diff options
author | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2011-09-27 18:32:59 +0000 |
---|---|---|
committer | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2011-09-27 18:32:59 +0000 |
commit | 311c5ef6868bb2f2721d979ec22390620133e1c3 (patch) | |
tree | 103c857a898ce7003c519674bb3810c1ded80f2c | |
parent | da7e08a4d948bfc90c6d32f695c98e5fab4b79de (diff) | |
download | wireshark-311c5ef6868bb2f2721d979ec22390620133e1c3.tar.gz |
Add a new tshark option for being able to specify an alternate line separator between packets. The option chosen was "-S <separator>". The former -S option was renamed to -P, and the former -P option, which was previously undocumented, was renamed to -2. This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5342.
svn path=/trunk/; revision=39168
-rw-r--r-- | doc/tshark.pod | 30 | ||||
-rw-r--r-- | docbook/release-notes.xml | 10 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_app_tools.xml | 36 | ||||
-rw-r--r-- | tshark.c | 21 |
4 files changed, 68 insertions, 29 deletions
diff --git a/doc/tshark.pod b/doc/tshark.pod index 55419a4fc1..a520729416 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -6,6 +6,7 @@ tshark - Dump and analyze network traffic =head1 SYNOPSIS B<tshark> +S<[ B<-2> ]> S<[ B<-a> E<lt>capture autostop conditionE<gt> ] ...> S<[ B<-b> E<lt>capture ring buffer optionE<gt>] ...> S<[ B<-B> E<lt>capture buffer sizeE<gt> ] > @@ -29,11 +30,12 @@ S<[ B<-N> E<lt>name resolving flagsE<gt> ]> S<[ B<-o> E<lt>preference settingE<gt> ] ...> S<[ B<-O> E<lt>protocolsE<gt> ]> S<[ B<-p> ]> +S<[ B<-P> ]> S<[ B<-q> ]> S<[ B<-r> E<lt>infileE<gt> ]> S<[ B<-R> E<lt>read (display) filterE<gt> ]> S<[ B<-s> E<lt>capture snaplenE<gt> ]> -S<[ B<-S> ]> +S<[ B<-S> E<lt>separatorE<gt> ]> S<[ B<-t> ad|a|r|d|dd|e ]> S<[ B<-T> pdml|psml|ps|text|fields ]> S<[ B<-v> ]> @@ -142,6 +144,10 @@ to dump one of several types of internal glossaries and then exit. =over 4 +=item -2 + +Perform a two-pass analysis. + =item -a E<lt>capture autostop conditionE<gt> Specify a criterion that specifies when B<TShark> is to stop writing @@ -548,6 +554,11 @@ If used after an B<-i> option, the interface specified by the last B<-i> option occurring before this option will not be put into the promiscuous mode. +=item -P + +Decode and display packets even while writing raw packet data using the +B<-w> option. + =item -q When capturing packets, don't display the continuous count of packets @@ -591,10 +602,9 @@ the interface specified by the last B<-i> option occurring before this option. If the snapshot length is not set specifically, the default snapshot length is used if provided. -=item -S +=item -S E<lt>separatorE<gt> -Decode and display packets even while writing raw packet data using the -B<-w> option. +Set the line separator to be printed between packets. =item -t ad|a|r|d|dd|e @@ -838,7 +848,7 @@ Example: B<-z io,stat,0.010,E<34>COUNT(smb.sid)smb.sidE<34>> This will count the total number of SIDs seen in each 10ms interval. B<SUM(I<field>)I<field> [and I<filter>]> - Unlike COUNT, the I<values> of the -specified field are summed per time interval. +specified field are summed per time interval. ''I<field>'' can only be a named integer or relative time field. Example: B<-z io,stat,0.010,E<34>SUM(frame.len)frame.lenE<34>> @@ -914,15 +924,15 @@ A value of 1.0 represents one I/O in flight. Column #0: LOAD(smb.time)smb.time | Column #0 | Time | LOAD | - 0000.000000-0000.001000 1.000000 - 0000.001000-0000.002000 0.741000 - 0000.002000-0000.003000 0.000000 - 0000.003000-0000.004000 1.000000 + 0000.000000-0000.001000 1.000000 + 0000.001000-0000.002000 0.741000 + 0000.002000-0000.003000 0.000000 + 0000.003000-0000.004000 1.000000 B<FRAMES | BYTES[()I<filter>]> - Displays the total number of frames or bytes. -The filter field is optional but if included it must be prepended with ''()''. +The filter field is optional but if included it must be prepended with ''()''. The following command displays five columns: the total number of frames and bytes (transferred bidirectionally) using a single comma, the same two stats using the FRAMES and BYTES diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml index c421b75fcd..89435bbcc7 100644 --- a/docbook/release-notes.xml +++ b/docbook/release-notes.xml @@ -93,6 +93,16 @@ Wireshark Info </para> </listitem> + <listitem> + <para> + The tshark command-line options have changed as follows: The + previously undocumented -P option is now -2 option for performing a + two-pass analysis; the former -S option is now the -P option for + printing packets even if writing to a file, and the -S option is + now used to specify a different line separator between packets. + </para> + </listitem> + </itemizedlist> </para> diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml index 1c9e6785ec..6a1a793077 100644 --- a/docbook/wsug_src/WSUG_app_tools.xml +++ b/docbook/wsug_src/WSUG_app_tools.xml @@ -27,7 +27,7 @@ <example id="AppToolstsharkEx"> <title>Help information available from tshark</title> <programlisting> -TShark 1.6.0 (SVN Rev 37205 from /trunk-1.6) +TShark 1.7.0 (SVN Rev 39165 from /trunk) Dump and analyze network traffic. See http://www.wireshark.org for more information. @@ -60,6 +60,7 @@ Input file: -r <infile> set the filename to read from (no pipes or stdin!) Processing: + -2 perform a two-pass analysis -R <read filter> packet filter in Wireshark display filter syntax -n disable all name resolutions (def: all enabled) -N <name resolve flags> enable specific name resolution(s): "mntC" @@ -75,7 +76,8 @@ Output: -V add output of packet tree (Packet Details) -O <protocols> Only show packet details of these protocols, comma separated - -S display packets even when writing to a file + -P print packets even when writing to a file + -S <separator> the line separator to print between packets -x add output of hex and ASCII dump (Packet Bytes) -T pdml|ps|psml|text|fields format of text output (def: text) @@ -166,7 +168,7 @@ tcpdump -i <interface> -s 65535 -w <some-file> <example id="AppToolsdumpcapEx"> <title>Help information available from dumpcap</title> <programlisting> -Dumpcap 1.6.0 (SVN Rev 37205 from /trunk-1.6) +Dumpcap 1.7.0 (SVN Rev 39165 from /trunk) Capture network packets and dump them into a libpcap file. See http://www.wireshark.org for more information. @@ -182,10 +184,9 @@ Capture interface: -D print list of interfaces and exit -L print list of link-layer types of iface and exit -d print generated BPF code for capture filter - -S print statistics for each interface once every second + -S print statistics for each interface once per second -M for -D, -L, and -S, produce machine-readable output - RPCAP options: -r don't ignore own RPCAP traffic in capture -u use UDP for RPCAP data transfer @@ -205,7 +206,9 @@ Output (files): filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files -n use pcapng format instead of pcap + Miscellaneous: + -t use a separate thread per interface -q don't report packet capture counts -v print version information and exit -h display this help and exit @@ -231,7 +234,7 @@ Use Ctrl-C to stop capturing at any time. <example id="AppToolscapinfosEx"> <title>Help information available from capinfos</title> <programlisting> -Capinfos 1.6.0 (SVN Rev 37205 from /trunk-1.6) +Capinfos 1.7.0 (SVN Rev 39165 from /trunk) Prints various information (infos) about capture files. See http://www.wireshark.org for more information. @@ -303,7 +306,7 @@ output format. <example id="AppToolsrawsharkEx"> <title>Help information available from rawshark</title> <programlisting> -Rawshark 1.6.0 (SVN Rev 37205 from /trunk-1.6) +Rawshark 1.7.0 (SVN Rev 39165 from /trunk) Dump and analyze network traffic. See http://www.wireshark.org for more information. @@ -322,12 +325,15 @@ Processing: -F <field> field to display -n disable all name resolution (def: all enabled) -N <name resolve flags> enable specific name resolution(s): "mntC" - -p use the system's packet header format (which may have 64-bit timestamps) + -p use the system's packet header format + (which may have 64-bit timestamps) -R <read filter> packet filter in Wireshark display filter syntax -s skip PCAP header on input + Output: -l flush output after each packet - -S format string for fields (%D - name, %S - stringval, %N numval) + -S format string for fields + (%D - name, %S - stringval, %N numval) -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first) Miscellaneous: @@ -354,7 +360,7 @@ Miscellaneous: <title>Help information available from editcap</title> <para> <programlisting> -Editcap 1.6.0 (SVN Rev 37205 from /trunk-1.6) +Editcap 1.7.0 (SVN Rev 39165 from /trunk) Edit and/or translate the format of capture files. See http://www.wireshark.org for more information. @@ -678,7 +684,7 @@ editcap: The available encapsulation types for the "-T" flag are: <example id="AppToolsmergecapEx"> <title>Help information available from mergecap</title> <programlisting> -Mergecap 1.6.0 (SVN Rev 37205 from /trunk-1.6) +Mergecap 1.7.0 (SVN Rev 39165 from /trunk) Merge two or more capture files into one. See http://www.wireshark.org for more information. @@ -782,7 +788,7 @@ Miscellaneous: <example id="AppToolstext2pcapEx"> <title>Help information available for text2pcap</title> <programlisting> -Text2pcap 1.6.0 (SVN Rev 37205 from /trunk-1.6) +Text2pcap 1.7.0 (SVN Rev 39165 from /trunk) Generate a capture file from an ASCII hexdump of packets. See http://www.wireshark.org for more information. @@ -804,6 +810,12 @@ Input: number is assumed to be fractions of a second. NOTE: Date/time fields from the current date/time are used as the default for unspecified fields. + -a enable ASCII text dump identification. + It allows to identify the start of the ASCII text + dump and not include it in the packet even if it + looks like HEX dump. + NOTE: Do not enable it if the input file does not + contain the ASCII text dump. Output: -l <typenum> link-layer type number; default is 1 (Ethernet). @@ -139,6 +139,8 @@ static output_fields_t* output_fields = NULL; */ static gboolean print_packet_counts; +/* The line separator used between packets, changeable via the -S option */ +static char *separator = ""; static capture_options global_capture_opts; @@ -275,6 +277,7 @@ print_usage(gboolean print_ver) fprintf(output, "\n"); fprintf(output, "Processing:\n"); + fprintf(output, " -2 perform a two-pass analysis\n"); fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n"); fprintf(output, " -n disable all name resolutions (def: all enabled)\n"); fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n"); @@ -292,7 +295,8 @@ print_usage(gboolean print_ver) fprintf(output, " -V add output of packet tree (Packet Details)\n"); fprintf(output, " -O <protocols> Only show packet details of these protocols, comma\n"); fprintf(output, " separated\n"); - fprintf(output, " -S display packets even when writing to a file\n"); + fprintf(output, " -P print packets even when writing to a file\n"); + fprintf(output, " -S <separator> the line separator to print between packets\n"); fprintf(output, " -x add output of hex and ASCII dump (Packet Bytes)\n"); fprintf(output, " -T pdml|ps|psml|text|fields\n"); fprintf(output, " format of text output (def: text)\n"); @@ -845,7 +849,7 @@ main(int argc, char *argv[]) #define OPTSTRING_I "" #endif -#define OPTSTRING "a:b:" OPTSTRING_B "c:C:d:De:E:f:F:G:hH:i:" OPTSTRING_I "K:lLnN:o:O:pPqr:R:s:St:T:u:vVw:W:xX:y:z:" +#define OPTSTRING "2a:A:b:" OPTSTRING_B "c:C:d:De:E:f:F:G:hH:i:" OPTSTRING_I "K:lLnN:o:O:pPqr:R:s:S:t:T:u:vVw:W:xX:y:z:" static const char optstring[] = OPTSTRING; @@ -1074,6 +1078,9 @@ main(int argc, char *argv[]) /* Now get our args */ while ((opt = getopt(argc, argv, optstring)) != -1) { switch (opt) { + case '2': /* Perform two pass analysis */ + perform_two_pass_analysis = TRUE; + break; case 'a': /* autostop criteria */ case 'b': /* Ringbuffer option */ case 'c': /* Capture x packets */ @@ -1196,9 +1203,6 @@ main(int argc, char *argv[]) arg_error = TRUE; #endif break; - case 'P': /* Perform two pass analysis */ - perform_two_pass_analysis = TRUE; - break; case 'n': /* No name resolution */ gbl_resolv_flags = RESOLV_NONE; break; @@ -1243,9 +1247,12 @@ main(int argc, char *argv[]) case 'R': /* Read file filter */ rfilter = optarg; break; - case 'S': /* show packets in real time */ + case 'P': /* Print packets even when writing to a file */ print_packet_info = TRUE; break; + case 'S': /* Set the line Separator to be printed between packets */ + separator = strdup(optarg); + break; case 't': /* Time stamp type */ if (strcmp(optarg, "r") == 0) timestamp_set_type(TS_RELATIVE); @@ -3325,7 +3332,7 @@ print_packet(capture_file *cf, epan_dissect_t *edt) /* "print_hex_data()" will put out a leading blank line, as well as a trailing one; print one here, to separate the packets, only if "print_hex_data()" won't be called. */ - if (!print_line(print_stream, 0, "")) + if (!print_line(print_stream, 0, separator)) return FALSE; } break; |