20 years agoGive "dissect_rpc_string()" an extra "char **" argument; if it's
guy [Sat, 22 Jan 2000 05:49:08 +0000 (05:49 +0000)]
Give "dissect_rpc_string()" an extra "char **" argument; if it's
non-null, it returns through that argument a pointer to the displayed
version of the string, otherwise it just frees that string.

Use that to put, in the tree item for READDIR and READDIRPLUS reply
directory entry items, the file name from the directory entry.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1521 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "proto_item_set_text()", which sets the "representation" field of an
guy [Sat, 22 Jan 2000 04:59:55 +0000 (04:59 +0000)]
Add "proto_item_set_text()", which sets the "representation" field of an
existing protocol tree item.

Add "proto_tree_add_notext()"; it's just like "proto_tree_add_text()",
but without the text, and it sets the "representation" field to NULL;
that field would be set later with "proto_item_set_text()".

Those routines let you construct, for example, an interior node of the
protocol tree whose text can't be determined until all the nodes under
it have been dissected - it's similar to "proto_item_set_len()" in that

Use that when dissecting address TLVs in the CDP dissector - create the
item for an address in an "Addresses" TLV with no text, and then fill in
the items under it one at a time; if we get cut off before we get to the
actual address, set the text to "Truncated address", otherwise set it to
a description of the address.

Also, set the length of the item for the entire address TLV correctly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1520 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"tm_mon" in a "struct tm" is 0-based, not 1-based; when printing the
guy [Sat, 22 Jan 2000 02:00:27 +0000 (02:00 +0000)]
"tm_mon" in a "struct tm" is 0-based, not 1-based; when printing the
month number, add 1 to "tm_mon".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1519 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd URL.
gram [Fri, 21 Jan 2000 19:19:23 +0000 (19:19 +0000)]
Add URL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1518 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd stuff to add platform-specific compiler flags; currently, we have
guy [Fri, 21 Jan 2000 08:44:40 +0000 (08:44 +0000)]
Add stuff to add platform-specific compiler flags; currently, we have
only flags for HP's ANSI C compiler, as suggested by Jost Martin.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1517 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "-L" flags to LDFLAGS, not LIBS, and get rid of all the exotic
guy [Fri, 21 Jan 2000 06:18:16 +0000 (06:18 +0000)]
Add "-L" flags to LDFLAGS, not LIBS, and get rid of all the exotic
searching that tries to figure out in what directory libpcap lives - we
should treat "-L" just like "-I", rather than adding a ton of
complication to do it the way the autoconf maintainers think, for some
reason, it should be done (by adding "-L" flags to LIBS - "-L" flags
don't specify libraries, so I have no clue why they think they belong in
LIBS; they specify a search path for libraries, just as "-I" flags
specify a search path for header files, so they strike me as "flags to
the linker" rather than "libraries", and LDFLAGS, unlike LIBS, appears
before *all* "-l" flags, including those specified by PCAP_LIBS and so

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1516 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoApplied the vines part of Joerg's vines patch.
gram [Fri, 21 Jan 2000 00:07:53 +0000 (00:07 +0000)]
Applied the vines part of Joerg's vines patch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1515 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoJoerg Mayer's updates to the VINES dissector and to protocol layers
guy [Thu, 20 Jan 2000 21:34:16 +0000 (21:34 +0000)]
Joerg Mayer's updates to the VINES dissector and to protocol layers
above VINES.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1514 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGerrit Gehnen's patch to add support for the "Inactive Subset" of the
guy [Thu, 20 Jan 2000 19:16:41 +0000 (19:16 +0000)]
Gerrit Gehnen's patch to add support for the "Inactive Subset" of the
ISO 8473 CLNP protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1513 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe headers of HP-UX 9.04 and HP-UX 10.20 nettl files seem to be different.
oabad [Thu, 20 Jan 2000 17:13:42 +0000 (17:13 +0000)]
The headers of HP-UX 9.04 and HP-UX 10.20 nettl files seem to be different.
Check for both "magic numbers".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1512 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut the RFC number for PPTP into the introductory comment.
guy [Thu, 20 Jan 2000 07:31:29 +0000 (07:31 +0000)]
Put the RFC number for PPTP into the introductory comment.

