Replace the large matrix of protocol togglebuttons with a GtkCList. The
CList displays three columns: the enabled/disabled state, the protocol's
abbreviated name and the protocol's full name. Protocols can be enabled
or disabled by double-clicking on them. The enable all, disable all, and
invert buttons were left intact.
I made a half-assed attempt at Gtk2 support by copying code from
plugins_dlg.c. It's incomplete, and probably won't compile.
Using check boxes in the first column instead of the word "Disabled" would
have been nice. GtkCLists don't let you embed anything besides text and
pixmaps unfortunately.
Update the man page accordingly.
We still need a way to save a list of disabled protocols.
svn path=/trunk/; revision=6707
There is not a third option Advanced... in addition to frames/tick and bytes/tick.
See ethereal man page for description and how one can use this to graph how NFS response time MAX/MIN/AVG changes over time.
svn path=/trunk/; revision=6703
This patch fixes decoding of the newSuperior attribute of an
LDAPv3 modrdn request. The current implementation attempts to
decode the attribute as an LDAPDN (Octext String, 0x4), when its
definition is actually Context 0 (0x80).
svn path=/trunk/; revision=6672
Replace the handling of PPP packets over GTPv1 and also
establish the handling of PPP packet over GTPv0. Additionally
IPv6 packets are handled in GTPv0 and GTPv1.
Explanation:
- old solution: examining the known PPP protocols is a tough
task, because there might be more in the future -> the list
must be extended more and more (the octet 0x00 has already
been added for PPP network layer protocols, but for protocol
field compression a lot of protocols must be inserted for
IPv4(0x21), IPv6(0x57), maybe IPX (0x2b) or AppleTalk (0x29),
...)
- new solution: It is easier the other way: the most significant
nibble of the first octet must be 4 for IPv4 and 6 for IPv6.
All other values are assumed to be PPP packets, including
packets beginning with values 0x40-0x44 (header too short for
IPv4 packet) and value 0x4f (PPP protocol type (IPv6 header
compression protocol) taking precedence over IPv4 packets with
header length of 60 octets).
svn path=/trunk/; revision=6568
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.
Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash
as a parameter to tethereal.
Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.
svn path=/trunk/; revision=6560
"strrchr()", not "index()" and "rindex()"; MSVC++ doesn't declare
"index()" or "rindex()" if you include <string.h>, and they're
non-standard routines (the ANSI C names for those functions are
"strchr()" and "strrchr()").
Add a bit more to the other portability note on the topic of
non-standard vs. ANSI standard functions.
svn path=/trunk/; revision=6539
one byte, so fetch it with "tvb_get_guint8()", not "tvb_get_ntohl()".
Put in the location in the GPRS standard where that's defined, while
we're at it.
svn path=/trunk/; revision=6533
Similar to what is available on ethereal:/Tools/ProtocolHierarchyStatistics
but this one can handle ALL protocols that tethereal has dissectors for.
Maybe a gtk/gtk2 version of this should replace the existing one in ethereal?
Try -z io,phs or -z io,phs,<filter> to test it.
svn path=/trunk/; revision=6532
builds with zlib - "zlib.h", alas, includes <winsock.h>, and you can't
include <winsock.h> before including <winsock2.h> (at least you can
include <winsock2.h> before including <winsock.h>; thank heaven for
small favors).
svn path=/trunk/; revision=6427
can compile the code.
Note that Bill Fumerola rewrote the Cisco NetFlow dissector.
Update a bunch of addresses in the Ethereal man page, and put some
missing addresses in.
svn path=/trunk/; revision=6380
Update gtk and gtk2 versions of RPC_STAT to allow a filter string to be specified on both the command line as well as the GUI.
Update the documentation for ethereal to reflect this.
svn path=/trunk/; revision=6343
This makes it possible to generate any types of stats based on user defined subsets of the capture.
Try -z rpc,rtt,100003,3,nfs.fh.hash==0x12345678
NFS rtt statistics for a specific file.
svn path=/trunk/; revision=6337
ranges specified with a mask, as well as manufacturer OUIs. Match the
address range values, as well as MAC addresses and manufacturer OUIs,
when translating MAC addresses to names.
Have "make-manuf" read a file containing the well-known addresses and
append it to the list of OUIs.
svn path=/trunk/; revision=6234
Gtk1 is still single threaded so if the tap extensions need to do something
time consuming or cpu intensive, then the main application will suffer.
It is better than nothing.
svn path=/trunk/; revision=6215
modified while the draw thread is walking it.
Changed the cmdline switch to -z so the same one can be used both for
ethereal and tethereal.
Updated man pages to reflect the RPCSTAT feature.
(Try this with Tools/Statistics/ONC-RPC/RTT and load a capture containing
onc-rpc. )
svn path=/trunk/; revision=6189
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
svn path=/trunk/; revision=6175
Put "bytes" after the byte counts for the frame sizes in the
top-level item for the "Frame" protocol, to make it clearer
what they refer to.
Put the source and destination MAC addresses into the top-level
item for Ethernet.
svn path=/trunk/; revision=6090
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
there rather than to the top-level tree, and use
"proto_tree_add_item()".
Add a description of PROTOSHORTNAME, and give an example of the way
PROTONAME, PROTOSHORTNAME, and PROTOABBREV would be set for a protocol.
svn path=/trunk/; revision=5877
DOCSIS support, including support for "Ethernet" captures where
the raw frame is a DOCSIS frame rather than an Ethernet
frame (some Cisco cable-modem head-end gear can send out a
trace of all traffic on an Ethernet, but what it sends are
the raw bytes of DOCSIS frames, not Ethernet frames)
Get rid of second AUTHORS entry for Devin Heitmueller, merging its item
into the older entry.
Clean up the order of some lists of plugin items.
svn path=/trunk/; revision=5861
the command-line options are processed, so that we don't crash if you've
set the "column.format" preference from the command line.
Fix a grammaro in a comment.
svn path=/trunk/; revision=5838
Don't add "-I/usr/include" to CFLAGS or CPPFLAGS; GCC 3.1 warns
about it, and it's not necessary.
Expand the plugin directory path used for installation at
installation time, rather than configuration time, so the user
can reset "prefix" at installation time.
svn path=/trunk/; revision=5828
match the following latest drafts:
o draft-ietf-dhc-dhcpv6-26.txt
o draft-troan-dhcpv6-opt-prefix-delegation-01.txt
o draft-ietf-dhc-dhcpv6-opt-dnsconfig-02.txt
svn path=/trunk/; revision=5765
mangling of the 802.11 dissector, and optional processing of an FCS at
the end of the frame.
When dissecting the frame-type-dependent part of the header, dissect all
management frames (including ones with an invalid subtype) the same, and
dissect all data frames (including ones with an invalid subtype) the
same.
svn path=/trunk/; revision=5696
requests - the data part of the AFS authentication request
(hf_afs_kauth_data) is displayed as a string whilst declared as a binary
array in "packet-afs-register-info.h".
svn path=/trunk/; revision=5661
Don't show progress bar for quick "Find Frame" searches
Add "Find Next" and "Find Previous" to repeat searches
Add documentation for "Find Next" and "Find Previous".
svn path=/trunk/; revision=5378
frame is marked, so that you can use Find Frame to find the next marked
frame, and can filter the display to show only marked frames.
Update the documentation to note that "frame.marked" is set on marked
frames.
svn path=/trunk/; revision=5377
menu modify the currently-selected item directly. Remove the "Change"
button since it's no longer needed. Make the column list a clist, and
add a column which shows the format. Make the format option menu not
fill the entire table cell. Update the man page accordingly.
svn path=/trunk/; revision=5214
The -S option has been changed such that the payload protocol
identifier can be specified instead of the verification tag.
The error messages for -s -S have been corrected.
Update the text2pcap man page to reflect the "-S" change.
svn path=/trunk/; revision=5150
method length and use that in all comparisons, from Blair Cooper.
Fix the check for "M-" to check also whether there are at least two
characters in the line.
svn path=/trunk/; revision=5071
Man pages don't have any notion of external links and there
isn't enough information for pod2html to resolve the links for
manpages in the "See Also" section of the man pages. As a
result running pod2html generates a bunch of warning messages
and just emphasizes/italicizes the text.
Therefore, we change the link (L<name>) command to an emphasizes
(I<name>) command. The net result is the same, but you don't get
the warnings when generating HTML docs.
At some point in the future someone might want to do the work to
get the links to generate correctly, but until then this will
shut up pod2html.
svn path=/trunk/; revision=5021
count display.
Update the Tethereal man page to reflect the new option.
Update both the Ethereal and Tethereal man pages to use the same style
to describe options, e.g.
-Z Cause Ethereal to draw the mark of Zorro on the display.
rather than
-Z Causes Ethereal to draw the mark of Zorro on the display.
(some were using the first and some were using the second).
Update the Ethereal man page to do the same for menu items.
Update both the Ethereal and Tethereal man pages to better describe the
"-N" flag (by noting that any form of name resolution *not* specified in
the flag is turned *off*).
svn path=/trunk/; revision=5005
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
Add more type values for EAP.
Fix off-by-one bug when displaying Code of EAP message.
Get rid of an unnecessary "volatile".
Give the code and type fields value_string arrays, and use them when
putting the code and type into the protocol tree.
Base the decision of whether to put the type field into the tree on the
request code, not on the length of the packet.
Display the Type-Data field, under that name, under the EAP tree, as
it's part of the EAP PDU.
svn path=/trunk/; revision=4779
support for Openwave-specific WSP headers;
support for Openwave-specific field names;
support for additional content types from Openwave;
support for additional language values.
svn path=/trunk/; revision=4775
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
error message and quit if the user tries to use ring buffering with
another capture file format, and put a note about that in the Tethereal
man page.
svn path=/trunk/; revision=4615
formats we can read; include vendor names.
We should be able to read TokenPeek captures, as well as captures from
the Windows versions of EtherPeek.
Don't list the version numbers for EtherPeek and TokenPeek - those are
file format version numbers, not program version numbers.
svn path=/trunk/; revision=4599
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4587
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
put a CRC32C checksum into the header of SCTP packets;
add a new "-S" option that is similar to "-s" but that also
includes the DATA chunk header, for input files that contain
only SCTP payloads.
svn path=/trunk/; revision=4580
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
Support for generating filter expressions based on packet list
column values
Support for adding filter expressions generated from column or
protocol tree field values to the current expression rather
than replacing the current expression
svn path=/trunk/; revision=4522
Additional Windows Makefile dependencies, so more stuff gets
built as needed.
Additional stuff cleaned up by "make clean" (well, "nmake -f
makefile.nmake clean", anyway)
Make PDB_FILE be "vc*.pdb", so it referes to the PDB files
either for VC++ 5.0 or VC++ 6.0.
svn path=/trunk/; revision=4481
Add some missing files in the "clean" targets.
Use pod2html rather than man2html to build HTML man pages.
Fix ethereal.nsi.in for recent versions of NSIS, and fix a typo.
svn path=/trunk/; revision=4475
to reflect tvbuff-based access to packet data.
Update calls that deal with columns to pass "pinfo->cinfo" rather than
"pinfo->fd".
Update the example of preference registration to reflect the replacement
of the BXXP dissector with the BEEP dissector.
svn path=/trunk/; revision=4376
libpcap format, and say that it's also used by "other tools" (tcpdump
and Ethereal/Tethereal aren't the only tools that write captures in that
format).
Weaken the claim that we read Etherpeek files to say only that we read
Etherpeek versions 5, 6, and 7 for Macintosh, so people don't conclude
that we read Etherpeek-for-Windows captures (we don't).
svn path=/trunk/; revision=4337
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
svn path=/trunk/; revision=4328
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
as the pathname of a capture file to be read. If more than one such
option is specified, print a usage message.
Fix the documentation of the "-r" option to Ethereal and Tethereal.
svn path=/trunk/; revision=4253
1) print the payload length in AH headers correctly (the field's
value is length of the payload, minus 2, divided by 2, so we
have to add 2 before multiplying by 2);
2) correctly handle, in an SIOCGIFCONF list, entries whose
address has an "sa_len" field less than the size of a "struct
sockaddr" (the length of the address in an entry is the
maximum of the real length and the size of a "struct
sockaddr").
svn path=/trunk/; revision=4186
On Windows, put the ".ethereal" directory under the user profile
directory rather than the home directory.
Update the documentation to reflect that, and to fix other out-of-date
information, as well as some typos.
svn path=/trunk/; revision=4068
which the Ethereal binary is found; there's no notion of "/etc" or of
"/etc/ethers" or "/etc/ipxnets" files on Windows.
Update the documentation to reflect that, and fix a typo in the Ethereal
and Tethereal man pages.
svn path=/trunk/; revision=4055
I have enhanced the standard Ethereal Icon and added the following
renderings:
* 32x32 - 256 Colour with transparency
* 16x16 - 256 Colour with transparency
* 16x16 - 16 Colour
Add to the list of authors in the man page the names of people who've
contributed to Wiretap but not to the rest of Ethereal - there's
currently no Wiretap man page, so we might as well give them credit in
the Ethereal man page.
svn path=/trunk/; revision=4053
Update the lists of known capture file formats in the Tethereal,
editcap, and mergecap man pages to match the current list (as found in
the Ethereal man page).
svn path=/trunk/; revision=4039
fix the processing of the month and year fields in the SCTC
Timestamp (the month is 1-origin, so subtract 1 from it before
putting it in "tm_mon", which is 0-origin; the year is a 2-digit
field that is, at least, Y2K-safe (but Y2.1K-unsafe), so if it's
less than 90, assume it's in the 21st century);
UCP OT 50-57 messages have a fixed number of fields and a
special handling of the MT is not necessary, so get rid of that.
Also, fix a typo in a comment.
svn path=/trunk/; revision=4030
it's in the "etc" subdirectory of the installation directory on UNIX and
in the installation directory on Windows, and give the typical pathnames
of both of those directories.
svn path=/trunk/; revision=4014
- A bug related to "WSP header pages" is fixed, that
resulted into "malformed WSP frame" alerts
- "Concatenated PDUs" (Multiple PDUs within one UDP
packet) are now supported (used e.g. by Nokia 8310)
- The URL of WSP GET/POST requests is display in the
info column, same like HTTP GET requests
svn path=/trunk/; revision=4004
"conversation_new()" and "find_conversation()" do not have fixed
identities as source and destination addresses, and to reflect the name
changes we made to arguments and flags to dispel any notion that they
had such fixed identities.
svn path=/trunk/; revision=3887
"proto_item_set_text()" except that it appends the result of the
formatting to the item's current text, rather than replacing the item's
current text. Use it in the DNS dissector.
svn path=/trunk/; revision=3880
but, before you set the text, you throw an exception while putting stuff
under the subtree, you end up with an absolutely blank protocol tree
item, which is really gross. Instead of calling
"proto_tree_add_notext()", call "proto_tree_add_text()" with at least a
minimal label - yes, it does mean you do some work that will probably be
unnecessary, but, absent a scheme to arrange to do that work if it *is*
necessary (e.g., catching exceptions), the alternative is an ugly
protocol tree display.
svn path=/trunk/; revision=3879
a request or reply; make its return value "gboolean", and have it just
return TRUE or FALSE. Also make an array index variable unsigned, to
squelch a GCC warning.
Support for additional SIP methods, from Jean-Francois Mule.
svn path=/trunk/; revision=3865
1) Shiva PAP (SPAP) and Extensible Authentication Protocol (EAP)
2) CBCP negotiation in LCP Callback Operation Field
to the PPP dissector.
svn path=/trunk/; revision=3826
Update Makefile.am and Makefile.nmake files to build it (although it's
not currently built by default; you have to do "make idl2eth.1" on UNIX,
and something similar on Windows.
Put a full copyright notice into "doc/Makefile.nmake", along with a
comment explaining why stuff depends on "../config.h". Also, add
"clean" rules to it to get rid of generated files for mergecap and
text2pcap documentation.
svn path=/trunk/; revision=3801
Throw a very small caltrop in the way of spam-harvesters, by replacing
"@" in e-mail addresses in the AUTHORS file and Ethereal man page with
"[AT]" (although I wouldn't be surprised to find that some of those
harvesters already know about that trick and "fix" those addresses so
you, too, can receive Valuable Information about Viagra, can-fail
Internet investment opportunities and stuff-envelopes-at-home jobs, and
cable descramblers).
Add a couple of items from the AUTHORS file to the Ethereal man page.
svn path=/trunk/; revision=3781
Update NSIS syntax for newest NSIS. That fix from David O'Shea.
Set config.nmake to get non-cygwin version of Python.exe; cygwin version
is fouling up on me and I'm not sure why.
svn path=/trunk/; revision=3705
Gerald Combs