Normally a .cap file contains a network type that when masked with 0xFFF
will convert to a pcap LINKTYPE_ value. However, Microsoft Analyzer
used 0xE080-0xE08A for their own purposes within a .cap file.
Add support for the WPFCapture formats and give a "not supported" error
message to the few left unsupported.
Bug: 10556
Change-Id: I321a75ce769fdec75bdc6b595936c25932950a97
Reviewed-on: https://code.wireshark.org/review/23386
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4221
Change-Id: I59aff777c364af1a064e1e99ea9ac6692a4cedfa
Reviewed-on: https://code.wireshark.org/review/23333
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Assigned a WTAP_ENCAP value (WTAP_ENCAP_NETMON_NET_NETEVENT) for the
dissection of Event Tracing records inside a NetworkMonitor file.
Ping-Bug: 6520
Ping-Bug: 6694
Change-Id: Ib100f3779095842e78f9b7741e80258aa866d818
Reviewed-on: https://code.wireshark.org/review/23278
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change the name of the button macro to "btn" in order to be compatible
with AsciiDoctor.
Change-Id: I673e0fe0ae7b343abeb1afba0b9b11402efdf0d6
Reviewed-on: https://code.wireshark.org/review/23187
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create a common_src directory for common guide content. Add a
typographic convention section. Update some of the content accordingly.
Change-Id: I4f69c0f52a985c48e07fa0628b19734ec691f74e
Reviewed-on: https://code.wireshark.org/review/23131
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch the Command Prompt instructions back to using the
platform-specific variants. Switch back to setting WIRESHARK_BASE_DIR.
Change-Id: Ie9f865e5fac1312f2eb3762e439d53ab9a038bd4
Reviewed-on: https://code.wireshark.org/review/23112
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The old URL fetched VS 2013 when I tried it; update to a link that
fetches VS 2015.
Change-Id: Ib33e8f09bef51a532c986e70ae6ac5d9d1f1dabe
Reviewed-on: https://code.wireshark.org/review/23094
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The protocol help feature was completely removed in g09efa5fb8b and
deprecated long before that.
Change-Id: Ia0bde785002025c0cf9e3f783a5cad7f784938a2
Reviewed-on: https://code.wireshark.org/review/23076
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Including attributes in Public Action frames and those that can appear in GAS
frames.
Change-Id: I8d2a717984295592952b8fff82879197ace2a4b2
Reviewed-on: https://code.wireshark.org/review/22615
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Have a separate section, before all the others, giving the top-level
directories under which those folders are placed, with names for use in
later sections.
Update the example personal application data folder on Windows to the NT
6.x-and-beyond standard.
Don't give the pathnames for configuration files in the table, just give
the name and the description.
For the global files, distinguish between macOS and other Unix-like
systems, and, for the latter, mention both /usr/XXX and /usr/local/XXX.
The preferences file isn't "wireshark.conf", and hasn't been that for
quite a while.
For all the configuration files, give the details of personal vs. global
files - they're different for different files.
Have separate sections for configuration files and plugin folders. For
plugin folders, note both the use of the top-level plugin folder for Lua
scripts and the use of the per-Wireshark-version subfolder for compiled
plugins.
Use fixed-format text for the non-variable parts of pathnames, and
italics for the variable parts.
This should, among other things, make it easier for other documents,
such as the Lua documentation in the Wireshark wiki, to refer to folders
such as the configuration file and plugin folders.
Change-Id: I133c1e159e992827458bee64c4f37be5b50f9b6f
Reviewed-on: https://code.wireshark.org/review/23060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the Windows section for Visual Studio 2015. Copy the content from
README.cmake to its own WSDG section and remove README.cmake.
Remove the PowerShell sections. Our required version (2.0) ships with
every supported version of Windows. Remove the sed section.
Change-Id: Id37c6e71bacc247a3ed1992adb1408ec13f6a187
Reviewed-on: https://code.wireshark.org/review/22940
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This will leave more room for messages on smaller screens. Set the
default OFF because this is probably only useful for developers.
Group Status Bar settings in the Layout frame.
Change-Id: Iea9a55b6c088aac10ee7680b1e8a882ed00c73be
Reviewed-on: https://code.wireshark.org/review/22824
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The information about the selected packet number is available from
the Number column and from the Frame entry in the Packet Details
so make the entry in the status bar optional.
Also remove duplicate "Packet:" entry, add the UTF8_MIDDLE_DOT
separator and rename the prefix to "Selected Packet:".
