Add rawshark, a utility that, when given raw pcap-formatted packets and

a list of fields, prints the field values found in each packet. Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http". svn path=/trunk/; revision=24339
2008-02-15 23:20:32 +00:00 · 2008-02-15 23:20:32 +00:00 · 98bacb3556
parent 6537c76fb6
commit 98bacb3556
11 changed files with 3451 additions and 44 deletions
--- a/4
+++ b/4
@ -2705,6 +2705,10 @@ Thomas Dreibholz	<dreibh [AT] iem.uni-due.de> {
 	Scripting Service Protocol support
 }

+Loris Degioanni		<loris.degioanni [AT] cacetech.com> {
+	Rawshark
+}
+
 and by:

 Pavel Roskin            <proski [AT] gnu.org>
--- a/Makefile.am
+++ b/Makefile.am
@ -577,6 +577,7 @@ EXTRA_DIST = \
 	doc/idl2wrs.pod		\
 	doc/mergecap.pod	\
 	doc/randpkt.txt		\
+	doc/rawshark.pod	\
 	doc/sgml.doc.template	\
 	doc/text2pcap.pod	\
 	doc/tshark.pod		\
@ -808,6 +809,10 @@ dumpcap.1: doc/dumpcap.pod
 	(cd doc ; \
 	$(MAKE) ../dumpcap.1 )

+rawshark.1: doc/rawshark.pod
+	(cd doc ; \
+	$(MAKE) ../rawshark.1 )
+
 wireshark.html: doc/wireshark.pod AUTHORS-SHORT-FORMAT
 	(cd doc ; \
 	$(MAKE) ../wireshark.html )
@ -844,6 +849,10 @@ dumpcap.html: doc/dumpcap.pod
 	(cd doc ; \
 	$(MAKE) ../dumpcap.html )

+rawshark.html: doc/rawshark.pod
+	(cd doc ; \
+	$(MAKE) ../rawshark.html )
+
 libtool: $(LIBTOOL_DEPS)
 	$(SHELL) ./config.status --recheck

--- a/Makefile.common
+++ b/Makefile.common
@ -191,6 +191,18 @@ tshark_SOURCES =	\
 	tshark-tap-register.c	\
 	tshark.c

+# rawshark specifics
+rawshark_SOURCES =	\
+	$(WIRESHARK_COMMON_SRC)	\
+	capture_opts.c		\
+	capture_loop.c		\
+	capture_stop_conditions.c	\
+	conditions.c		\
+	pcapio.c		\
+	ringbuffer.c		\
+	tempfile.c		\
+	rawshark.c
+
 # text2pcap specifics
 text2pcap_SOURCES = \
 	text2pcap.c \
--- a/Makefile.nmake
+++ b/Makefile.nmake
@ -8,9 +8,9 @@ include <win32.mak>

 ############### no need to modify below this line #########

-CC = cl 	 
+CC = cl
 LINK= link
-	 
+
 LDFLAGS = /NOLOGO /INCREMENTAL:no /MACHINE:I386 $(LOCAL_LDFLAGS)

 CFLAGS=-WX -DHAVE_CONFIG_H $(LOCAL_CFLAGS) $(GLIB_CFLAGS) /I. /Iwiretap \
@ -30,6 +30,7 @@ include Makefile.common

 wireshark_OBJECTS = $(wireshark_SOURCES:.c=.obj)
 tshark_OBJECTS = $(tshark_SOURCES:.c=.obj)
+rawshark_OBJECTS = $(rawshark_SOURCES:.c=.obj)
 dftest_OBJECTS = $(dftest_SOURCES:.c=.obj)
 dumpcap_OBJECTS = $(dumpcap_SOURCES:.c=.obj)
 randpkt_OBJECTS = $(randpkt_SOURCES:.c=.obj)
@ -55,7 +56,7 @@ wireshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
 	$(ADNS_LIBS) \
 	$(PCRE_LIBS) \
 	$(ZLIB_LIBS) \
-	$(GNUTLS_LIBS) 
+	$(GNUTLS_LIBS)
 !ENDIF

 tshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
@ -75,6 +76,23 @@ tshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
 	$(GNUTLS_LIBS)
 !ENDIF

+rawshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
+	wsock32.lib user32.lib \
+	$(GLIB_LIBS) \
+!IFDEF ENABLE_LIBWIRESHARK
+	epan\libwireshark.lib \
+!ELSE
+	epan\dissectors\dissectors.lib \
+	epan\wireshark.lib \
+	epan\crypt\airpdcap.lib \
+	epan\dfilter\dfilter.lib \
+	epan\ftypes\ftypes.lib \
+	$(ADNS_LIBS) \
+	$(PCRE_LIBS) \
+	$(ZLIB_LIBS) \
+	$(GNUTLS_LIBS)
+!ENDIF
+
 capinfos_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
 	wsock32.lib user32.lib shell32.lib \
 	$(GLIB_LIBS)
@ -108,19 +126,20 @@ dftest_LIBS=  wiretap\wiretap-$(WTAP_VERSION).lib \
 	$(PCRE_LIBS) \
 	$(ZLIB_LIBS) \
 	$(SMI_LIBS) \
-	$(GNUTLS_LIBS)	
+	$(GNUTLS_LIBS)
 !ENDIF

 randpkt_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
 	user32.lib \
 	$(GLIB_LIBS)

-EXECUTABLES=wireshark.exe wireshark-gtk2.exe tshark.exe \
+EXECUTABLES=wireshark.exe wireshark-gtk2.exe tshark.exe rawshark.exe \
 	capinfos.exe editcap.exe mergecap.exe text2pcap.exe randpkt.exe dumpcap.exe

 RESOURCES=image\wireshark.res image\libwireshark.res image\tshark.res \
 	image\capinfos.res image\editcap.res image\mergecap.res \
-	image\text2pcap.res image\wiretap.res image\dumpcap.res
+	image\text2pcap.res image\wiretap.res image\dumpcap.res \
+	image\rawshark.res

 LIBS_CHECK=_libs_check_

@ -195,27 +214,27 @@ $(RESOURCES): image
 wiretap\wiretap-$(WTAP_VERSION).lib: image $(ZLIB_DLL) wiretap

 !IFNDEF GTK1_DIR
-wireshark.exe	: 
+wireshark.exe	:
 !ELSE
 wireshark.exe	: $(LIBS_CHECK) config.h svnversion.h $(wireshark_OBJECTS) getopt.obj inet_ntop.obj inet_pton.obj codecs epan gtk image\wireshark.res wiretap\wiretap-$(WTAP_VERSION).lib codecs\codecs.lib gtk\libui.lib plugins
 	@echo Linking $@
 	$(LINK) @<<
 		/OUT:wireshark.exe $(guiflags) $(guilibsdll) $(LDFLAGS) /LARGEADDRESSAWARE /SUBSYSTEM:windows $(wireshark_LIBS) getopt.obj inet_ntop.obj inet_pton.obj $(GTK1_LIBS) codecs\codecs.lib gtk\libui.lib $(wireshark_OBJECTS) image\wireshark.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "wireshark.exe.manifest" -outputresource:wireshark.exe;1
 !ENDIF
 !ENDIF

 !IFNDEF GTK2_DIR
-wireshark-gtk2.exe	: 
+wireshark-gtk2.exe	:
 !ELSE
 wireshark-gtk2.exe	: $(LIBS_CHECK) config.h svnversion.h $(wireshark_OBJECTS) getopt.obj inet_ntop.obj inet_pton.obj codecs epan gtk2 image\wireshark.res wiretap\wiretap-$(WTAP_VERSION).lib codecs\codecs.lib gtk2.tmp\libui.lib plugins
 	@echo Linking $@
 	$(LINK) @<<
 		/OUT:wireshark-gtk2.exe $(guiflags) $(guilibsdll) $(LDFLAGS) /LARGEADDRESSAWARE /SUBSYSTEM:windows $(wireshark_LIBS) getopt.obj inet_ntop.obj inet_pton.obj $(GTK2_LIBS) codecs\codecs.lib gtk2.tmp\libui.lib $(wireshark_OBJECTS) image\wireshark.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "wireshark-gtk2.exe.manifest" -outputresource:wireshark-gtk2.exe;1
 !ENDIF
 !ENDIF
@ -225,16 +244,22 @@ tshark.exe	: $(LIBS_CHECK) config.h svnversion.h $(tshark_OBJECTS) getopt.obj in
 	$(LINK) @<<
 		/OUT:tshark.exe $(conflags) $(conlibsdll) $(LDFLAGS) /LARGEADDRESSAWARE /SUBSYSTEM:console $(tshark_LIBS) $(tshark_OBJECTS) getopt.obj inet_ntop.obj image\tshark.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "tshark.exe.manifest" -outputresource:tshark.exe;1
 !ENDIF

