snapshot length before writing them to the output file; this may come in
handy if you are translating the file to a different format so that it
can be read by a program that can't handle packets above a certain size
(e.g., the snoop in Solaris 2.5.1 or 2.6, which reject Ethernet packets
larger than the Ethernet MTU, and thus can't handle gigabit Ethernet
captures using jumbo frames).
svn path=/trunk/; revision=1891
"proto_tree_add_item_format()" into multiple routines for different item
types, and to note that a subtree can be added under any item.
svn path=/trunk/; revision=1809
On Win32, always save a temporary capture file by copying -
Win32 systems don't allow you to rename a file that is open, and
we have the temporary file open.
When saving by copying the raw bytes of a capture file, create
the target file with "open()", using the O_BINARY flag, rather
than with "creat()"; on Win32 systems, "creat()" apparently
opens the file as a text file rather than a binary file.
svn path=/trunk/; revision=1757
properly handle ASCII vs. Unicode in the list of interfaces;
initialize Winsock before starting a capture, so that the code
in the Win32 libpcap to get the IP address and netmask by
translating the host name to an IP address works.
svn path=/trunk/; revision=1737
Get rid of the paragraph about C++-style comments at the beginning of
the document, as it also appears in section 1.1.1 "Comments".
Add a section on how to extract data from packets, which explains the
"pd" and "offset" arguments to a dissector, and notes that you should
not just blithely cast pointers into the packet data to 2-byte or 4-byte
integral types and dereference them, as the pointer may not be aligned,
and the field may not have the same byte order as the processor on which
Ethereal is running (in fact, it's probably *guaranteed* not to on at
least one machine, as Ethereal runs on both big-endian and little-endian
platforms...).
svn path=/trunk/; revision=1710
specifies with "-f" and "-R" flags, respectively, or specified with
non-flag command-line arguments, as tcpdump and snoop allow.
svn path=/trunk/; revision=1663
* fix a bug in packet-tftp.c dissecting TFTP Option Acknowledgement
packets. The is no Block-Id in TFTP Option Acknowledgements, as it is
in TFTP Acknowledgements.
* Extension of manuf by ethernet addresses from ELSA (my company), a german
vendor of ISDN routers, cable modems, etc.
* New dissector for Time Protocol [RFC 0868]. That protocol works on port
37 of UDP and TCP. The implementation in this patch only dissects the
more usual UDP version. It could print the time in a more fashion way,
but thats for a later version.
svn path=/trunk/; revision=1609
the IPv4 TOS field as a TOS field or as a DiffServ field, and allow that
field to be controlled by a command-line option or an option in the
"Display:Options" dialog box.
svn path=/trunk/; revision=1532
or when reading a saved capture file; if "-w" is specified, the packets
captured or read from the file are written to the specified file rather
than being dissected and printed, and if "-R" is specified, only packets
that pass the specified read filter are dissected and printed or
written.
svn path=/trunk/; revision=1523
whether, in a live capture that updates the display as packets arrive,
the packet list pane should scroll to show the most recently captured
packets or not.
svn path=/trunk/; revision=1506
specified. This will be of more use when I allow "-w" to be used when
reading an existing capture file rather than doing a live capture (which
will also allow you to specify a read filter, and thus to write a
capture file containing those packets from an existing capture file that
match a given display filter).
Fix up some messages to say "tethereal" rather than "ethereal".
svn path=/trunk/; revision=1499
to "util.c", and provide a routine to free that list as well.
When picking an interface on which to do a capture (if no "-i" flag was
specified), use that routine, and pick the first interface on the list.
svn path=/trunk/; revision=1495
or to Ethereal when the "-k" flag is specified, i.e. when a capture is
to be started immediately, use "pcap_lookupdev()" to pick an interface,
just as tcpdump does.
svn path=/trunk/; revision=1482
I did this:
First, Havoc Pennington, in "GTK+/Gnome Application Development", in
Appendix seciton A.3.88, recommends using GtkCTree instead of GtkTree
because GtkCtree is faster, and GtkTree has limitation on its total row
height: since it must fit inside a GdkWindow, it is limited to 32,768
pixels of height. GtkTree is more flexible with regards to the types of
widgets that can be placed in the tree, but since we deal only with text,
that doesn't matter, at least for now.
Secondly, a GtkTree doesn't allow arrow-key navigation (at least as far
as I could tell). It always bothered me that the up and down arrow keys
worked in the packet list and in the hex dump, but no in the protocol tree.
GtkCTree does allow arrow-key navigation. In fact, GtkCTree is a subclass
of GtkCList (the packet list widget), so they behave a lot alike.
I went ahead and fixed the selection bar which has been bothering Richard
for a long time now. :) In the GUI preferences dialogue, you can now set
both the packet list selection bar and the protocol tree selection bar
to either "browse" or "select" mode. "browse" mode is what you're used to:
the arrow keys move an outline of the selection bar, but do not change
the selection. "select" mode does change the selection when the arrow keys
are pressed. The default behavior is set to "select", which seems more
natural for a first-time user.
svn path=/trunk/; revision=1393
Reformat some (source) paragraphs, for the benefit of those with editors
that don't wrap lines in the display.
Delete some extra "=back" directives.
Fix the description of the "Preferences" dialog (it lets you control
various preferences, not just print preferences; it's the "Print" tab
that lets you control print preferences).
svn path=/trunk/; revision=1352
Guy Harris