| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(Though it works only with certain formats.) As requested in:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2874#c4
Change-Id: I2ce0509d8750b21ae0167d12459074ba0f9506f8
Reviewed-on: https://code.wireshark.org/review/2646
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I4d82175781e65c73179f4c8e737a7900cb050bce
Reviewed-on: https://code.wireshark.org/review/2283
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
The -X read_format extension was added in code but in the manuals.
Change-Id: I21692120229ef531671fc3db247809ace69d23b3
Reviewed-on: https://code.wireshark.org/review/742
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This change adds the ability to pass on to lua scripts loaded from the
command-line (tshark or wireshark) additional arguments supplied by the
command-line. This will help us in our testsuites, but also might be
useful for user-created scripts. The additional arguments are passed in
using the '-X' eXtension switch.
Change-Id: Ib94cdf1ffd194ca84692fee7816665e4ff95efbd
Reviewed-on: https://code.wireshark.org/review/156
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9591
svn path=/trunk/; revision=54387
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9548 and adds addtional help, better formatting, sorting and some minimal documentation of the -u option to the tshark man page.
svn path=/trunk/; revision=53938
|
|
capture buffer size in IEC units, but document it as such.
#BACKPORT(1.10, 1.8(?))
svn path=/trunk/; revision=53728
|
|
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
|
|
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
|
|
application filters" created in r52462.
svn path=/trunk/; revision=52474
|
|
svn path=/trunk/; revision=52024
|
|
properly so that we avoid overflow conditions and so that we ensure we don't capture more than 2GiB. Also, document the max filesize autostop value of 2GIB as well as indicating that it's truly GiB and not GB.
This fixes the problem reported on ask: http://ask.wireshark.org/questions/23891/wireshark-wont-run-with-multiple-capture-files
#BACKPORT(1.10) ... not sure about 1.8?
svn path=/trunk/; revision=51576
|
|
sort.
svn path=/trunk/; revision=51238
|
|
fix a typo in the dumpcap manpage
svn path=/trunk/; revision=51096
|
|
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
|
|
This patch augments Wireshark's and tshark's augument usage reports (-? and
-t?) and the Wireshark and tshark man pages to list all available timestamp
options available for the -t option.
svn path=/trunk/; revision=50445
|
|
to the tree (to separate this case from the generic DISSECTOR_BUG case).
Enable this environment variable when fuzz testing.
Enable the 3rd (without tree but with a read filter) check (added in r49643)
when testing capture files but not when fuzz testing--not sure if we want to
add even more to the fuzzbot's work load now (OTOH I've been running it for
a while and it hasn't buried me in bugs).
svn path=/trunk/; revision=49784
|
|
svn path=/trunk/; revision=49427
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8647
Improve documentation for tshark's -z io,stat somewhat so that it's clear(er)
that filters for the statistics must be associated with the -z flag and not
applied via -Y.
svn path=/trunk/; revision=49422
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8626 :
It is useful to see not only the minimal, maximum and average service time for
RPC procedures, but also the total time these took.
From me: add it to the man page.
svn path=/trunk/; revision=49144
|
|
svn path=/trunk/; revision=48931
|
|
See: http://www.wireshark.org/lists/wireshark-dev/201304/msg00015.html
svn path=/trunk/; revision=48753
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8223
Mention the new -Y flag and associated changes in the release notes.
svn path=/trunk/; revision=48654
|
|
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
|
|
behavior with r45715.
svn path=/trunk/; revision=48456
|
|
README.wmem in a couple of places.
svn path=/trunk/; revision=48251
|
|
environment variable.
svn path=/trunk/; revision=48249
|
|
svn path=/trunk/; revision=47937
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8353 : Document http-related '-z' statistics; also add document -z help.
From me: Don't print an error message for "-z help".
(Only "http,stat," is suitable for backport to 1.8 and 1.6)
svn path=/trunk/; revision=47763
|
|
From QA Cafe, bug 8280 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8280)
svn path=/trunk/; revision=47372
|
|
variable (WIRESHARK_DEBUG_USE_SLICES) which turns off the slab allocator and uses
g_slices instead (which can themselves be turned off by setting
G_SLICE=always-malloc).
This makes debugging problems in slab-allocated memory easier to find
(hopefully including https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ).
Set WIRESHARK_DEBUG_USE_SLICES when running Valgrind on *shark.
Remove unused structure member: emem_chunk_t.org.
svn path=/trunk/; revision=47110
|
|
messages should be included if -Q option is specified. Bug 2881 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2881)
svn path=/trunk/; revision=46627
|
|
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
|
|
use it in tshark.c instead of read_hosts_file. This lets us use "-H"
multiple times. Make read_hosts_file static.
svn path=/trunk/; revision=46273
|
|
actually knows how to use it could elaborate?
svn path=/trunk/; revision=45769
|
|
http://www.wireshark.org/lists/wireshark-users/201206/msg00025.html, add support for being able to specify a numeric range as the <selector> part of tshark's -d <layer type>==<selector>,<decode-as protocol> option.
svn path=/trunk/; revision=45734
|
|
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
|
|
svn path=/trunk/; revision=43371
|
|
svn path=/trunk/; revision=41657
|
|
prevents OutOfMemory exceptions from being thrown. This makes it easier
to debug such conditions.
Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice
to see the friendly out-of-memory error message in the bug reports the
latter script generates.
svn path=/trunk/; revision=41656
|
|
svn path=/trunk/; revision=41560
|
|
with https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6684
svn path=/trunk/; revision=41212
|
|
was pointed out by Markus Amend on -users.
Reference: http://article.gmane.org/gmane.network.wireshark.user/14477
(BTW, I quickly scanned through tap-iousers.c:iousers_draw() and the sorting seems to be very inefficient.)
svn path=/trunk/; revision=40911
|
|
Refer to pcap-filter and mention tcpdump only as a fallback.
svn path=/trunk/; revision=40820
|
|
svn path=/trunk/; revision=40050
|
|
level to report as well as a filter. Also, now show duplicate reports only once, and give the frequency rather than the frame number.
svn path=/trunk/; revision=40049
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6377, with the tshark man page update by me: tshark -z io,stat,interval,"[SUM|MIN|MAX|AVG](field)field [and filter]" should support floating point.
svn path=/trunk/; revision=39767
|
|
do the user a favor and continue as if -V had been specified. Add explicit documentation of the -O <protocols> option to the man page.
svn path=/trunk/; revision=39175
|
|
separator between packets. The option chosen was "-S <separator>". The former -S option was renamed to -P, and the former -P option, which was previously undocumented, was renamed to -2. This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5342.
svn path=/trunk/; revision=39168
|
|
svn path=/trunk/; revision=39092
|
