| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Update the `-i` option to allow floating point values as suggested at
https://stackoverflow.com/questions/57004719/split-wireshark-to-miliseconds
Change-Id: I24028d409bc441ed3b45ac2179f7c42b2bc424bc
Reviewed-on: https://code.wireshark.org/review/33938
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
pcapng spec update is here: https://github.com/pcapng/pcapng/pull/62
Bug: 15571
Change-Id: I2f1921b1da70ac0bab8c38dd5138a9dfe7843fea
Reviewed-on: https://code.wireshark.org/review/33300
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 15435
Change-Id: I78503c9c31ab3eda39908b91dca3ef3fb9af34bf
Reviewed-on: https://code.wireshark.org/review/32100
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Icc027f3c53e1da580c2e49042134b1075ad65cf2
Reviewed-on: https://code.wireshark.org/review/31666
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
1) The default build configuration is to select PCAPNG as
output format, but it can be selected as PCAP. Some of the
command line tools have the option to select the output
format and default towards the build configuration.
This has to be reflected in their help output also.
2) Various documentation files are still stating that PCAP is
the default format of various tools. With the default build
configuration being PCAPNG these have to be adjusted as well.
(with lack of dynamic content the documentation can only refer
to the default build configuration format).
Change-Id: I51d19642a7ed8c99817971c1f25d20972095021e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a new option to insert decryption secrets into a pcapng file.
Change-Id: I0e024585cac9a8a328e88d32f9eb03d37d350e2a
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Implement a --seed option to be used in conjunction with -E. The option
allows the user to set the seed for the pseudo-random number generator,
which can be useful for recreating a particular sequence of errors.
Change-Id: Id427ab5fd7711652ad56c72271b2e0acb7380858
Reviewed-on: https://code.wireshark.org/review/29306
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
We've set "=encoding utf8" in wireshark.pod for a long time. Do so in
the rest of our .pod files.
Change-Id: I3ef0fb3a88ed63275b4ff4362b6afbf13d79a0bc
Reviewed-on: https://code.wireshark.org/review/29182
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This is useful when processing packets that were captured by multiple radios on the same channel.
Change-Id: I9dacc35294a4ed4e817014e563e7c9a54ee05e40
Reviewed-on: https://code.wireshark.org/review/28843
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
With option -I one can ignore the first number of bytes from the frame
while doing duplicate frame removal. This doesn't handle shorter frames
correctly. Add safeguards for this, and update the help text.
Bug: 13378
Change-Id: Ia6b65d0797f4069f0b89fa134114d88d80988211
Reviewed-on: https://code.wireshark.org/review/20004
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I848159f0c960e0e8ece09c7c96dda6deb0ec6046
Reviewed-on: https://code.wireshark.org/review/13329
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This option skips some bytes when fuzzing, that prevents some headers from being changed. This focuses fuzzer to a smaller part of the packet.
Change-Id: I1db83235e93f2774a9991e3af70f633487b816fa
Reviewed-on: https://code.wireshark.org/review/9982
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ic1a07e29d30d96bf1dd86e10b198c42dd9349838
Reviewed-on: https://code.wireshark.org/review/9198
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Positve => Positive
Change-Id: I09190b44783d8b7f4e8e90208d8a82d192a6a189
Reviewed-on: https://code.wireshark.org/review/7971
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Description:
Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation.
Useful to remove duplicated packets taken on several routers or SW(differents mac addresses for example).
e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
The default value is 0.
This option is only relevant when used with -d|-D|-w
Bug: 8511
Change-Id: I009a09d32778a182b2d88f372651f658a4938882
Reviewed-on: https://code.wireshark.org/review/4104
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829
Reviewed-on: https://code.wireshark.org/review/4140
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
In some cases "-v" was already used so "-V" is the option.
Note that the version information in these utilities is much shorter than what
is presented by the big programs.
As requested by https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5804
Bug: 5804
Change-Id: I35db35a4eace2797afd895f9be7322ef39928480
Reviewed-on: https://code.wireshark.org/review/2489
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
svn path=/trunk/; revision=51901
|
|
svn path=/trunk/; revision=51887
|
|
function for both clarity and correctness since we need to compute chop offsets and lengths on a per-packet basis whereas previously this was not being done.
Lastly, try to improve the documentation a bit concerning chopping and provide another example depicting 2 separate chopping regions. *Maybe* this is clearer?
