Add rawshark, a utility that, when given raw pcap-formatted packets and
a list of fields, prints the field values found in each packet. Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http". svn path=/trunk/; revision=24339
This commit is contained in:
parent
6537c76fb6
commit
98bacb3556
4
AUTHORS
4
AUTHORS
|
@ -2705,6 +2705,10 @@ Thomas Dreibholz <dreibh [AT] iem.uni-due.de> {
|
|||
Scripting Service Protocol support
|
||||
}
|
||||
|
||||
Loris Degioanni <loris.degioanni [AT] cacetech.com> {
|
||||
Rawshark
|
||||
}
|
||||
|
||||
and by:
|
||||
|
||||
Pavel Roskin <proski [AT] gnu.org>
|
||||
|
|
|
@ -577,6 +577,7 @@ EXTRA_DIST = \
|
|||
doc/idl2wrs.pod \
|
||||
doc/mergecap.pod \
|
||||
doc/randpkt.txt \
|
||||
doc/rawshark.pod \
|
||||
doc/sgml.doc.template \
|
||||
doc/text2pcap.pod \
|
||||
doc/tshark.pod \
|
||||
|
@ -808,6 +809,10 @@ dumpcap.1: doc/dumpcap.pod
|
|||
(cd doc ; \
|
||||
$(MAKE) ../dumpcap.1 )
|
||||
|
||||
rawshark.1: doc/rawshark.pod
|
||||
(cd doc ; \
|
||||
$(MAKE) ../rawshark.1 )
|
||||
|
||||
wireshark.html: doc/wireshark.pod AUTHORS-SHORT-FORMAT
|
||||
(cd doc ; \
|
||||
$(MAKE) ../wireshark.html )
|
||||
|
@ -844,6 +849,10 @@ dumpcap.html: doc/dumpcap.pod
|
|||
(cd doc ; \
|
||||
$(MAKE) ../dumpcap.html )
|
||||
|
||||
rawshark.html: doc/rawshark.pod
|
||||
(cd doc ; \
|
||||
$(MAKE) ../rawshark.html )
|
||||
|
||||
libtool: $(LIBTOOL_DEPS)
|
||||
$(SHELL) ./config.status --recheck
|
||||
|
||||
|
|
|
@ -191,6 +191,18 @@ tshark_SOURCES = \
|
|||
tshark-tap-register.c \
|
||||
tshark.c
|
||||
|
||||
# rawshark specifics
|
||||
rawshark_SOURCES = \
|
||||
$(WIRESHARK_COMMON_SRC) \
|
||||
capture_opts.c \
|
||||
capture_loop.c \
|
||||
capture_stop_conditions.c \
|
||||
conditions.c \
|
||||
pcapio.c \
|
||||
ringbuffer.c \
|
||||
tempfile.c \
|
||||
rawshark.c
|
||||
|
||||
# text2pcap specifics
|
||||
text2pcap_SOURCES = \
|
||||
text2pcap.c \
|
||||
|
|
|
@ -30,6 +30,7 @@ include Makefile.common
|
|||
|
||||
wireshark_OBJECTS = $(wireshark_SOURCES:.c=.obj)
|
||||
tshark_OBJECTS = $(tshark_SOURCES:.c=.obj)
|
||||
rawshark_OBJECTS = $(rawshark_SOURCES:.c=.obj)
|
||||
dftest_OBJECTS = $(dftest_SOURCES:.c=.obj)
|
||||
dumpcap_OBJECTS = $(dumpcap_SOURCES:.c=.obj)
|
||||
randpkt_OBJECTS = $(randpkt_SOURCES:.c=.obj)
|
||||
|
@ -75,6 +76,23 @@ tshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
|||
$(GNUTLS_LIBS)
|
||||
!ENDIF
|
||||
|
||||
rawshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
||||
wsock32.lib user32.lib \
|
||||
$(GLIB_LIBS) \
|
||||
!IFDEF ENABLE_LIBWIRESHARK
|
||||
epan\libwireshark.lib \
|
||||
!ELSE
|
||||
epan\dissectors\dissectors.lib \
|
||||
epan\wireshark.lib \
|
||||
epan\crypt\airpdcap.lib \
|
||||
epan\dfilter\dfilter.lib \
|
||||
epan\ftypes\ftypes.lib \
|
||||
