That list doesn't show the entries in the dissector tables, just
information about the tables themselves.
Clean up some tshark man page issues while we're at it.
Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca
Reviewed-on: https://code.wireshark.org/review/5360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The -X read_format extension was added in code but in the manuals.
Change-Id: I21692120229ef531671fc3db247809ace69d23b3
Reviewed-on: https://code.wireshark.org/review/742
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This change adds the ability to pass on to lua scripts loaded from the
command-line (tshark or wireshark) additional arguments supplied by the
command-line. This will help us in our testsuites, but also might be
useful for user-created scripts. The additional arguments are passed in
using the '-X' eXtension switch.
Change-Id: Ib94cdf1ffd194ca84692fee7816665e4ff95efbd
Reviewed-on: https://code.wireshark.org/review/156
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
This patch augments Wireshark's and tshark's augument usage reports (-? and
-t?) and the Wireshark and tshark man pages to list all available timestamp
options available for the -t option.
svn path=/trunk/; revision=50445
to the tree (to separate this case from the generic DISSECTOR_BUG case).
Enable this environment variable when fuzz testing.
Enable the 3rd (without tree but with a read filter) check (added in r49643)
when testing capture files but not when fuzz testing--not sure if we want to
add even more to the fuzzbot's work load now (OTOH I've been running it for
a while and it hasn't buried me in bugs).
svn path=/trunk/; revision=49784
Improve documentation for tshark's -z io,stat somewhat so that it's clear(er)
that filters for the statistics must be associated with the -z flag and not
applied via -Y.
svn path=/trunk/; revision=49422
It is useful to see not only the minimal, maximum and average service time for
RPC procedures, but also the total time these took.
From me: add it to the man page.
svn path=/trunk/; revision=49144
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
variable (WIRESHARK_DEBUG_USE_SLICES) which turns off the slab allocator and uses
g_slices instead (which can themselves be turned off by setting
G_SLICE=always-malloc).
This makes debugging problems in slab-allocated memory easier to find
(hopefully including https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ).
Set WIRESHARK_DEBUG_USE_SLICES when running Valgrind on *shark.
Remove unused structure member: emem_chunk_t.org.
svn path=/trunk/; revision=47110
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
prevents OutOfMemory exceptions from being thrown. This makes it easier
to debug such conditions.
Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice
to see the friendly out-of-memory error message in the bug reports the
latter script generates.
svn path=/trunk/; revision=41656