test/suite-capture.sh

   1 #!/bin/bash
   2 #
   3 # Test the capture engine of the Wireshark tools
   4 #
   5 # $Id$
   6 #
   7 # Wireshark - Network traffic analyzer
   8 # By Gerald Combs <gerald@wireshark.org>
   9 # Copyright 2005 Ulf Lamping
  10 #
  11 # This program is free software; you can redistribute it and/or
  12 # modify it under the terms of the GNU General Public License
  13 # as published by the Free Software Foundation; either version 2
  14 # of the License, or (at your option) any later version.
  15 #
  16 # This program is distributed in the hope that it will be useful,
  17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 # GNU General Public License for more details.
  20 #
  21 # You should have received a copy of the GNU General Public License
  22 # along with this program; if not, writeto the Free Software
  23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24 #
  25
  26
  27 # common exit status values
  28 EXIT_OK=0
  29 EXIT_COMMAND_LINE=1
  30 EXIT_ERROR=2
  31
  32 capture_test_output_print() {
  33         wait
  34         for f in "$@"; do
  35                 if [[ -f "$f" ]]; then
  36                 printf " --> $f\n"
  37                 cat "$f"
  38                 printf "\n"
  39                 fi
  40         done
  41 }
  42
  43 traffic_gen_ping() {
  44         # Generate some traffic for quiet networks.
  45         # This will have to be adjusted for non-Windows systems.
  46         {
  47         date
  48         for (( x=20; x<=50; x++ )) # in effect: number the packets
  49         do
  50                 # How does ping _not_ have a standard set of arguments?
  51                 case $WS_SYSTEM in
  52                         Windows)
  53                                 ping -n 1 -l $x www.wireshark.org       ;;
  54                         SunOS)
  55                                 /usr/sbin/ping www.wireshark.org $x 1           ;;
  56                         *) # *BSD, Linux
  57                                 ping -c 1 -s $x www.wireshark.org       ;;
  58                 esac
  59                 sleep 1
  60         done
  61         date
  62         } > ./testout_ping.txt 2>&1 &
  63 }
  64
  65 ping_cleanup() {
  66         wait
  67         rm -f ./testout_ping.txt
  68 }
  69
  70 # capture exactly 10 packets
  71 capture_step_10packets() {
  72         if [ $SKIP_CAPTURE -ne 0 ] ; then
  73                 test_step_skipped
  74                 return
  75         fi
  76
  77         traffic_gen_ping
  78
  79         date > ./testout.txt
  80         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
  81                 -w ./testout.pcap \
  82                 -c 10  \
  83                 -a duration:$TRAFFIC_CAPTURE_DURATION \
  84                 -f icmp \
  85                 >> ./testout.txt 2>&1
  86         RETURNVALUE=$?
  87         date >> ./testout.txt
  88         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  89                 echo
  90                 capture_test_output_print ./testout.txt
  91                 # part of the Prerequisite checks
  92                 # wrong interface ? output the possible interfaces
  93                 $TSHARK -D
  94                 test_step_failed "exit status of $DUT: $RETURNVALUE"
  95                 return
  96         fi
  97
  98         # we should have an output file now
  99         if [ ! -f "./testout.pcap" ]; then
 100         capture_test_output ./testout.txt
 101                 test_step_failed "No output file!"
 102                 return
 103         fi
 104
 105         # ok, we got a capture file, does it contain exactly 10 packets?
 106         $CAPINFOS ./testout.pcap > ./testout2.txt
 107         grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
 108         if [ $? -eq 0 ]; then
 109                 test_step_ok
 110         else
 111                 echo
 112                 $TSHARK -ta -r ./testout.pcap >> ./testout2.txt
 113                 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
 114                 # part of the Prerequisite checks
 115                 # probably wrong interface, output the possible interfaces
 116                 $TSHARK -D
 117                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 118         fi
 119 }
 120
 121 # capture exactly 10 packets using "-w -" (piping to stdout)
 122 capture_step_10packets_stdout() {
 123         if [ $SKIP_CAPTURE -ne 0 ] ; then
 124                 test_step_skipped
 125                 return
 126         fi
 127
 128         traffic_gen_ping
 129
 130         date > ./testout.txt
 131         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 132                 -c 10 \
 133                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 134                 -w - \
 135                 -f icmp \
 136                 > ./testout.pcap 2>>./testout.txt
 137         RETURNVALUE=$?
 138         date >> ./testout.txt
 139         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 140                 echo
 141                 cat ./testout.txt
 142                 $TSHARK -D
 143                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 144                 return
 145         fi
 146
 147         # we should have an output file now
 148         if [ ! -f "./testout.pcap" ]; then
 149                 test_step_failed "No output file!"
 150                 return
 151         fi
 152
 153         # ok, we got a capture file, does it contain exactly 10 packets?
 154         $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
 155         grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
 156         if [ $? -eq 0 ]; then
 157                 test_step_ok
 158         else
 159                 echo
 160                 cat ./testout.txt
 161                 cat ./testout2.txt
 162                 $TSHARK -D
 163                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 164         fi
 165 }
 166
 167 # capture packets via a fifo
 168 capture_step_fifo() {
 169         mkfifo 'fifo'
 170         (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
 171         $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
 172                 -w ./testout.pcap \
 173                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 174                 > ./testout.txt 2>&1
 175         RETURNVALUE=$?
 176         rm 'fifo'
 177         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 178                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 179                 return
 180         fi
 181
 182         # we should have an output file now
 183         if [ ! -f "./testout.pcap" ]; then
 184                 test_step_failed "No output file!"
 185                 return
 186         fi
 187
 188         # ok, we got a capture file, does it contain exactly 8 packets?
 189         $CAPINFOS ./testout.pcap > ./testout.txt
 190         grep -i 'Number of packets: 8' ./testout.txt > /dev/null
 191         if [ $? -eq 0 ]; then
 192                 test_step_ok
 193         else
 194                 echo
 195                 cat ./testout.txt
 196                 test_step_failed "No or not enough traffic captured."
 197         fi
 198 }
 199
 200 # capture exactly 2 times 10 packets (multiple files)
 201 capture_step_2multi_10packets() {
 202         if [ $SKIP_CAPTURE -ne 0 ] ; then
 203                 test_step_skipped
 204                 return
 205         fi
 206
 207         traffic_gen_ping
 208
 209         date > ./testout.txt
 210         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 211                 -w ./testout.pcap \
 212                 -c 10 \
 213                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 214                 -f icmp \
 215                 >> ./testout.txt 2>&1
 216
 217         RETURNVALUE=$?
 218         date >> ./testout.txt
 219         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 220                 echo
 221                 cat ./testout.txt
 222                 # part of the Prerequisite checks
 223                 # probably wrong interface, output the possible interfaces
 224                 $TSHARK -D
 225                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 226                 return
 227         fi
 228
 229         # we should have an output file now
 230         if [ ! -f "./testout.pcap" ]; then
 231                 test_step_failed "No output file!"
 232                 return
 233         fi
 234
 235         # ok, we got a capture file, does it contain exactly 10 packets?
 236         $CAPINFOS ./testout.pcap > ./testout.txt
 237         grep -i 'Number of packets: 10' ./testout.txt > /dev/null
 238         if [ $? -eq 0 ]; then
 239                 test_step_ok
 240         else
 241                 echo
 242                 cat ./testout.txt
 243                 test_step_failed "Probably the wrong interface (no traffic captured)!"
 244         fi
 245 }
 246
 247 # capture with a very unlikely read filter, packets must be zero afterwards
 248 capture_step_read_filter() {
 249         if [ $SKIP_CAPTURE -ne 0 ] ; then
 250                 test_step_skipped
 251                 return
 252         fi
 253
 254         traffic_gen_ping
 255
 256         # valid, but very unlikely filter
 257         date > ./testout.txt
 258         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 259                 -w ./testout.pcap \
 260                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 261                 -R 'dcerpc.cn_call_id==123456' \
 262                 -c 10 \
 263                 -f icmp \
 264                 >> ./testout.txt 2>&1
 265         RETURNVALUE=$?
 266         date >> ./testout.txt
 267         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 268                 echo
 269                 cat ./testout.txt
 270                 # part of the Prerequisite checks
 271                 # wrong interface ? output the possible interfaces
 272                 $TSHARK -D
 273                 test_step_failed "exit status: $RETURNVALUE"
 274                 return
 275         fi
 276
 277         # we should have an output file now
 278         if [ ! -f "./testout.pcap" ]; then
 279                 test_step_failed "No output file!"
