2018-02-05 16:59:45 +00:00
|
|
|
|
// WSUG Chapter Introduction
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
[[ChapterIntroduction]]
|
|
|
|
|
|
|
|
|
|
== Introduction
|
|
|
|
|
|
|
|
|
|
[[ChIntroWhatIs]]
|
|
|
|
|
|
|
|
|
|
=== What is Wireshark?
|
|
|
|
|
|
|
|
|
|
Wireshark is a network packet analyzer. A network packet analyzer will try to
|
|
|
|
|
capture network packets and tries to display that packet data as detailed as
|
2014-08-31 18:31:33 +00:00
|
|
|
|
possible.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
You could think of a network packet analyzer as a measuring device used to
|
2018-02-04 23:15:02 +00:00
|
|
|
|
examine what’s going on inside a network cable, just like a voltmeter is used by
|
|
|
|
|
an electrician to examine what’s going on inside an electric cable (but at a
|
2014-08-31 18:31:33 +00:00
|
|
|
|
higher level, of course).
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
In the past, such tools were either very expensive, proprietary, or both.
|
2014-08-31 18:31:33 +00:00
|
|
|
|
However, with the advent of Wireshark, all that has changed.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
Wireshark is perhaps one of the best open source packet analyzers available
|
2014-08-31 18:31:33 +00:00
|
|
|
|
today.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroPurposes]]
|
|
|
|
|
|
|
|
|
|
==== Some intended purposes
|
|
|
|
|
|
|
|
|
|
Here are some examples people use Wireshark for:
|
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
* Network administrators use it to _troubleshoot network problems_
|
|
|
|
|
|
|
|
|
|
* Network security engineers use it to _examine security problems_
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2018-02-23 17:41:42 +00:00
|
|
|
|
* QA engineers use it to _verify network applications_
|
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
* Developers use it to _debug protocol implementations_
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
* People use it to _learn network protocol_ internals
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
Beside these examples Wireshark can be helpful in many other situations too.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroFeatures]]
|
|
|
|
|
|
|
|
|
|
==== Features
|
|
|
|
|
|
|
|
|
|
The following are some of the many features Wireshark provides:
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
* Available for _UNIX_ and _Windows_.
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
|
|
|
|
* _Capture_ live packet data from a network interface.
|
|
|
|
|
|
|
|
|
|
* _Open_ files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
|
|
|
|
|
|
|
|
|
|
* _Import_ packets from text files containing hex dumps of packet data.
|
|
|
|
|
|
|
|
|
|
* Display packets with _very detailed protocol information_.
|
|
|
|
|
|
|
|
|
|
* _Save_ packet data captured.
|
|
|
|
|
|
|
|
|
|
* _Export_ some or all packets in a number of capture file formats.
|
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
* _Filter packets_ on many criteria.
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
* _Search_ for packets on many criteria.
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
* _Colorize_ packet display based on filters.
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
* Create various _statistics_.
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
* ...and _a lot more!_
|
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
However, to really appreciate its power you have to start using it.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
<<ChIntroFig1>> shows Wireshark having captured some packets and waiting for you
|
|
|
|
|
to examine them.
|
|
|
|
|
|
|
|
|
|
[[ChIntroFig1]]
|
2014-08-31 18:31:33 +00:00
|
|
|
|
.Wireshark captures packets and lets you examine their contents.
|
2016-09-13 18:29:25 +00:00
|
|
|
|
image::wsug_graphics/ws-main.png[{screenshot-attrs}]
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
==== Live capture from many different network media
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
Wireshark can capture traffic from many different network media types -
|
|
|
|
|
and despite its name - including wireless LAN as well. Which media types
|
|
|
|
|
are supported, depends on many things like the operating system you are
|
|
|
|
|
using. An overview of the supported media types can be found at
|
|
|
|
|
link:{wireshark-wiki-url}CaptureSetup/NetworkMedia[].
