diff options
| author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2018-11-21 19:36:18 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2018-11-21 23:00:31 +0000 |
| commit | 36d26b38d7cb9b36a525d5431cd45025f36bbbe5 (patch) | |
| tree | cf2063d4252daf8281433b3f564a518ed67f1fd6 | |
| parent | 0c5ec47aae848dc2eae3871f179d733913e49eca (diff) | |
Update text2pcap documentation
Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.
Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
| -rw-r--r-- | doc/text2pcap.pod | 10 | ||||
| -rw-r--r-- | docbook/wsug_src/WSUG_app_tools.asciidoc | 23 | ||||
| -rw-r--r-- | text2pcap.c | 15 |
3 files changed, 28 insertions, 20 deletions
diff --git a/doc/text2pcap.pod b/doc/text2pcap.pod index 1ea5c44569..75f713f6d2 100644 --- a/doc/text2pcap.pod +++ b/doc/text2pcap.pod @@ -28,6 +28,8 @@ S<[ B<-t> E<lt>timefmtE<gt> ]> S<[ B<-T> E<lt>srcportE<gt>,E<lt>destportE<gt> ]> S<[ B<-u> E<lt>srcportE<gt>,E<lt>destportE<gt> ]> S<[ B<-v> ]> +S<[ B<-4> E<lt>srcipE<gt>,E<lt>destipE<gt> ]> +S<[ B<-6> E<lt>srcipE<gt>,E<lt>destipE<gt> ]> E<lt>I<infile>E<gt>|- E<lt>I<outfile>E<gt>|- @@ -115,8 +117,8 @@ multiple times to generate more debugging information. =item -D The text before the packet starts either with an I or O indicating that -the packet is inbound or outbound. -This is only stored if the output format is pcapng. +the packet is inbound or outbound. This is used when generating dummy headers. +The indication is only stored if the output format is pcapng. =item -e E<lt>l3pidE<gt> @@ -246,8 +248,8 @@ Example: I<-4 10.0.0.1,10.0.0.2> to use 10.0.0.1 and 10.0.0.2 for all IP packets Prepend dummy IP header with specified IPv6 dest and source address. This option should be accompanied by one of the following options: -i, -s, -S, -T, -u Use this option to apply "custom" IP addresses. -Example: I<-6 fe80:0:0:0:202:b3ff:fe1e:8329, 2001:0db8:85a3:0000:0000:8a2e:0370:7334> to -use fe80:0:0:0:202:b3ff:fe1e:8329 and 2001:0db8:85a3:0000:0000:8a2e:0370:7334 for all IP packets. +Example: I<-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334> to +use fe80::202:b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets. =back diff --git a/docbook/wsug_src/WSUG_app_tools.asciidoc b/docbook/wsug_src/WSUG_app_tools.asciidoc index 1597caed78..bf529293c8 100644 --- a/docbook/wsug_src/WSUG_app_tools.asciidoc +++ b/docbook/wsug_src/WSUG_app_tools.asciidoc @@ -217,13 +217,15 @@ traffic into a libpcap file. `text2pcap` is a program that reads in an ASCII hex dump and writes the data described into a libpcap-style capture file. text2pcap can read hexdumps with multiple packets in them, and build a capture file of multiple packets. -`text2pcap` is also capable of generating dummy Ethernet, IP and UDP headers, in -order to build fully processable packet dumps from hexdumps of application-level -data only. +`text2pcap` is also capable of generating dummy Ethernet, IP, UDP, TCP or SCTP +headers, in order to build fully processable packet dumps from hexdumps of +application-level data only. `text2pcap` understands a hexdump of the form generated by `od -A x -t x1`. In other words, each byte is individually displayed and surrounded with a space. -Each line begins with an offset describing the position in the file. The offset +Each line begins with an offset describing the position in the packet, each new +packet starts with an offset of 0 and there is a space separating the offset +from the following bytes. The offset is a hex number (can also be octal - see `-o`), of more than two hex digits. Here is a sample dump that `text2pcap` can recognize: @@ -247,8 +249,11 @@ recognized as being a hex number longer than two characters. Any text after the bytes is ignored (e.g. the character dump). Any hex numbers in this text are also ignored. An offset of zero is indicative of starting a new packet, so a single text file with a series of hexdumps