├── README.markdown ├── autoload └── tshark.vim ├── doc └── tshark.txt ├── ftdetect └── tshark.vim ├── ftplugin └── tshark.vim └── plugin └── tshark.vim /README.markdown: -------------------------------------------------------------------------------- 1 | This is a small Vim plugin to help read pcap files. See doc/tshark.txt for a little more detail. 2 | 3 | -- [Brian Smyth](http://bsmyth.net) 4 | -------------------------------------------------------------------------------- /autoload/tshark.vim: -------------------------------------------------------------------------------- 1 | " tshark.vim - Translate a pcap with tshark. 2 | " Borrowed heavily from the gzip plugin distributed with Vim. 3 | " Maintainer: Brian Smyth 4 | 5 | function! s:has_tshark() 6 | return executable(g:tshark_bin) 7 | endfunction 8 | 9 | function! tshark#summary(line_num) 10 | return b:tshark_summary[a:line_num - 1] 11 | endfunction 12 | 13 | function! tshark#read() 14 | if !s:has_tshark() 15 | return 16 | endif 17 | 18 | let pm_save = &patchmode 19 | set patchmode= 20 | 21 | let l:tshark_file = fnameescape(expand("%:p")) 22 | 23 | " Save the summary lines in memory 24 | let l:tshark_summary_cmd = g:tshark_bin . " " . g:tshark_summary_opts 25 | echo "tshark: loading summary with command " . l:tshark_summary_cmd 26 | let b:tshark_summary = split(system(l:tshark_summary_cmd . " -r " . l:tshark_file . " 2> /dev/null"), "\n") 27 | 28 | " Replace the read lines with the full dump 29 | let l:line = line("'[") - 1 30 | if exists(":lockmarks") 31 | lockmarks '[,']d _ 32 | else 33 | '[,']d _ 34 | endif 35 | 36 | let l:tshark_detail_cmd = g:tshark_bin . " " . g:tshark_detail_opts 37 | echo "tshark: loading details with command " . l:tshark_detail_cmd 38 | setlocal nobinary 39 | if exists(":lockmarks") 40 | execute "silent lockmarks " . l:line . "r!" . l:tshark_detail_cmd . " -r " . l:tshark_file . " 2> /dev/null" 41 | else 42 | execute "silent " . l:line . "r!" . l:tshark_detail_cmd . " -r " . l:tshark_file . " 2> /dev/null" 43 | endif 44 | 45 | 1 46 | setlocal nomodifiable 47 | let &patchmode = pm_save 48 | endfunction 49 | -------------------------------------------------------------------------------- /doc/tshark.txt: -------------------------------------------------------------------------------- 1 | *tshark.txt* Plugin for reading a pcap via tshark 2 | 3 | Author: Brian Smyth 4 | License: Same terms as Vim itself (see |license|) 5 | 6 | This plugin is only available if 'compatible' is not set and Vim has the 7 | folding feature. 8 | 9 | SUMMARY 10 | 11 | This plugin allows you to :edit a pcap file that you collected via tcpdump or 12 | tshark. It will use tshark to make the pcap human-readable and provides 13 | support for folding the pcap, so you can view the high level at a glance and 14 | open folds to get more information. 15 | 16 | CONFIGURATION 17 | 18 | g:tshark_nested_folds 19 | Set true to create a fold for each protocol layer. Otherwise, you'll get 20 | each frame as a fold. 21 | g:tshark_summary_opts 22 | Set the tshark command line options for the foldtext summaries. 23 | g:tshark_detail_opts 24 | Set the tshark command line options for the detailed dump. 25 | g:tshark_bin 26 | Set the tshark binary, including a full path if needed. 27 | 28 | ABOUT 29 | 30 | Check for updates at GitHub: 31 | 32 | http://github.com/bps/vim-tshark 33 | 34 | vim:et:ft=help: 35 | -------------------------------------------------------------------------------- /ftdetect/tshark.vim: -------------------------------------------------------------------------------- 1 | autocmd BufReadPre *.pcap setfiletype tshark 2 | -------------------------------------------------------------------------------- /ftplugin/tshark.vim: -------------------------------------------------------------------------------- 1 | " tshark.vim - Settings for tshark dumps. 2 | " Maintainer: Brian Smyth 3 | 4 | if exists("b:did_ftplugin") 5 | finish 6 | endif 7 | let b:did_ftplugin = 1 8 | 9 | setlocal binary " This will be unset after loading the text 10 | setlocal buftype=nofile 11 | setlocal foldexpr=TsharkFolds() 12 | setlocal foldlevel=0 13 | setlocal foldmethod=expr 14 | setlocal foldtext=TsharkFoldText() 15 | -------------------------------------------------------------------------------- /plugin/tshark.vim: -------------------------------------------------------------------------------- 1 | " tshark.vim - Folding support for pcap dumps 2 | " Maintainer: Brian Smyth 3 | 4 | if exists("g:loaded_tshark") || &cp || !has("folding") 5 | finish 6 | endif 7 | let g:loaded_tshark = 1 8 | 9 | " Name of the tshark binary. Specify a full path if it's not in your PATH. 10 | if !exists('g:tshark_bin') 11 | let g:tshark_bin = "tshark" 12 | endif 13 | " Options to pass for the foldtext summary text. 14 | if !exists('g:tshark_summary_opts') 15 | let g:tshark_summary_opts = "-t a" 16 | endif 17 | " Options to pass for the full details. 18 | if !exists('g:tshark_detail_opts') 19 | let g:tshark_detail_opts = "-V -t a" 20 | endif 21 | " Set true to add a fold for each protocol level. 22 | if !exists('g:tshark_nested_folds') 23 | let g:tshark_nested_folds = 0 24 | endif 25 | 26 | augroup tshark 27 | au! 28 | autocmd BufReadPost *.pcap call tshark#read() 29 | augroup END 30 | 31 | function! TsharkFolds() 32 | let l:line = getline(v:lnum) 33 | if g:tshark_nested_folds 34 | if match(l:line, '^Frame') >= 0 35 | return ">1" 36 | elseif match(l:line, '^\x\x\x\x') >= 0 37 | return "=" 38 | elseif match(l:line, '^\S') >= 0 39 | return "a1" 40 | else 41 | return "=" 42 | endif 43 | else 44 | if match(l:line, '^Frame') >= 0 45 | return ">1" 46 | else 47 | return "=" 48 | endif 49 | endif 50 | endfunction 51 | 52 | function! TsharkFoldText() 53 | let l:frame_num_line = getline(v:foldstart) 54 | if g:tshark_nested_folds 55 | if foldlevel(v:foldstart) > 1 56 | return l:frame_num_line 57 | endif 58 | endif 59 | let l:colon_loc = match(l:frame_num_line, ":") 60 | " The format is: 'Frame n: more text' 61 | let l:frame_num = strpart(l:frame_num_line, 6, l:colon_loc - 6) 62 | return tshark#summary(l:frame_num) 63 | endfunction 64 | --------------------------------------------------------------------------------