| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
addresses, and has been for a lot of years.
|
| |
|
|
|
|
| |
that if tcpdump is being piped to some other program, and that program
exits before tcpdump does, tcpdump will cleanly exit, so that libpcap
can cleanly close devices (such as Endace's DAG cards).
|
| |
|
|
|
| |
Check whether we succeeded in opening a capture file before we report
the link-layer type of the capture file.
|
| | |
|
| | |
|
| |
|
|
| |
decoding as TFTP.
|
| |
|
|
|
| |
DLT_PPP_BSDOS - don't assume they're defined, check whether they're
defined before using them.
|
| | |
|
| |
|
|
| |
just print it as is, don't prefix it with "libpcap version".
|
| |
|
|
| |
available in the libpcap we're using.
|
| |
|
|
|
|
| |
DLT_ARCNET_LINUX.
Also handle IPX-over-ARCNET.
|
| | |
|
| |
|
|
| |
specified, as, in that case, there's no output to make more verbose.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
- display snaplen
- indicate that detailed decodes are hidden under the -v and -vv hood
this should adress some of the first problems that are frequently encountered
by people that start to learn and play with tcpdump;
|
| |
|
|
|
|
|
|
|
|
| |
has "pcap_dump_flush()".
The WinDump makefiles define HAVE_PCAP_FINDALLDEVS, and will be changed
to define HAVE_PCAP_DUMP_FLUSH, so use thos, rather than Win32, to check
whether WinPcap has "pcap_findalldevs()" or "pcap_dump_flush()", so
people can tweak the appropriate makefile if building WinDump with an
older version of WinPcap lacking one or both of those routines.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the output stream for "-w" to be flushed after each packet is dumped.
Add checks for "pcap_dump_flush()", and only enable the "-U" flag if
it's present. Clean up the handling of the "getopt()" argument and the
usage message to get rid of the pile of #ifdefs.
Add documentation for the "-L" and "-y" flags.
Tweak the description of "-r" to properly format "-w" in the text.
|
| |
|
|
|
|
| |
tcpdump.c. Have if_print routines return the length of the link-layer
header, so that the common code knows how to skip the link-layer header
when printing the packet in hex/ASCII.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to:
use "-y" rather than "-D" to set the link type ("-D" was already
taken);
use libpcap APIs to map between data link type names and values;
supply stub versions of missing-but-needed libpcap APIs.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
|
| |
|
|
|
|
|
|
| |
Have "-xx" and "-XX" cause the link-level header to be dumped; don't
make "-e" affect that at all, as the fact that "-x" doesn't dump the
link-level header was documented, with no mention of "-e", at least as
far back as tcpdump 3.4, and scripts might depend on that working even
with "-e".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
beginning of the raw packet data, the captured length of the raw packet
data, and the length of the link-layer header, and:
if "-e" was specified, prints all the raw packet data;
if "-e" was not specified, prints all the raw packet data past
the link-layer header, if there is any.
Use that routine in all the "xxx_if_print()" routines if "-x" was
specified.
Make "arcnet_encap_print()" static - it's not used outside
"print-arcnet.c".
Add missing info printing code to "atm_if_print()".
Print the packet data in "lane_if_print()", not in "lane_print()", as
"lane_print()" can be called from other "xxx_if_print()" routines, and
those routines will also print the packet data if "-x" was specified -
no need to print it twice.
|
| | |
|
| |
|
|
| |
to a file, not just when you're printing dissected packets.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unused-parameter problems reported by GCC. Add an _U_ tag to label
parameters as unused if the function is called through a pointer (so
that you can't change its signature by removing parameters) or if there
are unused parameters only because the function isn't complete.
Add some additional bounds checks the necessity for which was revealed
while cleaning up unused-parameter problems.
Make some routines static.
"lcp_print()", defined in "print-lcp.c", isn't called anywhere -
"print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
|
| |
|
|
|
|
|
|
|
|
| |
the libpcap that comes with some platforms doesn't define it.
Check for "pcap_debug" and "yydebug" in libpcap in the configure
scripts, so that whichever one is present (which might depend on whether
libpcap was built with standard YACC or Berkeley YACC/Bison), if any is
present, will be used by the "-Y" flag (if none is present, "-Y" won't
be supported).
|
| |
|
|
| |
needed with recent versions of WinPcap.
|
| |
|
|
|
|
|
|
|
|
| |
and "-R" back into the usage strings.
We might as well do the "pcap_close()" call before exiting when "-d"
is used on UNIX as well as Windows.
Put in a comment about an official API for getting a libpcap version
string.
|
| |
|
|
| |
we don't have "pcap_findalldevs()".
|
| |
|
|
|
|
|
| |
only use it if we find it.
Define DHAVE_PCAP_FINDALLDEVS in the Windows GNU Makefile and project
file, as WinPcap has "pcap_findalldevs()".
|
| | |
|
| |
|
|
| |
University.
|
| |
|
|
|
| |
Make the code to print a SNAP-encapsulated packet a separate routine,
for use by the Frame Relay code.
|
| | |
|
| |
|
|
| |
error, report statistics and clean up first.
|
| |
|
|
| |
<jth@jth.net>.
|
| |
|
|
|
| |
"print-pflog.c", originally written by Niels Provos
<provos@openbsd.org>.
|
| |
|
|
|
| |
specified number of packets has been captured, report the statistics of
packets "received by filter" and "dropped by kernel".
|
| | |
|
| | |
|
| |
|
|
| |
capture file was successfully created/opened, and fail if it wasn't.
|
| |
|
|
|
| |
just directly call "pcap_dump()". This means "dump_and_trunc()" no
longer needs to check whether the "-C" flag was specified.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"pcap-dump-trunc.c".
Don't make the variables "dump_and_trunc()" manipulates external or even
static; fill in a structure with their values and pass a pointer to that
structure to "dump_and_trunc()". "dump_and_trunc()" will update the
"pcap_dumper_t" pointer in that structure if it rotates capture files,
so that the next call to "dump_and_trunc()" will supply the updated
pointer (the previous code was just opening a new capture, but not
updating the variable passed to "dump_and_trunc()").
Instead of duplicating an old version of the "pcap_dump()" code (a
version that didn't write out time stamps as 32-bit seconds and
microsecond values on platforms where the fields in a "struct timeval"
are 64-bit) in "dump_and_trunc()", just call "pcap_dump()" from
"dump_and_trunc()".
|
| | |
|
| |
|
|
|
| |
The rest of the low-level print-*.c handlers need the infodelay
wrapping too.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Martin Husemann <martin@netbsd.org>.
Clean up PPPoE dissector - get rid of unused variable, and have it just
use its first argument as a pointer to the PPPoE packet (which may also
make it work if, for example, you have PPPoE packets wrapped inside VLAN
headers).
|
| | |
|
| | |
|
