forked from osmocom/wireshark
Docs+Packaging: Convert our man pages to Asciidoctor.
Convert doc/*.pod to Asciidoctor. This: * Means we use the same markup for our man pages, the guides, and release notes. * Lets us add versions to our man pages. * Gives us more formatting options, e.g. AsciiDoc supports `commands`, nested lists and makes it easy to include version information. The manpage backend doesn't seem to support tables very well, unfortunately. Convert our CMake configuration to produce *roff and html man pages using Asciidoctor. Add a "manarg" block macro which makes our synopses wrap correctly. Similar to the release notes, guides, and FAQ, if Asciidoctor isn't found the man pages won't be generated or installed. Move Asciidoctor to the list of package build dependencies in various places. This commit includes the conversion script (pod2adoc.py), which will be removed later. Line count sanity check: Man page .pod .adoc androiddump 260 280 asn2deb 93 105 capinfos 401 471 captype 54 55 ciscodump 241 269 dftest 42 42 dpauxmon 153 169 dumpcap 464 534 editcap 528 583 etwdump 136 156 extcap 157 181 idl2deb 91 103 idl2wrs 120 100 mergecap 206 207 mmdbresolve 75 75 randpkt 107 111 randpktdump 158 184 rawshark 558 610 reordercap 76 78 sdjournal 145 157 sshdump 272 302 text2pcap 274 312 tshark 2135 2360 udpdump 133 151 wireshark-filter 486 479 wireshark 2967 3420
This commit is contained in:
parent
9f1607ab47
commit
84ab55cf75
|
@ -1345,8 +1345,6 @@ ws_find_package(WinSparkle ENABLE_WINSPARKLE HAVE_SOFTWARE_UPDATE)
|
||||||
|
|
||||||
find_package( Asciidoctor 1.5 )
|
find_package( Asciidoctor 1.5 )
|
||||||
|
|
||||||
find_package(POD REQUIRED)
|
|
||||||
|
|
||||||
find_package(DOXYGEN)
|
find_package(DOXYGEN)
|
||||||
|
|
||||||
# The SpeexDSP resampler is required iff building wireshark or sharkd.
|
# The SpeexDSP resampler is required iff building wireshark or sharkd.
|
||||||
|
@ -1939,41 +1937,45 @@ set(INSTALL_FILES
|
||||||
smi_modules
|
smi_modules
|
||||||
wka
|
wka
|
||||||
docbook/ws.css
|
docbook/ws.css
|
||||||
${CMAKE_BINARY_DIR}/doc/AUTHORS-SHORT
|
|
||||||
${CMAKE_BINARY_DIR}/doc/androiddump.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/udpdump.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/capinfos.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/captype.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/ciscodump.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/dftest.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/dumpcap.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/editcap.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/extcap.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/mergecap.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/randpkt.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/randpktdump.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/etwdump.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/rawshark.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/reordercap.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/sshdump.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/text2pcap.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/tshark.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/wireshark.html
|
|
||||||
${CMAKE_BINARY_DIR}/doc/wireshark-filter.html
|
|
||||||
)
|
)
|
||||||
|
|
||||||
if(MAXMINDDB_FOUND)
|
if (ASCIIDOCTOR_FOUND)
|
||||||
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/mmdbresolve.html)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if (BUILD_corbaidl2wrs)
|
|
||||||
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/idl2wrs.html)
|
|
||||||
endif()
|
|
||||||
if (BUILD_xxx2deb)
|
|
||||||
list(APPEND INSTALL_FILES
|
list(APPEND INSTALL_FILES
|
||||||
${CMAKE_BINARY_DIR}/doc/asn2deb.html
|
${CMAKE_BINARY_DIR}/doc/AUTHORS-SHORT
|
||||||
${CMAKE_BINARY_DIR}/doc/idl2deb.html
|
${CMAKE_BINARY_DIR}/doc/androiddump.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/udpdump.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/capinfos.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/captype.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/ciscodump.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/dftest.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/dumpcap.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/editcap.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/extcap.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/mergecap.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/randpkt.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/randpktdump.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/etwdump.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/rawshark.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/reordercap.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/sshdump.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/text2pcap.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/tshark.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/wireshark.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/wireshark-filter.html
|
||||||
)
|
)
|
||||||
|
if(MAXMINDDB_FOUND)
|
||||||
|
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/mmdbresolve.html)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
if (BUILD_corbaidl2wrs)
|
||||||
|
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/idl2wrs.html)
|
||||||
|
endif()
|
||||||
|
if (BUILD_xxx2deb)
|
||||||
|
list(APPEND INSTALL_FILES
|
||||||
|
${CMAKE_BINARY_DIR}/doc/asn2deb.html
|
||||||
|
${CMAKE_BINARY_DIR}/doc/idl2deb.html
|
||||||
|
)
|
||||||
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if(NOT WIN32)
|
if(NOT WIN32)
|
||||||
|
|
|
@ -39,12 +39,14 @@ if(ASCIIDOCTOR_EXECUTABLE)
|
||||||
set (_asciidoctor_common_args
|
set (_asciidoctor_common_args
|
||||||
# Doesn't work with AsciidoctorJ?
|
# Doesn't work with AsciidoctorJ?
|
||||||
# --failure-level=WARN
|
# --failure-level=WARN
|
||||||
|
# --trace
|
||||||
--attribute build_dir=${CMAKE_CURRENT_BINARY_DIR}
|
--attribute build_dir=${CMAKE_CURRENT_BINARY_DIR}
|
||||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/ws_utils.rb
|
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/ws_utils.rb
|
||||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/commaize-block.rb
|
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/commaize-block.rb
|
||||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/cveidlink-inline-macro.rb
|
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/cveidlink-inline-macro.rb
|
||||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/wsbuglink-inline-macro.rb
|
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/manarg-block.rb
|
||||||
--require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/wssalink-inline-macro.rb
|
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb
|
||||||
|
--require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/wssalink-inline-macro.rb
|
||||||
)
|
)
|
||||||
|
|
||||||
set(_asciidoctor_common_command
|
set(_asciidoctor_common_command
|
||||||
|
@ -83,7 +85,7 @@ if(ASCIIDOCTOR_EXECUTABLE)
|
||||||
unset(_output_xml)
|
unset(_output_xml)
|
||||||
ENDMACRO()
|
ENDMACRO()
|
||||||
|
|
||||||
# Currently single page only.
|
# Single page only, for the release notes and man pages.
|
||||||
MACRO( ASCIIDOCTOR2HTML _asciidocsource )
|
MACRO( ASCIIDOCTOR2HTML _asciidocsource )
|
||||||
GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE )
|
GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE )
|
||||||
set( _output_html ${_source_base_name}.html )
|
set( _output_html ${_source_base_name}.html )
|
||||||
|
@ -124,6 +126,27 @@ if(ASCIIDOCTOR_EXECUTABLE)
|
||||||
unset(_output_txt)
|
unset(_output_txt)
|
||||||
ENDMACRO()
|
ENDMACRO()
|
||||||
|
|
||||||
|
# Single page only, for the release notes and man pages.
|
||||||
|
MACRO( ASCIIDOCTOR2MAN _asciidocsource _man_section)
|
||||||
|
GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE )
|
||||||
|
set( _output_man ${_source_base_name}.${_man_section} )
|
||||||
|
|
||||||
|
ADD_CUSTOM_COMMAND(
|
||||||
|
OUTPUT
|
||||||
|
${_output_man}
|
||||||
|
COMMAND ${_asciidoctor_common_command}
|
||||||
|
--backend manpage
|
||||||
|
--out-file ${_output_man}
|
||||||
|
${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource}
|
||||||
|
DEPENDS
|
||||||
|
${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource}
|
||||||
|
${ARGN}
|
||||||
|
)
|
||||||
|
add_custom_target(generate_${_output_man} DEPENDS ${_output_man})
|
||||||
|
set_asciidoctor_target_properties(generate_${_output_man})
|
||||||
|
unset(_output_man)
|
||||||
|
ENDMACRO()
|
||||||
|
|
||||||
# news: release-notes.txt
|
# news: release-notes.txt
|
||||||
# ${CMAKE_COMMAND} -E copy_if_different release-notes.txt ../NEWS
|
# ${CMAKE_COMMAND} -E copy_if_different release-notes.txt ../NEWS
|
||||||
|
|
||||||
|
|
|
@ -1,84 +0,0 @@
|
||||||
#
|
|
||||||
# - Find pod2man and pod2html.
|
|
||||||
#
|
|
||||||
|
|
||||||
find_program(POD2MAN_EXECUTABLE
|
|
||||||
NAMES
|
|
||||||
pod2man
|
|
||||||
pod2man.bat
|
|
||||||
PATHS
|
|
||||||
/bin
|
|
||||||
/usr/bin
|
|
||||||
/usr/local/bin
|
|
||||||
/sbin
|
|
||||||
)
|
|
||||||
|
|
||||||
find_program(POD2HTML_EXECUTABLE
|
|
||||||
NAMES
|
|
||||||
pod2html
|
|
||||||
pod2html.bat
|
|
||||||
PATHS
|
|
||||||
/bin
|
|
||||||
/usr/bin
|
|
||||||
/usr/local/bin
|
|
||||||
/sbin
|
|
||||||
)
|
|
||||||
|
|
||||||
# handle the QUIETLY and REQUIRED arguments and set POD2HTML_FOUND to TRUE if
|
|
||||||
# all listed variables are TRUE
|
|
||||||
include(FindPackageHandleStandardArgs)
|
|
||||||
find_package_handle_standard_args(POD DEFAULT_MSG POD2MAN_EXECUTABLE POD2HTML_EXECUTABLE)
|
|
||||||
|
|
||||||
mark_as_advanced(
|
|
||||||
POD2MAN_EXECUTABLE
|
|
||||||
POD2HTML_EXECUTABLE
|
|
||||||
)
|
|
||||||
|
|
||||||
# run pod2man and pod2html
|
|
||||||
macro(pod2manhtml _sourcefile _manext)
|
|
||||||
get_filename_component(_basefile ${_sourcefile} NAME)
|
|
||||||
set(_outman ${_basefile}.${_manext})
|
|
||||||
set(_outhtml ${_basefile}.html)
|
|
||||||
|
|
||||||
add_custom_command(
|
|
||||||
OUTPUT
|
|
||||||
${_outman}
|
|
||||||
COMMAND
|
|
||||||
${PERL_EXECUTABLE} ${POD2MAN_EXECUTABLE}
|
|
||||||
--section=${_manext}
|
|
||||||
--center=\"The Wireshark Network Analyzer\"
|
|
||||||
--release=${PROJECT_VERSION}
|
|
||||||
${_sourcefile}.pod
|
|
||||||
> ${_outman}
|
|
||||||
DEPENDS
|
|
||||||
${_sourcefile}.pod
|
|
||||||
)
|
|
||||||
|
|
||||||
add_custom_command(
|
|
||||||
OUTPUT
|
|
||||||
${_outhtml}
|
|
||||||
COMMAND
|
|
||||||
${PERL_EXECUTABLE} ${POD2HTML_EXECUTABLE}
|
|
||||||
--title=\"${_basefile} - The Wireshark Network Analyzer ${CPACK_PACKAGE_VERSION}\"
|
|
||||||
--css=ws.css
|
|
||||||
--noindex
|
|
||||||
${_sourcefile}.pod
|
|
||||||
> ${_outhtml}
|
|
||||||
DEPENDS
|
|
||||||
${_sourcefile}.pod
|
|
||||||
${CMAKE_SOURCE_DIR}/docbook/ws.css
|
|
||||||
)
|
|
||||||
endmacro(pod2manhtml)
|
|
||||||
|
|
||||||
#
|
|
||||||
# Editor modelines - https://www.wireshark.org/tools/modelines.html
|
|
||||||
#
|
|
||||||
# Local variables:
|
|
||||||
# c-basic-offset: 8
|
|
||||||
# tab-width: 8
|
|
||||||
# indent-tabs-mode: t
|
|
||||||
# End:
|
|
||||||
#
|
|
||||||
# vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
||||||
# :indentSize=8:tabSize=8:noTabs=false:
|
|
||||||
#
|
|
|
@ -7,6 +7,8 @@
|
||||||
# SPDX-License-Identifier: GPL-2.0-or-later
|
# SPDX-License-Identifier: GPL-2.0-or-later
|
||||||
#
|
#
|
||||||
|
|
||||||
|
find_package( Asciidoctor 1.5 )
|
||||||
|
|
||||||
add_custom_command(
|
add_custom_command(
|
||||||
OUTPUT AUTHORS-SHORT
|
OUTPUT AUTHORS-SHORT
|
||||||
COMMAND ${PERL_EXECUTABLE}
|
COMMAND ${PERL_EXECUTABLE}
|
||||||
|
@ -18,98 +20,69 @@ add_custom_command(
|
||||||
${CMAKE_SOURCE_DIR}/AUTHORS
|
${CMAKE_SOURCE_DIR}/AUTHORS
|
||||||
)
|
)
|
||||||
|
|
||||||
|
set(MAN1_INSTALL_FILES)
|
||||||
|
set(MAN4_INSTALL_FILES)
|
||||||
|
set(HTML_INSTALL_FILES)
|
||||||
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/wireshark 1)
|
macro (ASCIIDOCTOR2MANHTML _page_name _man_section)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/androiddump 1)
|
if(ASCIIDOCTOR_FOUND)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/capinfos 1)
|
ASCIIDOCTOR2HTML(${_page_name}.adoc)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/captype 1)
|
ASCIIDOCTOR2MAN(${_page_name}.adoc ${_man_section})
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/ciscodump 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dftest 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dumpcap 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/editcap 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mergecap 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/randpkt 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/randpktdump 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/etwdump 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/rawshark 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/reordercap 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sshdump 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/text2pcap 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/tshark 1)
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/udpdump 1)
|
|
||||||
|
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/extcap 4)
|
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.html)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/wireshark-filter 4)
|
if (${_man_section} EQUAL 1)
|
||||||
|
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
|
||||||
|
elseif (${_man_section} EQUAL 4)
|
||||||
|
list(APPEND MAN4_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
|
||||||
|
else()
|
||||||
|
message(FATAL_ERROR "Unsupported manual page section ${_man_section} for ${_page_name}")
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
endmacro()
|
||||||
|
|
||||||
|
ASCIIDOCTOR2MANHTML(wireshark 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(androiddump 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(capinfos 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(captype 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(ciscodump 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(dftest 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(dumpcap 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(editcap 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(mergecap 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(randpkt 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(randpktdump 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(etwdump 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(rawshark 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(reordercap 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(sshdump 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(text2pcap 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(tshark 1)
|
||||||
|
ASCIIDOCTOR2MANHTML(udpdump 1)
|
||||||
|
|
||||||
|
ASCIIDOCTOR2MANHTML(extcap 4)
|
||||||
|
ASCIIDOCTOR2MANHTML(wireshark-filter 4)
|
||||||
|
|
||||||
if(BUILD_dpauxmon AND HAVE_LIBNL3)
|
if(BUILD_dpauxmon AND HAVE_LIBNL3)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dpauxmon 1)
|
ASCIIDOCTOR2MANHTML(dpauxmon 1)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if(BUILD_sdjournal AND SYSTEMD_FOUND)
|
if(BUILD_sdjournal AND SYSTEMD_FOUND)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sdjournal 1)
|
ASCIIDOCTOR2MANHTML(sdjournal 1)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if(MAXMINDDB_FOUND)
|
if(MAXMINDDB_FOUND)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mmdbresolve 1)
|
ASCIIDOCTOR2MANHTML(mmdbresolve 1)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if (BUILD_corbaidl2wrs)
|
if (BUILD_corbaidl2wrs)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/idl2wrs 1)
|
ASCIIDOCTOR2MANHTML(idl2wrs 1)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if (BUILD_xxx2deb)
|
if (BUILD_xxx2deb)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/asn2deb 1)
|
ASCIIDOCTOR2MANHTML(asn2deb 1)
|
||||||
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/idl2deb 1)
|
ASCIIDOCTOR2MANHTML(idl2deb 1)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
set(MAN1_INSTALL_FILES
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/androiddump.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/capinfos.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/captype.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/dftest.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/dumpcap.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/editcap.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/mergecap.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/randpkt.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/randpktdump.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/etwdump.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/rawshark.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/reordercap.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/sshdump.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/text2pcap.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/tshark.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/udpdump.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark.1
|
|
||||||
)
|
|
||||||
|
|
||||||
if(BUILD_dpauxmon AND HAVE_LIBNL3)
|
|
||||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.1)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if(BUILD_sdjournal AND SYSTEMD_FOUND)
|
|
||||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.1)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if(MAXMINDDB_FOUND)
|
|
||||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.1)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if (BUILD_corbaidl2wrs)
|
|
||||||
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.1)
|
|
||||||
endif()
|
|
||||||
if (BUILD_xxx2deb)
|
|
||||||
list(APPEND MAN1_INSTALL_FILES
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/asn2deb.1
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/idl2deb.1
|
|
||||||
)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
set(MAN4_INSTALL_FILES
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/extcap.4
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark-filter.4
|
|
||||||
)
|
|
||||||
|
|
||||||
set(BUNDLE_RESOURCE_SHARE_MAN1_FILES ${MAN1_INSTALL_FILES} PARENT_SCOPE)
|
set(BUNDLE_RESOURCE_SHARE_MAN1_FILES ${MAN1_INSTALL_FILES} PARENT_SCOPE)
|
||||||
set(BUNDLE_RESOURCE_SHARE_MAN4_FILES ${MAN4_INSTALL_FILES} PARENT_SCOPE)
|
set(BUNDLE_RESOURCE_SHARE_MAN4_FILES ${MAN4_INSTALL_FILES} PARENT_SCOPE)
|
||||||
|
|
||||||
|
@ -118,52 +91,6 @@ add_custom_target(manpages DEPENDS
|
||||||
${MAN4_INSTALL_FILES}
|
${MAN4_INSTALL_FILES}
|
||||||
)
|
)
|
||||||
|
|
||||||
set(HTML_INSTALL_FILES
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/androiddump.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/capinfos.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/captype.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/dftest.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/dumpcap.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/editcap.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/extcap.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/mergecap.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/randpkt.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/randpktdump.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/etwdump.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/rawshark.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/reordercap.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/sshdump.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/text2pcap.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/tshark.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/udpdump.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark-filter.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/wireshark.html
|
|
||||||
)
|
|
||||||
|
|
||||||
if(BUILD_dpauxmon AND HAVE_LIBNL3)
|
|
||||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.html)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if(BUILD_sdjournal AND SYSTEMD_FOUND)
|
|
||||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.html)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if(MAXMINDDB_FOUND)
|
|
||||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.html)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if (BUILD_corbaidl2wrs)
|
|
||||||
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.html)
|
|
||||||
endif()
|
|
||||||
if (BUILD_xxx2deb)
|
|
||||||
list(APPEND HTML_INSTALL_FILES
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/asn2deb.html
|
|
||||||
${CMAKE_CURRENT_BINARY_DIR}/idl2deb.html
|
|
||||||
)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
add_custom_target(
|
add_custom_target(
|
||||||
docs ALL
|
docs ALL
|
||||||
DEPENDS
|
DEPENDS
|
||||||
|
@ -174,19 +101,21 @@ add_custom_target(
|
||||||
)
|
)
|
||||||
set_target_properties(docs PROPERTIES FOLDER "Docs")
|
set_target_properties(docs PROPERTIES FOLDER "Docs")
|
||||||
|
|
||||||
install(
|
if(ASCIIDOCTOR_FOUND)
|
||||||
FILES
|
install(
|
||||||
${MAN1_INSTALL_FILES}
|
FILES
|
||||||
DESTINATION
|
${MAN1_INSTALL_FILES}
|
||||||
${CMAKE_INSTALL_MANDIR}/man1
|
DESTINATION
|
||||||
)
|
${CMAKE_INSTALL_MANDIR}/man1
|
||||||
|
)
|
||||||
|
|
||||||
install(
|
install(
|
||||||
FILES
|
FILES
|
||||||
${MAN4_INSTALL_FILES}
|
${MAN4_INSTALL_FILES}
|
||||||
DESTINATION
|
DESTINATION
|
||||||
${CMAKE_INSTALL_MANDIR}/man4
|
${CMAKE_INSTALL_MANDIR}/man4
|
||||||
)
|
)
|
||||||
|
endif()
|
||||||
|
|
||||||
#
|
#
|
||||||
# Installation of HTML manuals is done
|
# Installation of HTML manuals is done
|
||||||
|
|
|
@ -1,55 +1,61 @@
|
||||||
=begin man
|
= androiddump(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
androiddump - Provide interfaces to capture from Android devices
|
androiddump - Provide interfaces to capture from Android devices
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<androiddump>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*androiddump*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-version> ]>
|
[ *--version* ]
|
||||||
S<[ B<--debug> ]>
|
[ *--extcap-version* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--debug* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--adb-server-ip>=E<lt>IP addressE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
S<[ B<--adb-server-tcp-port>=E<lt>TCP portE<gt> ]>
|
[ *--adb-server-ip*=<IP address> ]
|
||||||
S<[ B<--logcat-text>=E<lt>TRUE or FALSEE<gt> ]>
|
[ *--adb-server-tcp-port*=<TCP port> ]
|
||||||
S<[ B<--bt-server-tcp-port>=E<lt>TCP portE<gt> ]>
|
[ *--logcat-text*=<TRUE or FALSE> ]
|
||||||
S<[ B<--bt-forward-socket>=E<lt>TRUE or FALSEE<gt> ]>
|
[ *--bt-server-tcp-port*=<TCP port> ]
|
||||||
S<[ B<--bt-local-ip>=E<lt>IP addressE<gt> ]>
|
[ *--bt-forward-socket*=<TRUE or FALSE> ]
|
||||||
S<[ B<--bt-local-tcp-port>=E<lt>TCP portE<gt> ]>
|
[ *--bt-local-ip*=<IP address> ]
|
||||||
|
[ *--bt-local-tcp-port*=<TCP port> ]
|
||||||
|
|
||||||
B<androiddump>
|
[manarg]
|
||||||
S< B<--extcap-interfaces> >
|
*androiddump*
|
||||||
S<[ B<--adb-server-ip>=E<lt>IP addressE<gt> ]>
|
*--extcap-interfaces*
|
||||||
S<[ B<--adb-server-tcp-port>=E<lt>TCP portE<gt> ]>
|
[ *--adb-server-ip*=<IP address> ]
|
||||||
|
[ *--adb-server-tcp-port*=<TCP port> ]
|
||||||
|
|
||||||
B<androiddump>
|
[manarg]
|
||||||
S< B<--extcap-interface>=E<lt>interfaceE<gt> >
|
*androiddump*
|
||||||
S<[ B<--extcap-dlts> ]>
|
*--extcap-interface*=<interface>
|
||||||
|
[ *--extcap-dlts* ]
|
||||||
|
|
||||||
B<androiddump>
|
[manarg]
|
||||||
S< B<--extcap-interface>=E<lt>interfaceE<gt> >
|
*androiddump*
|
||||||
S<[ B<--extcap-config> ]>
|
*--extcap-interface*=<interface>
|
||||||
|
[ *--extcap-config* ]
|
||||||
|
|
||||||
B<androiddump>
|
[manarg]
|
||||||
S< B<--extcap-interface>=E<lt>interfaceE<gt> >
|
*androiddump*
|
||||||
S< B<--fifo>=E<lt>path to file or pipeE<gt> >
|
*--extcap-interface*=<interface>
|
||||||
S< B<--capture> >
|
*--fifo*=<path to file or pipe>
|
||||||
|
*--capture*
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Androiddump> is a extcap tool that provide interfaces to capture from
|
*Androiddump* is a extcap tool that provide interfaces to capture from
|
||||||
Android device. There is only two requirements:
|
Android device. There is only two requirements:
|
||||||
|
|
||||||
1. You must have Android SDK and add it PATH environment variable.
|
1. You must have Android SDK and add it PATH environment variable.
|
||||||
|
@ -60,115 +66,132 @@ https://developer.android.com/sdk/index.html#Other
|
||||||
2. You must have permission to Android devices. Some Android devices requires
|
2. You must have permission to Android devices. Some Android devices requires
|
||||||
on-screen authentication.
|
on-screen authentication.
|
||||||
|
|
||||||
|
|
||||||
Supported interfaces:
|
Supported interfaces:
|
||||||
|
|
||||||
=over 4
|
1. Logcat Main (binary [++<=++Jelly Bean] or text)
|
||||||
|
2. Logcat System (binary [++<=++Jelly Bean] or text)
|
||||||
=item 1. Logcat Main (binary [<=Jelly Bean] or text)
|
3. Logcat Events (binary [++<=++Jelly Bean] or text)
|
||||||
|
4. Logcat Radio (binary [++<=++Jelly Bean] or text)
|
||||||
=item 2. Logcat System (binary [<=Jelly Bean] or text)
|
5. Logcat Crash (text; from Lollipop)
|
||||||
|
6. Bluetooth Hcidump [++<=++Jelly Bean]
|
||||||
=item 3. Logcat Events (binary [<=Jelly Bean] or text)
|
7. Bluetooth Bluedroid External Parser [Kitkat]
|
||||||
|
8. Bluetooth BtsnoopNet [>=Lollipop]
|
||||||
=item 4. Logcat Radio (binary [<=Jelly Bean] or text)
|
9. WiFi tcpdump [need tcpdump on phone]
|
||||||
|
|
||||||
=item 5. Logcat Crash (text; from Lollipop)
|
|
||||||
|
|
||||||
=item 6. Bluetooth Hcidump [<=Jelly Bean]
|
|
||||||
|
|
||||||
=item 7. Bluetooth Bluedroid External Parser [Kitkat]
|
|
||||||
|
|
||||||
=item 8. Bluetooth BtsnoopNet [>=Lollipop]
|
|
||||||
|
|
||||||
=item 9. WiFi tcpdump [need tcpdump on phone]
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
Please note that it will work also for FirefoxOS or other Android-based stuffs.
|
Please note that it will work also for FirefoxOS or other Android-based stuffs.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-version
|
--extcap-version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print extcapized version.
|
Print extcapized version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --debug
|
--debug::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print additional messages.
|
Print additional messages.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --adb-server-ip=E<lt>IP addressE<gt>
|
--adb-server-ip=<IP address>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use other then default (127.0.0.1) ADB daemon's IP address.
|
Use other then default (127.0.0.1) ADB daemon's IP address.
|
||||||
|
--
|
||||||
|
|
||||||
=item --adb-server-tcp-port=E<lt>TCP portE<gt>
|
--adb-server-tcp-port=<TCP port>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use other then default (5037) ADB daemon's TCP port.
|
Use other then default (5037) ADB daemon's TCP port.
|
||||||
|
--
|
||||||
|
|
||||||
=item --logcat-text=E<lt>TRUE or FALSEE<gt>
|
--logcat-text=<TRUE or FALSE>::
|
||||||
|
+
|
||||||
|
--
|
||||||
If TRUE then use text logcat rather then binary. This option has effect only on
|
If TRUE then use text logcat rather then binary. This option has effect only on
|
||||||
Logcat interfaces. This have no effect from Lollipop where is no binary Logcat
|
Logcat interfaces. This have no effect from Lollipop where is no binary Logcat
|
||||||
available.
|
available.
|
||||||
|
|
||||||
Defaults to FALSE.
|
Defaults to FALSE.
|
||||||
|
--
|
||||||
|
|
||||||
=item --bt-server-tcp-port=E<lt>TCP portE<gt>
|
--bt-server-tcp-port=<TCP port>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use other then default Bluetooth server TCP port on Android side.
|
Use other then default Bluetooth server TCP port on Android side.
|
||||||
On Lollipop defaults is 8872, earlier 4330.
|
On Lollipop defaults is 8872, earlier 4330.
|
||||||
|
--
|
||||||
|
|
||||||
=item --bt-forward-socket=E<lt>TRUE or FALSEE<gt>
|
--bt-forward-socket=<TRUE or FALSE>::
|
||||||
|
+
|
||||||
|
--
|
||||||
If TRUE then socket from Android side is forwarded to host side.
|
If TRUE then socket from Android side is forwarded to host side.
|
||||||
|
|
||||||
Defaults to FALSE.
|
Defaults to FALSE.
|
||||||
|
--
|
||||||
|
|
||||||
=item --bt-local-ip=E<lt>IP addressE<gt>
|
--bt-local-ip=<IP address>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use other then default (127.0.0.1) IP address on host side for forwarded socket.
|
Use other then default (127.0.0.1) IP address on host side for forwarded socket.
|
||||||
|
--
|
||||||
|
|
||||||
=item --bt-local-tcp-port=E<lt>TCP portE<gt>
|
--bt-local-tcp-port=<TCP port>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Specify port to be used on host side for forwarded socket.
|
Specify port to be used on host side for forwarded socket.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -220,7 +243,6 @@ To see interface DLTs:
|
||||||
Example output:
|
Example output:
|
||||||
dlt {number=99}{name=BluetoothH4}{display=Bluetooth HCI UART transport layer plus pseudo-header}
|
dlt {number=99}{name=BluetoothH4}{display=Bluetooth HCI UART transport layer plus pseudo-header}
|
||||||
|
|
||||||
|
|
||||||
To see interface configuration options:
|
To see interface configuration options:
|
||||||
|
|
||||||
androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --extcap-config
|
androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --extcap-config
|
||||||
|
@ -229,32 +251,30 @@ To see interface configuration options:
|
||||||
arg {number=0}{call=--adb-server-ip}{display=ADB Server IP Address}{type=string}{default=127.0.0.1}
|
arg {number=0}{call=--adb-server-ip}{display=ADB Server IP Address}{type=string}{default=127.0.0.1}
|
||||||
arg {number=1}{call=--adb-server-tcp-port}{display=ADB Server TCP Port}{type=integer}{range=0,65535}{default=5037}
|
arg {number=1}{call=--adb-server-tcp-port}{display=ADB Server TCP Port}{type=integer}{range=0,65535}{default=5037}
|
||||||
|
|
||||||
|
|
||||||
To capture:
|
To capture:
|
||||||
|
|
||||||
androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --fifo=/tmp/bluetooth.pcapng --capture
|
androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --fifo=/tmp/bluetooth.pcapng --capture
|
||||||
|
|
||||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<Androiddump> is part of the B<Wireshark> distribution. The latest version
|
*Androiddump* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Michal Labedzki <michal.labedzki[AT]tieto.com>
|
Michal Labedzki <michal.labedzki[AT]tieto.com>
|
||||||
|
|
||||||
|
.Contributors
|
||||||
Contributors
|
[%hardbreaks]
|
||||||
------------
|
Roland Knall <rknall[AT]gmail.com>
|
||||||
Roland Knall <rknall[AT]gmail.com>
|
|
||||||
|
|
114
doc/asn2deb.adoc
114
doc/asn2deb.adoc
|
@ -1,82 +1,94 @@
|
||||||
=begin man
|
= asn2deb(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
asn2deb - Create a Debian package for BER monitoring from ASN.1
|
asn2deb - Create a Debian package for BER monitoring from ASN.1
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<asn2deb>
|
[manarg]
|
||||||
S<[ B<-a> E<lt>ASN.1 fileE<gt> ]>
|
*asn2deb*
|
||||||
S<[ B<--asn>=E<lt>ASN.1 fileE<gt> ]>
|
[ *-a* <ASN.1 file> ]
|
||||||
S<[ B<-d> E<lt>optsE<gt> ]>
|
[ *--asn*=<ASN.1 file> ]
|
||||||
S<[ B<--dbopts>=E<lt>optsE<gt> ]>
|
[ *-d* <opts> ]
|
||||||
S<[ B<-e> E<lt>addressE<gt> ]>
|
[ *--dbopts*=<opts> ]
|
||||||
S<[ B<--email>=E<lt>addressE<gt> ]>
|
[ *-e* <address> ]
|
||||||
S<[ B<-h> ]>
|
[ *--email*=<address> ]
|
||||||
S<[ B<--help> ]>
|
[ *-h* ]
|
||||||
S<[ B<-n> E<lt>nameE<gt> ]>
|
[ *--help* ]
|
||||||
S<[ B<--name>=E<lt>nameE<gt> ]>
|
[ *-n* <name> ]
|
||||||
S<[ B<-p> ]>
|
[ *--name*=<name> ]
|
||||||
S<[ B<--preserve> ]>
|
[ *-p* ]
|
||||||
S<[ B<-v> ]>
|
[ *--preserve* ]
|
||||||
S<[ B<--version> ]>
|
[ *-v* ]
|
||||||
|
[ *--version* ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
This manual page documents briefly the B<asn2deb> command. B<asn2deb>
|
This manual page documents briefly the *asn2deb* command. *asn2deb*
|
||||||
takes an ASN.1 file as input and creates a Debian package from it. The package
|
takes an ASN.1 file as input and creates a Debian package from it. The package
|
||||||
contains a loadable type table file for the Wireshark network analyser.
|
contains a loadable type table file for the Wireshark network analyser.
|
||||||
The type table is generated by the ASN.1 compiler B<snacc>.
|
The type table is generated by the ASN.1 compiler *snacc*.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -a E<lt>ASN.1 fileE<gt> --asn=E<lt>ASN.1 fileE<gt>
|
|
||||||
|
|
||||||
|
-a <ASN.1 file> --asn=<ASN.1 file>::
|
||||||
|
+
|
||||||
|
--
|
||||||
ASN.1 file to use (mandatory).
|
ASN.1 file to use (mandatory).
|
||||||
|
--
|
||||||
|
|
||||||
=item -d E<lt>optsE<gt> --dbopts=E<lt>optsE<gt>
|
-d <opts> --dbopts=<opts>::
|
||||||
|
+
|
||||||
|
--
|
||||||
options for dpkg-buildpackage.
|
options for dpkg-buildpackage.
|
||||||
|
--
|
||||||
|
|
||||||
=item -e E<lt>addressE<gt> --email=E<lt>addressE<gt>
|
-e <address> --email=<address>::
|
||||||
|
+
|
||||||
|
--
|
||||||
use e-mail address.
|
use e-mail address.
|
||||||
|
--
|
||||||
|
|
||||||
=item -h --help
|
-h --help::
|
||||||
|
+
|
||||||
|
--
|
||||||
print help and exit.
|
print help and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=item -n E<lt>nameE<gt> --name=E<lt>nameE<gt>
|
-n <name> --name=<name>::
|
||||||
|
+
|
||||||
|
--
|
||||||
use user name.
|
use user name.
|
||||||
|
--
|
||||||
|
|
||||||
=item -p --preserve
|
-p --preserve::
|
||||||
|
+
|
||||||
|
--
|
||||||
do not overwrite files.
|
do not overwrite files.
|
||||||
|
--
|
||||||
|
|
||||||
=item -v --version
|
-v --version::
|
||||||
|
+
|
||||||
|
--
|
||||||
print version and exit.
|
print version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
/usr/bin/asn2deb -e me@foo.net -a bar.asn1 \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
|
/usr/bin/asn2deb -e me@foo.net -a bar.asn1 \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
A lot of tools are used, which you have to B<apt-get install>: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev,
|
A lot of tools are used, which you have to *apt-get install*: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev,
|
||||||
snacc.
|
snacc.
|
||||||
|
|
||||||
=head1 COPYING
|
== COPYING
|
||||||
|
|
||||||
This manual page was written by W. Borgert debacle@debian.org
|
This manual page was written by W. Borgert debacle@debian.org
|
||||||
for Debian GNU/Linux (but may be used by others). Permission is granted
|
for Debian GNU/Linux (but may be used by others). Permission is granted
|
||||||
|
@ -84,10 +96,10 @@ to copy, distribute and/or modify this document under the terms of the
|
||||||
GNU General Public License, Version 2 or any later version published by
|
GNU General Public License, Version 2 or any later version published by
|
||||||
the Free Software Foundation.
|
the Free Software Foundation.
|
||||||
|
|
||||||
=head1 AUTHOR
|
== AUTHOR
|
||||||
|
|
||||||
B<W. Borgert> Author.
|
*W. Borgert* Author.
