forked from osmocom/wireshark
Tethereal/tethereal -> TShark/tshark.
svn path=/trunk/; revision=18268
This commit is contained in:
parent
7bc853b62b
commit
8958bab6de
18
FAQ
18
FAQ
|
@ -41,7 +41,7 @@
|
|||
|
||||
3. Installing Ethereal:
|
||||
|
||||
3.1 I installed an Ethereal RPM; why did it install Tethereal but not
|
||||
3.1 I installed an Ethereal RPM; why did it install TShark but not
|
||||
Ethereal?
|
||||
|
||||
4. Building Ethereal:
|
||||
|
@ -70,7 +70,7 @@
|
|||
5.1 Why does Ethereal crash with a Bus Error when I try to run it on Solaris
|
||||
8?
|
||||
|
||||
5.2 When I run Tethereal with the "-x" option, why does it crash with an
|
||||
5.2 When I run TShark with the "-x" option, why does it crash with an
|
||||
error
|
||||
|
||||
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
|
||||
|
@ -1169,7 +1169,7 @@ cies
|
|||
|
||||
3. Installing Ethereal
|
||||
|
||||
Q 3.1: I installed an Ethereal RPM; why did it install Tethereal but not
|
||||
Q 3.1: I installed an Ethereal RPM; why did it install TShark but not
|
||||
Ethereal?
|
||||
|
||||
A: Older versions of the Red Hat RPMs for Wireshark put only the non-GUI
|
||||
|
@ -1270,7 +1270,7 @@ cies
|
|||
Similar problems may exist with older versions of GTK+ for earlier versions
|
||||
of Solaris.
|
||||
|
||||
Q 5.2: When I run Tethereal with the "-x" option, why does it crash with an
|
||||
Q 5.2: When I run TShark with the "-x" option, why does it crash with an
|
||||
error
|
||||
|
||||
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
|
||||
|
@ -1440,7 +1440,7 @@ cies
|
|||
supply to the host all network packets they see. Ethereal will try to put
|
||||
the interface on which it's capturing into promiscuous mode unless the
|
||||
"Capture packets in promiscuous mode" option is turned off in the "Capture
|
||||
Options" dialog box, and Tethereal will try to put the interface on which
|
||||
Options" dialog box, and TShark will try to put the interface on which
|
||||
it's capturing into promiscuous mode unless the -p option was specified.
|
||||
However, some network interfaces don't support promiscuous mode, and some
|
||||
OSes might not allow interfaces to be put into promiscuous mode.
|
||||
|
@ -1537,7 +1537,7 @@ cies
|
|||
|
||||
Q 7.6: How do I put an interface into promiscuous mode?
|
||||
|
||||
A: By not disabling promiscuous mode when running Ethereal or Tethereal.
|
||||
A: By not disabling promiscuous mode when running Ethereal or TShark.
|
||||
|
||||
Note, however, that:
|
||||
* the form of promiscuous mode that libpcap (the library that programs
|
||||
|
@ -1768,7 +1768,7 @@ cies
|
|||
|
||||
A: If you are running Ethereal on Windows NT 4.0, Windows 2000, Windows XP,
|
||||
or Windows Server 2003, and this is the first time you have run a
|
||||
WinPcap-based program (such as Ethereal, or Tethereal, or WinDump, or
|
||||
WinPcap-based program (such as Ethereal, or TShark, or WinDump, or
|
||||
Analyzer, or...) since the machine was rebooted, you need to run that
|
||||
program from an account with administrator privileges; once you have run
|
||||
such a program, you will not need administrator privileges to run any such
|
||||
|
@ -2137,7 +2137,7 @@ cies
|
|||
passively capture packets.
|
||||
|
||||
This means that you should disable name resolution when capturing in monitor
|
||||
mode; otherwise, when Ethereal (or Tethereal, or tcpdump) tries to display
|
||||
mode; otherwise, when Ethereal (or TShark, or tcpdump) tries to display
|
||||
IP addresses as host names, it will probably block for a long time trying to
|
||||
resolve the name because it will not be able to communicate with any DNS or
|
||||
NIS servers.
|
||||
|
@ -2179,7 +2179,7 @@ cies
|
|||
possible" option, clicking "Save" if you want to save that setting in your
|
||||
preference file, and clicking "OK".
|
||||
|
||||
It can also be set on the Wireshark or Tethereal command line with a -o
|
||||
It can also be set on the Wireshark or TShark command line with a -o
|
||||
tcp.check_checksum:false command-line flag, or manually set in your
|
||||
preferences file by adding a tcp.check_checksum:false line.
|
||||
|
||||
|
|
12
INSTALL
12
INSTALL
|
@ -33,7 +33,7 @@ README.win32 for those instructions.
|
|||
GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
|
||||
1.2[.x].
|
||||
|
||||
2. If you wish to build Tethereal, the line-mode version of Ethereal,
|
||||
2. If you wish to build TShark, the line-mode version of Ethereal,
|
||||
make sure you have GLIB installed. See note #1 above for instructions
|
||||
on checking if you have GLIB installed. You can download GLIB from
|
||||
the same site as GTK.
|
||||
|
@ -83,8 +83,8 @@ README.win32 for those instructions.
|
|||
--disable-gtk2
|
||||
Build Glib/Gtk+ 1.2[.x]-based ethereal.
|
||||
|
||||
--disable-tethereal
|
||||
By default the line-mode packet analyzer, Tethereal, is built.
|
||||
--disable-tshark
|
||||
By default the line-mode packet analyzer, TShark, is built.
|
||||
Use this switch to avoid building it.
|
||||
|
||||
--disable-editcap
|
||||
|
@ -128,7 +128,7 @@ README.win32 for those instructions.
|
|||
By default, if 'configure' finds zlib (a.k.a, libz), the
|
||||
wiretap library will be built so that it can read compressed
|
||||
capture files. If you have zlib but do not wish to build
|
||||
it into the wiretap library, used by Wireshark, Tethereal, and
|
||||
it into the wiretap library, used by Wireshark, TShark, and
|
||||
the capture-file utilities that come in this package, use
|
||||
this switch.
|
||||
|
||||
|
@ -144,7 +144,7 @@ README.win32 for those instructions.
|
|||
|
||||
--enable-setuid-install
|
||||
Use this switch to install the packet analyzers as setuid.
|
||||
Installating Ethereal and Tethereal as setuid 'root' is
|
||||
Installating Ethereal and TShark as setuid 'root' is
|
||||
dangerous. Repeat: IT'S DANGEROUS. Don't do it.
|
||||
|
||||
--with-ssl=DIR
|
||||
|
@ -195,7 +195,7 @@ README.win32 for those instructions.
|
|||
|
||||
6. Run 'make'. Hopefully, you won't run into any problems.
|
||||
|
||||
7. Run './ethereal' or './tethereal', and make sure things are working.
|
||||
7. Run './ethereal' or './tshark', and make sure things are working.
|
||||
You must have root privileges in order to capture live data.
|
||||
|
||||
8. Run 'make install'. If you wish to install the man page, run
|
||||
|
|
58
Makefile.am
58
Makefile.am
|
@ -60,13 +60,13 @@ ACLOCAL_AMFLAGS = `./aclocal-flags`
|
|||
# automake will arrange that the Makefile define it as the union of all
|
||||
# the "man{section}_MANS" variables.
|
||||
#
|
||||
bin_PROGRAMS = @ethereal_bin@ @capinfos_bin@ @editcap_bin@ @mergecap_bin@ @tethereal_bin@ @dftest_bin@ @randpkt_bin@ @text2pcap_bin@ @dumpcap_bin@
|
||||
bin_PROGRAMS = @ethereal_bin@ @capinfos_bin@ @editcap_bin@ @mergecap_bin@ @tshark_bin@ @dftest_bin@ @randpkt_bin@ @text2pcap_bin@ @dumpcap_bin@
|
||||
bin_SCRIPTS = @idl2wrs_bin@
|
||||
man1_MANS = @ethereal_man@ @capinfos_man@ @editcap_man@ @mergecap_man@ @tethereal_man@ @text2pcap_man@ @dumpcap_man@ @idl2wrs_man@
|
||||
man1_MANS = @ethereal_man@ @capinfos_man@ @editcap_man@ @mergecap_man@ @tshark_man@ @text2pcap_man@ @dumpcap_man@ @idl2wrs_man@
|
||||
man4_MANS = @etherealfilter_man@
|
||||
man_MANS =
|
||||
|
||||
EXTRA_PROGRAMS = ethereal tethereal capinfos editcap mergecap dftest \
|
||||
EXTRA_PROGRAMS = ethereal tshark capinfos editcap mergecap dftest \
|
||||
randpkt text2pcap dumpcap
|
||||
EXTRA_SCRIPTS = idl2wrs
|
||||
|
||||
|
@ -77,7 +77,7 @@ idl2wrs: tools/idl2wrs.sh Makefile
|
|||
#
|
||||
# Ethereal configuration files are put in $(pkgdatadir).
|
||||
#
|
||||
pkgdata_DATA = AUTHORS-SHORT manuf ethereal.html tethereal.html \
|
||||
pkgdata_DATA = AUTHORS-SHORT manuf ethereal.html tshark.html \
|
||||
ethereal-filter.html capinfos.html editcap.html \
|
||||
idl2wrs.html mergecap.html text2pcap.html dumpcap.html \
|
||||
cfilters colorfilters dfilters
|
||||
|
@ -266,11 +266,11 @@ endif # HAVE_PLUGINS
|
|||
|
||||
# Optional objects that I know how to build. These will be
|
||||
# linked into the ethereal executable.
|
||||
# They will also be linked into the tethereal executable; if this
|
||||
# They will also be linked into the tshark executable; if this
|
||||
# list ever grows to include something that can't be linked with
|
||||
# tethereal, or if tethereal needs something that wireshark doesn't,
|
||||
# tshark, or if tshark needs something that wireshark doesn't,
|
||||
# we should probably split this into stuff needed both
|
||||
# by wireshark and tethereal and stuff needed only by one or the
|
||||
# by wireshark and tshark and stuff needed only by one or the
|
||||
# other.
|
||||
ethereal_optional_objects = @GETOPT_O@ @SNPRINTF_O@ @STRERROR_O@ \
|
||||
@STRCASECMP_O@ @STRNCASECMP_O@ @MKSTEMP_O@ @STRPTIME_O@
|
||||
|
@ -312,21 +312,21 @@ ethereal_LDADD = \
|
|||
@LIBGNUTLS_LIBS@
|
||||
|
||||
# Additional libs that I know how to build. These will be
|
||||
# linked into the tethereal executable.
|
||||
tethereal_additional_libs = \
|
||||
# linked into the tshark executable.
|
||||
tshark_additional_libs = \
|
||||
wiretap/libwiretap.la \
|
||||
epan/libwireshark.la
|
||||
|
||||
# This is the automake dependency variable for the executable
|
||||
tethereal_DEPENDENCIES = \
|
||||
tshark_DEPENDENCIES = \
|
||||
$(ethereal_optional_objects) \
|
||||
$(tethereal_additional_libs) \
|
||||
$(tshark_additional_libs) \
|
||||
$(plugin_libs)
|
||||
|
||||
# This automake variable adds to the link-line for the executable
|
||||
tethereal_LDADD = \
|
||||
tshark_LDADD = \
|
||||
$(ethereal_optional_objects) \
|
||||
$(tethereal_additional_libs) \
|
||||
$(tshark_additional_libs) \
|
||||
@SNMP_LIBS@ @SSL_LIBS@ \
|
||||
$(plugin_ldadd) \
|
||||
@PCRE_LIBS@ \
|
||||
|
@ -335,9 +335,9 @@ tethereal_LDADD = \
|
|||
@LIBGNUTLS_LIBS@
|
||||
|
||||
if ENABLE_STATIC
|
||||
tethereal_LDFLAGS = -Wl,-static -all-static
|
||||
tshark_LDFLAGS = -Wl,-static -all-static
|
||||
else
|
||||
tethereal_LDFLAGS = -export-dynamic
|
||||
tshark_LDFLAGS = -export-dynamic
|
||||
endif
|
||||
|
||||
# Optional objects that I know how to build, and that are needed by
|
||||
|
@ -398,9 +398,9 @@ SUFFIXES = .sh
|
|||
$(editsh) $< > $@.tmp && chmod +x $@.tmp && mv $@.tmp $@
|
||||
|
||||
#
|
||||
# Build "tethereal-tap-register.c", which contains a function
|
||||
# Build "tshark-tap-register.c", which contains a function
|
||||
# "register_all_tap_listeners()"
|
||||
# that calls the register routines for all tethereal tap listeners.
|
||||
# that calls the register routines for all tshark tap listeners.
|
||||
#
|
||||
# We do this by grepping through sources.
|
||||
#
|
||||
|
@ -411,9 +411,9 @@ SUFFIXES = .sh
|
|||
# The first argument is the directory in which the source files live.
|
||||
# All subsequent arguments are the files to scan.
|
||||
#
|
||||
tethereal-tap-register.c: $(TETHEREAL_TAP_SRC) $(srcdir)/make-tapreg-dotc
|
||||
@echo Making tethereal-tap-register.c
|
||||
@$(srcdir)/make-tapreg-dotc tethereal-tap-register.c $(srcdir) $(TETHEREAL_TAP_SRC)
|
||||
tshark-tap-register.c: $(TSHARK_TAP_SRC) $(srcdir)/make-tapreg-dotc
|
||||
@echo Making tshark-tap-register.c
|
||||
@$(srcdir)/make-tapreg-dotc tshark-tap-register.c $(srcdir) $(TSHARK_TAP_SRC)
|
||||
|
||||
ps.c: print.ps rdps
|
||||
./rdps $(srcdir)/print.ps ps.c
|
||||
|
@ -557,7 +557,7 @@ EXTRA_DIST = \
|
|||
doc/idl2wrs.pod \
|
||||
doc/mergecap.pod \
|
||||
doc/randpkt.txt \
|
||||
doc/tethereal.pod \
|
||||
doc/tshark.pod \
|
||||
doc/text2pcap.pod \
|
||||
doc/dumpcap.pod \
|
||||
docbook/Makefile.auto.am \
|
||||
|
@ -608,7 +608,7 @@ EXTRA_DIST = \
|
|||
image/stock_dialog_question_48.xpm \
|
||||
image/stock_dialog_info_48.xpm \
|
||||
image/stock_dialog_stop_48.xpm \
|
||||
image/tethereal.rc.in \
|
||||
image/tshark.rc.in \
|
||||
image/text2pcap.rc.in \
|
||||
image/toolbar/autoscroll_24.xpm \
|
||||
image/toolbar/capture_filter_24.xpm \
|
||||
|
@ -688,7 +688,7 @@ EXTRA_DIST = \
|
|||
if SETUID_INSTALL
|
||||
install-exec-hook:
|
||||
-chmod +s $(DESTDIR)$(bindir)/dumpcap
|
||||
-chmod +s $(DESTDIR)$(bindir)/tethereal
|
||||
-chmod +s $(DESTDIR)$(bindir)/tshark
|
||||
else
|
||||
install-exec-hook:
|
||||
endif
|
||||
|
@ -705,11 +705,11 @@ ethereal.1: doc/ethereal.pod AUTHORS-SHORT-FORMAT
|
|||
(cd doc ; \
|
||||
$(MAKE) ../ethereal.1 )
|
||||
|
||||
tethereal.1: doc/tethereal.pod
|
||||
tshark.1: doc/tshark.pod
|
||||
(cd doc ; \
|
||||
$(MAKE) ../tethereal.1 )
|
||||
$(MAKE) ../tshark.1 )
|
||||
|
||||
ethereal-filter.4: tethereal doc/ethereal-filter.pod.template
|
||||
ethereal-filter.4: tshark doc/ethereal-filter.pod.template
|
||||
(cd doc ; \
|
||||
$(MAKE) ../ethereal-filter.4 )
|
||||
|
||||
|
@ -741,11 +741,11 @@ ethereal.html: doc/ethereal.pod AUTHORS-SHORT-FORMAT
|
|||
(cd doc ; \
|
||||
$(MAKE) ../ethereal.html )
|
||||
|
||||
tethereal.html: doc/tethereal.pod
|
||||
tshark.html: doc/tshark.pod
|
||||
(cd doc ; \
|
||||
$(MAKE) ../tethereal.html )
|
||||
$(MAKE) ../tshark.html )
|
||||
|
||||
ethereal-filter.html: tethereal doc/ethereal-filter.pod.template
|
||||
ethereal-filter.html: tshark doc/ethereal-filter.pod.template
|
||||
(cd doc ; \
|
||||
$(MAKE) ../ethereal-filter.html )