$(ADNS_LIBS) \
|
||||
$(PCRE_LIBS) \
|
||||
$(ZLIB_LIBS) \
|
||||
$(GNUTLS_LIBS)
|
||||
!ENDIF
|
||||
|
||||
capinfos_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
||||
wsock32.lib user32.lib shell32.lib \
|
||||
$(GLIB_LIBS)
|
||||
|
@ -115,12 +133,13 @@ randpkt_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
|
|||
user32.lib \
|
||||
$(GLIB_LIBS)
|
||||
|
||||
EXECUTABLES=wireshark.exe wireshark-gtk2.exe tshark.exe \
|
||||
EXECUTABLES=wireshark.exe wireshark-gtk2.exe tshark.exe rawshark.exe \
|
||||
capinfos.exe editcap.exe mergecap.exe text2pcap.exe randpkt.exe dumpcap.exe
|
||||
|
||||
RESOURCES=image\wireshark.res image\libwireshark.res image\tshark.res \
|
||||
image\capinfos.res image\editcap.res image\mergecap.res \
|
||||
image\text2pcap.res image\wiretap.res image\dumpcap.res
|
||||
image\text2pcap.res image\wiretap.res image\dumpcap.res \
|
||||
image\rawshark.res
|
||||
|
||||
LIBS_CHECK=_libs_check_
|
||||
|
||||
|
@ -229,6 +248,12 @@ tshark.exe : $(LIBS_CHECK) config.h svnversion.h $(tshark_OBJECTS) getopt.obj in
|
|||
mt.exe -nologo -manifest "tshark.exe.manifest" -outputresource:tshark.exe;1
|
||||
!ENDIF
|
||||
|
||||
rawshark.exe : $(LIBS_CHECK) config.h svnversion.h $(rawshark_OBJECTS) getopt.obj inet_ntop.obj epan image\rawshark.res wiretap\wiretap-$(WTAP_VERSION).lib plugins
|
||||
@echo Linking $@
|
||||
$(LINK) @<<
|
||||
/OUT:rawshark.exe $(conflags) $(conlibsdll) $(LDFLAGS) /LARGEADDRESSAWARE /SUBSYSTEM:console $(rawshark_LIBS) $(rawshark_OBJECTS) getopt.obj inet_ntop.obj image\rawshark.res
|
||||
<<
|
||||
|
||||
capinfos.exe : $(LIBS_CHECK) config.h capinfos.obj getopt.obj epan/unicode-utils.obj epan/plugins.obj epan/report_err.obj epan/privileges.obj epan/filesystem.obj wiretap\wiretap-$(WTAP_VERSION).lib image\capinfos.res
|
||||
@echo Linking $@
|
||||
$(LINK) @<<
|
||||
|
@ -837,6 +862,12 @@ debug-tshark: tshark.exe
|
|||
set INSTALL_DIR=$(INSTALL2_DIR)
|
||||
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-common-files
|
||||
|
||||
# generate and install Wireshark GTK2 in INSTALL2_DIR
|
||||
debug-rawshark: rawshark.exe
|
||||
set copycmd=/y
|
||||
set INSTALL_DIR=$(INSTALL2_DIR)
|
||||
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-common-files
|
||||
|
||||
# generate and install Wireshark GTK2 in INSTALL2_DIR
|
||||
debug-dumpcap: dumpcap.exe
|
||||
|
||||
|
@ -881,6 +912,9 @@ install-common-files:
|
|||
if exist ".\epan\libwireshark.pdb" xcopy ".\epan\libwireshark.pdb" $(INSTALL_DIR) /d
|
||||
if exist tshark.exe xcopy tshark.exe $(INSTALL_DIR) /d
|
||||
if exist tshark.pdb xcopy tshark.pdb $(INSTALL_DIR) /d
|
||||
if exist rawshark.exe xcopy rawshark.exe $(INSTALL_DIR) /d
|
||||
if exist rawshark.exe.manifest xcopy rawshark.exe.manifest $(INSTALL_DIR) /d
|
||||
