From 3a2e90cd959929d11acbd0a3070c615a510ab3dc Mon Sep 17 00:00:00 2001 From: kdargel Date: Wed, 27 Feb 2019 11:20:33 +0100 Subject: [PATCH 1/5] Added formatting option, default filename changed to dump.pcap --- CHANGELOG.md | 2 ++ Dockerfile | 3 ++- README.md | 7 ++++++- run.sh | 2 +- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fca703e..fd6c685 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,5 @@ +## v1.0.2- Feature: Added formatting option + ## v1.0.1 - Fix: Apply filter to all interfaces diff --git a/Dockerfile b/Dockerfile index 494bff2..5609c59 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,8 @@ ENV FILTER="" ENV IFACE="any" ENV MAXFILESIZE="1000" ENV MAXFILENUM="10" -ENV FILENAME="dump" +ENV FILENAME="dump.pcap" +ENV FORMAT="pcap" USER root:root diff --git a/README.md b/README.md index 14e3eeb..235606a 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,8 @@ These options are configurable: | `MAXFILESIZE` | `1000` | | `MAXFILENUM` | `10` | | `DURATION` | `""` | -| `FILENAME` | `dump` | +| `FILENAME` | `dump.pcap` | +| `FORMAT` | `pcap` | `IFACE` is the interface tshark should listen on. @@ -41,6 +42,10 @@ The `FILENAME` variable sets the filename that is used. The default value is information). To dump on multiple interfaces simply add more interfaces to this variable seperated by a whitespace (e.g. "eth0 eth1"). +The `FORMAT` variable sets the format of the written file. Use the variable `dump.pcap` as +the `FILENAME` option to use the common pcap-format. Other formats are described in +the [official documentation](https://www.wireshark.org/docs/man-pages/tshark.html). + Example: ``` diff --git a/run.sh b/run.sh index bc77729..9606492 100755 --- a/run.sh +++ b/run.sh @@ -35,4 +35,4 @@ then BUFFEROPTS="$BUFFEROPTS -b duration:$DURATION" fi -/usr/bin/tshark $BUFFEROPTS -w "/data/$FILENAME" -f "$FILTER" $INTERFACES +/usr/bin/tshark $BUFFEROPTS -w "/data/$FILENAME" -f "$FILTER" $INTERFACES -F $FORMAT From 1b0f0a1bc84ed32702d1150e8f7b68e828b2ef72 Mon Sep 17 00:00:00 2001 From: kdargel Date: Wed, 27 Feb 2019 13:04:31 +0100 Subject: [PATCH 2/5] Filename not .pcap anymore, Format blank by default. --- Dockerfile | 4 ++-- README.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5609c59..b9110f7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,8 +8,8 @@ ENV FILTER="" ENV IFACE="any" ENV MAXFILESIZE="1000" ENV MAXFILENUM="10" -ENV FILENAME="dump.pcap" -ENV FORMAT="pcap" +ENV FILENAME="dump" +ENV FORMAT="" USER root:root diff --git a/README.md b/README.md index 235606a..b62f573 100644 --- a/README.md +++ b/README.md @@ -21,8 +21,8 @@ These options are configurable: | `MAXFILESIZE` | `1000` | | `MAXFILENUM` | `10` | | `DURATION` | `""` | -| `FILENAME` | `dump.pcap` | -| `FORMAT` | `pcap` | +| `FILENAME` | `dump` | +| `FORMAT` | ` ` | `IFACE` is the interface tshark should listen on. @@ -43,7 +43,7 @@ information). To dump on multiple interfaces simply add more interfaces to this variable seperated by a whitespace (e.g. "eth0 eth1"). The `FORMAT` variable sets the format of the written file. Use the variable `dump.pcap` as -the `FILENAME` option to use the common pcap-format. Other formats are described in +the `FILENAME` option and `pcap` for `FILENAME` to use the common pcap-format. Other formats are described in the [official documentation](https://www.wireshark.org/docs/man-pages/tshark.html). Example: From fef1e32c65ced1a7381f32fbcaa3e7c47d724c59 Mon Sep 17 00:00:00 2001 From: kdargel Date: Wed, 27 Feb 2019 13:07:17 +0100 Subject: [PATCH 3/5] Incremented minor instead of patch version in CHANGELOG. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd6c685..ea62fc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## v1.0.2- Feature: Added formatting option +## v1.1.0- Feature: Added formatting option ## v1.0.1 From 2c5bfa2160372c96dbe0dd13c2df00f1df72bb07 Mon Sep 17 00:00:00 2001 From: kdargel Date: Tue, 5 Mar 2019 09:20:41 +0100 Subject: [PATCH 4/5] Tested, default format must not be blanked. README reworded. --- Dockerfile | 2 +- README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index b9110f7..aa12199 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ENV IFACE="any" ENV MAXFILESIZE="1000" ENV MAXFILENUM="10" ENV FILENAME="dump" -ENV FORMAT="" +ENV FORMAT="pcapng" USER root:root diff --git a/README.md b/README.md index b62f573..42ed6c9 100644 --- a/README.md +++ b/README.md @@ -42,9 +42,9 @@ The `FILENAME` variable sets the filename that is used. The default value is information). To dump on multiple interfaces simply add more interfaces to this variable seperated by a whitespace (e.g. "eth0 eth1"). -The `FORMAT` variable sets the format of the written file. Use the variable `dump.pcap` as -the `FILENAME` option and `pcap` for `FILENAME` to use the common pcap-format. Other formats are described in -the [official documentation](https://www.wireshark.org/docs/man-pages/tshark.html). +`FORMAT` sets the file-format of the written trace. Note that when you're setting +the `FORMAT` to `pcap` for example, the `FILENAME` has to be changed to `dump.pcap`. +Other formats are described in the [official tshark documentation](https://www.wireshark.org/docs/man-pages/tshark.html). Example: From 2758c9b96509db90bfdac33907f703b1a91f2935 Mon Sep 17 00:00:00 2001 From: kdargel Date: Tue, 5 Mar 2019 09:24:44 +0100 Subject: [PATCH 5/5] CHANGELOG reformatted. README reworded. --- CHANGELOG.md | 4 +++- README.md | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea62fc8..b02cb99 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ -## v1.1.0- Feature: Added formatting option +## v1.1.0- Feature: + +- Added formatting option ## v1.0.1 diff --git a/README.md b/README.md index 42ed6c9..584c6ac 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ These options are configurable: | `MAXFILENUM` | `10` | | `DURATION` | `""` | | `FILENAME` | `dump` | -| `FORMAT` | ` ` | +| `FORMAT` | `pcapng` | `IFACE` is the interface tshark should listen on.