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
== COPYRIGHT
|
||||||
|
|
||||||
Copyright (C) 2003, 2005 W. Borger
|
Copyright (C) 2003, 2005 W. Borger
|
||||||
|
|
|
@ -1,60 +1,62 @@
|
||||||
=begin man
|
= capinfos(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
capinfos - Prints information about capture files
|
capinfos - Prints information about capture files
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<capinfos>
|
[manarg]
|
||||||
S<[ B<-a> ]>
|
*capinfos*
|
||||||
S<[ B<-A> ]>
|
[ *-a* ]
|
||||||
S<[ B<-b> ]>
|
[ *-A* ]
|
||||||
S<[ B<-B> ]>
|
[ *-b* ]
|
||||||
S<[ B<-c> ]>
|
[ *-B* ]
|
||||||
S<[ B<-C> ]>
|
[ *-c* ]
|
||||||
S<[ B<-d> ]>
|
[ *-C* ]
|
||||||
S<[ B<-D> ]>
|
[ *-d* ]
|
||||||
S<[ B<-e> ]>
|
[ *-D* ]
|
||||||
S<[ B<-E> ]>
|
[ *-e* ]
|
||||||
S<[ B<-F> ]>
|
[ *-E* ]
|
||||||
S<[ B<-h> ]>
|
[ *-F* ]
|
||||||
S<[ B<-H> ]>
|
[ *-h* ]
|
||||||
S<[ B<-i> ]>
|
[ *-H* ]
|
||||||
S<[ B<-I> ]>
|
[ *-i* ]
|
||||||
S<[ B<-k> ]>
|
[ *-I* ]
|
||||||
S<[ B<-K> ]>
|
[ *-k* ]
|
||||||
S<[ B<-l> ]>
|
[ *-K* ]
|
||||||
S<[ B<-L> ]>
|
[ *-l* ]
|
||||||
S<[ B<-m> ]>
|
[ *-L* ]
|
||||||
S<[ B<-M> ]>
|
[ *-m* ]
|
||||||
S<[ B<-n> ]>
|
[ *-M* ]
|
||||||
S<[ B<-N> ]>
|
[ *-n* ]
|
||||||
S<[ B<-o> ]>
|
[ *-N* ]
|
||||||
S<[ B<-q> ]>
|
[ *-o* ]
|
||||||
S<[ B<-Q> ]>
|
[ *-q* ]
|
||||||
S<[ B<-r> ]>
|
[ *-Q* ]
|
||||||
S<[ B<-R> ]>
|
[ *-r* ]
|
||||||
S<[ B<-s> ]>
|
[ *-R* ]
|
||||||
S<[ B<-S> ]>
|
[ *-s* ]
|
||||||
S<[ B<-t> ]>
|
[ *-S* ]
|
||||||
S<[ B<-T> ]>
|
[ *-t* ]
|
||||||
S<[ B<-u> ]>
|
[ *-T* ]
|
||||||
S<[ B<-v> ]>
|
[ *-u* ]
|
||||||
S<[ B<-x> ]>
|
[ *-v* ]
|
||||||
S<[ B<-y> ]>
|
[ *-x* ]
|
||||||
S<[ B<-z> ]>
|
[ *-y* ]
|
||||||
E<lt>I<infile>E<gt>
|
[ *-z* ]
|
||||||
I<...>
|
<__infile__>
|
||||||
|
__...__
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Capinfos> is a program that reads one or more capture files and
|
*Capinfos* is a program that reads one or more capture files and
|
||||||
returns some or all available statistics (infos) of each E<lt>I<infile>E<gt>
|
returns some or all available statistics (infos) of each <__infile__>
|
||||||
in one of two types of output formats: long or table.
|
in one of two types of output formats: long or table.
|
||||||
|
|
||||||
The long output is suitable for a human to read. The table output
|
The long output is suitable for a human to read. The table output
|
||||||
|
@ -64,41 +66,44 @@ a spreadsheet or database.
|
||||||
The user specifies what type of output (long or table) and which
|
The user specifies what type of output (long or table) and which
|
||||||
statistics to display by specifying flags (options) that corresponding
|
statistics to display by specifying flags (options) that corresponding
|
||||||
to the report type and desired infos. If no options are specified,
|
to the report type and desired infos. If no options are specified,
|
||||||
B<Capinfos> will report all statistics available in "long" format.
|
*Capinfos* will report all statistics available in "long" format.
|
||||||
|
|
||||||
Options are processed from left to right order with later options
|
Options are processed from left to right order with later options
|
||||||
superseding or adding to earlier options.
|
superseding or adding to earlier options.
|
||||||
|
|
||||||
B<Capinfos> is able to detect and read the same capture files that are
|
*Capinfos* is able to detect and read the same capture files that are
|
||||||
supported by B<Wireshark>.
|
supported by *Wireshark*.
|
||||||
The input files don't need a specific filename extension; the file
|
The input files don't need a specific filename extension; the file
|
||||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||||
is a detailed description of the way B<Wireshark> handles this, which is
|
is a detailed description of the way *Wireshark* handles this, which is
|
||||||
the same way B<Capinfos> handles this.
|
the same way *Capinfos* handles this.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
-a::
|
||||||
|
+
|
||||||
=item -a
|
--
|
||||||
|
Displays the start time of the capture. *Capinfos* considers
|
||||||
Displays the start time of the capture. B<Capinfos> considers
|
|
||||||
the earliest timestamp seen to be the start time, so the
|
the earliest timestamp seen to be the start time, so the
|
||||||
first packet in the capture is not necessarily the earliest -
|
first packet in the capture is not necessarily the earliest -
|
||||||
if packets exist "out-of-order", time-wise, in the capture,
|
if packets exist "out-of-order", time-wise, in the capture,
|
||||||
B<Capinfos> detects this.
|
*Capinfos* detects this.
|
||||||
|
--
|
||||||
=item -A
|
|
||||||
|
|
||||||
|
-A::
|
||||||
|
+
|
||||||
|
--
|
||||||
Generate all infos. By default capinfos will display
|
Generate all infos. By default capinfos will display
|
||||||
all infos values for each input file, but enabling
|
all infos values for each input file, but enabling
|
||||||
any of the individual display infos options will
|
any of the individual display infos options will
|
||||||
disable the generate all option.
|
disable the generate all option.
|
||||||
|
--
|
||||||
|
|
||||||
=item -b
|
-b::
|
||||||
|
+
|
||||||
|
--
|
||||||
Separate infos with ASCII SPACE (0x20) characters.
|
Separate infos with ASCII SPACE (0x20) characters.
|
||||||
This option is only useful when generating a table
|
This option is only useful when generating a table
|
||||||
style report (-T). The various info values will be
|
style report (-T). The various info values will be
|
||||||
|
@ -109,22 +114,28 @@ NOTE: Since some of the header labels as well as some
|
||||||
of the value fields contain SPACE characters. This
|
of the value fields contain SPACE characters. This
|
||||||
option is of limited value unless one of the quoting
|
option is of limited value unless one of the quoting
|
||||||
options (-q or -Q) is also specified.
|
options (-q or -Q) is also specified.
|
||||||
|
--
|
||||||
|
|
||||||
=item -B
|
-B::
|
||||||
|
+
|
||||||
|
--
|
||||||
Separate the infos with ASCII TAB characters.
|
Separate the infos with ASCII TAB characters.
|
||||||
This option is only useful when generating a table
|
This option is only useful when generating a table
|
||||||
style report (-T). The various info values will be
|
style report (-T). The various info values will be
|
||||||
separated (delimited) from one another with a single
|
separated (delimited) from one another with a single
|
||||||
ASCII TAB character. The TAB character is the default
|
ASCII TAB character. The TAB character is the default
|
||||||
delimiter when -T style report is enabled.
|
delimiter when -T style report is enabled.
|
||||||
|
--
|
||||||
|
|
||||||
=item -c
|
-c::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the number of packets in the capture file.
|
Displays the number of packets in the capture file.
|
||||||
|
--
|
||||||
|
|
||||||
=item -C
|
-C::
|
||||||
|
+
|
||||||
|
--
|
||||||
Cancel processing any additional files if and
|
Cancel processing any additional files if and
|
||||||
when capinfos fails to open an input file
|
when capinfos fails to open an input file
|
||||||
or gets an error reading an input file.
|
or gets an error reading an input file.
|
||||||
|
@ -137,117 +148,155 @@ an error reading from a file regardless whether
|
||||||
the -C option is specified or not.
|
the -C option is specified or not.
|
||||||
Upon exit, capinfos will return an error status
|
Upon exit, capinfos will return an error status
|
||||||
if any errors occurred during processing.
|
if any errors occurred during processing.
|
||||||
|
--
|
||||||
|
|
||||||
=item -d
|
-d::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the total length of all packets in the file, in
|
Displays the total length of all packets in the file, in
|
||||||
bytes. This counts the size of the packets as they appeared
|
bytes. This counts the size of the packets as they appeared
|
||||||
in their original form, not as they appear in this file.
|
in their original form, not as they appear in this file.
|
||||||
For example, if a packet was originally 1514 bytes and only
|
For example, if a packet was originally 1514 bytes and only
|
||||||
256 of those bytes were saved to the capture file (if packets
|
256 of those bytes were saved to the capture file (if packets
|
||||||
were captured with a snaplen or other slicing option),
|
were captured with a snaplen or other slicing option),
|
||||||
B<Capinfos> will consider the packet to have been 1514 bytes.
|
*Capinfos* will consider the packet to have been 1514 bytes.
|
||||||
|
--
|
||||||
=item -D
|
|
||||||
|
|
||||||
|
-D::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays a count of the number of decryption secrets in the file.
|
Displays a count of the number of decryption secrets in the file.
|
||||||
|
--
|
||||||
|
|
||||||
=item -e
|
-e::
|
||||||
|
+
|
||||||
Displays the end time of the capture. B<Capinfos> considers
|
--
|
||||||
|
Displays the end time of the capture. *Capinfos* considers
|
||||||
the latest timestamp seen to be the end time, so the
|
the latest timestamp seen to be the end time, so the
|
||||||
last packet in the capture is not necessarily the latest -
|
last packet in the capture is not necessarily the latest -
|
||||||
if packets exist "out-of-order", time-wise, in the capture,
|
if packets exist "out-of-order", time-wise, in the capture,
|
||||||
B<Capinfos> detects this.
|
*Capinfos* detects this.
|
||||||
|
--
|
||||||
=item -E
|
|
||||||
|
|
||||||
|
-E::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the per-file encapsulation of the capture file.
|
Displays the per-file encapsulation of the capture file.
|
||||||
|
--
|
||||||
|
|
||||||
=item -F
|
-F::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays additional capture file information.
|
Displays additional capture file information.
|
||||||
|
--
|
||||||
|
|
||||||
=item -h
|
-h::
|
||||||
|
+
|
||||||
|
--
|
||||||
Prints the help listing and exits.
|
Prints the help listing and exits.
|
||||||
|
--
|
||||||
|
|
||||||
=item -H
|
-H::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the SHA256, RIPEMD160, and SHA1 hashes for the file.
|
Displays the SHA256, RIPEMD160, and SHA1 hashes for the file.
|
||||||
SHA1 output may be removed in the future.
|
SHA1 output may be removed in the future.
|
||||||
|
--
|
||||||
|
|
||||||
=item -i
|
-i::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the average data rate, in bits/sec
|
Displays the average data rate, in bits/sec
|
||||||
|
--
|
||||||
|
|
||||||
=item -I
|
-I::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays detailed capture file interface information. This information
|
Displays detailed capture file interface information. This information
|
||||||
is not available in table format.
|
is not available in table format.
|
||||||
|
--
|
||||||
|
|
||||||
=item -k
|
-k::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the capture comment. For pcapng files, this is the comment from the
|
Displays the capture comment. For pcapng files, this is the comment from the
|
||||||
section header block.
|
section header block.
|
||||||
|
--
|
||||||
|
|
||||||
=item -K
|
-K::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use this option to suppress printing capture comments. By default capture
|
Use this option to suppress printing capture comments. By default capture
|
||||||
comments are enabled. Capture comments are relatively freeform and might
|
comments are enabled. Capture comments are relatively freeform and might
|
||||||
contain embedded new-line characters and/or other delimiting characters
|
contain embedded new-line characters and/or other delimiting characters
|
||||||
making it harder for a human or machine to easily parse the capinfos output.
|
making it harder for a human or machine to easily parse the capinfos output.
|
||||||
Excluding capture comments can aid in post-processing of output.
|
Excluding capture comments can aid in post-processing of output.
|
||||||
|
--
|
||||||
|
|
||||||
=item -l
|
-l::
|
||||||
|
+
|
||||||
|
--
|
||||||
Display the snaplen (if any) for a file.
|
Display the snaplen (if any) for a file.
|
||||||
snaplen (if available) is determined from the capture file header
|
snaplen (if available) is determined from the capture file header
|
||||||
and by looking for truncated records in the capture file.
|
and by looking for truncated records in the capture file.
|
||||||
|
--
|
||||||
|
|
||||||
=item -L
|
-L::
|
||||||
|
+
|
||||||
|
--
|
||||||
Generate long report. Capinfos can generate two
|
Generate long report. Capinfos can generate two
|
||||||
different styles of reports. The "long" report is
|
different styles of reports. The "long" report is
|
||||||
the default style of output and is suitable for a
|
the default style of output and is suitable for a
|
||||||
human to use.
|
human to use.
|
||||||
|
--
|
||||||
|
|
||||||
=item -m
|
-m::
|
||||||
|
+
|
||||||
|
--
|
||||||
Separate the infos with comma (,) characters. This option
|
Separate the infos with comma (,) characters. This option
|
||||||
is only useful when generating a table style report (-T).
|
is only useful when generating a table style report (-T).
|
||||||
The various info values will be separated (delimited)
|
The various info values will be separated (delimited)
|
||||||
from one another with a single comma "," character.
|
from one another with a single comma "," character.
|
||||||
|
--
|
||||||
|
|
||||||
=item -M
|
-M::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print raw (machine readable) values in long reports.
|
Print raw (machine readable) values in long reports.
|
||||||
By default capinfos prints numeric values with human-readable SI
|
By default capinfos prints numeric values with human-readable SI
|
||||||
suffixes, and shows human-readable file type and encapsulation.
|
suffixes, and shows human-readable file type and encapsulation.
|
||||||
Table reports (-T) always print raw values.
|
Table reports (-T) always print raw values.
|
||||||
|
--
|
||||||
|
|
||||||
=item -n
|
-n::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays a count of the number of resolved IPv4 addresses and a count of
|
Displays a count of the number of resolved IPv4 addresses and a count of
|
||||||
the number of resolved IPv6 addresses in the file.
|
the number of resolved IPv6 addresses in the file.
|
||||||
|
--
|
||||||
|
|
||||||
=item -N
|
-N::
|
||||||
|
+
|
||||||
|
--
|
||||||
Do not quote the infos. This option is only useful
|
Do not quote the infos. This option is only useful
|
||||||
when generating a table style report (-T). Excluding
|
when generating a table style report (-T). Excluding
|
||||||
any quoting characters around the various values and
|
any quoting characters around the various values and
|
||||||
using a TAB delimiter produces a very "clean" table
|
using a TAB delimiter produces a very "clean" table
|
||||||
report that is easily parsed with CLI tools. By
|
report that is easily parsed with CLI tools. By
|
||||||
default infos are B<NOT> quoted.
|
default infos are *NOT* quoted.
|
||||||
|
--
|
||||||
=item -o
|
|
||||||
|
|
||||||
|
-o::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays "True" if packets exist in strict chronological order
|
Displays "True" if packets exist in strict chronological order
|
||||||
or "False" if one or more packets in the capture exists
|
or "False" if one or more packets in the capture exists
|
||||||
"out-of-order" time-wise.
|
"out-of-order" time-wise.
|
||||||
|
--
|
||||||
|
|
||||||
=item -q
|
-q::
|
||||||
|
+
|
||||||
|
--
|
||||||
Quote infos with single quotes ('). This option is
|
Quote infos with single quotes ('). This option is
|
||||||
only useful when generating a table style report (-T).
|
only useful when generating a table style report (-T).
|
||||||
When this option is enabled, each value will be
|
When this option is enabled, each value will be
|
||||||
|
@ -255,9 +304,11 @@ encapsulated within a pair of single quote (')
|
||||||
characters. This option (when used with the -m
|
characters. This option (when used with the -m
|
||||||
option) is useful for generating one type of CSV
|
option) is useful for generating one type of CSV
|
||||||
style file report.
|
style file report.
|
||||||
|
--
|
||||||
|
|
||||||
=item -Q
|
-Q::
|
||||||
|
+
|
||||||
|
--
|
||||||
Quote infos with double quotes ("). This option is
|
Quote infos with double quotes ("). This option is
|
||||||
only useful when generating a table style report (-T).
|
only useful when generating a table style report (-T).
|
||||||
When this option is enabled, each value will be
|
When this option is enabled, each value will be
|
||||||
|
@ -265,69 +316,90 @@ encapsulated within a pair of double quote (")
|
||||||
characters. This option (when used with the -m
|
characters. This option (when used with the -m
|
||||||
option) is useful for generating the most common
|
option) is useful for generating the most common
|
||||||
type of CSV style file report.
|
type of CSV style file report.
|
||||||
|
--
|
||||||
|
|
||||||
=item -r
|
-r::
|
||||||
|
+
|
||||||
|
--
|
||||||
Do not generate header record. This option is only
|
Do not generate header record. This option is only
|
||||||
useful when generating a table style report (-T).
|
useful when generating a table style report (-T).
|
||||||
If this option is specified then B<no> header record will be
|
If this option is specified then *no* header record will be
|
||||||
generated within the table report.
|
generated within the table report.
|
||||||
|
--
|
||||||
|
|
||||||
=item -R
|
-R::
|
||||||
|
+
|
||||||
|
--
|
||||||
Generate header record. This option is only useful
|
Generate header record. This option is only useful
|
||||||
when generating a table style report (-T). A header
|
when generating a table style report (-T). A header
|
||||||
is generated by default. A header record (if generated)
|
is generated by default. A header record (if generated)
|
||||||
is the first line of data reported and includes labels
|
is the first line of data reported and includes labels
|
||||||
for all the columns included within the table report.
|
for all the columns included within the table report.
|
||||||
|
--
|
||||||
|
|
||||||
=item -s
|
-s::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the size of the file, in bytes. This reports
|
Displays the size of the file, in bytes. This reports
|
||||||
the size of the capture file itself.
|
the size of the capture file itself.
|
||||||
|
--
|
||||||
|
|
||||||
=item -S
|
-S::
|
||||||
|
+
|
||||||
|
--
|
||||||
Display the start and end times as seconds since January
|
Display the start and end times as seconds since January
|
||||||
1, 1970. Handy for synchronizing dumps using B<editcap -t>.
|
1, 1970. Handy for synchronizing dumps using *editcap -t*.
|
||||||
|
--
|
||||||
=item -t
|
|
||||||
|
|
||||||
|
-t::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the capture type of the capture file.
|
Displays the capture type of the capture file.
|
||||||
|
--
|
||||||
|
|
||||||
=item -T
|
-T::
|
||||||
|
+
|
||||||
|
--
|
||||||
Generate a table report. A table report is a text file
|
Generate a table report. A table report is a text file
|
||||||
that is suitable for importing into a spreadsheet or
|
that is suitable for importing into a spreadsheet or
|
||||||
database. Capinfos can build a tab delimited text file
|
database. Capinfos can build a tab delimited text file
|
||||||
(the default) or several variations on Comma-separated
|
(the default) or several variations on Comma-separated
|
||||||
values (CSV) files.
|
values (CSV) files.
|
||||||
|
--
|
||||||
|
|
||||||
=item -u
|
-u::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the capture duration, in seconds. This is the
|
Displays the capture duration, in seconds. This is the
|
||||||
difference in time between the earliest packet seen and
|
difference in time between the earliest packet seen and
|
||||||
latest packet seen.
|
latest packet seen.
|
||||||
|
--
|
||||||
|
|
||||||
=item -v
|
-v::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the tool's version and exits.
|
Displays the tool's version and exits.
|
||||||
|
--
|
||||||
|
|
||||||
=item -x
|
-x::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the average packet rate, in packets/sec
|
Displays the average packet rate, in packets/sec
|
||||||
|
--
|
||||||
|
|
||||||
=item -y
|
-y::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the average data rate, in bytes/sec
|
Displays the average data rate, in bytes/sec
|
||||||
|
--
|
||||||
|
|
||||||
=item -z
|
-z::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays the average packet size, in bytes
|
Displays the average packet size, in bytes
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see a description of the capinfos options use:
|
To see a description of the capinfos options use:
|
||||||
|
|
||||||
|
@ -352,7 +424,6 @@ or
|
||||||
|
|
||||||
capinfos -TmQ mycapture.pcap
|
capinfos -TmQ mycapture.pcap
|
||||||
|
|
||||||
|
|
||||||
To generate a TAB delimited table style report with just the
|
To generate a TAB delimited table style report with just the
|
||||||
filenames, capture type, capture encapsulation type and packet
|
filenames, capture type, capture encapsulation type and packet
|
||||||
count for all the pcap files in the current directory use:
|
count for all the pcap files in the current directory use:
|
||||||
|
@ -375,27 +446,26 @@ a text file called mycaptures.csv use:
|
||||||
The resulting mycaptures.csv file can be easily imported
|
The resulting mycaptures.csv file can be easily imported
|
||||||
into spreadsheet applications.
|
into spreadsheet applications.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
|
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:mergecap.html[mergecap](1), xref:editcap.html[editcap](1), xref:tshark.html[tshark](1),
|
||||||
dumpcap(1), captype(1), pcap-filter(7) or tcpdump(8)
|
xref:dumpcap.html[dumpcap](1), xref:captype.html[captype](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<Capinfos> is part of the B<Wireshark> distribution. The latest version
|
*Capinfos* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Ian Schorr <ian[AT]ianschorr.com>
|
Ian Schorr <ian[AT]ianschorr.com>
|
||||||
|
|
||||||
|
.Contributors
|
||||||
Contributors
|
[%hardbreaks]
|
||||||
------------
|
Gerald Combs <gerald[AT]wireshark.org>
|
||||||
Gerald Combs <gerald[AT]wireshark.org>
|
Jim Young <jyoung[AT]gsu.edu>
|
||||||
Jim Young <jyoung[AT]gsu.edu>
|
|
||||||
|
|
|
@ -1,54 +1,55 @@
|
||||||
=begin man
|
= captype(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
captype - Prints the types of capture files
|
captype - Prints the types of capture files
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<captype>
|
[manarg]
|
||||||
E<lt>I<infile>E<gt>
|
*captype*
|
||||||
I<...>
|
<__infile__>
|
||||||
|
__...__
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Captype> is a program that opens one or more capture files and
|
*Captype* is a program that opens one or more capture files and
|
||||||
prints the capture file type of each E<lt>I<infile>E<gt>.
|
prints the capture file type of each <__infile__>.
|
||||||
|
|
||||||
B<Captype> is able to detect and read the same capture files that are
|
*Captype* is able to detect and read the same capture files that are
|
||||||
supported by B<Wireshark>.
|
supported by *Wireshark*.
|
||||||
The input files don't need a specific filename extension; the file
|
The input files don't need a specific filename extension; the file
|
||||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||||
is a detailed description of the way B<Wireshark> handles this, which is
|
is a detailed description of the way *Wireshark* handles this, which is
|
||||||
the same way B<Captype> handles this.
|
the same way *Captype* handles this.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
|
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:mergecap.html[mergecap](1), xref:editcap.html[editcap](1), xref:tshark.html[tshark](1),
|
||||||
dumpcap(1), capinfos(1), pcap-filter(7) or tcpdump(8)
|
xref:dumpcap.html[dumpcap](1), xref:capinfos.html[capinfos](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<Captype> is part of the B<Wireshark> distribution. The latest version
|
*Captype* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Ian Schorr <ian[AT]ianschorr.com>
|
Ian Schorr <ian[AT]ianschorr.com>
|
||||||
|
|
||||||
|
.Contributors
|
||||||
Contributors
|
[%hardbreaks]
|
||||||
------------
|
Gerald Combs <gerald[AT]wireshark.org>
|
||||||
Gerald Combs <gerald[AT]wireshark.org>
|
Jim Young <jyoung[AT]gsu.edu>
|
||||||
Jim Young <jyoung[AT]gsu.edu>
|
|
||||||
|
|
|
@ -1,125 +1,149 @@
|
||||||
=begin man
|
= ciscodump(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
ciscodump - Provide interfaces to capture from a remote Cisco router through SSH.
|
ciscodump - Provide interfaces to capture from a remote Cisco router through SSH.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<ciscodump>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*ciscodump*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--version* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-capture-filter*=<capture filter> ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
|
[ *--remote-host*=<IP address> ]
|
||||||
S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
|
[ *--remote-port*=<TCP port> ]
|
||||||
S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
|
[ *--remote-username*=<username> ]
|
||||||
S<[ B<--remote-filter>=E<lt>filterE<gt> ]>
|
[ *--remote-password*=<password> ]
|
||||||
S<[ B<--sshkey>=E<lt>public key pathE<gt> ]>
|
[ *--remote-filter*=<filter> ]
|
||||||
S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
|
[ *--sshkey*=<public key path> ]
|
||||||
|
[ *--remote-interface*=<interface> ]
|
||||||
|
|
||||||
|
[manarg]
|
||||||
|
*ciscodump*
|
||||||
|
*--extcap-interfaces*
|
||||||
|
|
||||||
B<ciscodump>
|
[manarg]
|
||||||
S<B<--extcap-interfaces>>
|
*ciscodump*
|
||||||
|
*--extcap-interface*=<interface>
|
||||||
|
*--extcap-dlts*
|
||||||
|
|
||||||
B<ciscodump>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*ciscodump*
|
||||||
S<B<--extcap-dlts>>
|
*--extcap-interface*=<interface>
|
||||||
|
*--extcap-config*
|
||||||
|
|
||||||
B<ciscodump>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*ciscodump*
|
||||||
S<B<--extcap-config>>
|
*--extcap-interface*=<interface>
|
||||||
|
*--fifo*=<path to file or pipe>
|
||||||
|
*--capture*
|
||||||
|
*--remote-host=remoterouter*
|
||||||
|
*--remote-port=22*
|
||||||
|
*--remote-username=user*
|
||||||
|
*--remote-interface*=<the router interface>
|
||||||
|
|
||||||
B<ciscodump>
|
== DESCRIPTION
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
|
||||||
S<B<--fifo>=E<lt>path to file or pipeE<gt>>
|
|
||||||
S<B<--capture>>
|
|
||||||
S<B<--remote-host=remoterouter>>
|
|
||||||
S<B<--remote-port=22>>
|
|
||||||
S<B<--remote-username=user>>
|
|
||||||
S<B<--remote-interface>=E<lt>the router interfaceE<gt>>
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
*Ciscodump* is an extcap tool that relies on Cisco EPC to allow a user to run a remote capture
|
||||||
|
|
||||||
B<Ciscodump> is an extcap tool that relies on Cisco EPC to allow a user to run a remote capture
|
|
||||||
on a Cisco router in a SSH connection. The minimum IOS version supporting this feature is 12.4(20)T. More details can be
|
on a Cisco router in a SSH connection. The minimum IOS version supporting this feature is 12.4(20)T. More details can be
|
||||||
found here:
|
found here:
|
||||||
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-embedded-packet-capture/datasheet_c78-502727.html
|
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-embedded-packet-capture/datasheet_c78-502727.html
|
||||||
|
|
||||||
Supported interfaces:
|
Supported interfaces:
|
||||||
|
|
||||||
=over 4
|
1. cisco
|
||||||
|
|
||||||
=item 1. cisco
|
== OPTIONS
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface and save it in place specified by --fifo.
|
Start capturing from specified interface and save it in place specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-host=E<lt>remote hostE<gt>
|
--remote-host=<remote host>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The address of the remote host for capture.
|
The address of the remote host for capture.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-port=E<lt>remote portE<gt>
|
--remote-port=<remote port>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The SSH port of the remote host.
|
The SSH port of the remote host.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-username=E<lt>usernameE<gt>
|
--remote-username=<username>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The username for ssh authentication.
|
The username for ssh authentication.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-password=E<lt>passwordE<gt>
|
--remote-password=<password>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The password to use (if not ssh-agent and pubkey are used). WARNING: the
|
The password to use (if not ssh-agent and pubkey are used). WARNING: the
|
||||||
passwords are stored in plaintext and visible to all users on this system. It is
|
passwords are stored in plaintext and visible to all users on this system. It is
|
||||||
recommended to use keyfiles with a SSH agent.
|
recommended to use keyfiles with a SSH agent.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-filter=E<lt>filterE<gt>
|
--remote-filter=<filter>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The remote filter on the router. This is a capture filter that follows the Cisco
|
The remote filter on the router. This is a capture filter that follows the Cisco
|
||||||
IOS standards
|
IOS standards
|
||||||
(https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html).
|
(https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html).
|
||||||
|
@ -132,22 +156,27 @@ Examples:
|
||||||
permit ip host MYHOST any, permit ip any host MYHOST (capture the traffic for MYHOST)
|
permit ip host MYHOST any, permit ip any host MYHOST (capture the traffic for MYHOST)
|
||||||
|
|
||||||
deny ip host MYHOST any, deny ip any host MYHOST, permit ip any any (capture all the traffic except MYHOST)
|
deny ip host MYHOST any, deny ip any host MYHOST, permit ip any any (capture all the traffic except MYHOST)
|
||||||
|
--
|
||||||
|
|
||||||
=item --sshkey=E<lt>SSH private key pathE<gt>
|
--sshkey=<SSH private key path>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The path to a private key for authentication.
|
The path to a private key for authentication.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-interface=E<lt>remote interfaceE<gt>
|
--remote-interface=<remote interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The remote network interface to capture from.
|
The remote network interface to capture from.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-capture-filter=E<lt>capture filterE<gt>
|
--extcap-capture-filter=<capture filter>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Unused (compatibility only).
|
Unused (compatibility only).
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -200,7 +229,6 @@ To see interface configuration options:
|
||||||
arg {number=8}{call=--remote-count}{display=Packets to capture}{type=unsigned}{required=true}
|
arg {number=8}{call=--remote-count}{display=Packets to capture}{type=unsigned}{required=true}
|
||||||
{tooltip=The number of remote packets to capture.}
|
{tooltip=The number of remote packets to capture.}
|
||||||
|
|
||||||
|
|
||||||
To capture:
|
To capture:
|
||||||
|
|
||||||
ciscodump --extcap-interface cisco --fifo=/tmp/cisco.pcap --capture --remote-host 192.168.1.10
|
ciscodump --extcap-interface cisco --fifo=/tmp/cisco.pcap --capture --remote-host 192.168.1.10
|
||||||
|
@ -209,7 +237,7 @@ To capture:
|
||||||
|
|
||||||
NOTE: Packet count is mandatory, hence the capture will start after this number.
|
NOTE: Packet count is mandatory, hence the capture will start after this number.
|
||||||
|
|
||||||
=head1 KNOWN ISSUES
|
== KNOWN ISSUES
|
||||||
|
|
||||||
The configuration of the capture on the routers is a multi-step process. If the SSH connection is interrupted during
|
The configuration of the capture on the routers is a multi-step process. If the SSH connection is interrupted during
|
||||||
it, the configuration can be in an inconsistent state. That can happen also if the capture is stopped and ciscodump
|
it, the configuration can be in an inconsistent state. That can happen also if the capture is stopped and ciscodump
|
||||||
|
@ -222,20 +250,20 @@ buffer, ciscodump waits for the capture to complete and then issues the command
|
||||||
specifies a number of packets above the currently captured, the show command is never shown. Not only is the count of
|
specifies a number of packets above the currently captured, the show command is never shown. Not only is the count of
|
||||||
the maximum number of captured packets, but it is also the _exact_ number of expected packets.
|
the maximum number of captured packets, but it is also the _exact_ number of expected packets.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), sshdump(1)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:sshdump.html[sshdump](1)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<ciscodump> is part of the B<Wireshark> distribution. The latest version
|
*ciscodump* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Dario Lombardo <lomato[AT]gmail.com>
|
Dario Lombardo <lomato[AT]gmail.com>
|
||||||
|
|
|
@ -1,33 +1,33 @@
|
||||||
=begin man
|
= dftest(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
dftest - Shows display filter byte-code, for debugging dfilter routines.
|
dftest - Shows display filter byte-code, for debugging dfilter routines.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<dftest>
|
[manarg]
|
||||||
S<[ E<lt>filterE<gt> ]>
|
*dftest*
|
||||||
|
[ <filter> ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<dftest> is a simple tool which compiles a display filter and shows its bytecode.
|
*dftest* is a simple tool which compiles a display filter and shows its bytecode.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item filter
|
|
||||||
|
|
||||||
|
filter::
|
||||||
|
+
|
||||||
|
--
|
||||||
The display filter expression. If needed it has to be quoted.
|
The display filter expression. If needed it has to be quoted.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
Show how the IP protocol is filtered:
|
Show how the IP protocol is filtered:
|
||||||
|
|
||||||
|
@ -37,6 +37,6 @@ Shows how frame 150 is filtered:
|
||||||
|
|
||||||
dftest "frame.number == 150"
|
dftest "frame.number == 150"
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark-filter(4)
|
xref:wireshark-filter.html[wireshark-filter](4)
|
||||||
|
|
|
@ -1,100 +1,116 @@
|
||||||
=begin man
|
= dpauxmon(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
dpauxmon - Provide interfaces to capture DisplayPort AUX channel data.
|
dpauxmon - Provide interfaces to capture DisplayPort AUX channel data.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<dpauxmon>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*dpauxmon*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--version* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-capture-filter*=<capture filter> ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--interface_id>=E<lt>Interface ID to captureE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
|
[ *--interface_id*=<Interface ID to capture> ]
|
||||||
|
|
||||||
B<dpauxmon>
|
[manarg]
|
||||||
S<B<--extcap-interfaces>>
|
*dpauxmon*
|
||||||
|
*--extcap-interfaces*
|
||||||
|
|
||||||
B<dpauxmon>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*dpauxmon*
|
||||||
S<B<--extcap-dlts>>
|
*--extcap-interface*=<interface>
|
||||||
|
*--extcap-dlts*
|
||||||
|
|
||||||
B<dpauxmon>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*dpauxmon*
|
||||||
S<B<--extcap-config>>
|
*--extcap-interface*=<interface>
|
||||||
|
*--extcap-config*
|
||||||
|
|
||||||
B<dpauxmon>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*dpauxmon*
|
||||||
S<B<--fifo>=E<lt>path to file or pipeE<gt>>
|
*--extcap-interface*=<interface>
|
||||||
S<B<--capture>>
|
*--fifo*=<path to file or pipe>
|
||||||
S<B<--interface_id=interface_id>>
|
*--capture*
|
||||||
|
*--interface_id=interface_id*
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<dpauxmon> is an extcap tool that can capture DisplayPort AUX channel data
|
*dpauxmon* is an extcap tool that can capture DisplayPort AUX channel data
|
||||||
from linux kernel drivers using the generic netlink interface.
|
from linux kernel drivers using the generic netlink interface.
|
||||||
|
|
||||||
Supported interfaces:
|
Supported interfaces:
|
||||||
|
|
||||||
=over 4
|
1. dpauxmon
|
||||||
|
|
||||||
=item 1. dpauxmon
|
== OPTIONS
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface and save it in place specified by --fifo.
|
Start capturing from specified interface and save it in place specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --interface_idt=E<lt>interface idE<gt>
|
--interface_idt=<interface id>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The interface for capture.
|
The interface for capture.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -134,20 +150,20 @@ To capture:
|
||||||
|
|
||||||
dpauxmon --extcap-interface=dpauxmon --fifo=/tmp/dpauxmon.pcap --capture --interface_id 0
|
dpauxmon --extcap-interface=dpauxmon --fifo=/tmp/dpauxmon.pcap --capture --interface_id 0
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<dpauxmon> is part of the B<Wireshark> distribution. The latest version
|
*dpauxmon* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Dirk Eibach <dirk.eibach[AT]gdsys.cc>
|
Dirk Eibach <dirk.eibach[AT]gdsys.cc>
|
||||||
|
|
534
doc/dumpcap.adoc
534
doc/dumpcap.adoc
|
@ -1,149 +1,154 @@
|
||||||
=begin man
|
= dumpcap(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
dumpcap - Dump network traffic
|
dumpcap - Dump network traffic
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<dumpcap>
|
[manarg]
|
||||||
S<[ B<-a>|B<--autostop> E<lt>capture autostop conditionE<gt> ] ...>
|
*dumpcap*
|
||||||
S<[ B<-b>|B<--ring-buffer> E<lt>capture ring buffer optionE<gt> ] ...>
|
[ *-a*|*--autostop* <capture autostop condition> ] ...
|
||||||
S<[ B<-B>|B<--buffer-size> E<lt>capture buffer sizeE<gt> ]>
|
[ *-b*|*--ring-buffer* <capture ring buffer option> ] ...
|
||||||
S<[ B<-c> E<lt>capture packet countE<gt> ]>
|
[ *-B*|*--buffer-size* <capture buffer size> ]
|
||||||
S<[ B<-C> E<lt>byte limitE<gt> ]>
|
[ *-c* <capture packet count> ]
|
||||||
S<[ B<-d> ]>
|
[ *-C* <byte limit> ]
|
||||||
S<[ B<-D>|B<--list-interfaces> ]>
|
[ *-d* ]
|
||||||
S<[ B<-f> E<lt>capture filterE<gt> ]>
|
[ *-D*|*--list-interfaces* ]
|
||||||
S<[ B<-g> ]>
|
[ *-f* <capture filter> ]
|
||||||
S<[ B<-h>|B<--help> ]>
|
[ *-g* ]
|
||||||
S<[ B<-i>|B<--interface> E<lt>capture interfaceE<gt>|rpcap://E<lt>hostE<gt>:E<lt>portE<gt>/E<lt>capture interfaceE<gt>|TCP@E<lt>hostE<gt>:E<lt>portE<gt>|- ]>
|
[ *-h*|*--help* ]
|
||||||
S<[ B<-I>|B<--monitor-mode> ]>
|
[ *-i*|*--interface* <capture interface>|rpcap://<host>:<port>/<capture interface>|TCP@<host>:<port>|- ]
|
||||||
S<[ B<-k> E<lt>freqE<gt>,[E<lt>typeE<gt>],[E<lt>center_freq1E<gt>],[E<lt>center_freq2E<gt>] ]>
|
[ *-I*|*--monitor-mode* ]
|
||||||
S<[ B<-L>|B<--list-data-link-types> ]>
|
[ *-k* <freq>,[<type>],[<center_freq1>],[<center_freq2>] ]
|
||||||
S<[ B<-M> ]>
|
[ *-L*|*--list-data-link-types* ]
|
||||||
S<[ B<-n> ]>
|
[ *-M* ]
|
||||||
S<[ B<-N> E<lt>packet limitE<gt> ]>
|
[ *-n* ]
|
||||||
S<[ B<-p>|B<--no-promiscuous-mode> ]>
|
[ *-N* <packet limit> ]
|
||||||
S<[ B<--ifdescr> E<lt>descriptionE<gt> ]>
|
[ *-p*|*--no-promiscuous-mode* ]
|
||||||
S<[ B<--ifname> E<lt>nameE<gt> ]>
|
[ *--ifdescr* <description> ]
|
||||||
S<[ B<-P> ]>
|
[ *--ifname* <name> ]
|
||||||
S<[ B<-q> ]>
|
[ *-P* ]
|
||||||
S<[ B<-s>|B<--snapshot-length> E<lt>capture snaplenE<gt> ]>
|
[ *-q* ]
|
||||||
S<[ B<-S> ]>
|
[ *-s*|*--snapshot-length* <capture snaplen> ]
|
||||||
S<[ B<-t> ]>
|
[ *-S* ]
|
||||||
S<[ B<-v>|B<--version> ]>
|
[ *-t* ]
|
||||||
S<[ B<-w> E<lt>outfileE<gt> ]>
|
[ *-v*|*--version* ]
|
||||||
S<[ B<-y>|B<--linktype> E<lt>capture link typeE<gt> ]>
|
[ *-w* <outfile> ]
|
||||||
S<[ B<--capture-comment> E<lt>commentE<gt> ]>
|
[ *-y*|*--linktype* <capture link type> ]
|
||||||
S<[ B<--list-time-stamp-types> ]>
|
[ *--capture-comment* <comment> ]
|
||||||
S<[ B<--time-stamp-type> E<lt>typeE<gt> ]>
|
[ *--list-time-stamp-types* ]
|
||||||
|
[ *--time-stamp-type* <type> ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Dumpcap> is a network traffic dump tool. It lets you capture packet
|
*Dumpcap* is a network traffic dump tool. It lets you capture packet
|
||||||
data from a live network and write the packets to a file. B<Dumpcap>'s
|
data from a live network and write the packets to a file. *Dumpcap*'s
|
||||||
default capture file format is B<pcapng> format.