|
||||
|
||||
|
|
|
@ -39,12 +39,12 @@ GENERATED_HEADER_FILES = \
|
|||
# C source files generated from source files.
|
||||
GENERATED_C_FILES = \
|
||||
$(BUILT_C_FILES) \
|
||||
tethereal-tap-register.c
|
||||
tshark-tap-register.c
|
||||
|
||||
# All the generated files.
|
||||
GENERATED_FILES = $(GENERATED_C_FILES) $(GENERATED_HEADER_FILES)
|
||||
|
||||
# sources common for ethereal and tethereal
|
||||
# sources common for ethereal and tshark
|
||||
ETHEREAL_COMMON_SRC = \
|
||||
$(PLATFORM_SRC) \
|
||||
capture_errs.c \
|
||||
|
@ -92,8 +92,8 @@ ETHEREAL_COMMON_INCLUDES = \
|
|||
util.h \
|
||||
version_info.h
|
||||
|
||||
# sources for Tethereal taps
|
||||
TETHEREAL_TAP_SRC = \
|
||||
# sources for TShark taps
|
||||
TSHARK_TAP_SRC = \
|
||||
tap-afpstat.c \
|
||||
tap-ansi_astat.c \
|
||||
tap-bootpstat.c \
|
||||
|
@ -181,15 +181,15 @@ ethereal_INCLUDES = \
|
|||
tap_dfilter_dlg.h \
|
||||
ui_util.h
|
||||
|
||||
# tethereal specifics
|
||||
tethereal_SOURCES = \
|
||||
# tshark specifics
|
||||
tshark_SOURCES = \
|
||||
$(ETHEREAL_COMMON_SRC) \
|
||||
$(TETHEREAL_TAP_SRC) \
|
||||
$(TSHARK_TAP_SRC) \
|
||||
capture_opts.c \
|
||||
capture_loop.c \
|
||||
tempfile.c \
|
||||
tethereal-tap-register.c \
|
||||
tethereal.c
|
||||
tshark-tap-register.c \
|
||||
tshark.c
|
||||
|
||||
# text2pcap specifics
|
||||
text2pcap_SOURCES = \
|
||||
|
|
|
@ -29,7 +29,7 @@ PLATFORM_SRC = capture-wpcap.c capture_wpcap_packet.c
|
|||
include Makefile.common
|
||||
|
||||
ethereal_OBJECTS = $(ethereal_SOURCES:.c=.obj)
|
||||
tethereal_OBJECTS = $(tethereal_SOURCES:.c=.obj)
|
||||
tshark_OBJECTS = $(tshark_SOURCES:.c=.obj)
|
||||
dftest_OBJECTS = $(dftest_SOURCES:.c=.obj)
|
||||
|
||||
dumpcap_OBJECTS = $(dumpcap_SOURCES:.c=.obj)
|
||||
|
@ -65,7 +65,7 @@ ethereal_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
|||
!ENDIF
|
||||
# $(PCAP_DIR)\lib\wpcap.lib
|
||||
|
||||
tethereal_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
||||
tshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
||||
wsock32.lib user32.lib \
|
||||
$(GLIB_LIBS) \
|
||||
$(NET_SNMP_DIR)\win32\lib\release\netsnmp.lib \
|
||||
|
@ -118,10 +118,10 @@ randpkt_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
|||
$(GLIB_LIBS) \
|
||||
$(NET_SNMP_DIR)\win32\lib\release\netsnmp.lib
|
||||
|
||||
EXECUTABLES=ethereal.exe ethereal-gtk2.exe tethereal.exe \
|
||||
EXECUTABLES=ethereal.exe ethereal-gtk2.exe tshark.exe \
|
||||
capinfos.exe editcap.exe mergecap.exe text2pcap.exe randpkt.exe dumpcap.exe
|
||||
|
||||
RESOURCES=image\ethereal.res image\libwireshark.res image\tethereal.res \
|
||||
RESOURCES=image\ethereal.res image\libwireshark.res image\tshark.res \
|
||||
image\capinfos.res image\editcap.res image\mergecap.res \
|
||||
image\text2pcap.res image\wiretap.res image\dumpcap.res
|
||||
|
||||
|
@ -170,10 +170,10 @@ ethereal-gtk2.exe : config.h svnversion.h $(ethereal_OBJECTS) $(command_line_OBJ
|
|||
<<
|
||||
!ENDIF
|
||||
|
||||
tethereal.exe : config.h svnversion.h $(tethereal_OBJECTS) $(command_line_OBJECTS) epan image\tethereal.res wiretap\wiretap-$(WTAP_VERSION).lib plugins
|
||||
tshark.exe : config.h svnversion.h $(tshark_OBJECTS) $(command_line_OBJECTS) epan image\tshark.res wiretap\wiretap-$(WTAP_VERSION).lib plugins
|
||||
@echo Linking $@
|
||||
$(LINK) @<<
|
||||
/OUT:tethereal.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console $(tethereal_LIBS) $(tethereal_OBJECTS) $(command_line_OBJECTS) image\tethereal.res
|
||||
/OUT:tshark.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console $(tshark_LIBS) $(tshark_OBJECTS) $(command_line_OBJECTS) image\tshark.res
|
||||
<<
|
||||
|
||||
capinfos.exe : config.h capinfos.obj getopt.obj $(command_line_OBJECTS) wiretap\wiretap-$(WTAP_VERSION).lib image\capinfos.res
|
||||
|
@ -261,7 +261,7 @@ AUTHORS-SHORT-FORMAT: AUTHORS-SHORT make-authors-format.pl
|
|||
$(PERL) perlnoutf.pl make-authors-format.pl < AUTHORS-SHORT > AUTHORS-SHORT-FORMAT
|
||||
|
||||
#
|
||||
# Build "tethereal-tap-register.c", which contains a function
|
||||
# Build "tshark-tap-register.c", which contains a function
|
||||
# "register_all_tap_listeners()"
|
||||
# that calls the register routines for all tehtereal tap listeners.
|
||||
#
|
||||
|
@ -275,9 +275,9 @@ AUTHORS-SHORT-FORMAT: AUTHORS-SHORT make-authors-format.pl
|
|||
# The second argument is the directory in which the source files live.
|
||||
# All subsequent arguments are the files to scan.
|
||||
#
|
||||
tethereal-tap-register.c: $(TETHEREAL_TAP_SRC) make-tapreg-dotc
|
||||
@echo Making tethereal-tap-register.c
|
||||
@$(SH) make-tapreg-dotc tethereal-tap-register.c . $(TETHEREAL_TAP_SRC)
|
||||
tshark-tap-register.c: $(TSHARK_TAP_SRC) make-tapreg-dotc
|
||||
@echo Making tshark-tap-register.c
|
||||
@$(SH) make-tapreg-dotc tshark-tap-register.c . $(TSHARK_TAP_SRC)
|
||||
|
||||
text2pcap-scanner.c : text2pcap-scanner.l
|
||||
$(LEX) -otext2pcap-scanner.c text2pcap-scanner.l
|
||||
|
@ -287,7 +287,7 @@ gtk2_distclean:
|
|||
if exist gtk2.tmp rmdir gtk2.tmp
|
||||
|
||||
clean: gtk2_distclean
|
||||
rm -f $(ethereal_OBJECTS) $(tethereal_OBJECTS) $(EXTRA_OBJECTS) \
|
||||
rm -f $(ethereal_OBJECTS) $(tshark_OBJECTS) $(EXTRA_OBJECTS) \
|
||||
$(EXECUTABLES) $(PDB_FILE) \
|
||||
capinfos.obj editcap.obj mergecap.obj text2pcap.obj getopt.obj\
|
||||
text2pcap-scanner.obj text2pcap-scanner.c rdps.obj \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
$Id$
|
||||
|
||||
In order to capture packets (with Ethereal/Tethereal, tcpdump, or any
|
||||
In order to capture packets (with Ethereal/TShark, tcpdump, or any
|
||||
other packet capture program) on a BSD system, your kernel must have
|
||||
the Berkeley packet Filter mechanism enabled. On some BSDs (recent
|
||||
versions of FreeBSD, for example), it's enabled by default in the
|
||||
|
|
|
@ -99,7 +99,7 @@ as a shared library.
|
|||
|
||||
5 - HP-UX patches to fix packet capture problems
|
||||
|
||||
Note that packet-capture programs such as Ethereal/Tethereal or tcpdump
|
||||
Note that packet-capture programs such as Ethereal/TShark or tcpdump
|
||||
may, on HP-UX, not be able to see packets sent from the machine on which
|
||||
they're running. Make sure you have a recent "LAN Cummulative/DLPI" patch
|
||||
installed.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
$Id$
|
||||
|
||||
In order to capture packets (with Ethereal/Tethereal, tcpdump, or any
|
||||
In order to capture packets (with Ethereal/TShark, tcpdump, or any
|
||||
other libpcap-based packet capture program) on a Linux system, the
|
||||
"packet" protocol must be supported by your kernel. If it is not, you
|
||||
may get error messages such as
|
||||
|
|
|
@ -5,7 +5,7 @@ not work on earlier versions of Mac OS).
|
|||
|
||||
In order to build Ethereal, you must have X11 and the X11 developer
|
||||
headers and libraries installed; otherwise, you will not be able to
|
||||
build or install GTK+, and will only be able to build Tethereal. The
|
||||
build or install GTK+, and will only be able to build TShark. The
|
||||
X11 and X11 SDK that come with Mac OS X 10.3[.x] are sufficient to build
|
||||
and run Ethereal.
|
||||
|
||||
|
|
10
README.win32
10
README.win32
|
@ -1,6 +1,6 @@
|
|||
$Id$
|
||||
|
||||
Installing Ethereal, Tethereal, and Editcap on Win32
|
||||
Installing Ethereal, TShark, and Editcap on Win32
|
||||
====================================================
|
||||
These are the instructions for installing Ethereal
|
||||
from the installation executable that is provided on
|
||||
|
@ -13,7 +13,7 @@ and any of its mirrors.
|
|||
The installation package allows you to install:
|
||||
|
||||
o Ethereal - the GUI version
|
||||
o Tethereal - the console, line-mode version
|
||||
o TShark - the console, line-mode version
|
||||
o Editcap - a console, line-mode utility to convert
|
||||
capture files from one format to another.
|
||||
(The same functions are available in Wireshark)
|
||||
|
@ -24,7 +24,7 @@ The installation package allows you to install:
|
|||
|
||||
Additionally, the installation package contains a "plugins"
|
||||
option, which installs some additional dissector plugins
|
||||
for use with Ethereal and Tethereal.
|
||||
for use with Ethereal and TShark.
|
||||
|
||||
All binaries in Wireshark package are now built with debugging
|
||||
information embedded. If you are experiencing a crash when running
|
||||
|
@ -364,7 +364,7 @@ Source Output Tool
|
|||
config.h.win32 config.h sed
|
||||
epan/config.h.win32 epan/config.h sed
|
||||
image/ethereal.rc.in image/ethereal.rc sed
|
||||
image/tethereal.rc.in image/tethereal.rc sed
|
||||
image/tshark.rc.in image/tshark.rc sed
|
||||
image/editcap.rc.in image/editcap.rc sed
|
||||
image/mergecap.rc.in image/mergecap.rc sed
|
||||
image/text2pcap.rc.in image/text2pcap.rc sed
|
||||
|
@ -379,7 +379,7 @@ make-reg-dotc, packet*.c register.c Bash + grep + sed
|
|||
or
|
||||
make-reg-dotc.py, packet*.c register.c Python
|
||||
|
||||
make-tapreg-dotc, tap-*.c tethereal-tap-register.c
|
||||
make-tapreg-dotc, tap-*.c tshark-tap-register.c
|
||||
Bash + grep + sed
|
||||
make-tapreg-dotc, tap files gtk/ethereal-tap-register.c
|
||||
in the gtk subdirectory Bash + grep + sed
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* capture-wpcap.c
|
||||
* WinPcap-specific interfaces for capturing. We load WinPcap at run
|
||||
* time, so that we only need one Wireshark binary and one Twireshark binary
|
||||
* time, so that we only need one Wireshark binary and one TShark binary
|
||||
* for Windows, regardless of whether WinPcap is installed or not.
|
||||
*
|
||||
* $Id$
|
||||
|
|
|
@ -113,13 +113,13 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|||
|
||||
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
|
||||
/* Seen only when opening a capture file for reading. */
|
||||
errmsg = "The file \"%s\" isn't a capture file in a format Twireshark understands.";
|
||||
errmsg = "The file \"%s\" isn't a capture file in a format TShark understands.";
|
||||
break;
|
||||
|
||||
case WTAP_ERR_UNSUPPORTED:
|
||||
/* Seen only when opening a capture file for reading. */
|
||||
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
||||
"The file \"%%s\" isn't a capture file in a format Twireshark understands.\n"
|
||||
"The file \"%%s\" isn't a capture file in a format TShark understands.\n"
|
||||
"(%s)", err_info);
|
||||
g_free(err_info);
|
||||
errmsg = errmsg_errno;
|
||||
|
@ -135,15 +135,15 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|||
|
||||
case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
|
||||
/* Seen only when opening a capture file for writing. */
|
||||
errmsg = "Twireshark doesn't support writing capture files in that format.";
|
||||
errmsg = "TShark doesn't support writing capture files in that format.";
|
||||
break;
|
||||
|
||||
case WTAP_ERR_UNSUPPORTED_ENCAP:
|
||||
if (for_writing)
|
||||
errmsg = "Twireshark can't save this capture in that format.";
|
||||
errmsg = "TShark can't save this capture in that format.";
|
||||
else {
|
||||
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
||||
"The file \"%%s\" is a capture for a network type that Twireshark doesn't support.\n"
|
||||
"The file \"%%s\" is a capture for a network type that TShark doesn't support.\n"
|
||||
"(%s)", err_info);
|
||||
g_free(err_info);
|
||||
errmsg = errmsg_errno;
|
||||
|
@ -152,9 +152,9 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|||
|
||||
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
|
||||
if (for_writing)
|
||||
errmsg = "Twireshark can't save this capture in that format.";
|
||||
errmsg = "TShark can't save this capture in that format.";
|
||||
else
|
||||
errmsg = "The file \"%s\" is a capture for a network type that Twireshark doesn't support.";
|
||||
errmsg = "The file \"%s\" is a capture for a network type that TShark doesn't support.";
|
||||
break;
|
||||
|
||||
case WTAP_ERR_BAD_RECORD:
|
||||
|
|
|
@ -458,7 +458,7 @@ capture_loop_open_input(capture_options *capture_opts, loop_data *ld,
|
|||
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", capture_opts->iface);
|
||||
|
||||
|
||||
/* XXX - opening Winsock on twireshark? */
|
||||
/* XXX - opening Winsock on tshark? */
|
||||
|
||||
/* Initialize Windows Socket if we are in a WIN32 OS
|
||||
This needs to be done before querying the interface for network/netmask */
|
||||
|
@ -628,7 +628,7 @@ capture_loop_open_input(capture_options *capture_opts, loop_data *ld,
|
|||
#endif
|
||||
}
|
||||
|
||||
/* XXX - will this work for twireshark? */
|
||||
/* XXX - will this work for tshark? */
|
||||
#ifdef MUST_DO_SELECT
|
||||
if (!ld->from_cap_pipe) {
|
||||
#ifdef HAVE_PCAP_GET_SELECTABLE_FD
|
||||
|
@ -753,7 +753,7 @@ gboolean capture_loop_init_output(capture_options *capture_opts, int save_file_f
|
|||
|
||||
if (ld->pdh == NULL) {
|
||||
/* We couldn't set up to write to the capture file. */
|
||||
/* XXX - use cf_open_error_message from twireshark instead? */
|
||||
/* XXX - use cf_open_error_message from tshark instead? */
|
||||
switch (err) {
|
||||
|
||||
case WTAP_ERR_CANT_OPEN:
|
||||
|
|
|
@ -98,9 +98,9 @@ extern void capture_loop_stop(void);
|
|||
typedef void (*capture_packet_cb_fct)(u_char *, const struct pcap_pkthdr *, const u_char *);
|
||||
|
||||
|
||||
/* moved from capture_loop.c here, so we can combine it (and the related functions) with twireshark */
|
||||
/* moved from capture_loop.c here, so we can combine it (and the related functions) with tshark */
|
||||
/* XXX - should be moved back to capture_loop.c */
|
||||
/* E: capture_loop.c only (Wireshark/dumpcap) T: twireshark only */
|
||||
/* E: capture_loop.c only (Wireshark/dumpcap) T: tshark only */
|
||||
typedef struct _loop_data {
|
||||
/* common */
|
||||
gboolean go; /* TRUE as long as we're supposed to keep capturing */
|
||||
|
|
|
@ -244,7 +244,7 @@ capture_opts_add_iface_opt(capture_options *capture_opts, const char *optarg)
|
|||
|
||||
/*
|
||||
* If the argument is a number, treat it as an index into the list
|
||||
* of adapters, as printed by "twireshark -D".
|
||||
* of adapters, as printed by "tshark -D".
|
||||
*
|
||||
* This should be OK on UNIX systems, as interfaces shouldn't have
|
||||
* names that begin with digits. It can be useful on Windows, where
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* capture_wpcap_packet.c
|
||||
* WinPcap-specific interfaces for low-level information (packet.dll).
|
||||
* We load WinPcap at run
|
||||
* time, so that we only need one Wireshark binary and one Twireshark binary
|
||||
* time, so that we only need one Wireshark binary and one TShark binary
|
||||
* for Windows, regardless of whether WinPcap is installed or not.
|
||||
*
|
||||
* $Id$
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* clopts_common.c
|
||||
* Handle command-line arguments common to Wireshark and Twireshark
|
||||
* Handle command-line arguments common to Wireshark and TShark
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* clopts_common.h
|
||||
* Handle command-line arguments common to Wireshark and Twireshark
|
||||
* Handle command-line arguments common to Wireshark and TShark
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
|
|
24
configure.in
24
configure.in
|
@ -337,7 +337,7 @@ if test "$HAVE_GNU_SED" = no ; then
|
|||
esac
|
||||
fi
|
||||
|
||||
# Enable/disable tethereal
|
||||
# Enable/disable tshark
|
||||
|
||||
AC_ARG_ENABLE(ethereal,
|
||||
[ --enable-ethereal build GTK+-based ethereal. [default=yes]],enable_ethereal=$enableval,enable_ethereal=yes)
|
||||
|
@ -524,21 +524,21 @@ rdps_bin="rdps\$(EXEEXT)"
|
|||
AC_SUBST(rdps_bin)
|
||||
|
||||
|
||||
# Enable/disable tethereal
|
||||
# Enable/disable tshark
|
||||
|
||||
AC_ARG_ENABLE(tethereal,
|
||||
[ --enable-tethereal build tethereal. [default=yes]],tethereal=$enableval,enable_tethereal=yes)
|
||||
AC_ARG_ENABLE(tshark,
|
||||
[ --enable-tshark build tshark. [default=yes]],tshark=$enableval,enable_tshark=yes)
|
||||
|
||||
if test "x$enable_tethereal" = "xyes" ; then
|
||||
tethereal_bin="tethereal\$(EXEEXT)"
|
||||
tethereal_man="tethereal.1"
|
||||
if test "x$enable_tshark" = "xyes" ; then
|
||||
tshark_bin="tshark\$(EXEEXT)"
|
||||
tshark_man="tshark.1"
|
||||
etherealfilter_man="ethereal-filter.4"
|
||||
else
|
||||
tethereal_bin=""
|
||||
tethereal_man=""
|
||||
tshark_bin=""
|
||||
tshark_man=""
|
||||
fi
|
||||
AC_SUBST(tethereal_bin)
|
||||
AC_SUBST(tethereal_man)
|
||||
AC_SUBST(tshark_bin)
|
||||
AC_SUBST(tshark_man)
|
||||
AC_SUBST(etherealfilter_man)
|
||||
|
||||
|
||||
|
@ -1402,7 +1402,7 @@ fi
|
|||
echo ""
|
||||
echo "The Ethereal package has been configured with the following options."
|
||||
echo " Build ethereal : $enable_ethereal"
|
||||
echo " Build tethereal : $enable_tethereal"
|
||||
echo " Build tshark : $enable_tshark"
|
||||
echo " Build capinfos : $enable_capinfos"
|
||||
echo " Build editcap : $enable_editcap"
|
||||
echo " Build dumpcap : $enable_dumpcap"
|
||||
|
|
|
@ -62,7 +62,7 @@ clean: unpatch-stamp
|
|||
|
||||
cp /usr/share/misc/config.guess /usr/share/misc/config.sub .
|
||||
-$(MAKE) distclean
|
||||
rm -f rdps ethereal.1 tethereal.1 idl2deb.1 ethereal-filter.4 asn2deb.1
|
||||
rm -f rdps ethereal.1 tshark.1 idl2deb.1 ethereal-filter.4 asn2deb.1
|
||||
rm -f conftest conftest.c
|
||||
rm -f config.guess config.sub config.log
|
||||
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
/usr/bin/tethereal
|
||||
|
||||
/usr/bin/tethereal
|
||||
|
||||
/usr/bin/tethereal
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
tethereal.1
|
||||
tethereal.1
|
||||
tethereal.1
|
|
@ -0,0 +1,6 @@
|
|||
/usr/bin/tshark
|
||||
|
||||
/usr/bin/tshark
|
||||
|
||||
/usr/bin/tshark
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
tshark.1
|
||||
tshark.1
|
||||
tshark.1
|
|
@ -39,17 +39,17 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT
|
|||
--noindex \
|
||||
ethereal-tmp.pod > ../ethereal.html
|
||||
|
||||
../tethereal.1: tethereal.pod ../config.h
|
||||
../tshark.1: tshark.pod ../config.h
|
||||
$(POD2MAN) \
|
||||
--center="The Wireshark Network Analyzer" \
|
||||
--release=$(VERSION) \
|
||||
$(srcdir)/tethereal.pod > ../tethereal.1
|
||||
$(srcdir)/tshark.pod > ../tshark.1
|
||||
|
||||
../tethereal.html: tethereal.pod ../config.h
|
||||
../tshark.html: tshark.pod ../config.h
|
||||
$(POD2HTML) \
|
||||
--title="tethereal - The Wireshark Network Analyzer $(VERSION)" \
|
||||
--title="tshark - The Wireshark Network Analyzer $(VERSION)" \
|
||||
--noindex \
|
||||
$(srcdir)/tethereal.pod > ../tethereal.html
|
||||
$(srcdir)/tshark.pod > ../tshark.html
|
||||
|
||||
../ethereal-filter.4: ethereal-filter.pod ../config.h
|
||||
$(POD2MAN) \
|
||||
|
@ -64,8 +64,8 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT
|
|||
--noindex \
|
||||
ethereal-filter.pod > ../ethereal-filter.html
|
||||
|
||||
ethereal-filter.pod: ethereal-filter.pod.template ../tethereal
|
||||
../tethereal -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod
|
||||
ethereal-filter.pod: ethereal-filter.pod.template ../tshark
|
||||
../tshark -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod
|
||||
|
||||
../capinfos.1: capinfos.pod ../config.h
|
||||
$(POD2MAN) \
|
||||
|
@ -152,8 +152,8 @@ CLEANFILES = \
|
|||
../editcap.html \
|
||||
../mergecap.1 \
|
||||
../mergecap.html \
|
||||
../tethereal.1 \
|
||||
../tethereal.html \
|
||||
../tshark.1 \
|
||||
../tshark.html \
|
||||
../text2pcap.1 \
|
||||
../text2pcap.html \
|
||||
../dumpcap.1 \
|
||||
|
|
|
@ -26,10 +26,10 @@
|
|||
|
||||
include ../config.nmake
|
||||
|
||||
doc: ethereal.html tethereal.html ethereal-filter.html capinfos.html \
|
||||
doc: ethereal.html tshark.html ethereal-filter.html capinfos.html \
|
||||
editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html
|
||||
|
||||
man: ethereal.1 tethereal.1 ethereal-filter.4 capinfos.1 editcap.1 \
|
||||
man: ethereal.1 tshark.1 ethereal-filter.4 capinfos.1 editcap.1 \
|
||||
idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1
|
||||
|
||||
ethereal-tmp.pod: ethereal.pod ../AUTHORS-SHORT-FORMAT
|
||||
|
@ -52,22 +52,22 @@ ethereal.html: ethereal-tmp.pod ../config.h
|
|||
--noindex \
|
||||
ethereal-tmp.pod > ethereal.html
|
||||
|
||||
../tethereal.exe:
|
||||
../tshark.exe:
|
||||
cd ..
|
||||
$(MAKE) -f makefile.nmake tethereal.exe
|
||||
$(MAKE) -f makefile.nmake tshark.exe
|
||||
cd doc
|
||||
|
||||
tethereal.1: tethereal.pod ../config.h
|
||||
tshark.1: tshark.pod ../config.h
|
||||
$(POD2MAN) \
|
||||
--center="The Wireshark Network Analyzer" \
|
||||
--release=$(VERSION) \
|
||||
tethereal.pod > tethereal.1
|
||||
tshark.pod > tshark.1
|
||||
|
||||
tethereal.html: tethereal.pod ../config.h
|
||||
tshark.html: tshark.pod ../config.h
|
||||
$(POD2HTML) \
|
||||
--title="tethereal - The Wireshark Network Analyzer $(VERSION)" \
|
||||
--title="tshark - The Wireshark Network Analyzer $(VERSION)" \
|
||||
--noindex \
|
||||
tethereal.pod > tethereal.html
|
||||
tshark.pod > tshark.html
|
||||
|
||||
ethereal-filter.4: ethereal-filter.pod ../config.h
|
||||
$(POD2MAN) \
|
||||
|
@ -81,10 +81,10 @@ ethereal-filter.html: ethereal-filter.pod ../config.h
|
|||
--noindex \
|
||||
ethereal-filter.pod > ethereal-filter.html
|
||||
|
||||
ethereal-filter.pod: ethereal-filter.pod.template ../tethereal.exe
|
||||
ethereal-filter.pod: ethereal-filter.pod.template ../tshark.exe
|
||||
cd ..
|
||||
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-deps
|
||||
tethereal.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod
|
||||
tshark.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod
|
||||
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake clean-deps
|
||||
cd doc
|
||||
|
||||
|
@ -163,7 +163,7 @@ dumpcap.html: dumpcap.pod ../config.h
|
|||
|
||||
clean:
|
||||
rm -f ethereal.html ethereal.1 ethereal-tmp.pod
|
||||
rm -f tethereal.html tethereal.1
|
||||
rm -f tshark.html tshark.1
|
||||
rm -f ethereal-filter.html ethereal-filter.4 ethereal-filter.pod
|
||||
rm -f capinfos.html capinfos.1
|
||||
rm -f editcap.html editcap.1
|
||||
|
|
|
@ -497,17 +497,17 @@ much better to use the g_snprintf() function declared by <glib.h> instead.
|
|||
You should test your dissector against incorrectly-formed packets. This
|
||||
can be done using the randpkt and editcap utilities that come with the
|
||||
Ethereal distribution. Testing using randpkt can be done by generating
|
||||
output at the same layer as your protocol, and forcing Ethereal/Tethereal
|
||||
output at the same layer as your protocol, and forcing Ethereal/TShark
|
||||
to decode it as your protocol, e.g. if your protocol sits on top of UDP:
|
||||
|
||||
randpkt -c 50000 -t dns randpkt.pcap
|
||||
tethereal -nVr randpkt.pcap -d udp.port==53,<myproto>
|
||||
tshark -nVr randpkt.pcap -d udp.port==53,<myproto>
|
||||
|
||||
Testing using editcap can be done using preexisting capture files and the
|
||||
"-E" flag, which introduces errors in a capture file. E.g.:
|
||||
|
||||
editcap -E 0.03 infile.pcap outfile.pcap
|
||||
tethereal -nVr outfile.pcap
|
||||
tshark -nVr outfile.pcap
|
||||
|
||||
1.1.4 Name convention.
|
||||
|
||||
|
|
|
@ -1,27 +1,27 @@
|
|||
#
|
||||
# Ethereal/Tethereal Regression Testing
|
||||
# Ethereal/TShark Regression Testing
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# This is a sample Makefile for regression testing of the
|
||||
# Ethereal engine. These tests use that uses 'tethereal -V' to analyze all
|
||||
# Ethereal engine. These tests use that uses 'tshark -V' to analyze all
|
||||
# the frames of a capture file.
|
||||
#
|
||||
# You should probably rename this file as 'Makefile' in a separate directory
|
||||
# set aside for the sole purpose of regression testing. Two text files will
|
||||
# be created for each capture file you test, so expect to have lots of files.
|
||||
#
|
||||
# Set TETHEREAL, CAPTURE_DIR, and CAPTURE_FILES to values appropriate for
|
||||
# Set TSHARK, CAPTURE_DIR, and CAPTURE_FILES to values appropriate for
|
||||
# your system. Run 'make' to create the initial datasets. Type 'make accept'
|
||||
# to accept those files as the reference set.
|
||||
#
|
||||
# After you make changes to Tethereal, run 'make regress'. This will re-run
|
||||
# After you make changes to TShark, run 'make regress'. This will re-run
|
||||
# the tests and compare them against the accepted reference set of data.
|
||||
# The comparison, which is just an invocation of 'diff -u' for the output
|
||||
# of each trace file, will be put into a file called 'regress'. Examine
|
||||
# this file for any changes that you did or did not expect.
|
||||
#
|
||||
# If you have introduced a change to Tethereal that shows up in the tests, but
|
||||
# If you have introduced a change to TShark that shows up in the tests, but
|
||||
# it is a valid change, run 'make accept' to accept those new data as your
|
||||
# reference set.
|
||||
#
|
||||
|
@ -33,7 +33,7 @@
|
|||
# 'make accept' Accept current tests; make them the reference test results
|
||||
# 'make clean' Cleans any tests (but not references!)
|
||||
|
||||
TETHEREAL=/home/gram/prj/ethereal/debug/linux-ix86/tethereal
|
||||
TSHARK=/home/gram/prj/ethereal/debug/linux-ix86/tshark
|
||||
|
||||
CAPTURE_DIR=/home/gram/prj/sniff
|
||||
|
||||
|
@ -59,8 +59,8 @@ all: $(TESTS)
|
|||
clean:
|
||||
rm -f $(TESTS)
|
||||
|
||||
%.tether : $(CAPTURE_DIR)/% $(TETHEREAL)
|
||||
$(TETHEREAL) -V -n -r $< > $@
|
||||
%.tether : $(CAPTURE_DIR)/% $(TSHARK)
|
||||
$(TSHARK) -V -n -r $< > $@
|
||||
|
||||
accept: $(REFERENCES)
|
||||
|
||||
|
|
|
@ -4,9 +4,9 @@ tapping with stats_tree
|
|||
Let's suppose that you want to write a tap only to keep counters, and you
|
||||
don't want to get involved with GUI programming or maybe you'd like to make
|
||||
it a plugin. A stats_tree might be the way to go. The stats_tree module takes
|
||||
care of the representation (GUI for ethereal and text for tethereal) of the
|
||||
care of the representation (GUI for ethereal and text for tshark) of the
|
||||
tap data. So there's very little code to write to make a tap listener usable
|
||||
from both ethereal and tethereal.
|
||||
from both ethereal and tshark.
|
||||
|
||||
First, you should add the TAP to the dissector in question as described in
|
||||
README.tapping .
|
||||
|
|
|
@ -6,11 +6,11 @@ In order to use the tapping system, very little knowledge of ethereal
|
|||
internals are required.
|
||||
|
||||
As examples on how to use the tap system see the implementation of
|
||||
tap-rpcstat.c (tethereal version)
|
||||
tap-rpcstat.c (tshark version)
|
||||
gtk/gtk-rpcstat.c (gtk-ethereal version)
|
||||
|
||||
If all you need is to keep some counters, there's the stats_tree API,
|
||||
which offers a simple way to make a GUI and tethereal tap-listener; see
|
||||
which offers a simple way to make a GUI and tshark tap-listener; see
|
||||
README.stats_tree. However, keep reading, as you'll need much of what's
|
||||
in this document.
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ Copyright (c) 2003 by Gilbert Ramirez <gram@alumni.rice.edu>
|
|||
|
||||
|
||||
Ethereal has the ability to export its protocol dissection in an
|
||||
XML format, tethereal has similar functionality by using the "-Tpdml"
|
||||
XML format, tshark has similar functionality by using the "-Tpdml"
|
||||
option.
|
||||
|
||||
The XML that wireshark produces follows the Packet Details Markup
|
||||
|
@ -18,10 +18,10 @@ A related XML format, the Packet Summary Markup Language (PSML), is
|
|||
also defined by the Analyzer group to provide packet summary information.
|
||||
The PSML format is not documented in a publicly-available HTML document,
|
||||
but its format is simple. Ethereal can export this format too. Some day it
|
||||
may be added to tethereal so that "-Tpsml" would produce PSML.
|
||||
may be added to tshark so that "-Tpsml" would produce PSML.
|
||||
|
||||
One wonders if the "-T" option should read "-Txml" instead of "-Tpdml"
|
||||
(and in the future, "-Tpsml"), but if tethereal was required to produce
|
||||
(and in the future, "-Tpsml"), but if tshark was required to produce
|
||||
another XML-based format of its protocol dissection, then "-Txml" would
|
||||
be ambiguous.
|
||||
|
||||
|
@ -53,7 +53,7 @@ Example:
|
|||
<pdml version="0" creator="ethereal/0.9.17">
|
||||
|
||||
The creator is "ethereal" (i.e., the "ethereal" engine. It will always say
|
||||
"ethereal", not "tethereal") version 0.9.17.
|
||||
"ethereal", not "tshark") version 0.9.17.
|
||||
|
||||
|
||||
The "<proto>" tag
|
||||
|
@ -192,13 +192,13 @@ a protocol or a field:
|
|||
General Notes
|
||||
=============
|
||||
Generally, parsing XML is slow. If you're writing a script to parse
|
||||
the PDML output of tethereal, pass a read filter with "-R" to tethereal to
|
||||
try to reduce as much as possible the number of packets coming out of tethereal.
|
||||
the PDML output of tshark, pass a read filter with "-R" to tshark to
|
||||
try to reduce as much as possible the number of packets coming out of tshark.
|
||||
The less your script has to process, the faster it will be.
|
||||
|
||||
'tools/msnchat' is a sample Python program that uses EtherealXML to parse PDML.
|
||||
Given one or more capture files, it runs tethereal on each of them, providing
|
||||
a read filter to reduce tethereal's output. It finds MSN Chat conversations
|
||||
Given one or more capture files, it runs tshark on each of them, providing
|
||||
a read filter to reduce tshark's output. It finds MSN Chat conversations
|
||||
in the capture file and produces nice HTML showing the conversations. It has
|
||||
only been tested with capture files containing non-simultaneous chat sessions,
|
||||
but was written to more-or-less handle any number of simultanous chat
|
||||
|
|
|
@ -106,7 +106,7 @@ Prints the help listing and exits.
|
|||
|
||||
=head1 SEE ALSO
|
||||
|
||||
I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>, I<editcap(1)>, I<tethereal(1)>
|
||||
I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>, I<editcap(1)>, I<tshark(1)>
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
|
|
|
@ -198,7 +198,7 @@ See the manual page of I<tcpdump(8)>.
|
|||
|
||||
=head1 SEE ALSO
|
||||
|
||||
I<ethereal(1)>, I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
|
||||
I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
|
|
|
@ -7,12 +7,12 @@ ethereal-filter - Ethereal filter syntax and reference
|
|||
B<ethereal> [other options]
|
||||
S<[ B<-R> "filter expression" ]>
|
||||
|
||||
B<tethereal> [other options]
|
||||
B<tshark> [other options]
|
||||
S<[ B<-R> "filter expression" ]>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
B<Ethereal> and B<Tethereal> share a powerful filter engine that helps remove
|
||||
B<Ethereal> and B<TShark> share a powerful filter engine that helps remove
|
||||
the noise from a packet trace and lets you see only the packets that interest
|
||||
you. If a packet meets the requirements expressed in your filter, then it
|
||||
is displayed in the list of packets. Display filters let you compare the
|
||||
|
@ -37,7 +37,7 @@ Think of a protocol or field in a filter as implicitly having the "exists"
|
|||
operator.
|
||||
|
||||
Note: all protocol and field names that are available in B<Ethereal> and
|
||||
B<Tethereal> filters are listed in the comprehensive B<FILTER PROTOCOL
|
||||
B<TShark> filters are listed in the comprehensive B<FILTER PROTOCOL
|
||||
REFERENCE> (see below).
|
||||
|
||||
=head2 Comparison operators
|
||||
|
@ -85,11 +85,11 @@ a case-insensitive pattern match. More information on PCRE can be found in the
|
|||
pcrepattern(3) man page (Perl Regular Expressions are explained in
|
||||
B<http://www.perldoc.com/perl5.8.0/pod/perlre.html>).
|
||||
|
||||
Note: the "matches" operator is only available if B<Ethereal> or B<Tethereal>
|
||||
Note: the "matches" operator is only available if B<Ethereal> or B<TShark>
|
||||
have been compiled with the PCRE library. This can be checked by running:
|
||||
|
||||
ethereal -v
|
||||
tethereal -v
|
||||
tshark -v
|
||||
|
||||
or selecting the "About Ethereal" item from the "Help" menu in B<Ethereal>.
|
||||
|
||||
|
@ -221,7 +221,7 @@ Another example is:
|
|||
|
||||
You can use the slice operator on a protocol name, too.
|
||||
The "frame" protocol can be useful, encompassing all the data captured
|
||||
by B<Ethereal> or B<Tethereal>.
|
||||
by B<Ethereal> or B<TShark>.
|
||||
|
||||
token[0:5] ne 0.0.0.1.1
|
||||
llc[0] eq aa
|
||||
|
@ -393,7 +393,7 @@ in B<http://www.winpcap.org/docs/man/html/group__language.html>.
|
|||
|
||||
=head1 SEE ALSO
|
||||
|
||||
I<ethereal(1)>, I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
|
||||
I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
|
|
|
@ -2199,7 +2199,7 @@ See above in the description of the About:Plugins page.
|
|||
|
||||
=head1 SEE ALSO
|
||||
|
||||
I<ethereal-filter(4)> I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
|
||||
I<ethereal-filter(4)> I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
tethereal - Dump and analyze network traffic
|
||||
tshark - Dump and analyze network traffic
|
||||
|
||||
=head1 SYNOPSYS
|
||||
|
||||
B<tethereal>
|
||||
B<tshark>
|
||||
S<[ B<-a> E<lt>capture autostop conditionE<gt> ] ...>
|
||||
S<[ B<-b> E<lt>capture ring buffer optionE<gt>] ...>
|
||||
S<[ B<-B> E<lt>capture buffer size (Win32 only)E<gt> ] >
|
||||
|
@ -39,18 +39,18 @@ S<[ B<-z> E<lt>statisticsE<gt> ]>
|
|||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
B<Tethereal> is a network protocol analyzer. It lets you capture packet
|
||||
B<TShark> is a network protocol analyzer. It lets you capture packet
|
||||
data from a live network, or read packets from a previously saved
|
||||
capture file, either printing a decoded form of those packets to the
|
||||
standard output or writing the packets to a file. B<Tethereal>'s native
|
||||
standard output or writing the packets to a file. B<TShark>'s native
|
||||
capture file format is B<libpcap> format, which is also the format used
|
||||
by B<tcpdump> and various other tools.
