3 # Test the capture engine of the Wireshark tools
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, writeto the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 # common exit status values
32 capture_test_output_print() {
35 if [[ -f "$f" ]]; then
44 # Generate some traffic for quiet networks.
45 # This will have to be adjusted for non-Windows systems.
47 # the following will run in the background and return immediately
50 for (( x=28; x<=58; x++ )) # in effect: number the packets
52 # How does ping _not_ have a standard set of arguments?
55 ping -n 1 -l $x www.wireshark.org ;;
57 /usr/sbin/ping www.wireshark.org $x 1 ;;
59 ping -c 1 -s $x www.wireshark.org ;;
64 } > ./testout_ping.txt 2>&1 &
69 rm -f ./testout_ping.txt
72 # capture exactly 10 packets
73 capture_step_10packets() {
74 if [ $SKIP_CAPTURE -ne 0 ] ; then
82 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
85 -a duration:$TRAFFIC_CAPTURE_DURATION \
90 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
92 capture_test_output_print ./testout.txt
93 # part of the Prerequisite checks
94 # wrong interface ? output the possible interfaces
96 test_step_failed "exit status of $DUT: $RETURNVALUE"
100 # we should have an output file now
101 if [ ! -f "./testout.pcap" ]; then
102 capture_test_output ./testout.txt
103 test_step_failed "No output file!"
107 # ok, we got a capture file, does it contain exactly 10 packets?
108 $CAPINFOS ./testout.pcap > ./testout2.txt
109 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
110 if [ $? -eq 0 ]; then
114 $TSHARK -ta -r ./testout.pcap >> ./testout2.txt
115 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
116 # part of the Prerequisite checks
117 # probably wrong interface, output the possible interfaces
119 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
123 # capture exactly 10 packets using "-w -" (piping to stdout)
124 capture_step_10packets_stdout() {
125 if [ $SKIP_CAPTURE -ne 0 ] ; then
133 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
135 -a duration:$TRAFFIC_CAPTURE_DURATION \
138 > ./testout.pcap 2>>./testout.txt
140 date >> ./testout.txt
141 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
143 capture_test_output_print ./testout.txt
145 test_step_failed "exit status of $DUT: $RETURNVALUE"
149 # we should have an output file now
150 if [ ! -f "./testout.pcap" ]; then
151 test_step_failed "No output file!"
155 # ok, we got a capture file, does it contain exactly 10 packets?
156 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
157 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
158 if [ $? -eq 0 ]; then
162 capture_test_output_print ./testout.txt ./testout2.txt
164 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
168 # capture packets via a fifo
169 capture_step_fifo() {
171 (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
172 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
174 -a duration:$TRAFFIC_CAPTURE_DURATION \
178 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
179 capture_test_output_print ./testout.txt
180 test_step_failed "exit status of $DUT: $RETURNVALUE"
184 # we should have an output file now
185 if [ ! -f "./testout.pcap" ]; then
186 test_step_failed "No output file!"
190 # ok, we got a capture file, does it contain exactly 8 packets?
191 $CAPINFOS ./testout.pcap > ./testout.txt
192 grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
193 if [ $? -eq 0 ]; then
197 capture_test_output_print ./testout.txt
198 test_step_failed "No or not enough traffic captured."
202 # capture packets via a fifo
203 capture_step_stdin() {
204 (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) | \
205 $DUT -i - $TRAFFIC_CAPTURE_PROMISC \
207 -a duration:$TRAFFIC_CAPTURE_DURATION \
210 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
211 capture_test_output_print ./testout.txt ./dumpcap_debug_log.tmp
212 test_step_failed "exit status of $DUT: $RETURNVALUE"
216 # we should have an output file now
217 if [ ! -f "./testout.pcap" ]; then
218 test_step_failed "No output file!"
222 # ok, we got a capture file, does it contain exactly 8 packets?
223 $CAPINFOS ./testout.pcap > ./testout.txt
224 grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
225 if [ $? -eq 0 ]; then
229 capture_test_output_print ./testout.txt
230 test_step_failed "No or not enough traffic captured."
234 # capture exactly 2 times 10 packets (multiple files)
235 capture_step_2multi_10packets() {
236 if [ $SKIP_CAPTURE -ne 0 ] ; then
244 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
247 -a duration:$TRAFFIC_CAPTURE_DURATION \
249 >> ./testout.txt 2>&1
252 date >> ./testout.txt
253 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
255 capture_test_output_print ./testout.txt
256 # part of the Prerequisite checks
257 # probably wrong interface, output the possible interfaces
259 test_step_failed "exit status of $DUT: $RETURNVALUE"
263 # we should have an output file now
264 if [ ! -f "./testout.pcap" ]; then
265 test_step_failed "No output file!"
