From Jim Young:
The attached patch simply documents a long supported but hidden tshark -G option. Tshark's print_usage() has been augmented as well as the tshark man page. svn path=/trunk/; revision=33253
This commit is contained in:
Anders Broman
parent
b0c0ebcc20
commit
4e220d29ff
|
|
@ -43,6 +43,9 @@ S<[ B<-y> E<lt>capture link typeE<gt> ]>
|
|||
S<[ B<-z> E<lt>statisticsE<gt> ]>
|
||||
S<[ E<lt>capture filterE<gt> ]>
|
||||
|
||||
B<tshark>
|
||||
B<-G> [fields|fields2|fields3|protocols|values|decodes|defaultprefs|currentprefs]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
B<TShark> is a network protocol analyzer. It lets you capture packet
|
||||
|
|
@ -126,6 +129,9 @@ arguments, it's a capture filter if a capture is being done (i.e., if no
|
|||
B<-r> option was specified) and a read filter if a capture file is being
|
||||
read (i.e., if a B<-r> option was specified).
|
||||
|
||||
The B<-G> option is a special mode that simply causes B<Tshark>
|
||||
to dump one of several types of internal glossaries and then exit.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
|
@ -292,6 +298,92 @@ option. The output written with the B<-w> option is raw packet data, not
|
|||
text, so there is no B<-F> option to request text output. The option B<-F>
|
||||
without a value will list the available formats.
|
||||
|
||||
=item -G [fields|fields2|fields3|protocols|values|decodes|defaultprefs|currentprefs]
|
||||
|
||||
The B<-G> option will cause B<Tshark> to dump one of several types of glossaries
|
||||
and then exit. If no specfic glossary type if specified then the B<fields> report
|
||||
will be generated by default.
|
||||
|
||||
The available report types include:
|
||||
|
||||
B<fields> Dumps the contents of the registration database to
|
||||
stdout. An independent program can take this output and format it into nice
|
||||
tables or HTML or whatever. There is one record per line. Each record is
|
||||
either a protocol or a header field, differentiated by the first field.
|
||||
The fields are tab-delimited.
|
||||
|
||||
* Protocols
|
||||
* ---------
|
||||
* Field 1 = 'P'
|
||||
* Field 2 = descriptive protocol name
|
||||
* Field 3 = protocol abbreviation
|
||||
*
|
||||
* Header Fields
|
||||
* -------------
|
||||
* Field 1 = 'F'
|
||||
* Field 2 = descriptive field name
|
||||
* Field 3 = field abbreviation
|
||||
* Field 4 = type ( textual representation of the the ftenum type )
|
||||
* Field 5 = parent protocol abbreviation
|
||||
* Field 6 = blurb describing field
|
||||
|
||||
B<fields2> Same as the B<fields> report but includes two additional columns.
|
||||
|
||||
* Field 7 = base for display (for integer types); "parent bitfield width" for FT_BOOLEAN
|
||||
* Field 8 = blurb describing field (yes, apparently we repeated this accidentally)
|
||||
|
||||
B<fields3> Same as the B<fields> report but includes two additional columns.
|
||||
|
||||
* Field 7 = base for display (for integer types); "parent bitfield width" for FT_BOOLEAN
|
||||
* Field 8 = bitmask: format: hex: 0x....
|
||||
|
||||
B<protocols> Dumps the protocols in the registration database to stdout.
|
||||
An independent program can take this output and format it into nice tables
|
||||
or HTML or whatever. There is one record per line. The fields are tab-delimited.
|
||||
|
||||
* Field 1 = protocol name
|
||||
* Field 2 = protocol short name
|
||||
* Field 3 = protocol filter name
|
||||
|
||||
B<values> Dumps the value_strings, range_strings or true/false strings
|
||||
for fields that have them. There is one record per line. Fields are
|
||||
tab-delimited. There are three types of records: Value String, Range
|
||||
String and True/False String. The first field, 'V', 'R' or 'T', indicates
|
||||
the type of record.
