| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
| |
link-layer print routines if no other print routine claimed the packet.
Test whether that flag is set rather than testing whether neither of -x
or -q were specified, and have -x, -q, *and* -X set that flag, so that
-X suppresses it just as -x does. That way you don't get those pckets
dumped twice if -X was specified.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
output. Have "hex_and_ascii_print_with_offset()" and
"hex_and_ascii_print()" to the "-X"-style offset, leaving
"hex_print_with_offset()" and "hex_print()" doing the "-x"-style output.
Don't have any of them check "xflag", "Xflag", or "Aflag" - they print
what they're intended to print, and the caller should check the flags in
question.
Don't have "-A" set "xflag" or "Xflag".
This cleans up some problems with "-A" printing hex informatioin - it's
not supposed to.
|
| |
|
|
|
|
|
|
|
|
|
| |
and using ftell(); that won't necessarily work on Windows (if libpcap
was built with a different version of the C runtime library than tcpdump
is), and, even on UN*X, would break if a pcap_dumper_t * were ever made
something other than a FILE *.
Provide a pcap_dump_ftell() implementation that does that cheating cast
for use if libpcap doesn't have it (a pcap_dumper_t * is just a FILE *
on those older versions of libpcap).
|
| |
|
|
| |
boundary checking when parsing the juniper headers
|
| |
|
|
|
| |
replace the JUNIPER_ enums with real DLT_JUNIPER types
(does this break environments where an old libpcap is present ?)
|
| | |
|
| | |
|
| |
|
|
| |
taken on the Link-Service (LS) and Multi-Link (ML) PICs
|
| |
|
|
| |
captured on Juniper ML-PIC and LS-PIC cards
|
| |
|
|
|
|
|
|
|
|
| |
an "ndo_default_print_unaligned" member of the "netdissect_options"
structure.
There is, however, a need for an "ndo_default_print" routine, which
takes a "netdissect_options *" as its first argument, to initialize the
"ndo_default_print" member of that structure, as "ND_DEFAULTPRINT()"
uses it.
|
| |
|
|
|
|
| |
to be a global supplied by the application using it. In tcpdump, "-d"
is a specialized flag, and doesn't apply to packet dissection, so it
doesn't belong in the netdissect structure - make it a global again.
|
| | |
|
| |
|
|
| |
"-X" so that "-x" prints only hex, not hex and ASCII.
|
| | |
|
| |
|
|
|
| |
Define "ndo_error()" and "ndo_warning()" as static, to match their
forward declarations.
|
| |
|
|
| |
Fix up the usage message.
|
| |
|
|
|
|
|
|
| |
tflag values correspond to what output formats (e.g., 4 means "-tttt").
Switch on the tflag value to determine whether to call "gmt2local()" to
set "thiszone", just as we switch on it to determine the format for time
stamps, to make it more obvious in what cases we call it.
|
| |
|
|
| |
the time zone offset, so get it with "gmt2local()" if "tflag" is -3.
|
| |
|
|
|
|
|
|
|
|
| |
platforms, they're "unsigned long"; use "%lu" to print "pw_uid" and
"pw_gid", and cast them to "unsigned long" for the benefit of platforms
where they're not "unsigned long".
When chrooting and giving up privileges, if a call fails, use
"pcap_strerror()" to report the reason why it failed. Add "tcpdump:" to
those error messages.
|
| |
|
|
|
|
|
| |
adapter name correctly on win32.
Modified some code so that windump retrieves the winpcap lib version
with "pcap_lib_version()" on win32.
Upgraded the Wpcap_version string to 3.1.
|
| |
|
|
|
| |
replace error() and warning() with ndo-ized version.
moved snaplen/snapend to ndo structure.
|
| | |
|
| |
|
|
|
|
|
| |
error.
Check for pcap_if_t in <pcap.h> if we have pcap_findalldevs; MacOS X
10.3.3 ships a newer libpcap which has pcap_findalldevs but an older
pcap.h which doesn't have a pcap_if_t.
|
| |
|
|
| |
TCP-MD5 (RFC 2385) digest verification if we have libcrypto.
|
| |
|
|
| |
compilation of tcpdump.c.
|
| | |
|
| |
|
|
|
| |
firewall/Symantec Enterprise Firewall. Thanks, Axent/Symantec, for not
asking us for a DLT_ value and not telling us about the link-layer type.
|
| |
|
|
| |
- only droproot() if we are root
|
| |
|
|
|
| |
- add compile time option WITH_CHROOT
- chroot() when dropping privileges
|
| |
|
|
|
| |
-drop root privileges earlier
-restore the old -Z behaviour
|
| |
|
|
| |
make it non-static.
|
| |
|
|
| |
characters).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
|
| |
|
|
|
| |
add a compile time option --with-user=USERNAME that
drops privileges by default to USERNAME
|
| |
|
|
| |
add infrastructure for dropping root privileges
|
| | |
|
| |
|
|
|
|
|
|
| |
When saving to a file with "-w", have the "-v" flag make tcpdump
report, every 10 seconds, the number of packets captured.
Include <smi.h> if we're building with libsmi, to declare
"smiInit()" and "smiLoadModule()".
|
| |
|
|
| |
fall through to the "-O" case.
|
| |
|
|
|
|
|
|
| |
- call always into print_ascii() b/c just hexdump data
is uninteresting; hex-offsets plus ascii representation
is what most people are looking for
- remove default_print_unaligned() as it is now obsolete
|
| |
|
|
| |
stdout, so only output for packets goes to stdout.
|
| |
|
|
|
|
|
|
| |
isn't always very suggestive - for example, somebody might think
"EN10MB" is always 10 MB/s, and might not know that "IEEE802" is Token
Ring), using "pcap_datalink_val_to_description()". Supply our own
"pcap_datalink_val_to_description()" if libpcap doesn't have it (even if
it has "pcap_datalink_name_to_val()").
|
| |
|
|
|
| |
Fix the timeout in the "pcap_open_live()" call - I accidentally checked
in a larger value I was using while testing pcap_breakloop().
|
| |
|
|
|
|
|
|
|
|
| |
appropriately, and that GNUmakefile and the MSVC++ project file define
it apppriately, as we do with libpcap, rather than defining it in
"interface.h".
Undo the rcsid-shuffling and addition of extra #includes, as we no
longer need to arrange that "interface.h" be included before using _U_
in an RCS ID or copyright.
|
| |
|
|
|
|
|
|
|
|
|
| |
use "_U_" in the definitions of "rcsid[]", to eliminate
complaints about those variables being unused;
move the definitions after the include of "interface.h", or add
an include of "interface.h", so that "_U_" is defined.
Include "config.h" before including "tcpdump-stdinc.h" in
"missing/datalinks.c".
|
| |
|
|
|
|
|
|
|
|
|
| |
safer way to terminate "pcap_loop()" in a signal handler (it just sets a
flag, it doesn't muck with data structures that might have been in the
middle of being updated).
Have "setsignal()" not request SA_RESTART, so that if we call
"pcap_breakloop()" in a signal handler and then return, we don't restart
a call that was waiting for captured packets, we just make that call
EINTR out.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
processed - people often get confused by the "received by filter" count,
as they might not realize that, in some systems, it counts packets that
were handed to the filter mechanism regardless of whether they pass or,
if they pass, they have yet been read by the application and, on some
other systems, it counts packets that passed the filter but still counts
them in the kernel before they're read by the application.
They're probably mostly interested in the count of packets processed by
tcpdump; the "received by filter" count is probably of interest only if
you want to know how effective your filter is (and even then it's of
interest only if it counts packets handed to the filter rather than
packets that passed the filter).
Give more details on why the "received by filter" count doesn't
necessarily mean what you think it means.
|
| |
|
|
|
|
| |
that obtains the Windows OS version, was never used: avoid to call it.
Removed the call to PrinCapBegins in w32_fzs.c.
|
| | |
|
| | |
|
