| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
svn path=/trunk/; revision=4632
|
|
svn path=/trunk/; revision=4619
|
|
is defined as 17.
svn path=/trunk/; revision=4617
|
|
logging virtual interface, from Mike Frantzen.
svn path=/trunk/; revision=4616
|
|
HAVE_NETINET_IN_H.
svn path=/trunk/; revision=4610
|
|
NetMon 2.0; I don't have any ATM captures *from* NetMon to try it on, so
I don't know what significance the "destination address" and "source
address" fields have, but we can at least read the captures we ourselves
write out, as can NetMon).
svn path=/trunk/; revision=4606
|
|
that EtherPeek for Windows uses the same format as EtherPeek for MacOS,
so the code isn't specific to the MacOS version.
Check the physMedium value in the secondary header, and leave a
placeholder for a value of 1, which is presumably used in AiroPeek
captures.
Treat unknown mediaType and physMedium values as indications that we
don't have a *Peek file, not as unsupported *Peek files - we need all
the heuristics we can get.
svn path=/trunk/; revision=4601
|
|
formats we can read; include vendor names.
We should be able to read TokenPeek captures, as well as captures from
the Windows versions of EtherPeek.
Don't list the version numbers for EtherPeek and TokenPeek - those are
file format version numbers, not program version numbers.
svn path=/trunk/; revision=4599
|
|
the V7-format read routine.
svn path=/trunk/; revision=4597
|
|
svn path=/trunk/; revision=4593
|
|
of the capture, so change some names and comments.
svn path=/trunk/; revision=4563
|
|
svn path=/trunk/; revision=4562
|
|
data structure attached to the "wtap" structure, rather than in a
pseudo-header structure; get rid of the EtherPeek pseudo-header
structure, as it's not actually used as a pseudo-header, it's just used
as private data for the EtherPeek reader.
Get rid of an extra level of indentation in switch statements.
svn path=/trunk/; revision=4561
|
|
exactly 3 spaces before the word "TCPIPtrace" to be recognized.
svn path=/trunk/; revision=4547
|
|
in Sniffer Classic files; there's nothing we can do about those
platforms that bit-swap FDDI addresses before handing them to DLPI or
whatever, so we'll just let people live with wrong FDDI addresses (or
maybe someday put in code to bit-swap them before writing them out to
the capture file).
svn path=/trunk/; revision=4519
|
|
-I/usr/local/include and -L/usr/local/lib aren't automatically added
to the build flags.
svn path=/trunk/; revision=4507
|
|
captures are IP packets, so make the file encapsulation
WTAP_ENCAP_RAW_IP rather than WTAP_ENCAP_PER_PACKET, so you can save
those captures in other formats.
svn path=/trunk/; revision=4503
|
|
svn path=/trunk/; revision=4446
|
|
svn path=/trunk/; revision=4414
|
|
svn path=/trunk/; revision=4392
|
|
The second argument to g_ptr_array_free() does not indicate to
glib to free the objects that the pointers in the GPtrArray refer to,
but simply whether or not the free the block of pointers. We have
to free the objects ourselves.
svn path=/trunk/; revision=4391
|
|
fix a bogus batch mode inference rule of make, so that
"vc60.pdb" files are created in the proper directory;
delete ".pdb" files in a "nmake -f Makefile.nmake clean";
include the text2pcap and mergecap ".pdb" files in the Windows
binary distribution.
svn path=/trunk/; revision=4385
|
|
svn path=/trunk/; revision=4359
|
|
the "The Compiler and Tools" section on
http://fink.sourceforge.net/doc/porting/basics.php
Do so on MacOS X regardless of whether the compiler is called "gcc" or
not, as that page also indicates that the compiler is installed as "cc".
svn path=/trunk/; revision=4354
|
|
Ascend/Lucent trace reading code's Flex scanner.
svn path=/trunk/; revision=4346
|
|
svn path=/trunk/; revision=4340
|
|
files would put a 32-bit quantity on a 16-bit boundary without padding;
this means that many compilers will insert the padding and thus make the
structure not match what's in the file.
Instead of using a C structure, #define values for the offsets of
fields, read the header into an array of bytes, and extract values using
the offsets.
svn path=/trunk/; revision=4334
|
|
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
svn path=/trunk/; revision=4331
|
|
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
svn path=/trunk/; revision=4328
|
|
later trace formats that have an ASCII dump at the end of the line.
svn path=/trunk/; revision=4327
|
|
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
|
|
duration, from Thomas Wittwer and Matthias Nyffenegger.
svn path=/trunk/; revision=4322
|
|
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
svn path=/trunk/; revision=4299
|
|
Tim Newsham.
Add in missing item for WTAP_ENCAP_CISCO_IOS in the Wiretap
encapsulation type table.
svn path=/trunk/; revision=4290
|
|
*always* zero, so it won't always work, and it's somewhat gross. The
right answer is "don't use Digital/Tru64 UNIX's tcpdump, use
tcpdump.org's".
svn path=/trunk/; revision=4202
|
|
tcpdump and, if we think we've found one, strip off the 3 padding bytes
they put in front of the frame.
svn path=/trunk/; revision=4201
|
|
svn path=/trunk/; revision=4199
|
|
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
|
|
No, Nokia *weren't* kind enough to change the major or minor version
number in the capture file when they changed the format, just as they
weren't kind enough to change the magic number.
svn path=/trunk/; revision=4173
|
|
with one capture I've seen, but perhaps that was done with an old
version of AIX, and newer versions use a minor version number, in the
file, of 4.
However, libpcap hasn't used a minor version of 2 for ages, so perhaps
AIX hasn't updated their libpcap in ages, and aren't about to do so
soon. If they do, let's hope they change the magic number. The capture
file in question *does* have the capture length and real length in the
old, pre-2.3, order, so it really looks as if it's an old version,
rather than IBM trying to be "helpful" by using a different minor
version number so that you can distinguish between normal libpcap and
AIX libpcap formats.)
svn path=/trunk/; revision=4164
|
|
svn path=/trunk/; revision=4126
|
|
svn path=/trunk/; revision=4094
|
|
svn path=/trunk/; revision=4078
|
|
svn path=/trunk/; revision=4077
|
|
svn path=/trunk/; revision=4042
|
|
Update the lists of known capture file formats in the Tethereal,
editcap, and mergecap man pages to match the current list (as found in
the Ethereal man page).
svn path=/trunk/; revision=4039
|
|
the specified encapsulation with the specified capture file type, and
that we can allocate a "wtap_dumper *".
If we could do all that, and could create the dump file, but the
file-type-specific create routine fails (e.g., because there's not
enough disk space to write out the header), remove the dump file.
svn path=/trunk/; revision=4032
|
|
can handle capture files bigger than 2GB.
svn path=/trunk/; revision=3993
|
|
don't need to check whether zlib has them. We *do*, however, have to
check for "gzseek()", as we don't have our own version of that.
svn path=/trunk/; revision=3963
|
|
svn path=/trunk/; revision=3949
|
