| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
"-X" so that "-x" prints only hex, not hex and ASCII.
|
| |
|
|
| |
the time zone offset, so get it with "gmt2local()" if "tflag" is -3.
|
| |
|
|
|
|
|
| |
adapter name correctly on win32.
Modified some code so that windump retrieves the winpcap lib version
with "pcap_lib_version()" on win32.
Upgraded the Wpcap_version string to 3.1.
|
| | |
|
| |
|
|
| |
buffer for the new output file name.
|
| |
|
|
|
|
|
|
|
| |
<chris@cogdon.org>: check whether the file number for "-C" is too large
to fit in the buffer we allocated for the file name.
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
|
| |
|
|
| |
fall through to the "-O" case.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- pass on ident string to ascii_print()
- pave the way for eliminating print_unknown_data()
and subsequent hex_print() replacement
- clean up the default_print() related functions:
- call always into print_ascii() b/c just hexdump data
is uninteresting; hex-offsets plus ascii representation
is what most people are looking for
- remove default_print_unaligned() as it is now obsolete
|
| |
|
|
| |
stdout, so only output for packets goes to stdout.
|
| |
|
|
|
|
|
|
| |
isn't always very suggestive - for example, somebody might think
"EN10MB" is always 10 MB/s, and might not know that "IEEE802" is Token
Ring), using "pcap_datalink_val_to_description()". Supply our own
"pcap_datalink_val_to_description()" if libpcap doesn't have it (even if
it has "pcap_datalink_name_to_val()").
|
| |
|
|
|
| |
Fix the timeout in the "pcap_open_live()" call - I accidentally checked
in a larger value I was using while testing pcap_breakloop().
|
| |
|
|
|
|
|
|
|
|
| |
appropriately, and that GNUmakefile and the MSVC++ project file define
it apppriately, as we do with libpcap, rather than defining it in
"interface.h".
Undo the rcsid-shuffling and addition of extra #includes, as we no
longer need to arrange that "interface.h" be included before using _U_
in an RCS ID or copyright.
|
| |
|
|
|
|
|
|
|
|
|
| |
use "_U_" in the definitions of "rcsid[]", to eliminate
complaints about those variables being unused;
move the definitions after the include of "interface.h", or add
an include of "interface.h", so that "_U_" is defined.
Include "config.h" before including "tcpdump-stdinc.h" in
"missing/datalinks.c".
|
| |
|
|
|
|
|
|
|
|
|
| |
use "_U_" in the definitions of "rcsid[]", to eliminate
complaints about those variables being unused;
move the definitions after the include of "interface.h", or add
an include of "interface.h", so that "_U_" is defined.
Include "config.h" before including "tcpdump-stdinc.h" in
"missing/datalinks.c".
|
| |
|
|
|
|
|
|
|
|
|
| |
safer way to terminate "pcap_loop()" in a signal handler (it just sets a
flag, it doesn't muck with data structures that might have been in the
middle of being updated).
Have "setsignal()" not request SA_RESTART, so that if we call
"pcap_breakloop()" in a signal handler and then return, we don't restart
a call that was waiting for captured packets, we just make that call
EINTR out.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
processed - people often get confused by the "received by filter" count,
as they might not realize that, in some systems, it counts packets that
were handed to the filter mechanism regardless of whether they pass or,
if they pass, they have yet been read by the application and, on some
other systems, it counts packets that passed the filter but still counts
them in the kernel before they're read by the application.
They're probably mostly interested in the count of packets processed by
tcpdump; the "received by filter" count is probably of interest only if
you want to know how effective your filter is (and even then it's of
interest only if it counts packets handed to the filter rather than
packets that passed the filter).
Give more details on why the "received by filter" count doesn't
necessarily mean what you think it means.
|
| |
|
|
|
|
| |
that obtains the Windows OS version, was never used: avoid to call it.
Removed the call to PrinCapBegins in w32_fzs.c.
|
| | |
|
| | |
|
| |
|
|
| |
addresses, and has been for a lot of years.
|
| |
|
|
|
|
| |
that if tcpdump is being piped to some other program, and that program
exits before tcpdump does, tcpdump will cleanly exit, so that libpcap
can cleanly close devices (such as Endace's DAG cards).
|
| |
|
|
|
| |
Check whether we succeeded in opening a capture file before we report
the link-layer type of the capture file.
|
| | |
|
| | |
|
| |
|
|
| |
decoding as TFTP.
|
| |
|
|
|
| |
DLT_PPP_BSDOS - don't assume they're defined, check whether they're
defined before using them.
|
| | |
|
| |
|
|
| |
just print it as is, don't prefix it with "libpcap version".
|
| |
|
|
| |
available in the libpcap we're using.
|
| |
|
|
|
|
| |
DLT_ARCNET_LINUX.
Also handle IPX-over-ARCNET.
|
| | |
|
| |
|
|
| |
specified, as, in that case, there's no output to make more verbose.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
- display snaplen
- indicate that detailed decodes are hidden under the -v and -vv hood
this should adress some of the first problems that are frequently encountered
by people that start to learn and play with tcpdump;
|
| |
|
|
|
|
|
|
|
|
| |
has "pcap_dump_flush()".
The WinDump makefiles define HAVE_PCAP_FINDALLDEVS, and will be changed
to define HAVE_PCAP_DUMP_FLUSH, so use thos, rather than Win32, to check
whether WinPcap has "pcap_findalldevs()" or "pcap_dump_flush()", so
people can tweak the appropriate makefile if building WinDump with an
older version of WinPcap lacking one or both of those routines.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the output stream for "-w" to be flushed after each packet is dumped.
Add checks for "pcap_dump_flush()", and only enable the "-U" flag if
it's present. Clean up the handling of the "getopt()" argument and the
usage message to get rid of the pile of #ifdefs.
Add documentation for the "-L" and "-y" flags.
Tweak the description of "-r" to properly format "-w" in the text.
|
| |
|
|
|
|
| |
tcpdump.c. Have if_print routines return the length of the link-layer
header, so that the common code knows how to skip the link-layer header
when printing the packet in hex/ASCII.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to:
use "-y" rather than "-D" to set the link type ("-D" was already
taken);
use libpcap APIs to map between data link type names and values;
supply stub versions of missing-but-needed libpcap APIs.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
|
| |
|
|
|
|
|
|
| |
Have "-xx" and "-XX" cause the link-level header to be dumped; don't
make "-e" affect that at all, as the fact that "-x" doesn't dump the
link-level header was documented, with no mention of "-e", at least as
far back as tcpdump 3.4, and scripts might depend on that working even
with "-e".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
beginning of the raw packet data, the captured length of the raw packet
data, and the length of the link-layer header, and:
if "-e" was specified, prints all the raw packet data;
if "-e" was not specified, prints all the raw packet data past
the link-layer header, if there is any.
Use that routine in all the "xxx_if_print()" routines if "-x" was
specified.
Make "arcnet_encap_print()" static - it's not used outside
"print-arcnet.c".
Add missing info printing code to "atm_if_print()".
Print the packet data in "lane_if_print()", not in "lane_print()", as
"lane_print()" can be called from other "xxx_if_print()" routines, and
those routines will also print the packet data if "-x" was specified -
no need to print it twice.
|
| | |
|
| |
|
|
| |
to a file, not just when you're printing dissected packets.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unused-parameter problems reported by GCC. Add an _U_ tag to label
parameters as unused if the function is called through a pointer (so
that you can't change its signature by removing parameters) or if there
are unused parameters only because the function isn't complete.
Add some additional bounds checks the necessity for which was revealed
while cleaning up unused-parameter problems.
Make some routines static.
"lcp_print()", defined in "print-lcp.c", isn't called anywhere -
"print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
|
| |
|
|
|
|
|
|
|
|
| |
the libpcap that comes with some platforms doesn't define it.
Check for "pcap_debug" and "yydebug" in libpcap in the configure
scripts, so that whichever one is present (which might depend on whether
libpcap was built with standard YACC or Berkeley YACC/Bison), if any is
present, will be used by the "-Y" flag (if none is present, "-Y" won't
be supported).
|
| |
|
|
| |
needed with recent versions of WinPcap.
|
| |
|
|
|
|
|
|
|
|
| |
and "-R" back into the usage strings.
We might as well do the "pcap_close()" call before exiting when "-d"
is used on UNIX as well as Windows.
Put in a comment about an official API for getting a libpcap version
string.
|
| |
|
|
| |
we don't have "pcap_findalldevs()".
|
| |
|
|
|
|
|
| |
only use it if we find it.
Define DHAVE_PCAP_FINDALLDEVS in the Windows GNU Makefile and project
file, as WinPcap has "pcap_findalldevs()".
|
