Commit Graph

2364 Commits (master)

Author SHA1 Message Date
Guy Harris 21c466ed25 Uwe Girlich's ONC RPC and NFS dissectors.
svn path=/trunk/; revision=945
1999-10-29 01:04:44 +00:00
Guy Harris da1fdf005f Kojak's ICQ dissector.
svn path=/trunk/; revision=919
1999-10-24 00:56:11 +00:00
Guy Harris 6921a22ac5 Additional NTP changes:
added misc. constants for parsing flags, and converting time

	added flags and primary sources explanations;

	added function for converting time stamps;

	improved item analysis;

	new item definitions;

from Tomislav Vujec.

svn path=/trunk/; revision=908
1999-10-22 06:31:39 +00:00
Gilbert Ramirez 25c3854517 Mention nettl in docs, and mention VLAN addition in NEWS.
svn path=/trunk/; revision=904
1999-10-22 02:30:31 +00:00
Guy Harris d4964f4944 Have Ethereal check for a first command-line argument of "-G", rather
than a command name of "ethereal-dump-fields", to decide whether to run
as normal Ethereal or to just dump out the list of fields that can be
used in a display filter.

This allows us to continue to make that check without doing the regular
command line flag parsing (which we don't want to do, as we don't want
to call "gtk_init()" before making that check, as "gtk_init()" tries to
open an X display, and some people want not to have to have X running in
order to build Ethereal, or want not to have Ethereal try to open an X
connection over a slow line if it's just going to print field names to
the standard output), without having to make a link to "../ethereal"
from the "doc" directory (said link couldn't be a hard link, as ATK
apparently disallows hard links between directories, and I have the
vague impression that a symbolic link might cause other problems).

svn path=/trunk/; revision=902
1999-10-21 21:47:08 +00:00
Guy Harris 1b0fc805f7 Document the requirements for getting a protocol's register routine
called automatically at startup time.

svn path=/trunk/; revision=892
1999-10-20 06:40:44 +00:00
Gilbert Ramirez 6522db3535 Enable filtering on the existence of an FT_STRING variable, even though
we don't (yet) filter on the value of an FT_STRING variable.

Added info about FT_DOUBLE fields to man page.

svn path=/trunk/; revision=887
1999-10-19 05:45:56 +00:00
Gilbert Ramirez de7123f718 Added ethereal, randpkt, and intermediate programs (dfilter2pod, rdps) to
.cvsignore files.

svn path=/trunk/; revision=847
1999-10-15 20:54:39 +00:00
Jun-ichiro itojun Hagino 45ca99c55b avoid mistakingly commit dynamically generated files, like "Makefile".
svn path=/trunk/; revision=837
1999-10-15 04:40:28 +00:00
Gilbert Ramirez 46420eee18 Update man page with new bytestring methods (negative offsets, implied
byte-string lengths).

svn path=/trunk/; revision=834
1999-10-14 17:21:12 +00:00
Guy Harris 364274edf3 Nathan Neulinger's dissector for the Yahoo messenger and pager

svn path=/trunk/; revision=824
1999-10-14 01:29:07 +00:00
Gilbert Ramirez bacb9d5bae New proto_tree header_field_info stuff. Header_field_infos now contain
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).

proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.

This means that bitfields are more naturally filtered via dfilter now.

Added Phil Techau's support for signed integers in dfilters/proto_tree.

Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.

svn path=/trunk/; revision=815
1999-10-12 06:21:15 +00:00
Guy Harris 817465175d Oops! Forgot to commit the change that adds Christophe Tronche to the
list of authors.

svn path=/trunk/; revision=809
1999-10-11 18:04:48 +00:00
Laurent Deniel 79019e8369 Add reference to tcpdump manual page for capture filter syntax.
svn path=/trunk/; revision=800
1999-10-10 16:25:28 +00:00
Guy Harris 79ec5a3ba9 Get rid of "-F" - "-S" works, and has a more convenient UI.
Print a usage message if an illegal command-line flag is seen.

