forked from osmocom/wireshark
Split FAQ into shorter lines before including it into the gtk help dialog.
Ignore tmp files generated by make-faq. Update FAQ. svn path=/trunk/; revision=7249
This commit is contained in:
parent
a539d5616e
commit
4f8247dc2b
|
@ -8,6 +8,7 @@
|
|||
.*.swp
|
||||
.deps
|
||||
.libs
|
||||
FAQTMP*
|
||||
Makefile
|
||||
Makefile.in
|
||||
aclocal.m4
|
||||
|
|
132
FAQ
132
FAQ
|
@ -78,54 +78,56 @@
|
|||
5.5 I saved a filter and tried to use its name to filter the display,
|
||||
but I got an "Unexpected end of filter string" error.
|
||||
|
||||
5.6 I've just installed Ethereal, and the traffic on my local LAN is
|
||||
5.6 Why am I seeing lots of packets with incorrect TCP checksums?
|
||||
|
||||
5.7 I've just installed Ethereal, and the traffic on my local LAN is
|
||||
boring.
|
||||
|
||||
5.7 When I run Ethereal on Solaris 8, it dies with a Bus Error when I
|
||||
5.8 When I run Ethereal on Solaris 8, it dies with a Bus Error when I
|
||||
start it.
|
||||
|
||||
5.8 I'm running Ethereal on Linux; why do my time stamps have only
|
||||
5.9 I'm running Ethereal on Linux; why do my time stamps have only
|
||||
100ms resolution, rather than 1us resolution?
|
||||
|
||||
5.9 I'm capturing packets on {Windows 95, Windows 98, Windows Me}; why
|
||||
are the time stamps on packets wrong?
|
||||
5.10 I'm capturing packets on {Windows 95, Windows 98, Windows Me};
|
||||
why are the time stamps on packets wrong?
|
||||
|
||||
5.10 When I try to run Ethereal on Windows, it fails to run because it
|
||||
5.11 When I try to run Ethereal on Windows, it fails to run because it
|
||||
can't find packet.dll.
|
||||
|
||||
5.11 Why does some network interface on my machine not show up in the
|
||||
5.12 Why does some network interface on my machine not show up in the
|
||||
list of interfaces in the "Interface:" field in the dialog box popped
|
||||
up by "Capture->Start", and/or why does Ethereal give me an error if I
|
||||
try to capture on that interface?
|
||||
|
||||
5.12 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has
|
||||
5.13 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has
|
||||
a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
|
||||
"Interface" item in the "Capture Options" dialog box. Why can no
|
||||
packets be sent on or received from that network while I'm trying to
|
||||
capture traffic on that interface?
|
||||
|
||||
5.13 I'm running Ethereal on Windows 95/98/Me, on a machine with more
|
||||
5.14 I'm running Ethereal on Windows 95/98/Me, on a machine with more
|
||||
than one network adapter of the same type; Ethereal shows all of those
|
||||
adapters with the same name, but I can't use any of those adapters
|
||||
other than the first one.
|
||||
|
||||
5.14 I have an XXX network card on my machine; if I try to capture on
|
||||
5.15 I have an XXX network card on my machine; if I try to capture on
|
||||
it, my machine crashes or resets itself.
|
||||
|
||||
5.15 My machine crashes or resets itself when I select "Start" from
|
||||
5.16 My machine crashes or resets itself when I select "Start" from
|
||||
the "Capture" menu or select "Preferences" from the "Edit" menu.
|
||||
|
||||
5.16 Does Ethereal work on Windows ME?
|
||||
5.17 Does Ethereal work on Windows ME?
|
||||
|
||||
5.17 Does Ethereal work on Windows XP?
|
||||
5.18 Does Ethereal work on Windows XP?
|
||||
|
||||
5.18 Why doesn't Ethereal correctly identify RTP packets? It shows
|
||||
5.19 Why doesn't Ethereal correctly identify RTP packets? It shows
|
||||
them only as UDP.
|
||||
|
||||
5.19 Why doesn't Ethereal show Yahoo Messenger packets in captures
|
||||
5.20 Why doesn't Ethereal show Yahoo Messenger packets in captures
|
||||
that contain Yahoo Messenger traffic?
|
||||
|
||||
5.20 Why do I get the error
|
||||
5.21 Why do I get the error
|
||||
|
||||
Gdk-ERROR **: Palettized display (256-colour) mode not supported on
|
||||
Windows.
|
||||
|
@ -133,22 +135,22 @@
|
|||
|
||||
when I try to run Ethereal on Windows?
|
||||
|
||||
5.21 When I capture on Windows in promiscuous mode, I can see packets
|
||||
5.22 When I capture on Windows in promiscuous mode, I can see packets
|
||||
other than those sent to or from my machine; however, those packets
|
||||
show up with a "Short Frame" indication, unlike packets to or from my
|
||||
machine. What should I do to arrange that I see those packets in their
|
||||
entirety?
|
||||
|
||||
5.22 How can I capture raw 802.11 packets, including non-data
|
||||
5.23 How can I capture raw 802.11 packets, including non-data
|
||||
(management, beacon) packets?
|
||||
|
||||
5.23 How can I capture packets with CRC errors?
|
||||
5.24 How can I capture packets with CRC errors?
|
||||
|
||||
5.24 How can I capture entire frames, including the FCS?
|
||||
5.25 How can I capture entire frames, including the FCS?
|
||||
|
||||
5.25 Ethereal hangs after I stop a capture.
|
||||
5.26 Ethereal hangs after I stop a capture.
|
||||
|
||||
5.26 How can I search for, or filter, packets that have a particular
|
||||
5.27 How can I search for, or filter, packets that have a particular
|
||||
string anywhere in them?
|
||||
|
||||
GENERAL QUESTIONS
|
||||
|
@ -872,7 +874,9 @@
|
|||
libpcap/WinPcap with this bug, this will "erase" its memory of the
|
||||
previous parse error. If the capture filter that got the "parse error"
|
||||
now works, the earlier error with that filter was probably due to this
|
||||
bug. The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions of
|
||||
bug.
|
||||
|
||||
The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions of
|
||||
libpcap have this bug, but 0.6[.x] and later versions don't.
|
||||
|
||||
Versions of WinPcap prior to 2.3 are based on pre-0.6 versions of
|
||||
|
@ -902,13 +906,45 @@
|
|||
use a saved filter, you can press the "Filter:" button, select the
|
||||
filter in the dialog box that pops up, and press the "OK" button.
|
||||
|
||||
Q 5.6: I've just installed Ethereal, and the traffic on my local LAN
|
||||
Q 5.6: Why am I seeing lots of packets with incorrect TCP checksums?
|
||||
|
||||
A: If the packets that have incorrect TCP checksums are all being sent
|
||||
by the machine on which Ethereal is running, this is probably because
|
||||
the network interface on which you're capturing does TCP checksum
|
||||
offloading. That means that the TCP checksum is added to the packet by
|
||||
the network interface, not by the OS's TCP/IP stack; when capturing on
|
||||
an interface, packets being sent by the host on which you're capturing
|
||||
are directly handed to the capture interface by the OS, which means
|
||||
that they are handed to the capture interface without a TCP checksum
|
||||
being added to them.
|
||||
|
||||
The only way to prevent this from happening would be to disable TCP
|
||||
checksum offloading, but
|
||||
1. that might not even be possible on some OSes;
|
||||
2. that could reduce networking performance significantly.
|
||||
|
||||
However, you can disable the check that Ethereal does of the TCP
|
||||
checksum, so that it won't report any packets as having TCP checksum
|
||||
errors, and so that it won't refuse to do TCP reassembly due to a
|
||||
packet having an incorrect TCP checksum. That can be set as an
|
||||
Ethereal preference by selecting "Preferences" from the "Edit" menu,
|
||||
opening up the "Protocols" list in the left-hand pane of the
|
||||
"Preferences" dialog box, selecting "TCP", from that list, turning off
|
||||
the "Check the validity of the TCP checksum when possible" option,
|
||||
clicking "Save" if you want to save that setting in your preference
|
||||
file, and clicking "OK".
|
||||
|
||||
It can also be set on the Ethereal or Tethereal command line with a -o
|
||||
tcp.check_checksum:false command-line flag, or manually set in your
|
||||
preferences file by adding a tcp.check_checksum:false line.
|
||||
|
||||
Q 5.7: I've just installed Ethereal, and the traffic on my local LAN
|
||||
is boring.
|
||||
|
||||
A: We have a collection of strange and exotic sample capture files at
|
||||
http://www.ethereal.com/sample/
|
||||
|
||||
Q 5.7: When I run Ethereal on Solaris 8, it dies with a Bus Error when
|
||||
Q 5.8: When I run Ethereal on Solaris 8, it dies with a Bus Error when
|
||||
I start it.
|
||||
|
||||
A: Some versions of the GTK+ library from www.sunfreeware.org appear
|
||||
|
@ -921,10 +957,12 @@
|
|||
version, from the same source, as well. (If you get the 1.2.10
|
||||
versions from www.sunfreeware.org, and the problem persists,
|
||||
un-install them and try installing one of the other versions
|
||||
mentioned.) Similar problems may exist with older versions of GTK+ for
|
||||
earlier versions of Solaris.
|
||||
mentioned.)
|
||||
|
||||
Q 5.8: I'm running Ethereal on Linux; why do my time stamps have only
|
||||
Similar problems may exist with older versions of GTK+ for earlier
|
||||
versions of Solaris.
|
||||
|
||||
Q 5.9: I'm running Ethereal on Linux; why do my time stamps have only
|
||||
100ms resolution, rather than 1us resolution?
|
||||
|
||||
A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap
|
||||
|
@ -950,7 +988,7 @@
|
|||
have to run a standard kernel from kernel.org in order to get
|
||||
high-resolution time stamps.
|
||||
|
||||
Q 5.9: I'm capturing packets on {Windows 95, Windows 98, Windows Me};
|
||||
Q 5.10: I'm capturing packets on {Windows 95, Windows 98, Windows Me};
|
||||
why are the time stamps on packets wrong?
|
||||
|
||||
A: This is due to a bug in WinPcap. The bug should be fixed in the
|
||||
|
@ -959,7 +997,7 @@
|
|||
report those bugs to the WinPcap developers, and help them try to
|
||||
track down the problem, so that they can fix it for the final release.
|
||||
|
||||
Q 5.10: When I try to run Ethereal on Windows, it fails to run because
|
||||
Q 5.11: When I try to run Ethereal on Windows, it fails to run because
|
||||
it can't find packet.dll.
|
||||
|
||||
A: In older versions of Ethereal, there were two binary distributions
|
||||
|
@ -976,7 +1014,7 @@
|
|||
Web site, the local mirror of the WinPcap Web site, or the
|
||||
Wiretapped.net mirror of the WinPcap site.
|
||||
|
||||
Q 5.11: Why does some network interface on my machine not show up in
|
||||
Q 5.12: Why does some network interface on my machine not show up in
|
||||
the list of interfaces in the "Interface:" field in the dialog box
|
||||
popped up by "Capture->Start", and/or why does Ethereal give me an
|
||||
error if I try to capture on that interface?
|
||||
|
@ -1101,7 +1139,7 @@
|
|||
details of the problem, as described above, and also indicate that the
|
||||
problem occurs with tcpdump/WinDump, not just with Ethereal.
|
||||
|
||||
Q 5.12: I'm running Ethereal on Windows NT/2000/XP/Server; my machine
|
||||
Q 5.13: I'm running Ethereal on Windows NT/2000/XP/Server; my machine
|
||||
has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
|
||||
"Interface" item in the "Capture Options" dialog box. Why can no
|
||||
packets be sent on or received from that network while I'm trying to
|
||||
|
@ -1115,7 +1153,7 @@
|
|||
Preferences" dialog box, but this may mean that outgoing packets, or
|
||||
incoming packets, won't be seen in the capture.
|
||||
|
||||
Q 5.13: I'm running Ethereal on Windows 95/98/Me, on a machine with
|
||||
Q 5.14: I'm running Ethereal on Windows 95/98/Me, on a machine with
|
||||
more than one network adapter of the same type; Ethereal shows all of
|
||||
those adapters with the same name, but I can't use any of those
|
||||
adapters other than the first one.
|
||||
|
@ -1126,7 +1164,7 @@
|
|||
capture only on the first such interface; Ethereal is a
|
||||
libpcap/WinPcap-based application.
|
||||
|
||||
Q 5.14: I have an XXX network card on my machine; if I try to capture
|
||||
Q 5.15: I have an XXX network card on my machine; if I try to capture
|
||||
on it, my machine crashes or resets itself.
|
||||
|
||||
A: This is almost certainly a problem with one or more of:
|
||||
|
@ -1144,7 +1182,7 @@
|
|||
Linux distribution, report the problem to whoever produces the
|
||||
distribution).
|
||||
|
||||
Q 5.15: My machine crashes or resets itself when I select "Start" from
|
||||
Q 5.16: My machine crashes or resets itself when I select "Start" from
|
||||
the "Capture" menu or select "Preferences" from the "Edit" menu.
|
||||
|
||||
A: Both of those operations cause Ethereal to try to build a list of
|
||||
|
@ -1153,20 +1191,20 @@
|
|||
or, for Windows, WinPcap bug that causes the system to crash when this
|
||||
happens; see the previous question.
|
||||
|
||||
Q 5.16: Does Ethereal work on Windows ME?
|
||||
Q 5.17: Does Ethereal work on Windows ME?
|
||||
|
||||
A: Yes, but if you want to capture packets, you will need to install
|
||||
the latest version of WinPcap, as 2.02 and earlier versions of WinPcap
|
||||
didn't support Windows ME. You should also install the latest version
|
||||
of Ethereal as well.
|
||||
|
||||
Q 5.17: Does Ethereal work on Windows XP?
|
||||
Q 5.18: Does Ethereal work on Windows XP?
|
||||
|
||||
A: Yes, but if you want to capture packets, you will need to install
|
||||
the latest version of WinPcap, as 2.2 and earlier versions of WinPcap
|
||||
didn't support Windows XP.
|
||||
|
||||
Q 5.18: Why doesn't Ethereal correctly identify RTP packets? It shows
|
||||
Q 5.19: Why doesn't Ethereal correctly identify RTP packets? It shows
|
||||
them only as UDP.
|
||||
|
||||
A: Ethereal can identify a UDP datagram as containing a packet of a
|
||||
|
@ -1199,7 +1237,7 @@
|
|||
both the source and destination ports of the packet should be
|
||||
dissected as some particular protocol.
|
||||
|
||||
Q 5.19: Why doesn't Ethereal show Yahoo Messenger packets in captures
|
||||
Q 5.20: Why doesn't Ethereal show Yahoo Messenger packets in captures
|
||||
that contain Yahoo Messenger traffic?
|
||||
|
||||
A: Ethereal only recognizes as Yahoo Messenger traffic packets to or
|
||||
|
@ -1212,7 +1250,7 @@
|
|||
some versions of the protocol apparently do, will not be
|
||||
recognized as Yahoo Messenger packets.
|
||||
|
||||
Q 5.20: Why do I get the error
|
||||
Q 5.21: Why do I get the error
|
||||
|
||||
Gdk-ERROR **: Palettized display (256-colour) mode not supported on
|
||||
Windows.
|
||||
|
@ -1227,7 +1265,7 @@
|
|||
to a display mode with more colors; if it doesn't support more than
|
||||
256 colors, you will be unable to run Ethereal.
|
||||
|
||||
Q 5.21: When I capture on Windows in promiscuous mode, I can see
|
||||
Q 5.22: When I capture on Windows in promiscuous mode, I can see
|
||||
packets other than those sent to or from my machine; however, those
|
||||
packets show up with a "Short Frame" indication, unlike packets to or
|
||||
from my machine. What should I do to arrange that I see those packets
|
||||
|
@ -1237,7 +1275,7 @@
|
|||
running on the network interface on which you're capturing; turn it
|
||||
off on that interface.
|
||||
|
||||
Q 5.22: How can I capture raw 802.11 packets, including non-data
|
||||
Q 5.23: How can I capture raw 802.11 packets, including non-data
|
||||
(management, beacon) packets?
|
||||
|
||||
A: The answer to this depends on the operating system on which you're
|
||||
|
@ -1337,7 +1375,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config
|
|||
On platforms that don't allow Ethereal to capture raw 802.11 packets,
|
||||
the 802.11 network will appear like an Ethernet to Ethereal.
|
||||
|
||||
Q 5.23: How can I capture packets with CRC errors?
|
||||
Q 5.24: How can I capture packets with CRC errors?
|
||||
|
||||
A: Ethereal can capture only the packets that the packet capture
|
||||
library - libpcap on UNIX-flavored OSes, and the WinPcap port to
|
||||
|
@ -1354,7 +1392,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config
|
|||
libpcap and the packet capture program you're using are necessary to
|
||||
support capturing those packets.
|
||||
|
||||
Q 5.24: How can I capture entire frames, including the FCS?
|
||||
Q 5.25: How can I capture entire frames, including the FCS?
|
||||
|
||||
A: Ethereal can't capture any data that the packet capture library -
|
||||
libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of
|
||||
|
@ -1374,7 +1412,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config
|
|||
not support capturing the FCS of a frame on Ethernet, and probably do
|
||||
not support it on most other link-layer types.
|
||||
|
||||
Q 5.25: Ethereal hangs after I stop a capture.
|
||||
Q 5.26: Ethereal hangs after I stop a capture.
|
||||
|
||||
A: The most likely reason for this is that Ethereal is trying to look
|
||||
up an IP address in the capture to convert it to a name (so that, for
|
||||
|
@ -1444,7 +1482,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config
|
|||
contains sensitive information (e.g., passwords), then please do not
|
||||
send it.
|
||||
|
||||
Q 5.26: How can I search for, or filter, packets that have a
|
||||
Q 5.27: How can I search for, or filter, packets that have a
|
||||
particular string anywhere in them?
|
||||
|
||||
A: Currently, you can't.
|
||||
|
@ -1466,4 +1504,4 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config
|
|||
list.
|
||||
For corrections/additions/suggestions for this page, please send email
|
||||
to: ethereal-web[AT]ethereal.com
|
||||
Last modified: Sun, February 09 2003.
|
||||
Last modified: Thu, February 27 2003.
|
||||
|
|
142
FAQ.include
142
FAQ.include
|
@ -1,3 +1,4 @@
|
|||
const char *faq_part[] = {
|
||||
"\n"
|
||||
" The Ethereal FAQ\n"
|
||||
"\n"
|
||||
|
@ -78,54 +79,56 @@
|
|||
" 5.5 I saved a filter and tried to use its name to filter the display,\n"
|
||||
" but I got an \"Unexpected end of filter string\" error.\n"
|
||||
"\n"
|
||||
" 5.6 I've just installed Ethereal, and the traffic on my local LAN is\n"
|
||||
" 5.6 Why am I seeing lots of packets with incorrect TCP checksums?\n"
|
||||
"\n"
|
||||
" 5.7 I've just installed Ethereal, and the traffic on my local LAN is\n"
|
||||
" boring.\n"
|
||||
"\n"
|
||||
" 5.7 When I run Ethereal on Solaris 8, it dies with a Bus Error when I\n"
|
||||
" 5.8 When I run Ethereal on Solaris 8, it dies with a Bus Error when I\n"
|
||||
" start it.\n"
|
||||
"\n"
|
||||
" 5.8 I'm running Ethereal on Linux; why do my time stamps have only\n"
|
||||
" 5.9 I'm running Ethereal on Linux; why do my time stamps have only\n"
|
||||
" 100ms resolution, rather than 1us resolution?\n"
|
||||
"\n"
|
||||
" 5.9 I'm capturing packets on {Windows 95, Windows 98, Windows Me}; why\n"
|
||||
" are the time stamps on packets wrong? \n"
|
||||
" 5.10 I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n"
|
||||
" why are the time stamps on packets wrong? \n"
|
||||
"\n"
|
||||
" 5.10 When I try to run Ethereal on Windows, it fails to run because it\n"
|
||||
" 5.11 When I try to run Ethereal on Windows, it fails to run because it\n"
|
||||
" can't find packet.dll.\n"
|
||||
"\n"
|
||||
" 5.11 Why does some network interface on my machine not show up in the\n"
|
||||
" 5.12 Why does some network interface on my machine not show up in the\n"
|
||||
" list of interfaces in the \"Interface:\" field in the dialog box popped\n"
|
||||
" up by \"Capture->Start\", and/or why does Ethereal give me an error if I\n"
|
||||
" try to capture on that interface? \n"
|
||||
"\n"
|
||||
" 5.12 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has\n"
|
||||
" 5.13 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has\n"
|
||||
" a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n"
|
||||
" \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n"
|
||||
" packets be sent on or received from that network while I'm trying to\n"
|
||||
" capture traffic on that interface?\n"
|
||||
"\n"
|
||||
" 5.13 I'm running Ethereal on Windows 95/98/Me, on a machine with more\n"
|
||||
" 5.14 I'm running Ethereal on Windows 95/98/Me, on a machine with more\n"
|
||||
" than one network adapter of the same type; Ethereal shows all of those\n"
|
||||
" adapters with the same name, but I can't use any of those adapters\n"
|
||||
" other than the first one.\n"
|
||||
"\n"
|
||||
" 5.14 I have an XXX network card on my machine; if I try to capture on\n"
|
||||
" 5.15 I have an XXX network card on my machine; if I try to capture on\n"
|
||||
" it, my machine crashes or resets itself. \n"
|
||||
"\n"
|
||||
" 5.15 My machine crashes or resets itself when I select \"Start\" from\n"
|
||||
" 5.16 My machine crashes or resets itself when I select \"Start\" from\n"
|
||||
" the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n"
|
||||
"\n"
|
||||
" 5.16 Does Ethereal work on Windows ME? \n"
|
||||
" 5.17 Does Ethereal work on Windows ME? \n"
|
||||
"\n"
|
||||
" 5.17 Does Ethereal work on Windows XP? \n"
|
||||
" 5.18 Does Ethereal work on Windows XP? \n"
|
||||
"\n"
|
||||
" 5.18 Why doesn't Ethereal correctly identify RTP packets? It shows\n"
|
||||
" 5.19 Why doesn't Ethereal correctly identify RTP packets? It shows\n"
|
||||
" them only as UDP.\n"
|
||||
"\n"
|
||||
" 5.19 Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
|
||||
" 5.20 Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
|
||||
" that contain Yahoo Messenger traffic?\n"
|
||||
"\n"
|
||||
" 5.20 Why do I get the error \n"
|
||||
" 5.21 Why do I get the error \n"
|
||||
"\n"
|
||||
" Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n"
|
||||
" Windows.\n"
|
||||
|
@ -133,22 +136,22 @@
|
|||
"\n"
|
||||
" when I try to run Ethereal on Windows?\n"
|
||||
"\n"
|
||||
" 5.21 When I capture on Windows in promiscuous mode, I can see packets\n"
|
||||
" 5.22 When I capture on Windows in promiscuous mode, I can see packets\n"
|
||||
" other than those sent to or from my machine; however, those packets\n"
|
||||
" show up with a \"Short Frame\" indication, unlike packets to or from my\n"
|
||||
" machine. What should I do to arrange that I see those packets in their\n"
|
||||
" entirety? \n"
|
||||
"\n"
|
||||
" 5.22 How can I capture raw 802.11 packets, including non-data\n"
|
||||
" 5.23 How can I capture raw 802.11 packets, including non-data\n"
|
||||
" (management, beacon) packets? \n"
|
||||
"\n"
|
||||
" 5.23 How can I capture packets with CRC errors? \n"
|
||||
" 5.24 How can I capture packets with CRC errors? \n"
|
||||
"\n"
|
||||
" 5.24 How can I capture entire frames, including the FCS? \n"
|
||||
" 5.25 How can I capture entire frames, including the FCS? \n"
|
||||
"\n"
|
||||
" 5.25 Ethereal hangs after I stop a capture. \n"
|
||||
" 5.26 Ethereal hangs after I stop a capture. \n"
|
||||
"\n"
|
||||
" 5.26 How can I search for, or filter, packets that have a particular\n"
|
||||
" 5.27 How can I search for, or filter, packets that have a particular\n"
|
||||
" string anywhere in them? \n"
|
||||
"\n"
|
||||
" GENERAL QUESTIONS \n"
|
||||
|
@ -396,6 +399,8 @@
|
|||
" PPP Bandwidth Allocation Control Protocol\n"
|
||||
" PPP Bandwidth Allocation Protocol\n"
|
||||
" PPP Callback Control Protocol\n"
|
||||
,
|
||||
|
||||
" PPP CDP Control Protocol\n"
|
||||
" PPP Challenge Handshake Authentication Protocol\n"
|
||||
" PPP Compressed Datagram\n"
|
||||
|
@ -796,6 +801,8 @@
|
|||
" If the interface is not running in promiscuous mode, it won't see any\n"
|
||||
" traffic that isn't intended to be seen by your machine. It will see\n"
|
||||
" broadcast packets, and multicast packets sent to a multicast MAC\n"
|
||||
,
|
||||
|
||||
" address the interface is set up to receive.\n"
|
||||
"\n"
|
||||
" You should ask the vendor of your network interface whether it\n"
|
||||
|
@ -872,7 +879,9 @@
|
|||
" libpcap/WinPcap with this bug, this will \"erase\" its memory of the\n"
|
||||
" previous parse error. If the capture filter that got the \"parse error\"\n"
|
||||
" now works, the earlier error with that filter was probably due to this\n"
|
||||
" bug. The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions of\n"
|
||||
" bug.\n"
|
||||
"\n"
|
||||
" The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions of\n"
|
||||
" libpcap have this bug, but 0.6[.x] and later versions don't.\n"
|
||||
"\n"
|
||||
" Versions of WinPcap prior to 2.3 are based on pre-0.6 versions of\n"
|
||||
|
@ -902,13 +911,45 @@
|
|||
" use a saved filter, you can press the \"Filter:\" button, select the\n"
|
||||
" filter in the dialog box that pops up, and press the \"OK\" button.\n"
|
||||
"\n"
|
||||
" Q 5.6: I've just installed Ethereal, and the traffic on my local LAN\n"
|
||||
" Q 5.6: Why am I seeing lots of packets with incorrect TCP checksums?\n"
|
||||
"\n"
|
||||
" A: If the packets that have incorrect TCP checksums are all being sent\n"
|
||||
" by the machine on which Ethereal is running, this is probably because\n"
|
||||
" the network interface on which you're capturing does TCP checksum\n"
|
||||
" offloading. That means that the TCP checksum is added to the packet by\n"
|
||||
" the network interface, not by the OS's TCP/IP stack; when capturing on\n"
|
||||
" an interface, packets being sent by the host on which you're capturing\n"
|
||||
" are directly handed to the capture interface by the OS, which means\n"
|
||||
" that they are handed to the capture interface without a TCP checksum\n"
|
||||
" being added to them.\n"
|
||||
"\n"
|
||||
" The only way to prevent this from happening would be to disable TCP\n"
|
||||
" checksum offloading, but\n"
|
||||
" 1. that might not even be possible on some OSes;\n"
|
||||
" 2. that could reduce networking performance significantly.\n"
|
||||
"\n"
|
||||
" However, you can disable the check that Ethereal does of the TCP\n"
|
||||
" checksum, so that it won't report any packets as having TCP checksum\n"
|
||||
" errors, and so that it won't refuse to do TCP reassembly due to a\n"
|
||||
" packet having an incorrect TCP checksum. That can be set as an\n"
|
||||
" Ethereal preference by selecting \"Preferences\" from the \"Edit\" menu,\n"
|
||||
" opening up the \"Protocols\" list in the left-hand pane of the\n"
|
||||
" \"Preferences\" dialog box, selecting \"TCP\", from that list, turning off\n"
|
||||
" the \"Check the validity of the TCP checksum when possible\" option,\n"
|
||||
" clicking \"Save\" if you want to save that setting in your preference\n"
|
||||
" file, and clicking \"OK\".\n"
|
||||
"\n"
|
||||
" It can also be set on the Ethereal or Tethereal command line with a -o\n"
|
||||
" tcp.check_checksum:false command-line flag, or manually set in your\n"
|
||||
" preferences file by adding a tcp.check_checksum:false line.\n"
|
||||
"\n"
|
||||
" Q 5.7: I've just installed Ethereal, and the traffic on my local LAN\n"
|
||||
" is boring.\n"
|
||||
"\n"
|
||||
" A: We have a collection of strange and exotic sample capture files at\n"
|
||||
" http://www.ethereal.com/sample/\n"
|
||||
"\n"
|
||||
" Q 5.7: When I run Ethereal on Solaris 8, it dies with a Bus Error when\n"
|
||||
" Q 5.8: When I run Ethereal on Solaris 8, it dies with a Bus Error when\n"
|
||||
" I start it.\n"
|
||||
"\n"
|
||||
" A: Some versions of the GTK+ library from www.sunfreeware.org appear\n"
|
||||
|
@ -921,10 +962,12 @@
|
|||
" version, from the same source, as well. (If you get the 1.2.10\n"
|
||||
" versions from www.sunfreeware.org, and the problem persists,\n"
|
||||
" un-install them and try installing one of the other versions\n"
|
||||
" mentioned.) Similar problems may exist with older versions of GTK+ for\n"
|
||||
" earlier versions of Solaris.\n"
|
||||
" mentioned.)\n"
|
||||
"\n"
|
||||
" Q 5.8: I'm running Ethereal on Linux; why do my time stamps have only\n"
|
||||
" Similar problems may exist with older versions of GTK+ for earlier\n"
|
||||
" versions of Solaris.\n"
|
||||
"\n"
|
||||
" Q 5.9: I'm running Ethereal on Linux; why do my time stamps have only\n"
|
||||
" 100ms resolution, rather than 1us resolution?\n"
|
||||
"\n"
|
||||
" A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap\n"
|
||||
|
@ -950,7 +993,7 @@
|
|||
" have to run a standard kernel from kernel.org in order to get\n"
|
||||
" high-resolution time stamps.\n"
|
||||
"\n"
|
||||
" Q 5.9: I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n"
|
||||
" Q 5.10: I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n"
|
||||
" why are the time stamps on packets wrong? \n"
|
||||
"\n"
|
||||
" A: This is due to a bug in WinPcap. The bug should be fixed in the\n"
|
||||
|
@ -959,7 +1002,7 @@
|
|||
" report those bugs to the WinPcap developers, and help them try to\n"
|
||||
" track down the problem, so that they can fix it for the final release.\n"
|
||||
"\n"
|
||||
" Q 5.10: When I try to run Ethereal on Windows, it fails to run because\n"
|
||||
" Q 5.11: When I try to run Ethereal on Windows, it fails to run because\n"
|
||||
" it can't find packet.dll.\n"
|
||||
"\n"
|
||||
" A: In older versions of Ethereal, there were two binary distributions\n"
|
||||
|
@ -976,7 +1019,7 @@
|
|||
" Web site, the local mirror of the WinPcap Web site, or the\n"
|
||||
" Wiretapped.net mirror of the WinPcap site.\n"
|
||||
"\n"
|
||||
" Q 5.11: Why does some network interface on my machine not show up in\n"
|
||||
" Q 5.12: Why does some network interface on my machine not show up in\n"
|
||||
" the list of interfaces in the \"Interface:\" field in the dialog box\n"
|
||||
" popped up by \"Capture->Start\", and/or why does Ethereal give me an\n"
|
||||
" error if I try to capture on that interface? \n"
|
||||
|
@ -1101,7 +1144,7 @@
|
|||
" details of the problem, as described above, and also indicate that the\n"
|
||||
" problem occurs with tcpdump/WinDump, not just with Ethereal.\n"
|
||||
"\n"
|
||||
" Q 5.12: I'm running Ethereal on Windows NT/2000/XP/Server; my machine\n"
|
||||
" Q 5.13: I'm running Ethereal on Windows NT/2000/XP/Server; my machine\n"
|
||||
" has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n"
|
||||
" \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n"
|
||||
" packets be sent on or received from that network while I'm trying to\n"
|
||||
|
@ -1115,7 +1158,7 @@
|
|||
" Preferences\" dialog box, but this may mean that outgoing packets, or\n"
|
||||
" incoming packets, won't be seen in the capture.\n"
|
||||
"\n"
|
||||
" Q 5.13: I'm running Ethereal on Windows 95/98/Me, on a machine with\n"
|
||||
" Q 5.14: I'm running Ethereal on Windows 95/98/Me, on a machine with\n"
|
||||
" more than one network adapter of the same type; Ethereal shows all of\n"
|
||||
" those adapters with the same name, but I can't use any of those\n"
|
||||
" adapters other than the first one.\n"
|
||||
|
@ -1126,7 +1169,7 @@
|
|||
" capture only on the first such interface; Ethereal is a\n"
|
||||
" libpcap/WinPcap-based application.\n"
|
||||
"\n"
|
||||
" Q 5.14: I have an XXX network card on my machine; if I try to capture\n"
|
||||
" Q 5.15: I have an XXX network card on my machine; if I try to capture\n"
|
||||
" on it, my machine crashes or resets itself. \n"
|
||||
"\n"
|
||||
" A: This is almost certainly a problem with one or more of:\n"
|
||||
|
@ -1144,7 +1187,7 @@
|
|||
" Linux distribution, report the problem to whoever produces the\n"
|
||||
" distribution).\n"
|
||||
"\n"
|
||||
" Q 5.15: My machine crashes or resets itself when I select \"Start\" from\n"
|
||||
" Q 5.16: My machine crashes or resets itself when I select \"Start\" from\n"
|
||||
" the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n"
|
||||
"\n"
|
||||
" A: Both of those operations cause Ethereal to try to build a list of\n"
|
||||
|
@ -1153,20 +1196,22 @@
|
|||
" or, for Windows, WinPcap bug that causes the system to crash when this\n"
|
||||
" happens; see the previous question.\n"
|
||||
"\n"
|
||||
" Q 5.16: Does Ethereal work on Windows ME? \n"
|
||||
" Q 5.17: Does Ethereal work on Windows ME? \n"
|
||||
"\n"
|
||||
" A: Yes, but if you want to capture packets, you will need to install\n"
|
||||
" the latest version of WinPcap, as 2.02 and earlier versions of WinPcap\n"
|
||||
" didn't support Windows ME. You should also install the latest version\n"
|
||||
" of Ethereal as well.\n"
|
||||
"\n"
|
||||
" Q 5.17: Does Ethereal work on Windows XP? \n"
|
||||
,
|
||||
|
||||
" Q 5.18: Does Ethereal work on Windows XP? \n"
|
||||
"\n"
|
||||
" A: Yes, but if you want to capture packets, you will need to install\n"
|
||||
" the latest version of WinPcap, as 2.2 and earlier versions of WinPcap\n"
|
||||
" didn't support Windows XP.\n"
|
||||
"\n"
|
||||
" Q 5.18: Why doesn't Ethereal correctly identify RTP packets? It shows\n"
|
||||
" Q 5.19: Why doesn't Ethereal correctly identify RTP packets? It shows\n"
|
||||
" them only as UDP.\n"
|
||||
"\n"
|
||||
