20 years agoUse "get_basename()" rather than finding the last component of "argv[0]"
guy [Tue, 25 Jan 2000 04:44:33 +0000 (04:44 +0000)]
Use "get_basename()" rather than finding the last component of "argv[0]"
by hand.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1553 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoEncapsulate the code to take a pointer to a pathname and return a
guy [Tue, 25 Jan 2000 04:31:17 +0000 (04:31 +0000)]
Encapsulate the code to take a pointer to a pathname and return a
pointer to the name of the file to which it refers (i.e., to the last
component of the pathname) in a "get_basename()" routine, and have the
code in "file.c" call it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1552 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIf we open a file, and immediately try to open another file while the first
gerald [Tue, 25 Jan 2000 03:48:16 +0000 (03:48 +0000)]
If we open a file, and immediately try to open another file while the first
one is loading, we dump core.  Add the "Open..." menu item to the list of
items that we disable while a file is loading.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1551 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoTry to work around the undraw_cursor() bug in GTK+ 1.2.3 - 1.2.6. Setting
gerald [Tue, 25 Jan 2000 03:45:45 +0000 (03:45 +0000)]
Try to work around the undraw_cursor() bug in GTK+ 1.2.3 - 1.2.6.  Setting
the text widget scroll bar adjustment to 0.0 appears to fix things (on my
system, at least).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1550 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUpdate with URLs for the Win32 port on both sides of the Atlantic, and
guy [Tue, 25 Jan 2000 02:11:30 +0000 (02:11 +0000)]
Update with URLs for the Win32 port on both sides of the Atlantic, and
with notes about possible problems with the latest version.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1549 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"If there aren't any packets to select" means "if there aren't any
guy [Tue, 25 Jan 2000 01:05:06 +0000 (01:05 +0000)]
"If there aren't any packets to select" means "if there aren't any
packets displayed", not just "if there aren't any packets" - there may
be packets but no displayed packets if the display filter didn't find
any packets.

NULL out the pointers to the first and last displayed packet when
closing a capture file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1548 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIf there aren't any packets to select, don't try to select the first
guy [Tue, 25 Jan 2000 00:36:35 +0000 (00:36 +0000)]
If there aren't any packets to select, don't try to select the first
packet; "select_packet()" gets peeved because it can't find the packet,
and panics.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1547 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd support for Cisco ISL.
guy [Tue, 25 Jan 2000 00:18:26 +0000 (00:18 +0000)]
Add support for Cisco ISL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1546 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoOn Win32, when splitting file names into directory and last component,
guy [Tue, 25 Jan 2000 00:17:01 +0000 (00:17 +0000)]
On Win32, when splitting file names into directory and last component,
search for '\' rather than '/'.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1545 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe CRC is at the end of the frame, not at the end of the captured data
guy [Mon, 24 Jan 2000 21:56:24 +0000 (21:56 +0000)]
The CRC is at the end of the frame, not at the end of the captured data
in the frame.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1544 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd the CRC of the encapsulated frame to the ISL dissection.
guy [Mon, 24 Jan 2000 21:49:39 +0000 (21:49 +0000)]
Add the CRC of the encapsulated frame to the ISL dissection.

Fix an error in the handling of non-Ethernet, non-Token Ring frames.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1543 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSet a fixed-width font for win32.
gram [Mon, 24 Jan 2000 20:29:07 +0000 (20:29 +0000)]
Set a fixed-width font for win32.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1542 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoOpen files with "rb" rather than "r" - this may fix up the problems
guy [Mon, 24 Jan 2000 19:32:13 +0000 (19:32 +0000)]
Open files with "rb" rather than "r" - this may fix up the problems
Gilbert alluded to with reading capture files on Win32 systems.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1541 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoEthereal shouldn't use "file_seek()", "file_read()", or "file_write()"
guy [Mon, 24 Jan 2000 19:27:38 +0000 (19:27 +0000)]
Ethereal shouldn't use "file_seek()", "file_read()", or "file_write()"
directly; it should use them through Wiretap.  (Arguably, it shouldn't
use "file_open()", "file_dopen()", or "file_close()" directly, and
should use those through Wiretap as well.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1540 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd an INFO column with the VLAN ID.
guy [Mon, 24 Jan 2000 19:26:09 +0000 (19:26 +0000)]
Add an INFO column with the VLAN ID.

