Make it possible to use subsecond granularity for the measurement intervals.
io,stat is updated to accept the interval to be specified with ms resolution.
Example
-z io,stat,0.001,smb
to generate 1ms statistics for all SMB traffic.
svn path=/trunk/; revision=7527
IO-Users is a feature for tethereal that will print statistics on io usage
similar to top talkers in other tools.
It needs to be ported to ethereal with a nice graph sometime later.
try:
-z io,users,ip
see man-page
svn path=/trunk/; revision=6972
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
Fix up the documentation of the "-i" flag in the Ethereal man page to
note only that "netstat -i" and "ifconfig -a" *might* work, to
specifically note that not all UNIXes support the "-a" flag to
"ifconfig", and to note that pipe data must be in *standard* libpcap
format.
Document the support for pipes in the "-i" flag in Tethereal.
svn path=/trunk/; revision=6822
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.
Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash
as a parameter to tethereal.
Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.
svn path=/trunk/; revision=6560
Similar to what is available on ethereal:/Tools/ProtocolHierarchyStatistics
but this one can handle ALL protocols that tethereal has dissectors for.
Maybe a gtk/gtk2 version of this should replace the existing one in ethereal?
Try -z io,phs or -z io,phs,<filter> to test it.
svn path=/trunk/; revision=6532
This makes it possible to generate any types of stats based on user defined subsets of the capture.
Try -z rpc,rtt,100003,3,nfs.fh.hash==0x12345678
NFS rtt statistics for a specific file.
svn path=/trunk/; revision=6337
ranges specified with a mask, as well as manufacturer OUIs. Match the
address range values, as well as MAC addresses and manufacturer OUIs,
when translating MAC addresses to names.
Have "make-manuf" read a file containing the well-known addresses and
append it to the list of OUIs.
svn path=/trunk/; revision=6234
modified while the draw thread is walking it.
Changed the cmdline switch to -z so the same one can be used both for
ethereal and tethereal.
Updated man pages to reflect the RPCSTAT feature.
(Try this with Tools/Statistics/ONC-RPC/RTT and load a capture containing
onc-rpc. )
svn path=/trunk/; revision=6189
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
svn path=/trunk/; revision=6175
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
Man pages don't have any notion of external links and there
isn't enough information for pod2html to resolve the links for
manpages in the "See Also" section of the man pages. As a
result running pod2html generates a bunch of warning messages
and just emphasizes/italicizes the text.
Therefore, we change the link (L<name>) command to an emphasizes
(I<name>) command. The net result is the same, but you don't get
the warnings when generating HTML docs.
At some point in the future someone might want to do the work to
get the links to generate correctly, but until then this will
shut up pod2html.
svn path=/trunk/; revision=5021
count display.
Update the Tethereal man page to reflect the new option.
Update both the Ethereal and Tethereal man pages to use the same style
to describe options, e.g.
-Z Cause Ethereal to draw the mark of Zorro on the display.
rather than
-Z Causes Ethereal to draw the mark of Zorro on the display.
(some were using the first and some were using the second).
Update the Ethereal man page to do the same for menu items.
Update both the Ethereal and Tethereal man pages to better describe the
"-N" flag (by noting that any form of name resolution *not* specified in
the flag is turned *off*).
svn path=/trunk/; revision=5005
error message and quit if the user tries to use ring buffering with
another capture file format, and put a note about that in the Tethereal
man page.
svn path=/trunk/; revision=4615
formats we can read; include vendor names.
We should be able to read TokenPeek captures, as well as captures from
the Windows versions of EtherPeek.
Don't list the version numbers for EtherPeek and TokenPeek - those are
file format version numbers, not program version numbers.
svn path=/trunk/; revision=4599
libpcap format, and say that it's also used by "other tools" (tcpdump
and Ethereal/Tethereal aren't the only tools that write captures in that
format).
Weaken the claim that we read Etherpeek files to say only that we read
Etherpeek versions 5, 6, and 7 for Macintosh, so people don't conclude
that we read Etherpeek-for-Windows captures (we don't).
svn path=/trunk/; revision=4337
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
as the pathname of a capture file to be read. If more than one such
option is specified, print a usage message.
Fix the documentation of the "-r" option to Ethereal and Tethereal.
svn path=/trunk/; revision=4253
On Windows, put the ".ethereal" directory under the user profile
directory rather than the home directory.
Update the documentation to reflect that, and to fix other out-of-date
information, as well as some typos.
svn path=/trunk/; revision=4068
which the Ethereal binary is found; there's no notion of "/etc" or of
"/etc/ethers" or "/etc/ipxnets" files on Windows.
Update the documentation to reflect that, and fix a typo in the Ethereal
and Tethereal man pages.
svn path=/trunk/; revision=4055
Update the lists of known capture file formats in the Tethereal,
editcap, and mergecap man pages to match the current list (as found in
the Ethereal man page).
svn path=/trunk/; revision=4039
it's in the "etc" subdirectory of the installation directory on UNIX and
in the installation directory on Windows, and give the typical pathnames
of both of those directories.
svn path=/trunk/; revision=4014
- at least some versions of makewhatis (e.g., the Solaris version)
uses that name in a case-sensitive fashion, so you can't do "man
ethereal", say, you have to do "man Ethereal", and that doesn't work as
the man page file is "ethereal.1", not "Ethereal.1".
svn path=/trunk/; revision=3656
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
prints a list of all network interfaces it found on which it can capture
(the same list as the one that shows up in the "Interface" combo box in
Ethereal's "Capture Preferences" dialog).
svn path=/trunk/; revision=3194