+rawshark.exe	: $(LIBS_CHECK) config.h svnversion.h $(rawshark_OBJECTS) getopt.obj inet_ntop.obj epan image\rawshark.res wiretap\wiretap-$(WTAP_VERSION).lib plugins
+	@echo Linking $@
+	$(LINK) @<<
+		/OUT:rawshark.exe $(conflags) $(conlibsdll) $(LDFLAGS) /LARGEADDRESSAWARE /SUBSYSTEM:console $(rawshark_LIBS) $(rawshark_OBJECTS) getopt.obj inet_ntop.obj image\rawshark.res
+<<
+
 capinfos.exe	: $(LIBS_CHECK) config.h capinfos.obj getopt.obj epan/unicode-utils.obj epan/plugins.obj epan/report_err.obj epan/privileges.obj epan/filesystem.obj wiretap\wiretap-$(WTAP_VERSION).lib image\capinfos.res
 	@echo Linking $@
 	$(LINK) @<<
 		/OUT:capinfos.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console capinfos.obj getopt.obj epan/unicode-utils.obj epan/plugins.obj epan/report_err.obj epan/privileges.obj epan/filesystem.obj $(capinfos_LIBS) image\capinfos.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "capinfos.exe.manifest" -outputresource:capinfos.exe;1
 !ENDIF

@ -243,7 +268,7 @@ editcap.exe	: $(LIBS_CHECK) config.h editcap.obj getopt.obj strptime.obj epan\cr
 	$(LINK) @<<
 		/OUT:editcap.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console editcap.obj getopt.obj strptime.obj epan/unicode-utils.obj epan\crypt\crypt-md5.obj epan/plugins.obj epan/report_err.obj epan/privileges.obj epan/filesystem.obj $(editcap_LIBS) image\editcap.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "editcap.exe.manifest" -outputresource:editcap.exe;1
 !ENDIF

@ -252,7 +277,7 @@ mergecap.exe	: $(LIBS_CHECK)  config.h svnversion.h mergecap.obj merge.obj getop
 	$(LINK) @<<
 		/OUT:mergecap.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console mergecap.obj merge.obj getopt.obj $(mergecap_LIBS) image\mergecap.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "mergecap.exe.manifest" -outputresource:mergecap.exe;1
 !ENDIF

@ -261,7 +286,7 @@ text2pcap.exe	: $(LIBS_CHECK) config.h text2pcap.obj text2pcap-scanner.obj getop
 	$(LINK) @<<
 		/OUT:text2pcap.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console text2pcap.obj text2pcap-scanner.obj getopt.obj $(text2pcap_LIBS) strptime.obj image\text2pcap.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "text2pcap.exe.manifest" -outputresource:text2pcap.exe;1
 !ENDIF

@ -270,7 +295,7 @@ dftest.exe	: $(dftest_OBJECTS) epan
 	$(LINK) @<<
 		/OUT:dftest.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console $(dftest_LIBS) $(dftest_OBJECTS)
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "dftest.exe.manifest" -outputresource:dftest.exe;1
 !ENDIF

@ -279,16 +304,16 @@ randpkt.exe	: $(randpkt_OBJECTS) getopt.obj
 	$(LINK) @<<
 		/OUT:randpkt.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console $(randpkt_LIBS) $(randpkt_OBJECTS) getopt.obj
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "randpkt.exe.manifest" -outputresource:randpkt.exe;1
 !ENDIF

-dumpcap.exe	: $(LIBS_CHECK) config.h svnversion.h $(dumpcap_OBJECTS) getopt.obj epan/unicode-utils.obj inet_ntop.obj mkstemp.obj wiretap\wiretap-$(WTAP_VERSION).lib image\dumpcap.res 
+dumpcap.exe	: $(LIBS_CHECK) config.h svnversion.h $(dumpcap_OBJECTS) getopt.obj epan/unicode-utils.obj inet_ntop.obj mkstemp.obj wiretap\wiretap-$(WTAP_VERSION).lib image\dumpcap.res
 	@echo Linking $@
 	$(LINK) @<<
 		/OUT:dumpcap.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console $(dumpcap_LIBS) $(dumpcap_OBJECTS) getopt.obj inet_ntop.obj mkstemp.obj image\dumpcap.res
 <<
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "dumpcap.exe.manifest" -outputresource:dumpcap.exe;1
 !ENDIF

@ -354,14 +379,14 @@ AUTHORS-SHORT-FORMAT: AUTHORS-SHORT make-authors-format.pl
    $(PERL) perlnoutf.pl make-authors-format.pl < AUTHORS-SHORT > AUTHORS-SHORT-FORMAT

 #
-# Build "tshark-tap-register.c", which contains a function 
+# Build "tshark-tap-register.c", which contains a function
 # "register_all_tap_listeners()"
 # that calls the register routines for all TShark tap listeners.
 #
 # We do this by grepping through sources.
 #
-# Formatting conventions:  The name of the tap_listener_register_* 
-# routines must start in column zero, or must be preceded only by 
+# Formatting conventions:  The name of the tap_listener_register_*
+# routines must start in column zero, or must be preceded only by
 # "void " starting in column zero, and must not be inside #if.
 #
 # The first argument is the name of the file to write.
@ -426,7 +451,7 @@ distclean-local: clean-local
 !IFDEF ZLIB_DIR
 	rm -f $(ZLIB_DIR)\zlib1.dll $(ZLIB_DIR)\zlib1.dll.manifest \
 		$(ZLIB_DIR)\include\zlib.h $(ZLIB_DIR)\include\zconf.h \
-		$(ZLIB_DIR)\lib\zdll.lib 
+		$(ZLIB_DIR)\lib\zdll.lib
 !ENDIF
 	rm -f config.h $(BUILT_SOURCES)

@ -508,11 +533,11 @@ image::
 $(ZLIB_DLL):
 	xcopy $(ZLIB_DIR) zlib.tmp /D /I /E /Y
 	cd zlib.tmp
-	$(MAKE) /$(MAKEFLAGS) -f win32/Makefile.msc zlib1.dll LOC="-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE" 
+	$(MAKE) /$(MAKEFLAGS) -f win32/Makefile.msc zlib1.dll LOC="-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE"
 	if not exist $(ZLIB_DIR) mkdir $(ZLIB_DIR)
 	if not exist $(ZLIB_DIR)\lib mkdir $(ZLIB_DIR)\lib
 	if not exist $(ZLIB_DIR)\include mkdir $(ZLIB_DIR)\include
-!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20" 
+!IF "$(MSVC_VARIANT)" == "MSVC2005" || "$(MSVC_VARIANT)" == "MSVC2005EE" || "$(MSVC_VARIANT)" == "DOTNET20"
 	mt.exe -nologo -manifest "zlib1.dll.manifest" -outputresource:zlib1.dll;2
 !ENDIF
 	copy zlib1.dll $(ZLIB_DIR)
@ -615,9 +640,9 @@ verify_tools:
 WIN32_SETUP_OPT=--download
 !ENDIF

-# Verify that the required library 'package' (zip) files have been downloaded. 
-# (It seems reasonable to assume that if the files have been downloaded 
-#  then they have been installed). 
+# Verify that the required library 'package' (zip) files have been downloaded.
+# (It seems reasonable to assume that if the files have been downloaded
+#  then they have been installed).
 check_libs:
 	$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake WIN32_SETUP_OPT=--libverify process_libs

@ -631,7 +656,7 @@ $(LIBS_CHECK): Makefile.nmake
 	@touch --reference=Makefile.nmake $@

 # Download (if needed) and install all the required libraries into WIRESHARK_LIBS.
-# A clean_setup is done first to ensure that the target dirs don't 
+# A clean_setup is done first to ensure that the target dirs don't
 # contain old files remaining from a previous setup run.
 setup: verify_tools clean_setup process_libs

@ -793,10 +818,10 @@ process_libs:
 	@echo.
 	@echo Wireshark is ready to build.

-# Cleanup files installed by the setup target. It will not remove the 
+# Cleanup files installed by the setup target. It will not remove the
 # downloaded zip files.
-# WHEN UPDATING LIBRARY VERSIONS, KEEP ALSO ONE FORMER VERSION SO 
-# UPDATING REMOVES THE FORMER USER DIRS 
+# WHEN UPDATING LIBRARY VERSIONS, KEEP ALSO ONE FORMER VERSION SO
+# UPDATING REMOVES THE FORMER USER DIRS
 clean_setup:
    rm -r -f $(WIRESHARK_LIBS)/adns-1.0-win32-05
    rm -r -f $(WIRESHARK_LIBS)/gettext-0.14.5
@ -837,6 +862,12 @@ debug-tshark: tshark.exe
 	set INSTALL_DIR=$(INSTALL2_DIR)
 	$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-common-files

+# generate and install Wireshark GTK2 in INSTALL2_DIR
+debug-rawshark: rawshark.exe
+	set copycmd=/y
+	set INSTALL_DIR=$(INSTALL2_DIR)
+	$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-common-files
+
 # generate and install Wireshark GTK2 in INSTALL2_DIR
 debug-dumpcap: dumpcap.exe

@ -876,21 +907,24 @@ install-common-files:
 	xcopy epan\libwireshark.dll $(INSTALL_DIR) /d
 !ENDIF
 	xcopy ".\wiretap\wiretap-$(WTAP_VERSION).dll" $(INSTALL_DIR) /d
-	if exist ".\wiretap\wiretap-$(WTAP_VERSION).pdb" xcopy ".\wiretap\wiretap-$(WTAP_VERSION).pdb" $(INSTALL_DIR) /d	
+	if exist ".\wiretap\wiretap-$(WTAP_VERSION).pdb" xcopy ".\wiretap\wiretap-$(WTAP_VERSION).pdb" $(INSTALL_DIR) /d
 	xcopy ".\epan\libwireshark.dll" $(INSTALL_DIR) /d
-	if exist ".\epan\libwireshark.pdb" xcopy ".\epan\libwireshark.pdb" $(INSTALL_DIR) /d	
+	if exist ".\epan\libwireshark.pdb" xcopy ".\epan\libwireshark.pdb" $(INSTALL_DIR) /d
 	if exist tshark.exe xcopy tshark.exe $(INSTALL_DIR) /d
-	if exist tshark.pdb xcopy tshark.pdb $(INSTALL_DIR) /d	
+	if exist tshark.pdb xcopy tshark.pdb $(INSTALL_DIR) /d
+	if exist rawshark.exe xcopy rawshark.exe $(INSTALL_DIR) /d
+	if exist rawshark.exe.manifest xcopy rawshark.exe.manifest $(INSTALL_DIR) /d
+	if exist rawshark.pdb xcopy rawshark.pdb $(INSTALL_DIR) /d
 	if exist dumpcap.exe xcopy dumpcap.exe $(INSTALL_DIR) /d
-	if exist dumpcap.pdb xcopy dumpcap.pdb $(INSTALL_DIR) /d	
+	if exist dumpcap.pdb xcopy dumpcap.pdb $(INSTALL_DIR) /d
 	if exist mergecap.exe xcopy mergecap.exe $(INSTALL_DIR) /d
-	if exist mergecap.pdb xcopy mergecap.pdb $(INSTALL_DIR) /d	
+	if exist mergecap.pdb xcopy mergecap.pdb $(INSTALL_DIR) /d
 	if exist text2pcap.exe xcopy text2pcap.exe $(INSTALL_DIR) /d
-	if exist text2pcap.pdb xcopy text2pcap.pdb $(INSTALL_DIR) /d	
+	if exist text2pcap.pdb xcopy text2pcap.pdb $(INSTALL_DIR) /d
 	if exist capinfos.exe xcopy capinfos.exe $(INSTALL_DIR) /d
-	if exist capinfos.pdb xcopy capinfos.pdb $(INSTALL_DIR) /d	
+	if exist capinfos.pdb xcopy capinfos.pdb $(INSTALL_DIR) /d
 	if exist editcap.exe xcopy editcap.exe $(INSTALL_DIR) /d
-	if exist editcap.pdb xcopy editcap.pdb $(INSTALL_DIR) /d	
+	if exist editcap.pdb xcopy editcap.pdb $(INSTALL_DIR) /d
 	xcopy ".\AUTHORS-SHORT" $(INSTALL_DIR) /d
 	xcopy ".\manuf" $(INSTALL_DIR) /d
 	xcopy ".\services" $(INSTALL_DIR) /d
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -139,6 +139,18 @@ wireshark-filter.pod: wireshark-filter.pod.template  ../tshark
 	--noindex							\
 	$(srcdir)/dumpcap.pod > ../dumpcap.html

+../rawshark.1: rawshark.pod ../config.h
+	$(POD2MAN)					\
+	--center="The Wireshark Network Analyzer"	\
+	--release=$(VERSION)				\
+	$(srcdir)/rawshark.pod > ../rawshark.1
+
+../rawshark.html: rawshark.pod ../config.h
+	$(POD2HTML)                     \
+	--title="rawshark - The Wireshark Network Analyzer $(VERSION)"	\
+	--noindex							\
+	$(srcdir)/rawshark.pod > ../rawshark.html
+
 CLEANFILES =		\
 	wireshark-filter.pod \
 	wireshark-tmp.pod \
@ -159,7 +171,9 @@ CLEANFILES =		\
 	../dumpcap.1	\
 	../dumpcap.html	\
 	../idl2wrs.1	\
-	../idl2wrs.html
+	../idl2wrs.html	\
+	../rawshark.1	\
+	../rawshark.html

 DISTCLEANFILES =	\
 	pod2htmi.tmp	\
--- a/doc/Makefile.nmake
+++ b/doc/Makefile.nmake
@ -27,10 +27,11 @@
 include ../config.nmake

 doc: wireshark.html tshark.html wireshark-filter.html capinfos.html \
-	editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html
+	editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html \
+	rawshark.html

 man: wireshark.1 tshark.1 wireshark-filter.4 capinfos.1 editcap.1 \
-	idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1
+	idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1 rawshark.1

 wireshark-tmp.pod: wireshark.pod ../AUTHORS-SHORT-FORMAT
 	copy /B wireshark.pod + ..\AUTHORS-SHORT-FORMAT wireshark-tmp.pod
@ -161,6 +162,18 @@ dumpcap.html: dumpcap.pod ../config.h
 	--noindex                                 \
 	dumpcap.pod > dumpcap.html

+rawshark.1: rawshark.pod ../config.h
+	$(POD2MAN)                      \
+	--center="The Wireshark Network Analyzer" \
+	--release=$(VERSION)			 \
+	rawshark.pod > rawshark.1
+
+rawshark.html: rawshark.pod ../config.h
+	$(POD2HTML)                     \
+	--title="rawshark - The Wireshark Network Analyzer $(VERSION)" \
+	--noindex                                 \
+	rawshark.pod > rawshark.html
+
 clean:
 	rm -f wireshark.html wireshark.1 wireshark-tmp.pod
 	rm -f tshark.html tshark.1
@ -171,6 +184,7 @@ clean:
 	rm -f mergecap.html mergecap.1
 	rm -f text2pcap.html text2pcap.1
 	rm -f dumpcap.html dumpcap.1
+	rm -f rawshark.html rawshark.1
 	rm -f pod2htm*

 distclean: clean
--- a/doc/rawshark.pod
+++ b/doc/rawshark.pod
--- a/image/Makefile.nmake
+++ b/image/Makefile.nmake
@ -6,7 +6,7 @@ include ..\config.nmake

 # Nmake uses an implicit rule to build a .res from a .rc file!

-ALL_RC=wireshark.rc libwireshark.rc tshark.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
+ALL_RC=wireshark.rc libwireshark.rc tshark.rc rawshark.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
 all : $(ALL_RC)

 wireshark.exe.manifest: wireshark.exe.manifest.in ..\config.nmake
@ -30,6 +30,11 @@ tshark.rc  : tshark.rc.in ..\config.nmake
 		-e s/@RC_VERSION@/$(RC_VERSION)/ \
 		< tshark.rc.in > $@

+rawshark.rc  : rawshark.rc.in ..\config.nmake
+	sed -e s/@VERSION@/$(VERSION)/ \
+		-e s/@RC_VERSION@/$(RC_VERSION)/ \
+		< rawshark.rc.in > $@
+
 capinfos.rc    : capinfos.rc.in ..\config.nmake
 	sed -e s/@VERSION@/$(VERSION)/ \
 		-e s/@RC_VERSION@/$(RC_VERSION)/ \
--- a/image/rawshark.rc.in
+++ b/image/rawshark.rc.in
@ -0,0 +1,36 @@
+#include "winver.h"
+
+WIRESHARK_ICON		ICON			"wireshark.ico"
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION @RC_VERSION@,0
+ PRODUCTVERSION @RC_VERSION@,0
+ FILEFLAGSMASK 0x0L
+#ifdef _DEBUG
+ FILEFLAGS 0x3L
+#else
+ FILEFLAGS 0x2L
+#endif
+ FILEOS 0x4L
+ FILETYPE 0x1L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "The Wireshark developer community\0"
+            VALUE "FileDescription", "Rawshark\0"
+            VALUE "FileVersion", "@VERSION@\0"
+            VALUE "InternalName", "Rawshark @VERSION@\0"
+            VALUE "LegalCopyright", "Copyright © 2000 Gerald Combs <gerald@wireshark.org>, Gilbert Ramirez <gram@alumni.rice.edu> and others\0"
+            VALUE "OriginalFilename", "Rawshark.exe\0"
+            VALUE "ProductName", "Rawshark\0"
+            VALUE "ProductVersion", "@VERSION@\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
--- a/packaging/nsis/wireshark.nsi
+++ b/packaging/nsis/wireshark.nsi
@ -753,6 +753,15 @@ File "..\..\tshark.exe"
 File "..\..\doc\tshark.html"
 SectionEnd

+Section "Rawshark" SecRawshark
+;-------------------------------------------
+!ifdef GTK1_DIR & GTK2_DIR
+SectionIn 1 2
+!endif
+SetOutPath $INSTDIR
+File "..\..\rawshark.exe"
+SectionEnd
+
 SectionGroup "Plugins / Extensions" SecPluginsGroup

 Section "Dissector Plugins" SecPlugins
@ -894,6 +903,12 @@ Section "Uninstall" un.SecUinstall
 SectionIn 1 2
 SetShellVarContext all

+Delete "$INSTDIR\rawshark.exe"
+IfErrors 0 NoRawsharkErrorMsg
+	MessageBox MB_OK "Please note: rawshark.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if rawshark.exe removed
+	Abort "Please note: rawshark.exe could not be removed, it's probably in use! Abort uninstall process!"
+NoRawsharkErrorMsg:
+
 Delete "$INSTDIR\tshark.exe"
 IfErrors 0 NoTSharkErrorMsg
 	MessageBox MB_OK "Please note: tshark.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if tshark.exe removed
@ -1114,6 +1129,7 @@ SectionEnd
 !endif
 !endif
  !insertmacro MUI_DESCRIPTION_TEXT ${SecTShark} "TShark is a text based network protocol analyzer."
+  !insertmacro MUI_DESCRIPTION_TEXT ${SecRawshark} "Rawshark is a raw packet filter."
  !insertmacro MUI_DESCRIPTION_TEXT ${SecPluginsGroup} "Some plugins and extensions for both Wireshark and TShark."
  !insertmacro MUI_DESCRIPTION_TEXT ${SecPlugins} "Plugins with some extended dissections."
  !insertmacro MUI_DESCRIPTION_TEXT ${SecStatsTree} "Plugin for some extended statistics."
--- a/rawshark.c
+++ b/rawshark.c