follow tcp stream

[GoogleCodeExporter]

follow tcp stream?

Original issue reported on code.google.com by cn.wei.hp@gmail.com on 3 Dec 2010 at 7:26

[GoogleCodeExporter]

http://www.circlemud.org/~jelson/software/tcpflow/
tcpflow -- A TCP Flow Recorder 

http://www.nirsoft.net/utils/smsniff.html
SmartSniff allows you to easily export the captured data for using it in other 
applications:

    * The upper pane: you can select one or more items in the upper pane, and then copy them to the clipboard (You can paste the copied items into Excel or into spreadsheet of OpenOffice.org) or save them to text/HTML/XML file (by using 'Save Packet Summaries').
    * The lower pane: You can select any part of the TCP/IP streams (or select all text, by using Ctrl+A), copy the selected text to the clipboard, and then paste it to Notepad, Wordpad, MS-Word or any other editor. When you paste the selected streams to document of Wordpad, OpenOffice.org, or MS-Word, the colors are also transferred.
      Your can also export the TCP/IP streams to text file, HTML file, or raw data file, by using "Export TCP/IP Streams" option. 

Original comment by cn.wei.hp@gmail.com on 3 Dec 2010 at 7:47

[GoogleCodeExporter]

-G [fields|fields2|fields3|protocols|values|decodes|defaultprefs|currentprefs]

    The -G option will cause Tshark to dump one of several types of glossaries and then exit. If no specific glossary type is specified, then the fields report will be generated by default.

    The available report types include:

    fields Dumps the contents of the registration database to stdout. An independent program can take this output and format it into nice tables or HTML or whatever. There is one record per line. Each record is either a protocol or a header field, differentiated by the first field. The fields are tab-delimited.

     * Protocols
     * ---------
     * Field 1 = 'P'
     * Field 2 = descriptive protocol name
     * Field 3 = protocol abbreviation
     *
     * Header Fields
     * -------------
     * Field 1 = 'F'
     * Field 2 = descriptive field name
     * Field 3 = field abbreviation
     * Field 4 = type ( textual representation of the ftenum type )
     * Field 5 = parent protocol abbreviation
     * Field 6 = blurb describing field

    fields2 Same as the fields report but includes two additional columns.

     * Field 7 = base for display (for integer types); "parent bitfield width" for FT_BOOLEAN
     * Field 8 = blurb describing field (yes, apparently we repeated this accidentally)

    fields3 Same as the fields report but includes two additional columns.

     * Field 7 = base for display (for integer types); "parent bitfield width" for FT_BOOLEAN
     * Field 8 = bitmask: format: hex: 0x....

    protocols Dumps the protocols in the registration database to stdout. An independent program can take this output and format it into nice tables or HTML or whatever. There is one record per line. The fields are tab-delimited.

     * Field 1 = protocol name
     * Field 2 = protocol short name
     * Field 3 = protocol filter name

    values Dumps the value_strings, range_strings or true/false strings for fields that have them. There is one record per line. Fields are tab-delimited. There are three types of records: Value String, Range String and True/False String. The first field, 'V', 'R' or 'T', indicates the type of record.

     * Value Strings
     * -------------
     * Field 1 = 'V'
     * Field 2 = field abbreviation to which this value string corresponds
     * Field 3 = Integer value
     * Field 4 = String
     *
     * Range Strings
     * -------------
     * Field 1 = 'R'
     * Field 2 = field abbreviation to which this range string corresponds
     * Field 3 = Integer value: lower bound
     * Field 4 = Integer value: upper bound
     * Field 5 = String
     *
     * True/False Strings
     * ------------------
     * Field 1 = 'T'
     * Field 2 = field abbreviation to which this true/false string corresponds
     * Field 3 = True String
     * Field 4 = False String

    decodes Dumps the "layer type"/"decode as" associations to stdout. There is one record per line. The fields are tab-delimited.

     * Field 1 = layer type, e.g. "tcp.port"
     * Field 2 = selector in decimal
     * Field 3 = "decode as" name, e.g. "http"

    defaultprefs Dumps a default preferences file to stdout.

    currentprefs Dumps a copy of the current preferences file to stdout.

Original comment by cn.wei.hp@gmail.com on 3 Dec 2010 at 8:05

[GoogleCodeExporter]

-o <preference>:<value>

    Set a preference value, overriding the default value and any value read from a preference file. The argument to the option is a string of the form prefname:value, where prefname is the name of the preference (which is the same name that would appear in the preference file), and value is the value to which it should be set.

Original comment by cn.wei.hp@gmail.com on 3 Dec 2010 at 8:21

[GoogleCodeExporter]

/* Follow the TCP stream, if any, to which the last packet that we called
   a dissection routine on belongs (this might be the most recently
   selected packet, or it might be the last packet in the file). */
void
follow_tcp_stream_cb(GtkWidget * w, gpointer data _U_)
{
    GtkWidget   *filter_te;
    int     tmp_fd;
    gchar       *follow_filter;
    const gchar *previous_filter;
    int     filter_out_filter_len;
    const char  *hostname0, *hostname1;
    char        *port0, *port1;
    gchar       *server_to_client_string = NULL;
    gchar       *client_to_server_string = NULL;
    gchar       *both_directions_string = NULL;
    follow_stats_t stats;
    follow_info_t   *follow_info;
    tcp_stream_chunk sc;
    size_t              nchars;
    gchar           *data_out_filename;

Original comment by cn.wei.hp@gmail.com on 3 Dec 2010 at 8:56

[GoogleCodeExporter]

2004-02-23 22:48  guy

    * file.c, file.h, gtk/endpoint_talkers_table.c, gtk/follow_dlg.c,
      gtk/hostlist_table.c, gtk/main.c, gtk/main.h,
      gtk/rtp_stream_dlg.c, gtk/service_response_time_table.c:

      Add a "force" argument to "filter_packets()" and
      "main_filter_packets()", to force the filtering to be done even
      if the filter is the same as the current one; this is necessary
      in order to make sure "Follow TCP Stream" gets the packets
      processed even if you're filtering the stream that's currently
      filtered in.

Original comment by cn.wei.hp@gmail.com on 3 Dec 2010 at 8:56