3 # Test the capture engine of the Wireshark tools
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, write to the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 # common exit status values
33 # capture exactly 10 packets
34 capture_step_10packets() {
35 if [ "$WS_SYSTEM" != "Windows" ] ; then
40 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -c 10 -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
42 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
43 test_step_failed "exit status of $DUT: $RETURNVALUE"
44 # part of the Prerequisite checks
45 # probably wrong interface, output the possible interfaces
50 # we should have an output file now
51 if [ ! -f "./testout.pcap" ]; then
52 test_step_failed "No output file!"
56 # ok, we got a capture file, does it contain exactly 10 packets?
57 $CAPINFOS ./testout.pcap > ./testout.txt
58 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
64 # part of the Prerequisite checks
65 # probably wrong interface, output the possible interfaces
67 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
71 # capture exactly 10 packets using "-w -" (piping to stdout)
72 capture_step_10packets_stdout() {
73 if [ "$WS_SYSTEM" != "Windows" ] ; then
78 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -c 10 -a duration:$TRAFFIC_CAPTURE_DURATION -w - > ./testout.pcap 2>./testout.txt
80 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
81 test_step_failed "exit status of $DUT: $RETURNVALUE"
86 # we should have an output file now
87 if [ ! -f "./testout.pcap" ]; then
88 test_step_failed "No output file!"
92 # ok, we got a capture file, does it contain exactly 10 packets?
93 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
94 grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
102 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
106 # capture packets via a fifo
107 capture_step_fifo() {
109 (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
110 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
113 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
114 test_step_failed "exit status of $DUT: $RETURNVALUE"
118 # we should have an output file now
119 if [ ! -f "./testout.pcap" ]; then
120 test_step_failed "No output file!"
124 # ok, we got a capture file, does it contain exactly 8 packets?
125 $CAPINFOS ./testout.pcap > ./testout.txt
126 grep -i 'Number of packets: 8' ./testout.txt > /dev/null
127 if [ $? -eq 0 ]; then
132 test_step_failed "No or not enough traffic captured."
136 # capture exactly 2 times 10 packets (multiple files)
137 capture_step_2multi_10packets() {
138 if [ "$WS_SYSTEM" != "Windows" ] ; then
143 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -c 10 -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
145 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
146 test_step_failed "exit status of $DUT: $RETURNVALUE"
147 # part of the Prerequisite checks
148 # probably wrong interface, output the possible interfaces
153 # we should have an output file now
154 if [ ! -f "./testout.pcap" ]; then
155 test_step_failed "No output file!"
159 # ok, we got a capture file, does it contain exactly 10 packets?
160 $CAPINFOS ./testout.pcap > ./testout.txt
161 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
162 if [ $? -eq 0 ]; then
167 test_step_failed "Probably the wrong interface (no traffic captured)!"
171 # capture with a very unlikely read filter, packets must be zero afterwards
172 capture_step_read_filter() {
173 if [ "$WS_SYSTEM" != "Windows" ] ; then
178 # valid, but very unlikely filter
179 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -a duration:$TRAFFIC_CAPTURE_DURATION -R 'dcerpc.cn_call_id==123456' -c 10 > ./testout.txt 2>&1
181 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
182 test_step_failed "exit status: $RETURNVALUE"
186 # we should have an output file now
187 if [ ! -f "./testout.pcap" ]; then
188 test_step_failed "No output file!"
192 # ok, we got a capture file, does it contain exactly 0 packets?
193 $CAPINFOS ./testout.pcap > ./testout.txt
194 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
195 if [ $? -eq 0 ]; then
200 test_step_failed "Capture file should contain zero packets!"
205 # capture with a snapshot length
206 capture_step_snapshot() {
207 if [ "$WS_SYSTEM" != "Windows" ] ; then
212 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
213 # this should result in no packets
214 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC -w ./testout.pcap -s 68 -a duration:$TRAFFIC_CAPTURE_DURATION > ./testout.txt 2>&1
216 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
217 test_step_failed "exit status: $RETURNVALUE"
221 # we should have an output file now
222 if [ ! -f "./testout.pcap" ]; then
223 test_step_failed "No output file!"
227 # use tshark to filter out all packets, which are larger than 68 bytes
228 $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
230 # ok, we got a capture file, does it contain exactly 0 packets?
231 $CAPINFOS ./testout2.pcap > ./testout.txt
232 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
233 if [ $? -eq 0 ]; then
238 test_step_failed "Capture file should contain zero packets!"
243 wireshark_capture_suite() {
244 # Q: quit after cap, k: start capture immediately
245 DUT="$WIRESHARK -Q -k"
246 test_step_add "Capture 10 packets" capture_step_10packets
247 # piping to stdout doesn't work with Wireshark and capturing!
248 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
249 # read filter doesn't work with Wireshark and capturing!
250 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
251 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
254 tshark_capture_suite() {
256 test_step_add "Capture 10 packets" capture_step_10packets
257 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
258 if [ $TEST_FIFO ]; then
259 test_step_add "Capture via fifo" capture_step_fifo
261 test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
262 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
265 dumpcap_capture_suite() {
268 test_step_add "Capture 10 packets" capture_step_10packets
269 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
270 if [ $TEST_FIFO ]; then
271 test_step_add "Capture via fifo" capture_step_fifo
273 # read (display) filters intentionally doesn't work with dumpcap!
274 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
275 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
278 capture_cleanup_step() {
282 rm -f ./testout2.pcap
286 test_step_set_pre capture_cleanup_step
287 test_step_set_post capture_cleanup_step
288 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
289 test_suite_add "TShark capture" tshark_capture_suite
290 test_suite_add "Wireshark capture" wireshark_capture_suite
291 test_suite_add "Dumpcap capture" dumpcap_capture_suite