3 # Test the capture engine of the Wireshark tools
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, writeto the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 # common exit status values
32 capture_test_output_print() {
35 if [[ -f "$f" ]]; then
44 # Generate some traffic for quiet networks.
45 # This will have to be adjusted for non-Windows systems.
48 for (( x=20; x<=50; x++ )) # in effect: number the packets
50 # How does ping _not_ have a standard set of arguments?
53 ping -n 1 -l $x www.wireshark.org ;;
55 /usr/sbin/ping www.wireshark.org $x 1 ;;
57 ping -c 1 -s $x www.wireshark.org ;;
62 } > ./testout_ping.txt 2>&1 &
67 rm -f ./testout_ping.txt
70 # capture exactly 10 packets
71 capture_step_10packets() {
72 if [ $SKIP_CAPTURE -ne 0 ] ; then
80 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
83 -a duration:$TRAFFIC_CAPTURE_DURATION \
88 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
90 capture_test_output_print ./testout.txt
91 # part of the Prerequisite checks
92 # wrong interface ? output the possible interfaces
94 test_step_failed "exit status of $DUT: $RETURNVALUE"
98 # we should have an output file now
99 if [ ! -f "./testout.pcap" ]; then
100 capture_test_output ./testout.txt
101 test_step_failed "No output file!"
105 # ok, we got a capture file, does it contain exactly 10 packets?
106 $CAPINFOS ./testout.pcap > ./testout2.txt
107 grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
108 if [ $? -eq 0 ]; then
112 $TSHARK -ta -r ./testout.pcap >> ./testout2.txt
113 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
114 # part of the Prerequisite checks
115 # probably wrong interface, output the possible interfaces
117 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
121 # capture exactly 10 packets using "-w -" (piping to stdout)
122 capture_step_10packets_stdout() {
123 if [ $SKIP_CAPTURE -ne 0 ] ; then
131 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
133 -a duration:$TRAFFIC_CAPTURE_DURATION \
136 > ./testout.pcap 2>>./testout.txt
138 date >> ./testout.txt
139 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
143 test_step_failed "exit status of $DUT: $RETURNVALUE"
147 # we should have an output file now
148 if [ ! -f "./testout.pcap" ]; then
149 test_step_failed "No output file!"
153 # ok, we got a capture file, does it contain exactly 10 packets?
154 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
155 grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
156 if [ $? -eq 0 ]; then
163 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
167 # capture packets via a fifo
168 capture_step_fifo() {
170 (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
171 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
173 -a duration:$TRAFFIC_CAPTURE_DURATION \
177 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
178 test_step_failed "exit status of $DUT: $RETURNVALUE"
182 # we should have an output file now
183 if [ ! -f "./testout.pcap" ]; then
184 test_step_failed "No output file!"
188 # ok, we got a capture file, does it contain exactly 8 packets?
189 $CAPINFOS ./testout.pcap > ./testout.txt
190 grep -i 'Number of packets: 8' ./testout.txt > /dev/null
191 if [ $? -eq 0 ]; then
196 test_step_failed "No or not enough traffic captured."
200 # capture exactly 2 times 10 packets (multiple files)
201 capture_step_2multi_10packets() {
202 if [ $SKIP_CAPTURE -ne 0 ] ; then
210 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
213 -a duration:$TRAFFIC_CAPTURE_DURATION \
215 >> ./testout.txt 2>&1
218 date >> ./testout.txt
219 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
222 # part of the Prerequisite checks
223 # probably wrong interface, output the possible interfaces
225 test_step_failed "exit status of $DUT: $RETURNVALUE"
229 # we should have an output file now
230 if [ ! -f "./testout.pcap" ]; then
231 test_step_failed "No output file!"
235 # ok, we got a capture file, does it contain exactly 10 packets?
236 $CAPINFOS ./testout.pcap > ./testout.txt
237 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
238 if [ $? -eq 0 ]; then
243 test_step_failed "Probably the wrong interface (no traffic captured)!"
247 # capture with a very unlikely read filter, packets must be zero afterwards
248 capture_step_read_filter() {
249 if [ $SKIP_CAPTURE -ne 0 ] ; then
256 # valid, but very unlikely filter
258 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
260 -a duration:$TRAFFIC_CAPTURE_DURATION \
261 -R 'dcerpc.cn_call_id==123456' \
264 >> ./testout.txt 2>&1
266 date >> ./testout.txt
267 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
270 # part of the Prerequisite checks
271 # wrong interface ? output the possible interfaces
273 test_step_failed "exit status: $RETURNVALUE"
277 # we should have an output file now
278 if [ ! -f "./testout.pcap" ]; then
279 test_step_failed "No output file!"
283 # ok, we got a capture file, does it contain exactly 0 packets?
284 $CAPINFOS ./testout.pcap > ./testout.txt
285 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
286 if [ $? -eq 0 ]; then
291 test_step_failed "Capture file should contain zero packets!"
296 # capture with a snapshot length
297 capture_step_snapshot() {
298 if [ $SKIP_CAPTURE -ne 0 ] ; then
305 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
306 # this should result in no packets greater than 68 bytes
308 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
311 -a duration:$TRAFFIC_CAPTURE_DURATION \
313 >> ./testout.txt 2>&1
315 date >> ./testout.txt
316 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
319 # part of the Prerequisite checks
320 # wrong interface ? output the possible interfaces
322 test_step_failed "exit status: $RETURNVALUE"
326 # we should have an output file now
327 if [ ! -f "./testout.pcap" ]; then
328 test_step_failed "No output file!"
332 # use tshark to filter out all packets, which are larger than 68 bytes
333 $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
335 # ok, we got a capture file, does it contain exactly 0 packets?
336 $CAPINFOS ./testout2.pcap > ./testout.txt
337 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
338 if [ $? -eq 0 ]; then
343 test_step_failed "Capture file should contain zero packets!"
348 wireshark_capture_suite() {
349 # Q: quit after cap, k: start capture immediately
350 DUT="$WIRESHARK -Q -k"
351 test_step_add "Capture 10 packets" capture_step_10packets
352 # piping to stdout doesn't work with Wireshark and capturing!
353 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
354 # read filter doesn't work with Wireshark and capturing!
355 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
356 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
359 tshark_capture_suite() {
361 test_step_add "Capture 10 packets" capture_step_10packets
362 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
363 if [ $TEST_FIFO ]; then
364 test_step_add "Capture via fifo" capture_step_fifo
366 # tshark now using dumpcap for capturing, read filters won't work by definition
367 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
368 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
371 dumpcap_capture_suite() {
374 test_step_add "Capture 10 packets" capture_step_10packets
375 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
376 if [ $TEST_FIFO ]; then
377 test_step_add "Capture via fifo" capture_step_fifo
379 # read (display) filters intentionally doesn't work with dumpcap!
380 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
381 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
384 capture_cleanup_step() {
389 rm -f ./testout2.pcap
393 test_step_set_pre capture_cleanup_step
394 test_step_set_post capture_cleanup_step
395 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
396 test_suite_add "Dumpcap capture" dumpcap_capture_suite
397 test_suite_add "TShark capture" tshark_capture_suite
398 test_suite_add "Wireshark capture" wireshark_capture_suite