Get the frame type, and call the next dissector, regardless of whether
we're building a protocol tree or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1539 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdded the O_BINARY flag to open() for win32.
gram [Mon, 24 Jan 2000 19:16:39 +0000 (19:16 +0000)]
Added the O_BINARY flag to open() for win32.
Ethereal on win32 now correctly reads trace files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1538 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd support for Cisco ISL.
guy [Mon, 24 Jan 2000 18:46:45 +0000 (18:46 +0000)]
Add support for Cisco ISL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1537 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMake the Tethereal usage message reflect whether libpcap support was
guy [Mon, 24 Jan 2000 05:13:45 +0000 (05:13 +0000)]
Make the Tethereal usage message reflect whether libpcap support was
compiled in or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1536 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd spaces to the usage message, to match what was done to the Tethereal
guy [Mon, 24 Jan 2000 05:06:39 +0000 (05:06 +0000)]
Add spaces to the usage message, to match what was done to the Tethereal
usage message.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1535 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoKeep the sample command line in the usage message within 80 characters.
guy [Mon, 24 Jan 2000 04:53:54 +0000 (04:53 +0000)]
Keep the sample command line in the usage message within 80 characters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1534 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoInclude the "-D" flag in the usage message.
guy [Mon, 24 Jan 2000 04:49:45 +0000 (04:49 +0000)]
Include the "-D" flag in the usage message.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1533 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoHeikki Vatiainen's patch to add a flag to control whether to interpret
guy [Mon, 24 Jan 2000 04:44:58 +0000 (04:44 +0000)]
Heikki Vatiainen's patch to add a flag to control whether to interpret
the IPv4 TOS field as a TOS field or as a DiffServ field, and allow that
field to be controlled by a command-line option or an option in the
"Display:Options" dialog box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1532 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix a bunch of dissectors to use "pi.captured_len" rather than
guy [Mon, 24 Jan 2000 03:51:35 +0000 (03:51 +0000)]
Fix a bunch of dissectors to use "pi.captured_len" rather than
"fd->cap_len" for the frame length - or to use macros such as
use "pi.captured_len" - so that they correctly handle frames where the
actual data length of the packet is less than the size of the raw frame,
e.g. with encapsulations such as ISL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1531 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix a bunch of dissectors to use "pi.captured_len" rather than
guy [Mon, 24 Jan 2000 03:33:35 +0000 (03:33 +0000)]
Fix a bunch of dissectors to use "pi.captured_len" rather than
"fd->cap_len" for the frame length - or to use macros such as
use "pi.captured_len" - so that they correctly handle frames where the
actual data length of the packet is less than the size of the raw frame,
e.g. with encapsulations such as ISL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1530 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd some new SAP values from
guy [Mon, 24 Jan 2000 02:44:52 +0000 (02:44 +0000)]
Add some new SAP values from


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1529 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoxDLC frames other than I and UI frames may have a payload, e.g. TEST
guy [Mon, 24 Jan 2000 02:05:39 +0000 (02:05 +0000)]
xDLC frames other than I and UI frames may have a payload, e.g. TEST
frames; rename "XDLC_HAS_PAYLOAD()" to "XDLC_IS_INFORMATION()", and if
the frame isn't an "information" frame, dissect its payload (if any) as

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1528 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut the PID of SNAP frames into the protocol tree regardless of whether
guy [Mon, 24 Jan 2000 01:45:12 +0000 (01:45 +0000)]
Put the PID of SNAP frames into the protocol tree regardless of whether
the frame has a payload or not.

Note in a comment that in one capture there's a U frame with a function
of TEST, rather than UI, that appears to have a payload.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1527 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWhen computing the total frame length of an 802.3 frame, add to the
guy [Mon, 24 Jan 2000 01:15:37 +0000 (01:15 +0000)]
When computing the total frame length of an 802.3 frame, add to the
value in the length field not only the Ethernet MAC header size, but
also the offset in the frame of the Ethernet MAC header, so that, if the
802.3 frame is encapsulated in some other type of frame, the total frame
length includes the header for that frame as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1526 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIn "dissect_eth()", update "pi.len" and "pi.captured_len" regardless of
guy [Sun, 23 Jan 2000 08:55:37 +0000 (08:55 +0000)]
In "dissect_eth()", update "pi.len" and "pi.captured_len" regardless of
whether we're building a protocol tree or not.