|
default capture file format is *pcapng* format.
|
||||||
When the B<-P> option is specified, the output file is written in the
|
When the *-P* option is specified, the output file is written in the
|
||||||
B<pcap> format.
|
*pcap* format.
|
||||||
|
|
||||||
Without any options set it will use the libpcap, Npcap, or WinPcap library to
|
Without any options set it will use the libpcap, Npcap, or WinPcap library to
|
||||||
capture traffic from the first available network interface and writes
|
capture traffic from the first available network interface and writes
|
||||||
the received raw packet data, along with the packets' time stamps into a
|
the received raw packet data, along with the packets' time stamps into a
|
||||||
pcap file.
|
pcap file.
|
||||||
|
|
||||||
If the B<-w> option is not specified, B<Dumpcap> writes to a newly
|
If the *-w* option is not specified, *Dumpcap* writes to a newly
|
||||||
created pcap file with a randomly chosen name.
|
created pcap file with a randomly chosen name.
|
||||||
If the B<-w> option is specified, B<Dumpcap> writes to the file
|
If the *-w* option is specified, *Dumpcap* writes to the file
|
||||||
specified by that option.
|
specified by that option.
|
||||||
|
|
||||||
Packet capturing is performed with the pcap library. The capture filter
|
Packet capturing is performed with the pcap library. The capture filter
|
||||||
syntax follows the rules of the pcap library.
|
syntax follows the rules of the pcap library.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
-a|--autostop <capture autostop condition>::
|
||||||
|
+
|
||||||
|
--
|
||||||
|
Specify a criterion that specifies when *Dumpcap* is to stop writing
|
||||||
|
to a capture file. The criterion is of the form __test:value__,
|
||||||
|
where __test__ is one of:
|
||||||
|
|
||||||
=item -a|--autostop E<lt>capture autostop conditionE<gt>
|
*duration*:__value__ Stop writing to a capture file after __value__ seconds have
|
||||||
|
|
||||||
Specify a criterion that specifies when B<Dumpcap> is to stop writing
|
|
||||||
to a capture file. The criterion is of the form I<test:value>,
|
|
||||||
where I<test> is one of:
|
|
||||||
|
|
||||||
B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
|
|
||||||
elapsed. Floating point values (e.g. 0.5) are allowed.
|
elapsed. Floating point values (e.g. 0.5) are allowed.
|
||||||
|
|
||||||
B<files>:I<value> Stop writing to capture files after I<value> number of files
|
*files*:__value__ Stop writing to capture files after __value__ number of files
|
||||||
were written.
|
were written.
|
||||||
|
|
||||||
B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
|
*filesize*:__value__ Stop writing to a capture file after it reaches a size of
|
||||||
I<value> kB. If this option is used together with the -b option, dumpcap will
|
__value__ kB. If this option is used together with the -b option, dumpcap will
|
||||||
stop writing to the current capture file and switch to the next one if filesize
|
stop writing to the current capture file and switch to the next one if filesize
|
||||||
is reached. Note that the filesize is limited to a maximum value of 2 GiB.
|
is reached. Note that the filesize is limited to a maximum value of 2 GiB.
|
||||||
|
|
||||||
B<packets>:I<value> Stop writing to a capture file after I<value> packets
|
*packets*:__value__ Stop writing to a capture file after __value__ packets
|
||||||
have been written. Same as B<-c> E<lt>capture packet countE<gt>.
|
have been written. Same as *-c* <capture packet count>.
|
||||||
|
--
|
||||||
|
|
||||||
=item -b|--ring-buffer E<lt>capture ring buffer optionE<gt>
|
-b|--ring-buffer <capture ring buffer option>::
|
||||||
|
+
|
||||||
|
--
|
||||||
|
Cause *Dumpcap* to run in "multiple files" mode. In "multiple files" mode,
|
||||||
|
*Dumpcap* will write to several capture files. When the first capture file
|
||||||
|
fills up, *Dumpcap* will switch writing to the next file and so on.
|
||||||
|
|
||||||
Cause B<Dumpcap> to run in "multiple files" mode. In "multiple files" mode,
|
The created filenames are based on the filename given with the *-w* option,
|
||||||
B<Dumpcap> will write to several capture files. When the first capture file
|
|
||||||
fills up, B<Dumpcap> will switch writing to the next file and so on.
|
|
||||||
|
|
||||||
The created filenames are based on the filename given with the B<-w> option,
|
|
||||||
the number of the file and on the creation date and time,
|
the number of the file and on the creation date and time,
|
||||||
e.g. outfile_00001_20210714120117.pcap, outfile_00002_20210714120523.pcap, ...
|
e.g. outfile_00001_20210714120117.pcap, outfile_00002_20210714120523.pcap, ...
|
||||||
|
|
||||||
With the I<files> option it's also possible to form a "ring buffer".
|
With the __files__ option it's also possible to form a "ring buffer".
|
||||||
This will fill up new files until the number of files specified,
|
This will fill up new files until the number of files specified,
|
||||||
at which point B<Dumpcap> will discard the data in the first file and start
|
at which point *Dumpcap* will discard the data in the first file and start
|
||||||
writing to that file and so on. If the I<files> option is not set,
|
writing to that file and so on. If the __files__ option is not set,
|
||||||
new files filled up until one of the capture stop conditions match (or
|
new files filled up until one of the capture stop conditions match (or
|
||||||
until the disk is full).
|
until the disk is full).
|
||||||
|
|
||||||
The criterion is of the form I<key:value>,
|
The criterion is of the form __key:value__,
|
||||||
where I<key> is one of:
|
where __key__ is one of:
|
||||||
|
|
||||||
B<duration>:I<value> switch to the next file after I<value> seconds have
|
*duration*:__value__ switch to the next file after __value__ seconds have
|
||||||
elapsed, even if the current file is not completely filled up. Floating
|
elapsed, even if the current file is not completely filled up. Floating
|
||||||
point values (e.g. 0.5) are allowed.
|
point values (e.g. 0.5) are allowed.
|
||||||
|
|
||||||
B<files>:I<value> begin again with the first file after I<value> number of
|
*files*:__value__ begin again with the first file after __value__ number of
|
||||||
files were written (form a ring buffer). This value must be less than 100000.
|
files were written (form a ring buffer). This value must be less than 100000.
|
||||||
Caution should be used when using large numbers of files: some filesystems do
|
Caution should be used when using large numbers of files: some filesystems do
|
||||||
not handle many files in a single directory well. The B<files> criterion
|
not handle many files in a single directory well. The *files* criterion
|
||||||
requires either B<duration>, B<interval> or B<filesize> to be specified to
|
requires either *duration*, *interval* or *filesize* to be specified to
|
||||||
control when to go to the next file. It should be noted that each B<-b>
|
control when to go to the next file. It should be noted that each *-b*
|
||||||
parameter takes exactly one criterion; to specify two criterion, each must be
|
parameter takes exactly one criterion; to specify two criterion, each must be
|
||||||
preceded by the B<-b> option.
|
preceded by the *-b* option.
|
||||||
|
|
||||||
B<filesize>:I<value> switch to the next file after it reaches a size of
|
*filesize*:__value__ switch to the next file after it reaches a size of
|
||||||
I<value> kB. Note that the filesize is limited to a maximum value of 2 GiB.
|
__value__ kB. Note that the filesize is limited to a maximum value of 2 GiB.
|
||||||
|
|
||||||
B<interval>:I<value> switch to the next file when the time is an exact
|
*interval*:__value__ switch to the next file when the time is an exact
|
||||||
multiple of I<value> seconds. For example, use 3600 to switch to a new file
|
multiple of __value__ seconds. For example, use 3600 to switch to a new file
|
||||||
every hour on the hour.
|
every hour on the hour.
|
||||||
|
|
||||||
B<packets>:I<value> switch to the next file after it contains I<value>
|
*packets*:__value__ switch to the next file after it contains __value__
|
||||||
packets.
|
packets.
|
||||||
|
|
||||||
B<printname>:I<filename> print the name of the most recently written file
|
*printname*:__filename__ print the name of the most recently written file
|
||||||
to I<filename> after the file is closed. I<filename> can be C<stdout> or C<->
|
to __filename__ after the file is closed. __filename__ can be `stdout` or `-`
|
||||||
for standard output, or C<stderr> for standard error.
|
for standard output, or `stderr` for standard error.
|
||||||
|
|
||||||
Example: B<-b filesize:1000 -b files:5> results in a ring buffer of five files
|
Example: *-b filesize:1000 -b files:5* results in a ring buffer of five files
|
||||||
of size one megabyte each.
|
of size one megabyte each.
|
||||||
|
--
|
||||||
|
|
||||||
=item -B|--buffer-size E<lt>capture buffer sizeE<gt>
|
-B|--buffer-size <capture buffer size>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set capture buffer size (in MiB, default is 2 MiB). This is used by
|
Set capture buffer size (in MiB, default is 2 MiB). This is used by
|
||||||
the capture driver to buffer packet data until that data can be written
|
the capture driver to buffer packet data until that data can be written
|
||||||
to disk. If you encounter packet drops while capturing, try to increase
|
to disk. If you encounter packet drops while capturing, try to increase
|
||||||
this size. Note that, while B<Dumpcap> attempts to set the buffer size
|
this size. Note that, while *Dumpcap* attempts to set the buffer size
|
||||||
to 2 MiB by default, and can be told to set it to a larger value, the
|
to 2 MiB by default, and can be told to set it to a larger value, the
|
||||||
system or interface on which you're capturing might silently limit the
|
system or interface on which you're capturing might silently limit the
|
||||||
capture buffer size to a lower value or raise it to a higher value.
|
capture buffer size to a lower value or raise it to a higher value.
|
||||||
|
@ -153,115 +158,137 @@ Windows. It is not available on UNIX systems with earlier versions of
|
||||||
libpcap.
|
libpcap.
|
||||||
|
|
||||||
This option can occur multiple times. If used before the first
|
This option can occur multiple times. If used before the first
|
||||||
occurrence of the B<-i> option, it sets the default capture buffer size.
|
occurrence of the *-i* option, it sets the default capture buffer size.
|
||||||
If used after an B<-i> option, it sets the capture buffer size for
|
If used after an *-i* option, it sets the capture buffer size for
|
||||||
the interface specified by the last B<-i> option occurring before
|
the interface specified by the last *-i* option occurring before
|
||||||
this option. If the capture buffer size is not set specifically,
|
this option. If the capture buffer size is not set specifically,
|
||||||
the default capture buffer size is used instead.
|
the default capture buffer size is used instead.
|
||||||
|
--
|
||||||
|
|
||||||
=item -c E<lt>capture packet countE<gt>
|
-c <capture packet count>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the maximum number of packets to read when capturing live
|
Set the maximum number of packets to read when capturing live
|
||||||
data. Same as B<-a packets:>E<lt>capture packet countE<gt>.
|
data. Same as *-a packets:*<capture packet count>.
|
||||||
|
--
|
||||||
=item -C E<lt>byte limitE<gt>
|
|
||||||
|
|
||||||
|
-C <byte limit>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Limit the amount of memory in bytes used for storing captured packets
|
Limit the amount of memory in bytes used for storing captured packets
|
||||||
in memory while processing it.
|
in memory while processing it.
|
||||||
If used in combination with the B<-N> option, both limits will apply.
|
If used in combination with the *-N* option, both limits will apply.
|
||||||
Setting this limit will enable the usage of the separate thread per interface.
|
Setting this limit will enable the usage of the separate thread per interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item -d
|
-d::
|
||||||
|
+
|
||||||
|
--
|
||||||
Dump the code generated for the capture filter in a human-readable form,
|
Dump the code generated for the capture filter in a human-readable form,
|
||||||
and exit.
|
and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=item -D|--list-interfaces
|
-D|--list-interfaces::
|
||||||
|
+
|
||||||
Print a list of the interfaces on which B<Dumpcap> can capture, and
|
--
|
||||||
|
Print a list of the interfaces on which *Dumpcap* can capture, and
|
||||||
exit. For each network interface, a number and an
|
exit. For each network interface, a number and an
|
||||||
interface name, possibly followed by a text description of the
|
interface name, possibly followed by a text description of the
|
||||||
interface, is printed. The interface name or the number can be supplied
|
interface, is printed. The interface name or the number can be supplied
|
||||||
to the B<-i> option to specify an interface on which to capture.
|
to the *-i* option to specify an interface on which to capture.
|
||||||
|
|
||||||
This can be useful on systems that don't have a command to list them
|
This can be useful on systems that don't have a command to list them
|
||||||
(UNIX systems lacking B<ifconfig -a> or Linux systems lacking
|
(UNIX systems lacking *ifconfig -a* or Linux systems lacking
|
||||||
B<ip link show>). The number can be useful on Windows systems, where
|
*ip link show*). The number can be useful on Windows systems, where
|
||||||
the interface name might be a long name or a GUID.
|
the interface name might be a long name or a GUID.
|
||||||
|
|
||||||
Note that "can capture" means that B<Dumpcap> was able to open
|
Note that "can capture" means that *Dumpcap* was able to open
|
||||||
that device to do a live capture. Depending on your system you may need to
|
that device to do a live capture. Depending on your system you may need to
|
||||||
run dumpcap from an account with special privileges (for example, as root)
|
run dumpcap from an account with special privileges (for example, as root)
|
||||||
to be able to capture network traffic.
|
to be able to capture network traffic.
|
||||||
If "B<dumpcap -D>" is not run from such an account, it will not list
|
If "*dumpcap -D*" is not run from such an account, it will not list
|
||||||
any interfaces.
|
any interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item -f E<lt>capture filterE<gt>
|
-f <capture filter>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the capture filter expression.
|
Set the capture filter expression.
|
||||||
|
|
||||||
The entire filter expression must be specified as a single argument (which means
|
The entire filter expression must be specified as a single argument (which means
|
||||||
that if it contains spaces, it must be quoted).
|
that if it contains spaces, it must be quoted).
|
||||||
|
|
||||||
This option can occur multiple times. If used before the first
|
This option can occur multiple times. If used before the first
|
||||||
occurrence of the B<-i> option, it sets the default capture filter expression.
|
occurrence of the *-i* option, it sets the default capture filter expression.
|
||||||
If used after an B<-i> option, it sets the capture filter expression for
|
If used after an *-i* option, it sets the capture filter expression for
|
||||||
the interface specified by the last B<-i> option occurring before
|
the interface specified by the last *-i* option occurring before
|
||||||
this option. If the capture filter expression is not set specifically,
|
this option. If the capture filter expression is not set specifically,
|
||||||
the default capture filter expression is used if provided.
|
the default capture filter expression is used if provided.
|
||||||
|
|
||||||
Pre-defined capture filter names, as shown in the GUI menu item Capture->Capture Filters,
|
Pre-defined capture filter names, as shown in the GUI menu item Capture->Capture Filters,
|
||||||
can be used by prefixing the argument with "predef:".
|
can be used by prefixing the argument with "predef:".
|
||||||
Example: B<-f "predef:MyPredefinedHostOnlyFilter">
|
Example: *-f "predef:MyPredefinedHostOnlyFilter"*
|
||||||
|
--
|
||||||
=item -g
|
|
||||||
|
|
||||||
|
-g::
|
||||||
|
+
|
||||||
|
--
|
||||||
This option causes the output file(s) to be created with group-read permission
|
This option causes the output file(s) to be created with group-read permission
|
||||||
(meaning that the output file(s) can be read by other members of the calling
|
(meaning that the output file(s) can be read by other members of the calling
|
||||||
user's group).
|
user's group).
|
||||||
|
--
|
||||||
|
|
||||||
=item -h|--help
|
-h|--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and options and exits.
|
Print the version and options and exits.
|
||||||
|
--
|
||||||
|
|
||||||
=item -i|--interface E<lt>capture interfaceE<gt>|rpcap://E<lt>hostE<gt>:E<lt>portE<gt>/E<lt>capture interfaceE<gt>|TCP@E<lt>hostE<gt>:E<lt>portE<gt>|-
|
-i|--interface <capture interface>|rpcap://<host>:<port>/<capture interface>|TCP@<host>:<port>|-::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the name of the network interface or pipe to use for live packet
|
Set the name of the network interface or pipe to use for live packet
|
||||||
capture.
|
capture.
|
||||||
|
|
||||||
Network interface names should match one of the names listed in
|
Network interface names should match one of the names listed in
|
||||||
"B<dumpcap -D>" (described above); a number, as reported by
|
"*dumpcap -D*" (described above); a number, as reported by
|
||||||
"B<dumpcap -D>", can also be used. If you're using UNIX, "B<netstat
|
"*dumpcap -D*", can also be used. If you're using UNIX, "*netstat
|
||||||
-i>", "B<ifconfig -a>" or "B<ip link>" might also work to list interface names,
|
-i*", "*ifconfig -a*" or "*ip link*" might also work to list interface names,
|
||||||
although not all versions of UNIX support the B<-a> option to B<ifconfig>.
|
although not all versions of UNIX support the *-a* option to *ifconfig*.
|
||||||
|
|
||||||
If no interface is specified, B<Dumpcap> searches the list of
|
If no interface is specified, *Dumpcap* searches the list of
|
||||||
interfaces, choosing the first non-loopback interface if there are any
|
interfaces, choosing the first non-loopback interface if there are any
|
||||||
non-loopback interfaces, and choosing the first loopback interface if
|
non-loopback interfaces, and choosing the first loopback interface if
|
||||||
there are no non-loopback interfaces. If there are no interfaces at all,
|
there are no non-loopback interfaces. If there are no interfaces at all,
|
||||||
B<Dumpcap> reports an error and doesn't start the capture.
|
*Dumpcap* reports an error and doesn't start the capture.
|
||||||
|
|
||||||
Pipe names should be either the name of a FIFO (named pipe) or "-" to
|
Pipe names should be either the name of a FIFO (named pipe) or "-" to
|
||||||
read data from the standard input. On Windows systems, pipe names must be
|
read data from the standard input. On Windows systems, pipe names must be
|
||||||
of the form "\\pipe\.\B<pipename>". Data read from pipes must be in
|
of the form "\\pipe\.\*pipename*". Data read from pipes must be in
|
||||||
standard pcapng or pcap format. Pcapng data must have the same
|
standard pcapng or pcap format. Pcapng data must have the same
|
||||||
endianness as the capturing host.
|
endianness as the capturing host.
|
||||||
|
|
||||||
This option can occur multiple times. When capturing from multiple
|
This option can occur multiple times. When capturing from multiple
|
||||||
interfaces, the capture file will be saved in pcapng format.
|
interfaces, the capture file will be saved in pcapng format.
|
||||||
|
--
|
||||||
|
|
||||||
=item --ifdescr> E<lt>descriptionE<gt>
|
--ifdescr> <description>::
|
||||||
|
+
|
||||||
|
--
|
||||||
|
Use __description__ as the description in the capture file for the
|
||||||
|
interface or pipe specified before it with *-i*.
|
||||||
|
--
|
||||||
|
|
||||||
Use I<description> as the description in the capture file for the
|
--ifname> <name>::
|
||||||
interface or pipe specified before it with B<-i>.
|
+
|
||||||
|
--
|
||||||
=item --ifname> E<lt>nameE<gt>
|
Use __name__ as the name in the capture file for the the interface or
|
||||||
|
pipe specified before it with *-i*.
|
||||||
Use I<name> as the name in the capture file for the the interface or
|
--
|
||||||
pipe specified before it with B<-i>.
|
|
||||||
|
|
||||||
=item -I|--monitor-mode
|
|
||||||
|
|
||||||
|
-I|--monitor-mode::
|
||||||
|
+
|
||||||
|
--
|
||||||
Put the interface in "monitor mode"; this is supported only on IEEE
|
Put the interface in "monitor mode"; this is supported only on IEEE
|
||||||
802.11 Wi-Fi interfaces, and supported only on some operating systems.
|
802.11 Wi-Fi interfaces, and supported only on some operating systems.
|
||||||
|
|
||||||
|
@ -273,99 +300,125 @@ if you are capturing in monitor mode and are not connected to another
|
||||||
network with another adapter.
|
network with another adapter.
|
||||||
|
|
||||||
This option can occur multiple times. If used before the first
|
This option can occur multiple times. If used before the first
|
||||||
occurrence of the B<-i> option, it enables the monitor mode for all interfaces.
|
occurrence of the *-i* option, it enables the monitor mode for all interfaces.
|
||||||
If used after an B<-i> option, it enables the monitor mode for
|
If used after an *-i* option, it enables the monitor mode for
|
||||||
the interface specified by the last B<-i> option occurring before
|
the interface specified by the last *-i* option occurring before
|
||||||
this option.
|
this option.
|
||||||
|
--
|
||||||
|
|
||||||
=item -k E<lt>freqE<gt>,[E<lt>typeE<gt>],[E<lt>center_freq1E<gt>],[E<lt>center_freq2>E<gt>
|
-k <freq>,[<type>],[<center_freq1>],[<center_freq2>>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the channel on the interface; this is supported only on IEEE
|
Set the channel on the interface; this is supported only on IEEE
|
||||||
802.11 Wi-Fi interfaces, and supported only on some operating systems.
|
802.11 Wi-Fi interfaces, and supported only on some operating systems.
|
||||||
|
|
||||||
I<freq> is the frequency of the channel. I<type> is the type of the
|
__freq__ is the frequency of the channel. __type__ is the type of the
|
||||||
channel, for 802.11n and 802.11ac. The values for I<type> are
|
channel, for 802.11n and 802.11ac. The values for __type__ are
|
||||||
|
--
|
||||||
=over 8
|
|
||||||
|
|
||||||
=item NOHT
|
|
||||||
|
|
||||||
|
NOHT::
|
||||||
|
+
|
||||||
|
--
|
||||||
Used for non-802.11n/non-802.1ac channels
|
Used for non-802.11n/non-802.1ac channels
|
||||||
|
--
|
||||||
|
|
||||||
=item HT20
|
HT20::
|
||||||
|
+
|
||||||
|
--
|
||||||
20 MHz channel
|
20 MHz channel
|
||||||
|
--
|
||||||
|
|
||||||
=item HT40-
|
HT40-::
|
||||||
|
+
|
||||||
|
--
|
||||||
40 MHz primary channel and a lower secondary channel
|
40 MHz primary channel and a lower secondary channel
|
||||||
|
--
|
||||||
|
|
||||||
=item HT40+
|
HT40+::
|
||||||
|
+
|
||||||
|
--
|
||||||
40 MHz primary channel and a higher secondary channel
|
40 MHz primary channel and a higher secondary channel
|
||||||
|
--
|
||||||
|
|
||||||
=item HT80
|
HT80::
|
||||||
|
+
|
||||||
|
--
|
||||||
|
80 MHz channel, with __centerfreq1__ as its center frequency
|
||||||
|
--
|
||||||
|
|
||||||
80 MHz channel, with I<centerfreq1> as its center frequency
|
VHT80+80::
|
||||||
|
+
|
||||||
=item VHT80+80
|
--
|
||||||
|
two 80 MHz channels combined, with __centerfreq1__ and __centerfreq2__ as
|
||||||
two 80 MHz channels combined, with I<centerfreq1> and I<centerfreq2> as
|
|
||||||
the center frequencies of the two channels
|
the center frequencies of the two channels
|
||||||
|
--
|
||||||
|
|
||||||
=item VHT160
|
VHT160::
|
||||||
|
+
|
||||||
160 MHz channel, with I<centerfreq1> as its center frequency
|
--
|
||||||
|
160 MHz channel, with __centerfreq1__ as its center frequency
|
||||||
=back
|
--
|
||||||
|
|
||||||
=item -L|--list-data-link-types
|
|
||||||
|
|
||||||
|
-L|--list-data-link-types::
|
||||||
|
+
|
||||||
|
--
|
||||||
List the data link types supported by the interface and exit. The reported
|
List the data link types supported by the interface and exit. The reported
|
||||||
link types can be used for the B<-y> option.
|
link types can be used for the *-y* option.
|
||||||
|
--
|
||||||
|
|
||||||
=item -M
|
-M::
|
||||||
|
+
|
||||||
When used with B<-D>, B<-L>, B<-S> or B<--list-time-stamp-types> print
|
--
|
||||||
|
When used with *-D*, *-L*, *-S* or *--list-time-stamp-types* print
|
||||||
machine-readable output.
|
machine-readable output.
|
||||||
The machine-readable output is intended to be read by B<Wireshark> and
|
The machine-readable output is intended to be read by *Wireshark* and
|
||||||
B<TShark>; its format is subject to change from release to release.
|
*TShark*; its format is subject to change from release to release.
|
||||||
|
--
|
||||||
=item -n
|
|
||||||
|
|
||||||
|
-n::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save files as pcapng. This is the default.
|
Save files as pcapng. This is the default.
|
||||||
|
--
|
||||||
|
|
||||||
=item -N E<lt>packet limitE<gt>
|
-N <packet limit>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Limit the number of packets used for storing captured packets
|
Limit the number of packets used for storing captured packets
|
||||||
in memory while processing it.
|
in memory while processing it.
|
||||||
If used in combination with the B<-C> option, both limits will apply.
|
If used in combination with the *-C* option, both limits will apply.
|
||||||
Setting this limit will enable the usage of the separate thread per interface.
|
Setting this limit will enable the usage of the separate thread per interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item -p|--no-promiscuous-mode
|
-p|--no-promiscuous-mode::
|
||||||
|
+
|
||||||
I<Don't> put the interface into promiscuous mode. Note that the
|
--
|
||||||
|
__Don't__ put the interface into promiscuous mode. Note that the
|
||||||
interface might be in promiscuous mode for some other reason; hence,
|
interface might be in promiscuous mode for some other reason; hence,
|
||||||
B<-p> cannot be used to ensure that the only traffic that is captured is
|
*-p* cannot be used to ensure that the only traffic that is captured is
|
||||||
traffic sent to or from the machine on which B<Dumpcap> is running,
|
traffic sent to or from the machine on which *Dumpcap* is running,
|
||||||
broadcast traffic, and multicast traffic to addresses received by that
|
broadcast traffic, and multicast traffic to addresses received by that
|
||||||
machine.
|
machine.
|
||||||
|
|
||||||
This option can occur multiple times. If used before the first
|
This option can occur multiple times. If used before the first
|
||||||
occurrence of the B<-i> option, no interface will be put into the
|
occurrence of the *-i* option, no interface will be put into the
|
||||||
promiscuous mode.
|
promiscuous mode.
|
||||||
If used after an B<-i> option, the interface specified by the last B<-i>
|
If used after an *-i* option, the interface specified by the last *-i*
|
||||||
option occurring before this option will not be put into the
|
option occurring before this option will not be put into the
|
||||||
promiscuous mode.
|
promiscuous mode.
|
||||||
|
--
|
||||||
|
|
||||||
=item -P
|
-P::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save files as pcap instead of the default pcapng. In situations that require
|
Save files as pcap instead of the default pcapng. In situations that require
|
||||||
pcapng, such as capturing from multiple interfaces, this option will be
|
pcapng, such as capturing from multiple interfaces, this option will be
|
||||||
overridden.
|
overridden.
|
||||||
|
--
|
||||||
|
|
||||||
=item -q
|
-q::
|
||||||
|
+
|
||||||
|
--
|
||||||
When capturing packets, don't display the continuous count of packets
|
When capturing packets, don't display the continuous count of packets
|
||||||
captured that is normally shown when saving a capture to a file;
|
captured that is normally shown when saving a capture to a file;
|
||||||
instead, just display, at the end of the capture, a count of packets
|
instead, just display, at the end of the capture, a count of packets
|
||||||
|
@ -374,51 +427,65 @@ BSDs, you can cause the current count to be displayed by typing your
|
||||||
"status" character (typically control-T, although it
|
"status" character (typically control-T, although it
|
||||||
might be set to "disabled" by default on at least some BSDs, so you'd
|
might be set to "disabled" by default on at least some BSDs, so you'd
|
||||||
have to explicitly set it to use it).
|
have to explicitly set it to use it).
|
||||||
|
--
|
||||||
|
|
||||||
=item -s|--snapshot-length E<lt>capture snaplenE<gt>
|
-s|--snapshot-length <capture snaplen>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the default snapshot length to use when capturing live data.
|
Set the default snapshot length to use when capturing live data.
|
||||||
No more than I<snaplen> bytes of each network packet will be read into
|
No more than __snaplen__ bytes of each network packet will be read into
|
||||||
memory, or saved to disk. A value of 0 specifies a snapshot length of
|
memory, or saved to disk. A value of 0 specifies a snapshot length of
|
||||||
262144, so that the full packet is captured; this is the default.
|
262144, so that the full packet is captured; this is the default.
|
||||||
|
|
||||||
This option can occur multiple times. If used before the first
|
This option can occur multiple times. If used before the first
|
||||||
occurrence of the B<-i> option, it sets the default snapshot length.
|
occurrence of the *-i* option, it sets the default snapshot length.
|
||||||
If used after an B<-i> option, it sets the snapshot length for
|
If used after an *-i* option, it sets the snapshot length for
|
||||||
the interface specified by the last B<-i> option occurring before
|
the interface specified by the last *-i* option occurring before
|
||||||
this option. If the snapshot length is not set specifically,
|
this option. If the snapshot length is not set specifically,
|
||||||
the default snapshot length is used if provided.
|
the default snapshot length is used if provided.
|
||||||
|
--
|
||||||
|
|
||||||
=item -S
|
-S::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print statistics for each interface once every second.
|
Print statistics for each interface once every second.
|
||||||
|
--
|
||||||
|
|
||||||
=item -t
|
-t::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use a separate thread per interface.
|
Use a separate thread per interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item -v|--version
|
-v|--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and exit.
|
Print the version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=item -w E<lt>outfileE<gt>
|
-w <outfile>::
|
||||||
|
+
|
||||||
Write raw packet data to I<outfile>. Use "-" for stdout.
|
--
|
||||||
|
Write raw packet data to __outfile__. Use "-" for stdout.
|
||||||
=item -y|--linktype E<lt>capture link typeE<gt>
|
--
|
||||||
|
|
||||||
|
-y|--linktype <capture link type>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the data link type to use while capturing packets. The values
|
Set the data link type to use while capturing packets. The values
|
||||||
reported by B<-L> are the values that can be used.
|
reported by *-L* are the values that can be used.
|
||||||
|
|
||||||
This option can occur multiple times. If used before the first
|
This option can occur multiple times. If used before the first
|
||||||
occurrence of the B<-i> option, it sets the default capture link type.
|
occurrence of the *-i* option, it sets the default capture link type.
|
||||||
If used after an B<-i> option, it sets the capture link type for
|
If used after an *-i* option, it sets the capture link type for
|
||||||
the interface specified by the last B<-i> option occurring before
|
the interface specified by the last *-i* option occurring before
|
||||||
this option. If the capture link type is not set specifically,
|
this option. If the capture link type is not set specifically,
|
||||||
the default capture link type is used if provided.
|
the default capture link type is used if provided.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture-comment E<lt>commentE<gt>
|
--capture-comment <comment>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Add a capture comment to the output file, if supported by the output
|
Add a capture comment to the output file, if supported by the output
|
||||||
file format.
|
file format.
|
||||||
|
|
||||||
|
@ -427,38 +494,41 @@ single file.
|
||||||
|
|
||||||
This option may be specified multiple times. Note that Wireshark
|
This option may be specified multiple times. Note that Wireshark
|
||||||
currently only displays the first comment of a capture file.
|
currently only displays the first comment of a capture file.
|
||||||
|
--
|
||||||
|
|
||||||
=item --list-time-stamp-types
|
--list-time-stamp-types::
|
||||||
|
+
|
||||||
|
--
|
||||||
List time stamp types supported for the interface. If no time stamp type can be
|
List time stamp types supported for the interface. If no time stamp type can be
|
||||||
set, no time stamp types are listed.
|
set, no time stamp types are listed.
|
||||||
|
--
|
||||||
|
|
||||||
=item --time-stamp-type E<lt>typeE<gt>
|
--time-stamp-type <type>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Change the interface's timestamp method.
|
Change the interface's timestamp method.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== CAPTURE FILTER SYNTAX
|
||||||
|
|
||||||
=head1 CAPTURE FILTER SYNTAX
|
See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist, xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8),
|
||||||
|
or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters.
|
||||||
|
|
||||||
See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8),
|
== SEE ALSO
|
||||||
or, if that doesn't exist, L<https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters>.
|
|
||||||
|
|
||||||
=head1 SEE ALSO
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:mergecap.html[mergecap](1), xref:capinfos.html[capinfos](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3),
|
||||||
|
xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
wireshark(1), tshark(1), editcap(1), mergecap(1), capinfos(1), pcap(3),
|
== NOTES
|
||||||
pcap-filter(7) or tcpdump(8)
|
|
||||||
|
|
||||||
=head1 NOTES
|
*Dumpcap* is part of the *Wireshark* distribution. The latest version
|
||||||
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
B<Dumpcap> is part of the B<Wireshark> distribution. The latest version
|
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
B<Dumpcap> is derived from the B<Wireshark> capturing engine code;
|
*Dumpcap* is derived from the *Wireshark* capturing engine code;
|
||||||
see the list of
|
see the list of
|
||||||
authors in the B<Wireshark> man page for a list of authors of that code.
|
authors in the *Wireshark* man page for a list of authors of that code.
|
||||||
|
|
429
doc/editcap.adoc
429
doc/editcap.adoc
|
@ -1,105 +1,110 @@
|
||||||
=begin man
|
= editcap(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
editcap - Edit and/or translate the format of capture files
|
editcap - Edit and/or translate the format of capture files
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<editcap>
|
[manarg]
|
||||||
S<[ B<-a> E<lt>frame:commentE<gt> ]>
|
*editcap*
|
||||||
S<[ B<-A> E<lt>start timeE<gt> ]>
|
[ *-a* <frame:comment> ]
|
||||||
S<[ B<-B> E<lt>stop timeE<gt> ]>
|
[ *-A* <start time> ]
|
||||||
S<[ B<-c> E<lt>packets per fileE<gt> ]>
|
[ *-B* <stop time> ]
|
||||||
S<[ B<-C> [offset:]E<lt>choplenE<gt> ]>
|
[ *-c* <packets per file> ]
|
||||||
S<[ B<-E> E<lt>error probabilityE<gt> ]>
|
[ *-C* [offset:]<choplen> ]
|
||||||
S<[ B<-F> E<lt>file formatE<gt> ]>
|
[ *-E* <error probability> ]
|
||||||
S<[ B<-h> ]>
|
[ *-F* <file format> ]
|
||||||
S<[ B<-i> E<lt>seconds per fileE<gt> ]>
|
[ *-h* ]
|
||||||
S<[ B<-o> E<lt>change offsetE<gt> ]>
|
[ *-i* <seconds per file> ]
|
||||||
S<[ B<-L> ]>
|
[ *-o* <change offset> ]
|
||||||
S<[ B<-r> ]>
|
[ *-L* ]
|
||||||
S<[ B<-s> E<lt>snaplenE<gt> ]>
|
[ *-r* ]
|
||||||
S<[ B<-S> E<lt>strict time adjustmentE<gt> ]>
|
[ *-s* <snaplen> ]
|
||||||
S<[ B<-t> E<lt>time adjustmentE<gt> ]>
|
[ *-S* <strict time adjustment> ]
|
||||||
S<[ B<-T> E<lt>encapsulation typeE<gt> ]>
|
[ *-t* <time adjustment> ]
|
||||||
S<[ B<-v> ]>
|
[ *-T* <encapsulation type> ]
|
||||||
S<[ B<--inject-secrets> E<lt>secrets typeE<gt>,E<lt>fileE<gt> ]>
|
[ *-v* ]
|
||||||
S<[ B<--discard-all-secrets> ]>
|
[ *--inject-secrets* <secrets type>,<file> ]
|
||||||
S<[ B<--capture-comment> E<lt>commentE<gt> ]>
|
[ *--discard-all-secrets* ]
|
||||||
S<[ B<--discard-capture-comment> ]>
|
[ *--capture-comment* <comment> ]
|
||||||
I<infile>
|
[ *--discard-capture-comment* ]
|
||||||
I<outfile>
|
__infile__
|
||||||
S<[ I<packet#>[-I<packet#>] ... ]>
|
__outfile__
|
||||||
|
[ __packet#__[-__packet#__] ... ]
|
||||||
|
|
||||||
B<editcap>
|
[manarg]
|
||||||
S< B<-d> > |
|
*editcap*
|
||||||
S< B<-D> E<lt>dup windowE<gt> > |
|
*-d*
|
||||||
S< B<-w> E<lt>dup time windowE<gt> >
|
*-D* <dup window>
|
||||||
S<[ B<-v> ]>
|
*-w* <dup time window>
|
||||||
S<[ B<-I> E<lt>bytes to ignoreE<gt> ]>
|
[ *-v* ]
|
||||||
S<[ B<--skip-radiotap-header> ]>
|
[ *-I* <bytes to ignore> ]
|
||||||
I<infile>
|
[ *--skip-radiotap-header* ]
|
||||||
I<outfile>
|
__infile__
|
||||||
|
__outfile__
|
||||||
|
|
||||||
B<editcap>
|
[manarg]
|
||||||
S<[ B<-V> ]>
|
*editcap*
|
||||||
|
[ *-V* ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Editcap> is a program that reads some or all of the captured packets from the
|
*Editcap* is a program that reads some or all of the captured packets from the
|
||||||
I<infile>, optionally converts them in various ways and writes the
|
__infile__, optionally converts them in various ways and writes the
|
||||||
resulting packets to the capture I<outfile> (or outfiles).