|
||||
|
||||
* Value Strings
|
||||
* -------------
|
||||
* Field 1 = 'V'
|
||||
* Field 2 = field abbreviation to which this value string corresponds
|
||||
* Field 3 = Integer value
|
||||
* Field 4 = String
|
||||
*
|
||||
* Range Strings
|
||||
* -------------
|
||||
* Field 1 = 'R'
|
||||
* Field 2 = field abbreviation to which this range string corresponds
|
||||
* Field 3 = Integer value: lower bound
|
||||
* Field 4 = Integer value: upper bound
|
||||
* Field 5 = String
|
||||
*
|
||||
* True/False Strings
|
||||
* ------------------
|
||||
* Field 1 = 'T'
|
||||
* Field 2 = field abbreviation to which this true/false string corresponds
|
||||
* Field 3 = True String
|
||||
* Field 4 = False String
|
||||
|
||||
B<decodes> Dumps the "layer type"/"decode as" associations to stdout.
|
||||
There is one record per line. The fields are tab-delimited.
|
||||
|
||||
* Field 1 = layer type, e.g. "tcp.port"
|
||||
* Field 2 = selector in decimal
|
||||
* Field 3 = "decode as" name, e.g. "http"
|
||||
|
||||
B<defaultprefs> Dumps a default preferences file to stdout.
|
||||
|
||||
B<currentprefs> Dumps a copy of the current preferences file to stdout.
|
||||
|
||||
=item -h
|
||||
|
||||
Print the version and options and exits.
|
||||
|
|
|
|||
36
tshark.c
36
tshark.c
|
|
@ -300,6 +300,36 @@ print_usage(gboolean print_ver)
|
|||
fprintf(output, " -v display version info and exit\n");
|
||||
fprintf(output, " -o <name>:<value> ... override preference setting\n");
|
||||
fprintf(output, " -K <keytab> keytab file to use for kerberos decryption\n");
|
||||
fprintf(output, " -G [report] dump one of several available reports and exit\n");
|
||||
fprintf(output, " default report=\"fields\"\n");
|
||||
fprintf(output, " use \"-G ?\" for more help\n");
|
||||
}
|
||||
|
||||
static void
|
||||
glossary_option_help(void)
|
||||
{
|
||||
FILE *output;
|
||||
|
||||
output = stdout;
|
||||
|
||||
fprintf(output, "TShark " VERSION "%s\n", wireshark_svnversion);
|
||||
|
||||
fprintf(output, "\n");
|
||||
fprintf(output, "Usage: tshark -G [report]\n");
|
||||
fprintf(output, "\n");
|
||||
fprintf(output, "Glossary table reports:\n");
|
||||
fprintf(output, " -G [fields] dump glossary in original format and exit\n");
|
||||
fprintf(output, " -G fields2 dump glossary in format 2 and exit\n");
|
||||
fprintf(output, " -G fields3 dump glossary in format 3 and exit\n");
|
||||
fprintf(output, " -G protocols dump protocols in registration database and exit\n");
|
||||
fprintf(output, " -G values dump value, range, true/false strings and exit\n");
|
||||
fprintf(output, " -G decodes dump \"layer type\"/\"decode as\" associations and exit\n");
|
||||
fprintf(output, "\n");
|
||||
fprintf(output, "Preference reports:\n");
|
||||
fprintf(output, " -G defaultprefs dump default preferences and exit\n");
|
||||
fprintf(output, " -G currentprefs dump current preferences and exit\n");
|
||||
fprintf(output, "\n");
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -927,12 +957,16 @@ main(int argc, char *argv[])
|
|||
dissector_dump_decodes();
|
||||
else if (strcmp(argv[2], "defaultprefs") == 0)
|
||||
write_prefs(NULL);
|
||||
else if (strcmp(argv[2], "?") == 0)
|
||||
glossary_option_help();
|
||||
else if (strcmp(argv[2], "-?") == 0)
|
||||
glossary_option_help();
|
||||
else if (strcmp(argv[2], "currentprefs") == 0) {
|
||||
read_prefs(&gpf_open_errno, &gpf_read_errno, &gpf_path,
|
||||
&pf_open_errno, &pf_read_errno, &pf_path);
|
||||
write_prefs(NULL);
|
||||
} else {
|
||||
cmdarg_err("Invalid \"%s\" option for -G flag", argv[2]);
|
||||
cmdarg_err("Invalid \"%s\" option for -G flag, enter -G ? for more help.", argv[2]);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue