| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
family has a set of debug commands that allow you to log the traffic on a
WAN or dialup connection as text, e.g.
RECV-iguana:241:(task: B04E12C0, time: 1975358.50) 15 octets @ 8003D634
[0000]: FF 03 00 3D C0 06 C9 96 2D 04 C1 72 00 05 B8
Created wtap_seek_read() which parses the textual data for and Ascend
trace, and does a normal fseek() and fread() for any other file type.
The fseek()/fread() pairs in file.c were replaced with the new function.
svn path=/trunk/; revision=652
|
|
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
|
|
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
|
|
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
svn path=/trunk/; revision=523
|
|
bunch of source files.
Replace the "payload" field of a "packet_info" structure with "len" and
"captured_len" fields, which contain the total packet length and total
captured packet length (including all headers) at the current protocol
layer (i.e., if a given layer has a length field, and that length field
says its shorter than the length we got from the capture, reduce the
"pi.len" and "pi.captured_len" values appropriately). Those fields can
be used in the future if we add checks to make sure a field we're
extracting from a packet doesn't go past the end of the packet, or past
the captured part of the packet.
Get rid of the additional payload argument to some dissection functions;
use "pi.captured_len - offset" instead.
Have the END_OF_FRAME macro use "pi.captured_len" rather than
"fd->cap_len", so that "dissect the rest of the frame" becomes "dissect
the rest of the packet", and doesn't dissect end-of-frame padding such
as padding added to make an Ethernet frame 60 or more octets long. (We
might want to rename it END_OF_PACKET; if we ever want to label the
end-of-frame padding for the benefit of people curious what that extra
gunk is, we could have a separate END_OF_FRAME macro that uses
"fd->cap_len".)
svn path=/trunk/; revision=506
|
|
packet and the previous *displayed* packet, rather than the previous
packet in a capture.
svn path=/trunk/; revision=486
|
|
SDLC-derived protocols such as HDLC and derivatives of it such as LAPB,
IEEE 802.2 LLC, and so on. Have the LLC and LAPB dissectors use it.
Make "dissect_numeric_bitfield()" put the low-order bit of the bitfield
in the low-order bit of an integer when printing it, so that the right
value is printed.
svn path=/trunk/; revision=434
|
|
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
|
|
with the ATM on Linux software from <http://lrcwww.epfl.ch/linux-atm/>.
svn path=/trunk/; revision=401
|
|
svn path=/trunk/; revision=375
|
|
suggestion, this new method using a static array should use less memory
and be faster. It also has a nice side-effect of making the source-code
more readble, IMHO.
Changed the print routines to look for protocol proto_data instead of
looking at the text label as they did before, hoping that the data hex
dump field item starts with "Data (".
Added the -G keyword to ethereal to make it dump a glossary of display
filter keywords to stdout and exit. This data is then formatted with
the doc/dfilter2pod perl program to pod format, which is combined
with doc/ethereal.pod.template to create doc/ethereal.pod, from which
the ethereal manpage is created. This way we can keep the manpage up-to-date
with a list of fields that can be filtered on.
svn path=/trunk/; revision=364
|
|
but does not link. Perhaps someone who understands the MS tools can help
out. I made it link a few months ago, but with different version of glib/gtk+.
I can't remember how I made it link.
Most of the compatibility issues were resolved with adding
#ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all
future code.
svn path=/trunk/; revision=359
|
|
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
|
|
changed by updating those columns showing the time in the
"command-line-specified" format, not by redoing the entire packet list
display; that way, the display continues to show the same packets and
any packet the user selected remains selected. (It's also less work to
do that - you don't have to re-dissect the packet.)
Turn "redisplay_packets()" into "filter_packets()", and do some other
cleanups.
svn path=/trunk/; revision=325
|
|
is the same as "Tools/Capture", and "Display" has an "Options" item,
which pops up a dialog box to let you change the "default" time-stamp
column display format on the fly (the "default" is what the "-t"
command-line option sets), and have the display change when you do that.
Made infrastructure changes to make the immediate display update work.
Removed some unused functions, declared some functions used only in the
file in which they're defined "static", and removed some unnecessary
#includes.
svn path=/trunk/; revision=317
|
|
doesn't modify anything pointed to by that argument, and that keeps us
from getting complaints if we pass a "const gchar *" to it.
svn path=/trunk/; revision=306
|
|
can be used by dissectors other than ARP to display byte arrays as
strings of hex digits.
Add a routine to extract a null-terminated Unicode string and turn it
into an ISO 8859-1 string for display. (Ultimately, we should determine
what character sets the X server or printer or whatever can handle, and
turn it into the appropriate character set.)
Display the challenge in "core-to-LANMAN-2.1" Negotiate Protocol
responses as a string of hex digits - but only if the length is
non-zero. (It's a counted array, not a null-terminated string.)
Display some additional security mode bits in an NT LM 0.12 Negotiate
Protocol response.
Display some additional bits in the "capabilities" field of the
Negotiate Protocol response.
Display the challenge in an NT LM 0.12 Negotiate Protocol response as a
string of hex digits (it's a counted array, not a null-terminated
string).
Display the domain name as Unicode in an NT LM 0.12 Negotiate Protocol
response if the capabilities field has the "supports Unicode" bit set
(no, not the "Unicode" bit in the "flags2" field - NT doesn't set that
in the response, even though it sends the domain name over in Unicode!).
Display some additional bits in the "flags2" field of an SMB.
svn path=/trunk/; revision=275
|
|
helper routines for packet dissecting, and away from "util.c", which is
now all GUI-related. (Among other things, this makes life more pleasant
for Gilbert Ramirez's "tethereal" stuff, although a lot more separation
of GUI from other stuff needs to be done to make that - or a
"curses"-based variant of Ethereal, or a variant using some other GUI
toolkit - work smoothly.)
svn path=/trunk/; revision=235
|
|
SMTP, POP, HTTP, etc.) for the benefit of Richard Sharpe's FTP and POP
dissectors.
svn path=/trunk/; revision=233
|
|
proto*() functions. The configure script tries to use ipv6 name resolution if
it knows the type of ipv6 stack the user has (this can be avoided with the
--disable-ipv6 switch) Additionally, the configure script now deals with wiretap
better. If the user doesn't want to compile wiretap, the wiretap is never
visited. A few unnecessary #includes were removed from some wiretap files, and
a CPP macro was moved from bpf.c to wtap.h.
svn path=/trunk/; revision=229
|
|
reference the protocol tree with struct proto_tree and struct proto_item
objects. That way, the packet decoding source code file can be used with
non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged
some of the information in packet.h to more appropriate places (like other
packet-*.[ch] files).
svn path=/trunk/; revision=223
|
|
svn path=/trunk/; revision=187
|
|
svn path=/trunk/; revision=177
|
|
provide a per-packet encapsulation type. this required minor modifications to
ethereal.
svn path=/trunk/; revision=162
|
|
their arguments, so make those arguments pointers to 'const", so that we
don't get complaints if somebody hands them a pointer to "const".
svn path=/trunk/; revision=158
|
|
This necessitated a change in ethereal because iptrace supports multi-NIC
packet capturing, including multi-datalink-type capturing.
svn path=/trunk/; revision=145
|
|
* Added Joerg to the AUTHORS file
* Added Guy's bitfield decode patch
* Fixed time output
svn path=/trunk/; revision=142
|
|
svn path=/trunk/; revision=131
|
|
for the queries or replies first, then create and add the subtree and
populate it, and, when that's done, set the length of the item
appropriately; if you add the subtree later, the subtree's top-level
node appears to have level 0, rather than 1 greater than the tree of
which it's a subtree, which causes those trees not to print correctly.
svn path=/trunk/; revision=122
|
|
svn path=/trunk/; revision=103
|
|
* Added check_col(), add_col_str() and add_col_fmt() to replace references
to ft->win_info.
* Added column prefs handling code.
svn path=/trunk/; revision=97
|
|
because it is still in its infancy, but it can be compiled in optionally.
The library exists in its own subdirectory ethereal/wiretap. This patch also
edits all the packet-*.c files to remove the #include <pcap.h> line which is
unnecessary in these files. In the ethereal code, file.c is the most heavily
modified with #ifdef WITH_WIRETAP lines for the optional library.
svn path=/trunk/; revision=82
|
|
1455.
Make the arguments to "val_to_str()" and "match_strval()" that
point to things those routines don't modify pointers to "const",
and make the "value_string" tables passed into those routines in
"packet-ip.c" "const".
svn path=/trunk/; revision=72
|
|
it returns NULL, formats the value with the format passed in as
an argument, and returns a pointer to that static buffer.
Change several "match_strval()" calls to use "val_to_str()".
In "dissect_ospf()", use "match_strval()" to look up the packet
type, and use "Unknown" if it doesn't find a match.
svn path=/trunk/; revision=66
|
|
* Hacks to the filter interface (Gerald)
* About box (Laurent)
* AppleTalk support (Simon)
* Mods to the match_strval routine (Gerald)
svn path=/trunk/; revision=61
|
|
- Separated display and capture filters; rearranged some of the look and feel
- Lots of other miscellaneous fixes and updates
svn path=/trunk/; revision=38
|
|
* FDDI support (Laurent, Guy)
svn path=/trunk/; revision=36
|
|
generalizes the column printing code, adds a "frame" tree item to
the tree view, and fixes a bunch of miscellaneous coding bugs.
svn path=/trunk/; revision=31
|
|
* PPP fixes (Gerald)
* Null/loopback interface support (Gerald)
svn path=/trunk/; revision=25
|
|
svn path=/trunk/; revision=7
|
|
svn path=/trunk/; revision=2
|
