osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

WSUG: Clarify streams docs 

Change-Id: I92847c29ad29f5657fa1b127e9f94a4d4cdc3b23
Reviewed-on: https://code.wireshark.org/review/35776
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Moshe Kaplan 2020-01-12 22:59:09 -05:00 committed by Anders Broman
parent e60a56b050
commit 3579779dd6
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docbook/wsug_src/WSUG_chapter_advanced.adoc
View File

@ -21,11 +21,12 @@ or you are trying to make sense of a data stream. Maybe you just need a
display filter to show only the packets in a TLS or SSL stream. If so,
Wiresharks ability to follow protocol streams will be useful to you.
Simply select a TCP, UDP, TLS, or HTTP packet in the packet list of the stream/connection you are
interested in and then select the Follow TCP Stream menu item from the Wireshark
Tools menu (or use the context menu in the packet list). Wireshark will set an
appropriate display filter and pop up a dialog box with all the data from the
TCP stream laid out in order, as shown in <<ChAdvFollowStream>>.
To filter to a particular stream,
select a TCP, UDP, TLS, or HTTP packet in the packet list of the stream/connection you are
interested in and then select the menu item menu:Analyze[Follow TCP Stream]
(or use the context menu in the packet list). Wireshark will set an
appropriate display filter and display a dialog box with the data from the
stream laid out, as shown in <<ChAdvFollowStream>>.
[TIP]
====
@ -42,11 +43,15 @@ the display filter if this behavior is not desired.
image::wsug_graphics/ws-follow-stream.png[{screenshot-attrs}]
The stream content is displayed in the same sequence as it appeared on the
network. Traffic from A to B is marked in red, while traffic from B to A is
marked in blue. If you like, you can change these colors in the
“Font and Colors” page in the “Preferences” dialog.
network. Non-printable characters are replaced by dots.
Traffic from the client to the server is colored red, while traffic
from the server to the client is
colored blue. These colors can be changed by opening menu:Edit[Preferences] and
under menu:Apperance[Font and Colors], selecting different colors for the
btn:[Sample "Follow Stream" client text] and btn:[Sample "Follow Stream" server text]
options.
Non-printable characters will be replaced by dots.
// XXX - What about line wrapping (maximum line length) and CRNL conversions?
@ -69,7 +74,7 @@ btn:[Back]:: Close this dialog box and restore the previous display filter.
btn:[Close]:: Close this dialog box, leaving the current display filter in
effect.
By default data from both directions is displayed. You can select the
By default, Wireshark displays both client and server data. You can select the
menu:Entire conversation[] to switch between both, client to server, or
server to client data.