aboutsummaryrefslogtreecommitdiffstats
path: root/doc/rawshark.pod
AgeCommit message (Collapse)AuthorFilesLines
2016-07-15Fix manpages typo.João Valverde1-1/+1
Change-Id: Iac747655d09c94926e51c7ea1f23375650cd6641 Ping-Bug: 12305 Reviewed-on: https://code.wireshark.org/review/16446 Reviewed-by: João Valverde <j@v6e.pt> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-04-04Remove synchronous DNS name resolutionJoão Valverde1-2/+0
Change-Id: Ie5e670b769eb0674950f3679ef511047641c2873 Reviewed-on: https://code.wireshark.org/review/14751 Petri-Dish: João Valverde <j@v6e.pt> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-07-25DNS: move DNS name resolution pref to Name Resolution prefsHadriel Kaplan1-0/+2
Move the boolean flag for using captured DNS packet info for name resolution to the Name Resolution preferences settings, as it was rather surprising to disable Name Resolution preferences and still have names being resolved. Also disble them all if the '-n' command line switch is used, and re-enable it for a 'd' character in the '-N' option. Bug: 10337 Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917 Reviewed-on: https://code.wireshark.org/review/9786 Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
2015-05-28Document the services file in the man pages.Jeff Morriss1-0/+14
Bug: 11227 Change-Id: Id9cc64820b238bd8c82a758a553e1352398ad885 Reviewed-on: https://code.wireshark.org/review/8664 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-05-28Document the subnets file in the man pages.Jeff Morriss1-0/+20
Text adapted from that in the WSUG documentation of the same. Ping-Bug: 1445 Ping-Bug: 11227 Change-Id: I4d07cba437e70324d19c5ae23e44b86c47b749a8 Reviewed-on: https://code.wireshark.org/review/8662 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-02-06More emem removal.Jeff Morriss1-54/+0
Remove emem's 8-byte-memory-alignment configure check as well as references to all the environment variables emem used. Change-Id: I897aec9e9c68e064454561e7a9f066b18892ec66 Reviewed-on: https://code.wireshark.org/review/6950 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-09-17Update the doc directory to use https://www.wireshark.org.Gerald Combs1-2/+2
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829 Reviewed-on: https://code.wireshark.org/review/4140 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-06-16More Python-bindings removal.Jeff Morriss1-6/+0
Change-Id: I4d82175781e65c73179f4c8e737a7900cb050bce Reviewed-on: https://code.wireshark.org/review/2283 Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
2013-11-06Add support for displaying dates as year and day-of-year (1-origin).Guy Harris1-10/+30
In the process, fix various man page descriptions of the -t flag, and add support for UTC absolute times in the iousers and iostat TShark taps. svn path=/trunk/; revision=53114
2013-09-13Add WIRESHARK_APPDATA description to the rawshark and tshark man pages.Jeff Morriss1-0/+6
svn path=/trunk/; revision=52024
2013-08-08Speak of the "-d encap:" value as a linktype, rather than a DLT; if aGuy Harris1-2/+3
name is specified, it currently must be a DLT_ name rather than a LINKTYPE_ name, as we use libpcap to do the mapping and it currently has no API to map LINKTYPE_ names to values, but if a number is specified, it could either be a LINKTYPE_ name or a DLT_ name if the two are different, and we want to encourage the use of LINKTYPE_ values. Note that in comments. svn path=/trunk/; revision=51204
2013-07-28If a core Wireshark developer repeatedly can't remember that theGuy Harris1-17/+18
argument to the -F flag for pcap format is "libpcap", not "pcap", we have a problem. Make it "pcap", and add a backwards-compatibility hack to support using "libpcap" as well. Update the man pages to refer to it as pcap as well, and fix the capitalization of "WinPcap" (see http://www.winpcap.org) while we're at it. Also, refer to http://www.tcpdump.org/linktypes.html for the list of link-layer header types for pcap and pcap-ng. svn path=/trunk/; revision=50989
2013-06-07Fix all errors and warnings found by podchecker.Chris Maynard1-4/+0
svn path=/trunk/; revision=49837
2013-06-05Add a new environment variable to cause abort()s if we add too many itemsJeff Morriss1-0/+12
to the tree (to separate this case from the generic DISSECTOR_BUG case). Enable this environment variable when fuzz testing. Enable the 3rd (without tree but with a read filter) check (added in r49643) when testing capture files but not when fuzz testing--not sure if we want to add even more to the fuzzbot's work load now (OTOH I've been running it for a while and it hasn't buried me in bugs). svn path=/trunk/; revision=49784
2013-05-20If tcpdump doesn't exist, why refer to it? Omit this confusing phrase.Chris Maynard1-1/+1
svn path=/trunk/; revision=49427
2013-03-11Document the wmem override environment variable in the man pages, and improveEvan Huus1-0/+8
README.wmem in a couple of places. svn path=/trunk/; revision=48251
2013-03-11Followup to r48218: remove documentation of the WIRESHARK_DEBUG_USE_SLICES ↵Jeff Morriss1-6/+0
environment variable. svn path=/trunk/; revision=48249
2013-01-16As suggested in comments in sl_alloc() and sl_free(): add a new environmentJeff Morriss1-0/+6
variable (WIRESHARK_DEBUG_USE_SLICES) which turns off the slab allocator and uses g_slices instead (which can themselves be turned off by setting G_SLICE=always-malloc). This makes debugging problems in slab-allocated memory easier to find (hopefully including https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ). Set WIRESHARK_DEBUG_USE_SLICES when running Valgrind on *shark. Remove unused structure member: emem_chunk_t.org. svn path=/trunk/; revision=47110
2012-12-30Fix description of -p input - show the packet data the same way it'sGuy Harris1-4/+10
shown for the previous input format (showing "data" as a pointer is a bit confusing, as it's just in-line data in the input), and give a more detailed description of the issues with that file format (the size of the seconds field of the time stamp is platform-dependent). svn path=/trunk/; revision=46864
2012-07-08First phase of fixing https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7380 :Jeff Morriss1-0/+3
Add a new name resolution option: whether or not use the configured (in the OS) name resolver (e.g., DNS) to resolve network names. When this option is disabled but network name resolution is enabled then Wireshark will resolve only those names that it can from local sources. This includes (at least, AFAIK): - name resolutions that Wireshark picks up on from DNS packets it decodes - the "user hosts file" (~/.wireshark/hosts on *NIX) - what Wireshark reads out of capture file (the PCAPNG name resolution block) This new preference defaults to "use external resolvers" for backward compatibility (so people turning on network name resolution will get the old behavior). This option can be set via Edit->Preferences and on the command line; there remain several UIs (e.g., the "open capture file" dialog, the View->Name Resolution menu, etc.) that don't have the new option yet. Also expand on the "description" for the name resolution preferences: these are used not only in the tooltips but are also written to the preferences file. The previous text didn't include enough context when written do the preferences file. svn path=/trunk/; revision=43605
2012-03-19Fix a typo or twoJeff Morriss1-2/+2
svn path=/trunk/; revision=41657
2012-03-19Add a new environment variable (WIRESHARK_ABORT_ON_OUT_OF_MEMORY) thatJeff Morriss1-3/+10
prevents OutOfMemory exceptions from being thrown. This makes it easier to debug such conditions. Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice to see the friendly out-of-memory error message in the bug reports the latter script generates. svn path=/trunk/; revision=41656
2012-02-03The libpcap puts pcap-filter into the misc section (which seems to be 7).Jörg Mayer1-2/+2
