summaryrefslogtreecommitdiff
path: root/tcpdump.c
Commit message (Collapse)AuthorAgeFilesLines
* Don't run past the snapshot length when doing hex/ASCII dumps.Guy Harris2015-01-061-0/+5
|
* Fix plurals in packet count messages.Guy Harris2011-03-081-5/+8
| | | | | | | | Based on a patch from cr4ckn@sourceforge.net, but with a macro PLURAL_SUFFIX() defined to return either "s" or "" (rather than possibly printing a NUL character with %c), and with that macro used in a couple of cases where the equivalent had been done by hand, and with one case the patch missed fixed as well.
* Add support for nommu systems.Guy Harris2010-11-301-7/+18
| | | | | | | | | | | | | Rather than hardcode the WIN32 define, add proper fork checks to the configure script and check those. This fixes building for nommu systems which lack the fork function. While we're here though, add support for this functionality via vfork so that it does work on nommu systems. And fix an old bug where we exit properly in the forked child when the exec failed instead of just returning to the calling code (which isn't expecting it). Reviewed-By: Guy Harris <guy@alum.mit.edu>
* Switch user ID/root directory with -Z before opening savefiles for output.Paul Ferrell2010-11-061-10/+25
| | | | | | | | | | In addition to Paul's change, I added a comment explaining why we do this, and explaining that doing so after opening the first savefile doesn't help with subsequent savefiles, so you'll have to come up with a better fix if you want the savefiles opened by the original UID or outside the chroot. Reviewed-By: Guy Harris <guy@alum.mit.edu>
* Document -j and -J. List -h in the usage message.Guy Harris2010-08-231-1/+1
|
* Print a -L-like header for -J.Guy Harris2010-08-221-0/+7
|
* Add support for setting the time stamp type for a capture.Guy Harris2010-08-221-11/+76
| | | | | | Based on a patch from Scott Mcmillan <scott.a.mcmillan@intel.com>. While we're at it, make some error messages a bit less geeky.
* If -U is specified, flush the file after creating it, so it's not zero-length.Romain Francoise2010-06-051-0/+4
| | | | | | | | | | Reading from a capture file that has not yet received any packets fails with "truncated dump file"; to avoid this, flush the file (forcing the pcap header out) immediately after opening it. (Added Romain to the credits.) Reviewed-By: Guy Harris <guy@alum.mit.edu>
* Add a -h flag, and only attempt to recognize 802.11s mesh headers if it's set.Guy Harris2010-05-271-1/+5
| | | | | | | | | | | | | | | | | I give up. I have no access to the 802.11s drafts, I can't find anything that suggests whether a heuristic check for an 802.11s header should check for To DS and From DS both being set or either being set or unset, or whether it should check for a QoS frame type (the examples in all the documentation I can find have To DS and From DS set, and have a QoS field, in the 802.11 header, but that might just be an example 802.11 header showing all the fields), so I'm just adding a -h command-line flag; you need to specify it to get tcpdump to try to guess whether a frame has a mesh header or not. I'll leave it up to somebody else to figure out what the best heuristic for detecting the presence of mesh headers is (note that tcpdump and Wireshark have different heuristics, both of which can probably get false positives, especially with encrypted frames where the first payload byte just *happens* not to have any of the reserved bits in the mesh header flags set).
* When printing the link-layer type list, send *all* output to stderr.Guy Harris2010-05-071-1/+1
|
* tcpdump.c: mark several variables as staticKovarththanan Rajaratnam2010-02-201-3/+3
|
* Recognize -b as a flag.Guy Harris2010-02-081-1/+2
|
* Mention the b flag in the usage message.Guy Harris2010-02-081-1/+1
|
* Handle the 48-byte and 64-byte Linux USB headers differently; for now,Guy Harris2010-01-251-6/+8
| | | | the difference isn't major, but it might be more important later.
* raw_if_print() isn't yet a new-style print routine.Guy Harris2010-01-101-6/+6
|
* This commit makes ipnet_if_print the first NDO aware top-levelMichael Richardson2010-01-101-18/+47
|\ | | | | | | | | | | | | | | printer. Merge commit 'origin/master' Conflicts: netdissect.h
| * Add support for DLT_IPV4 and DLT_IPV6.Guy Harris2010-01-041-14/+20
| | | | | | | | While we're at it, clean up some whitespace.
| * When printing a list of link-layer types for -L, give the name of theGuy Harris2009-12-011-4/+27
| | | | | | | | | | | | | | | | | | | | | | | | device for which they're being reported, so if no -i flag was given people don't think it's something such as the union of of all link-layer types supported by all devices, and, if we can determine whether the device supports monitor mode (with libpcap 1.0.0 and later), indicate whether the link-layer types are the ones supported when not in monitor mode (if -I wasn't specified) or when in monitor mode (if -I was specified), so people don't wonder why some types aren't available (as some are available only in monitor mode, and others are available only when not in monitor mode, on some platforms).
* | make new list of printers that take ndo argument, and use it as appropriateMichael Richardson2010-01-101-13/+56
|/
* The patches attached to this email are required to get a fully working tcpdumpDarren Reed2009-11-241-0/+3
| | | | | | | | | | | | | | | | | | | | on OpenSolaris, or Solaris Express Community Edition, build 125 and later. The attached patch introduces support for printing out the IPNET headers used for packet capture inside of zones that share their networking with the global zone and for packets "transmitted" between zones. tcpdump 4.0.0 will ship with builds 129 and later of OpenSolaris/SXCE and when run as root with the '-L' option, should behave as below to indicate that the system is fully functional: Data link types (use option -y to set): DOCSIS (DOCSIS) (printing not supported) IPNET (Solaris IPNET) EN10MB (Ethernet) Cheers, Darren
* Report ps_ifdrop if it's non-zero.Guy Harris2009-09-071-1/+15
|
* From Karl Norby: print the unsigned packet statistics with %u, not %d.Guy Harris2009-07-311-2/+2
|
* execlp() is a varargs function, so if NULL is defined as 0, the compilerGuy Harris2009-06-091-1/+1
| | | | | doesn't know that it needs to be converted to a null pointer constant; add an explicit cast.
* Based on a fix from Miroslav Lichvar: don't crash with "-i <num>" ifGuy Harris2009-04-281-5/+11
| | | | there are no interfaces available.
* From Robert Edmonds: free the string that contains the filter as soon asGuy Harris2009-04-181-0/+1
| | | | we're done with it.
* From Bert Vermeulen: add a USB printer, and fix the error messageGuy Harris2009-04-041-2/+8
| | | | | | | printed when trying to print packets for a DLT_ for which we don't have a printer to indicate that you can still save to a capture file in that case. (Slightly changed not to require DLT_USB_LINUX_MMAPPED to be defined, for older libpcaps that only define DLT_USB_LINUX.)
* Make the default snapshot length the maximum; add a #define for theGuy Harris2009-03-051-2/+2
| | | | | | | | maximum. Get rid of redundant definition of DEFAULT_SNAPLEN in interface.h. Update the documentation.
* from Anantharamu Suryanarayana: add 4-byte AS support to the BGP printerHannes Gredler2009-01-201-0/+3
|
* We support building tcpdump with versions of libpcap other than the oneguy2008-09-251-2/+2
| | | | | | | | | | | | | | with which it was released, and DLT_BLUETOOTH_HCI_H4_WITH_PHDR might be defined by pcap-bpf.h without pcap/bluetooth.h being present (as appears to be the case on Fedora 9, for example), so check whether <pcap/bluetooth.h> is usable. Update a comment - F9 appears to have a "/usr/include/pcap.h" if you install the libpcap headers. When adding -I flags when running a compiler-based test, add them to CPPFLAGS, not CFLAGS - the latter doesn't work right with AC_CHECK_HEADERS, as the "gcc -E" run doesn't have the -I flags added.
* add infrastructure for verifiying the HMAC-MD5 digest in routing protocols.hannes2008-08-161-2/+2
| | | | | | | The shared secret is passed using the already existing -M option which is used for TCP-MD5 checking. add initial supoort for RSVP Integrity object verification.
* pcap_errtostr() was renamed pcap_statustostr().guy2008-04-091-9/+28
| | | | | pcap_activate() can return positive values as warnings, not just 0, on success; log warnings in those cases.
* If we get PCAP_ERROR_NO_SUCH_DEVICE or PCAP_ERROR_PERM_DENIED fromguy2008-04-091-2/+8
| | | | | | | | | pcap_activate(), and there's a non-null error string returned by pcap_geterr(), print it as part of the error message, as it might contain information useful when debugging the problem. If we get PCAP_ERROR, just print the error string from pcap_geterr(), not the device name, as the error string will contain the device name.
* Use the new pcap_errtostr() routine, rather than pcap_strerror(), to mapguy2008-04-061-8/+8
| | | | | PCAP_ERROR_ statuses to strings, as pcap_strerror() no longer does that. Also, fix up one error message to include the capture device name.
* Get rid of some debugging code.guy2008-04-041-10/+1
|
* Use the new libpcap API's if available; that means we can support "-B"guy2008-04-041-19/+77
| | | | | on all platforms in that case. Also, add a "-I" flag to turn on monitor mode.
* Say "printing not supported", not just "not supported", for DLT_ valuesguy2008-01-291-3/+3
| | | | | | | for which we don't have a print routine; you *can* use tcpdump to capture traffic with those DLT_ values, as long as you use "-w" so that we don't interpret the contents of the packet, we just blindly write the raw packet data to the capture file.
* Support DLT_IEEE802_11_RADIO_AVS.guy2007-12-201-1/+4
| | | | Update a comment (we now parse the radiotap header).
* ..and don't bother trying to get statistics if we're reading from aguy2007-11-211-2/+7
| | | | | capture file rather than capturing (statistics aren't supported by libpcap when reading from a capture file).
* From Max Laier (via Giorgos Keramidas?): clear "infoprint" ifguy2007-11-211-1/+2
| | | | | pcap_stats() fails, so we don't keep attempting to get statistics and failing.
* Added a temporary "not implemented" version of compress_savefile forgianluca2007-10-131-4/+20
| | | | Windows.
* From Paolo Abeni: print some basic Bluetooth information.guy2007-09-241-1/+4
| | | | | Update CREDITS, FILES, and INSTALL appropriately; clean up changes to Makefile.in to keep the file names in order.
* From Max Laier: check whether the system has <net/pfvar.h> and:guy2007-09-121-2/+2
| | | | | | | | | | | if it does, use that for the pf definitions; if it doesn't, don't compile in pf support; as both OpenBSD and FreeBSD have changed the pf definitions and header format without changing the DLT value, so you can't reliably read pflog-format libpcap files on a machine running an OS version other than the one on which the file was generated.
* From Ben Byer <bushing@sourceforge.net>: add a "-K" flag to suppress theguy2006-05-051-9/+13
| | | | | | checking of TCP checksums. Sort the argument processing code alphabetically.
* from Sebastien Raveau <sebastien.raveau@epita.fr>hannes2006-03-231-23/+79
| | | | | | | add support for the the post-rotate -z flag (to be used in conjunction with -C or -G) which can be used to specify a command tcpdump should execute on each savefile after it's been rotated for example to compress a capture file.
* move the crc10 verification to a new file checksum.c (will add other ↵hannes2006-02-091-1/+2
| | | | checksumming routines later to this file), init shred checksumming tables with init_checksum(), assume network byte order for tag correlation ID in the ATM OAM cell printer
* add support for FRF.16 Multilink Frame-Relay (DLT_MFR)hannes2005-12-131-1/+4
|
* - add the -ttttt timestamp option which prints the time differencehannes2005-12-131-2/+3
| | | | | | (in micro-second resolution) between the first and current packet. - cleanup the the ts_print code a bit -> add a ts_format helper
* We don't need gettimeofday() to just get seconds since January 1, 1970,guy2005-12-051-68/+73
| | | | | | | | midnight GMT; just use time(). We also don't need to flush the standard error right before exiting. Clean up white space.
* from Will Drewry <will AT alum.bu.edu>hannes2005-10-251-1/+3
| | | | fix memleak by freeing the rotated files accordingly
* from Will Drewry <will AT alum.bu.edu>hannes2005-10-201-22/+115
| | | | auto-rotate files after some times given with the G flag;
View Lorry Controller Status