tshark -G reports: add to heuristic-decodes, protocols
Description
I'm trying to collect information from tshark
to verify changes in !4239 (merged).
The output of heuristic-decodes
list the protocol not the heuristic name. (parallel issue #17603 (closed) about what should be listed)
heuristic-decodes Dumps the heuristic decodes currently installed. There is one record per line. The fields are tab-delimited.
* Field 1 = underlying dissector (e.g. "tcp")
* Field 2 = name of heuristic decoder (e.g. ucp")
* Field 3 = heuristic enabled (e.g. "T" or "F")
C:\>tshark -G heuristic-decodes | findstr /I xml
media xml F
udp xml F
http xml F
sip xml F
tcp xml F
wtap_file xml T
The output of protocols
doesn't indicate if a protocol is enabled. (see heuristic enabled
above)
protocols Dumps the protocols in the registration database to stdout. An independent program can take this output and format it into nice tables or HTML or whatever. There is one record per line. The fields are tab-delimited.
* Field 1 = protocol name
* Field 2 = protocol short name
* Field 3 = protocol filter name
C:\>tshark -G protocols | findstr /I xml
poc-settings XML doc (RFC 4354) poc-settings poc-settings
presence XML doc (RFC 3863) presence presence
Reginfo XML doc (RFC 3680) reginfo reginfo
watcherinfo XML doc (RFC 3858) watcherinfo watcherinfo
WAP Binary XML WBXML wbxml
XML Configuration Access Protocol Server Capabilities xcap-caps xcap-caps
XCAP Error XML doc (RFC 4825) xcap-error xcap-error
eXtensible Markup Language XML xml
The information is available (POC):
C:\Development\wsbuild64>run\RelWithDebInfo\tshark -G heuristic-decodes | findstr /I xml_
media xml F xml_media
udp xml F xml_udp
http xml F xml_http
sip xml F xml_sip
tcp xml F xml_tcp
wtap_file xml T xml_wtap
C:\Development\wsbuild64>run\RelWithDebInfo\tshark -G protocols | findstr /I xml
poc-settings XML doc (RFC 4354) poc-settings poc-settings Enabled
presence XML doc (RFC 3863) presence presence Enabled
Reginfo XML doc (RFC 3680) reginfo reginfo Enabled
watcherinfo XML doc (RFC 3858) watcherinfo watcherinfo Enabled
WAP Binary XML WBXML wbxml Enabled
XML Configuration Access Protocol Server Capabilities xcap-caps xcap-caps Enabled
XCAP Error XML doc (RFC 4825) xcap-error xcap-error Enabled
eXtensible Markup Language XML xml Enabled
Request
1 - what would be required to change the format of these reports to add the additional information?
2 - is it better to append fields to the existing, or to have common fields (the enabled
flag) at the end?
Version Information
C:\Users\admin>tshark -v
TShark (Wireshark) 3.5.0 (v3.5.0-0-ge7296d5208ad)
Copyright 1998-2021 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) using Microsoft Visual Studio 2019 (VC++ 14.29, build 30040),
with libpcap, with GLib 2.66.4, with zlib 1.2.11, with Lua 5.2.4, with GnuTLS
3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind
DB resolver, with nghttp2 1.42.0, with brotli, with LZ4, with Zstandard, with
Snappy, with libxml2 2.9.10, with SMI 0.4.8.
Running on 64-bit Windows 10 (2009), build 19043, with Intel(R) Core(TM)
i5-4300U CPU @ 1.90GHz (with SSE4.2), with 12191 MB of physical memory, with
GLib 2.66.4, with Npcap version 1.55, based on libpcap version 1.10.2-PRE-GIT,
with c-ares 1.17.0, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with nghttp2 1.42.0,
with brotli 1.0.9, with LZ4 1.9.2, with Zstandard 1.4.0, with locale
English_United States.utf8, binary plugins supported (0 loaded).