Clean up the usage message a bit.

svn path=/trunk/; revision=755
1999-10-02 20:00:46 +00:00
Guy Harris 5b83e8d86c Update to reflect changes to the "Capture/Start" and "Display/Options"
dialog boxes.

svn path=/trunk/; revision=709
1999-09-23 06:34:18 +00:00
Ashok Narayanan ac6ad294fb Documentation for compressed file support
svn path=/trunk/; revision=697
1999-09-22 01:38:00 +00:00
Laurent Deniel 6bb5358e85 Added "Automatic scrolling in live capture".
This display option is disabled by default.

svn path=/trunk/; revision=692
1999-09-19 16:03:46 +00:00
Gilbert Ramirez ff20b92b67 Fixed randpkt so it isn't linked to X11 libs. Removed randpkt from default
target list, so a 'make randpkt' is required if you want to build it.

svn path=/trunk/; revision=684
1999-09-17 04:38:23 +00:00
Gerald Combs 182b9f5fe4 Derek W Poon <> pointed out that two examples listed
"ether.src" instead of "eth.src".  Fixed.

svn path=/trunk/; revision=682
1999-09-16 01:24:01 +00:00
Guy Harris f4ac555e90 Peter Torvals' Internet Cache Protocol dissector.
svn path=/trunk/; revision=677
1999-09-14 08:06:47 +00:00
Gerald Combs d47f988543 Updated documentation with Lucent/Ascend information.
svn path=/trunk/; revision=674
1999-09-13 03:51:09 +00:00
Laurent Deniel ee582f4f90 Collapse/Expand All protocol tree added in Display menu.
Remove "experimental feature" warning in -S option description.

Should we remove -F option ?

svn path=/trunk/; revision=661
1999-09-11 15:47:38 +00:00
Gilbert Ramirez 7a37324e12 Added ip, tcp, and udp to randpkt.
svn path=/trunk/; revision=650
1999-09-10 15:38:58 +00:00
Gilbert Ramirez c2bf152b01 Added random packet generator.
svn path=/trunk/; revision=645
1999-09-10 05:15:17 +00:00
Guy Harris 338f3ff2ad Put in an RCS ID (and a copyright notice and GPL notice; unfortunately,
this causes "" to have two GPL notices - "" and
the "Makefile" generated from it are generated files, so maybe that's

svn path=/trunk/; revision=639
1999-09-09 03:55:49 +00:00
Gilbert Ramirez cc7387e116 Removed hacked-up doc/, and replaced it with simple doc/
svn path=/trunk/; revision=615
1999-08-31 05:58:48 +00:00
Gilbert Ramirez 0d9fcad21c Stop processing of colorization display filters after first match.
Remove debugging statements from colors.c.
Add blurb about Match Selected and Colorization to man page.

svn path=/trunk/; revision=607
1999-08-28 23:47:50 +00:00
Gilbert Ramirez b53d4ba179 Changed packet-tr.c to insert, a FT_BOOLEAN field, only if
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:

or by its negation:


svn path=/trunk/; revision=591
1999-08-27 19:27:22 +00:00
Gilbert Ramirez 8904b3b217 Reverted TCP follow back to old behavior of leaving list of packets in
filtered state. The display filter text entry widget is left in its
original state, so an ENTER can reset the packet list. The manpage has
been changed to mention this.

svn path=/trunk/; revision=580
1999-08-25 22:20:03 +00:00
Gilbert Ramirez c0fa3841ee Modified autoconf/automake files for doc subdirectory so that all of
Ethereal can be compiled in a build directory separated from the source

svn path=/trunk/; revision=468
1999-08-11 16:05:19 +00:00
Guy Harris 37ddd5f5ed Jeff Foster's changes to add support for NetBEUI/NBF (NetBIOS atop 802.2
LLC, the original NetBIOS encapsulation).

svn path=/trunk/; revision=466
1999-08-10 20:06:39 +00:00
Guy Harris 8eb998e360 Add the ability to specify a filter to be used when reading the file to
the "Open File" dialog box (the "Open File" dialog box equivalent of the
"-R" flag).  Have "load_cap_file()" take the filter expression as an
argument, and make the global "rfilter" into a member of a
"capture_file" structure.