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
==== Import files from many other capture programs
|
|
|
|
|
|
|
|
|
|
Wireshark can open packets captured from a large number of other capture
|
2014-08-31 18:31:33 +00:00
|
|
|
|
programs. For a list of input formats see <<ChIOInputFormatsSection>>.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
==== Export files for many other capture programs
|
|
|
|
|
|
|
|
|
|
Wireshark can save packets captured in a large number of formats of other
|
2014-08-31 18:31:33 +00:00
|
|
|
|
capture programs. For a list of output formats see <<ChIOOutputFormatsSection>>.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
==== Many protocol dissectors
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
There are protocol dissectors (or decoders, as they are known in other products)
|
|
|
|
|
for a great many protocols: see <<AppProtocols>>.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
==== Open Source Software
|
|
|
|
|
|
|
|
|
|
Wireshark is an open source software project, and is released under the
|
2016-11-01 21:35:29 +00:00
|
|
|
|
{gplv2-url}[GNU General Public License] (GPL). You can freely use
|
2014-07-17 01:38:42 +00:00
|
|
|
|
Wireshark on any number of computers you like, without worrying about license
|
|
|
|
|
keys or fees or such. In addition, all source code is freely available under the
|
|
|
|
|
GPL. Because of that, it is very easy for people to add new protocols to
|
2014-08-31 18:31:33 +00:00
|
|
|
|
Wireshark, either as plugins, or built into the source, and they often do!
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroNoFeatures]]
|
|
|
|
|
|
|
|
|
|
==== What Wireshark is not
|
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
Here are some things Wireshark does not provide:
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
* Wireshark isn't an intrusion detection system. It will not warn you when
|
|
|
|
|
someone does strange things on your network that he/she isn't allowed to do.
|
|
|
|
|
However, if strange things happen, Wireshark might help you figure out what is
|
2014-08-31 18:31:33 +00:00
|
|
|
|
really going on.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
* Wireshark will not manipulate things on the network, it will only "measure"
|
|
|
|
|
things from it. Wireshark doesn't send packets on the network or do other
|
2014-08-31 18:31:33 +00:00
|
|
|
|
active things (except for name resolutions, but even that can be disabled).
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroPlatforms]]
|
|
|
|
|
|
|
|
|
|
=== System Requirements
|
|
|
|
|
|
|
|
|
|
The amount of resources Wireshark needs depends on your environment and on the
|
|
|
|
|
size of the capture file you are analyzing. The values below should be fine for
|
2014-10-15 12:18:21 +00:00
|
|
|
|
small to medium-sized capture files no more than a few hundred MB. Larger
|
|
|
|
|
capture files will require more memory and disk space.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[NOTE]
|
|
|
|
|
.Busy networks mean large captures
|
|
|
|
|
====
|
|
|
|
|
Working with a busy network can easily produce huge capture files. Capturing on
|
|
|
|
|
a gigabit or even 100 megabit network can produce hundreds of megabytes of
|
|
|
|
|
capture data in a short time. A fast processor, lots of memory and disk
|
|
|
|
|
space is always a good idea.
|
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
If Wireshark runs out of memory it will crash. See
|
2016-11-01 21:35:29 +00:00
|
|
|
|
{wireshark-wiki-url}KnownBugs/OutOfMemory for details and workarounds.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
Although Wireshark captures packets using a separate process the main interface
|
|
|
|
|
is single-threaded and won't benefit much from multi-core systems.
|
|
|
|
|
|
|
|
|
|
==== Microsoft Windows
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2014-07-17 01:38:42 +00:00
|
|
|
|
* The current version of Wireshark should support any version of Windows that is
|
|
|
|
|
still within its http://windows.microsoft.com/en-us/windows/lifecycle[extended
|
2015-11-01 23:58:33 +00:00
|
|
|
|
support lifetime]. At the time of writing this includes Windows 10, 8, 7, Vista,
|
2016-05-21 08:07:59 +00:00
|
|
|
|
Server 2016, Server 2012 R2, Server 2012, Server 2008 R2, and Server 2008.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
* Any modern 64-bit AMD64/x86-64 or 32-bit x86 processor.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
* 400 MB available RAM. Larger capture files require more RAM.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
* 300 MB available disk space. Capture files require additional disk space.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2018-02-04 23:15:02 +00:00
|
|
|
|
* 1024 {multiplication} 768 (1280 {multiplication} 1024 or higher
|
|
|
|
|
recommended) resolution with at least 16-bit color. 8-bit color should
|
|
|
|
|
work but user experience will be degraded. Power users will find
|
|
|
|
|
multiple monitors useful.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
* A supported network card for capturing
|
|
|
|
|
|
|
|
|
|
- Ethernet. Any card supported by Windows should work. See the wiki pages on
|
2016-11-01 21:35:29 +00:00
|
|
|
|
link:{wireshark-wiki-url}CaptureSetup/Ethernet[Ethernet capture] and
|
|
|
|
|
link:{wireshark-wiki-url}CaptureSetup/Offloading[offloading] for issues that
|
2014-08-31 18:31:33 +00:00
|
|
|
|
may affect your environment.