Refer to pcap-filter and mention tcpdump only as a fallback. svn path=/trunk/; revision=40820
2011-05-29Remove an (almost) duplicate entryJörg Mayer1-3/+0
svn path=/trunk/; revision=37461
2010-10-20Add IPFIX_RECORDS_TO_CHECK to the environment variable section.Jeff Morriss1-0/+7
svn path=/trunk/; revision=34590
2010-10-15Revision 27919 added the ability to feed a libpcap-formatted file toGerald Combs1-2/+25
rawshark but broke the ability to feed it live packets with a pcap_pkthdr prefix on some 64-bit architectures. Add a "-p" flag which lets us explicitly handle file-based or memory-based packet record headers. svn path=/trunk/; revision=34522
2010-09-02Introduce 2 new environment variables: WIRESHARK_EP_VERIFY_POINTERS andJeff Morriss1-1/+15
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given pointer is ep_ or se_ allocated, respectively. Turn the behavior off by default for speed reasons (the speed difference isn't huge, but...). Turn the behavior on when fuzz testing. Document these two new variables in the man pages. svn path=/trunk/; revision=34046
2010-06-03From Reinhard Speyerer via bug 4779:Gerald Combs1-4/+5
From reading the rawshark(1) manpage my assumption was that rawshark could be used like $ /usr/bml/bin/rawshark -s -r test.pcap -d encap:EN10MB ... However rawshark either expects the -r argument to be - (read from stdin) or a pipe which results in the following error message: rawshark: ".../test.pcap" is neither an interface nor a pipe The proposed rawshark.pod patch updates the -r description to the implemented rawshark functionality. The patch also applies to the current SVN version. svn path=/trunk/; revision=33063
2010-04-14In the section on WIRESHARK_ABORT_ON_DISSECTOR_BUG, give the name of theGuy Harris1-5/+8
program the man page describes, and give a bit more detail. svn path=/trunk/; revision=32458
2010-04-13Add an entry to the environment variable section about ↵Jeff Morriss1-0/+8
WIRESHARK_ABORT_ON_DISSECTOR_BUG svn path=/trunk/; revision=32457
2010-04-12Point out that hostname and MAC address resolution in capture filters will notJeff Morriss1-0/+8
use any of the Wireshark "personal" files. This helps to address the complaint in: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2904 svn path=/trunk/; revision=32452
2010-02-24Add descriptions of a few more environment variables that affect *shark's ↵Jeff Morriss1-0/+26
operation svn path=/trunk/; revision=31973
2009-12-28Remove repeated blank lines which caused the pod processor to not recognize ↵Bill Meier1-1/+0
the following pod directive. svn path=/trunk/; revision=31372
2009-10-20Take a stab at adding a section on environment variables that affect ↵Jeff Morriss1-0/+39
*shark's behavior. So far, all the emem variables are included. svn path=/trunk/; revision=30648
2009-05-12SYNOPSYS --> SYNOPSISBill Meier1-1/+1
svn path=/trunk/; revision=28338
2009-04-01Describe the format of libpcap records a little better - no, it's notGuy Harris1-1/+3
valid C89, but it's more accurate (and lets you know that the packet data has only caplen bytes). Fix up a list. svn path=/trunk/; revision=27925
2009-03-31Rawshark fixes from Duncan Salerno.Gerald Combs1-8/+7
svn path=/trunk/; revision=27919
2009-02-23Have the minimum snapshot length be 1 byte, and have a snapshot lengthGuy Harris1-2/+3
of 0 mean 65535, similar to what tcpdump does. Fixes bug 2731. svn path=/trunk/; revision=27526
2008-03-07Make some text verbatim.Gerald Combs1-16/+16
svn path=/trunk/; revision=24585
2008-02-16Remove extra copies of the content.Gerald Combs1-1127/+0
svn path=/trunk/; revision=24362
2008-02-15Add rawshark, a utility that, when given raw pcap-formatted packets andGerald Combs1-0/+1504
a list of fields, prints the field values found in each packet. Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http". svn path=/trunk/; revision=24339
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 09:00:28 +0000