|
||||
|
||||
Without any options set, B<Tethereal> will work much like B<tcpdump>. It will
|
||||
Without any options set, B<TShark> will work much like B<tcpdump>. It will
|
||||
use the pcap library to capture traffic from the first available network
|
||||
interface and displays a summary line on stdout for each received packet.
|
||||
|
||||
B<Tethereal> is able to detect, read and write the same capture files that
|
||||
B<TShark> is able to detect, read and write the same capture files that
|
||||
are supported by B<Ethereal>.
|
||||
The input file doesn't need a specific filename extension, the file
|
||||
format and an optional gzip compression will be automatically detected.
|
||||
|
@ -59,16 +59,16 @@ I<http://www.ethereal.com/docs/man-pages/ethereal.1.html>
|
|||
provides a detailed description.
|
||||
|
||||
Compressed file support uses (and therefore requires) the zlib library.
|
||||
If the zlib library is not present, B<Tethereal> will compile, but will
|
||||
If the zlib library is not present, B<TShark> will compile, but will
|
||||
be unable to read compressed files.
|
||||
|
||||
If the B<-w> option is not specified, B<Tethereal> writes to the standard
|
||||
If the B<-w> option is not specified, B<TShark> writes to the standard
|
||||
output the text of a decoded form of the packets it captures or reads.
|
||||
If the B<-w> option is specified, B<Tethereal> writes to the file
|
||||
If the B<-w> option is specified, B<TShark> writes to the file
|
||||
specified by that option the raw data of the packets, along with the
|
||||
packets' time stamps.
|
||||
|
||||
When writing a decoded form of packets, B<Tethereal> writes, by
|
||||
When writing a decoded form of packets, B<TShark> writes, by
|
||||
default, a summary line containing the fields specified by the
|
||||
preferences file (which are also the fields displayed in the packet list
|
||||
pane in B<Ethereal>), although if it's writing packets as it captures
|
||||
|
@ -78,19 +78,19 @@ writes instead a view of the details of the packet, showing all the
|
|||
fields of all protocols in the packet.
|
||||
|
||||
If you want to write the decoded form of packets to a file, run
|
||||
B<Tethereal> without the B<-w> option, and redirect its standard output to
|
||||
B<TShark> without the B<-w> option, and redirect its standard output to
|
||||
the file (do I<not> use the B<-w> option).
|
||||
|
||||
When writing packets to a file, B<Tethereal>, by default, writes the
|
||||
When writing packets to a file, B<TShark>, by default, writes the
|
||||
file in B<libpcap> format, and writes all of the packets it sees to the
|
||||
output file. The B<-F> option can be used to specify the format in which
|
||||
to write the file. This list of available file formats is displayed by
|
||||
the B<-h> flag.
|
||||
|
||||
Read filters in B<Tethereal>, which allow you to select which packets
|
||||
Read filters in B<TShark>, which allow you to select which packets
|
||||
are to be decoded or written to a file, are very powerful; more fields
|
||||
are filterable in B<Tethereal> than in other protocol analyzers, and the
|
||||
syntax you can use to create your filters is richer. As B<Tethereal>
|
||||
are filterable in B<TShark> than in other protocol analyzers, and the
|
||||
syntax you can use to create your filters is richer. As B<TShark>
|
||||
progresses, expect more and more protocol fields to be allowed in read
|
||||
filters.
|
||||
|
||||
|
@ -100,7 +100,7 @@ from the read filter syntax. A read filter can also be specified when
|
|||
capturing, and only packets that pass the read filter will be displayed
|
||||
or saved to the output file; note, however, that capture filters are much
|
||||
more efficient than read filters, and it may be more difficult for
|
||||
B<Tethereal> to keep up with a busy network if a read filter is
|
||||
B<TShark> to keep up with a busy network if a read filter is
|
||||
specified for a live capture.
|
||||
|
||||
A capture or read filter can either be specified with the B<-f> or B<-R>
|
||||
|
@ -111,7 +111,7 @@ after the option arguments, in which case all the arguments after the
|
|||
filter arguments are treated as a filter expression. Capture filters
|
||||
are supported only when doing a live capture; read filters are supported
|
||||
when doing a live capture and when reading a capture file, but require
|
||||
Tethereal to do more work when filtering, so you might be more likely to
|
||||
TShark to do more work when filtering, so you might be more likely to
|
||||
lose packets under heavy load if you're using a read filter. If the
|
||||
filter is specified with command-line arguments after the option
|
||||
arguments, it's a capture filter if a capture is being done (i.e., if no
|
||||
|
@ -124,7 +124,7 @@ read (i.e., if a B<-r> option was specified).
|
|||
|
||||
=item -a E<lt>capture autostop conditionE<gt>
|
||||
|
||||
Specify a criterion that specifies when B<Tethereal> is to stop writing
|
||||
Specify a criterion that specifies when B<TShark> is to stop writing
|
||||
to a capture file. The criterion is of the form I<test>B<:>I<value>,
|
||||
where I<test> is one of:
|
||||
|
||||
|
@ -139,9 +139,9 @@ B<files>:I<value> Stop writing to capture files after I<value> number of files w
|
|||
|
||||
=item -b E<lt>capture ring buffer optionE<gt>
|
||||
|
||||
Cause B<Tethereal> to run in "multiple files" mode. In "multiple files" mode,
|
||||
B<Tethereal> will write to several capture files. When the first capture file
|
||||
fills up, B<Tethereal> will switch writing to the next file and so on.
|
||||
Cause B<TShark> to run in "multiple files" mode. In "multiple files" mode,
|
||||
B<TShark> will write to several capture files. When the first capture file
|
||||
fills up, B<TShark> will switch writing to the next file and so on.
|
||||
|
||||
The created filenames are based on the filename given with the B<-w> option, the number of
|
||||
the file and on the creation date and time,
|
||||
|
@ -149,7 +149,7 @@ e.g. outfile_00001_20050604120117.pcap, outfile_00001_20050604120523.pcap, ...
|
|||
|
||||
With the I<files> option it's also possible to form a "ring buffer".
|
||||
This will fill up new files until the number of files specified,
|
||||
at which point B<Tethereal> will discard the data in the first file and start
|
||||
at which point B<TShark> will discard the data in the first file and start
|
||||
writing to that file and so on. If the I<files> option is not set,
|
||||
new files filled up until one of the capture stop conditions match (or
|
||||
until the disk if full).
|
||||
|
@ -188,7 +188,7 @@ TCP port 8888 as HTTP.
|
|||
|
||||
=item -D
|
||||
|
||||
Print a list of the interfaces on which B<Tethereal> can capture, and
|
||||
Print a list of the interfaces on which B<TShark> can capture, and
|
||||
exit. For each network interface, a number and an
|
||||
interface name, possibly followed by a text description of the
|
||||
interface, is printed. The interface name or the number can be supplied
|
||||
|
@ -199,11 +199,11 @@ This can be useful on systems that don't have a command to list them
|
|||
the number can be useful on Windows 2000 and later systems, where the
|
||||
interface name is a somewhat complex string.
|
||||
|
||||
Note that "can capture" means that B<Tethereal> was able to open
|
||||
that device to do a live capture. Depending on your system you may need to run tethereal from an account
|
||||
Note that "can capture" means that B<TShark> was able to open
|
||||
that device to do a live capture. Depending on your system you may need to run tshark from an account
|
||||
with special privileges (for example, as root) to be able to capture
|
||||
network traffic.
|
||||
If B<Tethereal -D> is not run from such an account, it will not list
|
||||
If B<TShark -D> is not run from such an account, it will not list
|
||||
any interfaces.
|
||||
|
||||
=item -f E<lt>capture filterE<gt>
|
||||
|
@ -226,22 +226,22 @@ Set the name of the network interface or pipe to use for live packet
|
|||
capture.
|
||||
|
||||
Network interface names should match one of the names listed in
|
||||
"B<tethereal -D>" (described above); a number, as reported by
|
||||
"B<tethereal -D>", can also be used. If you're using UNIX, "B<netstat
|
||||
"B<tshark -D>" (described above); a number, as reported by
|
||||
"B<tshark -D>", can also be used. If you're using UNIX, "B<netstat
|
||||
-i>" or "B<ifconfig -a>" might also work to list interface names,
|
||||
although not all versions of UNIX support the B<-a> option to B<ifconfig>.
|
||||
|
||||
If no interface is specified, B<Tethereal> searches the list of
|
||||
If no interface is specified, B<TShark> searches the list of
|
||||
interfaces, choosing the first non-loopback interface if there are any
|
||||
non-loopback interfaces, and choosing the first loopback interface if
|
||||
there are no non-loopback interfaces. If there are no interfaces at all,
|
||||
B<Tethereal> reports an error and doesn't start the capture.
|
||||
B<TShark> reports an error and doesn't start the capture.
|
||||
|
||||
Pipe names should be either the name of a FIFO (named pipe) or ``-'' to
|
||||
read data from the standard input. Data read from pipes must be in
|
||||
standard libpcap format.
|
||||
|
||||
Note: the Win32 version of B<Tethereal> doesn't support capturing from
|
||||
Note: the Win32 version of B<TShark> doesn't support capturing from
|
||||
pipes or stdin!
|
||||
|
||||
=item -l
|
||||
|
@ -256,9 +256,9 @@ dissected, it should work just as well as true line-buffering. We do
|
|||
this as a workaround for a deficiency in the Microsoft Visual C++ C
|
||||
library.)
|
||||
|
||||
This may be useful when piping the output of B<Tethereal> to another
|
||||
This may be useful when piping the output of B<TShark> to another
|
||||
program, as it means that the program to which the output is piped will
|
||||
see the dissected data for a packet as soon as B<Tethereal> sees the
|
||||
see the dissected data for a packet as soon as B<TShark> sees the
|
||||
packet and generates that output, rather than seeing it only when the
|
||||
standard output buffer containing that data fills up.
|
||||
|
||||
|
@ -303,7 +303,7 @@ file), and I<value> is the value to which it should be set.
|
|||
I<Don't> put the interface into promiscuous mode. Note that the
|
||||
interface might be in promiscuous mode for some other reason; hence,
|
||||
B<-p> cannot be used to ensure that the only traffic that is captured is
|
||||
traffic sent to or from the machine on which B<Tethereal> is running,
|
||||
traffic sent to or from the machine on which B<TShark> is running,
|
||||
broadcast traffic, and multicast traffic to addresses received by that
|
||||
machine.
|
||||
|
||||
|
@ -391,7 +391,7 @@ Print the version and exit.
|
|||
|
||||
=item -V
|
||||
|
||||
Cause B<Tethereal> to print a view of the packet details rather
|
||||
Cause B<TShark> to print a view of the packet details rather
|
||||
than a one-line summary of the packet.
|
||||
|
||||
=item -w E<lt>outfileE<gt>|-
|
||||
|
@ -405,13 +405,13 @@ option for this.
|
|||
|
||||
=item -x
|
||||
|
||||
Cause B<Tethereal> to print a hex and ASCII dump of the packet data
|
||||
Cause B<TShark> to print a hex and ASCII dump of the packet data
|
||||
after printing the summary or details.
|
||||
|
||||
|
||||
=item -X E<lt>eXtension optionsE<gt>
|
||||
|
||||
Specify an option to be passed to a B<Tethereal> module. The eXtension option
|
||||
Specify an option to be passed to a B<TShark> module. The eXtension option
|
||||
is in the form I<extension_key>B<:>I<value>, where I<extension_key> can be:
|
||||
|
||||
B<lua_script>:I<lua_script_filename> tells B<Ethereal> to load the given script in addition to the
|
||||
|
@ -425,7 +425,7 @@ reported by B<-L> are the values that can be used.
|
|||
|
||||
=item -z E<lt>statisticsE<gt>
|
||||
|
||||
Get B<Tethereal> to collect various types of statistics and display the result
|
||||
Get B<TShark> to collect various types of statistics and display the result
|
||||
after finishing reading the capture file. Use the B<-q> flag if you're
|
||||
reading a capture file and only want the statistics printed, not any
|
||||
per-packet information.
|
||||
|
@ -569,9 +569,9 @@ I<filter> is a filter string that controls for which packets the field value
|
|||
will be presented in the info column. I<field> will only be presented in the
|
||||
Info column for the packets which match I<filter>.
|
||||
|
||||
NOTE: In order for B<Tethereal> to be able to extract the I<field> value
|
||||
NOTE: In order for B<TShark> to be able to extract the I<field> value
|
||||
from the packet, I<field> MUST be part of the I<filter> string. If not,
|
||||
B<Tethereal> will not be able to extract its value.
|
||||
B<TShark> will not be able to extract its value.
|
||||
|
||||
For a simple example to add the "nfs.fh.hash" field to the Info column
|
||||
for all packets containing the "nfs.fh.hash" field, use
|
||||
|
@ -630,16 +630,16 @@ SMB packets echanged by the host at IP address 1.2.3.4 .
|
|||
|
||||
B<-z> smb,sids
|
||||
|
||||
When this feature is used B<Tethereal> will print a report with all the
|
||||
When this feature is used B<TShark> will print a report with all the
|
||||
discovered SID and account name mappings. Only those SIDs where the
|
||||
account name is known will be presented in the table.
|
||||
|
||||
For this feature to work you will need to either to enable
|
||||
"Edit/Preferences/Protocols/SMB/Snoop SID to name mappings" in the
|
||||
preferences or you can override the preferences by specifying
|
||||
B<-o "smb.sid_name_snooping:TRUE"> on the B<Tethereal> command line.
|
||||
B<-o "smb.sid_name_snooping:TRUE"> on the B<TShark> command line.
|
||||
|
||||
The current methods used by B<Tethereal> to find the SID->name mapping
|
||||
The current methods used by B<TShark> to find the SID->name mapping
|
||||
is relatively restricted but is hoped to be expanded in the future.
|
||||
|
||||
B<-z> mgcp,rtd[I<,filter>]
|
||||
|
@ -715,7 +715,7 @@ See the manual page of I<tcpdump(8)>.
|
|||
=head1 READ FILTER SYNTAX
|
||||
|
||||
For a complete table of protocol and protocol fields that are filterable
|
||||
in B<Tethereal> see the I<ethereal-filter(4)> manual page.
|
||||
in B<TShark> see the I<ethereal-filter(4)> manual page.
|
||||
|
||||
=head1 FILES
|
||||
|
||||
|
@ -861,7 +861,7 @@ I<ethereal-filter(4)> I<ethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
|
|||
|
||||
=head1 NOTES
|
||||
|
||||
B<Tethereal> is part of the B<Ethereal> distribution. The latest version
|
||||
B<TShark> is part of the B<Ethereal> distribution. The latest version
|
||||
of B<Ethereal> can be found at B<http://www.ethereal.com>.
|
||||
|
||||
HTML versions of the Wireshark project man pages are available at:
|
||||
|
@ -869,6 +869,6 @@ http://www.ethereal.com/docs/man-pages
|
|||
|
||||
=head1 AUTHORS
|
||||
|
||||
B<Tethereal> uses the same packet dissection code that B<Ethereal> does,
|
||||
B<TShark> uses the same packet dissection code that B<Ethereal> does,
|
||||
as well as using many other modules from B<Ethereal>; see the list of
|
||||
authors in the B<Ethereal> man page for a list of authors of that code.
|
|
@ -24,7 +24,7 @@
|
|||
Ethereal, GTK 2.x based
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Tethereal, console based
|
||||
TShark, console based
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
There are other Ethereal frontends existing, not developped nor
|
||||
|
|
|
@ -146,7 +146,7 @@ Ethereal Info
|
|||
|
||||
<section id="FileLocations"><title>File Locations</title>
|
||||
<para>
|
||||
Ethereal and Tethereal look in several different locations for
|
||||
Ethereal and TShark look in several different locations for
|
||||
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
||||
These locations vary from platform to platform. You can use
|
||||
About->Folders to find the default locations on your system.
|
||||
|
|
|
@ -49,15 +49,15 @@ tcpdump -i <interface> -s 1500 -w <some-file>
|
|||
</note>
|
||||
</section>
|
||||
|
||||
<section id="AppToolstethereal">
|
||||
<title><command>tethereal</command>: Terminal-based Wireshark</title>
|
||||
<section id="AppToolstshark">
|
||||
<title><command>tshark</command>: Terminal-based Wireshark</title>
|
||||
<para>
|
||||
<application>Tethereal</application> is a terminal oriented version
|
||||
<application>TShark</application> is a terminal oriented version
|
||||
of ethereal designed for capturing and displaying packets when an
|
||||
interactive user interface isn't necessary or available. It supports
|
||||
the same options as <command>ethereal</command>. For more
|
||||
information on <command>tethereal</command>, see the manual pages
|
||||
(<command>man tethereal</command>).
|
||||
information on <command>tshark</command>, see the manual pages
|
||||
(<command>man tshark</command>).
|
||||
</para>
|
||||
</section>
|
||||
|
||||
|
|
|
@ -554,11 +554,11 @@ ethereal-setup-0.10.13.exe /NCRC /S /desktopicon=yes /quicklaunchicon=no /D=C:\P
|
|||
(native Win32 look and feel, recommended).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<command>Tethereal</command> - Tethereal is a command-line based network
|
||||
<command>TShark</command> - TShark is a command-line based network
|
||||
protocol analyzer.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
The dissection extensions for Wireshark and Tethereal:
|
||||
The dissection extensions for Wireshark and TShark:
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<command>Dissector Plugins</command> - Plugins with some extended dissections.
|
||||
|
|
|
@ -467,7 +467,7 @@ standard libpcap format.
|
|||
<varlistentry><term><command>-X <eXtension option></command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specify an option to be passed to a Tethereal module. The eXtension
|
||||
Specify an option to be passed to a TShark module. The eXtension
|
||||
option is in the form extension_key:value, where extension_key can
|
||||
be:
|
||||
</para>
|
||||
|
|
|
@ -120,7 +120,7 @@ void get_addr_name_buf(address *addr, gchar *buf, guint size);
|
|||
extern void host_name_lookup_init(void);
|
||||
|
||||
/* host_name_lookup_process does ADNS processing in GTK+ timeouts in Wireshark,
|
||||
and before processing each packet in Twireshark, if we're using ADNS */
|
||||
and before processing each packet in TShark, if we're using ADNS */
|
||||
extern gint host_name_lookup_process(gpointer data);
|
||||
|
||||
/* host_name_lookup_cleanup cleans up an ADNS socket if we're using ADNS */
|
||||
|
|
|
@ -1342,7 +1342,7 @@ chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo,
|
|||
if (chunk_size > 0) {
|
||||
/*
|
||||
* XXX - just use "proto_tree_add_text()"?
|
||||
* This means that, in Twireshark, you get
|
||||
* This means that, in TShark, you get
|
||||
* the entire chunk dumped out in hex,
|
||||
* in addition to whatever dissection is
|
||||
* done on the reassembled data.
