| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
|
|
Default value for snaplen is defined in wiretap/wtap.h:
#define WTAP_MAX_PACKET_SIZE 262144
and used in capture_opts.c:
capture_opts->default_options.snaplen =
WTAP_MAX_PACKET_SIZE;
but help and man pages don't reflect this change.
Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iabae39347bc0058d106a9b00d81629899bc93249
Reviewed-on: https://code.wireshark.org/review/20526
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Refer to "Windows" instead of "Windows 2000". Add an "ip link show"
breadcrumb.
Change-Id: Ie1faa1d30b0ac63de35b0385cbb1306f08828e61
Reviewed-on: https://code.wireshark.org/review/18056
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
GUI from CLI
Move ui/filters.[ch] to filter_files.[ch] because dumpcap is using functionality.
Bug: 8091
Change-Id: I195c82fc023f97d6f331b8718c45a2d83d30faea
Reviewed-on: https://code.wireshark.org/review/5925
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829
Reviewed-on: https://code.wireshark.org/review/4140
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
capture buffer size in IEC units, but document it as such.
#BACKPORT(1.10, 1.8(?))
svn path=/trunk/; revision=53728
|
|
properly so that we avoid overflow conditions and so that we ensure we don't capture more than 2GiB. Also, document the max filesize autostop value of 2GIB as well as indicating that it's truly GiB and not GB.
This fixes the problem reported on ask: http://ask.wireshark.org/questions/23891/wireshark-wont-run-with-multiple-capture-files
#BACKPORT(1.10) ... not sure about 1.8?
svn path=/trunk/; revision=51576
|
|
fix a typo in the dumpcap manpage
svn path=/trunk/; revision=51096
|
|
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
|
|
svn path=/trunk/; revision=50947
|
|
svn path=/trunk/; revision=50126
|
|
svn path=/trunk/; revision=49427
|
|
configurable via command line options and print specific drop numbers
at the end. This allows to tune the buffering when using multiple
threads.
This also fixes a logic arrow in enforcing the limits.
The patch for the enhanced counters is from Anders Broman.
svn path=/trunk/; revision=48223
|
|
svn path=/trunk/; revision=48221
|
|
svn path=/trunk/; revision=47937
|
|
(use the same text that dumpcap -V prints)
svn path=/trunk/; revision=47455
|
|
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
|
|
rpcap and the new TCP feature from bug 2788.
svn path=/trunk/; revision=43156
|
|
svn path=/trunk/; revision=42600
|
|
svn path=/trunk/; revision=41564
|
|
Refer to pcap-filter and mention tcpdump only as a fallback.
svn path=/trunk/; revision=40820
|
|
svn path=/trunk/; revision=39113
|
|
the capturing on multiple interfaces.
svn path=/trunk/; revision=37824
|
|
pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
|
|
svn path=/trunk/; revision=35038
|
|
capture filter in human-readable form. (Well, readable by humans who
know BPF machine language, at least. :-))
svn path=/trunk/; revision=33509
|
|
about using large numbers of files.
svn path=/trunk/; revision=32999
|
|
and add support for SIGINFO, so, if your OS supports SIGINFO, you can
get the packet count by typing ^T.
svn path=/trunk/; revision=32958
|
|
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
|
|
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
|
|
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
|
|
svn path=/trunk/; revision=32707
|
|
svn path=/trunk/; revision=32702
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2132
Point to the Wiki's page on capture filter syntax in case neither libpcap's
nor tcpdump's man pages are available (e.g., on Windows).
svn path=/trunk/; revision=32435
|
|
to be set.
Clarify that each "-b" criterion needs the "-b" option (see bug 4573).
Fix a couple of typos.
svn path=/trunk/; revision=32245
|
|
svn path=/trunk/; revision=28338
|
|
editcap: Add description of -i option;
dumpcap: Add description of -S option;
svn path=/trunk/; revision=28336
|
|
pcapng format instead of pcap. The default is to use pcap.
svn path=/trunk/; revision=28170
|
|
of 0 mean 65535, similar to what tcpdump does.
Fixes bug 2731.
svn path=/trunk/; revision=27526
|
|
tcpdump (in the tcpdump package) into its own manpage
(pcap-filter) in the libpcap package in the CVS HEAD
branch. Reference the new and the old location for that
information.
svn path=/trunk/; revision=24020
|
|
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
|
|
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
|
|
svn path=/trunk/; revision=18867
|
|
Don't use anything on man page references - pod2man handles that.
Don't refer to "the capture file format section" of the Wireshark man
page, as there's no section explicitly labelled as such; just refer to
the beginning of the DESCRIPTION section.
svn path=/trunk/; revision=18694
|
|
ethereal.com -> wireshark.org
mailing lists and addresses
ETHEREAL -> WIRESHARK
Man pages
Automake/Autoconf names
svn path=/trunk/; revision=18271
|
|
svn path=/trunk/; revision=18268
|
|
svn path=/trunk/; revision=18207
|