Fix a bunch of byte-order problems, as noted by Thomas Quinot in Debian
bug 55347, although his fix addressed only the byte-order problems, not
the blithely-fetching-through-a-possibly-unaligned-pointer problems that
said code also had; we fix both of them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1511 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoInclude CFLAGS in the command to build "rdps".
guy [Tue, 18 Jan 2000 20:35:40 +0000 (20:35 +0000)]
Include CFLAGS in the command to build "rdps".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1510 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUse "strrchr()" instead of "rindex()" - "strrchr()" is the routine the
guy [Tue, 18 Jan 2000 19:01:35 +0000 (19:01 +0000)]
Use "strrchr()" instead of "rindex()" - "strrchr()" is the routine the
ANSI C standard specifies.

Fix up some menu stuff that should've been fixed when I put "Find Frame"
and "Go To Frame" under "Edit".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1509 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoLast dissectors for NFS v3 are finally done.
girlich [Tue, 18 Jan 2000 11:56:15 +0000 (11:56 +0000)]
Last dissectors for NFS v3 are finally done.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1508 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNew constants for ftype3 decoding.
girlich [Tue, 18 Jan 2000 11:54:07 +0000 (11:54 +0000)]
New constants for ftype3 decoding.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1507 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut into the "Capture Preferences" dialog box a check box to control
guy [Tue, 18 Jan 2000 09:25:04 +0000 (09:25 +0000)]
Put into the "Capture Preferences" dialog box a check box to control
whether, in a live capture that updates the display as packets arrive,
the packet list pane should scroll to show the most recently captured
packets or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1506 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut the "Find Frame" and "Go To Frame" menu items under "Edit"; leave
guy [Tue, 18 Jan 2000 09:05:30 +0000 (09:05 +0000)]
Put the "Find Frame" and "Go To Frame" menu items under "Edit"; leave
them under "Display" as well for now.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1505 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoJerry Talkington's changes to support, in the packet list and protocol
guy [Tue, 18 Jan 2000 08:38:18 +0000 (08:38 +0000)]
Jerry Talkington's changes to support, in the packet list and protocol
tree panes, menus popped up by the right mouse button.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1504 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSquelch some complaints from GCC (and protect against the admittedly
guy [Mon, 17 Jan 2000 20:30:17 +0000 (20:30 +0000)]
Squelch some complaints from GCC (and protect against the admittedly
unlikely possibility that, on some platform, converting a "gpointer" to
pointers of the types in question involves more than just reinterpreting
the bits of the "gpointer" value).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1503 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUse "strchr()" rather than "index()" - the ANSI C standard specifies
guy [Mon, 17 Jan 2000 20:21:40 +0000 (20:21 +0000)]
Use "strchr()" rather than "index()" - the ANSI C standard specifies
"strchr()", and it, unlike "index()", is declared in <string.h>.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1502 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd Makefile.nmake to list of deliverables. I had sent Thomas Parvais
gram [Mon, 17 Jan 2000 18:14:13 +0000 (18:14 +0000)]
Add Makefile.nmake to list of deliverables. I had sent Thomas Parvais
a tarball from the current CVS image using "make dist". That's why
he sent an e-mail today saying that the gtk/Makefile.namek was not
in CVS. It's in CVS, but it wasn't in the tarball I sent him.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1501 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWe have to #include "plugins.h" before using the HAVE_PLUGINS define.
oabad [Mon, 17 Jan 2000 17:12:43 +0000 (17:12 +0000)]
We have to #include "plugins.h" before using the HAVE_PLUGINS define.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1500 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a "-F" flag, to allow the format of a file being written to be
guy [Mon, 17 Jan 2000 08:06:42 +0000 (08:06 +0000)]
Add a "-F" flag, to allow the format of a file being written to be
specified.  This will be of more use when I allow "-w" to be used when
reading an existing capture file rather than doing a live capture (which
will also allow you to specify a read filter, and thus to write a
capture file containing those packets from an existing capture file that
match a given display filter).

Fix up some messages to say "tethereal" rather than "ethereal".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1499 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSmall patch to editcap to allow ranges of packets to be specified
sharpe [Mon, 17 Jan 2000 08:06:03 +0000 (08:06 +0000)]
Small patch to editcap to allow ranges of packets to be specified
as well as individual packets.

I needed to grab quite a few from the middle of a large capture file.

