mangling of the 802.11 dissector, and optional processing of an FCS at
the end of the frame.
When dissecting the frame-type-dependent part of the header, dissect all
management frames (including ones with an invalid subtype) the same, and
dissect all data frames (including ones with an invalid subtype) the
same.
svn path=/trunk/; revision=5696
requests - the data part of the AFS authentication request
(hf_afs_kauth_data) is displayed as a string whilst declared as a binary
array in "packet-afs-register-info.h".
svn path=/trunk/; revision=5661
Don't show progress bar for quick "Find Frame" searches
Add "Find Next" and "Find Previous" to repeat searches
Add documentation for "Find Next" and "Find Previous".
svn path=/trunk/; revision=5378
frame is marked, so that you can use Find Frame to find the next marked
frame, and can filter the display to show only marked frames.
Update the documentation to note that "frame.marked" is set on marked
frames.
svn path=/trunk/; revision=5377
menu modify the currently-selected item directly. Remove the "Change"
button since it's no longer needed. Make the column list a clist, and
add a column which shows the format. Make the format option menu not
fill the entire table cell. Update the man page accordingly.
svn path=/trunk/; revision=5214
method length and use that in all comparisons, from Blair Cooper.
Fix the check for "M-" to check also whether there are at least two
characters in the line.
svn path=/trunk/; revision=5071
Man pages don't have any notion of external links and there
isn't enough information for pod2html to resolve the links for
manpages in the "See Also" section of the man pages. As a
result running pod2html generates a bunch of warning messages
and just emphasizes/italicizes the text.
Therefore, we change the link (L<name>) command to an emphasizes
(I<name>) command. The net result is the same, but you don't get
the warnings when generating HTML docs.
At some point in the future someone might want to do the work to
get the links to generate correctly, but until then this will
shut up pod2html.
svn path=/trunk/; revision=5021
count display.
Update the Tethereal man page to reflect the new option.
Update both the Ethereal and Tethereal man pages to use the same style
to describe options, e.g.
-Z Cause Ethereal to draw the mark of Zorro on the display.
rather than
-Z Causes Ethereal to draw the mark of Zorro on the display.
(some were using the first and some were using the second).
Update the Ethereal man page to do the same for menu items.
Update both the Ethereal and Tethereal man pages to better describe the
"-N" flag (by noting that any form of name resolution *not* specified in
the flag is turned *off*).
svn path=/trunk/; revision=5005
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
Add more type values for EAP.
Fix off-by-one bug when displaying Code of EAP message.
Get rid of an unnecessary "volatile".
Give the code and type fields value_string arrays, and use them when
putting the code and type into the protocol tree.
Base the decision of whether to put the type field into the tree on the
request code, not on the length of the packet.
Display the Type-Data field, under that name, under the EAP tree, as
it's part of the EAP PDU.
svn path=/trunk/; revision=4779
support for Openwave-specific WSP headers;
support for Openwave-specific field names;
support for additional content types from Openwave;
support for additional language values.
svn path=/trunk/; revision=4775
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
formats we can read; include vendor names.
We should be able to read TokenPeek captures, as well as captures from
the Windows versions of EtherPeek.
Don't list the version numbers for EtherPeek and TokenPeek - those are
file format version numbers, not program version numbers.
svn path=/trunk/; revision=4599
Support for generating filter expressions based on packet list
column values
Support for adding filter expressions generated from column or
protocol tree field values to the current expression rather
than replacing the current expression
svn path=/trunk/; revision=4522
libpcap format, and say that it's also used by "other tools" (tcpdump
and Ethereal/Tethereal aren't the only tools that write captures in that
format).
Weaken the claim that we read Etherpeek files to say only that we read
Etherpeek versions 5, 6, and 7 for Macintosh, so people don't conclude
that we read Etherpeek-for-Windows captures (we don't).
svn path=/trunk/; revision=4337
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
svn path=/trunk/; revision=4328
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
as the pathname of a capture file to be read. If more than one such
option is specified, print a usage message.
Fix the documentation of the "-r" option to Ethereal and Tethereal.
svn path=/trunk/; revision=4253
1) print the payload length in AH headers correctly (the field's
value is length of the payload, minus 2, divided by 2, so we
have to add 2 before multiplying by 2);
2) correctly handle, in an SIOCGIFCONF list, entries whose
address has an "sa_len" field less than the size of a "struct
sockaddr" (the length of the address in an entry is the
maximum of the real length and the size of a "struct
sockaddr").
svn path=/trunk/; revision=4186
On Windows, put the ".ethereal" directory under the user profile
directory rather than the home directory.
Update the documentation to reflect that, and to fix other out-of-date
information, as well as some typos.
svn path=/trunk/; revision=4068
which the Ethereal binary is found; there's no notion of "/etc" or of
"/etc/ethers" or "/etc/ipxnets" files on Windows.
Update the documentation to reflect that, and fix a typo in the Ethereal
and Tethereal man pages.
svn path=/trunk/; revision=4055
I have enhanced the standard Ethereal Icon and added the following
renderings:
* 32x32 - 256 Colour with transparency
* 16x16 - 256 Colour with transparency
* 16x16 - 16 Colour
Add to the list of authors in the man page the names of people who've
contributed to Wiretap but not to the rest of Ethereal - there's
currently no Wiretap man page, so we might as well give them credit in
the Ethereal man page.
svn path=/trunk/; revision=4053
Update the lists of known capture file formats in the Tethereal,
editcap, and mergecap man pages to match the current list (as found in
the Ethereal man page).
svn path=/trunk/; revision=4039
fix the processing of the month and year fields in the SCTC
Timestamp (the month is 1-origin, so subtract 1 from it before
putting it in "tm_mon", which is 0-origin; the year is a 2-digit
field that is, at least, Y2K-safe (but Y2.1K-unsafe), so if it's
less than 90, assume it's in the 21st century);
UCP OT 50-57 messages have a fixed number of fields and a
special handling of the MT is not necessary, so get rid of that.
Also, fix a typo in a comment.
svn path=/trunk/; revision=4030
it's in the "etc" subdirectory of the installation directory on UNIX and
in the installation directory on Windows, and give the typical pathnames
of both of those directories.
svn path=/trunk/; revision=4014
- A bug related to "WSP header pages" is fixed, that
resulted into "malformed WSP frame" alerts
- "Concatenated PDUs" (Multiple PDUs within one UDP
packet) are now supported (used e.g. by Nokia 8310)
- The URL of WSP GET/POST requests is display in the
info column, same like HTTP GET requests
svn path=/trunk/; revision=4004
a request or reply; make its return value "gboolean", and have it just
return TRUE or FALSE. Also make an array index variable unsigned, to
squelch a GCC warning.
Support for additional SIP methods, from Jean-Francois Mule.
svn path=/trunk/; revision=3865
1) Shiva PAP (SPAP) and Extensible Authentication Protocol (EAP)
2) CBCP negotiation in LCP Callback Operation Field
to the PPP dissector.
svn path=/trunk/; revision=3826
Throw a very small caltrop in the way of spam-harvesters, by replacing
"@" in e-mail addresses in the AUTHORS file and Ethereal man page with
"[AT]" (although I wouldn't be surprised to find that some of those
harvesters already know about that trick and "fix" those addresses so
you, too, can receive Valuable Information about Viagra, can-fail
Internet investment opportunities and stuff-envelopes-at-home jobs, and
cable descramblers).
Add a couple of items from the AUTHORS file to the Ethereal man page.
svn path=/trunk/; revision=3781
- at least some versions of makewhatis (e.g., the Solaris version)
uses that name in a case-sensitive fashion, so you can't do "man
ethereal", say, you have to do "man Ethereal", and that doesn't work as
the man page file is "ethereal.1", not "Ethereal.1".
svn path=/trunk/; revision=3656
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
traffic engineering TLV dissection, IS neighbor and IP reachability TLVs
given their own subtree types), from Jean-Christian Pennetier.
svn path=/trunk/; revision=3413
containing OSI transport layer PDUs).
Enable the Q.931-inside-TPKT code (but not the H.225 stuff, as that
requires Andreas Sikkema's H.225 dissector). Update it to match his
current modified Q.931 dissector.
svn path=/trunk/; revision=3199
organizes the protocols in the same hierarchical order in which
they are found in the packet.
The GUI needs some more refinement (placment of vertical
scrollbar, style of GtkCTree, initial sizing of window).
I need to add an option to honor/not honor the current display filter.
svn path=/trunk/; revision=3162
that button doesn't undo edits you've made to the list of filters it's
displaying.
Don't show an "OK" button if the dialog isn't attached to a text entry
box, as the "OK" button means "enter the current filter into the
attached text entry box, and close the dialog", and if there *is* no
attached text entry box, "OK" doesn't do what you might expect (it's
equivalent to "Close").
svn path=/trunk/; revision=2952
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2951
use the capture filter lists, and others use the display filter list, as
appropriate.
Have separate menu items for editing the capture and display filter
lists.
Have separate "~/.ethereal/cfilters" and "~/.ethereal/dfilters" files
for the two lists; if either of those files isn't found, we try
"~/.ethereal/filters", which means that you will start out with two
identical lists holding all your filters - if certain filters belong
only in one list, you'll have to delete them by hand from the other
list.
Do I/O error checking when reading and writing filter lists; when
writing a filter list, write it to a new file, and then rename the new
file on top of the old file, so that you don't lose your old filter list
if, for example, you run out of disk space or disk quota.
svn path=/trunk/; revision=2948
display tree, based on Jeff Foster's dialog box for selecting fields.
Make the dialog box for browsing filters into a dialog box for
constructing filters; make the "Apply" button and the "OK" button apply
the filter in the text entry box in the dialog, not the currently
selected filter (selecting a filter puts it in that text entry box, but
the user may edit it afterwards, or may use the aforementioned dialog
box to construct a filter not in the list).
Get rid of extra declarations of "m_r_font" and "m_b_font" in
"proto_draw.c"; they're declared in "gtk/gtkglobals.h", which it includes.
svn path=/trunk/; revision=2805
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
you stop an "Update list of packets in real time" capture from the main
window as well as from the capture statistics dialog.
svn path=/trunk/; revision=2487
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
Preferences" dialog box, to control whether to put the interface in
promiscuous mode or not; Debian bug #34376 asked for this.
svn path=/trunk/; revision=2439
highlighting of the bytes, in the hex dump window, corresponding to a
selected field.
Also, make "remember_ptree_widget()" static, as it's not used outside
"gtk/proto_draw.c".
svn path=/trunk/; revision=2399
Guy Harris