| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
protocols ...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9538 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
to tethereal. It could be added to Ethereal, but the GUI changes to
allow the user to select PDML as a print format have not been added.
Provide a python module (EtherealXML.py) to help parse PDML.
Provide a sample app (msnchat) which uses tethereal and EtherealXML.py
to reconstruct MSN Chat sessions from packet capture files. It produces
a nice HTML report of the chat sessions.
Document tethereal's PDML and EtherealXML.py usage in doc/README.xml-output
Update tethereal's manpage to reflect the new [-T pdml|ps|text] option
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9180 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
captures with packet direction information from captures without it.
Use them appropriately.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8780 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
argument, and puts the appropriate exception indication into the tree.
In "dissect_frame()", do a CATCH_ALL for exceptions, and pass the
exception code to "show_exception()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8758 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8511 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
and some other fields
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8460 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
One can now select a packet and mark it as a TimeReference packet using the menu.
A TimeReference packet will be indicated by having all timestamp related column entries replaced by the string *REF*
A TimeReference packet will always be displayed in the packet pane, and overrides any display filters.
When a frame is a TimeReference frame, all later frames will calculate the TimeRelativeToFirstPacket relative to the timestamp of the TimeReference frame instead of the first frame of the capture.
You can have any number of TimeReference frames you like.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8459 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Add a bunch of capture types discovered by stuffing them into Windows
Sniffer captures and seeing what a Sniffer thought they were. Add
support for writing at least some of them.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7265 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
wasn't done, and, for TCP, use that mechanism if reassembly isn't done
is an incorrect TCP checksum.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7212 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
that have direction information.
Support writing WTAP_ENCAP_FRELAY_WITH_PHDR and WTAP_ENCAP_PPP_WITH_PHDR
captures out in libpcap format - we throw away the direction
information, but so it goes.
When reading/writing Windows Sniffer format, read and write the
direction flag.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7052 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the capture I was sent as a bunch of TCP segments containing LPD stuff.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6810 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
WTAP_ENCAP_ISDN encapsulation type, which includes a pseudo-header
giving the direction (user-to-network or network-to-user) and the
channel number.
Add a new circuit type, using the ISDN channel number as the circuit ID.
Add an ISDN dissector to put the direction and channel number into the
protocol tree and to call the appropriate dissector for the payload
based on the channel (LAPD for the D channel; V.120, PPP, or data for B
channels, based on some heuristics).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6521 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6175 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Put "bytes" after the byte counts for the frame sizes in the
top-level item for the "Frame" protocol, to make it clearer
what they refer to.
Put the source and destination MAC addresses into the top-level
item for Ethernet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6090 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
you can't turn the "Treat all frames as DOCSIS frames" option off.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5958 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
DOCSIS support, including support for "Ethernet" captures where
the raw frame is a DOCSIS frame rather than an Ethernet
frame (some Cisco cable-modem head-end gear can send out a
trace of all traffic on an Ethernet, but what it sends are
the raw bytes of DOCSIS frames, not Ethernet frames)
Get rid of second AUTHORS entry for Devin Heitmueller, merging its item
into the older entry.
Clean up the order of some lists of plugin items.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5861 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
into the top-level tree.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5393 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
frame is marked, so that you can use Find Frame to find the next marked
frame, and can filter the display to show only marked frames.
Update the documentation to note that "frame.marked" is set on marked
frames.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5377 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
WTAP_ENCAP_CHDLC; check whether it's null before using it.
Use FROM_DCE rather than 0x80 to check the "this is DCE->DTE" bit in
"x25.flags".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5148 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5131 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4753 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
arguments to "proto_tree_add_text()", and to "proto_tree_add_XXX()" calls
that add FT_NONE or FT_PROTO items to the protocol tree, with -1.
Replace some calls to "tvb_length()" or "tvb_length_remaining()" with
calls to "tvb_reported_length()" and "tvb_reported_length_remaining()",
as those give the actual length of the data in the packet, not just the
data that happened to be captured.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4605 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4586 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
setting the "pinfo->fragmented" flag.
If a ReportedBoundsError occurs, flag the frame as being an
unreassembled packet, not an unreassembled fragmented packet, as it may
have been segmented across TCP segment boundaries rather than being part
of an IPv4/IPv6/CLNP/etc. fragmented/segmented packet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4558 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4555 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
packet" rather than a "malformed frame" - the packet in question might
be part of a link-layer frame or might span more than one link-layer
frame.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4497 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4447 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4370 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4362 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4358 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4349 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
using dissect_data() to using call_dissector()
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4268 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
general packet analyzing, but useful when developing wiretap code or
other such low-level development.
Default preference is *not* to show File Offset.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4120 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
microseconds.
Fix some "signed vs. unsigned" comparison warnings.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3934 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3561 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a registered dissector and can be called by call_dissector().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3233 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2810 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
or "[Malformed Frame]" to the Info column.
Make some dissectors set the Protocol column and clear the Info column
before fetching anything from the tvbuff they were handed, so that if
the frame is short or malformed, it'll be marked as being the right
top-level protocol, and the Info column won't have cruft left over from
the previous protocol.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2800 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2762 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissect_fddi_not_bitswapped() and dissect_fddi_bitswapped(), both of which
use the standard 3-argument tvbuffified-dissector argument list.
Add a dissector table called "wtap_encap" which is used to call dissectors
from dissect_frame(). The switch() statement from this top-level dissector
is removed.
The link-layer dissectors register themselves with the "wtap_encap"
dissector table. The dissectors are now static where possible.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2708 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2646 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"top-level" dissectors that libepan-users call, instead of dissect_packet().
The epan_dissect_t holds the tvbuff after dissection so that the tvbuff's
memory is not cleared until after the proto_tree is freed. (I might stuff
the proto_tree into the epan_dissect_t, too).
What remains of dissect_packet() in packet.c handles the tvbuff initialiation.
The real meat of dissect_packet() is now in dissect_frame(), in packet-frame.c
This means that "packet.c" is no longer a dissector, os it is no longer
passed to make-reg-dotc.
Once dissect_fddi() gets two wrapper functions (dissect_fddi_swapped()
and dissect_fddi_nonswapped()), the a dissector handoff routine could
be used instead of the switch statement in dissect_frame(). I'd register
a field like "wtap.encap"
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2478 f5534014-38df-0310-8fa8-9805f1628bb7
|