Will eventually need to sort the extract list.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1498 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a "-x" flag to Tethereal, to make it print a hex and ASCII dump of
guy [Mon, 17 Jan 2000 07:49:03 +0000 (07:49 +0000)]
Add a "-x" flag to Tethereal, to make it print a hex and ASCII dump of
the packet data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1497 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGet rid of the include of "util.h" that some dissectors do - it's not
guy [Sun, 16 Jan 2000 02:54:49 +0000 (02:54 +0000)]
Get rid of the include of "util.h" that some dissectors do - it's not

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1496 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMove the routine to get a list of the network interfaces on the system
guy [Sun, 16 Jan 2000 02:48:12 +0000 (02:48 +0000)]
Move the routine to get a list of the network interfaces on the system
to "util.c", and provide a routine to free that list as well.

When picking an interface on which to do a capture (if no "-i" flag was
specified), use that routine, and pick the first interface on the list.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1495 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe NetBSD zlib problem is probably the same as the FreeBSD and OpenBSD
guy [Sun, 16 Jan 2000 00:13:24 +0000 (00:13 +0000)]
The NetBSD zlib problem is probably the same as the FreeBSD and OpenBSD
zlib problems, and my workaround appears to handle that problem, so
let's reenable zlib support in NetBSD and look into it in more detail if
there's still a problem.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1494 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRename "save_LIBS" to "ethereal_save_LIBS", to reduce the risk of a name
guy [Sat, 15 Jan 2000 21:01:04 +0000 (21:01 +0000)]
Rename "save_LIBS" to "ethereal_save_LIBS", to reduce the risk of a name
collision with another variable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1493 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't exclude register.c from the distribution tarball because we
gram [Sat, 15 Jan 2000 13:45:06 +0000 (13:45 +0000)]
Don't exclude register.c from the distribution tarball because we
no longer optionally compile the snmp dissector. But I left the dist-hook
line in the Makefile.am in case we're ever in that situation again.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1492 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd in a couple of the artifacts produced from autoconf/automake
gram [Sat, 15 Jan 2000 13:27:39 +0000 (13:27 +0000)]
Add in a couple of the artifacts produced from autoconf/automake

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1491 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemove libltdl from the build. The directory is still in CVS, but it is
gram [Sat, 15 Jan 2000 13:25:22 +0000 (13:25 +0000)]
Remove libltdl from the build. The directory is still in CVS, but it is
not used in the build. I'll wait a few days to remove the libltdl
directory, just in case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1490 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMove top-level window creation to separate function outside of
gram [Sat, 15 Jan 2000 12:54:24 +0000 (12:54 +0000)]
Move top-level window creation to separate function outside of

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1489 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd missing #ifdef HAVE_PLUGINS before calling init_plugins()
oabad [Sat, 15 Jan 2000 10:50:23 +0000 (10:50 +0000)]
Add missing #ifdef HAVE_PLUGINS before calling init_plugins()

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1488 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a call to init_plugins() in order to read the plugins.status file and
oabad [Sat, 15 Jan 2000 10:47:56 +0000 (10:47 +0000)]
Add a call to init_plugins() in order to read the plugins.status file and
enable plugins if their saved status is "active".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1487 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAs we're not using the default action for AC_CHECK_LIB in
guy [Sat, 15 Jan 2000 10:25:41 +0000 (10:25 +0000)]
As we're not using the default action for AC_CHECK_LIB in
AC_ETHEREAL_PCAP_CHECK, we have to explicitly define HAVE_LIBPCAP if we
find it, otherwise it doesn't get defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1486 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPass the number of packets to be captured to "capture()" as an argument,
guy [Sat, 15 Jan 2000 10:23:10 +0000 (10:23 +0000)]
Pass the number of packets to be captured to "capture()" as an argument,
rather than making it static.

Don't print the "Capturing on <interface>" message until you actually
start capturing, and print it regardless of whether the interface was
explicitly specified or not (that's what snoop and tcpdump do).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1485 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoArrange that, on Solaris, we link with "-lkstat" if necessary when
guy [Sat, 15 Jan 2000 09:46:28 +0000 (09:46 +0000)]
Arrange that, on Solaris, we link with "-lkstat" if necessary when
linking with "-lsnmp".

Link only Ethereal and Tethereal with "-lpcap"; don't link editcap, or
any of the test programs that the configure script builds, with it
(because that means you also have to arrange that those test programs be
linked with @SOCKET_LIBS@ and @NSL_LIBS@) - i.e., don't add it to LIBS,
add it to PCAP_LIBS, and use that only for programs that need it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1484 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoTethereal needs the same set of additional objects that Ethereal does;
guy [Sat, 15 Jan 2000 08:08:20 +0000 (08:08 +0000)]
Tethereal needs the same set of additional objects that Ethereal does;
make it link with them.