269 # ok, we got a capture file, does it contain exactly 10 packets?
270 $CAPINFOS ./testout.pcap > ./testout.txt
271 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout.txt > /dev/null
272 if [ $? -eq 0 ]; then
276 capture_test_output_print ./testout.txt
277 test_step_failed "Probably the wrong interface (no traffic captured)!"
281 # capture with a very unlikely read filter, packets must be zero afterwards
282 capture_step_read_filter() {
283 if [ $SKIP_CAPTURE -ne 0 ] ; then
290 # valid, but very unlikely filter
292 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
294 -a duration:$TRAFFIC_CAPTURE_DURATION \
295 -R 'dcerpc.cn_call_id==123456' \
298 >> ./testout.txt 2>&1
300 date >> ./testout.txt
301 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
303 capture_test_output_print ./testout.txt
304 # part of the Prerequisite checks
305 # wrong interface ? output the possible interfaces
307 test_step_failed "exit status: $RETURNVALUE"
311 # we should have an output file now
312 if [ ! -f "./testout.pcap" ]; then
313 test_step_failed "No output file!"
317 # ok, we got a capture file, does it contain exactly 0 packets?
318 $CAPINFOS ./testout.pcap > ./testout.txt
319 grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
320 if [ $? -eq 0 ]; then
324 capture_test_output_print ./testout.txt
325 test_step_failed "Capture file should contain zero packets!"
330 # capture with a snapshot length
331 capture_step_snapshot() {
332 if [ $SKIP_CAPTURE -ne 0 ] ; then
339 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
340 # this should result in no packets greater than 68 bytes
342 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
345 -a duration:$TRAFFIC_CAPTURE_DURATION \
347 >> ./testout.txt 2>&1
349 date >> ./testout.txt
350 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
352 capture_test_output_print ./testout.txt
353 # part of the Prerequisite checks
354 # wrong interface ? output the possible interfaces
356 test_step_failed "exit status: $RETURNVALUE"
360 # we should have an output file now
361 if [ ! -f "./testout.pcap" ]; then
362 test_step_failed "No output file!"
366 # use tshark to filter out all packets, which are larger than 68 bytes
367 $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
368 if [ $? -ne 0 ]; then
370 capture_test_output_print ./testout.txt
371 test_step_failed "Problem running TShark!"
375 # ok, we got a capture file, does it contain exactly 0 packets?
376 $CAPINFOS ./testout2.pcap > ./testout.txt
377 grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
378 if [ $? -eq 0 ]; then
382 capture_test_output_print ./testout.txt
383 test_step_failed "Capture file should contain zero packets!"
388 wireshark_capture_suite() {
389 # Q: quit after cap, k: start capture immediately
390 DUT="$WIRESHARK -Q -k"
391 test_step_add "Capture 10 packets" capture_step_10packets
392 # piping to stdout doesn't work with Wireshark and capturing!
393 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
394 if [ $TEST_FIFO ]; then
395 test_step_add "Capture via fifo" capture_step_fifo
397 test_step_add "Capture via stdin" capture_step_stdin
398 # read filter doesn't work with Wireshark and capturing!
399 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
400 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
403 tshark_capture_suite() {
405 test_step_add "Capture 10 packets" capture_step_10packets
406 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
407 if [ $TEST_FIFO ]; then
408 test_step_add "Capture via fifo" capture_step_fifo
410 test_step_add "Capture via stdin" capture_step_stdin
411 # tshark now using dumpcap for capturing, read filters won't work by definition
412 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
413 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
416 dumpcap_capture_suite() {
419 test_step_add "Capture 10 packets" capture_step_10packets
420 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
421 if [ $TEST_FIFO ]; then
422 test_step_add "Capture via fifo" capture_step_fifo
424 test_step_add "Capture via stdin" capture_step_stdin
425 # read (display) filters intentionally doesn't work with dumpcap!
426 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
427 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
430 capture_cleanup_step() {
435 rm -f ./testout2.pcap
439 test_step_set_pre capture_cleanup_step
440 test_step_set_post capture_cleanup_step
441 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
442 test_suite_add "Dumpcap capture" dumpcap_capture_suite
443 test_suite_add "TShark capture" tshark_capture_suite
444 test_suite_add "Wireshark capture" wireshark_capture_suite