| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
PCAP_ERROR_ statuses to strings, as pcap_strerror() no longer does that.
Also, fix up one error message to include the capture device name.
|
| | |
|
| |
|
|
|
| |
on all platforms in that case. Also, add a "-I" flag to turn on monitor
mode.
|
| |
|
|
|
|
|
| |
for which we don't have a print routine; you *can* use tcpdump to
capture traffic with those DLT_ values, as long as you use "-w" so that
we don't interpret the contents of the packet, we just blindly write the
raw packet data to the capture file.
|
| |
|
|
| |
Update a comment (we now parse the radiotap header).
|
| |
|
|
|
| |
capture file rather than capturing (statistics aren't supported by
libpcap when reading from a capture file).
|
| |
|
|
|
| |
pcap_stats() fails, so we don't keep attempting to get statistics and
failing.
|
| |
|
|
| |
Windows.
|
| |
|
|
|
| |
Update CREDITS, FILES, and INSTALL appropriately; clean up changes to
Makefile.in to keep the file names in order.
|
| |
|
|
|
|
|
|
|
|
|
| |
if it does, use that for the pf definitions;
if it doesn't, don't compile in pf support;
as both OpenBSD and FreeBSD have changed the pf definitions and header
format without changing the DLT value, so you can't reliably read
pflog-format libpcap files on a machine running an OS version other than
the one on which the file was generated.
|
| |
|
|
|
|
| |
checking of TCP checksums.
Sort the argument processing code alphabetically.
|
| |
|
|
|
|
|
| |
add support for the the post-rotate -z flag (to be used in
conjunction with -C or -G) which can be used to specify a command tcpdump
should execute on each savefile after it's been rotated
for example to compress a capture file.
|
| |
|
|
| |
checksumming routines later to this file), init shred checksumming tables with init_checksum(), assume network byte order for tag correlation ID in the ATM OAM cell printer
|
| | |
|
| |
|
|
|
|
| |
(in micro-second resolution) between the first and current packet.
- cleanup the the ts_print code a bit -> add a ts_format helper
|
| |
|
|
|
|
|
|
| |
midnight GMT; just use time().
We also don't need to flush the standard error right before exiting.
Clean up white space.
|
| |
|
|
| |
fix memleak by freeing the rotated files accordingly
|
| |
|
|
| |
auto-rotate files after some times given with the G flag;
|
| | |
|
| |
|
|
|
|
|
|
| |
link-layer print routines if no other print routine claimed the packet.
Test whether that flag is set rather than testing whether neither of -x
or -q were specified, and have -x, -q, *and* -X set that flag, so that
-X suppresses it just as -x does. That way you don't get those pckets
dumped twice if -X was specified.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
output. Have "hex_and_ascii_print_with_offset()" and
"hex_and_ascii_print()" to the "-X"-style offset, leaving
"hex_print_with_offset()" and "hex_print()" doing the "-x"-style output.
Don't have any of them check "xflag", "Xflag", or "Aflag" - they print
what they're intended to print, and the caller should check the flags in
question.
Don't have "-A" set "xflag" or "Xflag".
This cleans up some problems with "-A" printing hex informatioin - it's
not supposed to.
|
| |
|
|
|
|
|
|
|
|
|
| |
and using ftell(); that won't necessarily work on Windows (if libpcap
was built with a different version of the C runtime library than tcpdump
is), and, even on UN*X, would break if a pcap_dumper_t * were ever made
something other than a FILE *.
Provide a pcap_dump_ftell() implementation that does that cheating cast
for use if libpcap doesn't have it (a pcap_dumper_t * is just a FILE *
on those older versions of libpcap).
|
| |
|
|
| |
boundary checking when parsing the juniper headers
|
| |
|
|
|
| |
replace the JUNIPER_ enums with real DLT_JUNIPER types
(does this break environments where an old libpcap is present ?)
|
| | |
|
| | |
|
| |
|
|
| |
taken on the Link-Service (LS) and Multi-Link (ML) PICs
|
| |
|
|
| |
captured on Juniper ML-PIC and LS-PIC cards
|
| |
|
|
|
|
|
|
|
|
| |
an "ndo_default_print_unaligned" member of the "netdissect_options"
structure.
There is, however, a need for an "ndo_default_print" routine, which
takes a "netdissect_options *" as its first argument, to initialize the
"ndo_default_print" member of that structure, as "ND_DEFAULTPRINT()"
uses it.
|
| |
|
|
|
|
| |
to be a global supplied by the application using it. In tcpdump, "-d"
is a specialized flag, and doesn't apply to packet dissection, so it
doesn't belong in the netdissect structure - make it a global again.
|
| | |
|
| |
|
|
| |
"-X" so that "-x" prints only hex, not hex and ASCII.
|
| | |
|
| |
|
|
|
| |
Define "ndo_error()" and "ndo_warning()" as static, to match their
forward declarations.
|
| |
|
|
| |
Fix up the usage message.
|
| |
|
|
|
|
|
|
| |
tflag values correspond to what output formats (e.g., 4 means "-tttt").
Switch on the tflag value to determine whether to call "gmt2local()" to
set "thiszone", just as we switch on it to determine the format for time
stamps, to make it more obvious in what cases we call it.
|
| |
|
|
| |
the time zone offset, so get it with "gmt2local()" if "tflag" is -3.
|
| |
|
|
|
|
|
|
|
|
| |
platforms, they're "unsigned long"; use "%lu" to print "pw_uid" and
"pw_gid", and cast them to "unsigned long" for the benefit of platforms
where they're not "unsigned long".
When chrooting and giving up privileges, if a call fails, use
"pcap_strerror()" to report the reason why it failed. Add "tcpdump:" to
those error messages.
|
| |
|
|
|
|
|
| |
adapter name correctly on win32.
Modified some code so that windump retrieves the winpcap lib version
with "pcap_lib_version()" on win32.
Upgraded the Wpcap_version string to 3.1.
|
| |
|
|
|
| |
replace error() and warning() with ndo-ized version.
moved snaplen/snapend to ndo structure.
|
| | |
|
| |
|
|
|
|
|
| |
error.
Check for pcap_if_t in <pcap.h> if we have pcap_findalldevs; MacOS X
10.3.3 ships a newer libpcap which has pcap_findalldevs but an older
pcap.h which doesn't have a pcap_if_t.
|
| |
|
|
| |
TCP-MD5 (RFC 2385) digest verification if we have libcrypto.
|
| |
|
|
| |
compilation of tcpdump.c.
|
| | |
|
| |
|
|
|
| |
firewall/Symantec Enterprise Firewall. Thanks, Axent/Symantec, for not
asking us for a DLT_ value and not telling us about the link-layer type.
|
| |
|
|
| |
- only droproot() if we are root
|
| |
|
|
|
| |
- add compile time option WITH_CHROOT
- chroot() when dropping privileges
|
| |
|
|
|
| |
-drop root privileges earlier
-restore the old -Z behaviour
|
| |
|
|
| |
make it non-static.
|
