Commit Graph

2364 Commits (master)

Author SHA1 Message Date
Guy Harris 1b401fa9e1 Note that the read filter specified with the "-R" flag applies only to a
file read in as a result of a "-r" flag specified on the command line.

svn path=/trunk/; revision=1646
2000-02-19 00:18:45 +00:00
Gilbert Ramirez c08f671988 Dietmar Petras provided:
* fix a bug in packet-tftp.c dissecting TFTP Option Acknowledgement
  packets. The is no Block-Id in TFTP Option Acknowledgements, as it is
  in TFTP Acknowledgements.
* Extension of manuf by ethernet addresses from ELSA (my company), a german
  vendor of ISDN routers, cable modems, etc.
* New dissector for Time Protocol [RFC 0868]. That protocol works on port
  37 of UDP and TCP. The implementation in this patch only dissects the
  more usual UDP version. It could print the time in a more fashion way,
  but thats for a later version.

svn path=/trunk/; revision=1609
2000-02-09 17:15:59 +00:00
Guy Harris a82c49732b Change from Ed Meaney - write capture files in binary, rather than ASCII
("w" and "wb" are the same on UNIX, but not on Win32).

svn path=/trunk/; revision=1598
2000-02-03 06:31:30 +00:00
Guy Harris 4410e4274c TFTP Option Extension (RFC 2347) support, from Craig Newell.
svn path=/trunk/; revision=1573
2000-01-27 07:09:45 +00:00
Gilbert Ramirez b3ff562157 Credit fix, and fix for building editcap.1 with build dir != $(srcdir)
svn path=/trunk/; revision=1564
2000-01-26 03:42:28 +00:00
Guy Harris f393a19883 Heikki Vatiainen's patch to add a flag to control whether to interpret
the IPv4 TOS field as a TOS field or as a DiffServ field, and allow that
field to be controlled by a command-line option or an option in the
"Display:Options" dialog box.

svn path=/trunk/; revision=1532
2000-01-24 04:44:58 +00:00
Guy Harris 287efcbbe7 Allow "-w" and/or "-R" to be specified either when doing a live capture
or when reading a saved capture file; if "-w" is specified, the packets
captured or read from the file are written to the specified file rather
than being dissected and printed, and if "-R" is specified, only packets
that pass the specified read filter are dissected and printed or

svn path=/trunk/; revision=1523
2000-01-22 07:19:34 +00:00
Guy Harris 0ce1dab01d Gerrit Gehnen's patch to add support for the "Inactive Subset" of the
ISO 8473 CLNP protocol.

svn path=/trunk/; revision=1513
2000-01-20 19:16:41 +00:00
Guy Harris 766e37db65 Put into the "Capture Preferences" dialog box a check box to control
whether, in a live capture that updates the display as packets arrive,
the packet list pane should scroll to show the most recently captured
packets or not.

svn path=/trunk/; revision=1506
2000-01-18 09:25:04 +00:00
Guy Harris aa718b5e74 Put the "Find Frame" and "Go To Frame" menu items under "Edit"; leave
them under "Display" as well for now.

svn path=/trunk/; revision=1505
2000-01-18 09:05:30 +00:00
Guy Harris 4603877dc4 Jerry Talkington's changes to support, in the packet list and protocol
tree panes, menus popped up by the right mouse button.

svn path=/trunk/; revision=1504
2000-01-18 08:38:18 +00:00
Guy Harris a83998f4f0 Add a "-F" flag, to allow the format of a file being written to be
specified.  This will be of more use when I allow "-w" to be used when
reading an existing capture file rather than doing a live capture (which
will also allow you to specify a read filter, and thus to write a
capture file containing those packets from an existing capture file that
match a given display filter).

Fix up some messages to say "tethereal" rather than "ethereal".

svn path=/trunk/; revision=1499
2000-01-17 08:06:42 +00:00
Guy Harris 1108f9f609 Add a "-x" flag to Tethereal, to make it print a hex and ASCII dump of
the packet data.

svn path=/trunk/; revision=1497
2000-01-17 07:49:03 +00:00
Guy Harris 7f30e566a0 Move the routine to get a list of the network interfaces on the system
to "util.c", and provide a routine to free that list as well.

