-
Notifications
You must be signed in to change notification settings - Fork 17
/
wireshark.sh
78 lines (70 loc) · 2.04 KB
/
wireshark.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
_patch_table() {
_patch_table_edit_options \
'--autostop;[`_choice_autostop`]' \
'--disable-protocol;[`_choice_protocol`]' \
'--enable-protocol;[`_choice_protocol`]' \
'--interface;[`_module_os_network_interface`]' \
'--ring-buffer;[`_choice_ring_buffer`]' \
'-K(keytab-file);' \
'-P;[`_choice_persconf`]' \
'-d;[`_choice_decode`]' \
'-t(<value>);[a|ad|adoy|d|dd|e|r|u|ud|udoy]' \
'-u(<value>);[s|hms]' \
'-z;*,[`_choice_statistic`]' \
}
_choice_autostop() {
_argc_util_comp_kv :
if [[ -z "$argc__kv_prefix" ]]; then
cat <<-'EOF' | _argc_util_transform suffix=: nospace
duration stop after NUM seconds
filesize stop this file after NUM KB
files stop after NUM files
packets stop after NUM packets
EOF
return
fi
}
_choice_ring_buffer() {
_argc_util_comp_kv :
if [[ -z "$argc__kv_prefix" ]]; then
cat <<-'EOF' | _argc_util_transform suffix=: nospace
duration switch to next file after NUM secs
filesize switch to next file after NUM KB
files ringbuffer: replace after NUM files
packets switch to next file after NUM packets
interval switch to next file when the time is an exact multiple of NUM secs
EOF
return
fi
}
_choice_decode() {
_argc_util_mode_kv ==
if [[ -z "$argc__kv_prefix" ]]; then
_choice_selector | _argc_util_transform suffix=== nospace
return
else
_argc_util_mode_parts , "$argc__kv_filter" "$argc__kv_prefix"
if [[ "$argc__parts_len" -lt 2 ]]; then
return
else
_choice_protocol
fi
fi
}
_choice_protocol() {
tshark -G protocols | gawk -F'\t' '{if (NF>2) {value=$3} else {value=$2}; print value "\t" $1}'
}
_choice_statistic() {
tshark -z help 2>&1 | tail -n +2
}
_choice_persconf() {
_argc_util_mode_kv :
if [[ -z "$argc__kv_prefix" ]]; then
printf "%s:\0\n" persconf persdata
return
fi
_argc_util_comp_path
}
_choice_selector() {
tshark -d . 2>&1 | sed -n 's/\t\(\S\+\) \(.*\)/\1\t\2/p'
}