Age | Commit message (Collapse) | Author | Files | Lines |
|
pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
|
|
Also: whitespace cleanup.
svn path=/trunk/; revision=37603
|
|
The next step is to retire the iface variable and use
the ifaces array only. This should simplify things and
fix the cases, where you start wireshark with command
line arguments and also use the GUI.
svn path=/trunk/; revision=37342
|
|
This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5935.
svn path=/trunk/; revision=37307
|
|
correct place.
svn path=/trunk/; revision=37276
|
|
svn path=/trunk/; revision=37273
|
|
svn path=/trunk/; revision=37255
|
|
This enables the capturing from mulitple interfaces using
tshark and wireshark (at the command line).
(tshark -i lo0 -i en0) or (wireshark -k -i lo0 -i en0)
works. You can capture from multiple remote and local
interfaces.
Based on work from Irene Ruengeler.
svn path=/trunk/; revision=37248
|
|
didn't change the GUI code for setting the autostop file size, and that
broke the build.
svn path=/trunk/; revision=36552
|
|
5691.
svn path=/trunk/; revision=36551
|
|
we'd have to include some other headers to get it defined.
Get rid of the include of Winbase.h - it doesn't define
STATUS_UNWIND_CONSOLIDATE, and it's not necessary.
svn path=/trunk/; revision=33413
|
|
svn path=/trunk/; revision=33412
|
|
appropriately.
svn path=/trunk/; revision=33411
|
|
Windows, just as we do on UN*X.
svn path=/trunk/; revision=33410
|
|
so we give a non-zero exit status for invalid interfaces or capture
filters.
From me: don't exit immediately if dumpcap failed, print out information
from taps and the like.
svn path=/trunk/; revision=33393
|
|
is just an indication that the capture child exited; don't treat it as
an error, unless the child process exits with an abnormal status.
As tshark sends a "stop capture" indication to the child when it's
^C'ed, the child will exit and we'll get an EOF from the capture pipe;
don't make SIGINT etc. interrupt system calls, so they don't cause reads
from the capture pipe to get EINTR errors.
svn path=/trunk/; revision=32986
|
|
svn path=/trunk/; revision=32970
|
|
Do report the error string for other read errors, though.
svn path=/trunk/; revision=32969
|
|
svn path=/trunk/; revision=32965
|
|
svn path=/trunk/; revision=32964
|
|
svn path=/trunk/; revision=32885
|
|
svn path=/trunk/; revision=32857
|
|
when generating error messages.
The error code from CreatePipe() is gotten by calling GetLastError();
it's not in errno.
Clean up indentation a bit.
svn path=/trunk/; revision=32855
|
|
supplying -M along with -Z. (We keep -M around for debugging use; it's
documented, unlike -Z.)
svn path=/trunk/; revision=32850
|
|
svn path=/trunk/; revision=32844
|
|
interface statistics, have its error messages come out as sync-pipe
errors, have it send a sync-pipe "success" message on success, and have
the callers get that message and display it.
svn path=/trunk/; revision=32843
|
|
monitor mode at the same time that we fetch its list of link-layer
types. Support fetching that list in monitor mode, as the list may be
different in regular and monitor mode. If the interface supports
monitor mode, when printing the list of link-layer types, indicate
whether they're fetched in monitor mode or not, as tcpdump 4.1.x does.
svn path=/trunk/; revision=32789
|
|
svn path=/trunk/; revision=32704
|
|
pcap_set_buffer_size() did as well, so there aren't any libpcap releases
with pcap_create() but not pcap_set_buffer_size().
Only do one check for pcap_create.
svn path=/trunk/; revision=32695
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=475
BUT not activating the check for
pcap_create()
pcap_set_buffer_size()
This should make it possible to build with support for setting the buffersize if not capturing 802.11 traffic.
The code for handling the 'B' option should be OK in any case.
svn path=/trunk/; revision=32688
|
|
link-layer header types for interfaces; if special privileges are
necessary to open capture devices, Wireshark and TShark shouldn't have
those privileges, but dumpcap should.
svn path=/trunk/; revision=32104
|
|
svn path=/trunk/; revision=32080
|
|
svn path=/trunk/; revision=31729
|
|
used for this purpose and using it also prevents the 2 signals the child gets:
- the user's Ctrl-C (which is sent as a SIGINT to both *shark and its
child dumpcap)
- the signal *shark generates to shut down the child
from colliding (and running 2 signal handlers in the child).
It might be possible for tshark to not send the signal at all when it gets
SIGINT, but it doesn't do any harm now.
Also, do not call g_log() within the signal handler: doing so can cause
aborts (if g_log is being called by the process when the signal comes, the
2nd entrance into g_log is detected as a recursion).
This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2767
svn path=/trunk/; revision=29881
|
|
svn path=/trunk/; revision=28740
|
|
substitute our own (I wrote them all, so I can steal them from the
BSD-licensed libpcap if I want :-)). This means that
linktype_name_to_val() and linktype_val_to_name() are always available,
and we don't need to #ifdef use of them.
Use pcap_datalink_val_to_description() to get the description for a
particular DLT_ value, rather than mapping the DLT_ value to a
WTAP_ENCAP_ value and getting the description for the latter.
svn path=/trunk/; revision=27074
|
|
Do not get link-layer for remote interfaces.
svn path=/trunk/; revision=26683
|
|
Clean up indentation a bit.
svn path=/trunk/; revision=26037
|
|
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
|
|
svn path=/trunk/; revision=25556
|
|
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
|
|
the right thing in Wireshark and TShark, as both of them call
epan_init() to set the appropriate "report an error" function.
That obviates the need to have TShark have its own private version of
simple_dialog().
Have cmdarg_err() just call failure_message() instead of duplicating the
code in failure_message().
svn path=/trunk/; revision=25201
|
|
svn path=/trunk/; revision=24707
|
|
svn path=/trunk/; revision=24507
|
|
1. Clean up dumpcap 'as a child' err msg handling so that:
- all err msgs are properly formatted when being sent
back to the parent.
- any log Critical, Warning, etc messages
are sent back to parent and are properly formatted.
2. Change handling of -w <...> slightly in capture_opts.c
so that wireshark provides a good error message if
there is a 'write permissions' issue on the file.
(Previously the error popup said only
"Child exited with status 2").
This fixes bug #2288.
Add some conditionalized DEBUG_CHILD_DUMPCAP code for
dumpcap debug logging to a file.
svn path=/trunk/; revision=24446
|
|
svn path=/trunk/; revision=24407
|
|
error for the exit status, over and above the one for the exec failure.
svn path=/trunk/; revision=24041
|
|
given file descriptor get duped to another descriptor.
Handle exec errors in sync_pipe_open_command() the same way they're
handled in sync_pipe_start(); that fixes bug 2177.
svn path=/trunk/; revision=24040
|
|
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
|
|
In capture_sync.c: Don't clobber the DLT value.
In packet-cops.c (modified by me): Instead of adding an item as a static,
mis-cast FT_UINT16 to the tree, add it as an FT_NONE.
In packet-802.11.c: Add the right address to the tree.
svn path=/trunk/; revision=23624
|