3 # Test the capture engine of the Wireshark tools
5 # Wireshark - Network traffic analyzer
6 # By Gerald Combs <gerald@wireshark.org>
7 # Copyright 2005 Ulf Lamping
9 # SPDX-License-Identifier: GPL-2.0-or-later
13 # common exit status values
18 WIRESHARK_CMD="$WIRESHARK -o gui.update.enabled:FALSE -k"
22 capture_test_output_print() {
25 if [[ -f "$f" ]]; then
33 capture_test_output_capinfos() {
36 if [[ -f "$f" ]]; then
39 printf "$f not found.\n"
45 # Generate some traffic for quiet networks.
46 # The following will run in the background and return immediately
49 for sweep_size in {1..240} # try to number the packets
51 # How does ping _not_ have a standard set of arguments?
54 ping -n 1 -l $sweep_size www.wireshark.org ;;
56 /usr/sbin/ping www.wireshark.org $sweep_size 1 ;;
58 ping -c 1 -s $sweep_size www.wireshark.org ;;
60 sleep 0.25 # 240 * 0.25 = 60-ish seconds
63 } > ./testout_ping.txt 2>&1 &
68 if [ -n "$PING_PID" ] ; then
73 rm -f ./testout_ping.txt
76 # capture exactly 10 packets
77 capture_step_10packets() {
78 if [ $SKIP_CAPTURE -ne 0 ] ; then
86 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
89 -a duration:$TRAFFIC_CAPTURE_DURATION \
94 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
96 capture_test_output_print ./testout.txt
97 # part of the Prerequisite checks
98 # wrong interface ? output the possible interfaces
100 test_step_failed "exit status of $DUT: $RETURNVALUE"
104 # we should have an output file now
105 if [ ! -f "./testout.pcap" ]; then
106 capture_test_output_print ./testout.txt
107 test_step_failed "No output file!"
111 # ok, we got a capture file, does it contain exactly 10 packets?
112 $CAPINFOS ./testout.pcap > ./testout2.txt
113 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
114 if [ $? -eq 0 ]; then
118 $TSHARK -ta -r ./testout.pcap >> ./testout2.txt
119 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
120 # part of the Prerequisite checks
121 # probably wrong interface, output the possible interfaces
123 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
127 # capture exactly 10 packets using "-w -" (piping to stdout)
128 capture_step_10packets_stdout() {
129 if [ $SKIP_CAPTURE -ne 0 ] ; then
137 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
139 -a duration:$TRAFFIC_CAPTURE_DURATION \
142 > ./testout.pcap 2>>./testout.txt
144 date >> ./testout.txt
145 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
147 capture_test_output_print ./testout.txt
149 test_step_failed "exit status of $DUT: $RETURNVALUE"
153 # we should have an output file now
154 if [ ! -f "./testout.pcap" ]; then
155 test_step_failed "No output file!"
159 # ok, we got a capture file, does it contain exactly 10 packets?
160 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
161 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
162 if [ $? -eq 0 ]; then
166 capture_test_output_print ./testout.txt ./testout2.txt
168 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
172 # capture packets via a fifo
173 capture_step_fifo() {
175 (cat "${CAPTURE_DIR}dhcp.pcap"; sleep 1; tail -c +25 "${CAPTURE_DIR}dhcp.pcap") > fifo &
176 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
178 -a duration:$TRAFFIC_CAPTURE_DURATION \
182 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
183 capture_test_output_print ./testout.txt
184 test_step_failed "exit status of $DUT: $RETURNVALUE"
188 # we should have an output file now
189 if [ ! -f "./testout.pcap" ]; then
190 test_step_failed "No output file!"
194 # ok, we got a capture file, does it contain exactly 8 packets?
195 $CAPINFOS ./testout.pcap > ./testout.txt
196 grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
197 if [ $? -eq 0 ]; then
201 capture_test_output_print ./testout.txt
202 test_step_failed "No or not enough traffic captured."
206 # capture packets via a fifo
207 capture_step_stdin() {
209 if [[ "$DUT" == "$WIRESHARK_CMD" && "$WS_SYSTEM" == "Windows" ]] ; then
210 CONSOLE_LOG_ARGS="-o console.log.level:127"
213 (cat "${CAPTURE_DIR}dhcp.pcap"; sleep 1; tail -c +25 "${CAPTURE_DIR}dhcp.pcap") | \
214 $DUT -i - $TRAFFIC_CAPTURE_PROMISC \
216 -a duration:$TRAFFIC_CAPTURE_DURATION \
218 > ./testout.txt 2> ./testerr.txt
220 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
221 capture_test_output_print ./testout.txt ./testerr.txt ./dumpcap_debug_log.tmp
222 capture_test_output_capinfos ./testout.pcap
223 test_step_failed "Exit status of $DUT: $RETURNVALUE"
227 if [ -n "$CONSOLE_LOG_ARGS" ] ; then
228 grep "Wireshark is up and ready to go" ./testout.txt > /dev/null 2>&1
229 if [ $? -ne 0 ]; then
230 test_step_failed "No startup message!"
233 grep "Capture started" ./testerr.txt > /dev/null 2>&1
234 if [ $? -ne 0 ]; then
235 test_step_failed "No capture started message!"
238 grep "Capture stopped" ./testerr.txt > /dev/null 2>&1
239 if [ $? -ne 0 ]; then
240 test_step_failed "No capture stopped message!"
244 # we should have an output file now
245 if [ ! -f "./testout.pcap" ]; then
246 test_step_failed "No output file!"
250 # ok, we got a capture file, does it contain exactly 8 packets?
251 $CAPINFOS ./testout.pcap > ./testout.txt
252 grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
253 if [ $? -eq 0 ]; then
257 capture_test_output_print ./testout.txt
258 test_step_failed "No or not enough traffic captured."
262 # capture exactly 2 times 10 packets (multiple files)
263 capture_step_2multi_10packets() {
264 if [ $SKIP_CAPTURE -ne 0 ] ; then
272 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
275 -a duration:$TRAFFIC_CAPTURE_DURATION \
277 >> ./testout.txt 2>&1
280 date >> ./testout.txt
281 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
283 capture_test_output_print ./testout.txt
284 # part of the Prerequisite checks
285 # probably wrong interface, output the possible interfaces
287 test_step_failed "exit status of $DUT: $RETURNVALUE"
291 # we should have an output file now
292 if [ ! -f "./testout.pcap" ]; then
293 test_step_failed "No output file!"
297 # ok, we got a capture file, does it contain exactly 10 packets?
298 $CAPINFOS ./testout.pcap > ./testout.txt
299 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout.txt > /dev/null
300 if [ $? -eq 0 ]; then
304 capture_test_output_print ./testout.txt
305 test_step_failed "Probably the wrong interface (no traffic captured)!"
309 # capture with a very unlikely read filter, packets must be zero afterwards
310 capture_step_read_filter() {
311 if [ $SKIP_CAPTURE -ne 0 ] ; then
318 # valid, but very unlikely filter
320 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
322 -a duration:$TRAFFIC_CAPTURE_DURATION \
323 -2 -R 'dcerpc.cn_call_id==123456' \
326 >> ./testout.txt 2>&1
328 date >> ./testout.txt
329 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
331 capture_test_output_print ./testout.txt
332 # part of the Prerequisite checks
333 # wrong interface ? output the possible interfaces
335 test_step_failed "exit status: $RETURNVALUE"
339 # we should have an output file now
340 if [ ! -f "./testout.pcap" ]; then
341 test_step_failed "No output file!"
345 # ok, we got a capture file, does it contain exactly 0 packets?
346 $CAPINFOS ./testout.pcap > ./testout.txt
347 grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
348 if [ $? -eq 0 ]; then
352 capture_test_output_print ./testout.txt
353 test_step_failed "Capture file should contain zero packets!"