One more example here for posterity: Given the following 75 byte packet, there
are 8 different ways to chop the 2 regions marked as 10 and 20 in a single pass:
<--------------------------- 75 ---------------------------->
+---+-------+-----------+---------------+-------------------+
| 5 | 10 | 15 | 20 | 25 |
+---+-------+-----------+---------------+-------------------+
1) editcap -C 5:10 -C -25:-20 in.pcap out.pcap
2) editcap -C 5:10 -C 50:-20 in.pcap out.pcap
3) editcap -C -70:10 -C -25:-20 in.pcap out.pcap
4) editcap -C -70:10 -C 50:-20 in.pcap out.pcap
5) editcap -C 30:20 -C -60:-10 in.pcap out.pcap
6) editcap -C 30:20 -C 15:-10 in.pcap out.pcap
7) editcap -C -45:20 -C -60:-10 in.pcap out.pcap
8) editcap -C -45:20 -C 15:-10 in.pcap out.pcap
svn path=/trunk/; revision=51886
|
|
from the beginning or the end.
Given the following example, it's now possible to chop the 10 bytes depicted from the 100 byte packet 4 different ways and achieve the exact same results:
<-------- 100 --------> Methods:
1) editcap -C 20:10 in.pcap out.pcap
+------+----+---------+ 2) editcap -C -80:10 in.pcap out.pcap
| 20 | 10 | 70 | 3) editcap -C -70:-10 in.pcap out.pcap
+------+----+---------+ 4) editcap -C 30:-10 in.pcap out.pcap
svn path=/trunk/; revision=51854
|
|
packet beginning or packet end. I *think* this will be easier syntax to remember.
svn path=/trunk/; revision=51848
|
|
svn path=/trunk/; revision=51845
|
|
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
|
|
bytes from both the beginning and end of a packet in a single step.
svn path=/trunk/; revision=50536
|
|
motivated by a question on ask where the user currently has to jump through hoops to accomplish the same thing which can now be done in 1 step via:
editcap -T wpan -C 16 -L -F libpcap test.pcap test_wpan.pcap
I thought it would be useful enough for others as well.
Ref: http://ask.wireshark.org/questions/22689/problems-with-editcap-and-wpan-encapsulation-option
svn path=/trunk/; revision=50491
|
|
svn path=/trunk/; revision=49837
|
|
svn path=/trunk/; revision=49427
|
|
those options (which had been cut-n-paste from the tshark man page).
For editcap to support these options it would either need to be linked
against libwireshark or the address resolution stuff would need to be moved
from libwireshark to, for example, libwsutil.
svn path=/trunk/; revision=45975
|
|
svn path=/trunk/; revision=41563
|
|
Refer to pcap-filter and mention tcpdump only as a fallback.
svn path=/trunk/; revision=40820
|
|
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
|
|
`
Allow editcap to chop from beginning of packet for decapsulation
svn path=/trunk/; revision=35832
|
|
Old behavior was to include a packet with a timestamp of 12:00:00.934 if -B "YYYY-MM-DD 12:00:00" was used.
svn path=/trunk/; revision=34913
|
|
svn path=/trunk/; revision=34816
|
|
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
|
|
svn path=/trunk/; revision=28338
|
|
editcap: Add description of -i option;
dumpcap: Add description of -S option;
svn path=/trunk/; revision=28336
|
|
This patch fixes several misspellings/typos in Wireshark documentation.
svn path=/trunk/; revision=28240
|
|
- New duplicate packet removal options for editcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3168
I changed the patch a bit:
- Adapted to 80 chars wide screen
- Merged -w and -W parameters
svn path=/trunk/; revision=28074
|
|
svn path=/trunk/; revision=18867
|
|
generate duplicate packets when a mirror/SPAN port is misconfigured).
svn path=/trunk/; revision=18800
|
|
svn path=/trunk/; revision=18725
|
|
svn path=/trunk/; revision=18698
|
|
Don't use anything on man page references - pod2man handles that.
Don't refer to "the capture file format section" of the Wireshark man
page, as there's no section explicitly labelled as such; just refer to
the beginning of the DESCRIPTION section.
svn path=/trunk/; revision=18694
|
|
ethereal.com -> wireshark.org
mailing lists and addresses
ETHEREAL -> WIRESHARK
Man pages
Automake/Autoconf names
svn path=/trunk/; revision=18271
|
|
svn path=/trunk/; revision=18207
|
|
svn path=/trunk/; revision=17614
|
|
(this list also tends to become outdated), just give a small description and refer to the Ethereal man page
svn path=/trunk/; revision=16997
|
|
update to my latest command line changes
svn path=/trunk/; revision=16992
|