|
resulting packets to the capture __outfile__ (or outfiles).
|
||||||
|
|
||||||
By default, it reads all packets from the I<infile> and writes them to the
|
By default, it reads all packets from the __infile__ and writes them to the
|
||||||
I<outfile> in pcapng file format.
|
__outfile__ in pcapng file format.
|
||||||
|
|
||||||
The B<-A> and B<-B> option allow you to limit the time range from which packets
|
The *-A* and *-B* option allow you to limit the time range from which packets
|
||||||
are read from the I<infile>.
|
are read from the __infile__.
|
||||||
|
|
||||||
An optional list of packet numbers can be specified on the command tail;
|
An optional list of packet numbers can be specified on the command tail;
|
||||||
individual packet numbers separated by whitespace and/or ranges of packet
|
individual packet numbers separated by whitespace and/or ranges of packet
|
||||||
numbers can be specified as I<start>-I<end>, referring to all packets from
|
numbers can be specified as __start__-__end__, referring to all packets from
|
||||||
I<start> to I<end>. By default the selected packets with those numbers will
|
__start__ to __end__. By default the selected packets with those numbers will
|
||||||
I<not> be written to the capture file. If the B<-r> flag is specified, the
|
__not__ be written to the capture file. If the *-r* flag is specified, the
|
||||||
whole packet selection is reversed; in that case I<only> the selected packets
|
whole packet selection is reversed; in that case __only__ the selected packets
|
||||||
will be written to the capture file.
|
will be written to the capture file.
|
||||||
|
|
||||||
B<Editcap> can also be used to remove duplicate packets. Several different
|
*Editcap* can also be used to remove duplicate packets. Several different
|
||||||
options (B<-d>, B<-D> and B<-w>) are used to control the packet window
|
options (*-d*, *-D* and *-w*) are used to control the packet window
|
||||||
or relative time window to be used for duplicate comparison.
|
or relative time window to be used for duplicate comparison.
|
||||||
|
|
||||||
B<Editcap> can be used to assign comment strings to frame numbers.
|
*Editcap* can be used to assign comment strings to frame numbers.
|
||||||
|
|
||||||
B<Editcap> is able to detect, read and write the same capture files that
|
*Editcap* is able to detect, read and write the same capture files that
|
||||||
are supported by B<Wireshark>.
|
are supported by *Wireshark*.
|
||||||
The input file doesn't need a specific filename extension; the file
|
The input file doesn't need a specific filename extension; the file
|
||||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||||
is a detailed description of the way B<Wireshark> handles this, which is
|
is a detailed description of the way *Wireshark* handles this, which is
|
||||||
the same way B<Editcap> handles this.
|
the same way *Editcap* handles this.
|
||||||
|
|
||||||
B<Editcap> can write the file in several output formats. The B<-F>
|
*Editcap* can write the file in several output formats. The *-F*
|
||||||
flag can be used to specify the format in which to write the capture
|
flag can be used to specify the format in which to write the capture
|
||||||
file; B<editcap -F> provides a list of the available output formats.
|
file; *editcap -F* provides a list of the available output formats.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -a E<lt>framenum:commentE<gt>
|
|
||||||
|
|
||||||
|
-a <framenum:comment>::
|
||||||
|
+
|
||||||
|
--
|
||||||
For the specified frame number, assign the given comment string.
|
For the specified frame number, assign the given comment string.
|
||||||
Can be repeated for multiple frames. Quotes should be used with comment
|
Can be repeated for multiple frames. Quotes should be used with comment
|
||||||
strings that include spaces.
|
strings that include spaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item -A E<lt>start timeE<gt>
|
-A <start time>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Reads only the packets whose timestamp is on or after start time.
|
Reads only the packets whose timestamp is on or after start time.
|
||||||
The time is given in ISO 8601 format, either
|
The time is given in ISO 8601 format, either
|
||||||
YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
|
YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
|
||||||
|
@ -107,9 +112,11 @@ YYYY-MM-DDTHH:MM:SS[.nnnnnnnnn][Z|±hh:mm] .
|
||||||
The fractional seconds are optional, as is the time zone offset from UTC
|
The fractional seconds are optional, as is the time zone offset from UTC
|
||||||
(in which case local time is assumed). Unix epoch timestamps
|
(in which case local time is assumed). Unix epoch timestamps
|
||||||
(floating point format) are also accepted.
|
(floating point format) are also accepted.
|
||||||
|
--
|
||||||
|
|
||||||
=item -B E<lt>stop timeE<gt>
|
-B <stop time>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Reads only the packets whose timestamp is before stop time.
|
Reads only the packets whose timestamp is before stop time.
|
||||||
The time is given in ISO 8601 format, either
|
The time is given in ISO 8601 format, either
|
||||||
YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
|
YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
|
||||||
|
@ -117,24 +124,28 @@ YYYY-MM-DDTHH:MM:SS[.nnnnnnnnn][Z|±hh:mm] .
|
||||||
The fractional seconds are optional, as is the time zone offset from UTC
|
The fractional seconds are optional, as is the time zone offset from UTC
|
||||||
(in which case local time is assumed). Unix epoch timestamps
|
(in which case local time is assumed). Unix epoch timestamps
|
||||||
(floating point format) are also accepted.
|
(floating point format) are also accepted.
|
||||||
|
--
|
||||||
|
|
||||||
=item -c E<lt>packets per fileE<gt>
|
-c <packets per file>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Splits the packet output to different files based on uniform packet counts
|
Splits the packet output to different files based on uniform packet counts
|
||||||
with a maximum of <packets per file> each.
|
with a maximum of <packets per file> each.
|
||||||
|
|
||||||
Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
|
Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
|
||||||
before the file extension (which may be null) of I<outfile>. The infix
|
before the file extension (which may be null) of __outfile__. The infix
|
||||||
consists of the ordinal number of the output file, starting with 00000,
|
consists of the ordinal number of the output file, starting with 00000,
|
||||||
followed by the timestamp of its first packet. The timestamp is omitted if
|
followed by the timestamp of its first packet. The timestamp is omitted if
|
||||||
the input file does not contain timestamp information.
|
the input file does not contain timestamp information.
|
||||||
|
|
||||||
After the specified number of packets is written to the output file, the next
|
After the specified number of packets is written to the output file, the next
|
||||||
output file is opened. The default is to use a single output file.
|
output file is opened. The default is to use a single output file.
|
||||||
This option conflicts with B<-i>.
|
This option conflicts with *-i*.
|
||||||
|
--
|
||||||
=item -C [offset:]E<lt>choplenE<gt>
|
|
||||||
|
|
||||||
|
-C [offset:]<choplen>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the chop length to use when writing the packet data. Each packet is
|
Sets the chop length to use when writing the packet data. Each packet is
|
||||||
chopped by <choplen> bytes of data. Positive values chop at the packet
|
chopped by <choplen> bytes of data. Positive values chop at the packet
|
||||||
beginning while negative values chop at the packet end.
|
beginning while negative values chop at the packet end.
|
||||||
|
@ -153,21 +164,25 @@ bytes from up to two different areas of a packet in a single pass provided that
|
||||||
you specify at least one chop length as a positive value and at least one as a
|
you specify at least one chop length as a positive value and at least one as a
|
||||||
negative value. All positive chop lengths are added together as are all
|
negative value. All positive chop lengths are added together as are all
|
||||||
negative chop lengths.
|
negative chop lengths.
|
||||||
|
--
|
||||||
|
|
||||||
=item -d
|
-d::
|
||||||
|
+
|
||||||
|
--
|
||||||
Attempts to remove duplicate packets. The length and MD5 hash of the
|
Attempts to remove duplicate packets. The length and MD5 hash of the
|
||||||
current packet are compared to the previous four (4) packets. If a
|
current packet are compared to the previous four (4) packets. If a
|
||||||
match is found, the current packet is skipped. This option is equivalent
|
match is found, the current packet is skipped. This option is equivalent
|
||||||
to using the option B<-D 5>.
|
to using the option *-D 5*.
|
||||||
|
--
|
||||||
=item -D E<lt>dup windowE<gt>
|
|
||||||
|
|
||||||
|
-D <dup window>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Attempts to remove duplicate packets. The length and MD5 hash of the
|
Attempts to remove duplicate packets. The length and MD5 hash of the
|
||||||
current packet are compared to the previous <dup window> - 1 packets.
|
current packet are compared to the previous <dup window> - 1 packets.
|
||||||
If a match is found, the current packet is skipped.
|
If a match is found, the current packet is skipped.
|
||||||
|
|
||||||
The use of the option B<-D 0> combined with the B<-v> option is useful
|
The use of the option *-D 0* combined with the *-v* option is useful
|
||||||
in that each packet's Packet number, Len and MD5 Hash will be printed
|
in that each packet's Packet number, Len and MD5 Hash will be printed
|
||||||
to standard out. This verbose output (specifically the MD5 hash strings)
|
to standard out. This verbose output (specifically the MD5 hash strings)
|
||||||
can be useful in scripts to identify duplicate packets across trace
|
can be useful in scripts to identify duplicate packets across trace
|
||||||
|
@ -176,75 +191,93 @@ files.
|
||||||
The <dup window> is specified as an integer value between 0 and 1000000 (inclusive).
|
The <dup window> is specified as an integer value between 0 and 1000000 (inclusive).
|
||||||
|
|
||||||
NOTE: Specifying large <dup window> values with large tracefiles can
|
NOTE: Specifying large <dup window> values with large tracefiles can
|
||||||
result in very long processing times for B<editcap>.
|
result in very long processing times for *editcap*.
|
||||||
|
--
|
||||||
=item -E E<lt>error probabilityE<gt>
|
|
||||||
|
|
||||||
|
-E <error probability>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the probability that bytes in the output file are randomly changed.
|
Sets the probability that bytes in the output file are randomly changed.
|
||||||
B<Editcap> uses that probability (between 0.0 and 1.0 inclusive)
|
*Editcap* uses that probability (between 0.0 and 1.0 inclusive)
|
||||||
to apply errors to each data byte in the file. For instance, a
|
to apply errors to each data byte in the file. For instance, a
|
||||||
probability of 0.02 means that each byte has a 2% chance of having an error.
|
probability of 0.02 means that each byte has a 2% chance of having an error.
|
||||||
|
|
||||||
This option is meant to be used for fuzz-testing protocol dissectors.
|
This option is meant to be used for fuzz-testing protocol dissectors.
|
||||||
|
--
|
||||||
|
|
||||||
=item -F E<lt>file formatE<gt>
|
-F <file format>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the file format of the output capture file.
|
Sets the file format of the output capture file.
|
||||||
B<Editcap> can write the file in several formats, B<editcap -F>
|
*Editcap* can write the file in several formats, *editcap -F*
|
||||||
provides a list of the available output formats. The default
|
provides a list of the available output formats. The default
|
||||||
is the B<pcapng> format.
|
is the *pcapng* format.
|
||||||
|
--
|
||||||
=item -h
|
|
||||||
|
|
||||||
|
-h::
|
||||||
|
+
|
||||||
|
--
|
||||||
Prints the version and options and exits.
|
Prints the version and options and exits.
|
||||||
|
--
|
||||||
|
|
||||||
=item -i E<lt>seconds per fileE<gt>
|
-i <seconds per file>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Splits the packet output to different files based on uniform time
|
Splits the packet output to different files based on uniform time
|
||||||
intervals using a maximum interval of <seconds per file> each. Floating
|
intervals using a maximum interval of <seconds per file> each. Floating
|
||||||
point values (e.g. 0.5) are allowed.
|
point values (e.g. 0.5) are allowed.
|
||||||
|
|
||||||
Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
|
Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
|
||||||
before the file extension (which may be null) of I<outfile>. The infix
|
before the file extension (which may be null) of __outfile__. The infix
|
||||||
consists of the ordinal number of the output file, starting with 00000,
|
consists of the ordinal number of the output file, starting with 00000,
|
||||||
followed by the timestamp of its first packet. The timestamp is omitted if
|
followed by the timestamp of its first packet. The timestamp is omitted if
|
||||||
the input file does not contain timestamp information.
|
the input file does not contain timestamp information.
|
||||||
|
|
||||||
After packets for the specified time interval are written to the output file,
|
After packets for the specified time interval are written to the output file,
|
||||||
the next output file is opened. The default is to use a single output file.
|
the next output file is opened. The default is to use a single output file.
|
||||||
This option conflicts with B<-c>.
|
This option conflicts with *-c*.
|
||||||
|
--
|
||||||
=item -I E<lt>bytes to ignoreE<gt>
|
|
||||||
|
|
||||||
|
-I <bytes to ignore>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Ignore the specified number of bytes at the beginning of the frame during MD5 hash calculation,
|
Ignore the specified number of bytes at the beginning of the frame during MD5 hash calculation,
|
||||||
unless the frame is too short, then the full frame is used.
|
unless the frame is too short, then the full frame is used.
|
||||||
Useful to remove duplicated packets taken on several routers (different mac addresses for example)
|
Useful to remove duplicated packets taken on several routers (different mac addresses for example)
|
||||||
e.g. -I 26 in case of Ether/IP will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
|
e.g. -I 26 in case of Ether/IP will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
|
||||||
The default value is 0.
|
The default value is 0.
|
||||||
|
--
|
||||||
|
|
||||||
=item -L
|
-L::
|
||||||
|
+
|
||||||
|
--
|
||||||
Adjust the original frame length accordingly when chopping and/or snapping
|
Adjust the original frame length accordingly when chopping and/or snapping
|
||||||
(in addition to the captured length, which is always adjusted regardless of
|
(in addition to the captured length, which is always adjusted regardless of
|
||||||
whether B<-L> is specified or not). See also B<-C <choplen>> and B<-s <snaplen>>.
|
whether *-L* is specified or not). See also *-C <choplen*> and *-s <snaplen*>.
|
||||||
|
--
|
||||||
=item -o E<lt>change offsetE<gt>
|
|
||||||
|
|
||||||
|
-o <change offset>::
|
||||||
|
+
|
||||||
|
--
|
||||||
When used in conjunction with -E, skip some bytes from the beginning of the packet
|
When used in conjunction with -E, skip some bytes from the beginning of the packet
|
||||||
from being changed. In this way some headers don't get changed, and the fuzzer is
|
from being changed. In this way some headers don't get changed, and the fuzzer is
|
||||||
more focused on a smaller part of the packet. Keeping a part of the packet fixed
|
more focused on a smaller part of the packet. Keeping a part of the packet fixed
|
||||||
the same dissector is triggered, that make the fuzzing more precise.
|
the same dissector is triggered, that make the fuzzing more precise.
|
||||||
|
--
|
||||||
|
|
||||||
=item -r
|
-r::
|
||||||
|
+
|
||||||
|
--
|
||||||
Reverse the packet selection.
|
Reverse the packet selection.
|
||||||
Causes the packets whose packet numbers are specified on the command
|
Causes the packets whose packet numbers are specified on the command
|
||||||
line to be written to the output capture file, instead of discarding them.
|
line to be written to the output capture file, instead of discarding them.
|
||||||
|
--
|
||||||
|
|
||||||
=item -s E<lt>snaplenE<gt>
|
-s <snaplen>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the snapshot length to use when writing the data.
|
Sets the snapshot length to use when writing the data.
|
||||||
If the B<-s> flag is used to specify a snapshot length, packets in the
|
If the *-s* flag is used to specify a snapshot length, packets in the
|
||||||
input file with more captured data than the specified snapshot length
|
input file with more captured data than the specified snapshot length
|
||||||
will have only the amount of data specified by the snapshot length
|
will have only the amount of data specified by the snapshot length
|
||||||
written to the output file.
|
written to the output file.
|
||||||
|
@ -255,32 +288,38 @@ to read the output file cannot handle packets larger than a certain size
|
||||||
appear to reject Ethernet packets larger than the standard Ethernet MTU,
|
appear to reject Ethernet packets larger than the standard Ethernet MTU,
|
||||||
making them incapable of handling gigabit Ethernet captures if jumbo
|
making them incapable of handling gigabit Ethernet captures if jumbo
|
||||||
packets were used).
|
packets were used).
|
||||||
|
--
|
||||||
|
|
||||||
=item --seed E<lt>seedE<gt>
|
--seed <seed>::
|
||||||
|
+
|
||||||
|
--
|
||||||
When used in conjunction with -E, set the seed for the pseudo-random number generator.
|
When used in conjunction with -E, set the seed for the pseudo-random number generator.
|
||||||
This is useful for recreating a particular sequence of errors.
|
This is useful for recreating a particular sequence of errors.
|
||||||
|
--
|
||||||
|
|
||||||
=item --skip-radiotap-header
|
--skip-radiotap-header::
|
||||||
|
+
|
||||||
|
--
|
||||||
Skip the radiotap header of each frame when checking for packet duplicates. This is useful
|
Skip the radiotap header of each frame when checking for packet duplicates. This is useful
|
||||||
when processing a capture created by combining outputs of multiple capture devices on the same
|
when processing a capture created by combining outputs of multiple capture devices on the same
|
||||||
channel in the vicinity of each other.
|
channel in the vicinity of each other.
|
||||||
|
--
|
||||||
|
|
||||||
=item -S E<lt>strict time adjustmentE<gt>
|
-S <strict time adjustment>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Time adjust selected packets to ensure strict chronological order.
|
Time adjust selected packets to ensure strict chronological order.
|
||||||
|
|
||||||
The <strict time adjustment> value represents relative seconds
|
The <strict time adjustment> value represents relative seconds
|
||||||
specified as [-]I<seconds>[I<.fractional seconds>].
|
specified as [-]__seconds__[__.fractional seconds__].
|
||||||
|
|
||||||
As the capture file is processed each packet's absolute time is
|
As the capture file is processed each packet's absolute time is
|
||||||
I<possibly> adjusted to be equal to or greater than the previous
|
__possibly__ adjusted to be equal to or greater than the previous
|
||||||
packet's absolute timestamp depending on the <strict time
|
packet's absolute timestamp depending on the <strict time
|
||||||
adjustment> value.
|
adjustment> value.
|
||||||
|
|
||||||
If <strict time adjustment> value is 0 or greater (e.g. 0.000001)
|
If <strict time adjustment> value is 0 or greater (e.g. 0.000001)
|
||||||
then B<only> packets with a timestamp less than the previous packet
|
then *only* packets with a timestamp less than the previous packet
|
||||||
will adjusted. The adjusted timestamp value will be set to be
|
will adjusted. The adjusted timestamp value will be set to be
|
||||||
equal to the timestamp value of the previous packet plus the value
|
equal to the timestamp value of the previous packet plus the value
|
||||||
of the <strict time adjustment> value. A <strict time adjustment>
|
of the <strict time adjustment> value. A <strict time adjustment>
|
||||||
|
@ -289,38 +328,42 @@ necessary to ensure that the resulting capture file is in
|
||||||
strict chronological order.
|
strict chronological order.
|
||||||
|
|
||||||
If <strict time adjustment> value is specified as a
|
If <strict time adjustment> value is specified as a
|
||||||
negative value, then the timestamp values of B<all>
|
negative value, then the timestamp values of *all*
|
||||||
packets will be adjusted to be equal to the timestamp value
|
packets will be adjusted to be equal to the timestamp value
|
||||||
of the previous packet plus the absolute value of the
|
of the previous packet plus the absolute value of the
|
||||||
E<lt>strict time adjustmentE<gt> value. A <strict time
|
<strict time adjustment> value. A <strict time
|
||||||
adjustment> value of -0 will result in all packets
|
adjustment> value of -0 will result in all packets
|
||||||
having the timestamp value of the first packet.
|
having the timestamp value of the first packet.
|
||||||
|
|
||||||
This feature is useful when the trace file has an occasional
|
This feature is useful when the trace file has an occasional
|
||||||
packet with a negative delta time relative to the previous
|
packet with a negative delta time relative to the previous
|
||||||
packet.
|
packet.
|
||||||
|
--
|
||||||
|
|
||||||
=item -t E<lt>time adjustmentE<gt>
|
-t <time adjustment>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the time adjustment to use on selected packets.
|
Sets the time adjustment to use on selected packets.
|
||||||
If the B<-t> flag is used to specify a time adjustment, the specified
|
If the *-t* flag is used to specify a time adjustment, the specified
|
||||||
adjustment will be applied to all selected packets in the capture file.
|
adjustment will be applied to all selected packets in the capture file.
|
||||||
The adjustment is specified as [-]I<seconds>[I<.fractional seconds>].
|
The adjustment is specified as [-]__seconds__[__.fractional seconds__].
|
||||||
For example, B<-t> 3600 advances the timestamp on selected packets by one
|
For example, *-t* 3600 advances the timestamp on selected packets by one
|
||||||
hour while B<-t> -0.5 reduces the timestamp on selected packets by
|
hour while *-t* -0.5 reduces the timestamp on selected packets by
|
||||||
one-half second.
|
one-half second.
|
||||||
|
|
||||||
This feature is useful when synchronizing dumps
|
This feature is useful when synchronizing dumps
|
||||||
collected on different machines where the time difference between the
|
collected on different machines where the time difference between the
|
||||||
two machines is known or can be estimated.
|
two machines is known or can be estimated.
|
||||||
|
--
|
||||||
|
|
||||||
=item -T E<lt>encapsulation typeE<gt>
|
-T <encapsulation type>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the packet encapsulation type of the output capture file.
|
Sets the packet encapsulation type of the output capture file.
|
||||||
If the B<-T> flag is used to specify an encapsulation type, the
|
If the *-T* flag is used to specify an encapsulation type, the
|
||||||
encapsulation type of the output capture file will be forced to the
|
encapsulation type of the output capture file will be forced to the
|
||||||
specified type.
|
specified type.
|
||||||
B<editcap -T> provides a list of the available types. The default
|
*editcap -T* provides a list of the available types. The default
|
||||||
type is the one appropriate to the encapsulation type of the input
|
type is the one appropriate to the encapsulation type of the input
|
||||||
capture file.
|
capture file.
|
||||||
|
|
||||||
|
@ -329,82 +372,95 @@ forces the encapsulation type of the output file to be the specified
|
||||||
type; the packet headers of the packets will not be translated from the
|
type; the packet headers of the packets will not be translated from the
|
||||||
encapsulation type of the input capture file to the specified
|
encapsulation type of the input capture file to the specified
|
||||||
encapsulation type (for example, it will not translate an Ethernet
|
encapsulation type (for example, it will not translate an Ethernet
|
||||||
capture to an FDDI capture if an Ethernet capture is read and 'B<-T
|
capture to an FDDI capture if an Ethernet capture is read and '*-T
|
||||||
fddi>' is specified). If you need to remove/add headers from/to a
|
fddi*' is specified). If you need to remove/add headers from/to a
|
||||||
packet, you will need od(1)/text2pcap(1).
|
packet, you will need od(1)/xref:text2pcap.html[text2pcap](1).
|
||||||
|
--
|
||||||
|
|
||||||
=item -v
|
-v::
|
||||||
|
+
|
||||||
|
--
|
||||||
|
Causes *editcap* to print verbose messages while it's working.
|
||||||
|
|
||||||
Causes B<editcap> to print verbose messages while it's working.
|
Use of *-v* with the de-duplication switches of *-d*, *-D* or *-w*
|
||||||
|
|
||||||
Use of B<-v> with the de-duplication switches of B<-d>, B<-D> or B<-w>
|
|
||||||
will cause all MD5 hashes to be printed whether the packet is skipped
|
will cause all MD5 hashes to be printed whether the packet is skipped
|
||||||
or not.
|
or not.
|
||||||
|
--
|
||||||
|
|
||||||
=item -V
|
-V::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and exit.
|
Print the version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=item -w E<lt>dup time windowE<gt>
|
-w <dup time window>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Attempts to remove duplicate packets. The current packet's arrival time
|
Attempts to remove duplicate packets. The current packet's arrival time
|
||||||
is compared with up to 1000000 previous packets. If the packet's relative
|
is compared with up to 1000000 previous packets. If the packet's relative
|
||||||
arrival time is I<less than or equal to> the <dup time window> of a previous packet
|
arrival time is __less than or equal to__ the <dup time window> of a previous packet
|
||||||
and the packet length and MD5 hash of the current packet are the same then
|
and the packet length and MD5 hash of the current packet are the same then
|
||||||
the packet to skipped. The duplicate comparison test stops when
|
the packet to skipped. The duplicate comparison test stops when
|
||||||
the current packet's relative arrival time is greater than <dup time window>.
|
the current packet's relative arrival time is greater than <dup time window>.
|
||||||
|
|
||||||
The <dup time window> is specified as I<seconds>[I<.fractional seconds>].
|
The <dup time window> is specified as __seconds__[__.fractional seconds__].
|
||||||
|
|
||||||
The [.fractional seconds] component can be specified to nine (9) decimal
|
The [.fractional seconds] component can be specified to nine (9) decimal
|
||||||
places (billionths of a second) but most typical trace files have resolution
|
places (billionths of a second) but most typical trace files have resolution
|
||||||
to six (6) decimal places (millionths of a second).
|
to six (6) decimal places (millionths of a second).
|
||||||
|
|
||||||
NOTE: Specifying large <dup time window> values with large tracefiles can
|
NOTE: Specifying large <dup time window> values with large tracefiles can
|
||||||
result in very long processing times for B<editcap>.
|
result in very long processing times for *editcap*.
|
||||||
|
|
||||||
NOTE: The B<-w> option assumes that the packets are in chronological order.
|
NOTE: The *-w* option assumes that the packets are in chronological order.
|
||||||
If the packets are NOT in chronological order then the B<-w> duplication
|
If the packets are NOT in chronological order then the *-w* duplication
|
||||||
removal option may not identify some duplicates.
|
removal option may not identify some duplicates.
|
||||||
|
--
|
||||||
|
|
||||||
=item --inject-secrets E<lt>secrets typeE<gt>,E<lt>fileE<gt>
|
--inject-secrets <secrets type>,<file>::
|
||||||
|
+
|
||||||
Inserts the contents of E<lt>fileE<gt> into a Decryption Secrets Block (DSB)
|
--
|
||||||
|
Inserts the contents of <file> into a Decryption Secrets Block (DSB)
|
||||||
within the pcapng output file. This enables decryption without requiring
|
within the pcapng output file. This enables decryption without requiring
|
||||||
additional configuration in protocol preferences.
|
additional configuration in protocol preferences.
|
||||||
|
|
||||||
The file format is described by E<lt>secrets typeE<gt> which can be one of:
|
The file format is described by <secrets type> which can be one of:
|
||||||
|
|
||||||
I<tls> TLS Key Log as described at L<https://developer.mozilla.org/NSS_Key_Log_Format>
|
__tls__ TLS Key Log as described at https://developer.mozilla.org/NSS_Key_Log_Format
|
||||||
I<wg> WireGuard Key Log, see L<https://gitlab.com/wireshark/wireshark/-/wikis/WireGuard#key-log-format>
|
__wg__ WireGuard Key Log, see https://gitlab.com/wireshark/wireshark/-/wikis/WireGuard#key-log-format
|
||||||
|
|
||||||
This option may be specified multiple times. The available options for
|
This option may be specified multiple times. The available options for
|
||||||
E<lt>secrets typeE<gt> can be listed with B<--inject-secrets help>.
|
<secrets type> can be listed with *--inject-secrets help*.
|
||||||
|
--
|
||||||
=item --discard-all-secrets
|
|
||||||
|
|
||||||
|
--discard-all-secrets::
|
||||||
|
+
|
||||||
|
--
|
||||||
Discard all decryption secrets from the input file when writing the
|
Discard all decryption secrets from the input file when writing the
|
||||||
output file. Does not discard secrets added by B<--inject-secrets> in
|
output file. Does not discard secrets added by *--inject-secrets* in
|
||||||
the same command line.
|
the same command line.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture-comment E<lt>commentE<gt>
|
--capture-comment <comment>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Adds the given comment to the output file, if supported by the output
|
Adds the given comment to the output file, if supported by the output
|
||||||
file format. New comments will be added I<after> any comments present
|
file format. New comments will be added __after__ any comments present
|
||||||
in the input file unless B<--discard-capture-comment> is also specified.
|
in the input file unless *--discard-capture-comment* is also specified.
|
||||||
|
|
||||||
This option may be specified multiple times. Note that Wireshark
|
This option may be specified multiple times. Note that Wireshark
|
||||||
currently only displays the first comment of a capture file.
|
currently only displays the first comment of a capture file.
|
||||||
|
--
|
||||||
|
|
||||||
=item --discard-capture-comment
|
--discard-capture-comment::
|
||||||
|
+
|
||||||
|
--
|
||||||
Discard all capture file comments from the input file when writing the output
|
Discard all capture file comments from the input file when writing the output
|
||||||
file. Does not discard comments added by B<--capture-comment> in the same
|
file. Does not discard comments added by *--capture-comment* in the same
|
||||||
command line.
|
command line.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see more detailed description of the options use:
|
To see more detailed description of the options use:
|
||||||
|
|
||||||
|
@ -450,7 +506,7 @@ To remove duplicate packets seen within the prior 100 frames use:
|
||||||
|
|
||||||
editcap -D 101 capture.pcapng dedup.pcapng
|
editcap -D 101 capture.pcapng dedup.pcapng
|
||||||
|
|
||||||
To remove duplicate packets seen I<equal to or less than> 1/10th of a second:
|
To remove duplicate packets seen __equal to or less than__ 1/10th of a second:
|
||||||
|
|
||||||
editcap -w 0.1 capture.pcapng dedup.pcapng
|
editcap -w 0.1 capture.pcapng dedup.pcapng
|
||||||
|
|
||||||
|
@ -502,27 +558,26 @@ To add comment strings to the first 2 input frames, use:
|
||||||
|
|
||||||
editcap -a "1:1st frame" -a 2:Second capture.pcapng capture-comments.pcapng
|
editcap -a "1:1st frame" -a 2:Second capture.pcapng capture-comments.pcapng
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
pcap(3), wireshark(1), tshark(1), mergecap(1), dumpcap(1), capinfos(1),
|
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:mergecap.html[mergecap](1), xref:dumpcap.html[dumpcap](1), xref:capinfos.html[capinfos](1),
|
||||||
text2pcap(1), reordercap(1), od(1), pcap-filter(7) or tcpdump(8)
|
xref:text2pcap.html[text2pcap](1), xref:reordercap.html[reordercap](1), od(1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<Editcap> is part of the B<Wireshark> distribution. The latest version
|
*Editcap* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Richard Sharpe <sharpe[AT]ns.aus.com>
|
Richard Sharpe <sharpe[AT]ns.aus.com>
|
||||||
|
|
||||||
|
.Contributors
|
||||||
Contributors
|
[%hardbreaks]
|
||||||
------------
|
Guy Harris <guy[AT]alum.mit.edu>
|
||||||
Guy Harris <guy[AT]alum.mit.edu>
|
Ulf Lamping <ulf.lamping[AT]web.de>
|
||||||
Ulf Lamping <ulf.lamping[AT]web.de>
|
|
||||||
|
|
138
doc/etwdump.adoc
138
doc/etwdump.adoc
|
@ -1,84 +1,104 @@
|
||||||
=begin man
|
= etwdump(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
etwdump - Provide an interface to read ETW
|
etwdump - Provide an interface to read ETW
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<etwdump>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*etwdump*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--version* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--iue>=E<lt>Should undecidable events be includedE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
S<[ B<--etlfile>=E<lt>etl fileE<gt> ]>
|
[ *--iue*=<Should undecidable events be included> ]
|
||||||
S<[ B<--params>=E<lt>filter parametersE<gt> ]>
|
[ *--etlfile*=<etl file> ]
|
||||||
|
[ *--params*=<filter parameters> ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<etwdump> is a extcap tool that provides access to a etl file.
|
*etwdump* is a extcap tool that provides access to a etl file.
|
||||||
It is only used to display event trace on Windows.
|
It is only used to display event trace on Windows.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --iue=E<lt>Should undecidable events be includedE<gt>
|
--iue=<Should undecidable events be included>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Choose if the undecidable event is included.
|
Choose if the undecidable event is included.
|
||||||
|
--
|
||||||
|
|
||||||
=item --etlfile=E<lt>Etl fileE<gt>
|
--etlfile=<Etl file>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Select etl file to display in Wireshark.
|
Select etl file to display in Wireshark.
|
||||||
|
--
|
||||||
|
|
||||||
=item --params=E<lt>filter parametersE<gt>
|
--params=<filter parameters>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Input providers, keyword and level filters for the etl file and live session.
|
Input providers, keyword and level filters for the etl file and live session.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -117,20 +137,20 @@ To capture:
|
||||||
|
|
||||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<etwdump> is part of the B<Wireshark> distribution. The latest version
|
*etwdump* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
---------------
|
[%hardbreaks]
|
||||||
Odysseus Yang L<wiresharkyyh@outlook.com>
|
Odysseus Yang L<wiresharkyyh@outlook.com>
|
||||||
|
|
104
doc/extcap.adoc
104
doc/extcap.adoc
|
@ -1,14 +1,15 @@
|
||||||
=begin man
|
= extcap(4)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
extcap - The extcap interface
|
extcap - The extcap interface
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
The extcap interface is a versatile plugin interface that allows external binaries
|
The extcap interface is a versatile plugin interface that allows external binaries
|
||||||
to act as capture interfaces directly in Wireshark. It is used in scenarios, where
|
to act as capture interfaces directly in Wireshark. It is used in scenarios, where
|
||||||
|
@ -41,39 +42,49 @@ can be found (it is not designed to be launched by hand). This is done on purpo
|
||||||
only be extcap programs (executable, python scripts, ...) in the extcap folder to reduce the startup
|
only be extcap programs (executable, python scripts, ...) in the extcap folder to reduce the startup
|
||||||
time and not have Wireshark trying to execute other file types.
|
time and not have Wireshark trying to execute other file types.
|
||||||
|
|
||||||
|
== GRAMMAR ELEMENTS
|
||||||
=head1 GRAMMAR ELEMENTS
|
|
||||||
|
|
||||||
Grammar elements:
|
Grammar elements:
|
||||||
|
|
||||||
=over 4
|
arg (options)::
|
||||||
|
+
|
||||||
=item arg (options)
|
--
|
||||||
|
|
||||||
argument for CLI calling
|
argument for CLI calling
|
||||||
|
--
|
||||||
|
|
||||||
=item number
|
number::
|
||||||
|
+
|
||||||
|
--
|
||||||
Reference # of argument for other values, display order
|
Reference # of argument for other values, display order
|
||||||
|
--
|
||||||
|
|
||||||
=item call
|
call::
|
||||||
|
+
|
||||||
|
--
|
||||||
Literal argument to call (--call=...)
|
Literal argument to call (--call=...)
|
||||||
|
--
|
||||||
|
|
||||||
=item display
|
display::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displayed name
|
Displayed name
|
||||||
|
--
|
||||||
|
|
||||||
=item default
|
default::
|
||||||
|
+
|
||||||
|
--
|
||||||
Default value, in proper form for type
|
Default value, in proper form for type
|
||||||
|
--
|
||||||
|
|
||||||
=item range
|
range::
|
||||||
|
+
|
||||||
|
--
|
||||||
Range of valid values for UI checking (min,max) in proper form
|
Range of valid values for UI checking (min,max) in proper form
|
||||||
|
--
|
||||||
|
|
||||||
=item type
|
type::
|
||||||
|
+
|
||||||
|
--
|
||||||
Argument type for UI filtering for raw, or UI type for selector:
|
Argument type for UI filtering for raw, or UI type for selector:
|
||||||
|
|
||||||
integer
|
integer
|
||||||
|
@ -87,15 +98,16 @@ Argument type for UI filtering for raw, or UI type for selector:
|
||||||
multicheck (display a textbox for selecting multiple options, values as strings)
|
multicheck (display a textbox for selecting multiple options, values as strings)
|
||||||
password (display a textbox with masked text)
|
password (display a textbox with masked text)
|
||||||
timestamp (display a calendar)
|
timestamp (display a calendar)
|
||||||
|
--
|
||||||
|
|
||||||
=item value (options)
|
value (options)::
|
||||||
|
+
|
||||||
|
--
|
||||||
Values for argument selection
|
Values for argument selection
|
||||||
arg Argument # this value applies to
|
arg Argument # this value applies to
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
Example 1:
|
Example 1:
|
||||||
|
|
||||||
|
@ -128,30 +140,22 @@ Example 5:
|
||||||
arg {number=0}{call=--start}{display=Start Time}{type=timestamp}
|
arg {number=0}{call=--start}{display=Start Time}{type=timestamp}
|
||||||
arg {number=1}{call=--end}{display=End Time}{type=timestamp}
|
arg {number=1}{call=--end}{display=End Time}{type=timestamp}
|
||||||
|
|
||||||
=head1 Security awareness
|
== Security awareness
|
||||||
|
|
||||||
=over 4
|
- Users running wireshark as root, we can't save you
|
||||||
|
- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
|
||||||
|
- Third-party capture programs run w/ whatever privs they're installed with
|
||||||
|
- If an attacker can write to a system binary directory, we're game over anyhow
|
||||||
|
- Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run
|
||||||
|
|
||||||
=item - Users running wireshark as root, we can't save you
|
== SEE ALSO
|
||||||
|
|
||||||
=item - Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:androiddump.html[androiddump](1), xref:sshdump.html[sshdump](1), xref:randpktdump.html[randpktdump](1)
|
||||||
|
|
||||||
=item - Third-party capture programs run w/ whatever privs they're installed with
|
== NOTES
|
||||||
|
|
||||||
=item - If an attacker can write to a system binary directory, we're game over anyhow
|
*Extcap* is feature of *Wireshark*. The latest version
|
||||||
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
=item - Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 SEE ALSO
|
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1), randpktdump(1)
|
|
||||||
|
|
||||||
=head1 NOTES
|
|
||||||
|
|
||||||
B<Extcap> is feature of B<Wireshark>. The latest version
|
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
112
doc/idl2deb.adoc
112
doc/idl2deb.adoc
|
@ -1,80 +1,92 @@
|
||||||
=begin man
|
= idl2deb(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
idl2deb - Create a Debian package for CORBA monitoring from IDL
|
idl2deb - Create a Debian package for CORBA monitoring from IDL
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<idl2deb>
|
[manarg]
|
||||||
S<[ B<-d> E<lt>optsE<gt> ]>
|
*idl2deb*
|
||||||
S<[ B<--dbopts>=E<lt>optsE<gt> ]>
|
[ *-d* <opts> ]
|
||||||
S<[ B<-e> E<lt>addressE<gt> ]>
|
[ *--dbopts*=<opts> ]
|
||||||
S<[ B<--email>=E<lt>addressE<gt> ]>
|
[ *-e* <address> ]
|
||||||
S<[ B<-h> ]>
|
[ *--email*=<address> ]
|
||||||
S<[ B<--help> ]>
|
[ *-h* ]
|
||||||
S<[ B<-i> E<lt>idlfileE<gt> ]>
|
[ *--help* ]
|
||||||
S<[ B<--idl>=E<lt>idlfileE<gt> ]>
|
[ *-i* <idlfile> ]
|
||||||
S<[ B<-n> E<lt>nameE<gt> ]>
|
[ *--idl*=<idlfile> ]
|
||||||
S<[ B<--name>=E<lt>nameE<gt> ]>
|
[ *-n* <name> ]
|
||||||
S<[ B<-p> ]>
|
[ *--name*=<name> ]
|
||||||
S<[ B<--preserve> ]>
|
[ *-p* ]
|
||||||
S<[ B<-v> ]>
|
[ *--preserve* ]
|
||||||
S<[ B<--version> ]>
|
[ *-v* ]
|
||||||
|
[ *--version* ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
This manual page documents briefly the B<idl2deb> command. B<idl2deb>
|
This manual page documents briefly the *idl2deb* command. *idl2deb*
|
||||||
takes an CORBA IDL file as input and creates a Debian package from it. The
|
takes an CORBA IDL file as input and creates a Debian package from it. The
|
||||||
package contains a loadable module for the Wireshark network analyser.
|
package contains a loadable module for the Wireshark network analyser.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -d E<lt>optsE<gt> --dbopts=E<lt>optsE<gt>
|
|
||||||
|
|
||||||
|
-d <opts> --dbopts=<opts>::
|
||||||
|
+
|
||||||
|
--
|
||||||
options for dpkg-buildpackage.
|
options for dpkg-buildpackage.
|
||||||
|
--
|
||||||
|
|
||||||
=item -e E<lt>addressE<gt> --email=E<lt>addressE<gt>
|
-e <address> --email=<address>::
|
||||||
|
+
|
||||||
|
--
|
||||||
use e-mail address.
|
use e-mail address.
|
||||||
|
--
|
||||||
|
|
||||||
=item -h --help
|
-h --help::
|
||||||
|
+
|
||||||
|
--
|
||||||
print help and exit.
|
print help and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=item -i E<lt>idlfileE<gt> --idl=E<lt>idlfileE<gt>
|
-i <idlfile> --idl=<idlfile>::
|
||||||
|
+
|
||||||
|
--
|
||||||
IDL file to use (mandatory)
|
IDL file to use (mandatory)
|
||||||
|
--
|
||||||
|
|
||||||
=item -n E<lt>nameE<gt> --name=E<lt>nameE<gt>
|
-n <name> --name=<name>::
|
||||||
|
+
|
||||||
|
--
|
||||||
use user name.
|
use user name.
|
||||||
|
--
|
||||||
|
|
||||||
=item -p --preserve
|
-p --preserve::
|
||||||
|
+
|
||||||
|
--
|
||||||
do not overwrite files.
|
do not overwrite files.
|
||||||
|
--
|
||||||
|
|
||||||
=item -v --version
|
-v --version::
|
||||||
|
+
|
||||||
|
--
|
||||||
print version and exit.
|
print version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
/usr/bin/idl2deb -e me@foo.net -i bar.idl \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
|
/usr/bin/idl2deb -e me@foo.net -i bar.idl \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
A lot of tools are used, which you have to B<apt-get install>: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev.
|
A lot of tools are used, which you have to *apt-get install*: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev.
|
||||||
|
|
||||||
=head1 COPYING
|
== COPYING
|
||||||
|
|
||||||
This manual page was written by W. Borgert debacle@debian.org
|
This manual page was written by W. Borgert debacle@debian.org
|
||||||
for Debian GNU/Linux (but may be used by others). Permission is granted
|
for Debian GNU/Linux (but may be used by others). Permission is granted
|
||||||
|
@ -82,10 +94,10 @@ to copy, distribute and/or modify this document under the terms of the
|
||||||
GNU General Public License, Version 2 or any later version published by
|
GNU General Public License, Version 2 or any later version published by
|
||||||
the Free Software Foundation.
|
the Free Software Foundation.
|
||||||
|
|
||||||
=head1 AUTHOR
|
== AUTHOR
|
||||||
|
|
||||||
B<W. Borgert> Author.
|
*W. Borgert* Author.
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
== COPYRIGHT
|
||||||
|
|
||||||
Copyright (C) 2003, 2005 W. Borger
|
Copyright (C) 2003, 2005 W. Borger
|
||||||
|
|
108
doc/idl2wrs.adoc
108
doc/idl2wrs.adoc
|
@ -1,51 +1,45 @@
|
||||||
=begin man
|
= idl2wrs(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
idl2wrs - CORBA IDL to Wireshark Plugin Generator
|
idl2wrs - CORBA IDL to Wireshark Plugin Generator
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<idl2wrs> E<lt>filenameE<gt>
|
*idl2wrs* <filename>
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<idl2wrs> is a program that takes a user specified B<CORBA IDL>
|
*idl2wrs* is a program that takes a user specified *CORBA IDL*
|
||||||
file and generates B<"C"> source code for a B<Wireshark> "plugin".
|
file and generates *"C"* source code for a *Wireshark* "plugin".
|
||||||
|
|
||||||
This resulting file can be compiled as a B<Wireshark> plugin, and
|
This resulting file can be compiled as a *Wireshark* plugin, and
|
||||||
used to monitor B<GIOP/IIOP> traffic that is using this IDL.
|
used to monitor *GIOP/IIOP* traffic that is using this IDL.
|
||||||
|
|
||||||
B<idl2wrs> is actually a shell script wrapper for two B<Python> programs.
|
*idl2wrs* is actually a shell script wrapper for two *Python* programs.
|
||||||
These programs are:
|
These programs are:
|
||||||
|
|
||||||
=over 4
|
* *wireshark_be.py*
|
||||||
|
|
||||||
=item * B<wireshark_be.py>
|
|
||||||
|
|
||||||
Contains the main IDL Visitor Class
|
Contains the main IDL Visitor Class
|
||||||
|
|
||||||
=item * B<wireshark_gen.py>
|
* *wireshark_gen.py*
|
||||||
|
|
||||||
Contains the Source Code Generator Class
|
Contains the Source Code Generator Class
|
||||||
|
|
||||||
=back
|
*idl2wrs* supports heuristic dissection of GIOP/IIOP traffic,
|
||||||
|
|
||||||
B<idl2wrs> supports heuristic dissection of GIOP/IIOP traffic,
|
|
||||||
and some experimental code for explicit dissection, based on
|
and some experimental code for explicit dissection, based on
|
||||||
Object Key <-> Repository Id mapping.
|
Object Key <-> Repository Id mapping.
|
||||||
However, code for heuristic based plugins is
|
However, code for heuristic based plugins is
|
||||||
generated by default, and users should consider this the preferred
|
generated by default, and users should consider this the preferred
|
||||||
method unless you have some namespace collisions.
|
method unless you have some namespace collisions.
|
||||||
|
|
||||||
|
== OPTIONS
|
||||||
|
|
||||||
=head1 OPTIONS
|
Currently there are no options. *idl2wrs* can be invoked as follows.
|
||||||
|
|
||||||
Currently there are no options. B<idl2wrs> can be invoked as follows.
|
|
||||||
|
|
||||||
1. To write the C code to stdout.
|
1. To write the C code to stdout.
|
||||||
|
|
||||||
|
@ -53,22 +47,18 @@ Currently there are no options. B<idl2wrs> can be invoked as follows.
|
||||||
|
|
||||||
eg: idl2wrs echo.idl
|
eg: idl2wrs echo.idl
|
||||||
|
|
||||||
|
|
||||||
2. To write to a file, just redirect the output.
|
2. To write to a file, just redirect the output.
|
||||||
|
|
||||||
idl2wrs echo.idl > packet-test.c
|
idl2wrs echo.idl > packet-test.c
|
||||||
|
|
||||||
|
== ENVIRONMENT
|
||||||
|
|
||||||
|
*idl2wrs* will look for *wireshark_be.py* and *wireshark_gen.py* in
|
||||||
|
*$PYTHONPATH/site-packages/* and if not found, will try the current
|
||||||
|
directory *./*
|
||||||
|
|
||||||
|
The *-p* option passed to omniidl (inside *idl2wrs*) indicates where
|
||||||
=head1 ENVIRONMENT
|
*wireshark_be.py* and *wireshark_gen.py* will be searched. This may
|
||||||
|
|
||||||
B<idl2wrs> will look for B<wireshark_be.py> and B<wireshark_gen.py> in
|
|
||||||
B<$PYTHONPATH/site-packages/> and if not found, will try the current
|
|
||||||
directory B<./>
|
|
||||||
|
|
||||||
The B<-p> option passed to omniidl (inside B<idl2wrs>) indicates where
|
|
||||||
B<wireshark_be.py> and B<wireshark_gen.py> will be searched. This may
|
|
||||||
need tweaking if you place these files somewhere else.
|
need tweaking if you place these files somewhere else.
|
||||||
|
|
||||||
If it complains about being unable to find some modules (eg tempfile.py),
|
If it complains about being unable to find some modules (eg tempfile.py),
|
||||||
|
@ -76,45 +66,35 @@ you may want to check if PYTHONPATH is set correctly.
|
||||||
|
|
||||||
eg: PYTHONPATH=/usr/lib/python1.5/
|
eg: PYTHONPATH=/usr/lib/python1.5/
|
||||||
|
|
||||||
|
== SEE ALSO
|
||||||
|
|
||||||
=head1 SEE ALSO
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1)
|
||||||
|
|
||||||
wireshark(1), tshark(1)
|
== NOTES
|
||||||
|
|
||||||
|
*idl2wrs* (including *wireshark_be.py* and *wireshark_gen.py*) are part of
|
||||||
|
the *Wireshark* distribution. The latest version of *Wireshark* can
|
||||||
|
be found at https://www.wireshark.org.
|
||||||
|
|
||||||
=head1 NOTES
|
*idl2wrs* uses *omniidl*, an IDL parser, and can be found at
|
||||||
|
http://omniorb.sourceforge.net/
|
||||||
|
|
||||||
B<idl2wrs> (including B<wireshark_be.py> and B<wireshark_gen.py>) are part of
|
== TODO
|
||||||
the B<Wireshark> distribution. The latest version of B<Wireshark> can
|
|
||||||
be found at L<https://www.wireshark.org>.
|
|
||||||
|
|
||||||
B<idl2wrs> uses B<omniidl>, an IDL parser, and can be found at
|
|
||||||
L<http://omniorb.sourceforge.net/>
|
|
||||||
|
|
||||||
=head1 TODO
|
|
||||||
|
|
||||||
Some of the more important things to do are:
|
Some of the more important things to do are:
|
||||||
|
|
||||||
=over 4
|
* Improve Explicit dissection code.
|
||||||
|
|
||||||
=item *
|
* Improve command line options.
|
||||||
Improve Explicit dissection code.
|
|
||||||
|
|
||||||
=item *
|
* Improve decode algorithm when we have operation name collision.
|
||||||
Improve command line options.
|
|
||||||
|
|
||||||
=item *
|
== AUTHORS
|
||||||
Improve decode algorithm when we have operation name collision.
|
|
||||||
|
|
||||||
=back
|
.Original Author
|
||||||
|
[%hardbreaks]
|
||||||
|
Frank Singleton <frank.singleton[AT]ericsson.com>
|
||||||
|
|
||||||
=head1 AUTHORS
|
.Contributors
|
||||||
|
[%hardbreaks]
|
||||||
Original Author
|
|
||||||
-------- ------
|
|
||||||
Frank Singleton <frank.singleton[AT]ericsson.com>
|
|
||||||
|
|
||||||
|
|
||||||
Contributors
|
|
||||||
------------
|
|
||||||
|
|
||||||
|
|
|
@ -1,55 +1,57 @@
|
||||||
=begin man
|
= mergecap(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
mergecap - Merges two or more capture files into one
|
mergecap - Merges two or more capture files into one
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<mergecap>
|
[manarg]
|
||||||
S<[ B<-a> ]>
|
*mergecap*
|
||||||
S<[ B<-F> E<lt>I<file format>E<gt> ]>
|
[ *-a* ]
|
||||||
S<[ B<-h> ]>
|
[ *-F* <__file format__> ]
|
||||||
S<[ B<-I> E<lt>I<IDB merge mode>E<gt> ]>
|
[ *-h* ]
|
||||||
S<[ B<-s> E<lt>I<snaplen>E<gt> ]>
|
[ *-I* <__IDB merge mode__> ]
|
||||||
S<[ B<-v> ]>
|
[ *-s* <__snaplen__> ]
|
||||||
S<[ B<-V> ]>
|
[ *-v* ]
|
||||||
S<B<-w> E<lt>I<outfile>E<gt>|->
|
[ *-V* ]
|
||||||
E<lt>I<infile>E<gt> [E<lt>I<infile>E<gt> I<...>]
|
*-w* <__outfile__>|-
|
||||||
|
<__infile__> [<__infile__> __...__]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Mergecap> is a program that combines multiple saved capture files into
|
*Mergecap* is a program that combines multiple saved capture files into
|
||||||
a single output file specified by the B<-w> argument. B<Mergecap> knows
|
a single output file specified by the *-w* argument. *Mergecap* knows
|
||||||
how to read B<pcap> and B<pcapng> capture files, including those of
|
how to read *pcap* and *pcapng* capture files, including those of
|
||||||
B<tcpdump>, B<Wireshark> and other tools that write captures in those
|
*tcpdump*, *Wireshark* and other tools that write captures in those
|
||||||
formats.
|
formats.
|
||||||
|
|
||||||
By default, B<Mergecap> writes the capture file in B<pcapng> format, and
|
By default, *Mergecap* writes the capture file in *pcapng* format, and
|
||||||
writes all of the packets from the input capture files to the output file.
|
writes all of the packets from the input capture files to the output file.
|
||||||
|
|
||||||
B<Mergecap> is able to detect, read and write the same capture files that
|
*Mergecap* is able to detect, read and write the same capture files that
|
||||||
are supported by B<Wireshark>.
|
are supported by *Wireshark*.
|
||||||
The input files don't need a specific filename extension; the file
|
The input files don't need a specific filename extension; the file
|
||||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||||
is a detailed description of the way B<Wireshark> handles this, which is
|
is a detailed description of the way *Wireshark* handles this, which is
|
||||||
the same way B<Mergecap> handles this.
|
the same way *Mergecap* handles this.
|
||||||
|
|
||||||
B<Mergecap> can write the file in several output formats.
|
*Mergecap* can write the file in several output formats.
|
||||||
The B<-F> flag can be used to specify the format in which to write the
|
The *-F* flag can be used to specify the format in which to write the
|
||||||
capture file, B<mergecap -F> provides a list of the available output
|
capture file, *mergecap -F* provides a list of the available output
|
||||||
formats.
|
formats.
|
||||||
|
|
||||||
Packets from the input files are merged in chronological order based on
|
Packets from the input files are merged in chronological order based on
|
||||||
each frame's timestamp, unless the B<-a> flag is specified. B<Mergecap>
|
each frame's timestamp, unless the *-a* flag is specified. *Mergecap*
|
||||||
assumes that frames within a single capture file are already stored in
|
assumes that frames within a single capture file are already stored in
|
||||||
chronological order. When the B<-a> flag is specified, packets are
|
chronological order. When the *-a* flag is specified, packets are
|
||||||
copied directly from each input file to the output file, independent of
|
copied directly from each input file to the output file, independent of
|
||||||
each frame's timestamp.
|
each frame's timestamp.
|
||||||
|
|
||||||
|
@ -57,37 +59,42 @@ The output file frame encapsulation type is set to the type of the input
|
||||||
files if all input files have the same type. If not all of the input
|
files if all input files have the same type. If not all of the input
|
||||||
files have the same frame encapsulation type, the output file type is
|
files have the same frame encapsulation type, the output file type is
|
||||||
set to WTAP_ENCAP_PER_PACKET. Note that some capture file formats, most
|
set to WTAP_ENCAP_PER_PACKET. Note that some capture file formats, most
|
||||||
notably B<pcap>, do not currently support WTAP_ENCAP_PER_PACKET.
|
notably *pcap*, do not currently support WTAP_ENCAP_PER_PACKET.
|
||||||
This combination will cause the output file creation to fail.
|
This combination will cause the output file creation to fail.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -a
|
|
||||||
|
|
||||||
|
-a::
|
||||||
|
+
|
||||||
|
--
|
||||||
Causes the frame timestamps to be ignored, writing all packets from the
|
Causes the frame timestamps to be ignored, writing all packets from the
|
||||||
first input file followed by all packets from the second input file. By
|
first input file followed by all packets from the second input file. By
|
||||||
default, when B<-a> is not specified, the contents of the input files
|
default, when *-a* is not specified, the contents of the input files
|
||||||
are merged in chronological order based on each frame's timestamp.
|
are merged in chronological order based on each frame's timestamp.
|
||||||
|
|
||||||
Note: when merging, B<mergecap> assumes that packets within a capture
|
Note: when merging, *mergecap* assumes that packets within a capture
|
||||||
file are already in chronological order.
|
file are already in chronological order.
|
||||||
|
--
|
||||||
|
|
||||||
=item -F E<lt>file formatE<gt>
|
-F <file format>::
|
||||||
|
+
|
||||||
Sets the file format of the output capture file. B<Mergecap> can write
|
--
|
||||||
the file in several formats; B<mergecap -F> provides a list of the
|
Sets the file format of the output capture file. *Mergecap* can write
|
||||||
available output formats. By default this is the B<pcapng> format.
|
the file in several formats; *mergecap -F* provides a list of the
|
||||||
|
available output formats. By default this is the *pcapng* format.
|
||||||
=item -h
|
--
|
||||||
|
|
||||||
|
-h::
|
||||||
|
+
|
||||||
|
--
|
||||||
Prints the version and options and exits.
|
Prints the version and options and exits.
|
||||||
|
--
|
||||||
|
|
||||||
=item -I E<lt>IDB merge modeE<gt>
|
-I <IDB merge mode>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the Interface Description Block (IDB) merge mode to use during merging.
|
Sets the Interface Description Block (IDB) merge mode to use during merging.
|
||||||
B<mergecap -I> provides a list of the available IDB merge modes.
|
*mergecap -I* provides a list of the available IDB merge modes.
|
||||||
|
|
||||||
Every input file has one or more IDBs, which describe the interface(s) the
|
Every input file has one or more IDBs, which describe the interface(s) the
|
||||||
capture was performed on originally. This includes encapsulation type,
|
capture was performed on originally. This includes encapsulation type,
|
||||||
|
@ -95,35 +102,25 @@ interface name, etc. When mergecap merges multiple input files, it has to
|
||||||
merge these IDBs somehow for the new merged output file. This flag controls
|
merge these IDBs somehow for the new merged output file. This flag controls
|
||||||
how that is accomplished. The currently available modes are:
|
how that is accomplished. The currently available modes are:
|
||||||
|
|
||||||
=over 4
|
*none*: No merging of IDBs is performed, and instead all IDBs are
|
||||||
|
|
||||||
B<none>: No merging of IDBs is performed, and instead all IDBs are
|
|
||||||
copied to the merged output file.
|
copied to the merged output file.
|
||||||
|
|
||||||
=back
|
*all*: IDBs are merged only if all input files have the same number
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
B<all>: IDBs are merged only if all input files have the same number
|
|
||||||
of IDBs, and each IDB matches their respective entry in the
|
of IDBs, and each IDB matches their respective entry in the
|
||||||
other files. This is the default mode.
|
other files. This is the default mode.
|
||||||
|
|
||||||
=back
|
*any*: Any and all duplicate IDBs are merged into one IDB, regardless
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
B<any>: Any and all duplicate IDBs are merged into one IDB, regardless
|
|
||||||
of what file they are in.
|
of what file they are in.
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
Note that an IDB is only considered a matching duplicate if it has the same
|
Note that an IDB is only considered a matching duplicate if it has the same
|
||||||
encapsulation type, name, speed, time precision, comments, description, etc.
|
encapsulation type, name, speed, time precision, comments, description, etc.
|
||||||
|
--
|
||||||
|
|
||||||
=item -s E<lt>snaplenE<gt>
|
-s <snaplen>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Sets the snapshot length to use when writing the data.
|
Sets the snapshot length to use when writing the data.
|
||||||
If the B<-s> flag is used to specify a snapshot length, frames in the
|
If the *-s* flag is used to specify a snapshot length, frames in the
|
||||||
input file with more captured data than the specified snapshot length
|
input file with more captured data than the specified snapshot length
|
||||||
will have only the amount of data specified by the snapshot length
|
will have only the amount of data specified by the snapshot length
|
||||||
written to the output file. This may be useful if the program that is
|
written to the output file. This may be useful if the program that is
|
||||||
|
@ -132,23 +129,28 @@ to read the output file cannot handle packets larger than a certain size
|
||||||
appear to reject Ethernet frames larger than the standard Ethernet MTU,
|
appear to reject Ethernet frames larger than the standard Ethernet MTU,
|
||||||
making them incapable of handling gigabit Ethernet captures if jumbo
|
making them incapable of handling gigabit Ethernet captures if jumbo
|
||||||
frames were used).
|
frames were used).
|
||||||
|
--
|
||||||
|
|
||||||
=item -v
|
-v::
|
||||||
|
+
|
||||||
Causes B<mergecap> to print a number of messages while it's working.
|
--
|
||||||
|
Causes *mergecap* to print a number of messages while it's working.
|
||||||
=item -V
|
--
|
||||||
|
|
||||||
|
-V::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and exit.
|
Print the version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=item -w E<lt>outfileE<gt>|-
|
-w <outfile>|-::
|
||||||
|
+
|
||||||
Sets the output filename. If the name is 'B<->', stdout will be used.
|
--
|
||||||
|
Sets the output filename. If the name is '*-*', stdout will be used.
|
||||||
This setting is mandatory.
|
This setting is mandatory.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To merge two capture files together into a third capture file, in which
|
To merge two capture files together into a third capture file, in which
|
||||||
the last packet of one file arrives 100 seconds before the first packet
|
the last packet of one file arrives 100 seconds before the first packet
|
||||||
|
@ -178,29 +180,28 @@ Then the final step would be to use :
|
||||||
|
|
||||||
to merge a.pcap and the shifted b.pcap into compare.pcap.
|
to merge a.pcap and the shifted b.pcap into compare.pcap.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), text2pcap(1),
|
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:editcap.html[editcap](1), xref:text2pcap.html[text2pcap](1),
|
||||||
pcap-filter(7) or tcpdump(8)
|
xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<Mergecap> is based heavily upon B<editcap> by Richard Sharpe
|
*Mergecap* is based heavily upon *editcap* by Richard Sharpe
|
||||||
<sharpe[AT]ns.aus.com> and Guy Harris <guy[AT]alum.mit.edu>.
|
<sharpe[AT]ns.aus.com> and Guy Harris <guy[AT]alum.mit.edu>.
|
||||||
|
|
||||||
B<Mergecap> is part of the B<Wireshark> distribution. The latest version
|
*Mergecap* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Scott Renfro <scott[AT]renfro.org>
|
Scott Renfro <scott[AT]renfro.org>
|
||||||
|
|
||||||
|
.Contributors
|
||||||
Contributors
|
[%hardbreaks]
|
||||||
------------
|
Bill Guyton <guyton[AT]bguyton.com>
|
||||||
Bill Guyton <guyton[AT]bguyton.com>
|
|
||||||
|
|
|
@ -1,23 +1,25 @@
|
||||||
=begin man
|
= mmdbresolve(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
mmdbresolve - Read IPv4 and IPv6 addresses and print their IP geolocation information.
|
mmdbresolve - Read IPv4 and IPv6 addresses and print their IP geolocation information.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<mmdbresolve>
|
[manarg]
|
||||||
S<B<-f E<lt>dbfileE<gt>>>
|
*mmdbresolve*
|
||||||
S<[ B<-f E<lt>dbfileE<gt>> ]>
|
*-f <dbfile>*
|
||||||
I<...>
|
[ *-f <dbfile>* ]
|
||||||
|
__...__
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<mmdbresolve> reads IPv4 and IPv6 addresses on stdin and prints their IP geolocation information
|
*mmdbresolve* reads IPv4 and IPv6 addresses on stdin and prints their IP geolocation information
|
||||||
on stdout. Each input line must contain exactly one address. Output is in INI format, with a section
|
on stdout. Each input line must contain exactly one address. Output is in INI format, with a section
|
||||||
delimiter named after the query address followed by a set of "key: value" pairs. A comment
|
delimiter named after the query address followed by a set of "key: value" pairs. A comment
|
||||||
beginning with "# End" is appended to each section.
|
beginning with "# End" is appended to each section.
|
||||||
|
@ -25,17 +27,15 @@ beginning with "# End" is appended to each section.
|
||||||
At startup an "[init]" section is printed that shows the status of each datbase and of mmdbresolve
|
At startup an "[init]" section is printed that shows the status of each datbase and of mmdbresolve
|
||||||
itself.
|
itself.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -f
|
|
||||||
|
|
||||||
|
-f::
|
||||||
|
+
|
||||||
|
--
|
||||||
Path to a MaxMind Database file. Multiple databases may be specified.
|
Path to a MaxMind Database file. Multiple databases may be specified.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To resolve a single address:
|
To resolve a single address:
|
||||||
|
|
||||||
|
@ -56,20 +56,20 @@ Example output:
|
||||||
location.longitude: -97.822000
|
location.longitude: -97.822000
|
||||||
# End 4.4.4.4
|
# End 4.4.4.4
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<mmdbresolve> is part of the B<Wireshark> distribution. The latest version
|
*mmdbresolve* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
---------------
|
[%hardbreaks]
|
||||||
Gerald Combs <gerald[AT]wireshark.org>
|
Gerald Combs <gerald[AT]wireshark.org>
|
||||||
|
|
|
@ -122,7 +122,7 @@ include::../docbook/attributes.adoc[]
|
||||||
continue
|
continue
|
||||||
|
|
||||||
# Inline unordered and ordered list items
|
# Inline unordered and ordered list items
|
||||||
item = re.match(r'=item\s*(\*\s+.*|\d+\.\s+.*)\s*$', podline)
|
item = re.match(r'=item\s*([-\*]\s+.*|\d+\.\s+.*)\s*$', podline)
|
||||||
if item:
|
if item:
|
||||||
adoc_body += f'{item.group(1)}'
|
adoc_body += f'{item.group(1)}'
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -1,63 +1,68 @@
|
||||||
=begin man
|
= randpkt(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
randpkt - Random packet generator
|
randpkt - Random packet generator
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<randpkt>
|
[manarg]
|
||||||
S<[ B<-b> E<lt>maxbytesE<gt> ]>
|
*randpkt*
|
||||||
S<[ B<-c> E<lt>countE<gt> ]>
|
[ *-b* <maxbytes> ]
|
||||||
S<[ B<-t> E<lt>typeE<gt> ]>
|
[ *-c* <count> ]
|
||||||
E<lt>filenameE<gt>
|
[ *-t* <type> ]
|
||||||
|
<filename>
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<randpkt> is a small utility that creates a B<pcap> trace file
|
*randpkt* is a small utility that creates a *pcap* trace file
|
||||||
full of random packets.
|
full of random packets.
|
||||||
|
|
||||||
By creating many randomized packets of a certain type, you can
|
By creating many randomized packets of a certain type, you can
|
||||||
test packet sniffers to see how well they handle malformed packets.
|
test packet sniffers to see how well they handle malformed packets.
|
||||||
The sniffer can never trust the data that it sees in the packet because
|
The sniffer can never trust the data that it sees in the packet because
|
||||||
you can always sniff a very bad packet that conforms to no standard.
|
you can always sniff a very bad packet that conforms to no standard.
|
||||||
B<randpkt> produces I<very bad> packets.
|
*randpkt* produces __very bad__ packets.
|
||||||
|
|
||||||
When creating packets of a certain type, B<randpkt> uses a sample
|
When creating packets of a certain type, *randpkt* uses a sample
|
||||||
packet that is stored internally to B<randpkt>. It uses this as the
|
packet that is stored internally to *randpkt*. It uses this as the
|
||||||
starting point for your random packets, and then adds extra random
|
starting point for your random packets, and then adds extra random
|
||||||
bytes to the end of this sample packet.
|
bytes to the end of this sample packet.
|
||||||
|
|
||||||
For example, if you choose to create random ARP packets, B<randpkt>
|
For example, if you choose to create random ARP packets, *randpkt*
|
||||||
will create a packet which contains a predetermined Ethernet II header,
|
will create a packet which contains a predetermined Ethernet II header,
|
||||||
with the Type field set to ARP. After the Ethernet II header, it will
|
with the Type field set to ARP. After the Ethernet II header, it will
|
||||||
put a random number of bytes with random values.
|
put a random number of bytes with random values.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -b E<lt>maxbytesE<gt>
|
|
||||||
|
|
||||||
|
-b <maxbytes>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Default 5000.
|
Default 5000.
|
||||||
|
|
||||||
Defines the maximum number of bytes added to the sample packet.
|
Defines the maximum number of bytes added to the sample packet.
|
||||||
If you choose a B<maxbytes> value that is less than the size of the
|
If you choose a *maxbytes* value that is less than the size of the
|
||||||
sample packet, then your packets would contain only the sample
|
sample packet, then your packets would contain only the sample
|
||||||
packet... not much variance there! B<randpkt> exits on that condition.
|
packet... not much variance there! *randpkt* exits on that condition.
|
||||||
|
--
|
||||||
=item -c E<lt>countE<gt>
|
|
||||||
|
|
||||||
|
-c <count>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Default 1000.
|
Default 1000.
|
||||||
|
|
||||||
Defines the number of packets to generate.
|
Defines the number of packets to generate.
|
||||||
|
--
|
||||||
|
|
||||||
=item -t E<lt>typeE<gt>
|
-t <type>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Default Ethernet II frame.
|
Default Ethernet II frame.
|
||||||
|
|
||||||
Defines the type of packet to generate:
|
Defines the type of packet to generate:
|
||||||
|
@ -85,10 +90,9 @@ Defines the type of packet to generate:
|
||||||
udp User Datagram Protocol
|
udp User Datagram Protocol
|
||||||
usb Universal Serial Bus
|
usb Universal Serial Bus
|
||||||
usb-linux Universal Serial Bus with Linux specific header
|
usb-linux Universal Serial Bus with Linux specific header
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see a description of the randpkt options use:
|
To see a description of the randpkt options use:
|
||||||
|
|
||||||
|
@ -102,6 +106,6 @@ To generate a small capture file with just a single LLC frame use:
|
||||||
|
|
||||||
randpkt -b 100 -c 1 -t llc single_llc.pcap
|
randpkt -b 100 -c 1 -t llc single_llc.pcap
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
pcap(3), editcap(1)
|
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:editcap.html[editcap](1)
|
||||||
|
|
|
@ -1,100 +1,126 @@
|
||||||
=begin man
|
= randpktdump(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
randpktdump - Provide an interface to generate random captures using randpkt
|
randpktdump - Provide an interface to generate random captures using randpkt
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<randpktdump>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*randpktdump*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--version* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--maxbytes>=E<lt>bytesE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
S<[ B<--count>=E<lt>numE<gt> ]>
|
[ *--maxbytes*=<bytes> ]
|
||||||
S<[ B<--delay>=E<lt>msE<gt> ]>
|
[ *--count*=<num> ]
|
||||||
S<[ B<--random-type>=E<lt>true|falseE<gt> ]>
|
[ *--delay*=<ms> ]
|
||||||
S<[ B<--all-random>=E<lt>true|falseE<gt> ]>
|
[ *--random-type*=<true|false> ]
|
||||||
S<[ B<--type>=E<lt>packet typeE<gt> ]>
|
[ *--all-random*=<true|false> ]
|
||||||
|
[ *--type*=<packet type> ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<randpktdump> is a extcap tool that provides access to the random
|
*randpktdump* is a extcap tool that provides access to the random
|
||||||
packet generator (randpkt). It is mainly used for testing and
|
packet generator (randpkt). It is mainly used for testing and
|
||||||
educational purpose.
|
educational purpose.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --maxbytes=E<lt>bytesE<gt>
|
--maxbytes=<bytes>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the max number of bytes per packet.
|
Set the max number of bytes per packet.
|
||||||
|
--
|
||||||
|
|
||||||
=item --count=E<lt>numE<gt>
|
--count=<num>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Number of packets to generate (-1 for infinite).
|
Number of packets to generate (-1 for infinite).
|
||||||
|
--
|
||||||
|
|
||||||
=item --delay=E<lt>msE<gt>
|
--delay=<ms>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Wait a number of milliseconds after writing each packet.
|
Wait a number of milliseconds after writing each packet.
|
||||||
|
--
|
||||||
|
|
||||||
=item --random-type
|
--random-type::
|
||||||
|
+
|
||||||
|
--
|
||||||
Choose a random packet type for all packets if set to true.
|
Choose a random packet type for all packets if set to true.
|
||||||
|
--
|
||||||
|
|
||||||
=item --all-random
|
--all-random::
|
||||||
|
+
|
||||||
|
--
|
||||||
Choose a different random packet type for each packet if set to true.
|
Choose a different random packet type for each packet if set to true.
|
||||||
|
--
|
||||||
|
|
||||||
=item --type=E<lt>packet typeE<gt>
|
--type=<packet type>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use the selected packet type. To list all the available packet type, run randpktdump --help.
|
Use the selected packet type. To list all the available packet type, run randpktdump --help.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -139,20 +165,20 @@ To capture:
|
||||||
|
|
||||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), randpkt(1)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:randpkt.html[randpkt](1)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<randpktdump> is part of the B<Wireshark> distribution. The latest version
|
*randpktdump* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
---------------
|
[%hardbreaks]
|
||||||
Dario Lombardo <lomato[AT]gmail.com>
|
Dario Lombardo <lomato[AT]gmail.com>
|
||||||
|
|
|
@ -1,47 +1,49 @@
|
||||||
=begin man
|
= rawshark(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
rawshark - Dump and analyze raw pcap data
|
rawshark - Dump and analyze raw pcap data
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<rawshark>
|
[manarg]
|
||||||
S<[ B<-d> E<lt>encap:linktypeE<gt>|E<lt>proto:protonameE<gt> ]>
|
*rawshark*
|
||||||
S<[ B<-F> E<lt>field to displayE<gt> ]>
|
[ *-d* <encap:linktype>|<proto:protoname> ]
|
||||||
S<[ B<-h> ]>
|
[ *-F* <field to display> ]
|
||||||
S<[ B<-l> ]>
|
[ *-h* ]
|
||||||
S<[ B<-m> E<lt>bytesE<gt> ]>
|
[ *-l* ]
|
||||||
S<[ B<-n> ]>
|
[ *-m* <bytes> ]
|
||||||
S<[ B<-N> E<lt>name resolving flagsE<gt> ]>
|
[ *-n* ]
|
||||||
S<[ B<-o> E<lt>preference settingE<gt> ] ...>
|
[ *-N* <name resolving flags> ]
|
||||||
S<[ B<-p> ]>
|
[ *-o* <preference setting> ] ...
|
||||||
S<[ B<-r> E<lt>pipeE<gt>|- ]>
|
[ *-p* ]
|
||||||
S<[ B<-R> E<lt>read (display) filterE<gt> ]>
|
[ *-r* <pipe>|- ]
|
||||||
S<[ B<-s> ]>
|
[ *-R* <read (display) filter> ]
|
||||||
S<[ B<-S> E<lt>field formatE<gt> ]>
|
[ *-s* ]
|
||||||
S<[ B<-t> a|ad|adoy|d|dd|e|r|u|ud|udoy ]>
|
[ *-S* <field format> ]
|
||||||
S<[ B<-v> ]>
|
[ *-t* a|ad|adoy|d|dd|e|r|u|ud|udoy ]
|
||||||
|
[ *-v* ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Rawshark> reads a stream of packets from a file or pipe, and prints a line
|
*Rawshark* reads a stream of packets from a file or pipe, and prints a line
|
||||||
describing its output, followed by a set of matching fields for each packet
|
describing its output, followed by a set of matching fields for each packet
|
||||||
on stdout.
|
on stdout.
|
||||||
|
|
||||||
=head1 INPUT
|
== INPUT
|
||||||
|
|
||||||
Unlike B<TShark>, B<Rawshark> makes no assumptions about encapsulation or
|
Unlike *TShark*, *Rawshark* makes no assumptions about encapsulation or
|
||||||
input. The B<-d> and B<-r> flags must be specified in order for it to run.
|
input. The *-d* and *-r* flags must be specified in order for it to run.
|
||||||
One or more B<-F> flags should be specified in order for the output to be
|
One or more *-F* flags should be specified in order for the output to be
|
||||||
useful. The other flags listed above follow the same conventions as
|
useful. The other flags listed above follow the same conventions as
|
||||||
B<Wireshark> and B<TShark>.
|
*Wireshark* and *TShark*.
|
||||||
|
|
||||||
B<Rawshark> expects input records with the following format by default. This
|
*Rawshark* expects input records with the following format by default. This
|
||||||
matches the format of the packet header and packet data in a pcap-formatted
|
matches the format of the packet header and packet data in a pcap-formatted
|
||||||
file on disk.
|
file on disk.
|
||||||
|
|
||||||
|
@ -53,15 +55,15 @@ file on disk.
|
||||||
uint8_t data[caplen]; /* Packet data */
|
uint8_t data[caplen]; /* Packet data */
|
||||||
};
|
};
|
||||||
|
|
||||||
If B<-p> is supplied B<rawshark> expects the following format. This
|
If *-p* is supplied *rawshark* expects the following format. This
|
||||||
matches the I<struct pcap_pkthdr> structure and packet data used in
|
matches the __struct pcap_pkthdr__ structure and packet data used in
|
||||||
libpcap, Npcap, or WinPcap. This structure's format is platform-dependent; the
|
libpcap, Npcap, or WinPcap. This structure's format is platform-dependent; the
|
||||||
size of the I<tv_sec> field in the I<struct timeval> structure could be
|
size of the __tv_sec__ field in the __struct timeval__ structure could be
|
||||||
32 bits or 64 bits. For B<rawshark> to work, the layout of the
|
32 bits or 64 bits. For *rawshark* to work, the layout of the
|
||||||
structure in the input must match the layout of the structure in
|
structure in the input must match the layout of the structure in
|
||||||
B<rawshark>. Note that this format will probably be the same as the
|
*rawshark*. Note that this format will probably be the same as the
|
||||||
previous format if B<rawshark> is a 32-bit program, but will not
|
previous format if *rawshark* is a 32-bit program, but will not
|
||||||
necessarily be the same if B<rawshark> is a 64-bit program.
|
necessarily be the same if *rawshark* is a 64-bit program.
|
||||||
|
|
||||||
struct rawshark_rec_s {
|
struct rawshark_rec_s {
|
||||||
struct timeval ts; /* Time stamp */
|
struct timeval ts; /* Time stamp */
|
||||||
|
@ -71,17 +73,17 @@ necessarily be the same if B<rawshark> is a 64-bit program.
|
||||||
};
|
};
|
||||||
|
|
||||||
In either case, the endianness (byte ordering) of each integer must match the
|
In either case, the endianness (byte ordering) of each integer must match the
|
||||||
system on which B<rawshark> is running.
|
system on which *rawshark* is running.
|
||||||
|
|
||||||
=head1 OUTPUT
|
== OUTPUT
|
||||||
|
|
||||||
If one or more fields are specified via the B<-F> flag, B<Rawshark> prints
|
If one or more fields are specified via the *-F* flag, *Rawshark* prints
|
||||||
the number, field type, and display format for each field on the first line
|
the number, field type, and display format for each field on the first line
|
||||||
as "packet number" 0. For each record, the packet number, matching fields,
|
as "packet number" 0. For each record, the packet number, matching fields,
|
||||||
and a "1" or "0" are printed to indicate if the field matched any supplied
|
and a "1" or "0" are printed to indicate if the field matched any supplied
|
||||||
display filter. A "-" is used to signal the end of a field description and
|
display filter. A "-" is used to signal the end of a field description and
|
||||||
at the end of each packet line. For example, the flags B<-F ip.src -F
|
at the end of each packet line. For example, the flags *-F ip.src -F
|
||||||
dns.qry.type> might generate the following output:
|
dns.qry.type* might generate the following output:
|
||||||
|
|
||||||
0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
|
0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
|
||||||
1 1="1" 0="192.168.77.10" 1 -
|
1 1="1" 0="192.168.77.10" 1 -
|
||||||
|
@ -89,7 +91,7 @@ dns.qry.type> might generate the following output:
|
||||||
3 0="192.168.77.10" 1 -
|
3 0="192.168.77.10" 1 -
|
||||||
4 0="74.125.19.104" 1 -
|
4 0="74.125.19.104" 1 -
|
||||||
|
|
||||||
Note that packets 1 and 2 are DNS queries, and 3 and 4 are not. Adding B<-R "not dns"> still prints each line, but there's an indication
|
Note that packets 1 and 2 are DNS queries, and 3 and 4 are not. Adding *-R "not dns"* still prints each line, but there's an indication
|
||||||
that packets 1 and 2 didn't pass the filter:
|
that packets 1 and 2 didn't pass the filter:
|
||||||
|
|
||||||
0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
|
0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
|
||||||
|
@ -101,234 +103,261 @@ that packets 1 and 2 didn't pass the filter:
|
||||||
Also note that the output may be in any order, and that multiple matching
|
Also note that the output may be in any order, and that multiple matching
|
||||||
fields might be displayed.
|
fields might be displayed.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -d E<lt>encapsulationE<gt>
|
|
||||||
|
|
||||||
|
-d <encapsulation>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Specify how the packet data should be dissected. The encapsulation is of the
|
Specify how the packet data should be dissected. The encapsulation is of the
|
||||||
form I<type:value>, where I<type> is one of:
|
form __type:value__, where __type__ is one of:
|
||||||
|
|
||||||
B<encap>:I<name> Packet data should be dissected using the
|
*encap*:__name__ Packet data should be dissected using the
|
||||||
libpcap/Npcap/WinPcap data link type (DLT) I<name>, e.g. B<encap:EN10MB> for
|
libpcap/Npcap/WinPcap data link type (DLT) __name__, e.g. *encap:EN10MB* for
|
||||||
Ethernet. Names are converted using pcap_datalink_name_to_val().
|
Ethernet. Names are converted using pcap_datalink_name_to_val().
|
||||||
A complete list of DLTs can be found at
|
A complete list of DLTs can be found at
|
||||||
L<https://www.tcpdump.org/linktypes.html>.
|
https://www.tcpdump.org/linktypes.html.
|
||||||
|
|
||||||
B<encap>:I<number> Packet data should be dissected using the
|
*encap*:__number__ Packet data should be dissected using the
|
||||||
libpcap/Npcap/WinPcap LINKTYPE_ I<number>, e.g. B<encap:105> for raw IEEE
|
libpcap/Npcap/WinPcap LINKTYPE_ __number__, e.g. *encap:105* for raw IEEE
|
||||||
802.11 or B<encap:101> for raw IP.
|
802.11 or *encap:101* for raw IP.
|
||||||
|
|
||||||
B<proto>:I<protocol> Packet data should be passed to the specified Wireshark
|
*proto*:__protocol__ Packet data should be passed to the specified Wireshark
|
||||||
protocol dissector, e.g. B<proto:http> for HTTP data.
|
protocol dissector, e.g. *proto:http* for HTTP data.
|
||||||
|
--
|
||||||
=item -F E<lt>field to displayE<gt>
|
|
||||||
|
|
||||||
|
-F <field to display>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Add the matching field to the output. Fields are any valid display filter
|
Add the matching field to the output. Fields are any valid display filter
|
||||||
field. More than one B<-F> flag may be specified, and each field can match
|
field. More than one *-F* flag may be specified, and each field can match
|
||||||
multiple times in a given packet. A single field may be specified per B<-F>
|
multiple times in a given packet. A single field may be specified per *-F*
|
||||||
flag. If you want to apply a display filter, use the B<-R> flag.
|
flag. If you want to apply a display filter, use the *-R* flag.
|
||||||
|
--
|
||||||
=item -h
|
|
||||||
|
|
||||||
|
-h::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and options and exits.
|
Print the version and options and exits.
|
||||||
|
--
|
||||||
|
|
||||||
=item -l
|
-l::
|
||||||
|
+
|
||||||
|
--
|
||||||
Flush the standard output after the information for each packet is
|
Flush the standard output after the information for each packet is
|
||||||
printed. (This is not, strictly speaking, line-buffered if B<-V>
|
printed. (This is not, strictly speaking, line-buffered if *-V*
|
||||||
was specified; however, it is the same as line-buffered if B<-V> wasn't
|
was specified; however, it is the same as line-buffered if *-V* wasn't
|
||||||
specified, as only one line is printed for each packet, and, as B<-l> is
|
specified, as only one line is printed for each packet, and, as *-l* is
|
||||||
normally used when piping a live capture to a program or script, so that
|
normally used when piping a live capture to a program or script, so that
|
||||||
output for a packet shows up as soon as the packet is seen and
|
output for a packet shows up as soon as the packet is seen and
|
||||||
dissected, it should work just as well as true line-buffering. We do
|
dissected, it should work just as well as true line-buffering. We do
|
||||||
this as a workaround for a deficiency in the Microsoft Visual C++ C
|
this as a workaround for a deficiency in the Microsoft Visual C++ C
|
||||||
library.)
|
library.)
|
||||||
|
|
||||||
This may be useful when piping the output of B<TShark> to another
|
This may be useful when piping the output of *TShark* to another
|
||||||
program, as it means that the program to which the output is piped will
|
program, as it means that the program to which the output is piped will
|
||||||
see the dissected data for a packet as soon as B<TShark> sees the
|
see the dissected data for a packet as soon as *TShark* sees the
|
||||||
packet and generates that output, rather than seeing it only when the
|
packet and generates that output, rather than seeing it only when the
|
||||||
standard output buffer containing that data fills up.
|
standard output buffer containing that data fills up.
|
||||||
|
--
|
||||||
|
|
||||||
=item -m E<lt>memory limit bytesE<gt>
|
-m <memory limit bytes>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Limit rawshark's memory usage to the specified number of bytes. POSIX
|
Limit rawshark's memory usage to the specified number of bytes. POSIX
|
||||||
(non-Windows) only.
|
(non-Windows) only.
|
||||||
|
--
|
||||||
|
|
||||||
=item -n
|
-n::
|
||||||
|
+
|
||||||
|
--
|
||||||
Disable network object name resolution (such as hostname, TCP and UDP port
|
Disable network object name resolution (such as hostname, TCP and UDP port
|
||||||
names), the B<-N> flag might override this one.
|
names), the *-N* flag might override this one.
|
||||||
|
--
|
||||||
=item -N E<lt>name resolving flagsE<gt>
|
|
||||||
|
|
||||||
|
-N <name resolving flags>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Turn on name resolving only for particular types of addresses and port
|
Turn on name resolving only for particular types of addresses and port
|
||||||
numbers, with name resolving for other types of addresses and port
|
numbers, with name resolving for other types of addresses and port
|
||||||
numbers turned off. This flag overrides B<-n> if both B<-N> and B<-n> are
|
numbers turned off. This flag overrides *-n* if both *-N* and *-n* are
|
||||||
present. If both B<-N> and B<-n> flags are not present, all name resolutions are
|
present. If both *-N* and *-n* flags are not present, all name resolutions are
|
||||||
turned on.
|
turned on.
|
||||||
|
|
||||||
The argument is a string that may contain the letters:
|
The argument is a string that may contain the letters:
|
||||||
|
|
||||||
B<m> to enable MAC address resolution
|
*m* to enable MAC address resolution
|
||||||
|
|
||||||
B<n> to enable network address resolution
|
*n* to enable network address resolution
|
||||||
|
|
||||||
B<N> to enable using external resolvers (e.g., DNS) for network address
|
*N* to enable using external resolvers (e.g., DNS) for network address
|
||||||
resolution
|
resolution
|
||||||
|
|
||||||
B<t> to enable transport-layer port number resolution
|
*t* to enable transport-layer port number resolution
|
||||||
|
|
||||||
B<d> to enable resolution from captured DNS packets
|
*d* to enable resolution from captured DNS packets
|
||||||
|
|
||||||
B<v> to enable VLAN IDs to names resolution
|
*v* to enable VLAN IDs to names resolution
|
||||||
|
--
|
||||||
=item -o E<lt>preferenceE<gt>:E<lt>valueE<gt>
|
|
||||||
|
|
||||||
|
-o <preference>:<value>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set a preference value, overriding the default value and any value read
|
Set a preference value, overriding the default value and any value read
|
||||||
from a preference file. The argument to the option is a string of the
|
from a preference file. The argument to the option is a string of the
|
||||||
form I<prefname:value>, where I<prefname> is the name of the
|
form __prefname:value__, where __prefname__ is the name of the
|
||||||
preference (which is the same name that would appear in the preference
|
preference (which is the same name that would appear in the preference
|
||||||
file), and I<value> is the value to which it should be set.
|
file), and __value__ is the value to which it should be set.
|
||||||
|
--
|
||||||
=item -p
|
|
||||||
|
|
||||||
|
-p::
|
||||||
|
+
|
||||||
|
--
|
||||||
Assume that packet data is preceded by a pcap_pkthdr struct as defined in
|
Assume that packet data is preceded by a pcap_pkthdr struct as defined in
|
||||||
pcap.h. On some systems the size of the timestamp data will be different from
|
pcap.h. On some systems the size of the timestamp data will be different from
|
||||||
the data written to disk. On other systems they are identical and this flag has
|
the data written to disk. On other systems they are identical and this flag has
|
||||||
no effect.
|
no effect.
|
||||||
|
--
|
||||||
|
|
||||||
=item -r E<lt>pipeE<gt>|-
|
-r <pipe>|-::
|
||||||
|
+
|
||||||
Read packet data from I<input source>. It can be either the name of a FIFO
|
--
|
||||||
|
Read packet data from __input source__. It can be either the name of a FIFO
|
||||||
(named pipe) or ``-'' to read data from the standard input, and must have
|
(named pipe) or ``-'' to read data from the standard input, and must have
|
||||||
the record format specified above.
|
the record format specified above.
|
||||||
|
|
||||||
If you are sending data to rawshark from a parent process on Windows you
|
If you are sending data to rawshark from a parent process on Windows you
|
||||||
should not close rawshark's standard input handle prematurely, otherwise
|
should not close rawshark's standard input handle prematurely, otherwise
|
||||||
the C runtime might trigger an exception.
|
the C runtime might trigger an exception.
|
||||||
|
--
|
||||||
|
|
||||||
=item -R E<lt>read (display) filterE<gt>
|
-R <read (display) filter>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Cause the specified filter (which uses the syntax of read/display filters,
|
Cause the specified filter (which uses the syntax of read/display filters,
|
||||||
rather than that of capture filters) to be applied before printing the output.
|
rather than that of capture filters) to be applied before printing the output.
|
||||||
|
--
|
||||||
|
|
||||||
=item -s
|
-s::
|
||||||
|
+
|
||||||
|
--
|
||||||
Allows standard pcap files to be used as input, by skipping over the 24
|
Allows standard pcap files to be used as input, by skipping over the 24
|
||||||
byte pcap file header.
|
byte pcap file header.
|
||||||
|
--
|
||||||
|
|
||||||
=item -S
|
-S::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use the specified format string to print each field. The following formats
|
Use the specified format string to print each field. The following formats
|
||||||
are supported:
|
are supported:
|
||||||
|
|
||||||
B<%D> Field name or description, e.g. "Type" for dns.qry.type
|
*%D* Field name or description, e.g. "Type" for dns.qry.type
|
||||||
|
|
||||||
B<%N> Base 10 numeric value of the field.
|
*%N* Base 10 numeric value of the field.
|
||||||
|
|
||||||
B<%S> String value of the field.
|
*%S* String value of the field.
|
||||||
|
|
||||||
For something similar to Wireshark's standard display ("Type: A (1)") you
|
For something similar to Wireshark's standard display ("Type: A (1)") you
|
||||||
could use B<%D: %S (%N)>.
|
could use *%D: %S (%N)*.
|
||||||
|
--
|
||||||
=item -t a|ad|adoy|d|dd|e|r|u|ud|udoy
|
|
||||||
|
|
||||||
|
-t a|ad|adoy|d|dd|e|r|u|ud|udoy::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the format of the packet timestamp printed in summary lines.
|
Set the format of the packet timestamp printed in summary lines.
|
||||||
The format can be one of:
|
The format can be one of:
|
||||||
|
|
||||||
B<a> absolute: The absolute time, as local time in your time zone,
|
*a* absolute: The absolute time, as local time in your time zone,
|
||||||
is the actual time the packet was captured, with no date displayed
|
is the actual time the packet was captured, with no date displayed
|
||||||
|
|
||||||
B<ad> absolute with date: The absolute date, displayed as YYYY-MM-DD,
|
*ad* absolute with date: The absolute date, displayed as YYYY-MM-DD,
|
||||||
and time, as local time in your time zone, is the actual time and date
|
and time, as local time in your time zone, is the actual time and date
|
||||||
the packet was captured
|
the packet was captured
|
||||||
|
|
||||||
B<adoy> absolute with date using day of year: The absolute date,
|
*adoy* absolute with date using day of year: The absolute date,
|
||||||
displayed as YYYY/DOY, and time, as local time in your time zone,
|
displayed as YYYY/DOY, and time, as local time in your time zone,
|
||||||
is the actual time and date the packet was captured
|
is the actual time and date the packet was captured
|
||||||
|
|
||||||
B<d> delta: The delta time is the time since the previous packet was
|
*d* delta: The delta time is the time since the previous packet was
|
||||||
captured
|
captured
|
||||||
|
|
||||||
B<dd> delta_displayed: The delta_displayed time is the time since the
|
*dd* delta_displayed: The delta_displayed time is the time since the
|
||||||
previous displayed packet was captured
|
previous displayed packet was captured
|
||||||
|
|
||||||
B<e> epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
|
*e* epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
|
||||||
|
|
||||||
B<r> relative: The relative time is the time elapsed between the first packet
|
*r* relative: The relative time is the time elapsed between the first packet
|
||||||
and the current packet
|
and the current packet
|
||||||
|
|
||||||
B<u> UTC: The absolute time, as UTC, is the actual time the packet was
|
*u* UTC: The absolute time, as UTC, is the actual time the packet was
|
||||||
captured, with no date displayed
|
captured, with no date displayed
|
||||||
|
|
||||||
B<ud> UTC with date: The absolute date, displayed as YYYY-MM-DD,
|
*ud* UTC with date: The absolute date, displayed as YYYY-MM-DD,
|
||||||
and time, as UTC, is the actual time and date the packet was captured
|
and time, as UTC, is the actual time and date the packet was captured
|
||||||
|
|
||||||
B<udoy> UTC with date using day of year: The absolute date, displayed
|
*udoy* UTC with date using day of year: The absolute date, displayed
|
||||||
as YYYY/DOY, and time, as UTC, is the actual time and date the packet
|
as YYYY/DOY, and time, as UTC, is the actual time and date the packet
|
||||||
was captured
|
was captured
|
||||||
|
|
||||||
The default format is relative.
|
The default format is relative.
|
||||||
|
--
|
||||||
|
|
||||||
=item -v
|
-v::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and exit.
|
Print the version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== READ FILTER SYNTAX
|
||||||
|
|
||||||
=head1 READ FILTER SYNTAX
|
|
||||||
|
|
||||||
For a complete table of protocol and protocol fields that are filterable
|
For a complete table of protocol and protocol fields that are filterable
|
||||||
in B<TShark> see the wireshark-filter(4) manual page.
|
in *TShark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
|
||||||
|
|
||||||
=head1 FILES
|
== FILES
|
||||||
|
|
||||||
These files contains various B<Wireshark> configuration values.
|
These files contains various *Wireshark* configuration values.
|
||||||
|
|
||||||
=over 4
|
Preferences::
|
||||||
|
+
|
||||||
=item Preferences
|
--
|
||||||
|
The __preferences__ files contain global (system-wide) and personal
|
||||||
The F<preferences> files contain global (system-wide) and personal
|
|
||||||
preference settings. If the system-wide preference file exists, it is
|
preference settings. If the system-wide preference file exists, it is
|
||||||
read first, overriding the default settings. If the personal preferences
|
read first, overriding the default settings. If the personal preferences
|
||||||
file exists, it is read next, overriding any previous values. Note: If
|
file exists, it is read next, overriding any previous values. Note: If
|
||||||
the command line option B<-o> is used (possibly more than once), it will
|
the command line option *-o* is used (possibly more than once), it will
|
||||||
in turn override values from the preferences files.
|
in turn override values from the preferences files.
|
||||||
|
|
||||||
The preferences settings are in the form I<prefname:value>,
|
The preferences settings are in the form __prefname:value__,
|
||||||
one per line,
|
one per line,
|
||||||
where I<prefname> is the name of the preference
|
where __prefname__ is the name of the preference
|
||||||
and I<value> is the value to
|
and __value__ is the value to
|
||||||
which it should be set; white space is allowed between B<:> and
|
which it should be set; white space is allowed between *:* and
|
||||||
I<value>. A preference setting can be continued on subsequent lines by
|
__value__. A preference setting can be continued on subsequent lines by
|
||||||
indenting the continuation lines with white space. A B<#> character
|
indenting the continuation lines with white space. A *#* character
|
||||||
starts a comment that runs to the end of the line:
|
starts a comment that runs to the end of the line:
|
||||||
|
|
||||||
# Capture in promiscuous mode?
|
# Capture in promiscuous mode?
|
||||||
# TRUE or FALSE (case-insensitive).
|
# TRUE or FALSE (case-insensitive).
|
||||||
capture.prom_mode: TRUE
|
capture.prom_mode: TRUE
|
||||||
|
|
||||||
The global preferences file is looked for in the F<wireshark> directory
|
The global preferences file is looked for in the __wireshark__ directory
|
||||||
under the F<share> subdirectory of the main installation directory (for
|
under the __share__ subdirectory of the main installation directory (for
|
||||||
example, F</usr/local/share/wireshark/preferences>) on UNIX-compatible
|
example, __/usr/local/share/wireshark/preferences__) on UNIX-compatible
|
||||||
systems, and in the main installation directory (for example,
|
systems, and in the main installation directory (for example,
|
||||||
F<C:\Program Files\Wireshark\preferences>) on Windows systems.
|
__C:\Program Files\Wireshark\preferences__) on Windows systems.
|
||||||
|
|
||||||
The personal preferences file is looked for in
|
The personal preferences file is looked for in
|
||||||
F<$XDG_CONFIG_HOME/wireshark/preferences>
|
__$XDG_CONFIG_HOME/wireshark/preferences__
|
||||||
(or, if F<$XDG_CONFIG_HOME/wireshark> does not exist while F<$HOME/.wireshark>
|
(or, if __$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
|
||||||
is present, F<$HOME/.wireshark/preferences>) on
|
is present, __$HOME/.wireshark/preferences__) on
|
||||||
UNIX-compatible systems and F<%APPDATA%\Wireshark\preferences> (or, if
|
UNIX-compatible systems and __%APPDATA%\Wireshark\preferences__ (or, if
|
||||||
%APPDATA% isn't defined, F<%USERPROFILE%\Application
|
%APPDATA% isn't defined, __%USERPROFILE%\Application
|
||||||
Data\Wireshark\preferences>) on Windows systems.
|
Data\Wireshark\preferences__) on Windows systems.
|
||||||
|
--
|
||||||
|
|
||||||
=item Disabled (Enabled) Protocols
|
Disabled (Enabled) Protocols::
|
||||||
|
+
|
||||||
The F<disabled_protos> files contain system-wide and personal lists of
|
--
|
||||||
|
The __disabled_protos__ files contain system-wide and personal lists of
|
||||||
protocols that have been disabled, so that their dissectors are never
|
protocols that have been disabled, so that their dissectors are never
|
||||||
called. The files contain protocol names, one per line, where the
|
called. The files contain protocol names, one per line, where the
|
||||||
protocol name is the same name that would be used in a display filter
|
protocol name is the same name that would be used in a display filter
|
||||||
|
@ -337,29 +366,33 @@ for the protocol:
|
||||||
http
|
http
|
||||||
tcp # a comment
|
tcp # a comment
|
||||||
|
|
||||||
The global F<disabled_protos> file uses the same directory as the global
|
The global __disabled_protos__ file uses the same directory as the global
|
||||||
preferences file.
|
preferences file.
|
||||||
|
|
||||||
The personal F<disabled_protos> file uses the same directory as the
|
The personal __disabled_protos__ file uses the same directory as the
|
||||||
personal preferences file.
|
personal preferences file.
|
||||||
|
--
|
||||||
|
|
||||||
=item Name Resolution (hosts)
|
Name Resolution (hosts)::
|
||||||
|
+
|
||||||
If the personal F<hosts> file exists, it is
|
--
|
||||||
|
If the personal __hosts__ file exists, it is
|
||||||
used to resolve IPv4 and IPv6 addresses before any other
|
used to resolve IPv4 and IPv6 addresses before any other
|
||||||
attempts are made to resolve them. The file has the standard F<hosts>
|
attempts are made to resolve them. The file has the standard __hosts__
|
||||||
file syntax; each line contains one IP address and name, separated by
|
file syntax; each line contains one IP address and name, separated by
|
||||||
whitespace. The same directory as for the personal preferences file is
|
whitespace. The same directory as for the personal preferences file is
|
||||||
used.
|
used.
|
||||||
|
|
||||||
Capture filter name resolution is handled by libpcap on UNIX-compatible
|
Capture filter name resolution is handled by libpcap on UNIX-compatible
|
||||||
systems and Npcap or WinPcap on Windows. As such the Wireshark personal
|
systems and Npcap or WinPcap on Windows. As such the Wireshark personal
|
||||||
F<hosts> file will not be consulted for capture filter name resolution.
|
__hosts__ file will not be consulted for capture filter name resolution.
|
||||||
|
--
|
||||||
=item Name Resolution (subnets)
|
|
||||||
|
|
||||||
|
Name Resolution (subnets)::
|
||||||
|
+
|
||||||
|
--
|
||||||
If an IPv4 address cannot be translated via name resolution (no exact
|
If an IPv4 address cannot be translated via name resolution (no exact
|
||||||
match is found) then a partial match is attempted via the F<subnets> file.
|
match is found) then a partial match is attempted via the __subnets__ file.
|
||||||
|
|
||||||
Each line of this file consists of an IPv4 address, a subnet mask length
|
Each line of this file consists of an IPv4 address, a subnet mask length
|
||||||
separated only by a / and a name separated by whitespace. While the address
|
separated only by a / and a name separated by whitespace. While the address
|
||||||
|
@ -375,40 +408,44 @@ A partially matched name will be printed as "subnet-name.remaining-address".
|
||||||
For example, "192.168.0.1" under the subnet above would be printed as
|
For example, "192.168.0.1" under the subnet above would be printed as
|
||||||
"ws_test_network.1"; if the mask length above had been 16 rather than 24, the
|
"ws_test_network.1"; if the mask length above had been 16 rather than 24, the
|
||||||
printed address would be ``ws_test_network.0.1".
|
printed address would be ``ws_test_network.0.1".
|
||||||
|
--
|
||||||
|
|
||||||
=item Name Resolution (ethers)
|
Name Resolution (ethers)::
|
||||||
|
+
|
||||||
The F<ethers> files are consulted to correlate 6-byte hardware addresses to
|
--
|
||||||
names. First the personal F<ethers> file is tried and if an address is not
|
The __ethers__ files are consulted to correlate 6-byte hardware addresses to
|
||||||
found there the global F<ethers> file is tried next.
|
names. First the personal __ethers__ file is tried and if an address is not
|
||||||
|
found there the global __ethers__ file is tried next.
|
||||||
|
|
||||||
Each line contains one hardware address and name, separated by
|
Each line contains one hardware address and name, separated by
|
||||||
whitespace. The digits of the hardware address are separated by colons
|
whitespace. The digits of the hardware address are separated by colons
|
||||||
(:), dashes (-) or periods (.). The same separator character must be
|
(:), dashes (-) or periods (.). The same separator character must be
|
||||||
used consistently in an address. The following three lines are valid
|
used consistently in an address. The following three lines are valid
|
||||||
lines of an F<ethers> file:
|
lines of an __ethers__ file:
|
||||||
|
|
||||||
ff:ff:ff:ff:ff:ff Broadcast
|
ff:ff:ff:ff:ff:ff Broadcast
|
||||||
c0-00-ff-ff-ff-ff TR_broadcast
|
c0-00-ff-ff-ff-ff TR_broadcast
|
||||||
00.00.00.00.00.00 Zero_broadcast
|
00.00.00.00.00.00 Zero_broadcast
|
||||||
|
|
||||||
The global F<ethers> file is looked for in the F</etc> directory on
|
The global __ethers__ file is looked for in the __/etc__ directory on
|
||||||
UNIX-compatible systems, and in the main installation directory (for
|
UNIX-compatible systems, and in the main installation directory (for
|
||||||
example, F<C:\Program Files\Wireshark>) on Windows systems.
|
example, __C:\Program Files\Wireshark__) on Windows systems.
|
||||||
|
|
||||||
The personal F<ethers> file is looked for in the same directory as the personal
|
The personal __ethers__ file is looked for in the same directory as the personal
|
||||||
preferences file.
|
preferences file.
|
||||||
|
|
||||||
Capture filter name resolution is handled by libpcap on UNIX-compatible
|
Capture filter name resolution is handled by libpcap on UNIX-compatible
|
||||||
systems and Npcap or WinPcap on Windows. As such the Wireshark personal
|
systems and Npcap or WinPcap on Windows. As such the Wireshark personal
|
||||||
F<ethers> file will not be consulted for capture filter name resolution.
|
__ethers__ file will not be consulted for capture filter name resolution.
|
||||||
|
--
|
||||||
|
|
||||||
=item Name Resolution (manuf)
|
Name Resolution (manuf)::
|
||||||
|
+
|
||||||
The F<manuf> file is used to match the 3-byte vendor portion of a 6-byte
|
--
|
||||||
|
The __manuf__ file is used to match the 3-byte vendor portion of a 6-byte
|
||||||
hardware address with the manufacturer's name; it can also contain well-known
|
hardware address with the manufacturer's name; it can also contain well-known
|
||||||
MAC addresses and address ranges specified with a netmask. The format of the
|
MAC addresses and address ranges specified with a netmask. The format of the
|
||||||
file is the same as the F<ethers> files, except that entries of the form:
|
file is the same as the __ethers__ files, except that entries of the form:
|
||||||
|
|
||||||
00:00:0C Cisco
|
00:00:0C Cisco
|
||||||
|
|
||||||
|
@ -423,14 +460,16 @@ significant bits, or 5 bytes, and would match addresses from
|
||||||
00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF. The mask need not be a
|
00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF. The mask need not be a
|
||||||
multiple of 8.
|
multiple of 8.
|
||||||
|
|
||||||
The F<manuf> file is looked for in the same directory as the global
|
The __manuf__ file is looked for in the same directory as the global
|
||||||
preferences file.
|
preferences file.
|
||||||
|
--
|
||||||
|
|
||||||
=item Name Resolution (services)
|
Name Resolution (services)::
|
||||||
|
+
|
||||||
|
--
|
||||||
|
The __services__ file is used to translate port numbers into names.
|
||||||
|
|
||||||
The F<services> file is used to translate port numbers into names.
|
The file has the standard __services__ file syntax; each line contains one
|
||||||
|
|
||||||
The file has the standard F<services> file syntax; each line contains one
|
|
||||||
(service) name and one transport identifier separated by white space. The
|
(service) name and one transport identifier separated by white space. The
|
||||||
transport identifier includes one port number and one transport protocol name
|
transport identifier includes one port number and one transport protocol name
|
||||||
(typically tcp, udp, or sctp) separated by a /.
|
(typically tcp, udp, or sctp) separated by a /.
|
||||||
|
@ -439,120 +478,133 @@ An example is:
|
||||||
|
|
||||||
mydns 5045/udp # My own Domain Name Server
|
mydns 5045/udp # My own Domain Name Server
|
||||||
mydns 5045/tcp # My own Domain Name Server
|
mydns 5045/tcp # My own Domain Name Server
|
||||||
|
--
|
||||||
|
|
||||||
=item Name Resolution (ipxnets)
|
Name Resolution (ipxnets)::
|
||||||
|
+
|
||||||
The F<ipxnets> files are used to correlate 4-byte IPX network numbers to
|
--
|
||||||
names. First the global F<ipxnets> file is tried and if that address is not
|
The __ipxnets__ files are used to correlate 4-byte IPX network numbers to
|
||||||
|
names. First the global __ipxnets__ file is tried and if that address is not
|
||||||
found there the personal one is tried next.
|
found there the personal one is tried next.
|
||||||
|
|
||||||
The format is the same as the F<ethers>
|
The format is the same as the __ethers__
|
||||||
file, except that each address is four bytes instead of six.
|
file, except that each address is four bytes instead of six.
|
||||||
Additionally, the address can be represented as a single hexadecimal
|
Additionally, the address can be represented as a single hexadecimal
|
||||||
number, as is more common in the IPX world, rather than four hex octets.
|
number, as is more common in the IPX world, rather than four hex octets.
|
||||||
For example, these four lines are valid lines of an F<ipxnets> file:
|
For example, these four lines are valid lines of an __ipxnets__ file:
|
||||||
|
|
||||||
C0.A8.2C.00 HR
|
C0.A8.2C.00 HR
|
||||||
c0-a8-1c-00 CEO
|
c0-a8-1c-00 CEO
|
||||||
00:00:BE:EF IT_Server1
|
00:00:BE:EF IT_Server1
|
||||||
110f FileServer3
|
110f FileServer3
|
||||||
|
|
||||||
The global F<ipxnets> file is looked for in the F</etc> directory on
|
The global __ipxnets__ file is looked for in the __/etc__ directory on
|
||||||
UNIX-compatible systems, and in the main installation directory (for
|
UNIX-compatible systems, and in the main installation directory (for
|
||||||
example, F<C:\Program Files\Wireshark>) on Windows systems.
|
example, __C:\Program Files\Wireshark__) on Windows systems.
|
||||||
|
|
||||||
The personal F<ipxnets> file is looked for in the same directory as the
|
The personal __ipxnets__ file is looked for in the same directory as the
|
||||||
personal preferences file.
|
personal preferences file.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== ENVIRONMENT VARIABLES
|
||||||
|
|
||||||
=head1 ENVIRONMENT VARIABLES
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item WIRESHARK_CONFIG_DIR
|
|
||||||
|
|
||||||
|
WIRESHARK_CONFIG_DIR::
|
||||||
|
+
|
||||||
|
--
|
||||||
This environment variable overrides the location of personal configuration
|
This environment variable overrides the location of personal configuration
|
||||||
files. It defaults to F<$XDG_CONFIG_HOME/wireshark> (or F<$HOME/.wireshark> if
|
files. It defaults to __$XDG_CONFIG_HOME/wireshark__ (or __$HOME/.wireshark__ if
|
||||||
the former is missing while the latter exists). On Windows,
|
the former is missing while the latter exists). On Windows,
|
||||||
F<%APPDATA%\Wireshark> is used instead. Available since Wireshark 3.0.
|
__%APPDATA%\Wireshark__ is used instead. Available since Wireshark 3.0.
|
||||||
|
--
|
||||||
=item WIRESHARK_DEBUG_WMEM_OVERRIDE
|
|
||||||
|
|
||||||
|
WIRESHARK_DEBUG_WMEM_OVERRIDE::
|
||||||
|
+
|
||||||
|
--
|
||||||
Setting this environment variable forces the wmem framework to use the
|
Setting this environment variable forces the wmem framework to use the
|
||||||
specified allocator backend for *all* allocations, regardless of which
|
specified allocator backend for *all* allocations, regardless of which
|
||||||
backend is normally specified by the code. This is mainly useful to developers
|
backend is normally specified by the code. This is mainly useful to developers
|
||||||
when testing or debugging. See I<README.wmem> in the source distribution for
|
when testing or debugging. See __README.wmem__ in the source distribution for
|
||||||
details.
|
details.
|
||||||
|
--
|
||||||
|
|
||||||
=item WIRESHARK_RUN_FROM_BUILD_DIRECTORY
|
WIRESHARK_RUN_FROM_BUILD_DIRECTORY::
|
||||||
|
+
|
||||||
|
--
|
||||||
This environment variable causes the plugins and other data files to be loaded
|
This environment variable causes the plugins and other data files to be loaded
|
||||||
from the build directory (where the program was compiled) rather than from the
|
from the build directory (where the program was compiled) rather than from the
|
||||||
standard locations. It has no effect when the program in question is running
|
standard locations. It has no effect when the program in question is running
|
||||||
with root (or setuid) permissions on *NIX.
|
with root (or setuid) permissions on *NIX.
|
||||||
|
--
|
||||||
|
|
||||||
=item WIRESHARK_DATA_DIR
|
WIRESHARK_DATA_DIR::
|
||||||
|
+
|
||||||
|
--
|
||||||
This environment variable causes the various data files to be loaded from
|
This environment variable causes the various data files to be loaded from
|
||||||
a directory other than the standard locations. It has no effect when the
|
a directory other than the standard locations. It has no effect when the
|
||||||
program in question is running with root (or setuid) permissions on *NIX.
|
program in question is running with root (or setuid) permissions on *NIX.
|
||||||
|
--
|
||||||
|
|
||||||
=item ERF_RECORDS_TO_CHECK
|
ERF_RECORDS_TO_CHECK::
|
||||||
|
+
|
||||||
|
--
|
||||||
This environment variable controls the number of ERF records checked when
|
This environment variable controls the number of ERF records checked when
|
||||||
deciding if a file really is in the ERF format. Setting this environment
|
deciding if a file really is in the ERF format. Setting this environment
|
||||||
variable a number higher than the default (20) would make false positives
|
variable a number higher than the default (20) would make false positives
|
||||||
less likely.
|
less likely.
|
||||||
|
--
|
||||||
|
|
||||||
=item IPFIX_RECORDS_TO_CHECK
|
IPFIX_RECORDS_TO_CHECK::
|
||||||
|
+
|
||||||
|
--
|
||||||
This environment variable controls the number of IPFIX records checked when
|
This environment variable controls the number of IPFIX records checked when
|
||||||
deciding if a file really is in the IPFIX format. Setting this environment
|
deciding if a file really is in the IPFIX format. Setting this environment
|
||||||
variable a number higher than the default (20) would make false positives
|
variable a number higher than the default (20) would make false positives
|
||||||
less likely.
|
less likely.
|
||||||
|
--
|
||||||
|
|
||||||
=item WIRESHARK_ABORT_ON_DISSECTOR_BUG
|
WIRESHARK_ABORT_ON_DISSECTOR_BUG::
|
||||||
|
+
|
||||||
If this environment variable is set, B<Rawshark> will call abort(3)
|
--
|
||||||
|
If this environment variable is set, *Rawshark* will call abort(3)
|
||||||
when a dissector bug is encountered. abort(3) will cause the program to
|
when a dissector bug is encountered. abort(3) will cause the program to
|
||||||
exit abnormally; if you are running B<Rawshark> in a debugger, it
|
exit abnormally; if you are running *Rawshark* in a debugger, it
|
||||||
should halt in the debugger and allow inspection of the process, and, if
|
should halt in the debugger and allow inspection of the process, and, if
|
||||||
you are not running it in a debugger, it will, on some OSes, assuming
|
you are not running it in a debugger, it will, on some OSes, assuming
|
||||||
your environment is configured correctly, generate a core dump file.
|
your environment is configured correctly, generate a core dump file.
|
||||||
This can be useful to developers attempting to troubleshoot a problem
|
This can be useful to developers attempting to troubleshoot a problem
|
||||||
with a protocol dissector.
|
with a protocol dissector.
|
||||||
|
--
|
||||||
|
|
||||||
=item WIRESHARK_ABORT_ON_TOO_MANY_ITEMS
|
WIRESHARK_ABORT_ON_TOO_MANY_ITEMS::
|
||||||
|
+
|
||||||
If this environment variable is set, B<Rawshark> will call abort(3)
|
--
|
||||||
|
If this environment variable is set, *Rawshark* will call abort(3)
|
||||||
if a dissector tries to add too many items to a tree (generally this
|
if a dissector tries to add too many items to a tree (generally this
|
||||||
is an indication of the dissector not breaking out of a loop soon enough).
|
is an indication of the dissector not breaking out of a loop soon enough).
|
||||||
abort(3) will cause the program to exit abnormally; if you are running
|
abort(3) will cause the program to exit abnormally; if you are running
|
||||||
B<Rawshark> in a debugger, it should halt in the debugger and allow
|
*Rawshark* in a debugger, it should halt in the debugger and allow
|
||||||
inspection of the process, and, if you are not running it in a debugger,
|
inspection of the process, and, if you are not running it in a debugger,
|
||||||
it will, on some OSes, assuming your environment is configured correctly,
|
it will, on some OSes, assuming your environment is configured correctly,
|
||||||
generate a core dump file. This can be useful to developers attempting to
|
generate a core dump file. This can be useful to developers attempting to
|
||||||
troubleshoot a problem with a protocol dissector.
|
troubleshoot a problem with a protocol dissector.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== SEE ALSO
|
||||||
|
|
||||||
=head1 SEE ALSO
|
xref:wireshark-filter.html[wireshark-filter](4), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:dumpcap.html[dumpcap](1),
|
||||||
|
xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
wireshark-filter(4), wireshark(1), tshark(1), editcap(1), pcap(3), dumpcap(1),
|
== NOTES
|
||||||
text2pcap(1), pcap-filter(7) or tcpdump(8)
|
|
||||||
|
|
||||||
=head1 NOTES
|
*Rawshark* is part of the *Wireshark* distribution. The latest version of
|
||||||
|
*Wireshark* can be found at https://www.wireshark.org.
|
||||||
B<Rawshark> is part of the B<Wireshark> distribution. The latest version of
|
|
||||||
B<Wireshark> can be found at L<https://www.wireshark.org>.
|
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
B<Rawshark> uses the same packet dissection code that B<Wireshark> does, as
|
*Rawshark* uses the same packet dissection code that *Wireshark* does, as
|
||||||
well as using many other modules from B<Wireshark>; see the list of authors
|
well as using many other modules from *Wireshark*; see the list of authors
|
||||||
in the B<Wireshark> man page for a list of authors of that code.
|
in the *Wireshark* man page for a list of authors of that code.
|
||||||
|
|
||||||
|
|
|
@ -1,23 +1,25 @@
|
||||||
=begin man
|
= reordercap(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
reordercap - Reorder input file by timestamp into output file
|
reordercap - Reorder input file by timestamp into output file
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<reordercap>
|
[manarg]
|
||||||
S<[ B<-n> ]>
|
*reordercap*
|
||||||
S<[ B<-v> ]>
|
[ *-n* ]
|
||||||
E<lt>I<infile>E<gt> E<lt>I<outfile>E<gt>
|
[ *-v* ]
|
||||||
|
<__infile__> <__outfile__>
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Reordercap> is a program that reads an input capture file and rewrites the
|
*Reordercap* is a program that reads an input capture file and rewrites the
|
||||||
frames to an output capture file, but with the frames sorted by increasing
|
frames to an output capture file, but with the frames sorted by increasing
|
||||||
timestamp.
|
timestamp.
|
||||||
|
|
||||||
|
@ -25,52 +27,52 @@ This functionality may be useful when capture files have been created by
|
||||||
combining frames from more than one well-synchronised source, but the
|
combining frames from more than one well-synchronised source, but the
|
||||||
frames have not been combined in strict time order.
|
frames have not been combined in strict time order.
|
||||||
|
|
||||||
B<Reordercap> writes the output capture file in the same format as the input
|
*Reordercap* writes the output capture file in the same format as the input
|
||||||
capture file.
|
capture file.
|
||||||
|
|
||||||
B<Reordercap> is able to detect, read and write the same capture files that
|
*Reordercap* is able to detect, read and write the same capture files that
|
||||||
are supported by B<Wireshark>.
|
are supported by *Wireshark*.
|
||||||
The input file doesn't need a specific filename extension; the file
|
The input file doesn't need a specific filename extension; the file
|
||||||
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
format and an optional gzip, zstd or lz4 compression will be automatically detected.
|
||||||
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
|
||||||
L<https://www.wireshark.org/docs/man-pages/wireshark.html>
|
https://www.wireshark.org/docs/man-pages/wireshark.html
|
||||||
is a detailed description of the way B<Wireshark> handles this, which is
|
is a detailed description of the way *Wireshark* handles this, which is
|
||||||
the same way B<reordercap> handles this.
|
the same way *reordercap* handles this.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
-n::
|
||||||
|
+
|
||||||
=item -n
|
--
|
||||||
|
When the *-n* option is used, *reordercap* will not write out the output
|
||||||
When the B<-n> option is used, B<reordercap> will not write out the output
|
|
||||||
file if it finds that the input file is already in order.
|
file if it finds that the input file is already in order.
|
||||||
|
--
|
||||||
|
|
||||||
=item -v
|
-v::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and exit.
|
Print the version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== SEE ALSO
|
||||||
|
|
||||||
=head1 SEE ALSO
|
xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:editcap.html[editcap](1), xref:mergecap.html[mergecap](1),
|
||||||
|
xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), mergecap(1),
|
== NOTES
|
||||||
text2pcap(1), pcap-filter(7) or tcpdump(8)
|
|
||||||
|
|
||||||
=head1 NOTES
|
*Reordercap* is part of the *Wireshark* distribution. The latest version
|
||||||
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
B<Reordercap> is part of the B<Wireshark> distribution. The latest version
|
It may make sense to move this functionality into *editcap*, or perhaps
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
*mergecap*, in which case *reordercap* could be retired.
|
||||||
|
|
||||||
It may make sense to move this functionality into B<editcap>, or perhaps
|
|
||||||
B<mergecap>, in which case B<reordercap> could be retired.
|
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Martin Mathieson <martin.r.mathieson[AT]googlemail.com>
|
Martin Mathieson <martin.r.mathieson[AT]googlemail.com>
|
||||||
|
|
||||||
|
|
|
@ -1,87 +1,99 @@
|
||||||
=begin man
|
= sdjournal(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
sdjournal - Provide an interface to capture systemd journal entries.
|
sdjournal - Provide an interface to capture systemd journal entries.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<sdjournal>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*sdjournal*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--version* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--start-from>=E<lt>entry countE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
|
[ *--start-from*=<entry count> ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<sdjournal> is an extcap tool that allows one to capture systemd
|
*sdjournal* is an extcap tool that allows one to capture systemd
|
||||||
journal entries. It can be used to correlate system events with
|
journal entries. It can be used to correlate system events with
|
||||||
network traffic.
|
network traffic.
|
||||||
|
|
||||||
Supported interfaces:
|
Supported interfaces:
|
||||||
|
|
||||||
=over 4
|
1. sdjournal
|
||||||
|
|
||||||
=item 1. sdjournal
|
== OPTIONS
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface and write raw packet data to the location specified by --fifo.
|
Start capturing from specified interface and write raw packet data to the location specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --start-from=E<lt>entry countE<gt>
|
--start-from=<entry count>::
|
||||||
|
+
|
||||||
Start from the last E<lt>entry countE<gt> entries, similar to the
|
--
|
||||||
"-n" or "--lines" argument for the L<tail(1)> command. Values prefixed
|
Start from the last <entry count> entries, similar to the
|
||||||
with a B<+> sign start from the beginning of the journal, otherwise
|
"-n" or "--lines" argument for the tail(1) command. Values prefixed
|
||||||
|
with a *+* sign start from the beginning of the journal, otherwise
|
||||||
the count starts from the end. The default value is 10. To include
|
the count starts from the end. The default value is 10. To include
|
||||||
all entries use B<+0>.
|
all entries use *+0*.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -126,20 +138,20 @@ To capture all entries since the system was booted:
|
||||||
|
|
||||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<sdjournal> is part of the B<Wireshark> distribution. The latest version
|
*sdjournal* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Gerald Combs <gerald[AT]wireshark.org>
|
Gerald Combs <gerald[AT]wireshark.org>
|
||||||
|
|
234
doc/sshdump.adoc
234
doc/sshdump.adoc
|
@ -1,58 +1,64 @@
|
||||||
=begin man
|
= sshdump(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.
|
sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<sshdump>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*sshdump*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--version* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-capture-filter*=<capture filter> ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
|
[ *--remote-host*=<IP address> ]
|
||||||
S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
|
[ *--remote-port*=<TCP port> ]
|
||||||
S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
|
[ *--remote-username*=<username> ]
|
||||||
S<[ B<--sshkey>=E<lt>public key pathE<gt> ]>
|
[ *--remote-password*=<password> ]
|
||||||
S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
|
[ *--sshkey*=<public key path> ]
|
||||||
S<[ B<--remote-capture-command>=E<lt>capture commandE<gt> ]>
|
[ *--remote-interface*=<interface> ]
|
||||||
S<[ B<--remote-sudo> ]>
|
[ *--remote-capture-command*=<capture command> ]
|
||||||
|
[ *--remote-sudo* ]
|
||||||
|
|
||||||
B<sshdump>
|
[manarg]
|
||||||
S<B<--extcap-interfaces>>
|
*sshdump*
|
||||||
|
*--extcap-interfaces*
|
||||||
|
|
||||||
B<sshdump>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*sshdump*
|
||||||
S<B<--extcap-dlts>>
|
*--extcap-interface*=<interface>
|
||||||
|
*--extcap-dlts*
|
||||||
|
|
||||||
B<sshdump>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*sshdump*
|
||||||
S<B<--extcap-config>>
|
*--extcap-interface*=<interface>
|
||||||
|
*--extcap-config*
|
||||||
|
|
||||||
B<sshdump>
|
[manarg]
|
||||||
S<B<--extcap-interface>=E<lt>interfaceE<gt>>
|
*sshdump*
|
||||||
S<B<--fifo>=E<lt>path to file or pipeE<gt>>
|
*--extcap-interface*=<interface>
|
||||||
S<B<--capture>>
|
*--fifo*=<path to file or pipe>
|
||||||
S<B<--remote-host=myremotehost>>
|
*--capture*
|
||||||
S<B<--remote-port=22>>
|
*--remote-host=myremotehost*
|
||||||
S<B<--remote-username=user>>
|
*--remote-port=22*
|
||||||
S<B<--remote-interface=eth2>>
|
*--remote-username=user*
|
||||||
S<B<--remote-capture-command='tcpdump -U -i eth0 -w-'>>
|
*--remote-interface=eth2*
|
||||||
|
*--remote-capture-command='tcpdump -U -i eth0 -w-'*
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Sshdump> is an extcap tool that allows one to run a remote capture
|
*Sshdump* is an extcap tool that allows one to run a remote capture
|
||||||
tool over a SSH connection. The requirement is that the capture
|
tool over a SSH connection. The requirement is that the capture
|
||||||
executable must have the capabilities to capture from the wanted
|
executable must have the capabilities to capture from the wanted
|
||||||
interface.
|
interface.
|
||||||
|
@ -69,7 +75,7 @@ The feature is functionally equivalent to run commands like
|
||||||
|
|
||||||
Typically sshdump is not invoked directly. Instead it can be configured through
|
Typically sshdump is not invoked directly. Instead it can be configured through
|
||||||
the Wireshark graphical user interface or its command line. The following will
|
the Wireshark graphical user interface or its command line. The following will
|
||||||
start Wireshark and start capturing from host B<remotehost>:
|
start Wireshark and start capturing from host *remotehost*:
|
||||||
|
|
||||||
$ wireshark '-oextcap.sshdump.remotehost:"remotehost"' -i sshdump -k
|
$ wireshark '-oextcap.sshdump.remotehost:"remotehost"' -i sshdump -k
|
||||||
|
|
||||||
|
@ -81,96 +87,120 @@ To explicitly control the remote capture command:
|
||||||
|
|
||||||
Supported interfaces:
|
Supported interfaces:
|
||||||
|
|
||||||
=over 4
|
1. ssh
|
||||||
|
|
||||||
=item 1. ssh
|
== OPTIONS
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface and write raw packet data to the location specified by --fifo.
|
Start capturing from specified interface and write raw packet data to the location specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-host=E<lt>remote hostE<gt>
|
--remote-host=<remote host>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The address of the remote host for capture.
|
The address of the remote host for capture.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-port=E<lt>remote portE<gt>
|
--remote-port=<remote port>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The SSH port of the remote host.
|
The SSH port of the remote host.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-username=E<lt>usernameE<gt>
|
--remote-username=<username>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The username for ssh authentication.
|
The username for ssh authentication.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-password=E<lt>passwordE<gt>
|
--remote-password=<password>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The password to use (if not ssh-agent and pubkey are used). WARNING: the
|
The password to use (if not ssh-agent and pubkey are used). WARNING: the
|
||||||
passwords are stored in plaintext and visible to all users on this system. It is
|
passwords are stored in plaintext and visible to all users on this system. It is
|
||||||
recommended to use keyfiles with a SSH agent.
|
recommended to use keyfiles with a SSH agent.
|
||||||
|
--
|
||||||
|
|
||||||
=item --sshkey=E<lt>SSH private key pathE<gt>
|
--sshkey=<SSH private key path>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The path to a private key for authentication.
|
The path to a private key for authentication.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-interface=E<lt>remote interfaceE<gt>
|
--remote-interface=<remote interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
The remote network interface to capture from.
|
The remote network interface to capture from.
|
||||||
|
--
|
||||||
|
|
||||||
=item --remote-capture-command=E<lt>capture commandE<gt>
|
--remote-capture-command=<capture command>::
|
||||||
|
+
|
||||||
|
--
|
||||||
A custom remote capture command that produces the remote stream that is shown in Wireshark.
|
A custom remote capture command that produces the remote stream that is shown in Wireshark.
|
||||||
The command must be able to produce a PCAP stream written to STDOUT. See below for more
|
The command must be able to produce a PCAP stream written to STDOUT. See below for more
|
||||||
examples.
|
examples.
|
||||||
|
|
||||||
If using tcpdump, use the B<-w-> option to ensure that packets are written to
|
If using tcpdump, use the *-w-* option to ensure that packets are written to
|
||||||
standard output (stdout). Include the B<-U> option to write packets as soon as
|
standard output (stdout). Include the *-U* option to write packets as soon as
|
||||||
they are received.
|
they are received.
|
||||||
|
|
||||||
When specified, this command will be used as is, options such as the capture
|
When specified, this command will be used as is, options such as the capture
|
||||||
filter (B<--extcap-capture-filter>) will not be appended.
|
filter (*--extcap-capture-filter*) will not be appended.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-capture-filter=E<lt>capture filterE<gt>
|
--extcap-capture-filter=<capture filter>::
|
||||||
|
+
|
||||||
The capture filter. It corresponds to the value provided via the B<tshark -f>
|
--
|
||||||
|
The capture filter. It corresponds to the value provided via the *tshark -f*
|
||||||
option, and the Capture Filter field next to the interfaces list in the
|
option, and the Capture Filter field next to the interfaces list in the
|
||||||
Wireshark interface.
|
Wireshark interface.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -253,20 +283,20 @@ to show up twice in wireshark (for instance to handle multiple profiles), we can
|
||||||
sshdump-host1 and sshdump-host2. Each binary will show up an interface name same as the executable
|
sshdump-host1 and sshdump-host2. Each binary will show up an interface name same as the executable
|
||||||
name. Those executables not being "sshdump" will show up as "custom version" in the interface description.
|
name. Those executables not being "sshdump" will show up as "custom version" in the interface description.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<Sshdump> is part of the B<Wireshark> distribution. The latest version
|
*Sshdump* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
-------- ------
|
[%hardbreaks]
|
||||||
Dario Lombardo <lomato[AT]gmail.com>
|
Dario Lombardo <lomato[AT]gmail.com>
|
||||||
|
|
|
@ -1,57 +1,59 @@
|
||||||
=begin man
|
= text2pcap(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
text2pcap - Generate a capture file from an ASCII hexdump of packets
|
text2pcap - Generate a capture file from an ASCII hexdump of packets
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<text2pcap>
|
[manarg]
|
||||||
S<[ B<-a> ]>
|
*text2pcap*
|
||||||
S<[ B<-d> ]>
|
[ *-a* ]
|
||||||
S<[ B<-D> ]>
|
[ *-d* ]
|
||||||
S<[ B<-e> E<lt>l3pidE<gt> ]>
|
[ *-D* ]
|
||||||
S<[ B<-h> ]>
|
[ *-e* <l3pid> ]
|
||||||
S<[ B<-i> E<lt>protoE<gt> ]>
|
[ *-h* ]
|
||||||
S<[ B<-l> E<lt>typenumE<gt> ]>
|
[ *-i* <proto> ]
|
||||||
S<[ B<-n> ]>
|
[ *-l* <typenum> ]
|
||||||
S<[ B<-N> E<lt>intf-nameE<gt> ]>
|
[ *-n* ]
|
||||||
S<[ B<-m> E<lt>max-packetE<gt> ]>
|
[ *-N* <intf-name> ]
|
||||||
S<[ B<-o> hex|oct|dec ]>
|
[ *-m* <max-packet> ]
|
||||||
S<[ B<-q> ]>
|
[ *-o* hex|oct|dec ]
|
||||||
S<[ B<-s> E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt> ]>
|
[ *-q* ]
|
||||||
S<[ B<-S> E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt> ]>
|
[ *-s* <srcport>,<destport>,<tag> ]
|
||||||
S<[ B<-t> E<lt>timefmtE<gt> ]>
|
[ *-S* <srcport>,<destport>,<ppi> ]
|
||||||
S<[ B<-T> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
|
[ *-t* <timefmt> ]
|
||||||
S<[ B<-u> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
|
[ *-T* <srcport>,<destport> ]
|
||||||
S<[ B<-v> ]>
|
[ *-u* <srcport>,<destport> ]
|
||||||
S<[ B<-4> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
|
[ *-v* ]
|
||||||
S<[ B<-6> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
|
[ *-4* <srcip>,<destip> ]
|
||||||
E<lt>I<infile>E<gt>|-
|
[ *-6* <srcip>,<destip> ]
|
||||||
E<lt>I<outfile>E<gt>|-
|
<__infile__>|-
|
||||||
|
<__outfile__>|-
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Text2pcap> is a program that reads in an ASCII hex dump and writes the
|
*Text2pcap* is a program that reads in an ASCII hex dump and writes the
|
||||||
data described into a B<pcap> or B<pcapng> capture file. B<text2pcap> can
|
data described into a *pcap* or *pcapng* capture file. *text2pcap* can
|
||||||
read hexdumps with multiple packets in them, and build a capture file of
|
read hexdumps with multiple packets in them, and build a capture file of
|
||||||
multiple packets. B<text2pcap> is also capable of generating dummy
|
multiple packets. *text2pcap* is also capable of generating dummy
|
||||||
Ethernet, IP and UDP, TCP, or SCTP headers, in order to build fully
|
Ethernet, IP and UDP, TCP, or SCTP headers, in order to build fully
|
||||||
processable packet dumps from hexdumps of application-level data only.
|
processable packet dumps from hexdumps of application-level data only.
|
||||||
|
|
||||||
B<Text2pcap> understands a hexdump of the form generated by I<od -Ax
|
*Text2pcap* understands a hexdump of the form generated by __od -Ax
|
||||||
-tx1 -v>. In other words, each byte is individually displayed, with
|
-tx1 -v__. In other words, each byte is individually displayed, with
|
||||||
spaces separating the bytes from each other. Each line begins with an offset
|
spaces separating the bytes from each other. Each line begins with an offset
|
||||||
describing the position in the packet, each new packet starts with an offset
|
describing the position in the packet, each new packet starts with an offset
|
||||||
of 0 and there is a space separating the offset from the following bytes.
|
of 0 and there is a space separating the offset from the following bytes.
|
||||||
The offset is a hex number (can also be octal or decimal - see B<-o>),
|
The offset is a hex number (can also be octal or decimal - see *-o*),
|
||||||
of more than two hex digits.
|
of more than two hex digits.
|
||||||
|
|
||||||
Here is a sample dump that B<text2pcap> can recognize:
|
Here is a sample dump that *text2pcap* can recognize:
|
||||||
|
|
||||||
000000 00 0e b6 00 00 02 00 0e b6 00 00 01 08 00 45 00
|
000000 00 0e b6 00 00 02 00 0e b6 00 00 01 08 00 45 00
|
||||||
000010 00 28 00 00 00 00 ff 01 37 d1 c0 00 02 01 c0 00
|
000010 00 28 00 00 00 00 ff 01 37 d1 c0 00 02 01 c0 00
|
||||||
|
@ -75,10 +77,10 @@ also ignored. An offset of zero is indicative of starting a new
|
||||||
packet, so a single text file with a series of hexdumps can be
|
packet, so a single text file with a series of hexdumps can be
|
||||||
converted into a packet capture with multiple packets. Packets may be
|
converted into a packet capture with multiple packets. Packets may be
|
||||||
preceded by a timestamp. These are interpreted according to the format
|
preceded by a timestamp. These are interpreted according to the format
|
||||||
given on the command line (see B<-t>). If not, the first packet
|
given on the command line (see *-t*). If not, the first packet
|
||||||
is timestamped with the current time the conversion takes place. Multiple
|
is timestamped with the current time the conversion takes place. Multiple
|
||||||
packets are written with timestamps differing by one microsecond each.
|
packets are written with timestamps differing by one microsecond each.
|
||||||
In general, short of these restrictions, B<text2pcap> is pretty liberal
|
In general, short of these restrictions, *text2pcap* is pretty liberal
|
||||||
about reading in hexdumps and has been tested with a variety of
|
about reading in hexdumps and has been tested with a variety of
|
||||||
mangled outputs (including being forwarded through email multiple
|
mangled outputs (including being forwarded through email multiple
|
||||||
times, with limited line wrap etc.)
|
times, with limited line wrap etc.)
|
||||||
|
@ -87,188 +89,224 @@ There are a couple of other special features to note. Any line where
|
||||||
the first non-whitespace character is '#' will be ignored as a
|
the first non-whitespace character is '#' will be ignored as a
|
||||||
comment. Any line beginning with #TEXT2PCAP is a directive and options
|
comment. Any line beginning with #TEXT2PCAP is a directive and options
|
||||||
can be inserted after this command to be processed by
|
can be inserted after this command to be processed by
|
||||||
B<text2pcap>. Currently there are no directives implemented; in the
|
*text2pcap*. Currently there are no directives implemented; in the
|
||||||
future, these may be used to give more fine grained control on the
|
future, these may be used to give more fine grained control on the
|
||||||
dump and the way it should be processed e.g. timestamps, encapsulation
|
dump and the way it should be processed e.g. timestamps, encapsulation
|
||||||
type etc.
|
type etc.
|
||||||
|
|
||||||
B<Text2pcap> also allows the user to read in dumps of
|
*Text2pcap* also allows the user to read in dumps of
|
||||||
application-level data, by inserting dummy L2, L3 and L4 headers
|
application-level data, by inserting dummy L2, L3 and L4 headers
|
||||||
before each packet. The user can elect to insert Ethernet headers,
|
before each packet. The user can elect to insert Ethernet headers,
|
||||||
Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each
|
Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each
|
||||||
packet. This allows Wireshark or any other full-packet decoder to
|
packet. This allows Wireshark or any other full-packet decoder to
|
||||||
handle these dumps.
|
handle these dumps.
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item -a
|
|
||||||
|
|
||||||
|
-a::
|
||||||
|
+
|
||||||
|
--
|
||||||
Enables ASCII text dump identification. It allows one to identify the start of
|
Enables ASCII text dump identification. It allows one to identify the start of
|
||||||
the ASCII text dump and not include it in the packet even if it looks like HEX.
|
the ASCII text dump and not include it in the packet even if it looks like HEX.
|
||||||
|
|
||||||
B<NOTE:> Do not enable it if the input file does not contain the ASCII text dump.
|
*NOTE:* Do not enable it if the input file does not contain the ASCII text dump.
|
||||||
|
--
|
||||||
=item -d
|
|
||||||
|
|
||||||
|
-d::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays debugging information during the process. Can be used
|
Displays debugging information during the process. Can be used
|
||||||
multiple times to generate more debugging information.
|
multiple times to generate more debugging information.
|
||||||
|
--
|
||||||
|
|
||||||
=item -D
|
-D::
|
||||||
|
+
|
||||||
|
--
|
||||||
The text before the packet starts either with an I or O indicating that
|
The text before the packet starts either with an I or O indicating that
|
||||||
the packet is inbound or outbound. This is used when generating dummy headers.
|
the packet is inbound or outbound. This is used when generating dummy headers.
|
||||||
The indication is only stored if the output format is pcapng.
|
The indication is only stored if the output format is pcapng.
|
||||||
|
--
|
||||||
|
|
||||||
=item -e E<lt>l3pidE<gt>
|
-e <l3pid>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Include a dummy Ethernet header before each packet. Specify the L3PID
|
Include a dummy Ethernet header before each packet. Specify the L3PID
|
||||||
for the Ethernet header in hex. Use this option if your dump has Layer
|
for the Ethernet header in hex. Use this option if your dump has Layer
|
||||||
3 header and payload (e.g. IP header), but no Layer 2
|
3 header and payload (e.g. IP header), but no Layer 2
|
||||||
encapsulation. Example: I<-e 0x806> to specify an ARP packet.
|
encapsulation. Example: __-e 0x806__ to specify an ARP packet.
|
||||||
|
|
||||||
For IP packets, instead of generating a fake Ethernet header you can
|
For IP packets, instead of generating a fake Ethernet header you can
|
||||||
also use I<-l 101> to indicate a raw IP packet to Wireshark. Note that
|
also use __-l 101__ to indicate a raw IP packet to Wireshark. Note that
|
||||||
I<-l 101> does not work for any non-IP Layer 3 packet (e.g. ARP),
|
__-l 101__ does not work for any non-IP Layer 3 packet (e.g. ARP),
|
||||||
whereas generating a dummy Ethernet header with I<-e> works for any
|
whereas generating a dummy Ethernet header with __-e__ works for any
|
||||||
sort of L3 packet.
|
sort of L3 packet.
|
||||||
|
--
|
||||||
|
|
||||||
=item -h
|
-h::
|
||||||
|
+
|
||||||
|
--
|
||||||
Displays a help message.
|
Displays a help message.
|
||||||
|
--
|
||||||
|
|
||||||
=item -i E<lt>protoE<gt>
|
-i <proto>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Include dummy IP headers before each packet. Specify the IP protocol
|
Include dummy IP headers before each packet. Specify the IP protocol
|
||||||
for the packet in decimal. Use this option if your dump is the payload
|
for the packet in decimal. Use this option if your dump is the payload
|
||||||
of an IP packet (i.e. has complete L4 information) but does not have
|
of an IP packet (i.e. has complete L4 information) but does not have
|
||||||
an IP header with each packet. Note that an appropriate Ethernet header
|
an IP header with each packet. Note that an appropriate Ethernet header
|
||||||
is automatically included with each packet as well.
|
is automatically included with each packet as well.
|
||||||
Example: I<-i 46> to specify an RSVP packet (IP protocol 46). See
|
Example: __-i 46__ to specify an RSVP packet (IP protocol 46). See
|
||||||
L<https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml> for
|
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml for
|
||||||
the complete list of assigned internet protocol numbers.
|
the complete list of assigned internet protocol numbers.
|
||||||
|
--
|
||||||
|
|
||||||
=item -l
|
-l::
|
||||||
|
+
|
||||||
|
--
|
||||||
Specify the link-layer header type of this packet. Default is Ethernet
|
Specify the link-layer header type of this packet. Default is Ethernet
|
||||||
(1). See L<https://www.tcpdump.org/linktypes.html> for the complete list
|
(1). See https://www.tcpdump.org/linktypes.html for the complete list
|
||||||
of possible encapsulations. Note that this option should be used if
|
of possible encapsulations. Note that this option should be used if
|
||||||
your dump is a complete hex dump of an encapsulated packet and you wish
|
your dump is a complete hex dump of an encapsulated packet and you wish
|
||||||
to specify the exact type of encapsulation. Example: I<-l 7> for ARCNet
|
to specify the exact type of encapsulation. Example: __-l 7__ for ARCNet
|
||||||
packets encapsulated BSD-style.
|
packets encapsulated BSD-style.
|
||||||
|
--
|
||||||
|
|
||||||
=item -m E<lt>max-packetE<gt>
|
-m <max-packet>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the maximum packet length, default is 262144.
|
Set the maximum packet length, default is 262144.
|
||||||
Useful for testing various packet boundaries when only an application
|
Useful for testing various packet boundaries when only an application
|
||||||
level datastream is available. Example:
|
level datastream is available. Example:
|
||||||
|
|
||||||
I<od -Ax -tx1 -v stream | text2pcap -m1460 -T1234,1234 - stream.pcap>
|
__od -Ax -tx1 -v stream | text2pcap -m1460 -T1234,1234 - stream.pcap__
|
||||||
|
|
||||||
will convert from plain datastream format to a sequence of Ethernet
|
will convert from plain datastream format to a sequence of Ethernet
|
||||||
TCP packets.
|
TCP packets.
|
||||||
|
--
|
||||||
|
|
||||||
=item -n
|
-n::
|
||||||
|
+
|
||||||
|
--
|
||||||
Write the file in pcapng format rather than pcap format.
|
Write the file in pcapng format rather than pcap format.
|
||||||
|
--
|
||||||
|
|
||||||
=item -N E<lt>intf-nameE<gt>
|
-N <intf-name>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Specify a name for the interface included when writing a pcapng format
|
Specify a name for the interface included when writing a pcapng format
|
||||||
file. By default no name is defined.
|
file. By default no name is defined.
|
||||||
|
--
|
||||||
|
|
||||||
=item -o hex|oct|dec
|
-o hex|oct|dec::
|
||||||
|
+
|
||||||
|
--
|
||||||
Specify the radix for the offsets (hex, octal or decimal). Defaults to
|
Specify the radix for the offsets (hex, octal or decimal). Defaults to
|
||||||
hex. This corresponds to the C<-A> option for I<od>.
|
hex. This corresponds to the `-A` option for __od__.
|
||||||
|
--
|
||||||
=item -q
|
|
||||||
|
|
||||||
|
-q::
|
||||||
|
+
|
||||||
|
--
|
||||||
Be completely quiet during the process.
|
Be completely quiet during the process.
|
||||||
|
--
|
||||||
|
|
||||||
=item -s E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt>
|
-s <srcport>,<destport>,<tag>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Include dummy SCTP headers before each packet. Specify, in decimal, the
|
Include dummy SCTP headers before each packet. Specify, in decimal, the
|
||||||
source and destination SCTP ports, and verification tag, for the packet.
|
source and destination SCTP ports, and verification tag, for the packet.
|
||||||
Use this option if your dump is the SCTP payload of a packet but does
|
Use this option if your dump is the SCTP payload of a packet but does
|
||||||
not include any SCTP, IP or Ethernet headers. Note that appropriate
|
not include any SCTP, IP or Ethernet headers. Note that appropriate
|
||||||
Ethernet and IP headers are automatically also included with each
|
Ethernet and IP headers are automatically also included with each
|
||||||
packet. A CRC32C checksum will be put into the SCTP header.
|
packet. A CRC32C checksum will be put into the SCTP header.
|
||||||
|
--
|
||||||
|
|
||||||
=item -S E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt>
|
-S <srcport>,<destport>,<ppi>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Include dummy SCTP headers before each packet. Specify, in decimal, the
|
Include dummy SCTP headers before each packet. Specify, in decimal, the
|
||||||
source and destination SCTP ports, and a verification tag of 0, for the
|
source and destination SCTP ports, and a verification tag of 0, for the
|
||||||
packet, and prepend a dummy SCTP DATA chunk header with a payload
|
packet, and prepend a dummy SCTP DATA chunk header with a payload
|
||||||
protocol identifier if I<ppi>. Use this option if your dump is the SCTP
|
protocol identifier if __ppi__. Use this option if your dump is the SCTP
|
||||||
payload of a packet but does not include any SCTP, IP or Ethernet
|
payload of a packet but does not include any SCTP, IP or Ethernet
|
||||||
headers. Note that appropriate Ethernet and IP headers are
|
headers. Note that appropriate Ethernet and IP headers are
|
||||||
automatically included with each packet. A CRC32C checksum will be put
|
automatically included with each packet. A CRC32C checksum will be put
|
||||||
into the SCTP header.
|
into the SCTP header.
|
||||||
|
--
|
||||||
|
|
||||||
=item -t E<lt>timefmtE<gt>
|
-t <timefmt>::
|
||||||
|
+
|
||||||
Treats the text before the packet as a date/time code; I<timefmt> is a
|
--
|
||||||
|
Treats the text before the packet as a date/time code; __timefmt__ is a
|
||||||
format string of the sort supported by strptime(3).
|
format string of the sort supported by strptime(3).
|
||||||
Example: The time "10:15:14.5476" has the format code "%H:%M:%S."
|
Example: The time "10:15:14.5476" has the format code "%H:%M:%S."
|
||||||
|
|
||||||
B<NOTE:> The subsecond component delimiter must be specified (.) but no
|
*NOTE:* The subsecond component delimiter must be specified (.) but no
|
||||||
pattern is required; the remaining number is assumed to be fractions of
|
pattern is required; the remaining number is assumed to be fractions of
|
||||||
a second.
|
a second.
|
||||||
|
|
||||||
B<NOTE:> Date/time fields from the current date/time are
|
*NOTE:* Date/time fields from the current date/time are
|
||||||
used as the default for unspecified fields.
|
used as the default for unspecified fields.
|
||||||
|
--
|
||||||
|
|
||||||
=item -T E<lt>srcportE<gt>,E<lt>destportE<gt>
|
-T <srcport>,<destport>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Include dummy TCP headers before each packet. Specify the source and
|
Include dummy TCP headers before each packet. Specify the source and
|
||||||
destination TCP ports for the packet in decimal. Use this option if
|
destination TCP ports for the packet in decimal. Use this option if
|
||||||
your dump is the TCP payload of a packet but does not include any TCP,
|
your dump is the TCP payload of a packet but does not include any TCP,
|
||||||
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
||||||
are automatically also included with each packet.
|
are automatically also included with each packet.
|
||||||
Sequence numbers will start at 0.
|
Sequence numbers will start at 0.
|
||||||
|
--
|
||||||
|
|
||||||
=item -u E<lt>srcportE<gt>,E<lt>destportE<gt>
|
-u <srcport>,<destport>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Include dummy UDP headers before each packet. Specify the source and
|
Include dummy UDP headers before each packet. Specify the source and
|
||||||
destination UDP ports for the packet in decimal. Use this option if
|
destination UDP ports for the packet in decimal. Use this option if
|
||||||
your dump is the UDP payload of a packet but does not include any UDP,
|
your dump is the UDP payload of a packet but does not include any UDP,
|
||||||
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
||||||
are automatically also included with each packet.
|
are automatically also included with each packet.
|
||||||
Example: I<-u1000,69> to make the packets look like TFTP/UDP packets.
|
Example: __-u1000,69__ to make the packets look like TFTP/UDP packets.
|
||||||
|
--
|
||||||
=item -v
|
|
||||||
|
|
||||||
|
-v::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print the version and exit.
|
Print the version and exit.
|
||||||
|
--
|
||||||
|
|
||||||
=item -4 E<lt>srcipE<gt>,E<lt>destipE<gt>
|
-4 <srcip>,<destip>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Prepend dummy IP header with specified IPv4 dest and source address.
|
Prepend dummy IP header with specified IPv4 dest and source address.
|
||||||
This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
|
This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
|
||||||
Use this option to apply "custom" IP addresses.
|
Use this option to apply "custom" IP addresses.
|
||||||
Example: I<-4 10.0.0.1,10.0.0.2> to use 10.0.0.1 and 10.0.0.2 for all IP packets.
|
Example: __-4 10.0.0.1,10.0.0.2__ to use 10.0.0.1 and 10.0.0.2 for all IP packets.
|
||||||
|
--
|
||||||
=item -6 E<lt>srcipE<gt>,E<lt>destipE<gt>
|
|
||||||
|
|
||||||
|
-6 <srcip>,<destip>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Prepend dummy IP header with specified IPv6 dest and source address.
|
Prepend dummy IP header with specified IPv6 dest and source address.
|
||||||
This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
|
This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
|
||||||
Use this option to apply "custom" IP addresses.
|
Use this option to apply "custom" IP addresses.
|
||||||
Example: I<-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334> to
|
Example: __-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334__ to
|
||||||
use fe80::202:b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets.
|
use fe80::202:b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== SEE ALSO
|
||||||
|
|
||||||
=head1 SEE ALSO
|
od(1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:mergecap.html[mergecap](1),
|
||||||
|
xref:editcap.html[editcap](1), strptime(3), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
|
||||||
|
|
||||||
od(1), pcap(3), wireshark(1), tshark(1), dumpcap(1), mergecap(1),
|
== NOTES
|
||||||
editcap(1), strptime(3), pcap-filter(7) or tcpdump(8)
|
|
||||||
|
|
||||||
=head1 NOTES
|
*Text2pcap* is part of the *Wireshark* distribution. The latest version
|
||||||
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
B<Text2pcap> is part of the B<Wireshark> distribution. The latest version
|
== AUTHORS
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
|
||||||
|
|
||||||
=head1 AUTHORS
|
|
||||||
|
|
||||||
Ashok Narayanan <ashokn[AT]cisco.com>
|
Ashok Narayanan <ashokn[AT]cisco.com>
|
||||||
|
|
1699
doc/tshark.adoc
1699
doc/tshark.adoc
File diff suppressed because it is too large
Load Diff
130
doc/udpdump.adoc
130
doc/udpdump.adoc
|
@ -1,83 +1,101 @@
|
||||||
=begin man
|
= udpdump(1)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
udpdump - Provide an UDP receiver that gets packets from network devices (like Aruba routers) and exports them in PCAP format.
|
udpdump - Provide an UDP receiver that gets packets from network devices (like Aruba routers) and exports them in PCAP format.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<udpdump>
|
[manarg]
|
||||||
S<[ B<--help> ]>
|
*udpdump*
|
||||||
S<[ B<--version> ]>
|
[ *--help* ]
|
||||||
S<[ B<--extcap-interfaces> ]>
|
[ *--version* ]
|
||||||
S<[ B<--extcap-dlts> ]>
|
[ *--extcap-interfaces* ]
|
||||||
S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
|
[ *--extcap-dlts* ]
|
||||||
S<[ B<--extcap-config> ]>
|
[ *--extcap-interface*=<interface> ]
|
||||||
S<[ B<--capture> ]>
|
[ *--extcap-config* ]
|
||||||
S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
|
[ *--capture* ]
|
||||||
S<[ B<--port>=E<lt>portE<gt> ]>
|
[ *--fifo*=<path to file or pipe> ]
|
||||||
S<[ B<--payload>=E<lt>typeE<gt> ]>
|
[ *--port*=<port> ]
|
||||||
|
[ *--payload*=<type> ]
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<udpdump> is a extcap tool that provides an UDP receiver that listens for exported datagrams coming from
|
*udpdump* is a extcap tool that provides an UDP receiver that listens for exported datagrams coming from
|
||||||
any source (like Aruba routers) and exports them in PCAP format. This provides the user two basic
|
any source (like Aruba routers) and exports them in PCAP format. This provides the user two basic
|
||||||
functionalities: the first one is to have a listener that prevents the localhost to send back an ICMP
|
functionalities: the first one is to have a listener that prevents the localhost to send back an ICMP
|
||||||
port-unreachable packet. The second one is to strip out the lower layers (layer 2, IP, UDP) that are useless
|
port-unreachable packet. The second one is to strip out the lower layers (layer 2, IP, UDP) that are useless
|
||||||
(are used just as export vector). The format of the exported datagrams are EXPORTED_PDU, as specified in
|
(are used just as export vector). The format of the exported datagrams are EXPORTED_PDU, as specified in
|
||||||
https://gitlab.com/wireshark/wireshark/-/raw/master/epan/exported_pdu.h
|
https://gitlab.com/wireshark/wireshark/-/raw/master/epan/exported_pdu.h
|
||||||
|
|
||||||
=head1 OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item --help
|
|
||||||
|
|
||||||
|
--help::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program arguments.
|
Print program arguments.
|
||||||
|
--
|
||||||
|
|
||||||
=item --version
|
--version::
|
||||||
|
+
|
||||||
|
--
|
||||||
Print program version.
|
Print program version.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interfaces
|
--extcap-interfaces::
|
||||||
|
+
|
||||||
|
--
|
||||||
List available interfaces.
|
List available interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-interface=E<lt>interfaceE<gt>
|
--extcap-interface=<interface>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Use specified interfaces.
|
Use specified interfaces.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-dlts
|
--extcap-dlts::
|
||||||
|
+
|
||||||
|
--
|
||||||
List DLTs of specified interface.
|
List DLTs of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --extcap-config
|
--extcap-config::
|
||||||
|
+
|
||||||
|
--
|
||||||
List configuration options of specified interface.
|
List configuration options of specified interface.
|
||||||
|
--
|
||||||
|
|
||||||
=item --capture
|
--capture::
|
||||||
|
+
|
||||||
|
--
|
||||||
Start capturing from specified interface save saved it in place specified by --fifo.
|
Start capturing from specified interface save saved it in place specified by --fifo.
|
||||||
|
--
|
||||||
|
|
||||||
=item --fifo=E<lt>path to file or pipeE<gt>
|
--fifo=<path to file or pipe>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Save captured packet to file or send it through pipe.
|
Save captured packet to file or send it through pipe.
|
||||||
|
--
|
||||||
|
|
||||||
=item --port=E<lt>portE<gt>
|
--port=<port>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the listener port. Port 5555 is the default.
|
Set the listener port. Port 5555 is the default.
|
||||||
|
--
|
||||||
|
|
||||||
=item --payload=E<lt>typeE<gt>
|
--payload=<type>::
|
||||||
|
+
|
||||||
|
--
|
||||||
Set the payload of the exported PDU. Default: data.
|
Set the payload of the exported PDU. Default: data.
|
||||||
|
--
|
||||||
|
|
||||||
=back
|
== EXAMPLES
|
||||||
|
|
||||||
=head1 EXAMPLES
|
|
||||||
|
|
||||||
To see program arguments:
|
To see program arguments:
|
||||||
|
|
||||||
|
@ -114,20 +132,20 @@ To capture:
|
||||||
|
|
||||||
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
NOTE: To stop capturing CTRL+C/kill/terminate application.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), dumpcap(1), extcap(4)
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
|
||||||
|
|
||||||
=head1 NOTES
|
== NOTES
|
||||||
|
|
||||||
B<udpdump> is part of the B<Wireshark> distribution. The latest version
|
*udpdump* is part of the *Wireshark* distribution. The latest version
|
||||||
of B<Wireshark> can be found at L<https://www.wireshark.org>.
|
of *Wireshark* can be found at https://www.wireshark.org.
|
||||||
|
|
||||||
HTML versions of the Wireshark project man pages are available at:
|
HTML versions of the Wireshark project man pages are available at:
|
||||||
L<https://www.wireshark.org/docs/man-pages>.
|
https://www.wireshark.org/docs/man-pages.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
Original Author
|
.Original Author
|
||||||
---------------
|
[%hardbreaks]
|
||||||
Dario Lombardo <lomato[AT]gmail.com>
|
Dario Lombardo <lomato[AT]gmail.com>
|
||||||
|
|
|
@ -1,24 +1,25 @@
|
||||||
=begin man
|
= wireshark-filter(4)
|
||||||
|
:doctype: manpage
|
||||||
|
include::../docbook/attributes.adoc[]
|
||||||
|
:stylesheet: ws.css
|
||||||
|
:linkcss:
|
||||||
|
:copycss: ../docbook/{stylesheet}
|
||||||
|
|
||||||
=encoding utf8
|
== NAME
|
||||||
|
|
||||||
=end man
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
wireshark-filter - Wireshark display filter syntax and reference
|
wireshark-filter - Wireshark display filter syntax and reference
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
== SYNOPSIS
|
||||||
|
|
||||||
B<wireshark> [other options]
|
*wireshark* [other options]
|
||||||
S<[ B<-Y> "display filter expression" | B<--display-filter> "display filter expression" ]>
|
[.nowrap]#[ *-Y* "display filter expression" | *--display-filter* "display filter expression" ]#
|
||||||
|
|
||||||
B<tshark> [other options]
|
*tshark* [other options]
|
||||||
S<[ B<-Y> "display filter expression" | B<--display-filter> "display filter expression" ]>
|
[.nowrap]#[ *-Y* "display filter expression" | *--display-filter* "display filter expression" ]#
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
== DESCRIPTION
|
||||||
|
|
||||||
B<Wireshark> and B<TShark> share a powerful filter engine that helps remove
|
*Wireshark* and *TShark* share a powerful filter engine that helps remove
|
||||||
the noise from a packet trace and lets you see only the packets that interest
|
the noise from a packet trace and lets you see only the packets that interest
|
||||||
you. If a packet meets the requirements expressed in your filter, then it
|
you. If a packet meets the requirements expressed in your filter, then it
|
||||||
is displayed in the list of packets. Display filters let you compare the
|
is displayed in the list of packets. Display filters let you compare the
|
||||||
|
@ -26,14 +27,14 @@ fields within a protocol against a specific value, compare fields against
|
||||||
fields, and check the existence of specified fields or protocols.
|
fields, and check the existence of specified fields or protocols.
|
||||||
|
|
||||||
Filters are also used by other features such as statistics generation and
|
Filters are also used by other features such as statistics generation and
|
||||||
packet list colorization (the latter is only available to B<Wireshark>). This
|
packet list colorization (the latter is only available to *Wireshark*). This
|
||||||
manual page describes their syntax. A comprehensive reference of filter fields
|
manual page describes their syntax. A comprehensive reference of filter fields
|
||||||
can be found within Wireshark and in the display filter reference at
|
can be found within Wireshark and in the display filter reference at
|
||||||
L<https://www.wireshark.org/docs/dfref/>.
|
https://www.wireshark.org/docs/dfref/.
|
||||||
|
|
||||||
=head1 FILTER SYNTAX
|
== FILTER SYNTAX
|
||||||
|
|
||||||
=head2 Check whether a field or protocol exists
|
=== Check whether a field or protocol exists
|
||||||
|
|
||||||
The simplest filter allows you to check for the existence of a protocol or
|
The simplest filter allows you to check for the existence of a protocol or
|
||||||
field. If you want to see all packets which contain the IP protocol, the
|
field. If you want to see all packets which contain the IP protocol, the
|
||||||
|
@ -43,7 +44,7 @@ that contain a Token-Ring RIF field, use "tr.rif".
|
||||||
Think of a protocol or field in a filter as implicitly having the "exists"
|
Think of a protocol or field in a filter as implicitly having the "exists"
|
||||||
operator.
|
operator.
|
||||||
|
|
||||||
=head2 Comparison operators
|
=== Comparison operators
|
||||||
|
|
||||||
Fields can also be compared against values. The comparison operators
|
Fields can also be compared against values. The comparison operators
|
||||||
can be expressed either through English-like abbreviations or through
|
can be expressed either through English-like abbreviations or through
|
||||||
|
@ -56,7 +57,7 @@ C-like symbols:
|
||||||
ge, >= Greater than or Equal to
|
ge, >= Greater than or Equal to
|
||||||
le, <= Less than or Equal to
|
le, <= Less than or Equal to
|
||||||
|
|
||||||
=head2 Search and match operators
|
=== Search and match operators
|
||||||
|
|
||||||
Additional operators exist expressed only in English, not C-like syntax:
|
Additional operators exist expressed only in English, not C-like syntax:
|
||||||
|
|
||||||
|
@ -90,12 +91,12 @@ You can force case sensitivity using
|
||||||
|
|
||||||
wsp.header.user_agent matches "(?-i)cldc"
|
wsp.header.user_agent matches "(?-i)cldc"
|
||||||
|
|
||||||
This is an example of PCRE's B<(?>optionB<)> construct. B<(?-i)> performs a
|
This is an example of PCRE's *(?*option*)* construct. *(?-i)* performs a
|
||||||
case-sensitive pattern match but other options can be specified as well. More
|
case-sensitive pattern match but other options can be specified as well. More
|
||||||
information can be found in the
|
information can be found in the
|
||||||
L<pcrepattern(3)|https://www.pcre.org/original/doc/html/pcrepattern.html> man page.
|
pcrepattern(3)|https://www.pcre.org/original/doc/html/pcrepattern.html man page.
|
||||||
|
|
||||||
=head2 Functions
|
=== Functions
|
||||||
|
|
||||||
The filter language has the following functions:
|
The filter language has the following functions:
|
||||||
|
|
||||||
|
@ -120,7 +121,7 @@ byte fields. For example:
|
||||||
|
|
||||||
gives you all the odd packets.
|
gives you all the odd packets.
|
||||||
|
|
||||||
=head2 Protocol field types
|
=== Protocol field types
|
||||||
|
|
||||||
Each protocol field is typed. The types are:
|
Each protocol field is typed. The types are:
|
||||||
|
|
||||||
|
@ -241,7 +242,7 @@ String literals prefixed with 'r' are called "raw strings". Such strings treat
|
||||||
backslash as a literal character. Double quotes may still be escaped with
|
backslash as a literal character. Double quotes may still be escaped with
|
||||||
backslash but note that backslashes are always preserved in the result.
|
backslash but note that backslashes are always preserved in the result.
|
||||||
|
|
||||||
=head2 The slice operator
|
=== The slice operator
|
||||||
|
|
||||||
You can take a slice of a field if the field is a text string or a
|
You can take a slice of a field if the field is a text string or a
|
||||||
byte array.
|
byte array.
|
||||||
|
@ -257,7 +258,7 @@ Another example is:
|
||||||
|
|
||||||
You can use the slice operator on a protocol name, too.
|
You can use the slice operator on a protocol name, too.
|
||||||
The "frame" protocol can be useful, encompassing all the data captured
|
The "frame" protocol can be useful, encompassing all the data captured
|
||||||
by B<Wireshark> or B<TShark>.
|
by *Wireshark* or *TShark*.
|
||||||
|
|
||||||
token[0:5] ne 0.0.0.1.1
|
token[0:5] ne 0.0.0.1.1
|
||||||
llc[0] eq aa
|
llc[0] eq aa
|
||||||
|
@ -272,7 +273,7 @@ The following syntax governs slices:
|
||||||
[i:] start_offset = i, end_offset = end_of_field
|
[i:] start_offset = i, end_offset = end_of_field
|
||||||
|
|
||||||
Offsets can be negative, in which case they indicate the
|
Offsets can be negative, in which case they indicate the
|
||||||
offset from the B<end> of the field. The last byte of the field is at offset
|
offset from the *end* of the field. The last byte of the field is at offset
|
||||||
-1, the last but one byte is at offset -2, and so on.
|
-1, the last but one byte is at offset -2, and so on.
|
||||||
Here's how to check the last four bytes of a frame:
|
Here's how to check the last four bytes of a frame:
|
||||||
|
|
||||||
|
@ -300,7 +301,7 @@ Slices can be combined. You can concatenate them using the comma operator:
|
||||||
This concatenates offset 1, offsets 3-5, and offset 9 to the end of the ftp
|
This concatenates offset 1, offsets 3-5, and offset 9 to the end of the ftp
|
||||||
data.
|
data.
|
||||||
|
|
||||||
=head2 The membership operator
|
=== The membership operator
|
||||||
|
|
||||||
A field may be checked for matches against a set of values simply with the
|
A field may be checked for matches against a set of values simply with the
|
||||||
membership operator. For instance, you may find traffic on common HTTP/HTTPS
|
membership operator. For instance, you may find traffic on common HTTP/HTTPS
|
||||||
|
@ -322,7 +323,7 @@ The set of values can also contain ranges:
|
||||||
ip.addr in {10.0.0.5 .. 10.0.0.9 192.168.1.1..192.168.1.9}
|
ip.addr in {10.0.0.5 .. 10.0.0.9 192.168.1.1..192.168.1.9}
|
||||||
frame.time_delta in {10 .. 10.5}
|
frame.time_delta in {10 .. 10.5}
|
||||||
|
|
||||||
=head2 Type conversions
|
=== Type conversions
|
||||||
|
|
||||||
If a field is a text string or a byte array, it can be expressed in whichever
|
If a field is a text string or a byte array, it can be expressed in whichever
|
||||||
way is most convenient.
|
way is most convenient.
|
||||||
|
@ -337,7 +338,7 @@ A range can also be expressed in either way:
|
||||||
frame[60:2] gt 50.51
|
frame[60:2] gt 50.51
|
||||||
frame[60:2] gt "PQ"
|
frame[60:2] gt "PQ"
|
||||||
|
|
||||||
=head2 Bit field operations
|
=== Bit field operations
|
||||||
|
|
||||||
It is also possible to define tests with bit field operations. Currently the
|
It is also possible to define tests with bit field operations. Currently the
|
||||||
following bit field operation is supported:
|
following bit field operation is supported:
|
||||||
|
@ -363,7 +364,7 @@ have the same number of bytes as the slice itself, as in:
|
||||||
|
|
||||||
ip[42:2] & 40:ff
|
ip[42:2] & 40:ff
|
||||||
|
|
||||||
=head2 Logical expressions
|
=== Logical expressions
|
||||||
|
|
||||||
Tests can be combined using logical expressions.
|
Tests can be combined using logical expressions.
|
||||||
These too are expressible in C-like syntax or with English-like
|
These too are expressible in C-like syntax or with English-like
|
||||||
|
@ -407,7 +408,7 @@ filter. The other ip.addr could equal 192.168.4.1 and the packet would
|
||||||
still be displayed.
|
still be displayed.
|
||||||
The second filter says "don't show me any packets that have an
|
The second filter says "don't show me any packets that have an
|
||||||
ip.addr field equal to 192.168.4.1". If one ip.addr is 192.168.4.1,
|
ip.addr field equal to 192.168.4.1". If one ip.addr is 192.168.4.1,
|
||||||
the packet does not pass. If B<neither> ip.addr field is 192.168.4.1,
|
the packet does not pass. If *neither* ip.addr field is 192.168.4.1,
|
||||||
then the packet is displayed.
|
then the packet is displayed.
|
||||||
|
|
||||||
It is easy to think of the 'ne' and 'eq' operators as having an implicit
|
It is easy to think of the 'ne' and 'eq' operators as having an implicit
|
||||||
|
@ -425,7 +426,7 @@ multicast packets to address 224.1.2.3, then using:
|
||||||
ip.dst ne 224.1.2.3
|
ip.dst ne 224.1.2.3
|
||||||
|
|
||||||
may be too restrictive. Filtering with "ip.dst" selects only those
|
may be too restrictive. Filtering with "ip.dst" selects only those
|
||||||
B<IP> packets that satisfy the rule. Any other packets, including all
|
*IP* packets that satisfy the rule. Any other packets, including all
|
||||||
non-IP packets, will not be displayed. To display the non-IP
|
non-IP packets, will not be displayed. To display the non-IP
|
||||||
packets as well, you can use one of the following two expressions:
|
packets as well, you can use one of the following two expressions:
|
||||||
|
|
||||||
|
@ -437,50 +438,42 @@ lets "ip.dst ne 224.1.2.3" filter out the unwanted IP packets. The
|
||||||
second filter has already been explained above where filtering with
|
second filter has already been explained above where filtering with
|
||||||
multiply occurring fields was discussed.
|
multiply occurring fields was discussed.
|
||||||
|
|
||||||
=head1 FILTER FIELD REFERENCE
|
== FILTER FIELD REFERENCE
|
||||||
|
|
||||||
The entire list of display filters is too large to list here. You can
|
The entire list of display filters is too large to list here. You can
|
||||||
can find references and examples at the following locations:
|
can find references and examples at the following locations:
|
||||||
|
|
||||||
=over 4
|
* The online Display Filter Reference: https://www.wireshark.org/docs/dfref/
|
||||||
|
|
||||||
=item *
|
* __View:Internals:Supported Protocols__ in Wireshark
|
||||||
The online Display Filter Reference: L<https://www.wireshark.org/docs/dfref/>
|
|
||||||
|
|
||||||
=item *
|
* `tshark -G fields` on the command line
|
||||||
I<View:Internals:Supported Protocols> in Wireshark
|
|
||||||
|
|
||||||
=item *
|
* The Wireshark wiki: https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters
|
||||||
C<tshark -G fields> on the command line
|
|
||||||
|
|
||||||
=item *
|
== NOTES
|
||||||
The Wireshark wiki: L<https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters>
|
|
||||||
|
|
||||||
=back
|
The *xref:wireshark-filter.html[wireshark-filter](4)* manpage is part of the *Wireshark* distribution.
|
||||||
|
The latest version of *Wireshark* can be found at
|
||||||
=head1 NOTES
|
https://www.wireshark.org.
|
||||||
|
|
||||||
The B<wireshark-filter(4)> manpage is part of the B<Wireshark> distribution.
|
|
||||||
The latest version of B<Wireshark> can be found at
|
|
||||||
L<https://www.wireshark.org>.
|
|
||||||
|
|
||||||
Regular expressions in the "matches" operator are provided by GRegex in GLib.
|
Regular expressions in the "matches" operator are provided by GRegex in GLib.
|
||||||
See L<https://developer.gnome.org/glib/2.32/glib-regex-syntax.html> or L<https://www.pcre.org/> for more information.
|
See https://developer.gnome.org/glib/2.32/glib-regex-syntax.html or https://www.pcre.org/ for more information.
|
||||||
|
|
||||||
This manpage does not describe the capture filter syntax, which is
|
This manpage does not describe the capture filter syntax, which is
|
||||||
different. See the manual page of pcap-filter(7) or, if that doesn't exist,
|
different. See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist,
|
||||||
tcpdump(8), or, if that doesn't exist, L<https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters>
|
xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8), or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters
|
||||||
for a description of capture filters.
|
for a description of capture filters.
|
||||||
|
|
||||||
Display Filters are also described in the User's Guide:
|
Display Filters are also described in the User's Guide:
|
||||||
L<https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html>
|
https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
|
||||||
|
|
||||||
=head1 SEE ALSO
|
== SEE ALSO
|
||||||
|
|
||||||
wireshark(1), tshark(1), editcap(1), pcap(3), pcap-filter(7) or tcpdump(8) if it
|
xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8) if it
|
||||||
doesn't exist.
|
doesn't exist.
|
||||||
|
|
||||||
=head1 AUTHORS
|
== AUTHORS
|
||||||
|
|
||||||
See the list of authors in the B<Wireshark> man page for a list of authors of
|
See the list of authors in the *Wireshark* man page for a list of authors of
|
||||||
that code.
|
that code.
|
||||||
|
|
2803
doc/wireshark.adoc
2803
doc/wireshark.adoc
File diff suppressed because it is too large
Load Diff
|
@ -17,13 +17,13 @@ The guides and release notes are written in
|
||||||
https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/[Asciidoctor syntax].
|
https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/[Asciidoctor syntax].
|
||||||
For more information see https://asciidoctor.org.
|
For more information see https://asciidoctor.org.
|
||||||
|
|
||||||
= Requirements
|
== Requirements
|
||||||
|
|
||||||
Ultimately we'd like to reduce the toolchain requirements to AsciidoctorJ alone, but that's not yet possible.
|
Ultimately we'd like to reduce the toolchain requirements to AsciidoctorJ alone, but that's not yet possible.
|
||||||
Additional tooling is required for the HTML and HTMLHelp targets.
|
Additional tooling is required for the HTML and HTMLHelp targets.
|
||||||
See the https://www.wireshark.org/docs/wsdg_html_chunked/ChToolsDocumentationToolchain.html[Developer's Guide] for instructions on installing required packages for your platform.
|
See the https://www.wireshark.org/docs/wsdg_html_chunked/ChToolsDocumentationToolchain.html[Developer's Guide] for instructions on installing required packages for your platform.
|
||||||
|
|
||||||
= Asciidoctor Markup
|
== Asciidoctor Markup
|
||||||
|
|
||||||
The User’s and Developer’s Guides were originally written in DocBook and
|
The User’s and Developer’s Guides were originally written in DocBook and
|
||||||
were later converted to https://asciidoc.org/[AsciiDoc]. We subsequently
|
were later converted to https://asciidoc.org/[AsciiDoc]. We subsequently
|
||||||
|
@ -59,6 +59,25 @@ Admonitions ([NOTE], [TIP], and [WARNING]) can be used to highlight important
|
||||||
information. Keep in mind that they interrupt the flow of text by design. Too
|
information. Keep in mind that they interrupt the flow of text by design. Too
|
||||||
many (especially in a row) are distracting and annoying.
|
many (especially in a row) are distracting and annoying.
|
||||||
|
|
||||||
|
== Custom Asciidoctor Macros
|
||||||
|
|
||||||
|
The following custom macros are available in `docbook/asciidoctor-macros`:
|
||||||
|
|
||||||
|
commaize-block::
|
||||||
|
Sorts a list of items and separates them with commas with an "and" preceding the last item.
|
||||||
|
|
||||||
|
cveidlink-inline-macro::
|
||||||
|
Links a CVE ID to cve.mitre.org.
|
||||||
|
|
||||||
|
manarg-block::
|
||||||
|
Ensures that individual arguments don't wrap in order to improve readability.
|
||||||
|
|
||||||
|
wsbuglink-inline-macro::
|
||||||
|
Links an issue number to gitlab.org/wireshark/wireshark/-/issues.
|
||||||
|
|
||||||
|
wssalink-inline-macro::
|
||||||
|
Links a security advisory to www.wireshark.org.
|
||||||
|
|
||||||
== Asciidoctor Live Preview
|
== Asciidoctor Live Preview
|
||||||
|
|
||||||
The Asciidoctor project provides a JavaScript version of Asciidoctor
|
The Asciidoctor project provides a JavaScript version of Asciidoctor
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
# Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb
|
||||||
|
|
||||||
|
RUBY_ENGINE == 'opal' ? (require 'manarg-block/extension') : (require_relative 'manarg-block/extension')
|
||||||
|
|
||||||
|
Extensions.register do
|
||||||
|
block ManArgBlock
|
||||||
|
end
|
|
@ -0,0 +1,45 @@
|
||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal'
|
||||||
|
|
||||||
|
include Asciidoctor
|
||||||
|
|
||||||
|
# An inline macro that generates markup for man page arguments.
|
||||||
|
# Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
#
|
||||||
|
# [manarg]
|
||||||
|
# *command*
|
||||||
|
# [ *--help* ]
|
||||||
|
# [ *--flash-lights* ]
|
||||||
|
#
|
||||||
|
class ManArgBlock < Extensions::BlockProcessor
|
||||||
|
use_dsl
|
||||||
|
|
||||||
|
named :manarg
|
||||||
|
parse_content_as :simple
|
||||||
|
|
||||||
|
def process parent, reader, attrs
|
||||||
|
nowrap_lines = reader.readlines.map {|line|
|
||||||
|
if parent.document.basebackend? 'html'
|
||||||
|
# Apply the custom style "[.nowrap]## ... ##" to each line.
|
||||||
|
# This generates "<span content="nowrap"> ... </span>". Pass
|
||||||
|
# each '#' through for extra paranoia.
|
||||||
|
%([.nowrap]###{line.gsub('#', '+++#+++')}##)
|
||||||
|
elsif parent.document.backend == 'manpage'
|
||||||
|
# Replace spaces with non-breaking spaces (' '), then make
|
||||||
|
# bold markup unconstrained ('*' -> '**'). For now we naively
|
||||||
|
# assume that bolds are always constrained (that is, we only
|
||||||
|
# have single '*'s). We *should* be able to do this properly
|
||||||
|
# with a regex, but for some reason
|
||||||
|
# gsub(/([^*])\*([^*])/, '\1**\2')
|
||||||
|
# doesn't match the first asterisk in "*--extcap-interface*=<interface>"
|
||||||
|
%(#{line.gsub(' ', ' ').gsub('*', '**')})
|
||||||
|
else
|
||||||
|
line
|
||||||
|
end
|
||||||
|
}
|
||||||
|
# STDERR.puts(nowrap_lines)
|
||||||
|
create_paragraph parent, nowrap_lines, attrs
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,19 @@
|
||||||
|
= androiddump(1)
|
||||||
|
:doctype: manpage
|
||||||
|
|
||||||
|
== NAME
|
||||||
|
|
||||||
|
sample - Sample man page
|
||||||
|
|
||||||
|
== SYNOPSIS
|
||||||
|
|
||||||
|
[manarg]
|
||||||
|
*androiddump*
|
||||||
|
*--mandatory-argument
|
||||||
|
[ *--optional-argument* ]
|
||||||
|
*--complex-mandatory*=<argument>
|
||||||
|
[ *--complex-optional*=<argument> ]
|
||||||
|
|
||||||
|
== DESCRIPTION
|
||||||
|
|
||||||
|
Sample man page.
|
|
@ -25,8 +25,7 @@ The following must be installed in order to build Wireshark:
|
||||||
Either make or Ninja can be used to build Wireshark; at least one of
|
Either make or Ninja can be used to build Wireshark; at least one of
|
||||||
those must be installed.
|
those must be installed.
|
||||||
|
|
||||||
To build the Developer's Guide and the User's Guide, Asciidoctor,
|
To build the manual pages, Developer's Guide and User's Guide, Asciidoctor, Xsltproc, and DocBook must be installed.
|
||||||
Xsltproc, and DocBook must be installed.
|
|
||||||
|
|
||||||
Some features of Wireshark require additional libraries to be installed.
|
Some features of Wireshark require additional libraries to be installed.
|
||||||
|
|
||||||
|
|
|
@ -452,17 +452,16 @@ Edition, it will include an SDK.
|
||||||
[[ChToolsDocumentationToolchain]]
|
[[ChToolsDocumentationToolchain]]
|
||||||
=== Documentation Toolchain
|
=== Documentation Toolchain
|
||||||
|
|
||||||
Wireshark’s documentation is split across two directories. The `doc`
|
Wireshark’s documentation is split across two directories.
|
||||||
directory contains man pages written in Perl’s POD (Plain Old
|
The `doc` directory contains man pages written in Asciidoctor markup.
|
||||||
Documentation) format. The `docbook` directory contains the User’s
|
The `docbook` directory contains the User’s Guide, Developer’s Guide, and the release notes, which are also written in Asciidoctor markup.
|
||||||
Guide, Developer’s Guide, and the release notes, which are written in
|
The split is for historical reasons (described below), and the documentation will likely be consolidated into one directory in the future.
|
||||||
Asciidoctor markup.
|
|
||||||
|
|
||||||
Our various output formats are generated using the following tools.
|
Our various output formats are generated using the following tools.
|
||||||
Intermediate formats are in _italics_.
|
Intermediate formats are in _italics_.
|
||||||
|
|
||||||
Man page roff:: pod2man
|
Man page roff:: Asciidoctor
|
||||||
Man page HTML:: pod2html
|
Man page HTML:: Asciidoctor
|
||||||
|
|
||||||
Guide HTML:: Asciidoctor → _DocBook XML_ → xsltproc + DocBook XSL
|
Guide HTML:: Asciidoctor → _DocBook XML_ → xsltproc + DocBook XSL
|
||||||
Guide PDF:: Asciidoctor
|
Guide PDF:: Asciidoctor
|
||||||
|
@ -478,6 +477,7 @@ The Ruby and Java flavors can be used to build Wireshark’s documentation, but
|
||||||
|
|
||||||
The guides and release notes were originally written in DocBook (hence the directory name).
|
The guides and release notes were originally written in DocBook (hence the directory name).
|
||||||
They were later converted to AsciiDoc and then migrated to Asciidoctor.
|
They were later converted to AsciiDoc and then migrated to Asciidoctor.
|
||||||
|
The man pages were originally in Perl’s POD (Plain Old Documentation) format and were later converted to Asciidoctor.
|
||||||
We currently use Asciidoctor’s modern (>= 1.5.0) syntax.
|
We currently use Asciidoctor’s modern (>= 1.5.0) syntax.
|
||||||
|
|
||||||
PDF output requires Asciidoctor’s PDF backend.
|
PDF output requires Asciidoctor’s PDF backend.
|
||||||
|
|
|
@ -58,10 +58,7 @@ BuildRequires: python3
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
BuildRequires: flex
|
BuildRequires: flex
|
||||||
%if %{with guides}
|
|
||||||
# HTML guides
|
|
||||||
BuildRequires: asciidoctor
|
BuildRequires: asciidoctor
|
||||||
%endif
|
|
||||||
|
|
||||||
BuildRequires: glib2-devel >= 2.32.0
|
BuildRequires: glib2-devel >= 2.32.0
|
||||||
Requires: glib2
|
Requires: glib2
|
||||||
|
|
|
@ -72,7 +72,6 @@ BASIC_LIST="gcc \
|
||||||
ADDITIONAL_LIST="libnl-3-dev \
|
ADDITIONAL_LIST="libnl-3-dev \
|
||||||
libkrb5-dev \
|
libkrb5-dev \
|
||||||
libsmi2-dev \
|
libsmi2-dev \
|
||||||
asciidoctor \
|
|
||||||
libsbc-dev \
|
libsbc-dev \
|
||||||
liblua5.2-dev \
|
liblua5.2-dev \
|
||||||
libnl-cli-3-dev \
|
libnl-cli-3-dev \
|
||||||
|
@ -97,6 +96,7 @@ ADDITIONAL_LIST="libnl-3-dev \
|
||||||
|
|
||||||
DEBDEPS_LIST="debhelper \
|
DEBDEPS_LIST="debhelper \
|
||||||
dh-python \
|
dh-python \
|
||||||
|
asciidoctor \
|
||||||
docbook-xml \
|
docbook-xml \
|
||||||
docbook-xsl \
|
docbook-xsl \
|
||||||
libxml2-utils \
|
libxml2-utils \
|
||||||
|
|
|
@ -76,7 +76,8 @@ ADDITIONAL_LIST="libcap-devel \
|
||||||
# oxipng \
|
# oxipng \
|
||||||
# pngcrush"
|
# pngcrush"
|
||||||
|
|
||||||
RPMDEPS_LIST="rpm-build"
|
RPMDEPS_LIST="rpm-build \
|
||||||
|
rubygem-asciidoctor.noarch"
|
||||||
|
|
||||||
# Guess which package manager we will use
|
# Guess which package manager we will use
|
||||||
for PM in zypper dnf yum ''; do
|
for PM in zypper dnf yum ''; do
|
||||||
|
@ -204,9 +205,6 @@ echo "Gettext devel is unavailable" >&2
|
||||||
add_package ADDITIONAL_LIST perl-Pod-Html ||
|
add_package ADDITIONAL_LIST perl-Pod-Html ||
|
||||||
echo "perl-Pod-Html is unavailable" >&2
|
echo "perl-Pod-Html is unavailable" >&2
|
||||||
|
|
||||||
add_package ADDITIONAL_LIST asciidoctor || add_package ADDITIONAL_LIST rubygem-asciidoctor.noarch ||
|
|
||||||
echo "asciidoctor is unavailable" >&2
|
|
||||||
|
|
||||||
add_package ADDITIONAL_LIST ninja || add_package ADDITIONAL_LIST ninja-build ||
|
add_package ADDITIONAL_LIST ninja || add_package ADDITIONAL_LIST ninja-build ||
|
||||||
echo "ninja is unavailable" >&2
|
echo "ninja is unavailable" >&2
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue