Add section about common regex pitfalls and correct some examples.
Also add a more information about the string field type, including
an explanation of byte escape sequences.
Ping #15716.
The tshark help and documentation has been incorrect for at least
eight years, claiming that by default all name resolutions are
performed. Fixes#11762
Modify YAML output format so it includes information about peers and
absolute timestamps for each packet.
This also adds yaml output to tshark: -z follow,tcp,yaml,X
When button is pressed or triggered by shortcut, it opens same
window as before.
User can click small arrow next to button and it open menu with all
new actions e.g. Set/Add/Remove for RTP Player.
Documentation updated.
Code is NOT able to do VAD (Voice Activity Detection) so audio silence
(sequence of equal samples) nor noise are not recognized as silence. Just
missing RTP (Confort Noise, interupted RTP, ...) and muted streams are
recognized as silence for this feature.
User can control duration of shortest silence to skip.
Updated documentation.
New advanced settings are created:
- rtp_player_use_disk1 - controls if decoded samples are stored in
memory or on disk.
- rtp_player_use_disk2 - controls if dictionary for decoded samples
is stored in memory or on disk.
- documentation updated
When user press S(elect)/D(eselect) key, all RTP streams related to
selected call/calls are selected/deselected in RTP Streams window. If
window is not shown, it is opened.
Documentation updated.
Changes:
- RTP Player added to Telephony/RTP menu.
- When openning RTP Analysis or RTP Player from RTP menu, just selected
stream is added. When Ctrl is hold during opening, reverse stream is
searched and added too.
- RTP Player: Added tool to select/deselect all inaudible streams
- RTP Player: Added Prepare Filter button
- RTP Player: Added Analyze button
- RTP Analysis: Added Prepare Filter button
- documentation updated
Code changes:
- RTP Player::rescanPacket() is not fired multiple times during rate change and during dialog creation
- Error shown in RTP player is cleared after every new decode of streams
- RTP Player handles case when Qt do not emit stop stream event
- "Select" menu code unified between dialogs>
- RTP Player: Audio routing menu unified
- buttons are connected to actions by signals()
- Analyze dialog is called by list of rtpstream_id, not rtpstream_info
Retap and UI response are much faster when many RTP streams are
processed. RTP Streams/Analyse 1000+, RTP Player 500+.
Changes:
- RTP streams are searched with hash, not by iterating over list.
- UI operations do not redraw screen after every change, just after all
changes. UI is locked when rereading packets.
- Sample list during RTP decoding is stored in memory so wireshark uses
just half of opened files for audio decoding than before.
- Analysis window checkbox area is limited in height
- Dialogs shows shows count of streams, count of selected streams and
count of unmuted streams
- Documentation extended with chapter about RTP decoding parameters
- Documentation extended with performance estimates
Changes:
- Added description of playlist idea and related operations
- Added description of RTP Player dialog
- Added description of VoIP Calls dialog
- Added description of Flow Graph dialog
- Added help link to Flow Graph dialog
- Added description of RTP Streams window
- Added description of RTP Stream Analysis window
- Updated related past images
Added documentation on the Regular Expression import mode
Added documentation for the associated ui-fields
Updated the screenshot for the import-from-hexdump dialog
Added a screenshot of the Regular expression mode tab
Updated the documentation for the updated Timestamp format
Added an entry in the release notes about this new/updated feature
Introduce a new TCP preference to allow the user to choose the
precedence between Fast Retransmission or Out-Of-Order. When
performing the SEQ analysis, ambiguous packets will be considered
with the chosen priority, helping in the final interpretation.
Closes#15987
In rare circumstances Spurious Retransmissions are not detected
and the SEQ analysis would instead conclude with a Fast Retransmit
or an Out-Of-Order. As Spurious Retransmissions are more certain
than the latter ones, their respective precedences are changed.
The documentation is updated accordingly. Closes#13863.
Add missing entries, regularize the descriptions, etc..
Note that pcap and pcapng are the native formats.
Fix various issues.
Update the editcap -F output to match urrent reality.
While we're at it, sort the libwiretap modules, putting observer.c in
the right place.
This pull request includes:
* The "Follow DCCP stream" feature.
* Updated docbook documentation for the "Follow DCCP stream" feature.
* Test for the feature.
* Corresponding packet trace for the test.
In some circumstances when dealing with a series of out-of-order
packets, the last packet of this series is marked as a
retransmission instead of an out-of-order. Closes#17214.
fixed the display filter explanation, corrected the screenshot, added the levels description
minor changes to export PDUs to file section
adding important part about exporting PDUs by AndersBroman comment
applying SME suggestions
Improve script by ignoring common contractions, dealing with
e.g. \n within strings, and finding multiple concatenated words even
when no camelCase is used.
Also includes some actual spelling fixes.
Replace bugs.wireshark.org links with their equivalent
gitlab.com/wireshark/wireshark/issues links in the AsciiDoctor buglink
macro and the please_report_bug function. Update the bug URLs in
comments in the tools and test directories.