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
- 802.11. See the {wireshark-wiki-url}CaptureSetup/WLAN#Windows[Wireshark
|
2014-07-17 01:38:42 +00:00
|
|
|
|
wiki page]. Capturing raw 802.11 information may be difficult without
|
2014-08-31 18:31:33 +00:00
|
|
|
|
special equipment.
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
- Other media. See link:{wireshark-wiki-url}CaptureSetup/NetworkMedia[].
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2018-02-04 23:15:02 +00:00
|
|
|
|
Older versions of Windows which are outside Microsoft’s extended lifecycle
|
2014-07-17 01:38:42 +00:00
|
|
|
|
support window are no longer supported. It is often difficult or impossible to
|
|
|
|
|
support these systems due to circumstances beyond our control, such as third
|
|
|
|
|
party libraries on which we depend or due to necessary features that are only
|
|
|
|
|
present in newer versions of Windows (such as hardened security or memory
|
|
|
|
|
management).
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
Wireshark 1.12 was the last release branch to support Windows Server
|
|
|
|
|
2003. Wireshark 1.10 was the last branch to officially support Windows
|
|
|
|
|
XP. See the link:{wireshark-wiki-url}Development/LifeCycle[Wireshark
|
|
|
|
|
release lifecycle] page for more details.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
==== UNIX / Linux
|
|
|
|
|
|
2017-03-01 21:58:16 +00:00
|
|
|
|
Wireshark runs on most UNIX and UNIX-like platforms including macOS and
|
2016-11-01 21:35:29 +00:00
|
|
|
|
Linux. The system requirements should be comparable to the Windows
|
|
|
|
|
values listed above.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
Binary packages are available for most Unices and Linux distributions
|
|
|
|
|
including the following platforms:
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2017-03-01 21:58:16 +00:00
|
|
|
|
* Apple macOS
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
* Debian GNU/Linux
|
|
|
|
|
|
|
|
|
|
* FreeBSD
|
|
|
|
|
|
|
|
|
|
* Gentoo Linux
|
|
|
|
|
|
|
|
|
|
* HP-UX
|
|
|
|
|
|
|
|
|
|
* Mandriva Linux
|
|
|
|
|
|
|
|
|
|
* NetBSD
|
|
|
|
|
|
|
|
|
|
* OpenPKG
|
|
|
|
|
|
|
|
|
|
* Red Hat Enterprise/Fedora Linux
|
|
|
|
|
|
|
|
|
|
* Sun Solaris/i386
|
|
|
|
|
|
|
|
|
|
* Sun Solaris/SPARC
|
|
|
|
|
|
|
|
|
|
* Canonical Ubuntu
|
2014-08-31 18:31:33 +00:00
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
If a binary package is not available for your platform you can download
|
|
|
|
|
the source and try to build it. Please report your experiences to
|
|
|
|
|
mailto:{wireshark-dev-list-email}[].
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroDownload]]
|
|
|
|
|
|
|
|
|
|
=== Where to get Wireshark
|
|
|
|
|
|
|
|
|
|
You can get the latest copy of the program from the Wireshark website at
|
2016-11-01 21:35:29 +00:00
|
|
|
|
{wireshark-download-url}. The download page should automatically
|
|
|
|
|
highlight the appropriate download for your platform and direct you to
|
2017-03-01 21:58:16 +00:00
|
|
|
|
the nearest mirror. Official Windows and macOS installers are signed by
|
2015-11-01 23:58:33 +00:00
|
|
|
|
the *Wireshark Foundation*.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
A new Wireshark version typically becomes available each month or two.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
If you want to be notified about new Wireshark releases you should subscribe to
|
|
|
|
|
the wireshark-announce mailing list. You will find more details in
|
2014-08-31 18:31:33 +00:00
|
|
|
|
<<ChIntroMailingLists>>.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroHistory]]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
=== A brief history of Wireshark
|
|
|
|
|
|
|
|
|
|
In late 1997 Gerald Combs needed a tool for tracking down network problems
|
|
|
|
|
and wanted to learn more about networking so he started writing Ethereal (the
|
|
|
|
|
original name of the Wireshark project) as a way to solve both problems.