Make "dissect_eth()" use "BYTES_ARE_IN_FRAME()" to see if we have a full
Ethernet header - it can be called with a non-zero offset, if Ethernet
frames are encapsulated inside other frames (e.g., ATM LANE).

Make capture routines take an "offset" argument if the corresponding
dissect routine takes one (for symmetry, and for Cisco ISL or any other
protocol that encapsulates Ethernet or Token-Ring frames inside other

Pass the frame lengths to capture routines via the "pi" structure,
rather than as an in-line argument, so that they can macros such as
"BYTES_ARE_IN_FRAME()" the way the corresponding dissect routines do.

Make capture routines update "pi.len" and "pi.captured_len" the same way
the corresponding diseect routines do, if the capture routines then call
other capture routines.

Make "capture_vlan()" count as "other" frames that are too short, the
way other capture routines do.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1525 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMerge Paul Ionescu's CDP fixes with Guy's. Add #defines to oui.h for Cisco
gerald [Sat, 22 Jan 2000 21:49:50 +0000 (21:49 +0000)]
Merge Paul Ionescu's CDP fixes with Guy's.  Add #defines to oui.h for Cisco
IOS 9.0 and bridged frame relay and update packet-llc.c accordingly.  Add
CDP handler to capture_llc() in packet-llc.c.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1524 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAllow "-w" and/or "-R" to be specified either when doing a live capture
guy [Sat, 22 Jan 2000 07:19:34 +0000 (07:19 +0000)]
Allow "-w" and/or "-R" to be specified either when doing a live capture
or when reading a saved capture file; if "-w" is specified, the packets
captured or read from the file are written to the specified file rather
than being dissected and printed, and if "-R" is specified, only packets
that pass the specified read filter are dissected and printed or

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1523 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix files that had Gilbert's old e-mail address or that didn't have my
guy [Sat, 22 Jan 2000 06:22:44 +0000 (06:22 +0000)]
Fix files that had Gilbert's old e-mail address or that didn't have my
forwarding e-mail address.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1522 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGive "dissect_rpc_string()" an extra "char **" argument; if it's
guy [Sat, 22 Jan 2000 05:49:08 +0000 (05:49 +0000)]
Give "dissect_rpc_string()" an extra "char **" argument; if it's
non-null, it returns through that argument a pointer to the displayed
version of the string, otherwise it just frees that string.

Use that to put, in the tree item for READDIR and READDIRPLUS reply
directory entry items, the file name from the directory entry.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1521 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "proto_item_set_text()", which sets the "representation" field of an
guy [Sat, 22 Jan 2000 04:59:55 +0000 (04:59 +0000)]
Add "proto_item_set_text()", which sets the "representation" field of an
existing protocol tree item.

Add "proto_tree_add_notext()"; it's just like "proto_tree_add_text()",
but without the text, and it sets the "representation" field to NULL;
that field would be set later with "proto_item_set_text()".

Those routines let you construct, for example, an interior node of the
protocol tree whose text can't be determined until all the nodes under
it have been dissected - it's similar to "proto_item_set_len()" in that

Use that when dissecting address TLVs in the CDP dissector - create the
item for an address in an "Addresses" TLV with no text, and then fill in
the items under it one at a time; if we get cut off before we get to the
actual address, set the text to "Truncated address", otherwise set it to
a description of the address.

Also, set the length of the item for the entire address TLV correctly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1520 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"tm_mon" in a "struct tm" is 0-based, not 1-based; when printing the
guy [Sat, 22 Jan 2000 02:00:27 +0000 (02:00 +0000)]
"tm_mon" in a "struct tm" is 0-based, not 1-based; when printing the
month number, add 1 to "tm_mon".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1519 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd URL.
gram [Fri, 21 Jan 2000 19:19:23 +0000 (19:19 +0000)]
Add URL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1518 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd stuff to add platform-specific compiler flags; currently, we have
guy [Fri, 21 Jan 2000 08:44:40 +0000 (08:44 +0000)]
Add stuff to add platform-specific compiler flags; currently, we have
only flags for HP's ANSI C compiler, as suggested by Jost Martin.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1517 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "-L" flags to LDFLAGS, not LIBS, and get rid of all the exotic
guy [Fri, 21 Jan 2000 06:18:16 +0000 (06:18 +0000)]
Add "-L" flags to LDFLAGS, not LIBS, and get rid of all the exotic
searching that tries to figure out in what directory libpcap lives - we
should treat "-L" just like "-I", rather than adding a ton of
complication to do it the way the autoconf maintainers think, for some
reason, it should be done (by adding "-L" flags to LIBS - "-L" flags
don't specify libraries, so I have no clue why they think they belong in
LIBS; they specify a search path for libraries, just as "-I" flags
specify a search path for header files, so they strike me as "flags to
the linker" rather than "libraries", and LDFLAGS, unlike LIBS, appears
before *all* "-l" flags, including those specified by PCAP_LIBS and so