Bug: 13902
Change-Id: I0e7ba884bdcbdc87a5738223ef92f52e4ac195e5
Reviewed-on: https://code.wireshark.org/review/22807
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename "enterprises" to "enterprises.tsv" so that its format is a bit more
obvious and so that double-clicking the file might do something useful.
Add it to the Windows packages.
Change-Id: I5ef54a04ce1b4926aa4535e756e04b3e2a56d463
Reviewed-on: https://code.wireshark.org/review/22616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
The filter expressions data was shoved into the preference file in a
very loose, non-arrayed form. It's much easier to manage in code
(and for users in a separate file) as a UAT.
The GTK GUI was hacked to use the existing UAT dialog rather than
rewrite the pref_filter_expressions.c to support a UAT. Should
be okay since it's deprecated.
Change-Id: I688cebb4b7b6594878c1398365e79a205f1902d9
Ping-Bug: 13814
Reviewed-on: https://code.wireshark.org/review/22354
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the "matches" operator case-insensitive by default. Case
sensitivity can be switched back on using "(?-i)".
It might be nice to make "contains" case-insensitive as well, but we'd
need a caseless version of epan_memmem.
Change-Id: I5e39a52c148477c30c808152bcace08348df815a
Reviewed-on: https://code.wireshark.org/review/22330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spurious retransmission check operates on the last-seen
acknowledgment in the reverse direction. Adjust the analysis logic so
that it is checked independently of the forward sequence number.
Update the documentation accordingly.
Change-Id: I3714f44398501a581f967c61e119fe95f90209b1
Reviewed-on: https://code.wireshark.org/review/21769
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Initial implementation of LoRaWAN dissector based on LoRa Alliance specification.
Features:
- Frame dissection for fields as per documentation
- Payload decryption
- MIC verification
Not implemented:
- Region specific information (frequencies etc)
- Statistics
Bug: 13775
Change-Id: I6031755dfd582dd78ed7c2566cdb390c577c9078
Reviewed-on: https://code.wireshark.org/review/22017
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With this commit, tshark will mimic the packet coloring present in the
Wireshark GUI whenever "--color" is passed. This initial commit only
adds such support for the standard text output format. A future commit
could potentially broaden this support to other output modes (such as
"-V" mode).
Bug: 5158
Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d
Reviewed-on: https://code.wireshark.org/review/21325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for handling LoRaTap (https://github.com/eriknl/LoRaTap) DLT in
wiretap and add dissector for LoRaTap headers.
Exposes Syncword for subdissectors to dissect frame payload.
Change-Id: Ie4ba2189964376938f45eb3da93f2c3376042e85
Reviewed-on: https://code.wireshark.org/review/21915
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Asciidoc will just create a link from a URL that appears in the text. If
we want the link to appear as an address without a description, there's
no need to add an empty description. We should, however, have a space
behind the link to separate it from the text that follows.
Change-Id: Ic01b1dbbea922d785776f1965481ed58f389e30a
Reviewed-on: https://code.wireshark.org/review/21789
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
len() can now handle FT_STRING, FT_STRINGZ, FT_STRINGZPAD,
FT_UINT_STRING, FT_BYTES, and FT_UINT_BYTES
through the use of fvalue_length()
Change-Id: I53baf2657f7804f64e63e4645d0b84b782ae9b08
Reviewed-on: https://code.wireshark.org/review/21775
Reviewed-by: Michael Mann <mmann78@netscape.net>
Try to document as accurately as possible the circumstances under which
each TCP analysis flag is added.
Update some TCP debugging code.
Change-Id: I793756f73b8ade328e150acf32bc203792e29449
Reviewed-on: https://code.wireshark.org/review/21749
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I0974f13a032a908bcc27f583c3e059f57959881f
Reviewed-on: https://code.wireshark.org/review/21552
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Bug: 13689
Change-Id: I9573d0106a1639cfc2d416a4146f558047cfd67e
Reviewed-on: https://code.wireshark.org/review/21524
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
UDP-NM is an automotive communication protocol as standardized by
AUTOSAR and is specified in AUTOSAR_SWS_UDPNetworkManagement.pdf,
which can be accessed on:
autosar.org -> Classic Platform -> Software Arch -> Comm Stack.
It can run over UDP or CAN, which is why "UDP" is not in any user
exposed strings.
Change-Id: I68adfd941c193588a6c8ef0fe1cb7271f921623e
Reviewed-on: https://code.wireshark.org/review/21437
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Michael Mann