 280                 return
 281         fi
 282
 283         # ok, we got a capture file, does it contain exactly 0 packets?
 284         $CAPINFOS ./testout.pcap > ./testout.txt
 285         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
 286         if [ $? -eq 0 ]; then
 287                 test_step_ok
 288         else
 289                 echo
 290                 cat ./testout.txt
 291                 test_step_failed "Capture file should contain zero packets!"
 292         fi
 293 }
 294
 295
 296 # capture with a snapshot length
 297 capture_step_snapshot() {
 298         if [ $SKIP_CAPTURE -ne 0 ] ; then
 299                 test_step_skipped
 300                 return
 301         fi
 302
 303         traffic_gen_ping
 304
 305         # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
 306         # this should result in no packets greater than 68 bytes
 307         date > ./testout.txt
 308         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 309                 -w ./testout.pcap \
 310                 -s 68 \
 311                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 312                 -f icmp \
 313                 >> ./testout.txt 2>&1
 314         RETURNVALUE=$?
 315         date >> ./testout.txt
 316         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 317                 echo
 318                 cat ./testout.txt
 319                 # part of the Prerequisite checks
 320                 # wrong interface ? output the possible interfaces
 321                 $TSHARK -D
 322                 test_step_failed "exit status: $RETURNVALUE"
 323                 return
 324         fi
 325
 326         # we should have an output file now
 327         if [ ! -f "./testout.pcap" ]; then
 328                 test_step_failed "No output file!"
 329                 return
 330         fi
 331
 332         # use tshark to filter out all packets, which are larger than 68 bytes
 333         $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
 334
 335         # ok, we got a capture file, does it contain exactly 0 packets?
 336         $CAPINFOS ./testout2.pcap > ./testout.txt
 337         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
 338         if [ $? -eq 0 ]; then
 339                 test_step_ok
 340         else
 341                 echo
 342                 cat ./testout.txt
 343                 test_step_failed "Capture file should contain zero packets!"
 344                 return
 345         fi
 346 }
 347
 348 wireshark_capture_suite() {
 349         # Q: quit after cap, k: start capture immediately
 350         DUT="$WIRESHARK -Q -k"
 351         test_step_add "Capture 10 packets" capture_step_10packets
 352         # piping to stdout doesn't work with Wireshark and capturing!
 353         #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 354         # read filter doesn't work with Wireshark and capturing!
 355         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 356         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 357 }
 358
 359 tshark_capture_suite() {
 360         DUT=$TSHARK
 361         test_step_add "Capture 10 packets" capture_step_10packets
 362         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 363         if [ $TEST_FIFO ]; then
 364                 test_step_add "Capture via fifo" capture_step_fifo
 365         fi
 366     # tshark now using dumpcap for capturing, read filters won't work by definition
 367         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 368         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 369 }
 370
 371 dumpcap_capture_suite() {
 372         #DUT="$DUMPCAP -Q"
 373         DUT=$DUMPCAP
 374         test_step_add "Capture 10 packets" capture_step_10packets
 375         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 376         if [ $TEST_FIFO ]; then
 377                 test_step_add "Capture via fifo" capture_step_fifo
 378         fi
 379         # read (display) filters intentionally doesn't work with dumpcap!
 380         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 381         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 382 }
 383
 384 capture_cleanup_step() {
 385         ping_cleanup
 386         rm -f ./testout.txt
 387         rm -f ./testout2.txt
 388         rm -f ./testout.pcap
 389         rm -f ./testout2.pcap
 390 }
 391
 392 capture_suite() {
 393         test_step_set_pre capture_cleanup_step
 394         test_step_set_post capture_cleanup_step
 395         test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
 396         test_suite_add "Dumpcap capture" dumpcap_capture_suite
 397         test_suite_add "TShark capture" tshark_capture_suite
 398         test_suite_add "Wireshark capture" wireshark_capture_suite
 399 }