|
|
|
|
|
|
|
|
|
|
Ethereal was initially released after several pauses in development in July
|
|
|
|
|
1998 as version 0.2.0. Within days patches, bug reports, and words of
|
|
|
|
|
encouragement started arriving and Ethereal was on its way to success.
|
|
|
|
|
|
|
|
|
|
Not long after that Gilbert Ramirez saw its potential and contributed a
|
|
|
|
|
low-level dissector to it.
|
|
|
|
|
|
|
|
|
|
In October, 1998 Guy Harris was looking for something better than tcpview so he
|
|
|
|
|
started applying patches and contributing dissectors to Ethereal.
|
|
|
|
|
|
|
|
|
|
In late 1998 Richard Sharpe, who was giving TCP/IP courses, saw its potential
|
|
|
|
|
on such courses and started looking at it to see if it supported the protocols
|
|
|
|
|
he needed. While it didn't at that point new protocols could be easily added.
|
|
|
|
|
So he started contributing dissectors and contributing patches.
|
|
|
|
|
|
|
|
|
|
The list of people who have contributed to the project has become very long
|
|
|
|
|
since then, and almost all of them started with a protocol that they needed that
|
|
|
|
|
Wireshark or did not already handle. So they copied an existing dissector and
|
|
|
|
|
contributed the code back to the team.
|
|
|
|
|
|
|
|
|
|
In 2006 the project moved house and re-emerged under a new name: Wireshark.
|
|
|
|
|
|
|
|
|
|
In 2008, after ten years of development, Wireshark finally arrived at version
|
|
|
|
|
1.0. This release was the first deemed complete, with the minimum features
|
|
|
|
|
implemented. Its release coincided with the first Wireshark Developer and User
|
2014-08-31 18:31:33 +00:00
|
|
|
|
Conference, called Sharkfest.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
In 2015 Wireshark 2.0 was released, which featured a new user interface.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
[[ChIntroMaintenance]]
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
=== Development and maintenance of Wireshark
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
Wireshark was initially developed by Gerald Combs. Ongoing development and
|
|
|
|
|
maintenance of Wireshark is handled by the Wireshark team, a loose group of
|
|
|
|
|
individuals who fix bugs and provide new functionality.
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
There have also been a large number of people who have contributed
|
|
|
|
|
protocol dissectors to Wireshark, and it is expected that this will
|
|
|
|
|
continue. You can find a list of the people who have contributed code to
|
|
|
|
|
Wireshark by checking the about dialog box of Wireshark, or at the
|
|
|
|
|
link:{wireshark-authors-url}[authors] page on the Wireshark web site.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
Wireshark is an open source software project, and is released under the
|
2016-11-01 21:35:29 +00:00
|
|
|
|
{gplv2-url}[GNU General Public License] (GPL) version 2. All source code is
|
2014-07-17 01:38:42 +00:00
|
|
|
|
freely available under the GPL. You are welcome to modify Wireshark to suit your
|
|
|
|
|
own needs, and it would be appreciated if you contribute your improvements back
|
|
|
|
|
to the Wireshark team.
|
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
You gain three benefits by contributing your improvements back to the community:
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
. Other people who find your contributions useful will appreciate them, and you
|
|
|
|
|
will know that you have helped people in the same way that the developers of
|
|
|
|
|
Wireshark have helped people.
|
|
|
|
|
|
2018-02-04 23:15:02 +00:00
|
|
|
|
. The developers of Wireshark might improve your changes even more, as there’s
|
2014-07-17 01:38:42 +00:00
|
|
|
|
always room for improvement. Or they may implement some advanced things on top
|
|
|
|
|
of your code, which can be useful for yourself too.
|
|
|
|
|
|
|
|
|
|
. The maintainers and developers of Wireshark will maintain your code as well,
|
|
|
|
|
fixing it when API changes or other changes are made, and generally keeping it
|
|
|
|
|
in tune with what is happening with Wireshark. So if Wireshark is updated
|
|
|
|
|
(which is done often), you can get a new Wireshark version from the website
|
2014-08-31 18:31:33 +00:00
|
|
|
|
and your changes will already be included without any effort for you.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
The Wireshark source code and binary kits for some platforms are all
|
|
|
|
|
available on the download page of the Wireshark website:
|
|
|
|
|
{wireshark-download-url}.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroHelp]]
|
|
|
|
|
|
|
|
|
|
=== Reporting problems and getting help
|
|
|
|
|
|
|
|
|
|
If you have problems or need help with Wireshark there are several places that
|
2014-08-31 18:31:33 +00:00
|
|
|
|
may be of interest to you (well, besides this guide of course).
