2 * Reports capture file information including # of packets, duration, others
4 * Copyright 2004 Ian Schorr
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
41 #ifdef HAVE_SYS_TIME_H
47 #include <epan/packet.h>
48 #include <epan/filesystem.h>
49 #include <epan/plugins.h>
50 #include <epan/report_err.h>
52 #include <wsutil/privileges.h>
58 static gboolean cap_file_type = FALSE; /* Do not report capture type */
59 static gboolean cap_file_encap = FALSE; /* Do not report encapsulation */
60 static gboolean cap_packet_count = FALSE; /* Do not produce packet count */
61 static gboolean cap_file_size = FALSE; /* Do not report file size */
62 static gboolean cap_data_size = FALSE; /* Do not report packet byte size */
63 static gboolean cap_duration = FALSE; /* Do not report capture duration */
64 static gboolean cap_start_time = FALSE;
65 static gboolean cap_end_time = FALSE;
67 static gboolean cap_data_rate_byte = FALSE;
68 static gboolean cap_data_rate_bit = FALSE;
69 static gboolean cap_packet_size = FALSE;
70 static gboolean cap_packet_rate = FALSE;
73 typedef struct _capture_info {
90 double data_rate; /* in bytes */
94 secs_nsecs(const struct wtap_nstime * nstime)
96 return (nstime->nsecs / 1000000000.0) + (double)nstime->secs;
100 print_stats(capture_info *cf_info)
102 const gchar *file_type_string, *file_encap_string;
106 /* Build printable strings for various stats */
107 file_type_string = wtap_file_type_string(cf_info->file_type);
108 file_encap_string = wtap_encap_string(cf_info->file_encap);
109 start_time_t = (time_t)cf_info->start_time;
110 stop_time_t = (time_t)cf_info->stop_time;
112 if (cap_file_type) printf("File type: %s\n", file_type_string);
113 if (cap_file_encap) printf("File encapsulation: %s\n", file_encap_string);
114 if (cap_packet_count) printf("Number of packets: %u \n", cf_info->packet_count);
115 if (cap_file_size) printf("File size: %" G_GINT64_MODIFIER "d bytes\n", cf_info->filesize);
116 if (cap_data_size) printf("Data size: %" G_GINT64_MODIFIER "u bytes\n", cf_info->packet_bytes);
117 if (cap_duration) printf("Capture duration: %f seconds\n", cf_info->duration);
118 if (cap_start_time) printf("Start time: %s", (cf_info->packet_count>0) ? ctime (&start_time_t) : "n/a\n");
119 if (cap_end_time) printf("End time: %s", (cf_info->packet_count>0) ? ctime (&stop_time_t) : "n/a\n");
120 if (cap_data_rate_byte) printf("Data rate: %.2f bytes/s\n", cf_info->data_rate);
121 if (cap_data_rate_bit) printf("Data rate: %.2f bits/s\n", cf_info->data_rate*8);
122 if (cap_packet_size) printf("Average packet size: %.2f bytes\n", cf_info->packet_size);
123 if (cap_packet_rate) printf("Average packet rate: %.2f packets/s\n", cf_info->packet_rate);
127 process_cap_file(wtap *wth, const char *filename)
136 const struct wtap_pkthdr *phdr;
137 capture_info cf_info;
138 double start_time = 0;
139 double stop_time = 0;
142 /* Tally up data that we need to parse through the file to find */
143 while (wtap_read(wth, &err, &err_info, &data_offset)) {
144 phdr = wtap_phdr(wth);
145 cur_time = secs_nsecs(&phdr->ts);
147 start_time = cur_time;
148 stop_time = cur_time;
150 if (cur_time < start_time) {
151 start_time = cur_time;
153 if (cur_time > stop_time) {
154 stop_time = cur_time;
162 "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n",
163 packet, filename, wtap_strerror(err));
166 case WTAP_ERR_UNSUPPORTED:
167 case WTAP_ERR_UNSUPPORTED_ENCAP:
168 case WTAP_ERR_BAD_RECORD:
169 fprintf(stderr, "(%s)\n", err_info);
177 size = wtap_file_size(wth, &err);
180 "capinfos: Can't get size of \"%s\": %s.\n",
181 filename, strerror(err));
185 cf_info.filesize = size;
188 cf_info.file_type = wtap_file_type(wth);
190 /* File Encapsulation */
191 cf_info.file_encap = wtap_file_encap(wth);
194 cf_info.packet_count = packet;
197 cf_info.start_time = start_time;
198 cf_info.stop_time = stop_time;
199 cf_info.duration = stop_time-start_time;