Provide dependencies for Tethereal as well.

Tethereal may need to be linked with "-lsocket" and/or "-lnsl"; check
for that, and arrange that it be linked with them if necessary.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1483 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIf no "-i" flag is specified to Tethereal when no file is to be read,,
guy [Sat, 15 Jan 2000 06:05:21 +0000 (06:05 +0000)]
If no "-i" flag is specified to Tethereal when no file is to be read,,
or to Ethereal when the "-k" flag is specified, i.e. when a capture is
to be started immediately, use "pcap_lookupdev()" to pick an interface,
just as tcpdump does.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1482 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWhen configuring for GLib, we have to include gmodule support; the GTK+
guy [Sat, 15 Jan 2000 05:30:52 +0000 (05:30 +0000)]
When configuring for GLib, we have to include gmodule support; the GTK+
options include it automatically, but the GLib options don't, and
Tethereal links with GLib but not with GTK+.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1481 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix up a bunch of places where a pointer into the packet buffer was cast
guy [Sat, 15 Jan 2000 04:17:37 +0000 (04:17 +0000)]
Fix up a bunch of places where a pointer into the packet buffer was cast
to a type requiring 2-byte or better alignment and was then
dereferenced; doing that requires that the code generated by your
compiler not trap if it makes an unaligned reference, and on most RISC
processors the code generated by the compiler *will* trap on an
unaligned reference by default.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1480 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMerge in the final code to make Ethereal run on Win32, compiled
gram [Sat, 15 Jan 2000 00:23:13 +0000 (00:23 +0000)]
Merge in the final code to make Ethereal run on Win32, compiled
with MSVC 6.0 and 'nmake', the make tool that comes with MSVC.

It compiles, links, and runs. It doesn't run correctly. There's a problem
when reading files. I'm getting short reads.  I'm not linking in zlib or
libsnmp because it first needs to be debugged.

I changed the plugin code to use gmodule instead of libltdl, but the
Unix build still links ethereal against libltdl. I'll fix that tonight; sorry
about leaving it in such a sad state, but I wanted to check in this code
before I left work on a Friday night. Ethereal still works, but the
building is less than optimal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1479 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agobetter command line syntax description
nneul [Fri, 14 Jan 2000 23:26:18 +0000 (23:26 +0000)]
better command line syntax description

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1478 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't assume that the RX header is neatly aligned on a 4-byte boundary
guy [Fri, 14 Jan 2000 19:11:26 +0000 (19:11 +0000)]
Don't assume that the RX header is neatly aligned on a 4-byte boundary
in our address space.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1477 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSet an initial (blank) filter to get around the peculiarities in RH
gerald [Fri, 14 Jan 2000 19:05:30 +0000 (19:05 +0000)]
Set an initial (blank) filter to get around the peculiarities in RH
6.1's libpcap.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1476 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFixed small typo in hex printing.
gerald [Fri, 14 Jan 2000 17:08:41 +0000 (17:08 +0000)]
Fixed small typo in hex printing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1475 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCheck for existence of cf.iface before calling capture(). Change
gram [Fri, 14 Jan 2000 14:21:50 +0000 (14:21 +0000)]
Check for existence of cf.iface before calling capture(). Change
usage statement accordingly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1474 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSupply a patch that, at least on HP-UX 11.00, lets you specify to
guy [Fri, 14 Jan 2000 08:44:50 +0000 (08:44 +0000)]
Supply a patch that, at least on HP-UX 11.00, lets you specify to
"pcap_open_live()" a network interface name rather than a "dlpiN" name
(where "N" is the PPA for the device, as reported by lanscan).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1473 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNote that the Ethereal workaround for the libpcap timeout problem should
guy [Fri, 14 Jan 2000 08:18:58 +0000 (08:18 +0000)]
Note that the Ethereal workaround for the libpcap timeout problem should
prevent Ethereal's GUI from hanging during a capture, even if libpcap on
your Linux system hasn't been patched.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1472 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNote that we can read "i4btrace" capture files.
guy [Fri, 14 Jan 2000 08:14:33 +0000 (08:14 +0000)]
Note that we can read "i4btrace" capture files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1471 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNote that the Ethereal distribution also comes with Tethereal and
guy [Fri, 14 Jan 2000 08:12:14 +0000 (08:12 +0000)]
Note that the Ethereal distribution also comes with Tethereal and

Expand the list of OSes on which Ethereal has (at least at one time)
been built and used.

Note that systems other than Solaris that use DLPI (e.g., HP-UX) may
also have "/dev" entries that can be made more widely readable and
writable to allow non-root users to capture packets.

Note that we can read "i4btrace" capture files.

Note that we now always do SNMP dissection, and that an external library
just allows us to do more sophisticated dissection.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1470 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "doc/editcap.pod" and "doc/tethereal.pod.template" to the
guy [Fri, 14 Jan 2000 07:51:14 +0000 (07:51 +0000)]
Add "doc/editcap.pod" and "doc/tethereal.pod.template" to the

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1469 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "tethereal", a tty-oriented derivative of Ethereal that works like
guy [Fri, 14 Jan 2000 06:46:00 +0000 (06:46 +0000)]
Add "tethereal", a tty-oriented derivative of Ethereal that works like
Sun's snoop or like tcpdump.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1468 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd "file_wrappers.c" to the list of things to compile with Microsoft
guy [Thu, 13 Jan 2000 18:26:15 +0000 (18:26 +0000)]
Add "file_wrappers.c" to the list of things to compile with Microsoft
Visual C{++}.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1467 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCall the CDP entry listing addresses "Addresses", not "Address" - it can
guy [Thu, 13 Jan 2000 18:02:24 +0000 (18:02 +0000)]
Call the CDP entry listing addresses "Addresses", not "Address" - it can
have more than one address.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1466 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago0x2000, for CDP, doesn't appear to be an Ethernet type - it's not
guy [Thu, 13 Jan 2000 17:59:14 +0000 (17:59 +0000)]
0x2000, for CDP, doesn't appear to be an Ethernet type - it's not
registered as a type for CDP, and CDP packets appear to be LLC packets
with an OUI of 00-00-0C, not the encapsulated Ethernet OUI of 00-00-00.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1465 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix "ascend-scanner.l" to include "file_wrappers.h" rather than the
guy [Thu, 13 Jan 2000 07:18:50 +0000 (07:18 +0000)]
Fix "ascend-scanner.l" to include "file_wrappers.h" rather than the
defunct "file.h".

Make "file_wrappers.c" include "wtap.h", so that the WTAP_ERR_ZLIB_
values are defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1464 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWe are obliged to define HAVE_UNISTD_H in "config.h"; to avoid the
guy [Thu, 13 Jan 2000 07:09:20 +0000 (07:09 +0000)]
We are obliged to define HAVE_UNISTD_H in "config.h"; to avoid the
hideous problem on FreeBSD 3.[23] (and perhaps other BSDs) if
HAVE_UNISTD_H is defined before "zlib.h" is included, turn "file_seek()"
into a subroutine defined in a file that *undefines* HAVE_UNISTD_H
before including "zlib.h", so that the *only* call to "gzseek()" is made
from a file that does not have HAVE_UNISTD_H defined when it includes

Move "file_error()" to that file while you're at it, so it holds all the
wrappers that hide the presence or absence of zlib from routines to read
capture files.

Turn "file.h", which declared those wrapper functions as well as wrapper
macros, into "file_wrapper.h" - it belongs with the "file_wrapper.c"
file that defines the wrapper functions, not with "file.c" which handles
higher-layer file access functions.

Remove the comment in "configure.in" that explained why defining
HAVE_UNISTD_H was a bad idea, as we're not obliged to define it and work
around the problem.  (The comment in "file_wrapper.c" explains the

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1463 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGet the NLPID value for ISIS from "nlpid.h", and report the NLPID value
guy [Thu, 13 Jan 2000 06:07:53 +0000 (06:07 +0000)]
Get the NLPID value for ISIS from "nlpid.h", and report the NLPID value
in ISIS packets with "nlpid_vals".

Report the NLPID value in CLNP packets with "nlpid_vals" as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1462 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd the NLPID value for PPP.
guy [Thu, 13 Jan 2000 05:41:24 +0000 (05:41 +0000)]
Add the NLPID value for PPP.

In Q.931 and Q.2931, the TR 9577 values are NLPIDs, so use "nlpid_vals"
to dissect them, and values from "nlpid.h" to refer to them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1461 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoX.25-over-Ethernet, as I'm inferring it works (i.e., the payload of the
guy [Thu, 13 Jan 2000 04:49:54 +0000 (04:49 +0000)]
X.25-over-Ethernet, as I'm inferring it works (i.e., the payload of the
packet is just an X.25 packet).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1460 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIndicate that the RFC for SDP is 2327.
guy [Thu, 13 Jan 2000 03:18:34 +0000 (03:18 +0000)]
Indicate that the RFC for SDP is 2327.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1459 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIndicate that the RFC for RTSP is 2326.
guy [Thu, 13 Jan 2000 03:12:07 +0000 (03:12 +0000)]
Indicate that the RFC for RTSP is 2326.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1458 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanges from Jason to make some RTSP fields filterable.
guy [Thu, 13 Jan 2000 03:07:26 +0000 (03:07 +0000)]
Changes from Jason to make some RTSP fields filterable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1457 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAssign a frame number to a frame only when reading frame data from a
guy [Thu, 13 Jan 2000 00:53:09 +0000 (00:53 +0000)]
Assign a frame number to a frame only when reading frame data from a
file, not when filtering or colorizing packets - filtering shouldn't
change the frame number of a frame (yes, this means that a filtered
display won't necessarily have packets numbered contiguously 1 through N
- that's a feature).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1456 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoExport the list of OSI NLPIDs in "nlpid.h", for use by the CDP
guy [Thu, 13 Jan 2000 00:41:11 +0000 (00:41 +0000)]
Export the list of OSI NLPIDs in "nlpid.h", for use by the CDP

Add a "value_string" table for NLPIDs to the OSI dissector, and export
it for use by the CDP dissector.

Fix the CDP dissector as per the documentation in


and as per some traces we have with CDP data in them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1455 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd an "Hex. Dump" radio button to the "Contents of TCP stream" window. It
oabad [Wed, 12 Jan 2000 22:07:56 +0000 (22:07 +0000)]
Add an "Hex. Dump" radio button to the "Contents of TCP stream" window. It
displays the contents of the TCP connexion in hexadecimal.
The two opposite directions of the conversation are displayed side by side.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1454 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFor the Cisco OUI, always add the protocol ID to the tree if we're
guy [Wed, 12 Jan 2000 20:00:19 +0000 (20:00 +0000)]
For the Cisco OUI, always add the protocol ID to the tree if we're
constructing a protocol tree.

Don't add the protocol ID for unknown OUIs unless we're constructing a
protocol tree.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1453 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCisco CDP packets appears to be sent as LLC packets with an OUI of
guy [Wed, 12 Jan 2000 19:37:24 +0000 (19:37 +0000)]
Cisco CDP packets appears to be sent as LLC packets with an OUI of
0x00000c and a protocol ID of 0x2000 - we used to recognize those as CDP
because we ignored the OUI and treated all LLC packets as
SNAP-encapsulated packets, and treated 0x2000 as an Ethertype, but we
now treat only encapsulated-Ethernet and Apple packets as
SNAP-encapsulated (and arguably we should handle Apple separately).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1452 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoEnough is enough. Requiring anybody who uses Ethereal on Linux to
guy [Wed, 12 Jan 2000 06:56:32 +0000 (06:56 +0000)]
Enough is enough.  Requiring anybody who uses Ethereal on Linux to
update their libpcap probably isn't going to scale - the increasing
frequency with which "Ethereal hangs when I try to capture packets"
shows up on "ethereal-dev" suggests that, unless and until a libpcap
with the "select()" in it becomes ubiquitous on Linux, that'll be the
source of a constant support burden - so we'll just put the "select()"
in Ethereal if it's being built for Linux.

(Putting it in for platforms where the read timeout argument to
"pcap_open_live()" works adds an extra useless system call at best and,
at worst, could make Ethereal not work - "select()" doesn't work on
"/dev/bpf" devices on FreeBSD 3.3, at least, unless you're in "immediate
mode", and, whilst "immediate mode" would make Ethereal respond more
quickly when packets arrive, it might cause Ethereal to respond too
quickly, doing reads for every new packet rather than waiting for
multiple packets to arrive and reading them all with one "read()", which
appears to be at least part of the intent of the read timeout on
"/dev/bpf" devices in BSD.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1451 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemove the reference to my old samples directory on the web server;
gram [Mon, 10 Jan 2000 23:43:15 +0000 (23:43 +0000)]
Remove the reference to my old samples directory on the web server;
the new ethereal web site contains a link to its own samples directory.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1450 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUpdates to the L2TP parser, from Laurent Cazalet and Thomas Parvais.
guy [Mon, 10 Jan 2000 23:22:30 +0000 (23:22 +0000)]
Updates to the L2TP parser, from Laurent Cazalet and Thomas Parvais.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1449 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSome initial changes for win32 support, but not all.
gram [Mon, 10 Jan 2000 17:33:17 +0000 (17:33 +0000)]
Some initial changes for win32 support, but not all.

Added lots of #ifdef HAVE_*_H wrappers.
Added some #defines in config.h.win32
Check for more headers in configure.in
Added prototype for inet_aton() in inet_v6defs.h.
Changed "BYTE" token (i.e., #define) in ascend-gramamr.y because it
conflicts with a windows definition. Use HEXBYTE instead.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1448 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMove the code in "column.c" that implements the column preferences tab
guy [Mon, 10 Jan 2000 01:44:00 +0000 (01:44 +0000)]
Move the code in "column.c" that implements the column preferences tab
into "gtk/column_prefs.c".

Get rid of "get_column_width()" - instead, export
"get_column_longest_string()", and have "get_column_width()"'s callers
make the GDK call to get the width of that string, so that "column.c"
contains no GTK+/GDK code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1447 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a man page for "editcap".
guy [Sun, 9 Jan 2000 20:28:26 +0000 (20:28 +0000)]
Add a man page for "editcap".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1446 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMake "editcap" one of the standard targets, so it's built and installed
guy [Sun, 9 Jan 2000 20:05:37 +0000 (20:05 +0000)]
Make "editcap" one of the standard targets, so it's built and installed
by default.

Use the automake mechanisms for it, and, having done so, arrange that it
not be linked with GTK+ (which it doesn't need) - it currently links
with libpcap, but that should be fixed as well.  (It also needs a man

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1445 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd finaly news item.
gram [Sun, 9 Jan 2000 18:15:33 +0000 (18:15 +0000)]
Add finaly news item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1443 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd to some comments notes on the meaning of DLT types 15 and 16 on
guy [Sun, 9 Jan 2000 07:55:48 +0000 (07:55 +0000)]
Add to some comments notes on the meaning of DLT types 15 and 16 on
Linux systems with the isdn4linux patches; they help make DLT types even
less useful than they were after the various flavors of BSD proceeded to
add their own types past 14, with no coordination whatosever, so that
they overlapped, rendering it impossible to read a libpcap capture file
without knowing what particular OS generated it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1442 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't recompute "cf->count" when filtering packets - the recomputation
guy [Sat, 8 Jan 2000 23:49:33 +0000 (23:49 +0000)]
Don't recompute "cf->count" when filtering packets - the recomputation
will just give it the value it's always had, as packets are counted
regardless of whether they pass the filter or not (which is what we

Given that, so there's no need for a separate "cf->unfiltered_count"
value, so get rid of it and use "cf->count" instead.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1441 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAllow people to print packets if there are packets to print, even if
guy [Sat, 8 Jan 2000 23:34:50 +0000 (23:34 +0000)]
Allow people to print packets if there are packets to print, even if
we're in the middle of an "Update list of packets in real time" capture.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1440 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix my typo in a variable name.
gram [Sat, 8 Jan 2000 21:56:29 +0000 (21:56 +0000)]
Fix my typo in a variable name.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1439 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoI finally got autoconf, automake, and the plugins to behave together.
gram [Sat, 8 Jan 2000 19:37:11 +0000 (19:37 +0000)]
I finally got autoconf, automake, and the plugins to behave together.
The distro is buildable finally. I had to change "plugins/gryphon" from
a separately configured (i.e., "./configure") package to a member of
the main ethereal autoconf package so that PLUGIN_DIR could be passed
to plugins/gryphon/Makefile.am. In doing so, I had to get rid of
plugins/gryphon/config.h which had PACKAGE and VERSION #defined, the latter
of which was actually used in packet-gryphon.c. So I moved those two
#defines into a new file, plugins/gryphon/moduleinfo.h.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1438 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix Gerald's e-mail address.
guy [Fri, 7 Jan 2000 22:05:43 +0000 (22:05 +0000)]
Fix Gerald's e-mail address.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1437 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIndicate the RFC that specifies L2TP.
guy [Fri, 7 Jan 2000 21:53:24 +0000 (21:53 +0000)]
Indicate the RFC that specifies L2TP.