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroHomepage]]
|
|
|
|
|
|
|
|
|
|
==== Website
|
|
|
|
|
|
|
|
|
|
You will find lots of useful information on the Wireshark homepage at
|
2016-11-01 21:35:29 +00:00
|
|
|
|
{wireshark-main-url}.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroWiki]]
|
|
|
|
|
|
|
|
|
|
==== Wiki
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
The Wireshark Wiki at {wireshark-wiki-url} provides a
|
2014-07-17 01:38:42 +00:00
|
|
|
|
wide range of information related to Wireshark and packet capture in general.
|
2018-02-04 23:15:02 +00:00
|
|
|
|
You will find a lot of information not part of this user’s guide. For example,
|
2014-07-17 01:38:42 +00:00
|
|
|
|
there is an explanation how to capture on a switched network, an ongoing effort
|
|
|
|
|
to build a protocol reference and a lot more.
|
|
|
|
|
|
|
|
|
|
And best of all, if you would like to contribute your knowledge on a specific
|
|
|
|
|
topic (maybe a network protocol you know well) you can edit the wiki pages by
|
2014-08-31 18:31:33 +00:00
|
|
|
|
simply using your web browser.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroQA]]
|
|
|
|
|
|
|
|
|
|
==== Q&A Site
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
The Wireshark Q&A site at {wireshark-qa-url} offers a resource where
|
|
|
|
|
questions and answers come together. You have the option to search what
|
|
|
|
|
questions were asked before and what answers were given by people who
|
|
|
|
|
knew about the issue. Answers are graded, so you can pick out the best
|
|
|
|
|
ones easily. If your question hasn't been discussed before you can post
|
|
|
|
|
one yourself.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroFAQ]]
|
|
|
|
|
|
|
|
|
|
==== FAQ
|
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
The Frequently Asked Questions lists often asked questions and their
|
|
|
|
|
corresponding answers.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[NOTE]
|
|
|
|
|
.Read the FAQ
|
|
|
|
|
====
|
|
|
|
|
Before sending any mail to the mailing lists below, be sure to read the FAQ. It
|
|
|
|
|
will often answer any questions you might have. This will save yourself and
|
|
|
|
|
others a lot of time. Keep in mind that a lot of people are subscribed to the
|
|
|
|
|
mailing lists.
|
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
You will find the FAQ inside Wireshark by clicking the menu item Help/Contents
|
|
|
|
|
and selecting the FAQ page in the dialog shown.
|
|
|
|
|
|
2016-11-01 21:35:29 +00:00
|
|
|
|
An online version is available at the Wireshark website at
|
2018-02-04 23:15:02 +00:00
|
|
|
|
{wireshark-faq-url}. You might prefer this online version, as it’s
|
2016-11-01 21:35:29 +00:00
|
|
|
|
typically more up to date and the HTML format is easier to use.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[[ChIntroMailingLists]]
|
|
|
|
|
|
|
|
|
|
==== Mailing Lists
|
|
|
|
|
|
|
|
|
|
There are several mailing lists of specific Wireshark topics available:
|
|
|
|
|
|
|
|
|
|
_wireshark-announce_::
|
2015-11-01 23:58:33 +00:00
|
|
|
|
This mailing list will inform you about new program releases, which usually
|
|
|
|
|
appear about every 4-8 weeks.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
_wireshark-users_::
|
2015-11-01 23:58:33 +00:00
|
|
|
|
This list is for users of Wireshark. People post questions about building
|
|
|
|
|
and using Wireshark, others (hopefully) provide answers.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
_wireshark-dev_::
|
2015-11-01 23:58:33 +00:00
|
|
|
|
This list is for Wireshark developers. If you want to start
|
|
|
|
|
developing a protocol dissector, join this list.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
You can subscribe to each of these lists from the Wireshark web site:
|
2016-11-01 21:35:29 +00:00
|
|
|
|
{wireshark-mailing-lists-url}. From there, you can choose which mailing
|
|
|
|
|
list you want to subscribe to by clicking on the
|
|
|
|
|
Subscribe/Unsubscribe/Options button under the title of the relevant
|
|
|
|
|
list. The links to the archives are included on that page as well.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[TIP]
|
|
|
|
|
.The lists are archived
|
|
|
|
|
====
|
|
|
|
|
You can search in the list archives to see if someone asked the same question
|
|
|
|
|
some time before and maybe already got an answer. That way you don't have to
|
2014-08-31 18:31:33 +00:00
|
|
|
|
wait until someone answers your question.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
==== Reporting Problems
|
|
|
|
|
|
|
|
|
|
[NOTE]
|
|
|
|
|
====
|
|
|
|
|
Before reporting any problems, please make sure you have installed the latest
|
2014-08-31 18:31:33 +00:00
|
|
|
|
version of Wireshark.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
|
2014-08-31 18:31:33 +00:00
|
|
|
|
When reporting problems with Wireshark please supply the following information:
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
. The version number of Wireshark and the dependent libraries linked with it,
|
2018-02-04 23:15:02 +00:00
|
|
|
|
such as Qt or GLib. You can obtain this from Wireshark’s about box or the
|
2018-02-04 19:39:56 +00:00
|
|
|
|
command _wireshark -v_.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
. Information about the platform you run Wireshark on.
