Age | Commit message (Collapse) | Author | Files | Lines |
|
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
|
|
svn path=/trunk/; revision=27099
|
|
No we can decode those winmail.dat files.
svn path=/trunk/; revision=26864
|
|
The code in wiretap/wtap.c is not right. Because g_array_append_val should accept a value
of type 'struct encap_type_info' rather than a pointer to this type.
svn path=/trunk/; revision=26816
|
|
patch to support IEE802.15.4 non-ASK PHY.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2906
svn path=/trunk/; revision=26792
|
|
Implement dissector for IPMB (DLT_IPMB_LINUX, 209).
svn path=/trunk/; revision=25986
|
|
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
|
|
svn path=/trunk/; revision=25163
|
|
svn path=/trunk/; revision=25159
|
|
IEEE 802.15.4 dissector and DLT_ type.
svn path=/trunk/; revision=24564
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1970 (pending review)
svn path=/trunk/; revision=24463
|
|
svn path=/trunk/; revision=24258
|
|
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
|
|
This is a replacement of the existing decoding of ERF files (Extensible Record
Format from Endace).
For the decoding of the ERF files, according to the "type of record" given in
the ERF header, several decoders can be used. Up to now, the decoder is
determined according to an environment variable, or with a kind of heuristic.
And, all the treatment is done during the file extraction.
The new architecture, will separate the ERF file decoding, and the ERF record
decoding. The ERF records will be decoded with a specific dissector. This
dissector can be configured with options, to replace the environment variable.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839
svn path=/trunk/; revision=23092
|
|
The encap_table_base in wcap.c is missing an entry.
This causes e.g. "dumpcap -i usb3 -L" to output:
Data link types (use option -y to set):
USB_LINUX
(MPEG)
svn path=/trunk/; revision=22292
|
|
http://www.cacetech.com/documents/PPI_Header_format_1.0.pdf .
svn path=/trunk/; revision=22094
|
|
So far I've done only regression testing (the new functionality and what's in wtap-plugins.c has not yet being tested).
it is a first step in the way to have lua opening files.
svn path=/trunk/; revision=21686
|
|
Wiretap support to read MPEG files
svn path=/trunk/; revision=21112
|
|
HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data. There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection. Thus the need for a new wiretap encapsulation type...
svn path=/trunk/; revision=20253
|
|
for which a DLT_ value and LINKTYPE_ value have just been assigned.
svn path=/trunk/; revision=20003
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
USB dissector
svn path=/trunk/; revision=19480
|
|
A patch that adds support for dissection of
libpcap DLT_JUNIPER_VP frames. In addition i have fixed
also the indent for DLT_JUNIPER_GGSN.
svn path=/trunk/; revision=18940
|
|
format but still useful for dissecting arbitrary BER/DER ASN.1.
svn path=/trunk/; revision=18110
|
|
ugly printouts for "editcap -T".
svn path=/trunk/; revision=17873
|
|
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
|
|
wiretap/README.developer
- the referenced default seek_read function doesn't exist now
wiretap/wtap.c
- a "hole" in encap_table was causing the wrong encap value for later
types to be looked up (by name)
mergecap.c
- fix a couple of program name copy+paste errors from editcap.c
svn path=/trunk/; revision=17765
|
|
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17450
|
|
necessary for the switch to GTK 2.6 (at least on WIN32).
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
|
|
patch to support 4 additional juniper DLTs.
all those are wrappers for exisiting media types augmented with meta-information which gets also displayed using this patch;
svn path=/trunk/; revision=15908
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
- Remove epan/dissectors/packet-sna.h, it isn't used anywhere.
svn path=/trunk/; revision=15475
|
|
(so if the file's gzipped, it's *NOT* the size of the file after
uncompressing), and an approximation of the amount of that data read
sequentially so far.
Use those for various progress bars and the like.
Make the fstat() in the Ascend trace reader directly use wth->fd, as
it's inside Wiretap; that gets rid of the last caller of wtap_fd() (as
we're no longer directly using fstat() or lseek() in Ethereal), so get
rid of wtap_fd().
svn path=/trunk/; revision=15437
|
|
- add support for Multi-Link Frame-Relay (FRF.15) captures
taken on Juniper ML-, LS-, AS- PICs.
- rework of the common juniper header dissector:
test the extension flag (0x80) which indicates that there are
meta-information like interface-index, interface-name etc.
present
- minor bugfix (LSQ L3-proto masks, direction masks were broken)
svn path=/trunk/; revision=15316
|
|
support for support for DLT_JUNIPER_MLPPP
svn path=/trunk/; revision=14994
|
|
Fixes for LAP-B (SX25L2) and X.25 (SX25L3) nettl trace records.
svn path=/trunk/; revision=14385
|
|
support for Juniper PPPOE encapsulation
svn path=/trunk/; revision=14346
|
|
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
|
|
encapsulation types.
svn path=/trunk/; revision=14007
|
|
wtap_loop(), so eliminate wtap_loop().
svn path=/trunk/; revision=14006
|
|
svn path=/trunk/; revision=13212
|
|
standard input. Opening it for random access isn't supported; we add a
new error for that.
svn path=/trunk/; revision=13189
|
|
svn path=/trunk/; revision=13130
|
|
Ethereal, unaware that the Ethereal team does *NOT* control libpcap
format, thinks they can just grab 169 and use it for their own
purposes).
svn path=/trunk/; revision=12678
|
|
by his madwifi Atheros driver on Linux; rename
WTAP_ENCAP_IEEE_802_11_WLAN_BSD to WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP,
and change its text name from "ieee-802-11-bsd" to
"ieee-802-11-radiotap".
svn path=/trunk/; revision=12429
|
|
NETTL_SUBSYS_NS_LS_ICMPV6 - they don't even have IP headers, so we need
to directly call the ICMP and ICMPv6 dissectors.
svn path=/trunk/; revision=12047
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
libpcap DLT_ value for BACnet MS/TP to it.
svn path=/trunk/; revision=11126
|
|
svn path=/trunk/; revision=10528
|