|
||||
|
|
|
@ -343,7 +343,7 @@ proto_reg_handoff_mdshdr(void)
|
|||
if (!mdshdr_prefs_initialized) {
|
||||
/*
|
||||
* This is the first time this has been called (i.e.,
|
||||
* Wireshark/Tethereal is starting up), so create a handle for
|
||||
* Wireshark/TShark is starting up), so create a handle for
|
||||
* the MDS Header dissector, register the dissector for
|
||||
* ethertype ETHERTYPE_FCFT, and fetch the data and Fibre
|
||||
* Channel handles.
|
||||
|
|
|
@ -404,7 +404,7 @@ sid_snooping_init(void)
|
|||
if(error_string){
|
||||
/* error, we failed to attach to the tap. clean up */
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register proto_reg_handoff_smb_sidsnooping()/lsa_policy_information tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register proto_reg_handoff_smb_sidsnooping()/lsa_policy_information tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
@ -415,7 +415,7 @@ sid_snooping_init(void)
|
|||
if(error_string){
|
||||
/* error, we failed to attach to the tap. clean up */
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register proto_reg_handoff_smb_sidsnooping()/samr_query_dispinfo tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register proto_reg_handoff_smb_sidsnooping()/samr_query_dispinfo tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -185,7 +185,7 @@ emem_canary_pad (size_t allocation) {
|
|||
|
||||
|
||||
/* Initialize the packet-lifetime memory allocation pool.
|
||||
* This function should be called only once when Wireshark or Twireshark starts
|
||||
* This function should be called only once when Wireshark or TShark starts
|
||||
* up.
|
||||
*/
|
||||
void
|
||||
|
@ -223,7 +223,7 @@ ep_init_chunk(void)
|
|||
|
||||
}
|
||||
/* Initialize the capture-lifetime memory allocation pool.
|
||||
* This function should be called only once when Wireshark or Twireshark starts
|
||||
* This function should be called only once when Wireshark or TShark starts
|
||||
* up.
|
||||
*/
|
||||
void
|
||||
|
|
|
@ -479,7 +479,7 @@ get_progfile_dir(void)
|
|||
* stored.
|
||||
*
|
||||
* XXX - if we ever make libwireshark a real library, used by multiple
|
||||
* applications (more than just Twireshark and versions of Wireshark with
|
||||
* applications (more than just TShark and versions of Wireshark with
|
||||
* various UIs), should the configuration files belong to the library
|
||||
* (and be shared by all those applications) or to the applications?
|
||||
*
|
||||
|
|
|
@ -45,7 +45,7 @@ get_credential_info(void)
|
|||
* For now, we say the program wasn't started with special privileges.
|
||||
* There are ways of running programs with credentials other than those
|
||||
* for the session in which it's run, but I don't know whether that'd be
|
||||
* done with Wireshark/Twireshark or not.
|
||||
* done with Wireshark/TShark or not.
|
||||
*/
|
||||
gboolean
|
||||
started_with_special_privs(void)
|
||||
|
|
|
@ -510,7 +510,7 @@ extern int stats_tree_manip_node(manip_node_mode mode, stats_tree* st, const gui
|
|||
extern guint8* stats_tree_get_abbr(const guint8* optarg) {
|
||||
guint i;
|
||||
|
||||
/* XXX: this fails when twireshark is given any options
|
||||
/* XXX: this fails when tshark is given any options
|
||||
after the -z */
|
||||
g_assert(optarg != NULL);
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
/* This module provides rpc call/reply SRT statistics to Wireshark,
|
||||
* and displays them graphically.
|
||||
* It is only used by Wireshark and not twireshark
|
||||
* It is only used by Wireshark and not tshark
|
||||
*
|
||||
* It serves as an example on how to use the tap api.
|
||||
*/
|
||||
|
|
|
@ -363,8 +363,8 @@ topic_action(topic_action_e action)
|
|||
case(LOCALPAGE_MAN_WIRESHARK_FILTER):
|
||||
browser_open_data_file("wireshark-filter.html");
|
||||
break;
|
||||
case(LOCALPAGE_MAN_TWIRESHARK):
|
||||
browser_open_data_file("twireshark.html");
|
||||
case(LOCALPAGE_MAN_TSHARK):
|
||||
browser_open_data_file("tshark.html");
|
||||
break;
|
||||
case(LOCALPAGE_MAN_DUMPCAP):
|
||||
browser_open_data_file("dumpcap.html");
|
||||
|
|
|
@ -44,7 +44,7 @@ typedef enum {
|
|||
/* local manual pages */
|
||||
LOCALPAGE_MAN_WIRESHARK = 100,
|
||||
LOCALPAGE_MAN_WIRESHARK_FILTER,
|
||||
LOCALPAGE_MAN_TWIRESHARK,
|
||||
LOCALPAGE_MAN_TSHARK,
|
||||
LOCALPAGE_MAN_DUMPCAP,
|
||||
LOCALPAGE_MAN_MERGECAP,
|
||||
LOCALPAGE_MAN_EDITCAP,
|
||||
|
|
|
@ -2478,7 +2478,7 @@ main(int argc, char *argv[])
|
|||
* Input file name not specified with "-r", and a command-line argument
|
||||
* was specified; treat it as the input file name.
|
||||
*
|
||||
* Yes, this is different from twireshark, where non-flag command-line
|
||||
* Yes, this is different from tshark, where non-flag command-line
|
||||
* arguments are a filter, but this works better on GUI desktops
|
||||
* where a command can be specified to be run to open a particular
|
||||
* file - yes, you could have "-r" as the last part of the command,
|
||||
|
|
|
@ -398,7 +398,7 @@ static GtkItemFactoryEntry menu_items[] =
|
|||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/Wireshark", NULL, topic_menu_cb, LOCALPAGE_MAN_WIRESHARK, NULL, NULL),
|
||||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/Wireshark Filter", NULL, topic_menu_cb, LOCALPAGE_MAN_WIRESHARK_FILTER, NULL, NULL),
|
||||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/<separator>", NULL, NULL, 0, "<Separator>", NULL),
|
||||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/Twireshark", NULL, topic_menu_cb, LOCALPAGE_MAN_TWIRESHARK, NULL, NULL),
|
||||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/TShark", NULL, topic_menu_cb, LOCALPAGE_MAN_TSHARK, NULL, NULL),
|
||||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/Dumpcap", NULL, topic_menu_cb, LOCALPAGE_MAN_DUMPCAP, NULL, NULL),
|
||||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/Mergecap", NULL, topic_menu_cb, LOCALPAGE_MAN_MERGECAP, NULL, NULL),
|
||||
ITEM_FACTORY_ENTRY("/Help/Manual Pages/Editcap", NULL, topic_menu_cb, LOCALPAGE_MAN_EDITCAP, NULL, NULL),
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
/* This module provides rpc call/reply SRT statistics to Wireshark.
|
||||
* It is only used by Wireshark and not TWireshark
|
||||
* It is only used by Wireshark and not TShark
|
||||
*
|
||||
* It serves as an example on how to use the tap api.
|
||||
*/
|
||||
|
|
|
@ -64,7 +64,7 @@ As a rule of thumb: if you want to see most of the packets and only filter a sma
|
|||
|
||||
d) If you still get packet drops, it might be an idea to use a tool dedicated to packet capturing and only use Ethereal for displaying and analyzing the packets.
|
||||
|
||||
Have a look at tethereal, the command line variant of ethereal, which is included in this package.
|
||||
Have a look at tshark, the command line variant of ethereal, which is included in this package.
|
||||
XXX: add a list of possibly useful standalone capture programs.
|
||||
|
||||
|
||||
|
|
18
help/faq.txt
18
help/faq.txt
|
@ -41,7 +41,7 @@
|
|||
|
||||
3. Installing Ethereal:
|
||||
|
||||
3.1 I installed an Ethereal RPM; why did it install Tethereal but not
|
||||
3.1 I installed an Ethereal RPM; why did it install TShark but not
|
||||
Ethereal?
|
||||
|
||||
4. Building Ethereal:
|
||||
|
@ -70,7 +70,7 @@
|
|||
5.1 Why does Ethereal crash with a Bus Error when I try to run it on Solaris
|
||||
8?
|
||||
|
||||
5.2 When I run Tethereal with the "-x" option, why does it crash with an
|
||||
5.2 When I run TShark with the "-x" option, why does it crash with an
|
||||
error
|
||||
|
||||
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
|
||||
|
@ -1169,7 +1169,7 @@ cies
|
|||
|
||||
3. Installing Ethereal
|
||||
|
||||
Q 3.1: I installed an Ethereal RPM; why did it install Tethereal but not
|
||||
Q 3.1: I installed an Ethereal RPM; why did it install TShark but not
|
||||
Ethereal?
|
||||
|
||||
A: Older versions of the Red Hat RPMs for Wireshark put only the non-GUI
|
||||
|
@ -1270,7 +1270,7 @@ cies
|
|||
Similar problems may exist with older versions of GTK+ for earlier versions
|
||||
of Solaris.
|
||||
|
||||
Q 5.2: When I run Tethereal with the "-x" option, why does it crash with an
|
||||
Q 5.2: When I run TShark with the "-x" option, why does it crash with an
|
||||
error
|
||||
|
||||
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
|
||||
|
@ -1440,7 +1440,7 @@ cies
|
|||
supply to the host all network packets they see. Ethereal will try to put
|
||||
the interface on which it's capturing into promiscuous mode unless the
|
||||
"Capture packets in promiscuous mode" option is turned off in the "Capture
|
||||
Options" dialog box, and Tethereal will try to put the interface on which
|
||||
Options" dialog box, and TShark will try to put the interface on which
|
||||
it's capturing into promiscuous mode unless the -p option was specified.
|
||||
However, some network interfaces don't support promiscuous mode, and some
|
||||
OSes might not allow interfaces to be put into promiscuous mode.
|
||||
|
@ -1537,7 +1537,7 @@ cies
|
|||
|
||||
Q 7.6: How do I put an interface into promiscuous mode?
|
||||
|
||||
A: By not disabling promiscuous mode when running Ethereal or Tethereal.
|
||||
A: By not disabling promiscuous mode when running Ethereal or TShark.
|
||||
|
||||
Note, however, that:
|
||||
* the form of promiscuous mode that libpcap (the library that programs
|
||||
|
@ -1768,7 +1768,7 @@ cies
|
|||
|
||||
A: If you are running Ethereal on Windows NT 4.0, Windows 2000, Windows XP,
|
||||
or Windows Server 2003, and this is the first time you have run a
|
||||
WinPcap-based program (such as Ethereal, or Tethereal, or WinDump, or
|
||||
WinPcap-based program (such as Ethereal, or TShark, or WinDump, or
|
||||
Analyzer, or...) since the machine was rebooted, you need to run that
|
||||
program from an account with administrator privileges; once you have run
|
||||
such a program, you will not need administrator privileges to run any such
|
||||
|
@ -2137,7 +2137,7 @@ cies
|
|||
passively capture packets.
|
||||
|
||||
This means that you should disable name resolution when capturing in monitor
|
||||
mode; otherwise, when Ethereal (or Tethereal, or tcpdump) tries to display
|
||||
mode; otherwise, when Ethereal (or TShark, or tcpdump) tries to display
|
||||
IP addresses as host names, it will probably block for a long time trying to
|
||||
resolve the name because it will not be able to communicate with any DNS or
|
||||
NIS servers.
|
||||
|
@ -2179,7 +2179,7 @@ cies
|
|||
possible" option, clicking "Save" if you want to save that setting in your
|
||||
preference file, and clicking "OK".
|
||||
|
||||
It can also be set on the Wireshark or Tethereal command line with a -o
|
||||
It can also be set on the Wireshark or TShark command line with a -o
|
||||
tcp.check_checksum:false command-line flag, or manually set in your
|
||||
preferences file by adding a tcp.check_checksum:false line.
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
include ..\config.nmake
|
||||
|
||||
ALL_RC=ethereal.rc libwireshark.rc tethereal.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
|
||||
ALL_RC=ethereal.rc libwireshark.rc tshark.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
|
||||
all : $(ALL_RC)
|
||||
|
||||
wireshark.exe.manifest: ethereal.exe.manifest.in ..\config.nmake
|
||||
|
@ -23,10 +23,10 @@ libwireshark.rc: libwireshark.rc.in ..\config.nmake
|
|||
-e s/@RC_VERSION@/$(RC_VERSION)/ \
|
||||
< libwireshark.rc.in > $@
|
||||
|
||||
tethereal.rc : tethereal.rc.in ..\config.nmake
|
||||
tshark.rc : tshark.rc.in ..\config.nmake
|
||||
sed -e s/@VERSION@/$(VERSION)/ \
|
||||
-e s/@RC_VERSION@/$(RC_VERSION)/ \
|
||||
< tethereal.rc.in > $@
|
||||
< tshark.rc.in > $@
|
||||
|
||||
capinfos.rc : capinfos.rc.in ..\config.nmake
|
||||
sed -e s/@VERSION@/$(VERSION)/ \
|
||||
|
|
|
@ -47,7 +47,7 @@ icon-excl.xpm informational dialogs
|
|||
ethereal.rc.in MSVC++ resource templates
|
||||
editcap.rc.in
|
||||
mergecap.rc.in
|
||||
tethereal.rc.in
|
||||
tshark.rc.in
|
||||
text2pcap.rc.in
|
||||
|
||||
stock_dialog_error_48.xpm GTK2 default icons for simple_dialog, from:
|
||||
|
|
|
@ -20,12 +20,12 @@ BEGIN
|
|||
BLOCK "040904b0"
|
||||
BEGIN
|
||||
VALUE "CompanyName", "The Wireshark developer community\0"
|
||||
VALUE "FileDescription", "Tethereal\0"
|
||||
VALUE "FileDescription", "TShark\0"
|
||||
VALUE "FileVersion", "@VERSION@\0"
|
||||
VALUE "InternalName", "Tethereal @VERSION@\0"
|
||||
VALUE "InternalName", "TShark @VERSION@\0"
|
||||
VALUE "LegalCopyright", "Copyright © 2000 Gerald Combs <gerald@wireshark.org>, Gilbert Ramirez <gram@alumni.rice.edu> and others\0"
|
||||
VALUE "OriginalFilename", "Tethereal.exe\0"
|
||||
VALUE "ProductName", "Tethereal\0"
|
||||
VALUE "OriginalFilename", "TShark.exe\0"
|
||||
VALUE "ProductName", "TShark\0"
|
||||
VALUE "ProductVersion", "@VERSION@\0"
|
||||
END
|
||||
END
|
|
@ -35,7 +35,7 @@ DEST=wireshark-gtk2
|
|||
DEST=wireshark
|
||||
!ENDIF
|
||||
|
||||
EXE=../../tethereal.exe ../../editcap.exe \
|
||||
EXE=../../tshark.exe ../../editcap.exe \
|
||||
!IFDEF GTK1_DIR
|
||||
../../ethereal.exe \
|
||||
!ENDIF
|
||||
|
@ -45,7 +45,7 @@ EXE=../../tethereal.exe ../../editcap.exe \
|
|||
../../text2pcap.exe ../../mergecap.exe ../../capinfos.exe WinPcap_3_1.exe
|
||||
DLL=../../wiretap/wiretap-$(WTAP_VERSION).dll
|
||||
DOC=../../doc/ethereal.html \
|
||||
../../doc/tethereal.html \
|
||||
../../doc/tshark.html \
|
||||
../../doc/ethereal-filter.html \
|
||||
../../doc/editcap.html \
|
||||
../../doc/text2pcap.html \
|
||||
|
|
|
@ -661,14 +661,14 @@ SectionEnd
|
|||
SectionGroupEnd ; "Wireshark"
|
||||
|
||||
|
||||
Section "Tethereal" SecTethereal
|
||||
Section "TShark" SecTShark
|
||||
;-------------------------------------------
|
||||
!ifdef GTK1_DIR & GTK2_DIR
|
||||
SectionIn 1 2
|
||||
!endif
|
||||
SetOutPath $INSTDIR
|
||||
File "..\..\tethereal.exe"
|
||||
File "..\..\doc\tethereal.html"
|
||||
File "..\..\tshark.exe"
|
||||
File "..\..\doc\tshark.html"
|
||||
SectionEnd
|
||||
|
||||
SectionGroup "Plugins / Extensions" SecPluginsGroup
|
||||
|
@ -807,11 +807,11 @@ Section "Uninstall" un.SecUinstall
|
|||
SectionIn 1 2
|
||||
SetShellVarContext all
|
||||
|
||||
Delete "$INSTDIR\tethereal.exe"
|
||||
IfErrors 0 NoTetherealErrorMsg
|
||||
MessageBox MB_OK "Please note: tethereal.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if tethereal.exe removed
|
||||
Abort "Please note: tethereal.exe could not be removed, it's probably in use! Abort uninstall process!"
|
||||
NoTetherealErrorMsg:
|
||||
Delete "$INSTDIR\tshark.exe"
|
||||
IfErrors 0 NoTSharkErrorMsg
|
||||
MessageBox MB_OK "Please note: tshark.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if tshark.exe removed
|
||||
Abort "Please note: tshark.exe could not be removed, it's probably in use! Abort uninstall process!"
|
||||
NoTSharkErrorMsg:
|
||||
|
||||
Delete "$INSTDIR\wireshark.exe"
|
||||
IfErrors 0 NoWiresharkErrorMsg
|
||||
|
@ -1003,8 +1003,8 @@ SectionEnd
|
|||
!insertmacro MUI_DESCRIPTION_TEXT ${SecGTKWimp} "GTK-Wimp is the GTK2 windows impersonator (native Win32 look and feel, for Win2000 and up)."
|
||||
!endif
|
||||
!endif
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecTethereal} "Tethereal is a text based network protocol analyzer."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecPluginsGroup} "Some plugins and extensions for both Wireshark and Tethereal."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecTShark} "TShark is a text based network protocol analyzer."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecPluginsGroup} "Some plugins and extensions for both Wireshark and TShark."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecPlugins} "Plugins with some extended dissections."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecStatsTree} "Plugin for some extended statistics."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecMate} "Plugin - Meta Analysis and Tracing Engine (Experimental)."