Update Gerald's e-mail address.

Make some variables static.

Make some *other* variables auto, as they don't need to have static
storage duration.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1436 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoInclude L2TP support in the list of new features in 0.8.1.
guy [Fri, 7 Jan 2000 09:24:59 +0000 (09:24 +0000)]
Include L2TP support in the list of new features in 0.8.1.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1435 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe L2TP dissector is by John Thomes, not John Thomas.
guy [Fri, 7 Jan 2000 09:13:21 +0000 (09:13 +0000)]
The L2TP dissector is by John Thomes, not John Thomas.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1434 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd John Thomas' L2TP dissector.
guy [Fri, 7 Jan 2000 09:10:22 +0000 (09:10 +0000)]
Add John Thomas' L2TP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1433 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMove to version 0.8.1
gram [Fri, 7 Jan 2000 05:21:09 +0000 (05:21 +0000)]
Move to version 0.8.1

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1432 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't take strlen of TransactName if NULL. In fact, don't do *anything*
gram [Fri, 7 Jan 2000 04:27:06 +0000 (04:27 +0000)]
Don't take strlen of TransactName if NULL. In fact, don't do *anything*
and return if TransactName == NULL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1431 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"print_file()" is no longer used; nuke it.
guy [Fri, 7 Jan 2000 00:36:25 +0000 (00:36 +0000)]
"print_file()" is no longer used; nuke it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1430 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd README.vmware to list of deliverables.
gram [Thu, 6 Jan 2000 19:51:26 +0000 (19:51 +0000)]
Add README.vmware to list of deliverables.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1429 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd info on how to get a patch for libpcap to sniff your virtual ethernet
gram [Thu, 6 Jan 2000 19:50:38 +0000 (19:50 +0000)]
Add info on how to get a patch for libpcap to sniff your virtual ethernet
hub when using VMware.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1428 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix the "Print" button in the window popped up by "Follow TCP Stream" to
guy [Thu, 6 Jan 2000 08:20:13 +0000 (08:20 +0000)]
Fix the "Print" button in the window popped up by "Follow TCP Stream" to
print only the actual stream data, not the address and port binary

Fix it to handle the ASCII/EBCDIC selection as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1427 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPrinting multiple pages of PostScript wasn't as tricky as I thought; add
guy [Thu, 6 Jan 2000 07:33:35 +0000 (07:33 +0000)]
Printing multiple pages of PostScript wasn't as tricky as I thought; add
support for printing in PostScript to the "Print..." dialog box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1426 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoImprove the description of the packet-printing dialogs, and note that
guy [Thu, 6 Jan 2000 07:32:44 +0000 (07:32 +0000)]
Improve the description of the packet-printing dialogs, and note that
the Edit:Preferences dialog also lets you edit GUI preferences.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1425 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't include "print.h" in "globals.h"; have the few files that need
guy [Thu, 6 Jan 2000 06:28:54 +0000 (06:28 +0000)]
Don't include "print.h" in "globals.h"; have the few files that need
stuff from it include it themselves.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1424 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't bother checking whether the filter string is empty - just use it
guy [Thu, 6 Jan 2000 05:09:01 +0000 (05:09 +0000)]
Don't bother checking whether the filter string is empty - just use it
even if it's empty, rather than using an empty string instead of it if
it's empty.

Also, "gtk_entry_get_text()" appears, from the documentation, always to
return a non-null pointer (and it returned a non-null pointer when I
started a capture with an empty filter string); don't supply a null
string if it's null, just do a "g_assert()" to make sure it's non-null.

Put in a comment explaining why we aren't trying to be clever and
detecting an empty filter string and setting "cf.filter" to NULL if it's

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1423 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoWhen initializing a capture filter, assign a pointer to an empty string
gerald [Wed, 5 Jan 2000 22:31:46 +0000 (22:31 +0000)]
When initializing a capture filter, assign a pointer to an empty string
instead of NULL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1422 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChange ports from guint16 to guint32
gram [Wed, 5 Jan 2000 21:48:16 +0000 (21:48 +0000)]
Change ports from guint16 to guint32

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1421 f5534014-38df-0310-8fa8-9805f1628bb7