Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=48931
|
|
See: http://www.wireshark.org/lists/wireshark-dev/201304/msg00015.html
svn path=/trunk/; revision=48753
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8223
Mention the new -Y flag and associated changes in the release notes.
svn path=/trunk/; revision=48654
|
|
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
|
|
behavior with r45715.
svn path=/trunk/; revision=48456
|
|
README.wmem in a couple of places.
svn path=/trunk/; revision=48251
|
|
environment variable.
svn path=/trunk/; revision=48249
|
|
svn path=/trunk/; revision=47937
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8353 : Document http-related '-z' statistics; also add document -z help.
From me: Don't print an error message for "-z help".
(Only "http,stat," is suitable for backport to 1.8 and 1.6)
svn path=/trunk/; revision=47763
|
|
From QA Cafe, bug 8280 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8280)
svn path=/trunk/; revision=47372
|
|
variable (WIRESHARK_DEBUG_USE_SLICES) which turns off the slab allocator and uses
g_slices instead (which can themselves be turned off by setting
G_SLICE=always-malloc).
This makes debugging problems in slab-allocated memory easier to find
(hopefully including https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ).
Set WIRESHARK_DEBUG_USE_SLICES when running Valgrind on *shark.
Remove unused structure member: emem_chunk_t.org.
svn path=/trunk/; revision=47110
|
|
messages should be included if -Q option is specified. Bug 2881 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2881)
svn path=/trunk/; revision=46627
|
|
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
|
|
use it in tshark.c instead of read_hosts_file. This lets us use "-H"
multiple times. Make read_hosts_file static.
svn path=/trunk/; revision=46273
|
|
actually knows how to use it could elaborate?
svn path=/trunk/; revision=45769
|
|
http://www.wireshark.org/lists/wireshark-users/201206/msg00025.html, add support for being able to specify a numeric range as the <selector> part of tshark's -d <layer type>==<selector>,<decode-as protocol> option.
svn path=/trunk/; revision=45734
|
|
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
|
|
svn path=/trunk/; revision=43371
|
|
svn path=/trunk/; revision=41657
|
|
prevents OutOfMemory exceptions from being thrown. This makes it easier
to debug such conditions.
Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice
to see the friendly out-of-memory error message in the bug reports the
latter script generates.
svn path=/trunk/; revision=41656
|
|
svn path=/trunk/; revision=41560
|
|
with https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6684
svn path=/trunk/; revision=41212
|
|
was pointed out by Markus Amend on -users.
Reference: http://article.gmane.org/gmane.network.wireshark.user/14477
(BTW, I quickly scanned through tap-iousers.c:iousers_draw() and the sorting seems to be very inefficient.)
svn path=/trunk/; revision=40911
|
|
Refer to pcap-filter and mention tcpdump only as a fallback.
svn path=/trunk/; revision=40820
|
|
svn path=/trunk/; revision=40050
|
|
level to report as well as a filter. Also, now show duplicate reports only once, and give the frequency rather than the frame number.
svn path=/trunk/; revision=40049
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6377, with the tshark man page update by me: tshark -z io,stat,interval,"[SUM|MIN|MAX|AVG](field)field [and filter]" should support floating point.
svn path=/trunk/; revision=39767
|
|
do the user a favor and continue as if -V had been specified. Add explicit documentation of the -O <protocols> option to the man page.
svn path=/trunk/; revision=39175
|
|
separator between packets. The option chosen was "-S <separator>". The former -S option was renamed to -P, and the former -P option, which was previously undocumented, was renamed to -2. This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5342.
svn path=/trunk/; revision=39168
|
|
svn path=/trunk/; revision=39092
|
|
svn path=/trunk/; revision=39091
|
|
svn path=/trunk/; revision=39010
|
|
svn path=/trunk/; revision=39009
|
|
svn path=/trunk/; revision=38019
|
|
svn path=/trunk/; revision=38016
|
|
the capturing on multiple interfaces.
svn path=/trunk/; revision=37824
|
|
svn path=/trunk/; revision=37587
|
|
1.) The resolution of the time values displayed by tshark's "-z io,stat, ..."
should be increased from milliseconds to microseconds (from 3 to 6 decimal
places) in order to be consistent with -z relative time-related options such as
"-z smb,rtt" and "-z rpc,rtt" which display values to 5 decimal places.
[Please note that separate enhancement requests for 6 decimal of precision in
Wireshark will be submitted shortly.)
2.) The "frames bytes" column displayed in '-z io,stat' is too narrow, frames
and bytes should each have 15 spaces like all the other column types.
3.) The types "FRAMES" and "BYTES" should be added to allow users to display
these values separately and allow for filters to be specified.
4.) The 'SUM' option should allow for relative time values such as SRTs to be
summed. This would be useful for the calculation of such things as
request concurrency (total_SRT_time / duration).
5.) The tshark man page needs some corrections and readability improvements
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4915
svn path=/trunk/; revision=37555
|
|
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
svn path=/trunk/; revision=36947
|
|
svn path=/trunk/; revision=36582
|
|
TODO: Add a Wireshark tap or look into possibly using the stats tree instead.
Also, like ICMP, the ICMPv6 payload appears to carry the sender's timestamp, so
it might be possible to make use of this information to estimate the total SRT.
(See bug 5770 for more details.)
svn path=/trunk/; revision=36561
|
|
standard deviation. Split statistics output onto 2 lines.
svn path=/trunk/; revision=36501
|
|
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
|
|
svn path=/trunk/; revision=36372
|
|
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
|
|
Change RTT references to SRT.
(tshark.pod could use a description for -z afp,srt and -z camel,srt)
svn path=/trunk/; revision=36297
|
|
svn path=/trunk/; revision=35038
|
|
svn path=/trunk/; revision=34815
|
|
svn path=/trunk/; revision=34590
|
|
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given
pointer is ep_ or se_ allocated, respectively.
Turn the behavior off by default for speed reasons (the speed difference isn't
huge, but...).
Turn the behavior on when fuzz testing.
Document these two new variables in the man pages.
svn path=/trunk/; revision=34046
|