When picking an interface on which to do a capture (if no "-i" flag was
specified), use that routine, and pick the first interface on the list.

svn path=/trunk/; revision=1495
2000-01-16 02:48:12 +00:00
Guy Harris 278b21900a If no "-i" flag is specified to Tethereal when no file is to be read,,
or to Ethereal when the "-k" flag is specified, i.e. when a capture is
to be started immediately, use "pcap_lookupdev()" to pick an interface,
just as tcpdump does.

svn path=/trunk/; revision=1482
2000-01-15 06:05:21 +00:00
Guy Harris bf9587025a Note that we can read "i4btrace" capture files.
svn path=/trunk/; revision=1471
2000-01-14 08:14:33 +00:00
Guy Harris b799cb10d9 Add "tethereal", a tty-oriented derivative of Ethereal that works like
Sun's snoop or like tcpdump.

svn path=/trunk/; revision=1468
2000-01-14 06:46:00 +00:00
Guy Harris 08fb6dc0c3 Updates to the L2TP parser, from Laurent Cazalet and Thomas Parvais.
svn path=/trunk/; revision=1449
2000-01-10 23:22:30 +00:00
Guy Harris 8fafa9af84 Add a man page for "editcap".
svn path=/trunk/; revision=1446
2000-01-09 20:28:26 +00:00
Guy Harris 6a12f137a1 The L2TP dissector is by John Thomes, not John Thomas.
svn path=/trunk/; revision=1434
2000-01-07 09:13:21 +00:00
Guy Harris 355bd9d8ac Add John Thomas' L2TP dissector.
svn path=/trunk/; revision=1433
2000-01-07 09:10:22 +00:00
Guy Harris 4d638e5045 Improve the description of the packet-printing dialogs, and note that
the Edit:Preferences dialog also lets you edit GUI preferences.

svn path=/trunk/; revision=1425
2000-01-06 07:32:44 +00:00
Gilbert Ramirez 8162d65615 Changed the protocol tree widget from a GtkTree to a GtkCTree. The two reasons
I did this:

First, Havoc Pennington, in "GTK+/Gnome Application Development", in
Appendix seciton A.3.88, recommends using GtkCTree instead of GtkTree
because GtkCtree is faster, and GtkTree has limitation on its total row
height: since it must fit inside a GdkWindow, it is limited to 32,768
pixels of height. GtkTree is more flexible with regards to the types of
widgets that can be placed in the tree, but since we deal only with text,
that doesn't matter, at least for now.

Secondly, a GtkTree doesn't allow arrow-key navigation (at least as far
as I could tell). It always bothered me that the up and down arrow keys
worked in the packet list and in the hex dump, but no in the protocol tree.
GtkCTree does allow arrow-key navigation. In fact, GtkCTree is a subclass
of GtkCList (the packet list widget), so they behave a lot alike.

I went ahead and fixed the selection bar which has been bothering Richard
for a long time now. :) In the GUI preferences dialogue, you can now set
both the packet list selection bar and the protocol tree selection bar
to either "browse" or "select" mode. "browse" mode is what you're used to:
the arrow keys move an outline of the selection bar, but do not change
the selection. "select" mode does change the selection when the arrow keys
are pressed. The default behavior is set to "select", which seems more
natural for a first-time user.

svn path=/trunk/; revision=1393
1999-12-29 20:10:12 +00:00
Guy Harris dcf312c107 Put "Ethereal" in boldface everywhere it appears.
Reformat some (source) paragraphs, for the benefit of those with editors
that don't wrap lines in the display.

Delete some extra "=back" directives.

Fix the description of the "Preferences" dialog (it lets you control
various preferences, not just print preferences; it's the "Print" tab
that lets you control print preferences).

svn path=/trunk/; revision=1352
1999-12-16 08:05:46 +00:00
Gilbert Ramirez f34e877593 Add a new page to the Preferences notebook: a GUI page. The sole
option right now is the placement of the vertical scrollbars in the 3 panes.
(it's one decision; you can't have the placement of the vertical scrollbar
in the packet list pane different than the placement in the protocol tree
pane, for example).