When reading a temporary capture file after a live capture, don't apply
any filter.

Move the code that pops up error boxes on file opens when reading a
capture file back to "load_cap_file()"; it also pops up error boxes if
the filter expression can't be parsed.

Don't enable "File/Save" or "File/Save As..." if an attempt to read a
capture file fails - if there was already an open capture file, it was
closed by "load_cap_file()", so we no longer have an open file to save.

svn path=/trunk/; revision=460
1999-08-10 07:16:47 +00:00
Guy Harris 059d89e65b Jochen Friedrich's patch to add a "-R" flag, which takes a
display-filter syntax expression as an argument, and causes that filter
to be applied to all packets when a capture file is read in; packets
that don't match the filter are discarded.

svn path=/trunk/; revision=454
1999-08-08 01:29:24 +00:00
Guy Harris eca1e74373 Have Ethereal, when invoked as "ethereal-dump-fields", dump out a
glossary of display filter symbols, just as it does with "-G", except
that, as it can discover that it was so invoked before even looking at
the command-line arguments, it needn't even bother calling "gtk_init()"
to process those command-line arguments GTK+ cares about, and thus
needn't do any X stuff at all when so invoked.

That allows Ethereal to be built in an environment where you don't have
an X server, and, if your connection to your X server is slow, allows
you to built it faster.

Get rid of the "-G" flag, as it had only a somewhat specialized use.

svn path=/trunk/; revision=444
1999-08-05 06:34:43 +00:00
Gilbert Ramirez 48a5d3ee58 Update documentation, including display filter docs.
svn path=/trunk/; revision=427
1999-08-03 16:33:12 +00:00
Gilbert Ramirez aebcf2eb32 Removed the "exists" keyword from the grammar. The name of a protocol or a
field by itself assumes you are checking for the existence of that protocol
or field.

Changed the format of the list of filterable fields in the man page.
Developers: run "./configure" so that your configure script will re-create
dfilter2pod from the new

svn path=/trunk/; revision=426
1999-08-03 15:04:33 +00:00
Guy Harris c61ac5c4b7 Update Olivier Abad's e-mail address.
svn path=/trunk/; revision=420
1999-08-02 05:52:52 +00:00
Guy Harris 7bcc34708d Update the "Contributors" section of the man page to include everybody
listed in the AUTHORS file.  (Arguably, that section - *and* the list of
developers in the "Help/About" box - should be generated from the
AUTHORS file by a script....)

svn path=/trunk/; revision=415
1999-08-01 05:24:19 +00:00
Gilbert Ramirez b2f932c1db Changed the display filter scanner from GLIB's GScanner to lex. The code
as it standed depends on your lex being flex, but that only matters if you're
a developer. The distribution will include the dfilter-scanner.c file, so
that if the user doesn't modify dfilter-scanner.l, he won't need flex to
re-create the *.c file.

The new lex scanner gives me better syntax checking for ether addresses. I
thought I could get by using GScanner, but it simply wasn't powerful enough.

All operands have English-like abbreviations and C-like syntax:
and, && ; or, || ; eq, == ; ne, != ; , etc.

I removed the ETHER_VENDOR type in favor of letting the user use the [x:y]
notation:	ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29

I implemented the IPXNET field type; it had been there before, but was
not implemented. I chose to make it use integer values rather than byte
ranges, since an IPX Network is 4 bytes. So a display filter looks like this:
	ipx.srcnet == 0xc0a82c00
rather than this:
	ipx.srcnet == c0:a8:2c:00

I can supposrt the byte-range type IPXNET in the future, very trivially.

