test/suite-capture.sh

   1 #!/bin/bash
   2 #
   3 # Test the capture engine of the Wireshark tools
   4 #
   5 # $Id$
   6 #
   7 # Wireshark - Network traffic analyzer
   8 # By Gerald Combs <gerald@wireshark.org>
   9 # Copyright 2005 Ulf Lamping
  10 #
  11 # This program is free software; you can redistribute it and/or
  12 # modify it under the terms of the GNU General Public License
  13 # as published by the Free Software Foundation; either version 2
  14 # of the License, or (at your option) any later version.
  15 #
  16 # This program is distributed in the hope that it will be useful,
  17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 # GNU General Public License for more details.
  20 #
  21 # You should have received a copy of the GNU General Public License
  22 # along with this program; if not, writeto the Free Software
  23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24 #
  25
  26
  27 # common exit status values
  28 EXIT_OK=0
  29 EXIT_COMMAND_LINE=1
  30 EXIT_ERROR=2
  31
  32 traffic_gen_ping() {
  33         # Generate some traffic for quiet networks.
  34         # This will have to be adjusted for non-Windows systems.
  35         ping -n 20 www.wireshark.org > /dev/null 2>&1 &
  36 }
  37
  38 # capture exactly 10 packets
  39 capture_step_10packets() {
  40         if [ "$WS_SYSTEM" != "Windows" ] ; then
  41                 test_step_skipped
  42                 return
  43         fi
  44
  45         traffic_gen_ping
  46         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
  47                 -w ./testout.pcap \
  48                 -c 10  \
  49                 -a duration:$TRAFFIC_CAPTURE_DURATION \
  50                 icmp \
  51                 > ./testout.txt 2>&1
  52         RETURNVALUE=$?
  53         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  54                 test_step_failed "exit status of $DUT: $RETURNVALUE"
  55                 # part of the Prerequisite checks
  56                 # probably wrong interface, output the possible interfaces
  57                 $TSHARK -D
  58                 return
  59         fi
  60
  61         # we should have an output file now
  62         if [ ! -f "./testout.pcap" ]; then
  63                 test_step_failed "No output file!"
  64                 return
  65         fi
  66
  67         # ok, we got a capture file, does it contain exactly 10 packets?
  68         $CAPINFOS ./testout.pcap > ./testout.txt
  69         grep -i 'Number of packets: 10' ./testout.txt > /dev/null
  70         if [ $? -eq 0 ]; then
  71                 test_step_ok
  72         else
  73                 echo
  74                 cat ./testout.txt
  75                 # part of the Prerequisite checks
  76                 # probably wrong interface, output the possible interfaces
  77                 $TSHARK -D
  78                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
  79         fi
  80 }
  81
  82 # capture exactly 10 packets using "-w -" (piping to stdout)
  83 capture_step_10packets_stdout() {
  84         if [ "$WS_SYSTEM" != "Windows" ] ; then
  85                 test_step_skipped
  86                 return
  87         fi
  88
  89         traffic_gen_ping
  90         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
  91                 -c 10 \
  92                 -a duration:$TRAFFIC_CAPTURE_DURATION \
  93                 -w - \
  94                 icmp \
  95                 > ./testout.pcap 2>./testout.txt
  96         RETURNVALUE=$?
  97         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  98                 test_step_failed "exit status of $DUT: $RETURNVALUE"
  99                 $TSHARK -D
 100                 return
 101         fi
 102
 103         # we should have an output file now
 104         if [ ! -f "./testout.pcap" ]; then
 105                 test_step_failed "No output file!"
 106                 return
 107         fi
 108
 109         # ok, we got a capture file, does it contain exactly 10 packets?
 110         $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
 111         grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
 112         if [ $? -eq 0 ]; then
 113                 test_step_ok
 114         else
 115                 echo
 116                 cat ./testout.txt
 117                 cat ./testout2.txt
 118                 $TSHARK -D
 119                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 120         fi
 121 }
 122
 123 # capture packets via a fifo
 124 capture_step_fifo() {
 125         mkfifo 'fifo'
 126         (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
 127         $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
 128                 -w ./testout.pcap \
 129                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 130                 > ./testout.txt 2>&1
 131         RETURNVALUE=$?
 132         rm 'fifo'
 133         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 134                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 135                 return
 136         fi
 137
 138         # we should have an output file now
 139         if [ ! -f "./testout.pcap" ]; then
 140                 test_step_failed "No output file!"
 141                 return
 142         fi
 143
 144         # ok, we got a capture file, does it contain exactly 8 packets?
 145         $CAPINFOS ./testout.pcap > ./testout.txt
 146         grep -i 'Number of packets: 8' ./testout.txt > /dev/null
 147         if [ $? -eq 0 ]; then
 148                 test_step_ok
 149         else
 150                 echo
 151                 cat ./testout.txt
 152                 test_step_failed "No or not enough traffic captured."
 153         fi
 154 }
 155
 156 # capture exactly 2 times 10 packets (multiple files)
 157 capture_step_2multi_10packets() {
 158         if [ "$WS_SYSTEM" != "Windows" ] ; then
 159                 test_step_skipped
 160                 return
 161         fi
 162
 163         traffic_gen_ping
 164         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 165                 -w ./testout.pcap \
 166                 -c 10 \
 167                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 168                 icmp
 169                 > ./testout.txt 2>&1
 170
 171         RETURNVALUE=$?
 172         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 173                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 174                 # part of the Prerequisite checks
 175                 # probably wrong interface, output the possible interfaces
 176                 $TSHARK -D
 177                 return
 178         fi
 179
 180         # we should have an output file now
 181         if [ ! -f "./testout.pcap" ]; then
 182                 test_step_failed "No output file!"
 183                 return
 184         fi
 185
 186         # ok, we got a capture file, does it contain exactly 10 packets?
 187         $CAPINFOS ./testout.pcap > ./testout.txt
 188         grep -i 'Number of packets: 10' ./testout.txt > /dev/null
 189         if [ $? -eq 0 ]; then
 190                 test_step_ok
 191         else
 192                 echo
 193                 cat ./testout.txt
 194                 test_step_failed "Probably the wrong interface (no traffic captured)!"
 195         fi
 196 }
 197
 198 # capture with a very unlikely read filter, packets must be zero afterwards
 199 capture_step_read_filter() {
 200         if [ "$WS_SYSTEM" != "Windows" ] ; then
 201                 test_step_skipped
 202                 return
 203         fi
 204
 205         traffic_gen_ping
 206         # valid, but very unlikely filter
 207         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 208                 -w ./testout.pcap \
 209                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 210                 -R 'dcerpc.cn_call_id==123456' \
 211                 -c 10 \
 212                 icmp
 213                 > ./testout.txt 2>&1
 214         RETURNVALUE=$?
 215         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 216                 test_step_failed "exit status: $RETURNVALUE"
 217                 return
 218         fi
 219
 220         # we should have an output file now
 221         if [ ! -f "./testout.pcap" ]; then
 222                 test_step_failed "No output file!"
 223                 return
 224         fi
 225
 226         # ok, we got a capture file, does it contain exactly 0 packets?
 227         $CAPINFOS ./testout.pcap > ./testout.txt
 228         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
 229         if [ $? -eq 0 ]; then
 230                 test_step_ok
 231         else
 232                 echo
 233                 cat ./testout.txt
 234                 test_step_failed "Capture file should contain zero packets!"
 235         fi
 236 }
 237
 238
 239 # capture with a snapshot length
 240 capture_step_snapshot() {
 241         if [ "$WS_SYSTEM" != "Windows" ] ; then
 242                 test_step_skipped
 243                 return
 244         fi
 245
 246         traffic_gen_ping
 247
 248         # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
 249         # this should result in no packets
 250         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 251                 -w ./testout.pcap \
 252                 -s 68 \
 253                 -a duration:$TRAFFIC_CAPTURE_DURATION
 254                 icmp \
 255                 > ./testout.txt 2>&1
 256         RETURNVALUE=$?
 257         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 258                 test_step_failed "exit status: $RETURNVALUE"
 259                 return
 260         fi
 261
 262         # we should have an output file now
 263         if [ ! -f "./testout.pcap" ]; then
 264                 test_step_failed "No output file!"
 265                 return
 266         fi
 267
 268         # use tshark to filter out all packets, which are larger than 68 bytes
 269         $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
 270
 271         # ok, we got a capture file, does it contain exactly 0 packets?
 272         $CAPINFOS ./testout2.pcap > ./testout.txt
 273         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
 274         if [ $? -eq 0 ]; then
 275                 test_step_ok
 276         else
 277                 echo
 278                 cat ./testout.txt
 279                 test_step_failed "Capture file should contain zero packets!"
 280                 return
 281         fi
 282 }
 283
 284 wireshark_capture_suite() {
 285         # Q: quit after cap, k: start capture immediately
 286         DUT="$WIRESHARK -Q -k"
 287         test_step_add "Capture 10 packets" capture_step_10packets
 288         # piping to stdout doesn't work with Wireshark and capturing!
 289         #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 290         # read filter doesn't work with Wireshark and capturing!
 291         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 292         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 293 }
 294
 295 tshark_capture_suite() {
 296         DUT=$TSHARK
 297         test_step_add "Capture 10 packets" capture_step_10packets
 298         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 299         if [ $TEST_FIFO ]; then
 300                 test_step_add "Capture via fifo" capture_step_fifo
 301         fi
 302         test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 303         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 304 }
 305
 306 dumpcap_capture_suite() {
 307         #DUT="$DUMPCAP -Q"
 308         DUT=$DUMPCAP
 309         test_step_add "Capture 10 packets" capture_step_10packets
 310         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 311         if [ $TEST_FIFO ]; then
 312                 test_step_add "Capture via fifo" capture_step_fifo
 313         fi
 314         # read (display) filters intentionally doesn't work with dumpcap!
 315         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 316         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 317 }
 318
 319 capture_cleanup_step() {
 320         rm -f ./testout.txt
 321         rm -f ./testout2.txt
 322         rm -f ./testout.pcap
 323         rm -f ./testout2.pcap
 324 }
 325
 326 capture_suite() {
 327         test_step_set_pre capture_cleanup_step
 328         test_step_set_post capture_cleanup_step
 329         test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
 330         test_suite_add "TShark capture" tshark_capture_suite
 331         test_suite_add "Wireshark capture" wireshark_capture_suite
 332         test_suite_add "Dumpcap capture" dumpcap_capture_suite
 333 }