can be converted into a packet -capture with multiple packets. Multiple packets are read in with timestamps -differing by one second each. In general, short of these restrictions, text2pcap +capture with multiple packets. Packets may be preceded by a timestamp. These +are interpreted according to the format given on the command line. If not, the +first packet is timestamped with the current time the conversion takes place. +Multiple packets are written with timestamps differing by one microsecond each. +In general, short of these restrictions, text2pcap is pretty liberal about reading in hexdumps and has been tested with a variety of mangled outputs (including being forwarded through email multiple times, with limited line wrap etc.) @@ -262,9 +267,9 @@ way it should be processed e.g. timestamps, encapsulation type etc. `text2pcap` also allows the user to read in dumps of application-level data, by inserting dummy L2, L3 and L4 headers before each packet. Possibilities include -inserting headers such as Ethernet, Ethernet + IP, Ethernet + IP + UDP, or -Ethernet + Ip + TCP before each packet. This allows Wireshark or any other -full-packet decoder to handle these dumps. +inserting headers such as Ethernet, Ethernet + IP, Ethernet + IP + UDP, or TCP, +or SCTP before each packet. This allows Wireshark or any other full-packet +decoder to handle these dumps. For more information on `text2pcap` consult your local manual page (`man text2pcap`) or link:{wireshark-man-page-url}text2pcap.html[the online diff --git a/text2pcap.c b/text2pcap.c index de070ae335..e9ec431adb 100644 --- a/text2pcap.c +++ b/text2pcap.c @@ -33,9 +33,9 @@ * - No text appears between the offset and the bytes (any bytes appearing after * such text would be ignored) * - * - The offset must be arithmetically correct, i.e. if the offset is 00000020, then - * exactly 32 bytes must have been read into this packet before this. If the offset - * is wrong, the packet is immediately terminated + * - The offset must be arithmetically correct, i.e. if the offset is 00000020, + * then exactly 32 bytes must have been read into this packet before this. + * If the offset is wrong, the packet is immediately terminated * * A packet start is signaled by a zero offset. * @@ -51,7 +51,7 @@ * * The output is a libpcap packet containing Ethernet frames by * default. This program takes options which allow the user to add - * dummy Ethernet, IP and UDP or TCP headers to the packets in order + * dummy Ethernet, IP and UDP, TCP or SCTP headers to the packets in order * to allow dumps of L3 or higher protocols to be decoded. * * Considerable flexibility is built into this code to read hexdumps @@ -1377,7 +1377,8 @@ print_usage (FILE *output) " used as the default for unspecified fields.\n" " -D the text before the packet starts with an I or an O,\n" " indicating that the packet is inbound or outbound.\n" - " This is only stored if the output format is pcapng.\n" + " This is used when generating dummy headers.\n" + " The indication is only stored if the output format is pcapng.\n" " -a enable ASCII text dump identification.\n" " The start of the ASCII text dump can be identified\n" " and excluded from the packet data, even if it looks\n" @@ -1406,9 +1407,9 @@ print_usage (FILE *output) " -4 <srcip>,<destip> prepend dummy IPv4 header with specified\n" " dest and source address.\n" " Example: -4 10.0.0.1,10.0.0.2\n" - " -6 <srcip>,<destip> replace IPv6 header with specified\n" + " -6 <srcip>,<destip> prepend dummy IPv6 header with specified\n" " dest and source address.\n" - " Example: -6 fe80:0:0:0:202:b3ff:fe1e:8329,2001:0db8:85a3:0000:0000:8a2e:0370:7334\n" + " Example: -6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334\n" " -u <srcp>,<destp> prepend dummy UDP header with specified\n" " source and destination ports (in DECIMAL).\n" " Automatically prepends Ethernet & IP headers as well.\n" |