3 # Test the capture engine of the Wireshark tools
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, writeto the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 # common exit status values
33 # Generate some traffic for quiet networks.
34 # This will have to be adjusted for non-Windows systems.
35 ping -n 20 www.wireshark.org > /dev/null 2>&1 &
38 # capture exactly 10 packets
39 capture_step_10packets() {
40 if [ "$WS_SYSTEM" != "Windows" ] ; then
46 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
49 -a duration:$TRAFFIC_CAPTURE_DURATION \
53 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
54 test_step_failed "exit status of $DUT: $RETURNVALUE"
55 # part of the Prerequisite checks
56 # probably wrong interface, output the possible interfaces
61 # we should have an output file now
62 if [ ! -f "./testout.pcap" ]; then
63 test_step_failed "No output file!"
67 # ok, we got a capture file, does it contain exactly 10 packets?
68 $CAPINFOS ./testout.pcap > ./testout.txt
69 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
75 # part of the Prerequisite checks
76 # probably wrong interface, output the possible interfaces
78 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
82 # capture exactly 10 packets using "-w -" (piping to stdout)
83 capture_step_10packets_stdout() {
84 if [ "$WS_SYSTEM" != "Windows" ] ; then
90 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
92 -a duration:$TRAFFIC_CAPTURE_DURATION \
95 > ./testout.pcap 2>./testout.txt
97 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
98 test_step_failed "exit status of $DUT: $RETURNVALUE"
103 # we should have an output file now
104 if [ ! -f "./testout.pcap" ]; then
105 test_step_failed "No output file!"
109 # ok, we got a capture file, does it contain exactly 10 packets?
110 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
111 grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
112 if [ $? -eq 0 ]; then
119 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
123 # capture packets via a fifo
124 capture_step_fifo() {
126 (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
127 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
129 -a duration:$TRAFFIC_CAPTURE_DURATION \
133 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
134 test_step_failed "exit status of $DUT: $RETURNVALUE"
138 # we should have an output file now
139 if [ ! -f "./testout.pcap" ]; then
140 test_step_failed "No output file!"
144 # ok, we got a capture file, does it contain exactly 8 packets?
145 $CAPINFOS ./testout.pcap > ./testout.txt
146 grep -i 'Number of packets: 8' ./testout.txt > /dev/null
147 if [ $? -eq 0 ]; then
152 test_step_failed "No or not enough traffic captured."
156 # capture exactly 2 times 10 packets (multiple files)
157 capture_step_2multi_10packets() {
158 if [ "$WS_SYSTEM" != "Windows" ] ; then
164 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
167 -a duration:$TRAFFIC_CAPTURE_DURATION \
172 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
173 test_step_failed "exit status of $DUT: $RETURNVALUE"
174 # part of the Prerequisite checks
175 # probably wrong interface, output the possible interfaces
180 # we should have an output file now
181 if [ ! -f "./testout.pcap" ]; then
182 test_step_failed "No output file!"
186 # ok, we got a capture file, does it contain exactly 10 packets?
187 $CAPINFOS ./testout.pcap > ./testout.txt
188 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
189 if [ $? -eq 0 ]; then
194 test_step_failed "Probably the wrong interface (no traffic captured)!"
198 # capture with a very unlikely read filter, packets must be zero afterwards
199 capture_step_read_filter() {
200 if [ "$WS_SYSTEM" != "Windows" ] ; then
206 # valid, but very unlikely filter
207 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
209 -a duration:$TRAFFIC_CAPTURE_DURATION \
210 -R 'dcerpc.cn_call_id==123456' \
215 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
216 test_step_failed "exit status: $RETURNVALUE"
220 # we should have an output file now
221 if [ ! -f "./testout.pcap" ]; then
222 test_step_failed "No output file!"
226 # ok, we got a capture file, does it contain exactly 0 packets?
227 $CAPINFOS ./testout.pcap > ./testout.txt
228 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
229 if [ $? -eq 0 ]; then
234 test_step_failed "Capture file should contain zero packets!"
239 # capture with a snapshot length
240 capture_step_snapshot() {
241 if [ "$WS_SYSTEM" != "Windows" ] ; then
248 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
249 # this should result in no packets
250 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
253 -a duration:$TRAFFIC_CAPTURE_DURATION
257 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
258 test_step_failed "exit status: $RETURNVALUE"
262 # we should have an output file now
263 if [ ! -f "./testout.pcap" ]; then
264 test_step_failed "No output file!"
268 # use tshark to filter out all packets, which are larger than 68 bytes
269 $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
271 # ok, we got a capture file, does it contain exactly 0 packets?
272 $CAPINFOS ./testout2.pcap > ./testout.txt
273 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
274 if [ $? -eq 0 ]; then
279 test_step_failed "Capture file should contain zero packets!"
284 wireshark_capture_suite() {
285 # Q: quit after cap, k: start capture immediately
286 DUT="$WIRESHARK -Q -k"
287 test_step_add "Capture 10 packets" capture_step_10packets
288 # piping to stdout doesn't work with Wireshark and capturing!
289 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
290 # read filter doesn't work with Wireshark and capturing!
291 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
292 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
295 tshark_capture_suite() {
297 test_step_add "Capture 10 packets" capture_step_10packets
298 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
299 if [ $TEST_FIFO ]; then
300 test_step_add "Capture via fifo" capture_step_fifo
302 test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
303 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
306 dumpcap_capture_suite() {
309 test_step_add "Capture 10 packets" capture_step_10packets
310 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
311 if [ $TEST_FIFO ]; then
312 test_step_add "Capture via fifo" capture_step_fifo
314 # read (display) filters intentionally doesn't work with dumpcap!
315 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
316 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
319 capture_cleanup_step() {
323 rm -f ./testout2.pcap
327 test_step_set_pre capture_cleanup_step
328 test_step_set_post capture_cleanup_step
329 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
330 test_suite_add "TShark capture" tshark_capture_suite
331 test_suite_add "Wireshark capture" wireshark_capture_suite
332 test_suite_add "Dumpcap capture" dumpcap_capture_suite