as well as individual packets.
I needed to grab quite a few from the middle of a large capture file.
Will eventually need to sort the extract list.
svn path=/trunk/; revision=1498
to "util.c", and provide a routine to free that list as well.
When picking an interface on which to do a capture (if no "-i" flag was
specified), use that routine, and pick the first interface on the list.
svn path=/trunk/; revision=1495
zlib problems, and my workaround appears to handle that problem, so
let's reenable zlib support in NetBSD and look into it in more detail if
there's still a problem.
svn path=/trunk/; revision=1494
no longer optionally compile the snmp dissector. But I left the dist-hook
line in the Makefile.am in case we're ever in that situation again.
svn path=/trunk/; revision=1492
rather than making it static.
Don't print the "Capturing on <interface>" message until you actually
start capturing, and print it regardless of whether the interface was
explicitly specified or not (that's what snoop and tcpdump do).
svn path=/trunk/; revision=1485
linking with "-lsnmp".
Link only Ethereal and Tethereal with "-lpcap"; don't link editcap, or
any of the test programs that the configure script builds, with it
(because that means you also have to arrange that those test programs be
linked with @SOCKET_LIBS@ and @NSL_LIBS@) - i.e., don't add it to LIBS,
add it to PCAP_LIBS, and use that only for programs that need it.
svn path=/trunk/; revision=1484
make it link with them.
Provide dependencies for Tethereal as well.
Tethereal may need to be linked with "-lsocket" and/or "-lnsl"; check
for that, and arrange that it be linked with them if necessary.
svn path=/trunk/; revision=1483
or to Ethereal when the "-k" flag is specified, i.e. when a capture is
to be started immediately, use "pcap_lookupdev()" to pick an interface,
just as tcpdump does.
svn path=/trunk/; revision=1482
to a type requiring 2-byte or better alignment and was then
dereferenced; doing that requires that the code generated by your
compiler not trap if it makes an unaligned reference, and on most RISC
processors the code generated by the compiler *will* trap on an
unaligned reference by default.
svn path=/trunk/; revision=1480
with MSVC 6.0 and 'nmake', the make tool that comes with MSVC.
It compiles, links, and runs. It doesn't run correctly. There's a problem
when reading files. I'm getting short reads. I'm not linking in zlib or
libsnmp because it first needs to be debugged.
I changed the plugin code to use gmodule instead of libltdl, but the
Unix build still links ethereal against libltdl. I'll fix that tonight; sorry
about leaving it in such a sad state, but I wanted to check in this code
before I left work on a Friday night. Ethereal still works, but the
building is less than optimal.
svn path=/trunk/; revision=1479
"pcap_open_live()" a network interface name rather than a "dlpiN" name
(where "N" is the PPA for the device, as reported by lanscan).
svn path=/trunk/; revision=1473
editcap.
Expand the list of OSes on which Ethereal has (at least at one time)
been built and used.
Note that systems other than Solaris that use DLPI (e.g., HP-UX) may
also have "/dev" entries that can be made more widely readable and
writable to allow non-root users to capture packets.
Note that we can read "i4btrace" capture files.
Note that we now always do SNMP dissection, and that an external library
just allows us to do more sophisticated dissection.
svn path=/trunk/; revision=1470
registered as a type for CDP, and CDP packets appear to be LLC packets
with an OUI of 00-00-0C, not the encapsulated Ethernet OUI of 00-00-00.
svn path=/trunk/; revision=1465
hideous problem on FreeBSD 3.[23] (and perhaps other BSDs) if
HAVE_UNISTD_H is defined before "zlib.h" is included, turn "file_seek()"
into a subroutine defined in a file that *undefines* HAVE_UNISTD_H
before including "zlib.h", so that the *only* call to "gzseek()" is made
from a file that does not have HAVE_UNISTD_H defined when it includes
"zlib.h".
Move "file_error()" to that file while you're at it, so it holds all the
wrappers that hide the presence or absence of zlib from routines to read
capture files.
Turn "file.h", which declared those wrapper functions as well as wrapper
macros, into "file_wrapper.h" - it belongs with the "file_wrapper.c"
file that defines the wrapper functions, not with "file.c" which handles
higher-layer file access functions.
Remove the comment in "configure.in" that explained why defining
HAVE_UNISTD_H was a bad idea, as we're not obliged to define it and work
around the problem. (The comment in "file_wrapper.c" explains the
workaround.)
svn path=/trunk/; revision=1463
In Q.931 and Q.2931, the TR 9577 values are NLPIDs, so use "nlpid_vals"
to dissect them, and values from "nlpid.h" to refer to them.
svn path=/trunk/; revision=1461
file, not when filtering or colorizing packets - filtering shouldn't
change the frame number of a frame (yes, this means that a filtered
display won't necessarily have packets numbered contiguously 1 through N
- that's a feature).
svn path=/trunk/; revision=1456
dissector.
Add a "value_string" table for NLPIDs to the OSI dissector, and export
it for use by the CDP dissector.
Fix the CDP dissector as per the documentation in
http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm
and as per some traces we have with CDP data in them.
svn path=/trunk/; revision=1455
displays the contents of the TCP connexion in hexadecimal.
The two opposite directions of the conversation are displayed side by side.
svn path=/trunk/; revision=1454
0x00000c and a protocol ID of 0x2000 - we used to recognize those as CDP
because we ignored the OUI and treated all LLC packets as
SNAP-encapsulated packets, and treated 0x2000 as an Ethertype, but we
now treat only encapsulated-Ethernet and Apple packets as
SNAP-encapsulated (and arguably we should handle Apple separately).
svn path=/trunk/; revision=1452
update their libpcap probably isn't going to scale - the increasing
frequency with which "Ethereal hangs when I try to capture packets"
shows up on "ethereal-dev" suggests that, unless and until a libpcap
with the "select()" in it becomes ubiquitous on Linux, that'll be the
source of a constant support burden - so we'll just put the "select()"
in Ethereal if it's being built for Linux.
(Putting it in for platforms where the read timeout argument to
"pcap_open_live()" works adds an extra useless system call at best and,
at worst, could make Ethereal not work - "select()" doesn't work on
"/dev/bpf" devices on FreeBSD 3.3, at least, unless you're in "immediate
mode", and, whilst "immediate mode" would make Ethereal respond more
quickly when packets arrive, it might cause Ethereal to respond too
quickly, doing reads for every new packet rather than waiting for
multiple packets to arrive and reading them all with one "read()", which
appears to be at least part of the intent of the read timeout on
"/dev/bpf" devices in BSD.)
svn path=/trunk/; revision=1451
Richard Sharpe