Add a new top-level view that shows each packet as a series of diagrams
similar to what you'd find in a networking textook or an RFC.
Add proto_item_set_bits_offset_len so that we can display some diagram
fields correctly.
Bugs / to do:
- Make this a separate dialog instead of a main window view?
- Handle bitfields / flags
Change-Id: Iba4897a5bf1dcd73929dde6210d5483cf07f54df
Reviewed-on: https://code.wireshark.org/review/37497
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extcap binaries are not part of default install.
Normal (graphical) allows them to be selected for installation.
Add flags to allow install when doing command line (silent) install.
Ping-Bug: 16562
Change-Id: I6ce0fa3b46f9820dc7f66945cda963a3f629579b
Reviewed-on: https://code.wireshark.org/review/37185
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since Wireshark 3.2 the filter toolbar no longer has an Expression button.
Remove this from the Users Guide as well.
Change-Id: I54d0356c42ff599296fa800e7d730e6098f35976
Reviewed-on: https://code.wireshark.org/review/37338
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a "recent_common" description and update it and the "recent"
description. Update the "manuf" description. Alphabetize the lists of
configuration files. Update some markup.
Change-Id: I3d3cd451dbaa1778eb7dd841b162dff8c6ba99c1
Reviewed-on: https://code.wireshark.org/review/37310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Expand the description of the "TCP ZeroWindow" analysis flag.
Change-Id: Icf9b5cb60d305150eb13e5d74f4a4d2008fa96e4
Reviewed-on: https://code.wireshark.org/review/36938
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to
https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/
[discrete] is preferred over [float] for discrete headings.
Change-Id: I4d67a72c19a8cf75ad8cf37c55e6f5abddb14d04
Reviewed-on: https://code.wireshark.org/review/36925
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the name resolution section of the User's Guide. Use title case
in the rest of the chapter and switch [float]s to [discrete]s.
Change-Id: I7093de72592466c32e130b952f9979f1b47fa280
Reviewed-on: https://code.wireshark.org/review/36923
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an illustration of the advanced preferences along with some examples
from https://wiki.wireshark.org/Preferences/Layout.
Change-Id: I5dd6afe06bef9a0f5e1862f13fb716d63032cd96
Reviewed-on: https://code.wireshark.org/review/36927
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Change-Id: I45ae45f61042dc612a63727e9790bf3c036fa608
Reviewed-on: https://code.wireshark.org/review/36533
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the Service Response Time section of the User's Guide. The sample
captures page had a nice SMB2 capture file, so use that for the example.
Use title case for "Diameter" to match the RFCs.
Change-Id: Icff510dbe2d77db9cd42548ad58439d17282e851
Reviewed-on: https://code.wireshark.org/review/36421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the I/O Graphs section of the User's Guide. Use the name "I/O
Graphs" consistently.
Update the image thanks to Chuck Craft.
Ping-Bug: 16359
Change-Id: I6b60fd1b79a849e4467c7ca7927279e16dd6e671
Reviewed-on: https://code.wireshark.org/review/35762
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When entering a deprecated protocol name in the filter a warning is
placed in the status bar to this effect. The new protocol name is
not reveiled though, leaving the user in doubt what to use.
This change adds the new protocol name to the text in the status bar.
Change-Id: Ib892f79893471065eca81c7cf17e165256fdc9a9
Reviewed-on: https://code.wireshark.org/review/36086
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Windows installers are signed by the "Wireshark Foundation, Inc."
Change-Id: I69881faccaf6345c25d8e106e3dbb96bdc302599
Reviewed-on: https://code.wireshark.org/review/36302
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Provide more details about the threshold used for TCP Out-Of-Order
detection.
Switch from dashes for lists to asterisks as recommended at
https://asciidoctor.org/docs/asciidoc-recommended-practices
Change-Id: Ibb6d3d3d5ca15acba5f679ea26142d65f96c69a8
Reviewed-on: https://code.wireshark.org/review/35840
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
We don't currently distinguish between missing and zero values in I/O
graphs. This can be problematic in scatter plots since the plot points
tend to show up as chartjunk which overwhelms the X axis. In plain,
non-calculated plots assume that zero values mean "missing" and omit
those points.
Describe this in the User's Guide, but comment the text out for now
pending a full update to the I/O Graph section.
Switch to title case in our default graphs. Make the TCP Errors graph
red by default.
Change-Id: I92dcbf05f58ae0b7b7734fa8dfc342424bbea114
Reviewed-on: https://code.wireshark.org/review/35645
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Note that you can edit the packet ranges shown in the Packet Lengths
dialog.
Change-Id: I23170de175e5b7cf5545240b3e4c8be716ce2c27
Reviewed-on: https://code.wireshark.org/review/35638
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a section for the Packet Lengths window. Use title case for the
column headers. Fix a button name and other issues elsewhere.
Change-Id: I339d56aa169158e0788acd02a897729205e9f50e
Reviewed-on: https://code.wireshark.org/review/35615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Update the Expert Information section of the User's Guide. Use the term
"Expert Information" to describe the dialog and "expert information
item" to describe each generated item. Update related text elsewhere.
Update the expert icon and other parts of the status bar docs.
Change-Id: I0c2cba0cbb3c74a1f6e3a37d4a2a592faccb350f
Reviewed-on: https://code.wireshark.org/review/35462
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove the last of our description list term formatting. This is better
handled using CSS. Update the filter expression dialog DL text.
Change-Id: Ib21e2ee5265c9b476d960e7d73ac99b25b646141
Reviewed-on: https://code.wireshark.org/review/35437
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove some formatting and link to the list archives.
Change-Id: I45c5a24b4a6d01234aafab71dc080cf98f4e22cf
Reviewed-on: https://code.wireshark.org/review/35435
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add an "Export Specified Packets" section. Update the "Export Packet
Dissections," "Packet Range," and "Packet Format" sections. Update some
markup and text throughout the chapter.
Change-Id: I7b7c6fcc41c4fdc684c86a34364ed9baa5123d15
Reviewed-on: https://code.wireshark.org/review/35359
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update a few screenshots and associated text. (The file open, save as,
and merge images date back to the Ethereal era!) The interface options
dialog no longer exists, so remove that screenshot and text.
Mark GTK+ and outdated images as such in CMakeLists.txt.
Change-Id: Ia01788434a1c96dd3f527c9d4ae34b1ca30f92d7
Reviewed-on: https://code.wireshark.org/review/35345
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update some of the FAQ and WSUG content for Windows 7's impending
demise. Add supported releases for macOS and other updates.
Change-Id: I5741ac631f39803fa060e9f5c2006a75cb54136f
Reviewed-on: https://code.wireshark.org/review/35333
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a section for the Wireless menu.
Remove some unused images. It doesn't look like we ever used
ws-*-preferences.png. They had ENTITY definitions in the original XML,
but those weren't referenced anywhere.
Change-Id: I7f027b48ef22c8680f6224f189d4e9d0bd8114c0
Reviewed-on: https://code.wireshark.org/review/35328
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.
Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The update_tools_help CMake target is periodically run, but the output
of `wireshark -h` was previously not included.
Bug: 16166
Change-Id: Ib7aac89ff31d7b7c7033496b512d97bfbd727aaa
Reviewed-on: https://code.wireshark.org/review/35205
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Documentation of the Wireshark command line options between help text,
manual page and user's guide diverged over time. One aspect of this is
the implementation of more long options. This change tries to update
all documentation to be complete and in sync again.
Bug: 16168
Change-Id: Id833fbeb14fdb7b3dbc1564504a25d96f4367c91
Reviewed-on: https://code.wireshark.org/review/35047
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Used egrep "\b([a-zA-Z]+) \1\b" docbook/wsug_src/*.adoc to find instances
where words were erroneously duplicated.
Change-Id: Ie390fa4f1c61a288ff0ed77aa84c4fb01f4de27e
Reviewed-on: https://code.wireshark.org/review/34725
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. A C-style Protocol Buffers Language (PBL) parser for *.proto file is added.
It contains protobuf_lang_scanner.l (lex scanner), epan/protobuf_lang.y (grammar
parser), and protobuf_lang_tree.h/c (grammar tree implementation).
2. The protobuf-helper.h/cpp is an interface wrapper layer. If one day C++ is allowed,
we can create a protobuf-helper.cpp file, which using offical protobuf C++
library, to replace protobuf-helper.c. That keeps packet-protobuf.c unchanged.
3. User can specify protobuf search paths, and the UDP ports to protobuf message type
maps at the Protobuf protocol preferences.
4. Other dissectors can pass the message type to Protobuf dissector by data parameter
or pinfo->private_table["pb_msg_type"] (pinfo.private["pb_msg_type"] in lua).
Some Sample of GRPC with Protobuf captures can be found in Bug: 13932.
Bug: 13932
Change-Id: Ife16c2f7b381296f8db4740dabe5f8362a456f48
Reviewed-on: https://code.wireshark.org/review/22892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The QUIC transport protocol provides a stream, similar to HTTP/2. Make
it possible to look at the stream contents. This can be helpful while
HTTP/3 support is not yet complete.
Known issues that will be addressed in the future:
- If a single packet contains multiple streams, then Follow QUIC Stream
will wrongly include data from streams other than the selected one.
This is tracked by bug 16093 and affects HTTP/2 as well.
- The Substream index menu does not properly filter for available
stream numbers. If a non-existing stream is selected, then changing
to another (potentially valid) index results in the "Capture file
invalid." error. As workaround, clear the display filter first.
- Follow Stream always selects Stream ID 0 instead of the first or
currently selected stream field in a packet. Users should manually
update the stream index as needed.
Change-Id: I5866be380d58c96f0a71a29abdbd1be20ae3534a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/34694
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>