|
|
|
|
|
|
|
|
|
|
. A detailed description of your problem.
|
|
|
|
|
|
|
|
|
|
. If you get an error/warning message, copy the text of that message (and also a
|
|
|
|
|
few lines before and after it, if there are some) so others may find the
|
|
|
|
|
place where things go wrong. Please don't give something like: "I get a
|
2014-08-31 18:31:33 +00:00
|
|
|
|
warning while doing x" as this won't give a good idea where to look.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
[NOTE]
|
|
|
|
|
.Don't send large files
|
|
|
|
|
====
|
2018-02-04 23:15:02 +00:00
|
|
|
|
Do not send large files (> 1 MB) to the mailing lists. Just place a note that
|
2014-07-17 01:38:42 +00:00
|
|
|
|
further data is available on request. Large files will only annoy a lot of
|
|
|
|
|
people on the list who are not interested in your specific problem. If required
|
2014-08-31 18:31:33 +00:00
|
|
|
|
you will be asked for further data by the persons who really can help you.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
[WARNING]
|
|
|
|
|
.Don't send confidential information!
|
|
|
|
|
====
|
|
|
|
|
If you send capture files to the mailing lists be sure they don't contain any
|
|
|
|
|
sensitive or confidential information like passwords or personally identifiable
|
2014-08-31 18:31:33 +00:00
|
|
|
|
information (PII).
|
2014-07-17 01:38:42 +00:00
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
==== Reporting Crashes on UNIX/Linux platforms
|
|
|
|
|
|
|
|
|
|
When reporting crashes with Wireshark it is helpful if you supply the traceback
|
2014-08-31 18:31:33 +00:00
|
|
|
|
information along with the information mentioned in "Reporting Problems".
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2015-11-01 23:58:33 +00:00
|
|
|
|
You can obtain this traceback information with the following commands on UNIX or
|
|
|
|
|
Linux (note the backticks):
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
$ gdb `whereis wireshark | cut -f2 -d: | cut -d' ' -f2` core >& backtrace.txt
|
|
|
|
|
backtrace
|
|
|
|
|
^D
|
|
|
|
|
----
|
|
|
|
|
|
2018-02-04 23:15:02 +00:00
|
|
|
|
If you do not have _gdb_ available, you will have to check out your operating system’s debugger.
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2018-02-04 19:39:56 +00:00
|
|
|
|
Mail _backtrace.txt_ to mailto:{wireshark-dev-list-email}[].
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
|
|
|
|
==== Reporting Crashes on Windows platforms
|
|
|
|
|
|
|
|
|
|
The Windows distributions don't contain the symbol files (.pdb) because they are
|
|
|
|
|
very large. You can download them separately at
|
2016-11-01 21:35:29 +00:00
|
|
|
|
{wireshark-main-url}download/win32/all-versions/ and
|
|
|
|
|
{wireshark-main-url}download/win64/all-versions/ .
|
2014-07-17 01:38:42 +00:00
|
|
|
|
|
2018-02-05 16:59:45 +00:00
|
|
|
|
// End of WSUG Chapter 1
|