I still have more work to do on the parser though. It needs to check ranges
when extracting byte ranges ([x:y]) from packets. And I need to get rid
of those reduce/reduce errors from yacc!

svn path=/trunk/; revision=414
1999-08-01 04:28:20 +00:00
Gilbert Ramirez 1708722fc2 Removed automatically-generated files from CVS. Some files are generated,
others are copied into the build-tree by 'automake -a'. The
script runs autoheader, automake, and autoconf for the developer in order
to populate a fresh CVS image with the generated build tools.

svn path=/trunk/; revision=388
1999-07-27 04:43:22 +00:00
Guy Harris a1f7559b0a Add a "File/Print" menu item, which prints *all* the packets in the
capture to a file or printer.  This should eventually get the ability to
print either all the packets or only the packets selected by the display
filter, and possibly also the ability to print only packets M through N.

Get rid of "cur" member of "capture_file" structure; nobody used it.

There's no need to pass a pointer to a "dialog_button" variable to
"simple_dialog()" for the error boxes displayed if a file copy or move
fails; that dialog box is just a message box and has only an "OK"

Put the declaration of "prefs" into "prefs.h".

svn path=/trunk/; revision=380
1999-07-23 08:33:44 +00:00
Guy Harris bbc785bb90 Don't depend on Perl being in "/usr/bin/perl"; find it, and generate a
"dfilter2pod" with the path of Perl in its "#!" line.

svn path=/trunk/; revision=372
1999-07-20 08:02:24 +00:00
Guy Harris 05fab57665 Fix some typos.
Make the descriptions of all options full sentences (if an option sets
XXX, describe it as "Sets XXX" rather than just "XXX"); some were, some

Note that "-f" sets the *capture* filter expression.

Don't say that Ethereal can read only "libpcap"-format files; it can
read other formats (using "wiretap" to read capture files is no longer
an option, it's what Ethereal always uses).

svn path=/trunk/; revision=368
1999-07-20 03:54:53 +00:00
Gilbert Ramirez 9612b74c16 Added just enough fields to TCP to support "Follow TCP Stream". It works now.
Added the protocol IDs for ipx and IGMP, but not their fields.

svn path=/trunk/; revision=365
1999-07-17 04:19:15 +00:00
Gilbert Ramirez 0d36ec8de2 Modified the proto_register_field_array usage again. Thanks to Guy's
suggestion, this new method using a static array should use less memory
and be faster. It also has a nice side-effect of making the source-code
more readble, IMHO.

Changed the print routines to look for protocol proto_data instead of
looking at the text label as they did before, hoping that the data hex
dump field item starts with "Data (".

Added the -G keyword to ethereal to make it dump a glossary of display
filter keywords to stdout and exit. This data is then formatted with
the doc/dfilter2pod perl program to pod format, which is combined
with doc/ethereal.pod.template to create doc/ethereal.pod, from which
the ethereal manpage is created. This way we can keep the manpage up-to-date
with a list of fields that can be filtered on.

svn path=/trunk/; revision=364
1999-07-15 15:33:52 +00:00
Guy Harris 6a6f7bb8d8 Don't claim that display filters have "tcpdump" filter syntax, as they
no longer do.  (Leave a placeholder comment; the syntax should perhaps
be described here.)  Update the example filter to match current reality.

Note that the <Return> and <Enter> keys, when typed in the display
filter field, cause the filter to be applied.

svn path=/trunk/; revision=356
1999-07-12 05:47:29 +00:00
Gilbert Ramirez 53d2a96094 Added Johan's RADIUS dissector, finally. I modified it to fit in with the
new proto_tree routines. I also removed the check for lex and yacc from
wiretap's configure script. The IP dissector now uses

svn path=/trunk/; revision=348
1999-07-08 04:23:28 +00:00
Gilbert Ramirez acad5a3730 Documented the proto_register_field_array() function, and converted
the registration functions in packet-fddi.c and packet-eth.c to this new
registration method.

svn path=/trunk/; revision=346
1999-07-08 03:18:20 +00:00
Gilbert Ramirez 07f42b5b31 Created a new protocol tree implementation and a new display filter
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.

svn path=/trunk/; revision=342
1999-07-07 22:52:57 +00:00
Gilbert Ramirez 7ea29fb80d Added Aaron Hillegass' summary dialogue. We're ignoring the problem with
NetMon statistic packets for now. We might fix that problem with wiretap,
either filtering out those packets, and/or providing the summary
information through a new wiretap API.

svn path=/trunk/; revision=326
1999-06-22 22:02:39 +00:00
Guy Harris f8ff7a6a79 Update the man page to reflect the "Capture/Start" and "Display/Options"
menu items.

svn path=/trunk/; revision=321
1999-06-19 08:48:30 +00:00
Guy Harris 5e1f2e3a46 Get rid of an extra line in the author credits (Brad Robel-Forrest
already appears in the list; the extra line is probably leftover from
cutting-and-pasting the author list from the AUTHORS file).

svn path=/trunk/; revision=314
1999-06-15 03:58:42 +00:00
Gilbert Ramirez aca172004f Added RSVP protocol dissector.
svn path=/trunk/; revision=304
1999-06-11 16:45:02 +00:00
Gilbert Ramirez 34450a8a35 Added PPPoE, PPTP, GRE, and ISAKMP dissectors.
svn path=/trunk/; revision=303
1999-06-11 15:30:55 +00:00
Gilbert Ramirez b7b52ec003 Credited John McDermott <> for his pseudo-real-time
capture patch.

svn path=/trunk/; revision=282
1999-05-12 06:04:47 +00:00
Laurent Deniel 32603ce155 Live data capture and display enhancement that allows network capture and
display of fully decoded packets at the same time.
Options added:
-F : fork capture process
-S : sync mode ala tail -f (implies -F)
-f : filter expression
-Q : exit after capture (implies -k)

svn path=/trunk/; revision=277
1999-05-11 20:07:12 +00:00
Gilbert Ramirez 5ccc874dbe Touch-up fixes to my previous fix of making the packet-capture facility save
to a file unknown to the user first. The manpage has now been updated to reflect
the ability of the user to use the TMPDIR environment variable to change the
location of this capture file. And now the capture file is deleted when
ethereal exits, if the user has not saved the trace file.

svn path=/trunk/; revision=243
1999-04-06 16:35:47 +00:00
Gilbert Ramirez 2870ce29ce Capturing packets from ethereal now saves the capture in an "anonymous" buffer. That is, it's
a random name chosen by tempnam(), unknown to the user. If the user decides to save that
trace, he then uses File | Save to save it to a file. File | Save As lets him make a copy
of his named trace file as well. I also updated my e-mail address in the various credit

svn path=/trunk/; revision=242
1999-04-06 16:24:50 +00:00
Gerald Combs cb1f8e34c5 * Added Joerg Mayer's Vines patch
* Added Joerg to the AUTHORS file
* Added Guy's bitfield decode patch
* Fixed time output

svn path=/trunk/; revision=142
1998-12-29 04:05:38 +00:00
Gerald Combs 554e5d3f46 * Pod page update
* Minor tweaks to the filter prefs

svn path=/trunk/; revision=40
1998-10-13 02:10:57 +00:00
Gerald Combs 2e7e493198 Merged in a _huge_ patch from Guy Harris. It adds a time stap column,
generalizes the column printing code, adds a "frame" tree item to
   the tree view, and fixes a bunch of miscellaneous coding bugs.

svn path=/trunk/; revision=31
1998-09-27 22:12:47 +00:00
Gerald Combs 19176fbb4f * Added in Laurent's OSI/ISO CNLP and COTP support.
* Added Laurent's changes to the man (actually pod) page.
* Copied in VERSION file so that others can make doc/Makefile

svn path=/trunk/; revision=8
1998-09-17 02:01:50 +00:00
Gerald Combs 86534f46e1 Initial revision
svn path=/trunk/; revision=2
1998-09-16 02:39:15 +00:00