2 * Reports capture file information including # of packets, duration, others
4 * Copyright 2004 Ian Schorr
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
41 #ifdef HAVE_SYS_TIME_H
47 #include <epan/packet.h>
48 #include <epan/filesystem.h>
49 #include <epan/plugins.h>
50 #include <epan/report_err.h>
52 #include <epan/privileges.h>
58 static gboolean cap_file_type = FALSE; /* Do not report capture type */
59 static gboolean cap_file_encap = FALSE; /* Do not report encapsulation */
60 static gboolean cap_packet_count = FALSE; /* Do not produce packet count */
61 static gboolean cap_file_size = FALSE; /* Do not report file size */
62 static gboolean cap_data_size = FALSE; /* Do not report packet byte size */
63 static gboolean cap_duration = FALSE; /* Do not report capture duration */
64 static gboolean cap_start_time = FALSE;
65 static gboolean cap_end_time = FALSE;
67 static gboolean cap_data_rate_byte = FALSE;
68 static gboolean cap_data_rate_bit = FALSE;
69 static gboolean cap_packet_size = FALSE;
72 typedef struct _capture_info {
89 double data_rate; /* in bytes */
93 secs_nsecs(const struct wtap_nstime * nstime)
95 return (nstime->nsecs / 1000000000.0) + (double)nstime->secs;
99 print_stats(capture_info *cf_info)
101 const gchar *file_type_string, *file_encap_string;
105 /* Build printable strings for various stats */
106 file_type_string = wtap_file_type_string(cf_info->file_type);
107 file_encap_string = wtap_encap_string(cf_info->file_encap);
108 start_time_t = (time_t)cf_info->start_time;
109 stop_time_t = (time_t)cf_info->stop_time;
111 if (cap_file_type) printf("File type: %s\n", file_type_string);
112 if (cap_file_encap) printf("File encapsulation: %s\n", file_encap_string);
113 if (cap_packet_count) printf("Number of packets: %u \n", cf_info->packet_count);
114 if (cap_file_size) printf("File size: %" G_GINT64_MODIFIER "d bytes\n", cf_info->filesize);
115 if (cap_data_size) printf("Data size: %" G_GINT64_MODIFIER "u bytes\n", cf_info->packet_bytes);
116 if (cap_duration) printf("Capture duration: %f seconds\n", cf_info->duration);
117 if (cap_start_time) printf("Start time: %s", (cf_info->packet_count>0) ? ctime (&start_time_t) : "n/a\n");
118 if (cap_end_time) printf("End time: %s", (cf_info->packet_count>0) ? ctime (&stop_time_t) : "n/a\n");
119 if (cap_data_rate_byte) printf("Data rate: %.2f bytes/s\n", cf_info->data_rate);
120 if (cap_data_rate_bit) printf("Data rate: %.2f bits/s\n", cf_info->data_rate*8);
121 if (cap_packet_size) printf("Average packet size: %.2f bytes\n", cf_info->packet_size);
125 process_cap_file(wtap *wth, const char *filename)
134 const struct wtap_pkthdr *phdr;
135 capture_info cf_info;
136 double start_time = 0;
137 double stop_time = 0;
140 /* Tally up data that we need to parse through the file to find */
141 while (wtap_read(wth, &err, &err_info, &data_offset)) {
142 phdr = wtap_phdr(wth);
143 cur_time = secs_nsecs(&phdr->ts);
145 start_time = cur_time;
146 stop_time = cur_time;
148 if (cur_time < start_time) {
149 start_time = cur_time;
151 if (cur_time > stop_time) {
152 stop_time = cur_time;
160 "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n",
161 packet, filename, wtap_strerror(err));
164 case WTAP_ERR_UNSUPPORTED:
165 case WTAP_ERR_UNSUPPORTED_ENCAP:
166 case WTAP_ERR_BAD_RECORD:
167 fprintf(stderr, "(%s)\n", err_info);
174 size = wtap_file_size(wth, &err);
177 "capinfos: Can't get size of \"%s\": %s.\n",
178 filename, strerror(err));
182 cf_info.filesize = size;
185 cf_info.file_type = wtap_file_type(wth);
187 /* File Encapsulation */
188 cf_info.file_encap = wtap_file_encap(wth);
191 cf_info.packet_count = packet;
194 cf_info.start_time = start_time;
195 cf_info.stop_time = stop_time;
196 cf_info.duration = stop_time-start_time;
198 /* Number of packet bytes */
199 cf_info.packet_bytes = bytes;
202 cf_info.data_rate = (double)bytes / (stop_time-start_time); /* Data rate per second */
203 cf_info.packet_size = (double)bytes / packet; /* Avg packet size */
206 cf_info.data_rate = 0.0;
207 cf_info.packet_size = 0.0;
210 printf("File name: %s\n", filename);
211 print_stats(&cf_info);
217 usage(gboolean is_error)
223 /* XXX - add capinfos header info here */
229 fprintf(output, "Capinfos %s"
234 fprintf(output, "Prints information about capture files.\n");
235 fprintf(output, "See http://www.wireshark.org for more information.\n");
236 fprintf(output, "\n");
237 fprintf(output, "Usage: capinfos [options] <infile> ...\n");
238 fprintf(output, "\n");
239 fprintf(output, "General:\n");
240 fprintf(output, " -t display the capture file type\n");
241 fprintf(output, " -E display the capture file encapsulation\n");
242 fprintf(output, "\n");
243 fprintf(output, "Size:\n");
244 fprintf(output, " -c display the number of packets\n");
245 fprintf(output, " -s display the size of the file (in bytes)\n");
246 fprintf(output, " -d display the total length of all packets (in bytes)\n");
247 fprintf(output, "\n");
248 fprintf(output, "Time:\n");
249 fprintf(output, " -u display the capture duration (in seconds) \n");
250 fprintf(output, " -a display the capture start time\n");
251 fprintf(output, " -e display the capture end time\n");
252 fprintf(output, "\n");
253 fprintf(output, "Statistic:\n");
254 fprintf(output, " -y display average data rate (in bytes/s)\n");
255 fprintf(output, " -i display average data rate (in bits/s)\n");
256 fprintf(output, " -z display average packet size (in bytes)\n");
257 fprintf(output, "\n");
258 fprintf(output, "Miscellaneous:\n");
259 fprintf(output, " -h display this help and exit\n");
260 fprintf(output, "\n");
261 fprintf(output, "If no options are given, default is to display all infos\n");
265 * Don't report failures to load plugins because most (non-wiretap) plugins
266 * *should* fail to load (because we're not linked against libwireshark and
267 * dissector plugins need libwireshark).
270 failure_message(const char *msg_format _U_, va_list ap _U_)
277 main(int argc, char *argv[])
287 char* init_progfile_dir_error;
291 * Get credential information for later use.
293 get_credential_info();
296 /* Register wiretap plugins */
298 if ((init_progfile_dir_error = init_progfile_dir(argv[0]))) {
299 g_warning("capinfos: init_progfile_dir(): %s", init_progfile_dir_error);
300 g_free(init_progfile_dir_error);
302 init_report_err(failure_message,NULL,NULL);
307 /* Process the options */
309 while ((opt = getopt(argc, argv, "tEcsduaeyizvh")) !=-1) {
314 cap_file_type = TRUE;
318 cap_file_encap = TRUE;
322 cap_packet_count = TRUE;
326 cap_file_size = TRUE;
330 cap_data_size = TRUE;
338 cap_start_time = TRUE;
346 cap_data_rate_byte = TRUE;
350 cap_data_rate_bit = TRUE;
354 cap_packet_size = TRUE;
362 case '?': /* Bad flag - print usage message */
371 /* If no arguments were given, by default display all statistics */
372 cap_file_type = TRUE;
373 cap_file_encap = TRUE;
374 cap_packet_count = TRUE;
375 cap_file_size = TRUE;
376 cap_data_size = TRUE;
378 cap_start_time = TRUE;
381 cap_data_rate_byte = TRUE;
382 cap_data_rate_bit = TRUE;
383 cap_packet_size = TRUE;
386 if ((argc - optind) < 1) {
391 for (opt = optind; opt < argc; opt++) {
393 wth = wtap_open_offline(argv[opt], &err, &err_info, FALSE);
396 fprintf(stderr, "capinfos: Can't open %s: %s\n", argv[opt],
400 case WTAP_ERR_UNSUPPORTED:
401 case WTAP_ERR_UNSUPPORTED_ENCAP:
402 case WTAP_ERR_BAD_RECORD:
403 fprintf(stderr, "(%s)\n", err_info);
412 status = process_cap_file(wth, argv[opt]);