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1516 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoApplied the vines part of Joerg's vines patch.
gram [Fri, 21 Jan 2000 00:07:53 +0000 (00:07 +0000)]
Applied the vines part of Joerg's vines patch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1515 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoJoerg Mayer's updates to the VINES dissector and to protocol layers
guy [Thu, 20 Jan 2000 21:34:16 +0000 (21:34 +0000)]
Joerg Mayer's updates to the VINES dissector and to protocol layers
above VINES.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1514 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGerrit Gehnen's patch to add support for the "Inactive Subset" of the
guy [Thu, 20 Jan 2000 19:16:41 +0000 (19:16 +0000)]
Gerrit Gehnen's patch to add support for the "Inactive Subset" of the
ISO 8473 CLNP protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1513 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe headers of HP-UX 9.04 and HP-UX 10.20 nettl files seem to be different.
oabad [Thu, 20 Jan 2000 17:13:42 +0000 (17:13 +0000)]
The headers of HP-UX 9.04 and HP-UX 10.20 nettl files seem to be different.
Check for both "magic numbers".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1512 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut the RFC number for PPTP into the introductory comment.
guy [Thu, 20 Jan 2000 07:31:29 +0000 (07:31 +0000)]
Put the RFC number for PPTP into the introductory comment.

Fix a bunch of byte-order problems, as noted by Thomas Quinot in Debian
bug 55347, although his fix addressed only the byte-order problems, not
the blithely-fetching-through-a-possibly-unaligned-pointer problems that
said code also had; we fix both of them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1511 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoInclude CFLAGS in the command to build "rdps".
guy [Tue, 18 Jan 2000 20:35:40 +0000 (20:35 +0000)]
Include CFLAGS in the command to build "rdps".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1510 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUse "strrchr()" instead of "rindex()" - "strrchr()" is the routine the
guy [Tue, 18 Jan 2000 19:01:35 +0000 (19:01 +0000)]
Use "strrchr()" instead of "rindex()" - "strrchr()" is the routine the
ANSI C standard specifies.

Fix up some menu stuff that should've been fixed when I put "Find Frame"
and "Go To Frame" under "Edit".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1509 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoLast dissectors for NFS v3 are finally done.
girlich [Tue, 18 Jan 2000 11:56:15 +0000 (11:56 +0000)]
Last dissectors for NFS v3 are finally done.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1508 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNew constants for ftype3 decoding.
girlich [Tue, 18 Jan 2000 11:54:07 +0000 (11:54 +0000)]
New constants for ftype3 decoding.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1507 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut into the "Capture Preferences" dialog box a check box to control
guy [Tue, 18 Jan 2000 09:25:04 +0000 (09:25 +0000)]
Put into the "Capture Preferences" dialog box a check box to control
whether, in a live capture that updates the display as packets arrive,
the packet list pane should scroll to show the most recently captured
packets or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1506 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut the "Find Frame" and "Go To Frame" menu items under "Edit"; leave
guy [Tue, 18 Jan 2000 09:05:30 +0000 (09:05 +0000)]
Put the "Find Frame" and "Go To Frame" menu items under "Edit"; leave
them under "Display" as well for now.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1505 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoJerry Talkington's changes to support, in the packet list and protocol
guy [Tue, 18 Jan 2000 08:38:18 +0000 (08:38 +0000)]
Jerry Talkington's changes to support, in the packet list and protocol
tree panes, menus popped up by the right mouse button.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1504 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSquelch some complaints from GCC (and protect against the admittedly
guy [Mon, 17 Jan 2000 20:30:17 +0000 (20:30 +0000)]
Squelch some complaints from GCC (and protect against the admittedly
unlikely possibility that, on some platform, converting a "gpointer" to
pointers of the types in question involves more than just reinterpreting
the bits of the "gpointer" value).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1503 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUse "strchr()" rather than "index()" - the ANSI C standard specifies
guy [Mon, 17 Jan 2000 20:21:40 +0000 (20:21 +0000)]
Use "strchr()" rather than "index()" - the ANSI C standard specifies
"strchr()", and it, unlike "index()", is declared in <string.h>.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1502 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd Makefile.nmake to list of deliverables. I had sent Thomas Parvais
gram [Mon, 17 Jan 2000 18:14:13 +0000 (18:14 +0000)]
Add Makefile.nmake to list of deliverables. I had sent Thomas Parvais
a tarball from the current CVS image using "make dist". That's why
he sent an e-mail today saying that the gtk/Makefile.namek was not
in CVS. It's in CVS, but it wasn't in the tarball I sent him.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1501 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWe have to #include "plugins.h" before using the HAVE_PLUGINS define.
oabad [Mon, 17 Jan 2000 17:12:43 +0000 (17:12 +0000)]
We have to #include "plugins.h" before using the HAVE_PLUGINS define.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1500 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a "-F" flag, to allow the format of a file being written to be
guy [Mon, 17 Jan 2000 08:06:42 +0000 (08:06 +0000)]
Add a "-F" flag, to allow the format of a file being written to be
specified.  This will be of more use when I allow "-w" to be used when
reading an existing capture file rather than doing a live capture (which
will also allow you to specify a read filter, and thus to write a
capture file containing those packets from an existing capture file that
match a given display filter).

Fix up some messages to say "tethereal" rather than "ethereal".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1499 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSmall patch to editcap to allow ranges of packets to be specified
sharpe [Mon, 17 Jan 2000 08:06:03 +0000 (08:06 +0000)]
Small patch to editcap to allow ranges of packets to be specified
as well as individual packets.

I needed to grab quite a few from the middle of a large capture file.

Will eventually need to sort the extract list.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1498 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a "-x" flag to Tethereal, to make it print a hex and ASCII dump of
guy [Mon, 17 Jan 2000 07:49:03 +0000 (07:49 +0000)]
Add a "-x" flag to Tethereal, to make it print a hex and ASCII dump of
the packet data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1497 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGet rid of the include of "util.h" that some dissectors do - it's not
guy [Sun, 16 Jan 2000 02:54:49 +0000 (02:54 +0000)]
Get rid of the include of "util.h" that some dissectors do - it's not

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1496 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMove the routine to get a list of the network interfaces on the system
guy [Sun, 16 Jan 2000 02:48:12 +0000 (02:48 +0000)]
Move the routine to get a list of the network interfaces on the system
to "util.c", and provide a routine to free that list as well.

When picking an interface on which to do a capture (if no "-i" flag was
specified), use that routine, and pick the first interface on the list.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1495 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe NetBSD zlib problem is probably the same as the FreeBSD and OpenBSD
guy [Sun, 16 Jan 2000 00:13:24 +0000 (00:13 +0000)]
The NetBSD zlib problem is probably the same as the FreeBSD and OpenBSD
zlib problems, and my workaround appears to handle that problem, so
let's reenable zlib support in NetBSD and look into it in more detail if
there's still a problem.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1494 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRename "save_LIBS" to "ethereal_save_LIBS", to reduce the risk of a name
guy [Sat, 15 Jan 2000 21:01:04 +0000 (21:01 +0000)]
Rename "save_LIBS" to "ethereal_save_LIBS", to reduce the risk of a name
collision with another variable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1493 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't exclude register.c from the distribution tarball because we
gram [Sat, 15 Jan 2000 13:45:06 +0000 (13:45 +0000)]
Don't exclude register.c from the distribution tarball because we
no longer optionally compile the snmp dissector. But I left the dist-hook
line in the Makefile.am in case we're ever in that situation again.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1492 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd in a couple of the artifacts produced from autoconf/automake
gram [Sat, 15 Jan 2000 13:27:39 +0000 (13:27 +0000)]
Add in a couple of the artifacts produced from autoconf/automake

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1491 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemove libltdl from the build. The directory is still in CVS, but it is
gram [Sat, 15 Jan 2000 13:25:22 +0000 (13:25 +0000)]
Remove libltdl from the build. The directory is still in CVS, but it is
not used in the build. I'll wait a few days to remove the libltdl
directory, just in case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1490 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMove top-level window creation to separate function outside of
gram [Sat, 15 Jan 2000 12:54:24 +0000 (12:54 +0000)]
Move top-level window creation to separate function outside of

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1489 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd missing #ifdef HAVE_PLUGINS before calling init_plugins()
oabad [Sat, 15 Jan 2000 10:50:23 +0000 (10:50 +0000)]
Add missing #ifdef HAVE_PLUGINS before calling init_plugins()

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1488 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a call to init_plugins() in order to read the plugins.status file and
oabad [Sat, 15 Jan 2000 10:47:56 +0000 (10:47 +0000)]
Add a call to init_plugins() in order to read the plugins.status file and
enable plugins if their saved status is "active".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1487 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAs we're not using the default action for AC_CHECK_LIB in
guy [Sat, 15 Jan 2000 10:25:41 +0000 (10:25 +0000)]
As we're not using the default action for AC_CHECK_LIB in
AC_ETHEREAL_PCAP_CHECK, we have to explicitly define HAVE_LIBPCAP if we
find it, otherwise it doesn't get defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1486 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPass the number of packets to be captured to "capture()" as an argument,
guy [Sat, 15 Jan 2000 10:23:10 +0000 (10:23 +0000)]
Pass the number of packets to be captured to "capture()" as an argument,
rather than making it static.

Don't print the "Capturing on <interface>" message until you actually
start capturing, and print it regardless of whether the interface was
explicitly specified or not (that's what snoop and tcpdump do).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1485 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoArrange that, on Solaris, we link with "-lkstat" if necessary when
guy [Sat, 15 Jan 2000 09:46:28 +0000 (09:46 +0000)]
Arrange that, on Solaris, we link with "-lkstat" if necessary when
linking with "-lsnmp".

Link only Ethereal and Tethereal with "-lpcap"; don't link editcap, or
any of the test programs that the configure script builds, with it
(because that means you also have to arrange that those test programs be
linked with @SOCKET_LIBS@ and @NSL_LIBS@) - i.e., don't add it to LIBS,
add it to PCAP_LIBS, and use that only for programs that need it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1484 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoTethereal needs the same set of additional objects that Ethereal does;
guy [Sat, 15 Jan 2000 08:08:20 +0000 (08:08 +0000)]
Tethereal needs the same set of additional objects that Ethereal does;
make it link with them.

Provide dependencies for Tethereal as well.

Tethereal may need to be linked with "-lsocket" and/or "-lnsl"; check
for that, and arrange that it be linked with them if necessary.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1483 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIf no "-i" flag is specified to Tethereal when no file is to be read,,
guy [Sat, 15 Jan 2000 06:05:21 +0000 (06:05 +0000)]
If no "-i" flag is specified to Tethereal when no file is to be read,,
or to Ethereal when the "-k" flag is specified, i.e. when a capture is
to be started immediately, use "pcap_lookupdev()" to pick an interface,
just as tcpdump does.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1482 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWhen configuring for GLib, we have to include gmodule support; the GTK+
guy [Sat, 15 Jan 2000 05:30:52 +0000 (05:30 +0000)]
When configuring for GLib, we have to include gmodule support; the GTK+
options include it automatically, but the GLib options don't, and
Tethereal links with GLib but not with GTK+.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1481 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix up a bunch of places where a pointer into the packet buffer was cast
guy [Sat, 15 Jan 2000 04:17:37 +0000 (04:17 +0000)]
Fix up a bunch of places where a pointer into the packet buffer was cast
to a type requiring 2-byte or better alignment and was then
dereferenced; doing that requires that the code generated by your
compiler not trap if it makes an unaligned reference, and on most RISC
processors the code generated by the compiler *will* trap on an
unaligned reference by default.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1480 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMerge in the final code to make Ethereal run on Win32, compiled
gram [Sat, 15 Jan 2000 00:23:13 +0000 (00:23 +0000)]
Merge in the final code to make Ethereal run on Win32, compiled
with MSVC 6.0 and 'nmake', the make tool that comes with MSVC.

It compiles, links, and runs. It doesn't run correctly. There's a problem
when reading files. I'm getting short reads.  I'm not linking in zlib or
libsnmp because it first needs to be debugged.

I changed the plugin code to use gmodule instead of libltdl, but the
Unix build still links ethereal against libltdl. I'll fix that tonight; sorry
about leaving it in such a sad state, but I wanted to check in this code
before I left work on a Friday night. Ethereal still works, but the
building is less than optimal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1479 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agobetter command line syntax description
nneul [Fri, 14 Jan 2000 23:26:18 +0000 (23:26 +0000)]
better command line syntax description

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1478 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't assume that the RX header is neatly aligned on a 4-byte boundary
guy [Fri, 14 Jan 2000 19:11:26 +0000 (19:11 +0000)]
Don't assume that the RX header is neatly aligned on a 4-byte boundary
in our address space.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1477 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSet an initial (blank) filter to get around the peculiarities in RH
gerald [Fri, 14 Jan 2000 19:05:30 +0000 (19:05 +0000)]
Set an initial (blank) filter to get around the peculiarities in RH
6.1's libpcap.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1476 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFixed small typo in hex printing.
gerald [Fri, 14 Jan 2000 17:08:41 +0000 (17:08 +0000)]
Fixed small typo in hex printing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1475 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCheck for existence of cf.iface before calling capture(). Change
gram [Fri, 14 Jan 2000 14:21:50 +0000 (14:21 +0000)]
Check for existence of cf.iface before calling capture(). Change
usage statement accordingly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1474 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSupply a patch that, at least on HP-UX 11.00, lets you specify to
guy [Fri, 14 Jan 2000 08:44:50 +0000 (08:44 +0000)]
Supply a patch that, at least on HP-UX 11.00, lets you specify to
"pcap_open_live()" a network interface name rather than a "dlpiN" name
(where "N" is the PPA for the device, as reported by lanscan).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1473 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNote that the Ethereal workaround for the libpcap timeout problem should
guy [Fri, 14 Jan 2000 08:18:58 +0000 (08:18 +0000)]
Note that the Ethereal workaround for the libpcap timeout problem should
prevent Ethereal's GUI from hanging during a capture, even if libpcap on
your Linux system hasn't been patched.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1472 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNote that we can read "i4btrace" capture files.
guy [Fri, 14 Jan 2000 08:14:33 +0000 (08:14 +0000)]
Note that we can read "i4btrace" capture files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1471 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNote that the Ethereal distribution also comes with Tethereal and
guy [Fri, 14 Jan 2000 08:12:14 +0000 (08:12 +0000)]
Note that the Ethereal distribution also comes with Tethereal and

Expand the list of OSes on which Ethereal has (at least at one time)
been built and used.

Note that systems other than Solaris that use DLPI (e.g., HP-UX) may
also have "/dev" entries that can be made more widely readable and
writable to allow non-root users to capture packets.

Note that we can read "i4btrace" capture files.

Note that we now always do SNMP dissection, and that an external library
just allows us to do more sophisticated dissection.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1470 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "doc/editcap.pod" and "doc/tethereal.pod.template" to the
guy [Fri, 14 Jan 2000 07:51:14 +0000 (07:51 +0000)]
Add "doc/editcap.pod" and "doc/tethereal.pod.template" to the

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1469 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "tethereal", a tty-oriented derivative of Ethereal that works like
guy [Fri, 14 Jan 2000 06:46:00 +0000 (06:46 +0000)]
Add "tethereal", a tty-oriented derivative of Ethereal that works like
Sun's snoop or like tcpdump.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1468 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "file_wrappers.c" to the list of things to compile with Microsoft
guy [Thu, 13 Jan 2000 18:26:15 +0000 (18:26 +0000)]
Add "file_wrappers.c" to the list of things to compile with Microsoft
Visual C{++}.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1467 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCall the CDP entry listing addresses "Addresses", not "Address" - it can
guy [Thu, 13 Jan 2000 18:02:24 +0000 (18:02 +0000)]
Call the CDP entry listing addresses "Addresses", not "Address" - it can
have more than one address.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1466 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago0x2000, for CDP, doesn't appear to be an Ethernet type - it's not
guy [Thu, 13 Jan 2000 17:59:14 +0000 (17:59 +0000)]
0x2000, for CDP, doesn't appear to be an Ethernet type - it's not
registered as a type for CDP, and CDP packets appear to be LLC packets
with an OUI of 00-00-0C, not the encapsulated Ethernet OUI of 00-00-00.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1465 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix "ascend-scanner.l" to include "file_wrappers.h" rather than the
guy [Thu, 13 Jan 2000 07:18:50 +0000 (07:18 +0000)]
Fix "ascend-scanner.l" to include "file_wrappers.h" rather than the
defunct "file.h".

