3 # Test the capture engine of the Wireshark tools
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, write to the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 # common exit status values
33 # capture exactly 10 packets
34 capture_step_10packets() {
35 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -c 10 -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
37 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
38 test_step_failed "exit status of $DUT: $RETURNVALUE"
39 # part of the Prerequisite checks
40 # probably wrong interface, output the possible interfaces
45 # we should have an output file now
46 if [ ! -f "./testout.pcap" ]; then
47 test_step_failed "No output file!"
51 # ok, we got a capture file, does it contain exactly 10 packets?
52 $CAPINFOS ./testout.pcap > ./testout.txt
53 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
59 # part of the Prerequisite checks
60 # probably wrong interface, output the possible interfaces
62 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
66 # capture exactly 10 packets using "-w -" (piping to stdout)
67 capture_step_10packets_stdout() {
68 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -c 10 -a duration:$TRAFFIC_CAPTURE_DURATION -w - > ./testout.pcap 2>./testout.txt
70 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
71 test_step_failed "exit status of $DUT: $RETURNVALUE"
76 # we should have an output file now
77 if [ ! -f "./testout.pcap" ]; then
78 test_step_failed "No output file!"
82 # ok, we got a capture file, does it contain exactly 10 packets?
83 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
84 grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
92 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
96 # capture packets via a fifo
99 (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
100 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
103 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
104 test_step_failed "exit status of $DUT: $RETURNVALUE"
108 # we should have an output file now
109 if [ ! -f "./testout.pcap" ]; then
110 test_step_failed "No output file!"
114 # ok, we got a capture file, does it contain exactly 8 packets?
115 $CAPINFOS ./testout.pcap > ./testout.txt
116 grep -i 'Number of packets: 8' ./testout.txt > /dev/null
117 if [ $? -eq 0 ]; then
122 test_step_failed "No or not enough traffic captured."
126 # capture exactly 2 times 10 packets (multiple files)
127 capture_step_2multi_10packets() {
128 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -c 10 -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
130 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
131 test_step_failed "exit status of $DUT: $RETURNVALUE"
132 # part of the Prerequisite checks
133 # probably wrong interface, output the possible interfaces
138 # we should have an output file now
139 if [ ! -f "./testout.pcap" ]; then
140 test_step_failed "No output file!"
144 # ok, we got a capture file, does it contain exactly 10 packets?
145 $CAPINFOS ./testout.pcap > ./testout.txt
146 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
147 if [ $? -eq 0 ]; then
152 test_step_failed "Probably the wrong interface (no traffic captured)!"
156 # capture with a very unlikely read filter, packets must be zero afterwards
157 capture_step_read_filter() {
158 # valid, but very unlikely filter
159 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -a duration:$TRAFFIC_CAPTURE_DURATION -R 'dcerpc.cn_call_id==123456' -c 10 > ./testout.txt 2>&1
161 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
162 test_step_failed "exit status: $RETURNVALUE"
166 # we should have an output file now
167 if [ ! -f "./testout.pcap" ]; then
168 test_step_failed "No output file!"
172 # ok, we got a capture file, does it contain exactly 0 packets?
173 $CAPINFOS ./testout.pcap > ./testout.txt
174 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
175 if [ $? -eq 0 ]; then
180 test_step_failed "Capture file should contain zero packets!"
185 # capture with a snapshot length
186 capture_step_snapshot() {
187 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
188 # this should result in no packets
189 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -s 68 -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
191 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
192 test_step_failed "exit status: $RETURNVALUE"
196 # we should have an output file now
197 if [ ! -f "./testout.pcap" ]; then
198 test_step_failed "No output file!"
202 # use tshark to filter out all packets, which are larger than 68 bytes
203 $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
205 # ok, we got a capture file, does it contain exactly 0 packets?
206 $CAPINFOS ./testout2.pcap > ./testout.txt
207 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
208 if [ $? -eq 0 ]; then
213 test_step_failed "Capture file should contain zero packets!"
218 wireshark_capture_suite() {
219 # Q: quit after cap, k: start capture immediately
220 DUT="$WIRESHARK -Q -k"
221 test_step_add "Capture 10 packets" capture_step_10packets
222 # piping to stdout doesn't work with Wireshark and capturing!
223 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
224 # read filter doesn't work with Wireshark and capturing!
225 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
226 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
229 tshark_capture_suite() {
231 test_step_add "Capture 10 packets" capture_step_10packets
232 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
233 if [ $TEST_FIFO ]; then
234 test_step_add "Capture via fifo" capture_step_fifo
236 test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
237 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
240 dumpcap_capture_suite() {
243 test_step_add "Capture 10 packets" capture_step_10packets
244 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
245 if [ $TEST_FIFO ]; then
246 test_step_add "Capture via fifo" capture_step_fifo
248 # read (display) filters intentionally doesn't work with dumpcap!
249 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
250 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
253 capture_cleanup_step() {
257 rm -f ./testout2.pcap
261 test_step_set_pre capture_cleanup_step
262 test_step_set_post capture_cleanup_step
263 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
264 test_suite_add "TShark capture" tshark_capture_suite
265 test_suite_add "Wireshark capture" wireshark_capture_suite
266 test_suite_add "Dumpcap capture" dumpcap_capture_suite