|
||||
|
|
|
@ -3506,7 +3506,7 @@ build_pdu_tree(const char *pduname)
|
|||
|
||||
|
||||
#ifdef DISSECTOR_WITH_GUI
|
||||
/* This cannot work in twireshark.... don't include for now */
|
||||
/* This cannot work in tshark.... don't include for now */
|
||||
#if GTK_MAJOR_VERSION >= 2
|
||||
#define SHOWPDU /* this needs GTK2 */
|
||||
#endif
|
||||
|
|
|
@ -499,7 +499,7 @@ ELUA_FUNCTION elua_retap_packets(lua_State* L) {
|
|||
if ( ops->retap_packets ) {
|
||||
ops->retap_packets();
|
||||
} else {
|
||||
ELUA_ERROR(elua_retap_packets, "does not work on tWireshark");
|
||||
ELUA_ERROR(elua_retap_packets, "does not work on TShark");
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -272,7 +272,7 @@ static int Tap_newindex(lua_State* L) {
|
|||
function tap.packet(pinfo,tvb,userdata) ... end
|
||||
*/
|
||||
/* ELUA_ATTRIBUTE Tap_draw WO A function that will be called once every few seconds to redraw the gui objects
|
||||
in twireshark this funtion is called oly at the very end of the capture file.
|
||||
in tshark this funtion is called oly at the very end of the capture file.
|
||||
|
||||
function tap.draw(userdata) ... end
|
||||
*/
|
||||
|
|
|
@ -157,7 +157,7 @@ afpstat_init(const char *optarg, void* userdata _U_)
|
|||
g_free(ss->filter);
|
||||
g_free(ss);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register afp,rtt tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register afp,rtt tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -170,7 +170,7 @@ dhcpstat_init(const char *optarg, void* userdata _U_)
|
|||
/* error, we failed to attach to the tap. clean up */
|
||||
g_free(sp->filter);
|
||||
g_free(sp);
|
||||
fprintf(stderr, "twireshark: Couldn't register dhcp,stat tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register dhcp,stat tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -229,15 +229,15 @@ dcerpcstat_init(const char *optarg, void* userdata _U_)
|
|||
filter=NULL;
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "twireshark: invalid \"-z dcerpc,rtt,<uuid>,<major version>.<minor version>[,<filter>]\" argument\n");
|
||||
fprintf(stderr, "tshark: invalid \"-z dcerpc,rtt,<uuid>,<major version>.<minor version>[,<filter>]\" argument\n");
|
||||
exit(1);
|
||||
}
|
||||
if (major < 0 || major > 65535) {
|
||||
fprintf(stderr,"twireshark: dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535\n", major);
|
||||
fprintf(stderr,"tshark: dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535\n", major);
|
||||
exit(1);
|
||||
}
|
||||
if (minor < 0 || minor > 65535) {
|
||||
fprintf(stderr,"twireshark: dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535\n", minor);
|
||||
fprintf(stderr,"tshark: dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535\n", minor);
|
||||
exit(1);
|
||||
}
|
||||
ver = major;
|
||||
|
@ -246,7 +246,7 @@ dcerpcstat_init(const char *optarg, void* userdata _U_)
|
|||
rs->prog=dcerpc_get_proto_name(&uuid, ver);
|
||||
if(!rs->prog){
|
||||
g_free(rs);
|
||||
fprintf(stderr,"twireshark: dcerpcstat_init() Protocol with uuid:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x v%u not supported\n",uuid.Data1,uuid.Data2,uuid.Data3,uuid.Data4[0],uuid.Data4[1],uuid.Data4[2],uuid.Data4[3],uuid.Data4[4],uuid.Data4[5],uuid.Data4[6],uuid.Data4[7],ver);
|
||||
fprintf(stderr,"tshark: dcerpcstat_init() Protocol with uuid:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x v%u not supported\n",uuid.Data1,uuid.Data2,uuid.Data3,uuid.Data4[0],uuid.Data4[1],uuid.Data4[2],uuid.Data4[3],uuid.Data4[4],uuid.Data4[5],uuid.Data4[6],uuid.Data4[7],ver);
|
||||
exit(1);
|
||||
}
|
||||
procs=dcerpc_get_proto_sub_dissector(&uuid, ver);
|
||||
|
@ -291,7 +291,7 @@ dcerpcstat_init(const char *optarg, void* userdata _U_)
|
|||
g_free(rs->filter);
|
||||
g_free(rs);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register dcerpc,rtt tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register dcerpc,rtt tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -412,7 +412,7 @@ h225counter_init(const char *optarg, void* userdata _U_)
|
|||
g_free(hs->filter);
|
||||
g_free(hs);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register h225,counter tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register h225,counter tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -236,7 +236,7 @@ h225rassrt_init(const char *optarg, void* userdata _U_)
|
|||
g_free(hs->filter);
|
||||
g_free(hs);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register h225,srt tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register h225,srt tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -314,7 +314,7 @@ gtk_httpstat_init(const char *optarg,void* userdata _U_)
|
|||
/* error, we failed to attach to the tap. clean up */
|
||||
g_free(sp->filter);
|
||||
g_free(sp);
|
||||
fprintf (stderr, "twireshark: Couldn't register http,stat tap: %s\n",
|
||||
fprintf (stderr, "tshark: Couldn't register http,stat tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
20
tap-iostat.c
20
tap-iostat.c
|
@ -479,18 +479,18 @@ register_io_tap(io_stat_t *io, int i, const char *filter)
|
|||
p=filter+namelen+1;
|
||||
parenp=strchr(p, ')');
|
||||
if(!parenp){
|
||||
fprintf(stderr, "twireshark: Closing parenthesis missing from calculated expression.\n");
|
||||
fprintf(stderr, "tshark: Closing parenthesis missing from calculated expression.\n");
|
||||
exit(10);
|
||||
}
|
||||
/* bail out if there was no field specified */
|
||||
if(parenp==p){
|
||||
fprintf(stderr, "twireshark: You didn't specify a field name for %s(*).\n",
|
||||
fprintf(stderr, "tshark: You didn't specify a field name for %s(*).\n",
|
||||
calc_type_table[j].func_name);
|
||||
exit(10);
|
||||
}
|
||||
field=malloc(parenp-p+1);
|
||||
if(!field){
|
||||
fprintf(stderr, "twireshark: Out of memory.\n");
|
||||
fprintf(stderr, "tshark: Out of memory.\n");
|
||||
exit(10);
|
||||
}
|
||||
memcpy(field, p, parenp-p);
|
||||
|
@ -499,7 +499,7 @@ register_io_tap(io_stat_t *io, int i, const char *filter)
|
|||
|
||||
hfi=proto_registrar_get_byname(field);
|
||||
if(!hfi){
|
||||
fprintf(stderr, "twireshark: There is no field named '%s'.\n",
|
||||
fprintf(stderr, "tshark: There is no field named '%s'.\n",
|
||||
field);
|
||||
free(field);
|
||||
exit(10);
|
||||
|
@ -533,7 +533,7 @@ register_io_tap(io_stat_t *io, int i, const char *filter)
|
|||
break;
|
||||
default:
|
||||
fprintf(stderr,
|
||||
"twireshark: %s is a relative-time field, so %s(*) calculations are not supported on it.",
|
||||
"tshark: %s is a relative-time field, so %s(*) calculations are not supported on it.",
|
||||
field,
|
||||
calc_type_table[j].func_name);
|
||||
exit(10);
|
||||
|
@ -547,7 +547,7 @@ register_io_tap(io_stat_t *io, int i, const char *filter)
|
|||
*/
|
||||
if(io->items[i].calc_type!=CALC_TYPE_COUNT){
|
||||
fprintf(stderr,
|
||||
"twireshark: %s is a 64-bit integer, so %s(*) calculations are not supported on it.",
|
||||
"tshark: %s is a 64-bit integer, so %s(*) calculations are not supported on it.",
|
||||
field,
|
||||
calc_type_table[j].func_name);
|
||||
exit(10);
|
||||
|
@ -560,7 +560,7 @@ register_io_tap(io_stat_t *io, int i, const char *filter)
|
|||
*/
|
||||
if(io->items[i].calc_type!=CALC_TYPE_COUNT){
|
||||
fprintf(stderr,
|
||||
"twireshark: %s doesn't have integral values, so %s(*) calculations are not supported on it.\n",
|
||||
"tshark: %s doesn't have integral values, so %s(*) calculations are not supported on it.\n",
|
||||
field,
|
||||
calc_type_table[j].func_name);
|
||||
exit(10);
|
||||
|
@ -581,7 +581,7 @@ CALC_TYPE_AVG 5
|
|||
if(error_string){
|
||||
g_free(io->items);
|
||||
g_free(io);
|
||||
fprintf(stderr, "twireshark: Couldn't register io,stat tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register io,stat tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
@ -604,7 +604,7 @@ iostat_init(const char *optarg, void* userdata _U_)
|
|||
filter=NULL;
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "twireshark: invalid \"-z io,stat,<interval>[,<filter>]\" argument\n");
|
||||
fprintf(stderr, "tshark: invalid \"-z io,stat,<interval>[,<filter>]\" argument\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -612,7 +612,7 @@ iostat_init(const char *optarg, void* userdata _U_)
|
|||
/* make interval be number of ms */
|
||||
interval=(gint32)(interval_float*1000.0+0.9);
|
||||
if(interval<1){
|
||||
fprintf(stderr, "twireshark: \"-z\" interval must be >=0.001 seconds.\n");
|
||||
fprintf(stderr, "tshark: \"-z\" interval must be >=0.001 seconds.\n");
|
||||
exit(10);
|
||||
}
|
||||
|
||||
|
|
|
@ -671,7 +671,7 @@ iousers_init(const char *optarg, void* userdata _U_)
|
|||
tap_type_name="SCTP";
|
||||
packet_func=iousers_sctp_packet;
|
||||
} else {
|
||||
fprintf(stderr, "twireshark: invalid \"-z conv,<type>[,<filter>]\" argument\n");
|
||||
fprintf(stderr, "tshark: invalid \"-z conv,<type>[,<filter>]\" argument\n");
|
||||
fprintf(stderr," <type> must be one of\n");
|
||||
fprintf(stderr," \"eth\"\n");
|
||||
fprintf(stderr," \"fc\"\n");
|
||||
|
@ -701,7 +701,7 @@ iousers_init(const char *optarg, void* userdata _U_)
|
|||
g_free(iu->items);
|
||||
}
|
||||
g_free(iu);
|
||||
fprintf(stderr, "twireshark: Couldn't register conversations tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register conversations tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -217,7 +217,7 @@ mgcpstat_init(const char *optarg, void* userdata _U_)
|
|||
g_free(ms->filter);
|
||||
g_free(ms);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register mgcp,rtd tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register mgcp,rtd tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* This module provides Protocol Column Info tap for twireshark */
|
||||
/* This module provides Protocol Column Info tap for tshark */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
|
@ -67,7 +67,7 @@ protocolinfo_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt, const vo
|
|||
* and, if so, we report that error and exit.
|
||||
*/
|
||||
if (pinfo->cinfo == NULL) {
|
||||
fprintf(stderr, "twireshark: the proto,colinfo tap doesn't work if the columns aren't being printed.\n");
|
||||
fprintf(stderr, "tshark: the proto,colinfo tap doesn't work if the columns aren't being printed.\n");
|
||||
exit(1);
|
||||
}
|
||||
gp=proto_get_finfo_ptr_array(edt->tree, rs->hf_index);
|
||||
|
@ -103,13 +103,13 @@ protocolinfo_init(const char *optarg, void* userdata _U_)
|
|||
}
|
||||
}
|
||||
if(!field){
|
||||
fprintf(stderr, "twireshark: invalid \"-z proto,colinfo,<filter>,<field>\" argument\n");
|
||||
fprintf(stderr, "tshark: invalid \"-z proto,colinfo,<filter>,<field>\" argument\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
hfi=proto_registrar_get_byname(field);
|
||||
if(!hfi){
|
||||
fprintf(stderr, "twireshark: Field \"%s\" doesn't exist.\n", field);
|
||||
fprintf(stderr, "tshark: Field \"%s\" doesn't exist.\n", field);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -126,7 +126,7 @@ protocolinfo_init(const char *optarg, void* userdata _U_)
|
|||
error_string=register_tap_listener("frame", rs, rs->filter, NULL, protocolinfo_packet, NULL);
|
||||
if(error_string){
|
||||
/* error, we failed to attach to the tap. complain and clean up */
|
||||
fprintf(stderr, "twireshark: Couldn't register proto,colinfo tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register proto,colinfo tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
if(rs->filter){
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* This module provides ProtocolHierarchyStatistics for twireshark */
|
||||
/* This module provides ProtocolHierarchyStatistics for tshark */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
|
@ -193,7 +193,7 @@ protohierstat_init(const char *optarg, void* userdata _U_)
|
|||
filter="frame";
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "twireshark: invalid \"-z io,phs[,<filter>]\" argument\n");
|
||||
fprintf(stderr, "tshark: invalid \"-z io,phs[,<filter>]\" argument\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -212,7 +212,7 @@ protohierstat_init(const char *optarg, void* userdata _U_)
|
|||
g_free(rs->filter);
|
||||
g_free(rs);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register io,phs tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register io,phs tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -22,8 +22,8 @@
|
|||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* This module provides rpc call/reply SRT statistics to twireshark.
|
||||
* It is only used by twireshark and not wireshark
|
||||
/* This module provides rpc call/reply SRT statistics to tshark.
|
||||
* It is only used by tshark and not wireshark
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -227,7 +227,7 @@ rpcprogs_init(const char *optarg _U_, void* userdata _U_)
|
|||
|
||||
error_string=register_tap_listener("rpc", NULL, NULL, NULL, rpcprogs_packet, rpcprogs_draw);
|
||||
if(error_string){
|
||||
fprintf(stderr,"twireshark: Couldn't register rpc,programs tap: %s\n",
|
||||
fprintf(stderr,"tshark: Couldn't register rpc,programs tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -22,8 +22,8 @@
|
|||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* This module provides rpc call/reply RTT statistics to twireshark.
|
||||
* It is only used by twireshark and not wireshark
|
||||
/* This module provides rpc call/reply RTT statistics to tshark.
|
||||
* It is only used by tshark and not wireshark
|
||||
*
|
||||
* It serves as an example on how to use the tap api.
|
||||
*/
|
||||
|
@ -66,7 +66,7 @@ typedef struct _rpcstat_t {
|
|||
|
||||
|
||||
|
||||
/* This callback is never used by twireshark but it is here for completeness.
|
||||
/* This callback is never used by tshark but it is here for completeness.
|
||||
* When registering below, we could just have left this function as NULL.
|
||||
*
|
||||
* When used by wireshark, this function will be called whenever we would need
|
||||
|
@ -186,10 +186,10 @@ rpcstat_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt _U_, const voi
|
|||
return 1;
|
||||
}
|
||||
|
||||
/* This callback is used when twireshark wants us to draw/update our
|
||||
* data to the output device. Since this is twireshark only output is
|
||||
/* This callback is used when tshark wants us to draw/update our
|
||||
* data to the output device. Since this is tshark only output is
|
||||
* stdout.
|
||||
* Twireshark will only call this callback once, which is when twireshark has
|
||||
* TShark will only call this callback once, which is when tshark has
|
||||
* finished reading all packets and exists.
|
||||
* If used with wireshark this may be called any time, perhaps once every 3
|
||||
* seconds or so.
|
||||
|
@ -268,7 +268,7 @@ rpcstat_find_procs(gpointer *key, gpointer *value _U_, gpointer *user_data _U_)
|
|||
/* When called, this function will create a new instance of rpcstat.
|
||||
* program and version are whick onc-rpc program/version we want to
|
||||
* collect statistics for.
|
||||
* This function is called from twireshark when it parses the -z rpc, arguments
|
||||
* This function is called from tshark when it parses the -z rpc, arguments
|
||||
* and it creates a new instance to store statistics in and registers this
|
||||
* new instance for the rpc tap.
|
||||
*/
|
||||
|
@ -289,7 +289,7 @@ rpcstat_init(const char *optarg, void* userdata _U_)
|
|||
filter=NULL;
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "twireshark: invalid \"-z rpc,rtt,<program>,<version>[,<filter>]\" argument\n");
|
||||
fprintf(stderr, "tshark: invalid \"-z rpc,rtt,<program>,<version>[,<filter>]\" argument\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -309,8 +309,8 @@ rpcstat_init(const char *optarg, void* userdata _U_)
|
|||
rpc_max_proc=-1;
|
||||
g_hash_table_foreach(rpc_procs, (GHFunc)rpcstat_find_procs, NULL);
|
||||
if(rpc_min_proc==-1){
|
||||
fprintf(stderr,"twireshark: Invalid -z rpc,rrt,%d,%d\n",rpc_program,rpc_version);
|
||||
fprintf(stderr," Program:%d version:%d isn't supported by twireshark.\n", rpc_program, rpc_version);
|
||||
fprintf(stderr,"tshark: Invalid -z rpc,rrt,%d,%d\n",rpc_program,rpc_version);
|
||||
fprintf(stderr," Program:%d version:%d isn't supported by tshark.\n", rpc_program, rpc_version);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -345,7 +345,7 @@ rpcstat_init(const char *optarg, void* userdata _U_)
|
|||
g_free(rs->filter);
|
||||
g_free(rs);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register rpc,rtt tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register rpc,rtt tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -246,7 +246,7 @@ sctpstat_init(const char *optarg, void* userdata _U_)
|
|||
g_free(hs->filter);
|
||||
g_free(hs);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register sctp,stat tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register sctp,stat tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -378,7 +378,7 @@ sipstat_init(const char *optarg, void* userdata _U_)
|
|||
/* error, we failed to attach to the tap. clean up */
|
||||
g_free(sp->filter);
|
||||
g_free(sp);
|
||||
fprintf (stderr, "twireshark: Couldn't register sip,stat tap: %s\n",
|
||||
fprintf (stderr, "tshark: Couldn't register sip,stat tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -78,14 +78,14 @@ smbsids_init(const char *optarg _U_, void* userdata _U_)
|
|||
fprintf(stderr,"Either enable Edit/Preferences/Protocols/SMB/Snoop SID name mappings in wireshark\n");
|
||||
fprintf(stderr,"or override the preference file by specifying\n");
|
||||
fprintf(stderr," -o \"smb.sid_name_snooping=TRUE\"\n");
|
||||
fprintf(stderr,"on the twireshark command line.\n");
|
||||
fprintf(stderr,"on the tshark command line.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
error_string=register_tap_listener("smb", NULL, NULL, NULL, smbsids_packet, smbsids_draw);
|
||||
if(error_string){
|
||||
fprintf(stderr, "twireshark: Couldn't register smb,sids tap:%s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register smb,sids tap:%s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -265,7 +265,7 @@ smbstat_init(const char *optarg,void* userdata _U_)
|
|||
g_free(ss->filter);
|
||||
g_free(ss);
|
||||
|
||||
fprintf(stderr, "twireshark: Couldn't register smb,rtt tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register smb,rtt tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* tap-stats_tree.c
|
||||
* twireshark's tap implememntation of stats_tree
|
||||
* tshark's tap implememntation of stats_tree
|
||||
* 2005, Luis E. G. Ontanon
|
||||
*
|
||||
* $Id$
|
||||
|
|
|
@ -22,8 +22,8 @@
|
|||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* This module provides WSP statistics to twireshark.
|
||||
* It is only used by twireshark and not wireshark
|
||||
/* This module provides WSP statistics to tshark.
|
||||
* It is only used by tshark and not wireshark
|
||||
*
|
||||
*/
|
||||
|
||||
|
@ -168,10 +168,10 @@ wspstat_packet(void *psp, packet_info *pinfo _U_, epan_dissect_t *edt _U_, const
|
|||
}
|
||||
|
||||
|
||||
/* This callback is used when twireshark wants us to draw/update our
|
||||
* data to the output device. Since this is twireshark only output is
|
||||
/* This callback is used when tshark wants us to draw/update our
|
||||
* data to the output device. Since this is tshark only output is
|
||||
* stdout.
|
||||
* Twireshark will only call this callback once, which is when twireshark has
|
||||
* TShark will only call this callback once, which is when tshark has
|
||||
* finished reading all packets and exists.
|
||||
* If used with wireshark this may be called any time, perhaps once every 3
|
||||
* seconds or so.
|
||||
|
@ -209,7 +209,7 @@ wspstat_draw(void *psp)
|
|||
/* When called, this function will create a new instance of wspstat.
|
||||
* program and version are whick onc-rpc program/version we want to
|
||||
* collect statistics for.
|
||||
* This function is called from twireshark when it parses the -z wsp, arguments
|
||||
* This function is called from tshark when it parses the -z wsp, arguments
|
||||
* and it creates a new instance to store statistics in and registers this
|
||||
* new instance for the wsp tap.
|
||||
*/
|
||||
|
@ -272,7 +272,7 @@ wspstat_init(const char *optarg, void* userdata _U_)
|
|||
g_free(sp);
|
||||
g_hash_table_foreach( sp->hash, (GHFunc) wsp_free_hash_table, NULL ) ;
|
||||
g_hash_table_destroy( sp->hash );
|
||||
fprintf(stderr, "twireshark: Couldn't register wsp,stat tap: %s\n",
|
||||
fprintf(stderr, "tshark: Couldn't register wsp,stat tap: %s\n",
|
||||
error_string->str);
|
||||
g_string_free(error_string, TRUE);
|
||||
exit(1);
|
||||
|
|
|
@ -7,7 +7,7 @@ What is it?
|
|||
This is basically a collection of bash scripts to test the command line options of:
|
||||
|
||||
- Ethereal
|
||||
- Tethereal
|
||||
- TShark
|
||||
- Dumpcap
|
||||
|
||||
Motivation
|
||||
|
|
|
@ -28,7 +28,7 @@ ETH_BIN_PATH=../Debug_GTK2
|
|||
|
||||
# Tweak the following to your liking.
|
||||
ETHEREAL=$ETH_BIN_PATH/ethereal
|
||||
TETHEREAL=$ETH_BIN_PATH/tethereal
|
||||
TSHARK=$ETH_BIN_PATH/tshark
|
||||
CAPINFOS=$ETH_BIN_PATH/capinfos
|
||||
DUMPCAP=$ETH_BIN_PATH/dumpcap
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ capture_step_10packets() {
|
|||
test_step_failed "exit status of $DUT: $RETURNVALUE"
|
||||
# part of the Prerequisite checks
|
||||
# probably wrong interface, output the possible interfaces
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
return
|
||||
fi
|
||||
|
||||
|
@ -58,7 +58,7 @@ capture_step_10packets() {
|
|||
cat ./testout.txt
|
||||
# part of the Prerequisite checks
|
||||
# probably wrong interface, output the possible interfaces
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
|
||||
fi
|
||||
}
|
||||
|
@ -69,7 +69,7 @@ capture_step_10packets_stdout() {
|
|||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
||||
test_step_failed "exit status of $DUT: $RETURNVALUE"
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
return
|
||||
fi
|
||||
|
||||
|
@ -88,7 +88,7 @@ capture_step_10packets_stdout() {
|
|||
echo
|
||||
cat ./testout.txt
|
||||
cat ./testout2.txt
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
|
||||
fi
|
||||
}
|
||||
|
@ -101,7 +101,7 @@ capture_step_2multi_10packets() {
|
|||
test_step_failed "exit status of $DUT: $RETURNVALUE"
|
||||
# part of the Prerequisite checks
|
||||
# probably wrong interface, output the possible interfaces
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
return
|
||||
fi
|
||||
|
||||
|
@ -169,8 +169,8 @@ capture_step_snapshot() {
|
|||
return
|
||||
fi
|
||||
|
||||
# use tethereal to filter out all packets, which are larger than 68 bytes
|
||||
$TETHEREAL -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
|
||||
# use tshark to filter out all packets, which are larger than 68 bytes
|
||||
$TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
|
||||
|
||||
# ok, we got a capture file, does it contain exactly 0 packets?
|
||||
$CAPINFOS ./testout2.pcap > ./testout.txt
|
||||
|
@ -196,8 +196,8 @@ ethereal_capture_suite() {
|
|||
test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
|
||||
}
|
||||
|
||||
tethereal_capture_suite() {
|
||||
DUT=$TETHEREAL
|
||||
tshark_capture_suite() {
|
||||
DUT=$TSHARK
|
||||
test_step_add "Capture 10 packets" capture_step_10packets
|
||||
test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
|
||||
test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
|
||||
|
@ -225,7 +225,7 @@ capture_suite() {
|
|||
test_step_set_pre capture_cleanup_step
|
||||
test_step_set_post capture_cleanup_step
|
||||
test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
|
||||
test_suite_add "Tethereal capture" tethereal_capture_suite
|
||||
test_suite_add "TShark capture" tshark_capture_suite
|
||||
test_suite_add "Ethereal capture" ethereal_capture_suite
|
||||
test_suite_add "Dumpcap capture" dumpcap_capture_suite
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@ EXIT_ERROR=2
|
|||
|
||||
|
||||
# generic: check against a specific exit status with a single char option
|
||||
# $1 command: tethereal
|
||||
# $1 command: tshark
|
||||
# $2 option: a
|
||||
# $3 expected exit status: 0
|
||||
test_single_char_options()
|
||||
|
@ -49,7 +49,7 @@ test_single_char_options()
|
|||
|
||||
# check exit status when reading an existing file
|
||||
clopts_step_existing_file() {
|
||||
$TETHEREAL -r $CAPFILE > ./testout.txt 2>&1
|
||||
$TSHARK -r $CAPFILE > ./testout.txt 2>&1
|
||||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
||||
test_step_failed "exit status: $RETURNVALUE"
|
||||
|
@ -62,7 +62,7 @@ clopts_step_existing_file() {
|
|||
|
||||
# check exit status when reading a none existing file
|
||||
clopts_step_nonexisting_file() {
|
||||
$TETHEREAL -r ThisFileDontExist.pcap > ./testout.txt 2>&1
|
||||
$TSHARK -r ThisFileDontExist.pcap > ./testout.txt 2>&1
|
||||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_ERROR ]; then
|
||||
test_step_failed "exit status: $RETURNVALUE"
|
||||
|
@ -74,10 +74,10 @@ clopts_step_nonexisting_file() {
|
|||
|
||||
|
||||
# check exit status of all single char option being invalid
|
||||
clopts_suite_tethereal_invalid_chars() {
|
||||
clopts_suite_tshark_invalid_chars() {
|
||||
for index in A B C E F H I J K M N O P Q R T U W X Y Z a b c d e f g i j k m o r s t u w y z
|
||||
do
|
||||
test_step_add "Invalid Tethereal parameter -$index, exit status must be $EXIT_COMMAND_LINE" "test_single_char_options $TETHEREAL $index $EXIT_COMMAND_LINE"
|
||||
test_step_add "Invalid TShark parameter -$index, exit status must be $EXIT_COMMAND_LINE" "test_single_char_options $TSHARK $index $EXIT_COMMAND_LINE"
|
||||
done
|
||||
}
|
||||
|
||||
|
@ -86,7 +86,7 @@ clopts_suite_tethereal_invalid_chars() {
|
|||
clopts_suite_valid_chars() {
|
||||
for index in D G L h v
|
||||
do
|
||||
test_step_add "Valid Tethereal parameter -$index, exit status must be $EXIT_OK" "test_single_char_options $TETHEREAL $index $EXIT_OK"
|
||||
test_step_add "Valid TShark parameter -$index, exit status must be $EXIT_OK" "test_single_char_options $TSHARK $index $EXIT_OK"
|
||||
done
|
||||
}
|
||||
|
||||
|
@ -95,7 +95,7 @@ clopts_suite_valid_chars() {
|
|||
|
||||
# check exit status and grep output string of an invalid capture filter
|
||||
clopts_step_invalid_capfilter() {
|
||||
$TETHEREAL -f 'jkghg' -w './testout.pcap' > ./testout.txt 2>&1
|
||||
$TSHARK -f 'jkghg' -w './testout.pcap' > ./testout.txt 2>&1
|
||||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
||||
test_step_failed "exit status: $RETURNVALUE"
|
||||
|
@ -112,7 +112,7 @@ clopts_step_invalid_capfilter() {
|
|||
|
||||
# check exit status and grep output string of an invalid interface
|
||||
clopts_step_invalid_interface() {
|
||||
$TETHEREAL -i invalid_interface -w './testout.pcap' > ./testout.txt 2>&1
|
||||
$TSHARK -i invalid_interface -w './testout.pcap' > ./testout.txt 2>&1
|
||||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
||||
test_step_failed "exit status: $RETURNVALUE"
|
||||
|
@ -130,7 +130,7 @@ clopts_step_invalid_interface() {
|
|||
# check exit status and grep output string of an invalid interface index
|
||||
# (valid interface indexes start with 1)
|
||||
clopts_step_invalid_interface_index() {
|
||||
$TETHEREAL -i 0 -w './testout.pcap' > ./testout.txt 2>&1
|
||||
$TSHARK -i 0 -w './testout.pcap' > ./testout.txt 2>&1
|
||||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_COMMAND_LINE ]; then
|
||||
test_step_failed "exit status: $RETURNVALUE"
|
||||
|
@ -148,7 +148,7 @@ clopts_step_invalid_interface_index() {
|
|||
# check exit status and grep output string of an invalid capture filter
|
||||
# XXX - how to efficiently test the *invalid* flags?
|
||||
clopts_step_valid_name_resolving() {
|
||||
$TETHEREAL -N mntC -a duration:1 > ./testout.txt 2>&1
|
||||
$TSHARK -N mntC -a duration:1 > ./testout.txt 2>&1
|
||||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
||||
test_step_failed "exit status: $RETURNVALUE"
|
||||
|
@ -171,8 +171,8 @@ clopts_post_step() {
|
|||
clopt_suite() {
|
||||
test_step_set_post clopts_post_step
|
||||
test_suite_add "Basic tests" clopts_suite_basic
|
||||
test_suite_add "Invalid Tethereal single char options" clopts_suite_tethereal_invalid_chars
|
||||
test_suite_add "Valid Tethereal single char options" clopts_suite_valid_chars
|
||||
test_suite_add "Invalid TShark single char options" clopts_suite_tshark_invalid_chars
|
||||
test_suite_add "Valid TShark single char options" clopts_suite_valid_chars
|
||||
test_step_add "Invalid capture filter -f" clopts_step_invalid_capfilter
|
||||
test_step_add "Invalid capture interface -i" clopts_step_invalid_interface
|
||||
test_step_add "Invalid capture interface index 0" clopts_step_invalid_interface_index
|
||||
|
|
|
@ -38,7 +38,7 @@ io_step_input_file() {
|
|||
test_step_failed "exit status of $DUT: $RETURNVALUE"
|
||||
# part of the Prerequisite checks
|
||||
# probably wrong interface, output the possible interfaces
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
return
|
||||
fi
|
||||
|
||||
|
@ -58,7 +58,7 @@ io_step_input_file() {
|
|||
cat ./testout.txt
|
||||
# part of the Prerequisite checks
|
||||
# probably wrong interface, output the possible interfaces
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
|
||||
fi
|
||||
}
|
||||
|
@ -69,7 +69,7 @@ io_step_output_piping() {
|
|||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
||||
test_step_failed "exit status of $DUT: $RETURNVALUE"
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
return
|
||||
fi
|
||||
|
||||
|
@ -88,7 +88,7 @@ io_step_output_piping() {
|
|||
echo
|
||||
cat ./testout.txt
|
||||
cat ./testout2.txt
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
|
||||
fi
|
||||
}
|
||||
|
@ -98,7 +98,7 @@ io_step_input_piping() {
|
|||
cat -B dhcp.pcap | $DUT -r - -w ./testout.pcap 2>./testout.txt
|
||||
RETURNVALUE=$?
|
||||
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
echo
|
||||
cat ./testout.txt
|
||||
test_step_failed "exit status of $DUT: $RETURNVALUE"
|
||||
|
@ -120,7 +120,7 @@ io_step_input_piping() {
|
|||
echo
|
||||
cat ./testout.txt
|
||||
cat ./testout2.txt
|
||||
$TETHEREAL -D
|
||||
$TSHARK -D
|
||||
test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
|
||||
fi
|
||||
}
|
||||
|
@ -131,8 +131,8 @@ ethereal_io_suite() {
|
|||
test_step_add "Input file" io_step_input_file
|
||||
}
|
||||
|
||||
tethereal_io_suite() {
|
||||
DUT=$TETHEREAL
|
||||
tshark_io_suite() {
|
||||
DUT=$TSHARK
|
||||
test_step_add "Input file" io_step_input_file
|
||||
test_step_add "Output piping" io_step_output_piping
|
||||
#test_step_add "Piping" io_step_input_piping
|
||||
|
@ -155,7 +155,7 @@ io_cleanup_step() {
|
|||
io_suite() {
|
||||
test_step_set_pre io_cleanup_step
|
||||
test_step_set_post io_cleanup_step
|
||||
test_suite_add "Tethereal file I/O" tethereal_io_suite
|
||||
test_suite_add "TShark file I/O" tshark_io_suite
|
||||
#test_suite_add "Ethereal file I/O" ethereal_io_suite
|
||||
#test_suite_add "Dumpcap file I/O" dumpcap_io_suite
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ source suite-capture.sh
|
|||
test_step_prerequisites() {
|
||||
|
||||
NOTFOUND=0
|
||||
for i in "$ETHEREAL" "$TETHEREAL" "$CAPINFOS" "$DUMPCAP" ; do
|
||||
for i in "$ETHEREAL" "$TSHARK" "$CAPINFOS" "$DUMPCAP" ; do
|
||||
if [ ! -x $i ]; then
|
||||
echo "Couldn't find $i"
|
||||
NOTFOUND=1
|
||||
|
@ -71,8 +71,8 @@ test_suite() {
|
|||
test_set_output VERBOSE
|
||||
|
||||
|
||||
#test_suite_run "Tethereal command line options" clopt_suite
|
||||
#test_suite_run "Tethereal capture" capture_suite
|
||||
#test_suite_run "TShark command line options" clopt_suite
|
||||
#test_suite_run "TShark capture" capture_suite
|
||||
|
||||
|
||||
# all
|
||||
|
@ -171,4 +171,4 @@ done
|
|||
;;
|
||||
|
||||
esac
|
||||
done
|
||||
done
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
"""
|
||||
Baseclass for reading PDML produced from Tethereal.
|
||||
Baseclass for reading PDML produced from TShark.
|
||||
|
||||
Copyright (c) 2003 by Gilbert Ramirez <gram@alumni.rice.edu>
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ import getopt
|
|||
REMOVE_TEMP_FILES = 1
|
||||
VERBOSE = 0
|
||||
TEXT2PCAP = os.path.join(".", "text2pcap")
|
||||
TETHEREAL = os.path.join(".", "tethereal")
|
||||
TSHARK = os.path.join(".", "tshark")
|
||||
|
||||
# Some DLT values. Add more from <net/bpf.h> if you need to.
|
||||
|
||||
|
@ -191,26 +191,26 @@ class Test:
|
|||
def DFilterCount(self, packet, dfilter, num_lines_expected):
|
||||
"""Run a dfilter on a packet file and expect
|
||||
a certain number of output lines. If num_lines_expected
|
||||
is None, then the tethereal command is expected to fail
|
||||
is None, then the tshark command is expected to fail
|
||||
with a non-zero return value."""
|
||||
|
||||
packet_file = packet.Filename()
|
||||
|
||||
cmd = (TETHEREAL, "-n -r", packet_file, "-R '", dfilter, "'")
|
||||
cmd = (TSHARK, "-n -r", packet_file, "-R '", dfilter, "'")
|
||||
|
||||
tethereal_failed = 0
|
||||
tshark_failed = 0
|
||||
|
||||
try:
|
||||
(output, retval) = run_cmd(cmd)
|
||||
except RunCommandError:
|
||||
tethereal_failed = 1
|
||||
tshark_failed = 1
|
||||
|
||||
# print "GOT", len(output), "lines:", output, retval
|
||||
|
||||
if retval:
|
||||
tethereal_failed = 1
|
||||
tshark_failed = 1
|
||||
|
||||
if tethereal_failed:
|
||||
if tshark_failed:
|
||||
if num_lines_expected == None:
|
||||
if VERBOSE:
|
||||
print "\nGot:", output
|
||||
|
@ -1325,8 +1325,8 @@ all_tests = [
|
|||
|
||||
def usage():
|
||||
print "usage: %s [OPTS] [TEST ...]" % (sys.argv[0],)
|
||||
print "\t-p PATH : path to find both tethereal and text2pcap (DEFAULT: . )"
|
||||
print "\t-t FILE : location of tethereal binary"
|
||||
print "\t-p PATH : path to find both tshark and text2pcap (DEFAULT: . )"
|
||||
print "\t-t FILE : location of tshark binary"
|
||||
print "\t-x FILE : location of text2pcap binary"
|
||||
print "\t-k : keep temporary files"
|
||||
print "\t-v : verbose"
|
||||
|
@ -1339,7 +1339,7 @@ def usage():
|
|||
|
||||
def main():
|
||||
|
||||
global TETHEREAL
|
||||
global TSHARK
|
||||
global TEXT2PCAP
|
||||
global VERBOSE
|
||||
global REMOVE_TEMP_FILES
|
||||
|
@ -1355,14 +1355,14 @@ def main():
|
|||
|
||||
for opt, arg in opts:
|
||||
if opt == "-t":
|
||||
TETHEREAL = arg
|
||||
TSHARK = arg
|
||||
elif opt == "-x":
|
||||
TEXT2PCAP = arg
|
||||
elif opt == "-v":
|
||||
VERBOSE = 1
|
||||
elif opt == "-p":
|
||||
TEXT2PCAP = os.path.join(arg, "text2pcap")
|
||||
TETHEREAL = os.path.join(arg, "tethereal")
|
||||
TSHARK = os.path.join(arg, "tshark")
|
||||
elif opt == "-k":
|
||||
REMOVE_TEMP_FILES = 0
|
||||
else:
|
||||
|
@ -1370,8 +1370,8 @@ def main():
|
|||
usage()
|
||||
|
||||
# Sanity test
|
||||
if not os.path.exists(TETHEREAL):
|
||||
sys.exit("tethereal program '%s' does not exist." % (TETHEREAL,))
|
||||
if not os.path.exists(TSHARK):
|
||||
sys.exit("tshark program '%s' does not exist." % (TSHARK,))
|
||||
|
||||
if not os.path.exists(TEXT2PCAP):
|
||||
sys.exit("text2pcap program '%s' does not exist." % (TEXT2PCAP,))
|
||||
|
|
|
@ -42,9 +42,9 @@ class Field:
|
|||
|
||||
|
||||
|
||||
def gather_data(tethereal):
|
||||
"""Calls tethereal and gathers data."""