201 /* Number of packet bytes */
202 cf_info.packet_bytes = bytes;
205 cf_info.data_rate = (double)bytes / (stop_time-start_time); /* Data rate per second */
206 cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */
207 cf_info.packet_size = (double)bytes / packet; /* Avg packet size */
210 cf_info.data_rate = 0.0;
211 cf_info.packet_rate = 0.0;
212 cf_info.packet_size = 0.0;
215 printf("File name: %s\n", filename);
216 print_stats(&cf_info);
222 usage(gboolean is_error)
228 /* XXX - add capinfos header info here */
234 fprintf(output, "Capinfos %s"
239 fprintf(output, "Prints information about capture files.\n");
240 fprintf(output, "See http://www.wireshark.org for more information.\n");
241 fprintf(output, "\n");
242 fprintf(output, "Usage: capinfos [options] <infile> ...\n");
243 fprintf(output, "\n");
244 fprintf(output, "General:\n");
245 fprintf(output, " -t display the capture file type\n");
246 fprintf(output, " -E display the capture file encapsulation\n");
247 fprintf(output, "\n");
248 fprintf(output, "Size:\n");
249 fprintf(output, " -c display the number of packets\n");
250 fprintf(output, " -s display the size of the file (in bytes)\n");
251 fprintf(output, " -d display the total length of all packets (in bytes)\n");
252 fprintf(output, "\n");
253 fprintf(output, "Time:\n");
254 fprintf(output, " -u display the capture duration (in seconds) \n");
255 fprintf(output, " -a display the capture start time\n");
256 fprintf(output, " -e display the capture end time\n");
257 fprintf(output, "\n");
258 fprintf(output, "Statistic:\n");
259 fprintf(output, " -y display average data rate (in bytes/s)\n");
260 fprintf(output, " -i display average data rate (in bits/s)\n");
261 fprintf(output, " -z display average packet size (in bytes)\n");
262 fprintf(output, " -x display average packet rate (in packets/s)\n");
263 fprintf(output, "\n");
264 fprintf(output, "Miscellaneous:\n");
265 fprintf(output, " -h display this help and exit\n");
266 fprintf(output, "\n");
267 fprintf(output, "If no options are given, default is to display all infos\n");
271 * Don't report failures to load plugins because most (non-wiretap) plugins
272 * *should* fail to load (because we're not linked against libwireshark and
273 * dissector plugins need libwireshark).
276 failure_message(const char *msg_format _U_, va_list ap _U_)
283 main(int argc, char *argv[])
293 char* init_progfile_dir_error;
297 * Get credential information for later use.
299 get_credential_info();
302 /* Register wiretap plugins */
304 if ((init_progfile_dir_error = init_progfile_dir(argv[0]))) {
305 g_warning("capinfos: init_progfile_dir(): %s", init_progfile_dir_error);
306 g_free(init_progfile_dir_error);
308 init_report_err(failure_message,NULL,NULL);
313 /* Process the options */
315 while ((opt = getopt(argc, argv, "tEcsduaeyizvhx")) !=-1) {
320 cap_file_type = TRUE;
324 cap_file_encap = TRUE;
328 cap_packet_count = TRUE;
332 cap_file_size = TRUE;
336 cap_data_size = TRUE;
344 cap_start_time = TRUE;
352 cap_data_rate_byte = TRUE;
356 cap_data_rate_bit = TRUE;
360 cap_packet_size = TRUE;
364 cap_packet_rate = TRUE;
372 case '?': /* Bad flag - print usage message */
381 /* If no arguments were given, by default display all statistics */
382 cap_file_type = TRUE;
383 cap_file_encap = TRUE;
384 cap_packet_count = TRUE;
385 cap_file_size = TRUE;
386 cap_data_size = TRUE;
388 cap_start_time = TRUE;
391 cap_data_rate_byte = TRUE;
392 cap_data_rate_bit = TRUE;
393 cap_packet_size = TRUE;
394 cap_packet_rate = TRUE;
397 if ((argc - optind) < 1) {
402 for (opt = optind; opt < argc; opt++) {
404 wth = wtap_open_offline(argv[opt], &err, &err_info, FALSE);
407 fprintf(stderr, "capinfos: Can't open %s: %s\n", argv[opt],
411 case WTAP_ERR_UNSUPPORTED:
412 case WTAP_ERR_UNSUPPORTED_ENCAP:
413 case WTAP_ERR_BAD_RECORD:
414 fprintf(stderr, "(%s)\n", err_info);
423 status = process_cap_file(wth, argv[opt]);