I did this because I find it convenient to have the vertical scrollbars
on the *left* side of the text. My mouse cursor is usually expanding and
collapsing the protocol tree widgets, and once the protocol tree changes
size, I usually have to scroll. I'd rather move my mouse cursor just a few
pixels over to find the vertical scrollbar.

svn path=/trunk/; revision=1351
1999-12-16 06:20:18 +00:00
Guy Harris 096134536e Stuart Stanley's ISIS dissection support.
svn path=/trunk/; revision=1340
1999-12-15 04:34:44 +00:00
Olivier Abad 065d937572 Document the plugins menu and dialogs
svn path=/trunk/; revision=1311
1999-12-13 12:29:42 +00:00
Gilbert Ramirez 4a15f6582a Added Bert Driehuis <>'s I4B wiretap module
and V.120 decoder.

svn path=/trunk/; revision=1304
1999-12-12 22:40:10 +00:00
Guy Harris 7537c5cc73 Jerry Talkington's patch to remove the filter stuff from
"Edit:Preferences" and put it directly under "Edit:Filters", and to add
an "Apply" button to it, which makes the currently selected filter the
current filter and applies it to the current capture.

svn path=/trunk/; revision=1275
1999-12-10 06:28:24 +00:00
Guy Harris 6198327782 Add Dave Chapeskie's name to the list of contributors.
svn path=/trunk/; revision=1240
1999-12-07 22:59:31 +00:00
Guy Harris e5f812d6ed James Coe's patch to add SRVLOC and NCP-over-IP support.
svn path=/trunk/; revision=1234
1999-12-07 06:13:19 +00:00
Guy Harris b5b4e3d57a Patch from Jerry Talkington to:
treat CONNECT as an HTTP request;

	add DELETE and OPTIONS as request names.

Make the order of names in the AUTHORS file match that of the man page
and the About box.

svn path=/trunk/; revision=1231
1999-12-06 20:27:40 +00:00
Guy Harris af31f0b1ad Add support for saving files in a format other than the one they're in
and other than "libpcap", now that Wiretap can write files other than

svn path=/trunk/; revision=1226
1999-12-06 09:08:58 +00:00
Gerald Combs d2ebea8481 Add description of TCP stream prefs.
svn path=/trunk/; revision=1186
1999-12-03 03:56:35 +00:00
Guy Harris dc548e7458 Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.

Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").

Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.

Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count).  Do the same (if there *is* a current
capture file) when exiting.

The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.

Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".

svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
Guy Harris 350ea4308c Make the field indices in the sample code for registering fields static.
Add information about registering "ett_" values.

svn path=/trunk/; revision=1163
1999-11-30 05:49:14 +00:00
Gilbert Ramirez f6147bfdd9 Change Olivier's e-mail address.
svn path=/trunk/; revision=1158
1999-11-29 22:45:34 +00:00
Guy Harris 962977f1cd Note that we can now read files from Sun's "atmsnoop", which is a
version of "snoop" that apparently comes with Sun's ATM software and
that supports ATM.

svn path=/trunk/; revision=1148
1999-11-29 07:33:53 +00:00
Gilbert Ramirez 7bd50061f8 Move to version 0.7.8.
Document changes in this version.
Add Greg to ever-growing list of authors (he was in AUTHORS, but not
	in manpage nor in main.c)

svn path=/trunk/; revision=1097
1999-11-23 04:43:44 +00:00
Guy Harris 428e8e2ac8 Document the new "Reset" button.
svn path=/trunk/; revision=1092
1999-11-22 08:09:16 +00:00
Gilbert Ramirez 6e11f6f0b5 Enable IPX network name resolution by providing for an /etc/ipxnets
and a $HOME/.ethereal/ipxnets file. get_ipxnet_name() and other functions,
similar to get_ether_name() and friends, have been added.

svn path=/trunk/; revision=1085
1999-11-21 16:32:23 +00:00
Gilbert Ramirez 2f996a1498 Ugg. Pod format needs a blank line after a =head1 line.
svn path=/trunk/; revision=1075
1999-11-20 03:56:10 +00:00
Gilbert Ramirez 0e3f87e3e4 The resolve routines accept HW addresses in the ethers file with either
dashes or colons as punctuation. Added period as a valid separator, to make
the resolve routines congruent with the display filter syntax options.

Document the fact that both /etc/ethers and $HOME/.ethereal/ethers are
used for resolving hardware address names. I did not know this until
I discovered it in resolv.c!

svn path=/trunk/; revision=1074
1999-11-20 03:39:27 +00:00
Guy Harris b68f2dde89 Heikki Vatiainen's SAP (Session Announcement Protocol) dissector.
Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.

svn path=/trunk/; revision=1046
1999-11-17 02:17:29 +00:00
Gilbert Ramirez 6a20c7bbc5 Add "class" that understands IPv4 addresses and subnet masks.
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.

CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:

	ip.addr ==

svn path=/trunk/; revision=1032
1999-11-15 06:32:38 +00:00
Guy Harris f2b8eb42d0 Change my e-mail address to the forwarding address my *alma mater*
provides.  "Every problem in computer science can be solved by adding a
layer of indirection."

svn path=/trunk/; revision=1008
1999-11-11 08:45:34 +00:00
Guy Harris 3e0d1bd4d9 Add a "Go To Frame" menu item, which lets you go to a frame by frame

svn path=/trunk/; revision=990
1999-11-08 01:13:24 +00:00
Guy Harris f3ec699cb3 Add a "Find Frame" menu item under "Display"; it lets you use a display
filter to search forward or backward in the list of displayed frames for
a matching frame.

When filtering the display, readjust the display to show the "current"
frame if it passed the display filter.  When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.

Select the first frame when a file is read in.

Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.

svn path=/trunk/; revision=983
1999-11-06 06:38:53 +00:00
Gilbert Ramirez fb9f8ad5ed Mention the Toshiba trace file capability in the man page.
svn path=/trunk/; revision=953
1999-10-31 17:54:27 +00:00
Guy Harris b99cfa28c8 Warren Young's patch to add a "Print" button to the "Follow TCP Stream"
data window.

Some (belated) man page updates.

svn path=/trunk/; revision=950
1999-10-30 06:42:10 +00:00
Guy Harris 21c466ed25 Uwe Girlich's ONC RPC and NFS dissectors.
svn path=/trunk/; revision=945
1999-10-29 01:04:44 +00:00
Guy Harris da1fdf005f Kojak's ICQ dissector.
svn path=/trunk/; revision=919
1999-10-24 00:56:11 +00:00
Guy Harris 6921a22ac5 Additional NTP changes:
added misc. constants for parsing flags, and converting time

	added flags and primary sources explanations;

	added function for converting time stamps;

	improved item analysis;

	new item definitions;

from Tomislav Vujec.

svn path=/trunk/; revision=908
1999-10-22 06:31:39 +00:00
Gilbert Ramirez 25c3854517 Mention nettl in docs, and mention VLAN addition in NEWS.
svn path=/trunk/; revision=904
1999-10-22 02:30:31 +00:00
Guy Harris d4964f4944 Have Ethereal check for a first command-line argument of "-G", rather
than a command name of "ethereal-dump-fields", to decide whether to run
as normal Ethereal or to just dump out the list of fields that can be
used in a display filter.

This allows us to continue to make that check without doing the regular
command line flag parsing (which we don't want to do, as we don't want
to call "gtk_init()" before making that check, as "gtk_init()" tries to
open an X display, and some people want not to have to have X running in
order to build Ethereal, or want not to have Ethereal try to open an X
connection over a slow line if it's just going to print field names to
the standard output), without having to make a link to "../ethereal"
from the "doc" directory (said link couldn't be a hard link, as ATK
apparently disallows hard links between directories, and I have the
vague impression that a symbolic link might cause other problems).

svn path=/trunk/; revision=902
1999-10-21 21:47:08 +00:00
Guy Harris 1b0fc805f7 Document the requirements for getting a protocol's register routine
called automatically at startup time.

svn path=/trunk/; revision=892
1999-10-20 06:40:44 +00:00
Gilbert Ramirez 6522db3535 Enable filtering on the existence of an FT_STRING variable, even though
we don't (yet) filter on the value of an FT_STRING variable.

Added info about FT_DOUBLE fields to man page.

svn path=/trunk/; revision=887
1999-10-19 05:45:56 +00:00
Gilbert Ramirez de7123f718 Added ethereal, randpkt, and intermediate programs (dfilter2pod, rdps) to
.cvsignore files.

svn path=/trunk/; revision=847
1999-10-15 20:54:39 +00:00
Jun-ichiro itojun Hagino 45ca99c55b avoid mistakingly commit dynamically generated files, like "Makefile".
svn path=/trunk/; revision=837
1999-10-15 04:40:28 +00:00
Gilbert Ramirez 46420eee18 Update man page with new bytestring methods (negative offsets, implied
byte-string lengths).

svn path=/trunk/; revision=834
1999-10-14 17:21:12 +00:00
Guy Harris 364274edf3 Nathan Neulinger's dissector for the Yahoo messenger and pager

svn path=/trunk/; revision=824
1999-10-14 01:29:07 +00:00
Gilbert Ramirez bacb9d5bae New proto_tree header_field_info stuff. Header_field_infos now contain
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).

proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.

This means that bitfields are more naturally filtered via dfilter now.

Added Phil Techau's support for signed integers in dfilters/proto_tree.

Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.

svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
Guy Harris 817465175d Oops! Forgot to commit the change that adds Christophe Tronche to the
list of authors.

svn path=/trunk/; revision=809
1999-10-11 18:04:48 +00:00
Laurent Deniel 79019e8369 Add reference to tcpdump manual page for capture filter syntax.
svn path=/trunk/; revision=800
1999-10-10 16:25:28 +00:00
Guy Harris 79ec5a3ba9 Get rid of "-F" - "-S" works, and has a more convenient UI.
Print a usage message if an illegal command-line flag is seen.

Clean up the usage message a bit.

svn path=/trunk/; revision=755
1999-10-02 20:00:46 +00:00
Guy Harris 5b83e8d86c Update to reflect changes to the "Capture/Start" and "Display/Options"
dialog boxes.

svn path=/trunk/; revision=709
1999-09-23 06:34:18 +00:00
Ashok Narayanan ac6ad294fb Documentation for compressed file support
svn path=/trunk/; revision=697
1999-09-22 01:38:00 +00:00
Laurent Deniel 6bb5358e85 Added "Automatic scrolling in live capture".
This display option is disabled by default.

svn path=/trunk/; revision=692
1999-09-19 16:03:46 +00:00
Gilbert Ramirez ff20b92b67 Fixed randpkt so it isn't linked to X11 libs. Removed randpkt from default
target list, so a 'make randpkt' is required if you want to build it.

svn path=/trunk/; revision=684
1999-09-17 04:38:23 +00:00
Gerald Combs 182b9f5fe4 Derek W Poon <> pointed out that two examples listed
"ether.src" instead of "eth.src".  Fixed.

svn path=/trunk/; revision=682
1999-09-16 01:24:01 +00:00
Guy Harris f4ac555e90 Peter Torvals' Internet Cache Protocol dissector.
svn path=/trunk/; revision=677
1999-09-14 08:06:47 +00:00
Gerald Combs d47f988543 Updated documentation with Lucent/Ascend information.
svn path=/trunk/; revision=674
1999-09-13 03:51:09 +00:00
Laurent Deniel ee582f4f90 Collapse/Expand All protocol tree added in Display menu.
Remove "experimental feature" warning in -S option description.

Should we remove -F option ?

svn path=/trunk/; revision=661
1999-09-11 15:47:38 +00:00
Gilbert Ramirez 7a37324e12 Added ip, tcp, and udp to randpkt.
svn path=/trunk/; revision=650
1999-09-10 15:38:58 +00:00
Gilbert Ramirez c2bf152b01 Added random packet generator.
svn path=/trunk/; revision=645
1999-09-10 05:15:17 +00:00
Guy Harris 338f3ff2ad Put in an RCS ID (and a copyright notice and GPL notice; unfortunately,
this causes "" to have two GPL notices - "" and
the "Makefile" generated from it are generated files, so maybe that's

svn path=/trunk/; revision=639
1999-09-09 03:55:49 +00:00
Gilbert Ramirez cc7387e116 Removed hacked-up doc/, and replaced it with simple doc/
svn path=/trunk/; revision=615
1999-08-31 05:58:48 +00:00
Gilbert Ramirez 0d9fcad21c Stop processing of colorization display filters after first match.
Remove debugging statements from colors.c.
Add blurb about Match Selected and Colorization to man page.

