Age | Commit message (Collapse) | Author | Files | Lines |
|
actually knows how to use it could elaborate?
svn path=/trunk/; revision=45769
|
|
http://www.wireshark.org/lists/wireshark-users/201206/msg00025.html, add support for being able to specify a numeric range as the <selector> part of tshark's -d <layer type>==<selector>,<decode-as protocol> option.
svn path=/trunk/; revision=45734
|
|
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
|
|
svn path=/trunk/; revision=43371
|
|
svn path=/trunk/; revision=41657
|
|
prevents OutOfMemory exceptions from being thrown. This makes it easier
to debug such conditions.
Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice
to see the friendly out-of-memory error message in the bug reports the
latter script generates.
svn path=/trunk/; revision=41656
|
|
svn path=/trunk/; revision=41560
|
|
with https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6684
svn path=/trunk/; revision=41212
|
|
was pointed out by Markus Amend on -users.
Reference: http://article.gmane.org/gmane.network.wireshark.user/14477
(BTW, I quickly scanned through tap-iousers.c:iousers_draw() and the sorting seems to be very inefficient.)
svn path=/trunk/; revision=40911
|
|
Refer to pcap-filter and mention tcpdump only as a fallback.
svn path=/trunk/; revision=40820
|
|
svn path=/trunk/; revision=40050
|
|
level to report as well as a filter. Also, now show duplicate reports only once, and give the frequency rather than the frame number.
svn path=/trunk/; revision=40049
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6377, with the tshark man page update by me: tshark -z io,stat,interval,"[SUM|MIN|MAX|AVG](field)field [and filter]" should support floating point.
svn path=/trunk/; revision=39767
|
|
do the user a favor and continue as if -V had been specified. Add explicit documentation of the -O <protocols> option to the man page.
svn path=/trunk/; revision=39175
|
|
separator between packets. The option chosen was "-S <separator>". The former -S option was renamed to -P, and the former -P option, which was previously undocumented, was renamed to -2. This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5342.
svn path=/trunk/; revision=39168
|
|
svn path=/trunk/; revision=39092
|
|
svn path=/trunk/; revision=39091
|
|
svn path=/trunk/; revision=39010
|
|
svn path=/trunk/; revision=39009
|
|
svn path=/trunk/; revision=38019
|
|
svn path=/trunk/; revision=38016
|
|
the capturing on multiple interfaces.
svn path=/trunk/; revision=37824
|
|
svn path=/trunk/; revision=37587
|
|
1.) The resolution of the time values displayed by tshark's "-z io,stat, ..."
should be increased from milliseconds to microseconds (from 3 to 6 decimal
places) in order to be consistent with -z relative time-related options such as
"-z smb,rtt" and "-z rpc,rtt" which display values to 5 decimal places.
[Please note that separate enhancement requests for 6 decimal of precision in
Wireshark will be submitted shortly.)
2.) The "frames bytes" column displayed in '-z io,stat' is too narrow, frames
and bytes should each have 15 spaces like all the other column types.
3.) The types "FRAMES" and "BYTES" should be added to allow users to display
these values separately and allow for filters to be specified.
4.) The 'SUM' option should allow for relative time values such as SRTs to be
summed. This would be useful for the calculation of such things as
request concurrency (total_SRT_time / duration).
5.) The tshark man page needs some corrections and readability improvements
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4915
svn path=/trunk/; revision=37555
|
|
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
svn path=/trunk/; revision=36947
|
|
svn path=/trunk/; revision=36582
|
|
TODO: Add a Wireshark tap or look into possibly using the stats tree instead.
Also, like ICMP, the ICMPv6 payload appears to carry the sender's timestamp, so
it might be possible to make use of this information to estimate the total SRT.
(See bug 5770 for more details.)
svn path=/trunk/; revision=36561
|
|
standard deviation. Split statistics output onto 2 lines.
svn path=/trunk/; revision=36501
|
|
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
|
|
svn path=/trunk/; revision=36372
|
|
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
|
|
Change RTT references to SRT.
(tshark.pod could use a description for -z afp,srt and -z camel,srt)
svn path=/trunk/; revision=36297
|
|
svn path=/trunk/; revision=35038
|
|
svn path=/trunk/; revision=34815
|
|
svn path=/trunk/; revision=34590
|
|
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given
pointer is ep_ or se_ allocated, respectively.
Turn the behavior off by default for speed reasons (the speed difference isn't
huge, but...).
Turn the behavior on when fuzz testing.
Document these two new variables in the man pages.
svn path=/trunk/; revision=34046
|
|
(when using tshark -T fields)
svn path=/trunk/; revision=33529
|
|
svn path=/trunk/; revision=33527
|
|
The attached patch simply documents a long supported but hidden tshark -G
option.
Tshark's print_usage() has been augmented as well as the tshark man page.
svn path=/trunk/; revision=33253
|
|
about using large numbers of files.
svn path=/trunk/; revision=32999
|
|
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
|
|
svn path=/trunk/; revision=32707
|
|
svn path=/trunk/; revision=32704
|
|
program the man page describes, and give a bit more detail.
svn path=/trunk/; revision=32458
|
|
WIRESHARK_ABORT_ON_DISSECTOR_BUG
svn path=/trunk/; revision=32457
|
|
use any of the Wireshark "personal" files.
This helps to address the complaint in:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2904
svn path=/trunk/; revision=32452
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2132
Point to the Wiki's page on capture filter syntax in case neither libpcap's
nor tcpdump's man pages are available (e.g., on Windows).
svn path=/trunk/; revision=32435
|
|
tap-diameter-avp.patch:
- make diameter.cmd_code configurable rather than hard coded in
- more fields in the output
- documetation/man pages + usage examples
- switch option parser from stdlib to glib to avoid troubles with M$ c++
diameter-dict.patch
remove strage spaces in the AVP names.
svn path=/trunk/; revision=32294
|
|
to be set.
Clarify that each "-b" criterion needs the "-b" option (see bug 4573).
Fix a couple of typos.
svn path=/trunk/; revision=32245
|
|
operation
svn path=/trunk/; revision=31973
|