tools/list_protos_in_cap.sh

   1 #!/bin/bash
   2
   3 # List the protocols (dissectors) used in capture file(s)
   4 #
   5 # The Python script indexcap.py does the same thing.
   6 #
   7 # This script extracts the protocol names contained in a given capture file.
   8 # This is useful for generating a "database" (flat file :-)) of in what file
   9 # a given protocol can be found.
  10 #
  11 # Output consists of the file name followed by the protocols, for example:
  12 # /path/to/the/file.pcap eth ip sctp
  13 #
  14 # Copyright 2012 Jeff Morriss <jeff.morriss.ws [AT] gmail.com>
  15 #
  16 # Wireshark - Network traffic analyzer
  17 # By Gerald Combs <gerald@wireshark.org>
  18 # Copyright 1998 Gerald Combs
  19 #
  20 # SPDX-License-Identifier: GPL-2.0-or-later
  21
  22 # Directory containing binaries.  Default current directory.
  23 WS_BIN_PATH=${WS_BIN_PATH:-.}
  24
  25 # Tweak the following to your liking.  Editcap must support "-E".
  26 TSHARK="$WS_BIN_PATH/tshark"
  27 CAPINFOS="$WS_BIN_PATH/capinfos"
  28
  29 if [ "$WS_BIN_PATH" = "." ]; then
  30     export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=
  31 fi
  32
  33 NOTFOUND=0
  34 for i in "$TSHARK" "$CAPINFOS"
  35 do
  36     if [ ! -x $i ]
  37     then
  38         echo "Couldn't find $i"  1>&2
  39         NOTFOUND=1
  40     fi
  41 done
  42 if [ $NOTFOUND -eq 1 ]
  43 then
  44     exit 1
  45 fi
  46
  47 # Make sure we have at least one file
  48 FOUND=0
  49 for CF in "$@"
  50 do
  51     if [ "$OSTYPE" == "cygwin" ]
  52     then
  53         CF=`cygpath --windows "$CF"`
  54     fi
  55     "$CAPINFOS" "$CF" > /dev/null 2>&1 && FOUND=1
  56     if [ $FOUND -eq 1 ]
  57     then
  58         break
  59     fi
  60 done
  61
  62 if [ $FOUND -eq 0 ] ; then
  63     cat <<FIN
  64 Error: No valid capture files found.
  65
  66 Usage: `basename $0` capture file 1 [capture file 2]...
  67 FIN
  68     exit 1
  69 fi
  70
  71 for CF in "$@" ; do
  72     if [ "$OSTYPE" == "cygwin" ] ; then
  73         CF=`cygpath --windows "$CF"`
  74     fi
  75
  76     if [ ! -f "$CF" ] ; then
  77         echo "Doesn't exist or not a file: $CF"  1>&2
  78         continue
  79     fi
  80
  81     "$CAPINFOS" "$CF" > /dev/null
  82     RETVAL=$?
  83     if [ $RETVAL -ne 0 ] ; then
  84         echo "Not a valid capture file (or some other problem)" 1>&2
  85         continue
  86     fi
  87
  88     printf "%s: " "$CF"
  89
  90     # Extract the protocol names.
  91     $TSHARK -T fields -eframe.protocols -nr "$CF" 2>/dev/null | \
  92         tr ':\r' '\n' | sort -u | tr '\n\r' ' '
  93
  94     printf "\n"
  95 done
  96