358 # capture with a snapshot length
359 capture_step_snapshot() {
360 if [ $SKIP_CAPTURE -ne 0 ] ; then
367 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
368 # this should result in no packets greater than 68 bytes
370 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
373 -a duration:$TRAFFIC_CAPTURE_DURATION \
375 >> ./testout.txt 2>&1
377 date >> ./testout.txt
378 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
380 capture_test_output_print ./testout.txt
381 # part of the Prerequisite checks
382 # wrong interface ? output the possible interfaces
384 test_step_failed "exit status: $RETURNVALUE"
388 # we should have an output file now
389 if [ ! -f "./testout.pcap" ]; then
390 test_step_failed "No output file!"
394 # use tshark to filter out all packets, which are larger than 68 bytes
395 $TSHARK -r ./testout.pcap -w ./testout2.pcap -Y 'frame.cap_len>68' > ./testout.txt 2>&1
396 if [ $? -ne 0 ]; then
398 capture_test_output_print ./testout.txt
399 test_step_failed "Problem running TShark!"
403 # ok, we got a capture file, does it contain exactly 0 packets?
404 $CAPINFOS ./testout2.pcap > ./testout.txt
405 grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
406 if [ $? -eq 0 ]; then
410 capture_test_output_print ./testout.txt
411 test_step_failed "Capture file should contain zero packets!"
416 wireshark_capture_suite() {
417 # k: start capture immediately
418 # WIRESHARK_QUIT_AFTER_CAPTURE needs to be set.
421 # NOTE: This may not do the right thing if we use toolkits
422 # that use Wayland or Mir directly, unless they also depend
423 # on the DISPLAY environment variable.
425 #if [[ $WS_SYSTEM != Windows && $WS_SYSTEM != Darwin ]] && [ -z "$DISPLAY" ]; then
427 # Qt requires XKEYBOARD and Xrender, which our buildbots don't provide
428 if [[ $WS_SYSTEM != "Windows" && $WS_SYSTEM != "Darwin" ]]; then
429 echo -n " (assuming Xvnc, which doesn't support Xrender)"
435 test_step_add "Capture 10 packets" capture_step_10packets
436 # piping to stdout doesn't work with Wireshark and capturing!
437 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
438 if [ $TEST_FIFO ]; then
439 test_step_add "Capture via fifo" capture_step_fifo
441 test_step_add "Capture via stdin" capture_step_stdin
442 # read filter doesn't work with Wireshark and capturing!
443 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
444 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
447 tshark_capture_suite() {
449 test_step_add "Capture 10 packets" capture_step_10packets
450 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
451 if [ $TEST_FIFO ]; then
452 test_step_add "Capture via fifo" capture_step_fifo
454 test_step_add "Capture via stdin" capture_step_stdin
455 # tshark now using dumpcap for capturing, read filters won't work by definition
456 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
457 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
460 dumpcap_capture_suite() {
463 test_step_add "Capture 10 packets" capture_step_10packets
464 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
465 if [ $TEST_FIFO ]; then
466 test_step_add "Capture via fifo" capture_step_fifo
468 test_step_add "Capture via stdin" capture_step_stdin
469 # read (display) filters intentionally doesn't work with dumpcap!
470 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
471 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
474 capture_cleanup_step() {
480 rm -f ./testout2.pcap
484 test_step_set_pre capture_cleanup_step
485 test_step_set_post capture_cleanup_step
486 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
487 test_suite_add "Dumpcap capture" dumpcap_capture_suite
488 test_suite_add "TShark capture" tshark_capture_suite
489 test_suite_add "Wireshark capture" wireshark_capture_suite
493 # Editor modelines - http://www.wireshark.org/tools/modelines.html
498 # indent-tabs-mode: t
501 # vi: set shiftwidth=8 tabstop=8 noexpandtab:
502 # :indentSize=8:tabSize=8:noTabs=false: