than the standard error.
In Wireshark on Windows, create a console before doing so and destroy it
before exiting. Don't do that in TShark or dumpcap, as those are
console-mode programs on Windows.
This should fix bug 8609 and still allow "wireshark -D" and "wireshark
-L" to work when the standard output isn't redirected.
svn path=/trunk/; revision=49025
name". If it doesn't have a description, on OS X, use the System
Configuration framework to attempt to get a "friendly name" for
interfaces.
If a loopback device doesn't have a friendly name, give it "Loopback" as
the friendly name.
Move the "turn a CFString into a mallocated C string" routine into
common code, as it's used in more than one place.
svn path=/trunk/; revision=46131
Add an interface monitor that, on Linux distributions with libnl,
watches for interfaces to appear or disappear and, on such an event,
causes windows showing interface lists to update.
svn path=/trunk/; revision=43521
- ws80211_utils.c is only needed to build dumpcap, not to build wireshark.
If it were different it would probably indicate a bad api design.
ui/gtk/Makefile.common:
- Sort in the toolbar in the right place (alphabetically)
svn path=/trunk/; revision=43415
stuff in ui/cli can be stuffed into a libcliui library to link with
TShark, and all of the source files containing main() (except for
Wireshark) are in the top-level directory (dftest isn't any more special
than TShark or capinfos or mergecap or editcap or...).
svn path=/trunk/; revision=41064
object files from all the source files in the ui directory (but not in
its subdirectories), and link the programs that need it with them.
This cleans things up a little bit, and may also fix the Windows build.
svn path=/trunk/; revision=41061
source file directly into the sources variable - there seems to
be a subtle difference between ui/util.c and epan/crypt/md5.c
svn path=/trunk/; revision=41052
Add support to follow UDP and TCP streams like wireshark does. UDP streams are
selected with IP address/port pairs. TCP stream are selected with either the
stream index or IP address/port pairs.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6684
svn path=/trunk/; revision=40852
Windows build. We probably want to construct a "ui" (static) library
the same way we construct the libwireshark (dynamic) library, out of
stuff in the ui directory and the relevant subdirectories.
svn path=/trunk/; revision=40541
the ui directory. (Perhaps some other files that would be used by all
flavors of Wireshark, for any GUI toolkit or for someting such as
ncurses, and not for any command-line tool such as TShark, should be
moved there as well.)
Shuffle some #includes to put the "ui/XXX.h" includes together.
svn path=/trunk/; revision=40529
The menu gets a new item (Statistics -> RTSP -> Packet Counter).
Like HTTP, filter can be set and then the dialog windows shows the result of the RTSP analysis.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6042
svn path=/trunk/; revision=37741
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
TODO: Add a Wireshark tap or look into possibly using the stats tree instead.
Also, like ICMP, the ICMPv6 payload appears to carry the sender's timestamp, so
it might be possible to make use of this information to estimate the total SRT.
(See bug 5770 for more details.)
svn path=/trunk/; revision=36561
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
use GTK+ data types, so, at least in theory, it could be implemented
atop another toolkit.
Make statusbar_push_temporary_msg() take a format string and format
arguments. Use it instead of simple_status(), and change one call to
just take a format string and arguments rather than to take the result
of using that format string and arguments with g_strdup_printf() and
passing the result to statusbar_push_temporary_msg().
svn path=/trunk/; revision=35041
I would like to contribute iSCSI SRT tap, 'tap-scsistat.c' for tshark.
The output exactly matches that of the Wireshark's iSCSI(disk) SRT dialog.
From me: a couple of small changes to make it compile without warnings.
svn path=/trunk/; revision=34152
I've created a ASN.1 dissector for the IEC 61850 Sampled Values protocol. It
dissects ethernet frames of the IEC 61850-9-2LE specification form the UCA
International User Group.
There is also a new TAP for tshark (-R sv) which extracts the important
information of the frame and allows to create plots (with external tools) of
the sampled values.
I've developed under Linux (Ubuntu 8.10) but everything should be in place for
successful compilation under Windows.
It would be great if this dissector could be included in wireshark. I'm looking
forward for your comments.
svn path=/trunk/; revision=33039
standard error and, in Wireshark on Windows, create a console if
necessary. Have the cmdarg_err routines use them.
Use *fprintf_stderr() to print the output of -L, rather than using
cmdarg_err_cont(), so that we don't get extra newlines in the output (it
should look similar to the output of tcpdump).
svn path=/trunk/; revision=32711
link-layer header types for interfaces; if special privileges are
necessary to open capture devices, Wireshark and TShark shouldn't have
those privileges, but dumpcap should.
svn path=/trunk/; revision=32104
it's arguably the only place we _should_ use it. Add create_tempdir() to
tempfile.c and use it to create a temp directory for IP maps. This
should fix bug 3530.
(This still doesn't work on IE 8 / Vista here. IE gives an access denied
error in OpenLayers.js, but this is a separate issue).
svn path=/trunk/; revision=28920
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
A few changes from me:
- make use of nstime_set_unset and nstime_is_unset i.s.o. extra variable first_pass
- change 'if' to 'while' to allow intervals with no packets
- remove 'unused' variable current_pkt_ts
svn path=/trunk/; revision=25499
does capturing any more. (We will be inserting a call to give up
privileges after the pcap_open_live(), which should fix 2273; we're
currently only giving up privileges on platforms with libcap.)
svn path=/trunk/; revision=24345
a list of fields, prints the field values found in each packet.
Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http".
svn path=/trunk/; revision=24339
The attached patch makes the Statistics -> RTP -> Show All Streams feature of
wireshark accessible via tshark.
I found it helpful in dealing with tons of RTP captures.
svn path=/trunk/; revision=24252
by tshark as well as Wireshark to fix compilation on Unix platforms.
This is due to the introduction of capture_sync.c (which calls
sync_pipe_errmsg_to_parent) to tshark_SOURCES in SVN revision 22969.
svn path=/trunk/; revision=22981
rewrite the tshark capture code almost completely, to use dumpcap instead of it's own pcap functionality.
This works on Win32 and should work on unix/linux (but I'm not sure here). Some stuff needs to be cleaned up, some more may need to be rewritten to specifically work with unix/win32. Futher work needs to be done at:
1. read filters (simply document current behaviour?)
2. event loop polling
3. privileges
4. code cleanup (e.g. in capture_loop.c)
Be prepared that tshark might not work as before / expected at least in the next days!
svn path=/trunk/; revision=22969
anywhere else). Instead of using getaddrinfo() and getnameinfo(),
promote inet_pton.c and inet_ntop.c to the top level and use those
routines instead.
(It's 2007, for crying out loud. Why is this even an issue?)
svn path=/trunk/; revision=22075
epan/filesystem.c
have get_plugin_dir() calling init_plugin_dir() if necessary
epan/epan.c and epan/report_err.c
move the report_failure family into the new report_err.c file, have epan_init() calling the initializer
epan/plugins.h and epan/proto.c
do not have init_plugins() calling the proto_reg functions instead do it in init_proto()
gtk/main.c and tshark.c
init_plugin_dir() has become suprefluous
capinfos.c and editcap.c
load the wiretap plugins
Makefiles
do what's needed to build withe the above changes.
svn path=/trunk/; revision=21935
- Update the wireless/AirPcap GUI code to support 802.11n as well as
some related upcoming code changes.
- Remove airpcap.h from the repository, since it exists in the AirPcap
devpack (and will be superseded Real Soon Now).
- Show the individual channel flag bits in radiotap.
Fix the 802.11n MCS set display.
This is a partial checkin, so hopefully nothing is broken.
svn path=/trunk/; revision=21831
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
is disabled by default, and can be enabled by setting AIRPCAP_CONFIG
in config.nmake. The code is currently limited to Windows, but should
be adaptable to other platforms.
The official announcement won't come until next week, so you'll have to
read the source for details. :)
svn path=/trunk/; revision=18928
by dumpcap and Ethereal (so that, on UN*X, the child process can report
a detailed "can't exec dumpcap" error).
Rename most of the "sync_pipe_XXX_to_parent()" routines, as they're also
in Tethereal, which doesn't have a sync pipe.
svn path=/trunk/; revision=17789
bypass Wiretap; that means we don't have to run the packet through
wtap_process_pcap_packet() and then undo that conversion in Wiretap if
we're just going to write it out, shortening the code path.
svn path=/trunk/; revision=17461
not available on all platforms. Include getopt.c in
EXTRA_ethereal_SOURCES and include getopt.h in EXTRA_ethereal_INCLUDES,
as we do with the other files that supply routines not available on all
platforms, rather than always including them in the source for dumpcap.
svn path=/trunk/; revision=17311
no longer needs util.c, so it no longer includes routines that use
host_ip_af(), so it no longer needs to define its own host_ip_af().
That also means dumpcap.c no longer needs to include <sys/socket.h>.
svn path=/trunk/; revision=17278
using dumpcap as the capture child for Ethereal.
dumpcap is a plain console application now, even for Win32 (so no WinMain, create_console and special piping stuff reguired). The undocumented command line option -Z will switch dumpcap into "child mode", using binary instead of plain text output messages to communicate with a parent Ethereal.
Ethereal's main.c no longer needs to distinguish between child mode or not, so some simplifying here.
capture_sync.c has to call dumpcap in a "hidden window" mode using CreateProcess instead of spawnvp, otherwise an uggly console window would appear. The handles created by _pipe doesn't seem to be inheritable for this function, using CreatePipe instead.
The file capture_loop.c is only needed by dumpcap, removed from Ethereal link objects.
Some debugging aid added and other minor cleanup done.
svn path=/trunk/; revision=17256
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.
concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.
remove redundant code from dumpcap.c
this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
svn path=/trunk/; revision=16787
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
This way, the capture child don't need to now any of the packet_counter things (no epan/packet.h and all alike).
Currently the capture_info code will always open another wiretap file instance to build it's own counter values. This isn't optimized for now (next step: use data from cf_continue_tail() somehow).
svn path=/trunk/; revision=16669
this fortunately removes *a lot* of dependencies and make the resulting binary a lot smaller (and hopefully faster to load :-)
some more cleanup (like replacing // by /**/)
svn path=/trunk/; revision=16620
Guy Harris