xref:wireshark-filter.html[wireshark-filter](4)* manpage is part of the *Wireshark* distribution.
|
||||
The latest version of *Wireshark* can be found at
|
||||
https://www.wireshark.org.
|
||||
|
||||
Regular expressions in the "matches" operator are provided by GRegex in GLib.
|
||||
See L<https://developer.gnome.org/glib/2.32/glib-regex-syntax.html> or L<https://www.pcre.org/> for more information.
|
||||
See https://developer.gnome.org/glib/2.32/glib-regex-syntax.html or https://www.pcre.org/ for more information.
|
||||
|
||||
This manpage does not describe the capture filter syntax, which is
|
||||
different. See the manual page of pcap-filter(7) or, if that doesn't exist,
|
||||
tcpdump(8), or, if that doesn't exist, L<https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters>
|
||||
different. See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist,
|
||||
xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8), or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters
|
||||
for a description of capture filters.
|
||||
|
||||
Display Filters are also described in the User's Guide:
|
||||
L<https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html>
|
||||
https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
|
||||
|
||||
=head1 SEE ALSO
|
||||
== SEE ALSO
|
||||
|
||||
wireshark(1), tshark(1), editcap(1), pcap(3), pcap-filter(7) or tcpdump(8) if it
|
||||
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8) if it
|
||||
doesn't exist.
|
||||
|
||||
=head1 AUTHORS
|
||||
== AUTHORS
|
||||
|
||||
See the list of authors in the B<Wireshark> man page for a list of authors of
|
||||
See the list of authors in the *Wireshark* man page for a list of authors of
|
||||
that code.
|
||||
|
|
2803
doc/wireshark.adoc
2803
doc/wireshark.adoc
File diff suppressed because it is too large
Load Diff
|
@ -17,13 +17,13 @@ The guides and release notes are written in
|
|||
https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/[Asciidoctor syntax].
|
||||
For more information see https://asciidoctor.org.
|
||||
|
||||
= Requirements
|
||||
== Requirements
|
||||
|
||||
Ultimately we'd like to reduce the toolchain requirements to AsciidoctorJ alone, but that's not yet possible.
|
||||
Additional tooling is required for the HTML and HTMLHelp targets.
|
||||
See the https://www.wireshark.org/docs/wsdg_html_chunked/ChToolsDocumentationToolchain.html[Developer's Guide] for instructions on installing required packages for your platform.
|
||||
|
||||
= Asciidoctor Markup
|
||||
== Asciidoctor Markup
|
||||
|
||||
The User’s and Developer’s Guides were originally written in DocBook and
|
||||
were later converted to https://asciidoc.org/[AsciiDoc]. We subsequently
|
||||
|
@ -59,6 +59,25 @@ Admonitions ([NOTE], [TIP], and [WARNING]) can be used to highlight important
|
|||
information. Keep in mind that they interrupt the flow of text by design. Too
|
||||
many (especially in a row) are distracting and annoying.
|
||||
|
||||
== Custom Asciidoctor Macros
|
||||
|
||||
The following custom macros are available in `docbook/asciidoctor-macros`:
|
||||
|
||||
commaize-block::
|
||||
Sorts a list of items and separates them with commas with an "and" preceding the last item.
|
||||
|
||||
cveidlink-inline-macro::
|
||||
Links a CVE ID to cve.mitre.org.
|
||||
|
||||
manarg-block::
|
||||
Ensures that individual arguments don't wrap in order to improve readability.
|
||||
|
||||
wsbuglink-inline-macro::
|
||||
Links an issue number to gitlab.org/wireshark/wireshark/-/issues.
|
||||
|
||||
wssalink-inline-macro::
|
||||
Links a security advisory to www.wireshark.org.
|
||||
|
||||
== Asciidoctor Live Preview
|
||||
|
||||
The Asciidoctor project provides a JavaScript version of Asciidoctor
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
# SPDX-License-Identifier: MIT
|
||||
# Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb
|
||||
|
||||
RUBY_ENGINE == 'opal' ? (require 'manarg-block/extension') : (require_relative 'manarg-block/extension')
|
||||
|
||||
Extensions.register do
|
||||
block ManArgBlock
|
||||
end
|
|
@ -0,0 +1,45 @@
|
|||
# SPDX-License-Identifier: MIT
|
||||
require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal'
|
||||
|
||||
include Asciidoctor
|
||||
|
||||
# An inline macro that generates markup for man page arguments.
|
||||
# Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb
|
||||
#
|
||||
# Usage:
|
||||
#
|
||||
# [manarg]
|
||||
# *command*
|
||||
# [ *--help* ]
|
||||
# [ *--flash-lights* ]
|
||||
#
|
||||
class ManArgBlock < Extensions::BlockProcessor
|
||||
use_dsl
|
||||
|
||||
named :manarg
|
||||
parse_content_as :simple
|
||||
|
||||
def process parent, reader, attrs
|
||||
nowrap_lines = reader.readlines.map {|line|
|
||||
if parent.document.basebackend? 'html'
|
||||
# Apply the custom style "[.nowrap]## ... ##" to each line.
|
||||
# This generates "<span content="nowrap"> ... </span>". Pass
|
||||
# each '#' through for extra paranoia.
|
||||
%([.nowrap]###{line.gsub('#', '+++#+++')}##)
|
||||
elsif parent.document.backend == 'manpage'
|
||||
# Replace spaces with non-breaking spaces (' '), then make
|
||||
# bold markup unconstrained ('*' -> '**'). For now we naively
|
||||
# assume that bolds are always constrained (that is, we only
|
||||
# have single '*'s). We *should* be able to do this properly
|
||||
# with a regex, but for some reason
|
||||
# gsub(/([^*])\*([^*])/, '\1**\2')
|
||||
# doesn't match the first asterisk in "*--extcap-interface*=<interface>"
|
||||
%(#{line.gsub(' ', ' ').gsub('*', '**')})
|
||||
else
|
||||
line
|
||||
end
|
||||
}
|
||||
# STDERR.puts(nowrap_lines)
|
||||
create_paragraph parent, nowrap_lines, attrs
|
||||
end
|
||||
end
|
|
@ -0,0 +1,19 @@
|
|||
= androiddump(1)
|
||||
:doctype: manpage
|
||||
|
||||
== NAME
|
||||
|
||||
sample - Sample man page
|
||||
|
||||
== SYNOPSIS
|
||||
|
||||
[manarg]
|
||||
*androiddump*
|
||||
*--mandatory-argument
|
||||
[ *--optional-argument* ]
|
||||
*--complex-mandatory*=<argument>
|
||||
[ *--complex-optional*=<argument> ]
|
||||
|
||||
== DESCRIPTION
|
||||
|
||||
Sample man page.
|
|
@ -25,8 +25,7 @@ The following must be installed in order to build Wireshark:
|
|||
Either make or Ninja can be used to build Wireshark; at least one of
|
||||
those must be installed.
|
||||
|
||||
To build the Developer's Guide and the User's Guide, Asciidoctor,
|
||||
Xsltproc, and DocBook must be installed.
|
||||
To build the manual pages, Developer's Guide and User's Guide, Asciidoctor, Xsltproc, and DocBook must be installed.
|
||||
|
||||
Some features of Wireshark require additional libraries to be installed.
|
||||
|
||||
|
|
|
@ -452,17 +452,16 @@ Edition, it will include an SDK.
|
|||
[[ChToolsDocumentationToolchain]]
|
||||
=== Documentation Toolchain
|
||||
|
||||
Wireshark’s documentation is split across two directories. The `doc`
|
||||
directory contains man pages written in Perl’s POD (Plain Old
|
||||
Documentation) format. The `docbook` directory contains the User’s
|
||||
Guide, Developer’s Guide, and the release notes, which are written in
|
||||
Asciidoctor markup.
