tools/list_protos_in_cap.sh

   1 #!/bin/bash
   2
   3 # List the protocols (dissectors) used in capture file(s)
   4 #
   5 # The Python script indexcap.py does the same thing.
   6 #
   7 # This script extracts the protocol names contained in a given capture file.
   8 # This is useful for generating a "database" (flat file :-)) of in what file
   9 # a given protocol can be found.
  10 #
  11 # Output consists of the file name followed by the protocols, for example:
  12 # /path/to/the/file.pcap eth ip sctp
  13 #
  14 # Copyright 2012 Jeff Morriss <jeff.morriss.ws [AT] gmail.com>
  15 #
  16 # $Id$
  17 #
  18 # Wireshark - Network traffic analyzer
  19 # By Gerald Combs <gerald@wireshark.org>
  20 # Copyright 1998 Gerald Combs
  21 #
  22 # This program is free software; you can redistribute it and/or
  23 # modify it under the terms of the GNU General Public License
  24 # as published by the Free Software Foundation; either version 2
  25 # of the License, or (at your option) any later version.
  26 #
  27 # This program is distributed in the hope that it will be useful,
  28 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  29 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  30 # GNU General Public License for more details.
  31 #
  32 # You should have received a copy of the GNU General Public License
  33 # along with this program; if not, write to the Free Software
  34 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  35
  36 # Directory containing binaries.  Default current directory.
  37 BIN_DIR=.
  38
  39 # Tweak the following to your liking.  Editcap must support "-E".
  40 TSHARK="$BIN_DIR/tshark"
  41 CAPINFOS="$BIN_DIR/capinfos"
  42
  43 if [ "$BIN_DIR" = "." ]; then
  44     export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=
  45 fi
  46
  47 NOTFOUND=0
  48 for i in "$TSHARK" "$CAPINFOS"
  49 do
  50     if [ ! -x $i ]
  51     then
  52         echo "Couldn't find $i"  1>&2
  53         NOTFOUND=1
  54     fi
  55 done
  56 if [ $NOTFOUND -eq 1 ]
  57 then
  58     exit 1
  59 fi
  60
  61 # Make sure we have at least one file
  62 FOUND=0
  63 for CF in "$@"
  64 do
  65     if [ "$OSTYPE" == "cygwin" ]
  66     then
  67         CF=`cygpath --windows "$CF"`
  68     fi
  69     "$CAPINFOS" "$CF" > /dev/null 2>&1 && FOUND=1
  70     if [ $FOUND -eq 1 ]
  71     then
  72         break
  73     fi
  74 done
  75
  76 if [ $FOUND -eq 0 ] ; then
  77     cat <<FIN
  78 Error: No valid capture files found.
  79
  80 Usage: `basename $0` capture file 1 [capture file 2]...
  81 FIN
  82     exit 1
  83 fi
  84
  85 for CF in "$@" ; do
  86     if [ "$OSTYPE" == "cygwin" ] ; then
  87         CF=`cygpath --windows "$CF"`
  88     fi
  89
  90     if [ ! -f "$CF" ] ; then
  91         echo "Doesn't exist or not a file: $CF"  1>&2
  92         continue
  93     fi
  94
  95     "$CAPINFOS" "$CF" > /dev/null
  96     RETVAL=$?
  97     if [ $RETVAL -ne 0 ] ; then
  98         echo "Not a valid capture file (or some other problem)" 1>&2
  99         continue
 100     fi
 101
 102     printf "%s: " "$CF"
 103
 104     # Extract the protocol names.
 105     $TSHARK -T fields -eframe.protocols -nr "$CF" 2>/dev/null | tr ':\r' '\n' \
 106         | sort -u | tr '\n\r' ' '
 107
 108     printf "\n"
 109 done
 110