if exist rawshark.pdb xcopy rawshark.pdb $(INSTALL_DIR) /d
|
||||
if exist dumpcap.exe xcopy dumpcap.exe $(INSTALL_DIR) /d
|
||||
if exist dumpcap.pdb xcopy dumpcap.pdb $(INSTALL_DIR) /d
|
||||
if exist mergecap.exe xcopy mergecap.exe $(INSTALL_DIR) /d
|
||||
|
|
|
@ -139,6 +139,18 @@ wireshark-filter.pod: wireshark-filter.pod.template ../tshark
|
|||
--noindex \
|
||||
$(srcdir)/dumpcap.pod > ../dumpcap.html
|
||||
|
||||
../rawshark.1: rawshark.pod ../config.h
|
||||
$(POD2MAN) \
|
||||
--center="The Wireshark Network Analyzer" \
|
||||
--release=$(VERSION) \
|
||||
$(srcdir)/rawshark.pod > ../rawshark.1
|
||||
|
||||
../rawshark.html: rawshark.pod ../config.h
|
||||
$(POD2HTML) \
|
||||
--title="rawshark - The Wireshark Network Analyzer $(VERSION)" \
|
||||
--noindex \
|
||||
$(srcdir)/rawshark.pod > ../rawshark.html
|
||||
|
||||
CLEANFILES = \
|
||||
wireshark-filter.pod \
|
||||
wireshark-tmp.pod \
|
||||
|
@ -159,7 +171,9 @@ CLEANFILES = \
|
|||
../dumpcap.1 \
|
||||
../dumpcap.html \
|
||||
../idl2wrs.1 \
|
||||
../idl2wrs.html
|
||||
../idl2wrs.html \
|
||||
../rawshark.1 \
|
||||
../rawshark.html
|
||||
|
||||
DISTCLEANFILES = \
|
||||
pod2htmi.tmp \
|
||||
|
|
|
@ -27,10 +27,11 @@
|
|||
include ../config.nmake
|
||||
|
||||
doc: wireshark.html tshark.html wireshark-filter.html capinfos.html \
|
||||
editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html
|
||||
editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html \
|
||||
rawshark.html
|
||||
|
||||
man: wireshark.1 tshark.1 wireshark-filter.4 capinfos.1 editcap.1 \
|
||||
idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1
|
||||
idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1 rawshark.1
|
||||
|
||||
wireshark-tmp.pod: wireshark.pod ../AUTHORS-SHORT-FORMAT
|
||||
copy /B wireshark.pod + ..\AUTHORS-SHORT-FORMAT wireshark-tmp.pod
|
||||
|
@ -161,6 +162,18 @@ dumpcap.html: dumpcap.pod ../config.h
|
|||
--noindex \
|
||||
dumpcap.pod > dumpcap.html
|
||||
|
||||
rawshark.1: rawshark.pod ../config.h
|
||||
$(POD2MAN) \
|
||||
--center="The Wireshark Network Analyzer" \
|
||||
--release=$(VERSION) \
|
||||
rawshark.pod > rawshark.1
|
||||
|
||||
rawshark.html: rawshark.pod ../config.h
|
||||
$(POD2HTML) \
|
||||
--title="rawshark - The Wireshark Network Analyzer $(VERSION)" \
|
||||
--noindex \
|
||||
rawshark.pod > rawshark.html
|
||||
|
||||
clean:
|
||||
rm -f wireshark.html wireshark.1 wireshark-tmp.pod
|
||||
rm -f tshark.html tshark.1
|
||||
|
@ -171,6 +184,7 @@ clean:
|
|||
rm -f mergecap.html mergecap.1
|
||||
rm -f text2pcap.html text2pcap.1
|
||||
rm -f dumpcap.html dumpcap.1
|
||||
rm -f rawshark.html rawshark.1
|
||||
rm -f pod2htm*
|
||||
|
||||
distclean: clean
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -6,7 +6,7 @@ include ..\config.nmake
|
|||
|
||||
# Nmake uses an implicit rule to build a .res from a .rc file!
|
||||
|
||||
ALL_RC=wireshark.rc libwireshark.rc tshark.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
|
||||
ALL_RC=wireshark.rc libwireshark.rc tshark.rc rawshark.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
|
||||
all : $(ALL_RC)
|
||||
|
||||
wireshark.exe.manifest: wireshark.exe.manifest.in ..\config.nmake
|
||||
|
@ -30,6 +30,11 @@ tshark.rc : tshark.rc.in ..\config.nmake
|
|||
-e s/@RC_VERSION@/$(RC_VERSION)/ \
|
||||
< tshark.rc.in > $@
|
||||
|
||||
rawshark.rc : rawshark.rc.in ..\config.nmake
|
||||
sed -e s/@VERSION@/$(VERSION)/ \
|
||||
-e s/@RC_VERSION@/$(RC_VERSION)/ \
|
||||
< rawshark.rc.in > $@
|
||||
|
||||
capinfos.rc : capinfos.rc.in ..\config.nmake
|
||||
sed -e s/@VERSION@/$(VERSION)/ \
|
||||
-e s/@RC_VERSION@/$(RC_VERSION)/ \
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
#include "winver.h"
|
||||
|
||||
WIRESHARK_ICON ICON "wireshark.ico"
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION @RC_VERSION@,0
|
||||
PRODUCTVERSION @RC_VERSION@,0
|
||||
FILEFLAGSMASK 0x0L
|
||||
#ifdef _DEBUG
|
||||
FILEFLAGS 0x3L
|
||||
#else
|
||||
FILEFLAGS 0x2L
|
||||
#endif
|
||||
FILEOS 0x4L
|
||||
FILETYPE 0x1L
|
||||
FILESUBTYPE 0x0L
|
||||
BEGIN
|
||||
BLOCK "StringFileInfo"
|
||||
BEGIN
|
||||
BLOCK "040904b0"
|
||||
BEGIN
|
||||
VALUE "CompanyName", "The Wireshark developer community\0"
|
||||
VALUE "FileDescription", "Rawshark\0"
|
||||
VALUE "FileVersion", "@VERSION@\0"
|
||||
VALUE "InternalName", "Rawshark @VERSION@\0"
|
||||
VALUE "LegalCopyright", "Copyright © 2000 Gerald Combs <gerald@wireshark.org>, Gilbert Ramirez <gram@alumni.rice.edu> and others\0"
|
||||
VALUE "OriginalFilename", "Rawshark.exe\0"
|
||||
VALUE "ProductName", "Rawshark\0"
|
||||
VALUE "ProductVersion", "@VERSION@\0"
|
||||
END
|
||||
END
|
||||
BLOCK "VarFileInfo"
|
||||
BEGIN
|
||||
VALUE "Translation", 0x409, 1200
|
||||
END
|
||||
END
|
|
@ -753,6 +753,15 @@ File "..\..\tshark.exe"
|
|||
File "..\..\doc\tshark.html"
|
||||
SectionEnd
|
||||
|
||||
Section "Rawshark" SecRawshark
|
||||
;-------------------------------------------
|
||||
!ifdef GTK1_DIR & GTK2_DIR
|
||||
SectionIn 1 2
|
||||
!endif
|
||||
SetOutPath $INSTDIR
|
||||
File "..\..\rawshark.exe"
|
||||
SectionEnd
|
||||
|
||||
SectionGroup "Plugins / Extensions" SecPluginsGroup
|
||||
|
||||
Section "Dissector Plugins" SecPlugins
|
||||
|
@ -894,6 +903,12 @@ Section "Uninstall" un.SecUinstall
|
|||
SectionIn 1 2
|
||||
SetShellVarContext all
|
||||
|
||||
Delete "$INSTDIR\rawshark.exe"
|
||||
IfErrors 0 NoRawsharkErrorMsg
|
||||
MessageBox MB_OK "Please note: rawshark.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if rawshark.exe removed
|
||||
Abort "Please note: rawshark.exe could not be removed, it's probably in use! Abort uninstall process!"
|
||||
NoRawsharkErrorMsg:
|
||||
|
||||
Delete "$INSTDIR\tshark.exe"
|
||||
IfErrors 0 NoTSharkErrorMsg
|
||||
MessageBox MB_OK "Please note: tshark.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if tshark.exe removed
|
||||
|
@ -1114,6 +1129,7 @@ SectionEnd
|
|||
!endif
|
||||
!endif
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecTShark} "TShark is a text based network protocol analyzer."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecRawshark} "Rawshark is a raw packet filter."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecPluginsGroup} "Some plugins and extensions for both Wireshark and TShark."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecPlugins} "Plugins with some extended dissections."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SecStatsTree} "Plugin for some extended statistics."
|
||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue