Age | Commit message (Collapse) | Author | Files | Lines |
|
With option -I one can ignore the first number of bytes from the frame
while doing duplicate frame removal. This doesn't handle shorter frames
correctly. Add safeguards for this, and update the help text.
Bug: 13378
Change-Id: Ia6b65d0797f4069f0b89fa134114d88d80988211
Reviewed-on: https://code.wireshark.org/review/20004
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I848159f0c960e0e8ece09c7c96dda6deb0ec6046
Reviewed-on: https://code.wireshark.org/review/13329
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This option skips some bytes when fuzzing, that prevents some headers from being changed. This focuses fuzzer to a smaller part of the packet.
Change-Id: I1db83235e93f2774a9991e3af70f633487b816fa
Reviewed-on: https://code.wireshark.org/review/9982
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ic1a07e29d30d96bf1dd86e10b198c42dd9349838
Reviewed-on: https://code.wireshark.org/review/9198
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Positve => Positive
Change-Id: I09190b44783d8b7f4e8e90208d8a82d192a6a189
Reviewed-on: https://code.wireshark.org/review/7971
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Description:
Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation.
Useful to remove duplicated packets taken on several routers or SW(differents mac addresses for example).
e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
The default value is 0.
This option is only relevant when used with -d|-D|-w
Bug: 8511
Change-Id: I009a09d32778a182b2d88f372651f658a4938882
Reviewed-on: https://code.wireshark.org/review/4104
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829
Reviewed-on: https://code.wireshark.org/review/4140
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
In some cases "-v" was already used so "-V" is the option.
Note that the version information in these utilities is much shorter than what
is presented by the big programs.
As requested by https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5804
Bug: 5804
Change-Id: I35db35a4eace2797afd895f9be7322ef39928480
Reviewed-on: https://code.wireshark.org/review/2489
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
svn path=/trunk/; revision=51901
|
|
svn path=/trunk/; revision=51887
|
|
function for both clarity and correctness since we need to compute chop offsets and lengths on a per-packet basis whereas previously this was not being done.
Lastly, try to improve the documentation a bit concerning chopping and provide another example depicting 2 separate chopping regions. *Maybe* this is clearer?
One more example here for posterity: Given the following 75 byte packet, there
are 8 different ways to chop the 2 regions marked as 10 and 20 in a single pass:
<--------------------------- 75 ---------------------------->
+---+-------+-----------+---------------+-------------------+
| 5 | 10 | 15 | 20 | 25 |
+---+-------+-----------+---------------+-------------------+
1) editcap -C 5:10 -C -25:-20 in.pcap out.pcap
2) editcap -C 5:10 -C 50:-20 in.pcap out.pcap
3) editcap -C -70:10 -C -25:-20 in.pcap out.pcap
4) editcap -C -70:10 -C 50:-20 in.pcap out.pcap
5) editcap -C 30:20 -C -60:-10 in.pcap out.pcap
6) editcap -C 30:20 -C 15:-10 in.pcap out.pcap
7) editcap -C -45:20 -C -60:-10 in.pcap out.pcap
8) editcap -C -45:20 -C 15:-10 in.pcap out.pcap
svn path=/trunk/; revision=51886
|
|
from the beginning or the end.
Given the following example, it's now possible to chop the 10 bytes depicted from the 100 byte packet 4 different ways and achieve the exact same results:
<-------- 100 --------> Methods:
1) editcap -C 20:10 in.pcap out.pcap
+------+----+---------+ 2) editcap -C -80:10 in.pcap out.pcap
| 20 | 10 | 70 | 3) editcap -C -70:-10 in.pcap out.pcap
+------+----+---------+ 4) editcap -C 30:-10 in.pcap out.pcap
svn path=/trunk/; revision=51854
|
|
packet beginning or packet end. I *think* this will be easier syntax to remember.
svn path=/trunk/; revision=51848
|
|
svn path=/trunk/; revision=51845
|
|
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
|
|
bytes from both the beginning and end of a packet in a single step.
svn path=/trunk/; revision=50536
|
|
motivated by a question on ask where the user currently has to jump through hoops to accomplish the same thing which can now be done in 1 step via:
editcap -T wpan -C 16 -L -F libpcap test.pcap test_wpan.pcap
I thought it would be useful enough for others as well.
Ref: http://ask.wireshark.org/questions/22689/problems-with-editcap-and-wpan-encapsulation-option
svn path=/trunk/; revision=50491
|
|
svn path=/trunk/; revision=49837
|
|
svn path=/trunk/; revision=49427
|
|
those options (which had been cut-n-paste from the tshark man page).
For editcap to support these options it would either need to be linked
against libwireshark or the address resolution stuff would need to be moved
from libwireshark to, for example, libwsutil.
svn path=/trunk/; revision=45975
|
|
svn path=/trunk/; revision=41563
|
|
Refer to pcap-filter and mention tcpdump only as a fallback.
svn path=/trunk/; revision=40820
|
|
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
|
|
`
Allow editcap to chop from beginning of packet for decapsulation
svn path=/trunk/; revision=35832
|
|
Old behavior was to include a packet with a timestamp of 12:00:00.934 if -B "YYYY-MM-DD 12:00:00" was used.
svn path=/trunk/; revision=34913
|
|
svn path=/trunk/; revision=34816
|
|
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
|
|
svn path=/trunk/; revision=28338
|
|
editcap: Add description of -i option;
dumpcap: Add description of -S option;
svn path=/trunk/; revision=28336
|
|
This patch fixes several misspellings/typos in Wireshark documentation.
svn path=/trunk/; revision=28240
|
|
- New duplicate packet removal options for editcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3168
I changed the patch a bit:
- Adapted to 80 chars wide screen
- Merged -w and -W parameters
svn path=/trunk/; revision=28074
|
|
svn path=/trunk/; revision=18867
|
|
generate duplicate packets when a mirror/SPAN port is misconfigured).
svn path=/trunk/; revision=18800
|
|
svn path=/trunk/; revision=18725
|
|
svn path=/trunk/; revision=18698
|
|
Don't use anything on man page references - pod2man handles that.
Don't refer to "the capture file format section" of the Wireshark man
page, as there's no section explicitly labelled as such; just refer to
the beginning of the DESCRIPTION section.
svn path=/trunk/; revision=18694
|
|
ethereal.com -> wireshark.org
mailing lists and addresses
ETHEREAL -> WIRESHARK
Man pages
Automake/Autoconf names
svn path=/trunk/; revision=18271
|
|
svn path=/trunk/; revision=18207
|
|
svn path=/trunk/; revision=17614
|
|
(this list also tends to become outdated), just give a small description and refer to the Ethereal man page
svn path=/trunk/; revision=16997
|
|
update to my latest command line changes
svn path=/trunk/; revision=16992
|
|
svn path=/trunk/; revision=16982
|
|
Add the documentation part of the fix for bug 379
svn path=/trunk/; revision=16876
|
|
svn path=/trunk/; revision=16330
|
|
won't work
svn path=/trunk/; revision=16328
|
|
The attached patch extends the synopsys and adds an 'Examples' chapter to
the editcap documentation.
I've edited this a bit, without the real knowledge :-(, to make it:
a. look better
b. make more sense (at least to me)
svn path=/trunk/; revision=16325
|
|
svn path=/trunk/; revision=16138
|
|
file.
svn path=/trunk/; revision=14046
|
|
added program names to HTML titles,
various minor fixes
svn path=/trunk/; revision=10686
|
|
svn path=/trunk/; revision=10040
|