tshark -G reports: add to heuristic-decodes, protocols
I'm trying to collect information from
tshark to verify changes in !4239.
The output of
heuristic-decodes list the protocol not the heuristic name. (parallel issue #17603 (closed) about what should be listed)
heuristic-decodes Dumps the heuristic decodes currently installed. There is one record per line. The fields are tab-delimited. * Field 1 = underlying dissector (e.g. "tcp") * Field 2 = name of heuristic decoder (e.g. ucp") * Field 3 = heuristic enabled (e.g. "T" or "F")
C:\>tshark -G heuristic-decodes | findstr /I xml media xml F udp xml F http xml F sip xml F tcp xml F wtap_file xml T
The output of
protocols doesn't indicate if a protocol is enabled. (see
heuristic enabled above)
protocols Dumps the protocols in the registration database to stdout. An independent program can take this output and format it into nice tables or HTML or whatever. There is one record per line. The fields are tab-delimited. * Field 1 = protocol name * Field 2 = protocol short name * Field 3 = protocol filter name
C:\>tshark -G protocols | findstr /I xml poc-settings XML doc (RFC 4354) poc-settings poc-settings presence XML doc (RFC 3863) presence presence Reginfo XML doc (RFC 3680) reginfo reginfo watcherinfo XML doc (RFC 3858) watcherinfo watcherinfo WAP Binary XML WBXML wbxml XML Configuration Access Protocol Server Capabilities xcap-caps xcap-caps XCAP Error XML doc (RFC 4825) xcap-error xcap-error eXtensible Markup Language XML xml
The information is available (POC):
C:\Development\wsbuild64>run\RelWithDebInfo\tshark -G heuristic-decodes | findstr /I xml_ media xml F xml_media udp xml F xml_udp http xml F xml_http sip xml F xml_sip tcp xml F xml_tcp wtap_file xml T xml_wtap C:\Development\wsbuild64>run\RelWithDebInfo\tshark -G protocols | findstr /I xml poc-settings XML doc (RFC 4354) poc-settings poc-settings Enabled presence XML doc (RFC 3863) presence presence Enabled Reginfo XML doc (RFC 3680) reginfo reginfo Enabled watcherinfo XML doc (RFC 3858) watcherinfo watcherinfo Enabled WAP Binary XML WBXML wbxml Enabled XML Configuration Access Protocol Server Capabilities xcap-caps xcap-caps Enabled XCAP Error XML doc (RFC 4825) xcap-error xcap-error Enabled eXtensible Markup Language XML xml Enabled
1 - what would be required to change the format of these reports to add the additional information?
2 - is it better to append fields to the existing, or to have common fields (the
enabled flag) at the end?
C:\Users\admin>tshark -v TShark (Wireshark) 3.5.0 (v3.5.0-0-ge7296d5208ad) Copyright 1998-2021 Gerald Combs <firstname.lastname@example.org> and contributors. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) using Microsoft Visual Studio 2019 (VC++ 14.29, build 30040), with libpcap, with GLib 2.66.4, with zlib 1.2.11, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.42.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10, with SMI 0.4.8. Running on 64-bit Windows 10 (2009), build 19043, with Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz (with SSE4.2), with 12191 MB of physical memory, with GLib 2.66.4, with Npcap version 1.55, based on libpcap version 1.10.2-PRE-GIT, with c-ares 1.17.0, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with nghttp2 1.42.0, with brotli 1.0.9, with LZ4 1.9.2, with Zstandard 1.4.0, with locale English_United States.utf8, binary plugins supported (0 loaded).