Make "file_wrappers.c" include "wtap.h", so that the WTAP_ERR_ZLIB_
values are defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1464 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWe are obliged to define HAVE_UNISTD_H in "config.h"; to avoid the
guy [Thu, 13 Jan 2000 07:09:20 +0000 (07:09 +0000)]
We are obliged to define HAVE_UNISTD_H in "config.h"; to avoid the
hideous problem on FreeBSD 3.[23] (and perhaps other BSDs) if
HAVE_UNISTD_H is defined before "zlib.h" is included, turn "file_seek()"
into a subroutine defined in a file that *undefines* HAVE_UNISTD_H
before including "zlib.h", so that the *only* call to "gzseek()" is made
from a file that does not have HAVE_UNISTD_H defined when it includes

Move "file_error()" to that file while you're at it, so it holds all the
wrappers that hide the presence or absence of zlib from routines to read
capture files.

Turn "file.h", which declared those wrapper functions as well as wrapper
macros, into "file_wrapper.h" - it belongs with the "file_wrapper.c"
file that defines the wrapper functions, not with "file.c" which handles
higher-layer file access functions.

Remove the comment in "configure.in" that explained why defining
HAVE_UNISTD_H was a bad idea, as we're not obliged to define it and work
around the problem.  (The comment in "file_wrapper.c" explains the

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1463 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGet the NLPID value for ISIS from "nlpid.h", and report the NLPID value
guy [Thu, 13 Jan 2000 06:07:53 +0000 (06:07 +0000)]
Get the NLPID value for ISIS from "nlpid.h", and report the NLPID value
in ISIS packets with "nlpid_vals".

Report the NLPID value in CLNP packets with "nlpid_vals" as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1462 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd the NLPID value for PPP.
guy [Thu, 13 Jan 2000 05:41:24 +0000 (05:41 +0000)]
Add the NLPID value for PPP.

In Q.931 and Q.2931, the TR 9577 values are NLPIDs, so use "nlpid_vals"
to dissect them, and values from "nlpid.h" to refer to them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1461 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoX.25-over-Ethernet, as I'm inferring it works (i.e., the payload of the
guy [Thu, 13 Jan 2000 04:49:54 +0000 (04:49 +0000)]
X.25-over-Ethernet, as I'm inferring it works (i.e., the payload of the
packet is just an X.25 packet).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1460 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIndicate that the RFC for SDP is 2327.
guy [Thu, 13 Jan 2000 03:18:34 +0000 (03:18 +0000)]
Indicate that the RFC for SDP is 2327.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1459 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIndicate that the RFC for RTSP is 2326.
guy [Thu, 13 Jan 2000 03:12:07 +0000 (03:12 +0000)]
Indicate that the RFC for RTSP is 2326.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1458 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanges from Jason to make some RTSP fields filterable.
guy [Thu, 13 Jan 2000 03:07:26 +0000 (03:07 +0000)]
Changes from Jason to make some RTSP fields filterable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1457 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAssign a frame number to a frame only when reading frame data from a
guy [Thu, 13 Jan 2000 00:53:09 +0000 (00:53 +0000)]
Assign a frame number to a frame only when reading frame data from a
file, not when filtering or colorizing packets - filtering shouldn't
change the frame number of a frame (yes, this means that a filtered
display won't necessarily have packets numbered contiguously 1 through N
- that's a feature).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1456 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoExport the list of OSI NLPIDs in "nlpid.h", for use by the CDP
guy [Thu, 13 Jan 2000 00:41:11 +0000 (00:41 +0000)]
Export the list of OSI NLPIDs in "nlpid.h", for use by the CDP

Add a "value_string" table for NLPIDs to the OSI dissector, and export
it for use by the CDP dissector.

Fix the CDP dissector as per the documentation in


and as per some traces we have with CDP data in them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1455 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd an "Hex. Dump" radio button to the "Contents of TCP stream" window. It
oabad [Wed, 12 Jan 2000 22:07:56 +0000 (22:07 +0000)]
Add an "Hex. Dump" radio button to the "Contents of TCP stream" window. It
displays the contents of the TCP connexion in hexadecimal.
The two opposite directions of the conversation are displayed side by side.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1454 f5534014-38df-0310-8fa8-9805f1628bb7