svn path=/trunk/; revision=607
1999-08-28 23:47:50 +00:00
Gilbert Ramirez b53d4ba179 Changed packet-tr.c to insert, a FT_BOOLEAN field, only if
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:

or by its negation:


svn path=/trunk/; revision=591
1999-08-27 19:27:22 +00:00
Gilbert Ramirez 8904b3b217 Reverted TCP follow back to old behavior of leaving list of packets in
filtered state. The display filter text entry widget is left in its
original state, so an ENTER can reset the packet list. The manpage has
been changed to mention this.

svn path=/trunk/; revision=580
1999-08-25 22:20:03 +00:00
Gilbert Ramirez c0fa3841ee Modified autoconf/automake files for doc subdirectory so that all of
Ethereal can be compiled in a build directory separated from the source

svn path=/trunk/; revision=468
1999-08-11 16:05:19 +00:00
Guy Harris 37ddd5f5ed Jeff Foster's changes to add support for NetBEUI/NBF (NetBIOS atop 802.2
LLC, the original NetBIOS encapsulation).

svn path=/trunk/; revision=466
1999-08-10 20:06:39 +00:00
Guy Harris 8eb998e360 Add the ability to specify a filter to be used when reading the file to
the "Open File" dialog box (the "Open File" dialog box equivalent of the
"-R" flag).  Have "load_cap_file()" take the filter expression as an
argument, and make the global "rfilter" into a member of a
"capture_file" structure.

When reading a temporary capture file after a live capture, don't apply
any filter.

Move the code that pops up error boxes on file opens when reading a
capture file back to "load_cap_file()"; it also pops up error boxes if
the filter expression can't be parsed.

Don't enable "File/Save" or "File/Save As..." if an attempt to read a
capture file fails - if there was already an open capture file, it was
closed by "load_cap_file()", so we no longer have an open file to save.

svn path=/trunk/; revision=460
1999-08-10 07:16:47 +00:00
Guy Harris 059d89e65b Jochen Friedrich's patch to add a "-R" flag, which takes a
display-filter syntax expression as an argument, and causes that filter
to be applied to all packets when a capture file is read in; packets
that don't match the filter are discarded.

svn path=/trunk/; revision=454
1999-08-08 01:29:24 +00:00
Guy Harris eca1e74373 Have Ethereal, when invoked as "ethereal-dump-fields", dump out a
glossary of display filter symbols, just as it does with "-G", except
that, as it can discover that it was so invoked before even looking at
the command-line arguments, it needn't even bother calling "gtk_init()"
to process those command-line arguments GTK+ cares about, and thus
needn't do any X stuff at all when so invoked.

That allows Ethereal to be built in an environment where you don't have
an X server, and, if your connection to your X server is slow, allows
you to built it faster.

Get rid of the "-G" flag, as it had only a somewhat specialized use.

svn path=/trunk/; revision=444
1999-08-05 06:34:43 +00:00
Gilbert Ramirez 48a5d3ee58 Update documentation, including display filter docs.
svn path=/trunk/; revision=427
1999-08-03 16:33:12 +00:00
Gilbert Ramirez aebcf2eb32 Removed the "exists" keyword from the grammar. The name of a protocol or a
field by itself assumes you are checking for the existence of that protocol
or field.

Changed the format of the list of filterable fields in the man page.
Developers: run "./configure" so that your configure script will re-create
dfilter2pod from the new

svn path=/trunk/; revision=426
1999-08-03 15:04:33 +00:00
Guy Harris c61ac5c4b7 Update Olivier Abad's e-mail address.
svn path=/trunk/; revision=420
1999-08-02 05:52:52 +00:00
Guy Harris 7bcc34708d Update the "Contributors" section of the man page to include everybody
listed in the AUTHORS file.  (Arguably, that section - *and* the list of
developers in the "Help/About" box - should be generated from the
AUTHORS file by a script....)

svn path=/trunk/; revision=415
1999-08-01 05:24:19 +00:00
Gilbert Ramirez b2f932c1db Changed the display filter scanner from GLIB's GScanner to lex. The code
as it standed depends on your lex being flex, but that only matters if you're
a developer. The distribution will include the dfilter-scanner.c file, so
that if the user doesn't modify dfilter-scanner.l, he won't need flex to
re-create the *.c file.

The new lex scanner gives me better syntax checking for ether addresses. I
thought I could get by using GScanner, but it simply wasn't powerful enough.

All operands have English-like abbreviations and C-like syntax:
and, && ; or, || ; eq, == ; ne, != ; , etc.

I removed the ETHER_VENDOR type in favor of letting the user use the [x:y]
notation:	ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29

I implemented the IPXNET field type; it had been there before, but was
not implemented. I chose to make it use integer values rather than byte
ranges, since an IPX Network is 4 bytes. So a display filter looks like this:
	ipx.srcnet == 0xc0a82c00
rather than this:
	ipx.srcnet == c0:a8:2c:00

I can supposrt the byte-range type IPXNET in the future, very trivially.

I still have more work to do on the parser though. It needs to check ranges
when extracting byte ranges ([x:y]) from packets. And I need to get rid
of those reduce/reduce errors from yacc!

svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
Gilbert Ramirez 1708722fc2 Removed automatically-generated files from CVS. Some files are generated,
others are copied into the build-tree by 'automake -a'. The
script runs autoheader, automake, and autoconf for the developer in order
to populate a fresh CVS image with the generated build tools.

svn path=/trunk/; revision=388
1999-07-27 04:43:22 +00:00
Guy Harris a1f7559b0a Add a "File/Print" menu item, which prints *all* the packets in the
capture to a file or printer.  This should eventually get the ability to
print either all the packets or only the packets selected by the display
filter, and possibly also the ability to print only packets M through N.

Get rid of "cur" member of "capture_file" structure; nobody used it.

There's no need to pass a pointer to a "dialog_button" variable to
"simple_dialog()" for the error boxes displayed if a file copy or move
fails; that dialog box is just a message box and has only an "OK"

Put the declaration of "prefs" into "prefs.h".

svn path=/trunk/; revision=380
1999-07-23 08:33:44 +00:00
Guy Harris bbc785bb90 Don't depend on Perl being in "/usr/bin/perl"; find it, and generate a
"dfilter2pod" with the path of Perl in its "#!" line.

svn path=/trunk/; revision=372
1999-07-20 08:02:24 +00:00
Guy Harris 05fab57665 Fix some typos.
Make the descriptions of all options full sentences (if an option sets
XXX, describe it as "Sets XXX" rather than just "XXX"); some were, some

Note that "-f" sets the *capture* filter expression.

Don't say that Ethereal can read only "libpcap"-format files; it can
read other formats (using "wiretap" to read capture files is no longer
an option, it's what Ethereal always uses).

svn path=/trunk/; revision=368
1999-07-20 03:54:53 +00:00
Gilbert Ramirez 9612b74c16 Added just enough fields to TCP to support "Follow TCP Stream". It works now.
Added the protocol IDs for ipx and IGMP, but not their fields.

svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
Gilbert Ramirez 0d36ec8de2 Modified the proto_register_field_array usage again. Thanks to Guy's
suggestion, this new method using a static array should use less memory
and be faster. It also has a nice side-effect of making the source-code
more readble, IMHO.

Changed the print routines to look for protocol proto_data instead of
looking at the text label as they did before, hoping that the data hex
dump field item starts with "Data (".

Added the -G keyword to ethereal to make it dump a glossary of display
filter keywords to stdout and exit. This data is then formatted with
the doc/dfilter2pod perl program to pod format, which is combined
with doc/ethereal.pod.template to create doc/ethereal.pod, from which
the ethereal manpage is created. This way we can keep the manpage up-to-date
with a list of fields that can be filtered on.

svn path=/trunk/; revision=364
1999-07-15 15:33:52 +00:00
Guy Harris 6a6f7bb8d8 Don't claim that display filters have "tcpdump" filter syntax, as they
no longer do.  (Leave a placeholder comment; the syntax should perhaps
be described here.)  Update the example filter to match current reality.

Note that the <Return> and <Enter> keys, when typed in the display
filter field, cause the filter to be applied.

svn path=/trunk/; revision=356
1999-07-12 05:47:29 +00:00
Gilbert Ramirez 53d2a96094 Added Johan's RADIUS dissector, finally. I modified it to fit in with the
new proto_tree routines. I also removed the check for lex and yacc from
wiretap's configure script. The IP dissector now uses

svn path=/trunk/; revision=348
1999-07-08 04:23:28 +00:00
Gilbert Ramirez acad5a3730 Documented the proto_register_field_array() function, and converted
the registration functions in packet-fddi.c and packet-eth.c to this new
registration method.

svn path=/trunk/; revision=346
1999-07-08 03:18:20 +00:00
Gilbert Ramirez 07f42b5b31 Created a new protocol tree implementation and a new display filter
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.

svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
Gilbert Ramirez 7ea29fb80d Added Aaron Hillegass' summary dialogue. We're ignoring the problem with
NetMon statistic packets for now. We might fix that problem with wiretap,
either filtering out those packets, and/or providing the summary
information through a new wiretap API.

svn path=/trunk/; revision=326
1999-06-22 22:02:39 +00:00
Guy Harris f8ff7a6a79 Update the man page to reflect the "Capture/Start" and "Display/Options"
menu items.

svn path=/trunk/; revision=321
1999-06-19 08:48:30 +00:00
Guy Harris 5e1f2e3a46 Get rid of an extra line in the author credits (Brad Robel-Forrest
already appears in the list; the extra line is probably leftover from
cutting-and-pasting the author list from the AUTHORS file).

svn path=/trunk/; revision=314
1999-06-15 03:58:42 +00:00
Gilbert Ramirez aca172004f Added RSVP protocol dissector.
svn path=/trunk/; revision=304
1999-06-11 16:45:02 +00:00
Gilbert Ramirez 34450a8a35 Added PPPoE, PPTP, GRE, and ISAKMP dissectors.
svn path=/trunk/; revision=303
1999-06-11 15:30:55 +00:00
Gilbert Ramirez b7b52ec003 Credited John McDermott <> for his pseudo-real-time
capture patch.

svn path=/trunk/; revision=282
1999-05-12 06:04:47 +00:00
Laurent Deniel 32603ce155 Live data capture and display enhancement that allows network capture and
display of fully decoded packets at the same time.
Options added:
-F : fork capture process
-S : sync mode ala tail -f (implies -F)
-f : filter expression
-Q : exit after capture (implies -k)

svn path=/trunk/; revision=277
1999-05-11 20:07:12 +00:00
Gilbert Ramirez 5ccc874dbe Touch-up fixes to my previous fix of making the packet-capture facility save
to a file unknown to the user first. The manpage has now been updated to reflect
the ability of the user to use the TMPDIR environment variable to change the
location of this capture file. And now the capture file is deleted when
ethereal exits, if the user has not saved the trace file.

svn path=/trunk/; revision=243
1999-04-06 16:35:47 +00:00
Gilbert Ramirez 2870ce29ce Capturing packets from ethereal now saves the capture in an "anonymous" buffer. That is, it's
a random name chosen by tempnam(), unknown to the user. If the user decides to save that
trace, he then uses File | Save to save it to a file. File | Save As lets him make a copy
of his named trace file as well. I also updated my e-mail address in the various credit

svn path=/trunk/; revision=242
1999-04-06 16:24:50 +00:00
Gerald Combs cb1f8e34c5 * Added Joerg Mayer's Vines patch
* Added Joerg to the AUTHORS file
* Added Guy's bitfield decode patch
* Fixed time output

svn path=/trunk/; revision=142
1998-12-29 04:05:38 +00:00
Gerald Combs 554e5d3f46 * Pod page update
* Minor tweaks to the filter prefs

svn path=/trunk/; revision=40
1998-10-13 02:10:57 +00:00
Gerald Combs 2e7e493198 Merged in a _huge_ patch from Guy Harris. It adds a time stap column,
generalizes the column printing code, adds a "frame" tree item to
   the tree view, and fixes a bunch of miscellaneous coding bugs.

svn path=/trunk/; revision=31
1998-09-27 22:12:47 +00:00
Gerald Combs 19176fbb4f * Added in Laurent's OSI/ISO CNLP and COTP support.
* Added Laurent's changes to the man (actually pod) page.
* Copied in VERSION file so that others can make doc/Makefile

svn path=/trunk/; revision=8
1998-09-17 02:01:50 +00:00
Gerald Combs 86534f46e1 Initial revision
svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00