|
||||
cmd = "%s -G fields3" % (tethereal,)
|
||||
def gather_data(tshark):
|
||||
"""Calls tshark and gathers data."""
|
||||
cmd = "%s -G fields3" % (tshark,)
|
||||
(status, output) = commands.getstatusoutput(cmd)
|
||||
|
||||
if status != 0:
|
||||
|
@ -69,10 +69,10 @@ def check_fields(fields):
|
|||
(field.abbrev, field.bitmask, field.ftype)
|
||||
errors += 1
|
||||
|
||||
def run(tethereal):
|
||||
def run(tshark):
|
||||
"""Run the tests."""
|
||||
global errors
|
||||
protos, fields = gather_data(tethereal)
|
||||
protos, fields = gather_data(tshark)
|
||||
|
||||
check_fields(fields)
|
||||
|
||||
|
@ -83,13 +83,13 @@ def run(tethereal):
|
|||
|
||||
def main():
|
||||
"""Parse the command-line."""
|
||||
usage = "%prog tethereal"
|
||||
usage = "%prog tshark"
|
||||
parser = OptionParser(usage=usage)
|
||||
|
||||
(options, args) = parser.parse_args()
|
||||
|
||||
if len(args) != 1:
|
||||
parser.error("Need location of tethereal.")
|
||||
parser.error("Need location of tshark.")
|
||||
|
||||
run(args[0])
|
||||
|
||||
|
|
|
@ -2,15 +2,15 @@
|
|||
#
|
||||
# $Id$
|
||||
|
||||
# Fuzz-testing script for Tethereal
|
||||
# Fuzz-testing script for TShark
|
||||
#
|
||||
# This script uses Editcap to add random errors ("fuzz") to a set of
|
||||
# capture files specified on the command line. It runs Tethereal on
|
||||
# capture files specified on the command line. It runs TShark on
|
||||
# each fuzzed file and checks for errors. The files are processed
|
||||
# repeatedly until an error is found.
|
||||
|
||||
# Tweak the following to your liking. Editcap must support "-E".
|
||||
TETHEREAL=./tethereal
|
||||
TSHARK=./tshark
|
||||
EDITCAP=./editcap
|
||||
CAPINFOS=./capinfos
|
||||
|
||||
|
@ -41,15 +41,15 @@ ulimit -c unlimited
|
|||
|
||||
### usually you won't have to change anything below this line ###
|
||||
|
||||
# Tethereal arguments (you won't have to change these)
|
||||
# TShark arguments (you won't have to change these)
|
||||
# n Disable network object name resolution
|
||||
# V Print a view of the details of the packet rather than a one-line summary of the packet
|
||||
# x Cause Tethereal to print a hex and ASCII dump of the packet data after printing the summary or details
|
||||
# x Cause TShark to print a hex and ASCII dump of the packet data after printing the summary or details
|
||||
# r Read packet data from the following infile
|
||||
TETHEREAL_ARGS="-nVxr"
|
||||
TSHARK_ARGS="-nVxr"
|
||||
|
||||
NOTFOUND=0
|
||||
for i in "$TETHEREAL" "$EDITCAP" "$CAPINFOS" "$DATE" "$TMP_DIR" ; do
|
||||
for i in "$TSHARK" "$EDITCAP" "$CAPINFOS" "$DATE" "$TMP_DIR" ; do
|
||||
if [ ! -x $i ]; then
|
||||
echo "Couldn't find $i"
|
||||
NOTFOUND=1
|
||||
|
@ -75,7 +75,7 @@ FIN
|
|||
exit 1
|
||||
fi
|
||||
|
||||
echo "Running $TETHEREAL with args: $TETHEREAL_ARGS"
|
||||
echo "Running $TSHARK with args: $TSHARK_ARGS"
|
||||
echo ""
|
||||
|
||||
# Not yet - properly handle empty filenames
|
||||
|
@ -108,7 +108,7 @@ while [ 1 ] ; do
|
|||
fi
|
||||
fi
|
||||
|
||||
"$TETHEREAL" $TETHEREAL_ARGS $TMP_DIR/$TMP_FILE \
|
||||
"$TSHARK" $TSHARK_ARGS $TMP_DIR/$TMP_FILE \
|
||||
> /dev/null 2> $TMP_DIR/$ERR_FILE
|
||||
RETVAL=$?
|
||||
grep -i "dissector bug" $TMP_DIR/$ERR_FILE \
|
||||
|
|
|
@ -208,13 +208,13 @@ class CaptureFile:
|
|||
"""Parses a single a capture file and keeps track of
|
||||
all chat sessions in the file."""
|
||||
|
||||
def __init__(self, capture_filename, tethereal):
|
||||
"""Run tethereal on the capture file and parse
|
||||
def __init__(self, capture_filename, tshark):
|
||||
"""Run tshark on the capture file and parse
|
||||
the data."""
|
||||
self.conversations = []
|
||||
self.conversations_map = {}
|
||||
|
||||
pipe = os.popen(tethereal + " -Tpdml -n -R "
|
||||
pipe = os.popen(tshark + " -Tpdml -n -R "
|
||||
"'msnms contains \"X-MMS-IM-Format\"' "
|
||||
"-r " + capture_filename, "r")
|
||||
|
||||
|
@ -253,14 +253,14 @@ class CaptureFile:
|
|||
conv.CreateHTML(default_user)
|
||||
|
||||
|
||||
def run_filename(filename, default_user, tethereal):
|
||||
def run_filename(filename, default_user, tshark):
|
||||
"""Process one capture file."""
|
||||
|
||||
capture = CaptureFile(filename, tethereal)
|
||||
capture = CaptureFile(filename, tshark)
|
||||
capture.CreateHTML(default_user)
|
||||
|
||||
|
||||
def run(filenames, default_user, tethereal):
|
||||
def run(filenames, default_user, tshark):
|
||||
# HTML Header
|
||||
print >> out_fh, """
|
||||
<HTML><TITLE>MSN Conversation</TITLE>
|
||||
|
@ -268,7 +268,7 @@ def run(filenames, default_user, tethereal):
|
|||
<BODY>
|
||||
"""
|
||||
for filename in filenames:
|
||||
run_filename(filename, default_user, tethereal)
|
||||
run_filename(filename, default_user, tshark)
|
||||
|
||||
# HTML Footer
|
||||
print >> out_fh, """
|
||||
|
@ -281,13 +281,13 @@ def run(filenames, default_user, tethereal):
|
|||
def usage():
|
||||
print >> sys.stderr, "msnchat [OPTIONS] CAPTURE_FILE [...]"
|
||||
print >> sys.stderr, " -o FILE name of output file"
|
||||
print >> sys.stderr, " -t TETHEREAL location of tethereal binary"
|
||||
print >> sys.stderr, " -t TSHARK location of tshark binary"
|
||||
print >> sys.stderr, " -u USER name for unknown user"
|
||||
sys.exit(1)
|
||||
|
||||
def main():
|
||||
default_user = "Unknown"
|
||||
tethereal = "tethereal"
|
||||
tshark = "tshark"
|
||||
|
||||
optstring = "ho:t:u:"
|
||||
longopts = ["help"]
|
||||
|
@ -313,12 +313,12 @@ def main():
|
|||
default_user = arg
|
||||
|
||||
elif opt == "-t":
|
||||
tethereal = arg
|
||||
tshark = arg
|
||||
|
||||
else:
|
||||
sys.exit("Unhandled command-line option: " + opt)
|
||||
|
||||
run(args, default_user, tethereal)
|
||||
run(args, default_user, tshark)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/usr/bin/env python
|
||||
"""
|
||||
Retrieve a packet from a ethereal/tethereal core file
|
||||
Retrieve a packet from a ethereal/tshark core file
|
||||
and save it in a packet-capture file.
|
||||
"""
|
||||
|
||||
|
@ -415,7 +415,7 @@ def usage():
|
|||
print ""
|
||||
print "\tGiven an executable file and a core file, this tool"
|
||||
print "\tuses gdb to retrieve the packet that was being dissected"
|
||||
print "\tat the time ethereal/tethereal stopped running. The packet"
|
||||
print "\tat the time ethereal/tshark stopped running. The packet"
|
||||
print "\tis saved in the capture_file specified by the -w option."
|
||||
print ""
|
||||
print "\t-v : verbose"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* twireshark.c
|
||||
/* tshark.c
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
|
@ -216,7 +216,7 @@ print_usage(gboolean print_ver)
|
|||
if (print_ver) {
|
||||
output = stdout;
|
||||
fprintf(output,
|
||||
"Twireshark " VERSION "%s\n"
|
||||
"TShark " VERSION "%s\n"
|
||||
"Dump and analyze network traffic.\n"
|
||||
"See http://www.wireshark.com for more information.\n"
|
||||
"\n"
|
||||
|
@ -226,7 +226,7 @@ print_usage(gboolean print_ver)
|
|||
output = stderr;
|
||||
}
|
||||
fprintf(output, "\n");
|
||||
fprintf(output, "Usage: twireshark [options] ...\n");
|
||||
fprintf(output, "Usage: tshark [options] ...\n");
|
||||
fprintf(output, "\n");
|
||||
|
||||
#ifdef HAVE_LIBPCAP
|
||||
|
@ -1030,7 +1030,7 @@ main(int argc, char *argv[])
|
|||
}
|
||||
break;
|
||||
case 'v': /* Show version and exit */
|
||||
printf("Twireshark " VERSION "%s\n"
|
||||
printf("TShark " VERSION "%s\n"
|
||||
"\n"
|
||||
"%s"
|
||||
"\n"
|
||||
|
@ -1123,7 +1123,7 @@ main(int argc, char *argv[])
|
|||
|
||||
#ifndef HAVE_LIBPCAP
|
||||
if (capture_option_specified)
|
||||
cmdarg_err("This version of Twireshark was not built with support for capturing packets.");
|
||||
cmdarg_err("This version of TShark was not built with support for capturing packets.");
|
||||
#endif
|
||||
if (arg_error) {
|
||||
print_usage(FALSE);
|
||||
|
@ -1385,7 +1385,7 @@ main(int argc, char *argv[])
|
|||
|
||||
/*
|
||||
* Immediately relinquish any special privileges we have; we must not
|
||||
* be allowed to read any capture files the user running Twireshark
|
||||
* be allowed to read any capture files the user running TShark
|
||||
* can't open.
|
||||
*/
|
||||
relinquish_special_privs_perm();
|
||||
|
@ -1438,7 +1438,7 @@ main(int argc, char *argv[])
|
|||
char *detailed_err;
|
||||
|
||||
cmdarg_err("WinPcap couldn't be found.");
|
||||
detailed_err = cant_load_winpcap_err("Twireshark");
|
||||
detailed_err = cant_load_winpcap_err("TShark");
|
||||
cmdarg_err_cont("%s", detailed_err);
|
||||
g_free(detailed_err);
|
||||
exit(2);
|
||||
|
@ -1481,7 +1481,7 @@ main(int argc, char *argv[])
|
|||
}
|
||||
#else
|
||||
/* No - complain. */
|
||||
cmdarg_err("This version of Twireshark was not built with support for capturing packets.");
|
||||
cmdarg_err("This version of TShark was not built with support for capturing packets.");
|
||||
exit(2);
|
||||
#endif
|
||||
}
|
||||
|
@ -1981,13 +1981,13 @@ capture_cleanup(DWORD ctrltype _U_)
|
|||
no other handler - such as one that would terminate the process -
|
||||
gets called.
|
||||
|
||||
XXX - for some reason, typing ^C to Twireshark, if you run this in
|
||||
XXX - for some reason, typing ^C to TShark, if you run this in
|
||||
a Cygwin console window in at least some versions of Cygwin,
|
||||
causes Twireshark to terminate immediately; this routine gets
|
||||
causes TShark to terminate immediately; this routine gets
|
||||
called, but the main loop doesn't get a chance to run and
|
||||
exit cleanly, at least if this is compiled with Microsoft Visual
|
||||
C++ (i.e., it's a property of the Cygwin console window or Bash;
|
||||
it happens if Twireshark is not built with Cygwin - for all I know,
|
||||
it happens if TShark is not built with Cygwin - for all I know,
|
||||
building it with Cygwin may make the problem go away). */
|
||||
ld.go = FALSE;
|
||||
return TRUE;
|
||||
|
@ -2130,7 +2130,7 @@ load_cap_file(capture_file *cf, char *save_file, int out_file_type)
|
|||
switch (err) {
|
||||
|
||||
case WTAP_ERR_UNSUPPORTED_ENCAP:
|
||||
cmdarg_err("\"%s\" has a packet with a network type that Twireshark doesn't support.\n(%s)",
|
||||
cmdarg_err("\"%s\" has a packet with a network type that TShark doesn't support.\n(%s)",
|
||||
cf->filename, err_info);
|
||||
break;
|
||||
|
||||
|
@ -2334,7 +2334,7 @@ process_packet(capture_file *cf, long offset, const struct wtap_pkthdr *whdr,
|
|||
tree for a single packet without waiting for anything to happen,
|
||||
it should be as good as line-buffered mode if we're printing
|
||||
protocol trees. (The whole reason for the "-l" flag in either
|
||||
tcpdump or Twireshark is to allow the output of a live capture to
|
||||
tcpdump or TShark is to allow the output of a live capture to
|
||||
be piped to a program or script and to have that script see the
|
||||
information for the packet as soon as it's printed, rather than
|
||||
having to wait until a standard I/O buffer fills up. */
|
||||
|
@ -2798,13 +2798,13 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|||
|
||||
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
|
||||
/* Seen only when opening a capture file for reading. */
|
||||
errmsg = "The file \"%s\" isn't a capture file in a format Twireshark understands.";
|
||||
errmsg = "The file \"%s\" isn't a capture file in a format TShark understands.";
|
||||
break;
|
||||
|
||||
case WTAP_ERR_UNSUPPORTED:
|
||||
/* Seen only when opening a capture file for reading. */
|
||||
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
||||
"The file \"%%s\" isn't a capture file in a format Twireshark understands.\n"
|
||||
"The file \"%%s\" isn't a capture file in a format TShark understands.\n"
|
||||
"(%s)", err_info);
|
||||
g_free(err_info);
|
||||
errmsg = errmsg_errno;
|
||||
|
@ -2820,15 +2820,15 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|||
|
||||
case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
|
||||
/* Seen only when opening a capture file for writing. */
|
||||
errmsg = "Twireshark doesn't support writing capture files in that format.";
|
||||
errmsg = "TShark doesn't support writing capture files in that format.";
|
||||
break;
|
||||
|
||||
case WTAP_ERR_UNSUPPORTED_ENCAP:
|
||||
if (for_writing)
|
||||
errmsg = "Twireshark can't save this capture in that format.";
|
||||
errmsg = "TShark can't save this capture in that format.";
|
||||
else {
|
||||
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
||||
"The file \"%%s\" is a capture for a network type that Twireshark doesn't support.\n"
|
||||
"The file \"%%s\" is a capture for a network type that TShark doesn't support.\n"
|
||||
"(%s)", err_info);
|
||||
g_free(err_info);
|
||||
errmsg = errmsg_errno;
|
||||
|
@ -2837,9 +2837,9 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|||
|
||||
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
|
||||
if (for_writing)
|
||||
errmsg = "Twireshark can't save this capture in that format.";
|
||||
errmsg = "TShark can't save this capture in that format.";
|
||||
else
|
||||
errmsg = "The file \"%s\" is a capture for a network type that Twireshark doesn't support.";
|
||||
errmsg = "The file \"%s\" is a capture for a network type that TShark doesn't support.";
|
||||
break;
|
||||
|
||||
case WTAP_ERR_BAD_RECORD:
|
||||
|
@ -2881,12 +2881,12 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|||
}
|
||||
|
||||
/*
|
||||
* Open/create errors are reported with an console message in Twireshark.
|
||||
* Open/create errors are reported with an console message in TShark.
|
||||
*/
|
||||
static void
|
||||
open_failure_message(const char *filename, int err, gboolean for_writing)
|
||||
{
|
||||
fprintf(stderr, "twireshark: ");
|
||||
fprintf(stderr, "tshark: ");
|
||||
fprintf(stderr, file_open_error_message(err, for_writing), filename);
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
|
@ -2947,18 +2947,18 @@ fail:
|
|||
|
||||
|
||||
/*
|
||||
* General errors are reported with an console message in Twireshark.
|
||||
* General errors are reported with an console message in TShark.
|
||||
*/
|
||||
static void
|
||||
failure_message(const char *msg_format, va_list ap)
|
||||
{
|
||||
fprintf(stderr, "twireshark: ");
|
||||
fprintf(stderr, "tshark: ");
|
||||
vfprintf(stderr, msg_format, ap);
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
|
||||
/*
|
||||
* Read errors are reported with an console message in Twireshark.
|
||||
* Read errors are reported with an console message in TShark.
|
||||
*/
|
||||
static void
|
||||
read_failure_message(const char *filename, int err)
|
||||
|
@ -2976,7 +2976,7 @@ cmdarg_err(const char *fmt, ...)
|
|||
va_list ap;
|
||||
|
||||
va_start(ap, fmt);
|
||||
fprintf(stderr, "twireshark: ");
|
||||
fprintf(stderr, "tshark: ");
|
||||
vfprintf(stderr, fmt, ap);
|
||||
fprintf(stderr, "\n");
|
||||
va_end(ap);
|
|
@ -661,7 +661,7 @@ static void nettl_close(wtap *wth)
|
|||
|
||||
/* Returns 0 if we could write the specified encapsulation type,
|
||||
an error indication otherwise. nettl files are WTAP_ENCAP_UNKNOWN
|
||||
when they are first opened, so we allow that for tethereal read/write.
|
||||
when they are first opened, so we allow that for tshark read/write.
|
||||
*/
|
||||
|
||||
int nettl_dump_can_write_encap(int encap)
|
||||
|
|
Loading…
Reference in New Issue