|
||||
Wireshark’s documentation is split across two directories.
|
||||
The `doc` directory contains man pages written in Asciidoctor markup.
|
||||
The `docbook` directory contains the User’s Guide, Developer’s Guide, and the release notes, which are also written in Asciidoctor markup.
|
||||
The split is for historical reasons (described below), and the documentation will likely be consolidated into one directory in the future.
|
||||
|
||||
Our various output formats are generated using the following tools.
|
||||
Intermediate formats are in _italics_.
|
||||
|
||||
Man page roff:: pod2man
|
||||
Man page HTML:: pod2html
|
||||
Man page roff:: Asciidoctor
|
||||
Man page HTML:: Asciidoctor
|
||||
|
||||
Guide HTML:: Asciidoctor → _DocBook XML_ → xsltproc + DocBook XSL
|
||||
Guide PDF:: Asciidoctor
|
||||
|
@ -478,6 +477,7 @@ The Ruby and Java flavors can be used to build Wireshark’s documentation, but
|
|||
|
||||
The guides and release notes were originally written in DocBook (hence the directory name).
|
||||
They were later converted to AsciiDoc and then migrated to Asciidoctor.
|
||||
The man pages were originally in Perl’s POD (Plain Old Documentation) format and were later converted to Asciidoctor.
|
||||
We currently use Asciidoctor’s modern (>= 1.5.0) syntax.
|
||||
|
||||
PDF output requires Asciidoctor’s PDF backend.
|
||||
|
|
|
@ -58,10 +58,7 @@ BuildRequires: python3
|
|||
BuildRequires: gcc
|
||||
BuildRequires: perl
|
||||
BuildRequires: flex
|
||||
%if %{with guides}
|
||||
# HTML guides
|
||||
BuildRequires: asciidoctor
|
||||
%endif
|
||||
|
||||
BuildRequires: glib2-devel >= 2.32.0
|
||||
Requires: glib2
|
||||
|
|
|
@ -72,7 +72,6 @@ BASIC_LIST="gcc \
|
|||
ADDITIONAL_LIST="libnl-3-dev \
|
||||
libkrb5-dev \
|
||||
libsmi2-dev \
|
||||
asciidoctor \
|
||||
libsbc-dev \
|
||||
liblua5.2-dev \
|
||||
libnl-cli-3-dev \
|
||||
|
@ -97,6 +96,7 @@ ADDITIONAL_LIST="libnl-3-dev \
|
|||
|
||||
DEBDEPS_LIST="debhelper \
|
||||
dh-python \
|
||||
asciidoctor \
|
||||
docbook-xml \
|
||||
docbook-xsl \
|
||||
libxml2-utils \
|
||||
|
|
|
@ -76,7 +76,8 @@ ADDITIONAL_LIST="libcap-devel \
|
|||
# oxipng \
|
||||
# pngcrush"
|
||||
|
||||
RPMDEPS_LIST="rpm-build"
|
||||
RPMDEPS_LIST="rpm-build \
|
||||
rubygem-asciidoctor.noarch"
|
||||
|
||||
# Guess which package manager we will use
|
||||
for PM in zypper dnf yum ''; do
|
||||
|
@ -204,9 +205,6 @@ echo "Gettext devel is unavailable" >&2
|
|||
add_package ADDITIONAL_LIST perl-Pod-Html ||
|
||||
echo "perl-Pod-Html is unavailable" >&2
|
||||
|
||||
add_package ADDITIONAL_LIST asciidoctor || add_package ADDITIONAL_LIST rubygem-asciidoctor.noarch ||
|
||||
echo "asciidoctor is unavailable" >&2
|
||||
|
||||
add_package ADDITIONAL_LIST ninja || add_package ADDITIONAL_LIST ninja-build ||
|
||||
echo "ninja is unavailable" >&2
|
||||
|
||||
|
|
Loading…
Reference in New Issue