" A: Ethereal can identify a UDP datagram as containing a packet of a\n"
|
||||
|
@ -1199,7 +1244,7 @@
|
|||
" both the source and destination ports of the packet should be\n"
|
||||
" dissected as some particular protocol.\n"
|
||||
"\n"
|
||||
" Q 5.19: Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
|
||||
" Q 5.20: Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
|
||||
" that contain Yahoo Messenger traffic?\n"
|
||||
"\n"
|
||||
" A: Ethereal only recognizes as Yahoo Messenger traffic packets to or\n"
|
||||
|
@ -1212,7 +1257,7 @@
|
|||
" some versions of the protocol apparently do, will not be\n"
|
||||
" recognized as Yahoo Messenger packets.\n"
|
||||
"\n"
|
||||
" Q 5.20: Why do I get the error \n"
|
||||
" Q 5.21: Why do I get the error \n"
|
||||
"\n"
|
||||
" Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n"
|
||||
" Windows.\n"
|
||||
|
@ -1227,7 +1272,7 @@
|
|||
" to a display mode with more colors; if it doesn't support more than\n"
|
||||
" 256 colors, you will be unable to run Ethereal.\n"
|
||||
"\n"
|
||||
" Q 5.21: When I capture on Windows in promiscuous mode, I can see\n"
|
||||
" Q 5.22: When I capture on Windows in promiscuous mode, I can see\n"
|
||||
" packets other than those sent to or from my machine; however, those\n"
|
||||
" packets show up with a \"Short Frame\" indication, unlike packets to or\n"
|
||||
" from my machine. What should I do to arrange that I see those packets\n"
|
||||
|
@ -1237,7 +1282,7 @@
|
|||
" running on the network interface on which you're capturing; turn it\n"
|
||||
" off on that interface.\n"
|
||||
"\n"
|
||||
" Q 5.22: How can I capture raw 802.11 packets, including non-data\n"
|
||||
" Q 5.23: How can I capture raw 802.11 packets, including non-data\n"
|
||||
" (management, beacon) packets? \n"
|
||||
"\n"
|
||||
" A: The answer to this depends on the operating system on which you're\n"
|
||||
|
@ -1337,7 +1382,7 @@
|
|||
" On platforms that don't allow Ethereal to capture raw 802.11 packets,\n"
|
||||
" the 802.11 network will appear like an Ethernet to Ethereal.\n"
|
||||
"\n"
|
||||
" Q 5.23: How can I capture packets with CRC errors? \n"
|
||||
" Q 5.24: How can I capture packets with CRC errors? \n"
|
||||
"\n"
|
||||
" A: Ethereal can capture only the packets that the packet capture\n"
|
||||
" library - libpcap on UNIX-flavored OSes, and the WinPcap port to\n"
|
||||
|
@ -1354,7 +1399,7 @@
|
|||
" libpcap and the packet capture program you're using are necessary to\n"
|
||||
" support capturing those packets.\n"
|
||||
"\n"
|
||||
" Q 5.24: How can I capture entire frames, including the FCS? \n"
|
||||
" Q 5.25: How can I capture entire frames, including the FCS? \n"
|
||||
"\n"
|
||||
" A: Ethereal can't capture any data that the packet capture library -\n"
|
||||
" libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of\n"
|
||||
|
@ -1374,7 +1419,7 @@
|
|||
" not support capturing the FCS of a frame on Ethernet, and probably do\n"
|
||||
" not support it on most other link-layer types.\n"
|
||||
"\n"
|
||||
" Q 5.25: Ethereal hangs after I stop a capture. \n"
|
||||
" Q 5.26: Ethereal hangs after I stop a capture. \n"
|
||||
"\n"
|
||||
" A: The most likely reason for this is that Ethereal is trying to look\n"
|
||||
" up an IP address in the capture to convert it to a name (so that, for\n"
|
||||
|
@ -1444,7 +1489,7 @@
|
|||
" contains sensitive information (e.g., passwords), then please do not\n"
|
||||
" send it.\n"
|
||||
"\n"
|
||||
" Q 5.26: How can I search for, or filter, packets that have a\n"
|
||||
" Q 5.27: How can I search for, or filter, packets that have a\n"
|
||||
" particular string anywhere in them? \n"
|
||||
"\n"
|
||||
" A: Currently, you can't.\n"
|
||||
|
@ -1466,4 +1511,7 @@
|
|||
" list. \n"
|
||||
" For corrections/additions/suggestions for this page, please send email\n"
|
||||
" to: ethereal-web[AT]ethereal.com\n"
|
||||
" Last modified: Sun, February 09 2003.\n"
|
||||
" Last modified: Thu, February 27 2003.\n"
|
||||
};
|
||||
#define FAQ_PARTS 4
|
||||
#define FAQ_SIZE 68220
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* help_dlg.c
|
||||
*
|
||||
* $Id: help_dlg.c,v 1.31 2003/01/29 12:58:48 jmayer Exp $
|
||||
* $Id: help_dlg.c,v 1.32 2003/03/02 17:42:37 jmayer Exp $
|
||||
*
|
||||
* Laurent Deniel <laurent.deniel@free.fr>
|
||||
*
|
||||
|
@ -369,9 +369,11 @@ static char *dfilter_help =
|
|||
"The following per-protocol fields can be used in display\n"
|
||||
"filters:\n";
|
||||
|
||||
static char *faq_help =
|
||||
// static char *faq_help =
|
||||
// #include "../FAQ.include"
|
||||
// "\n";
|
||||
/* FAQ_PARTS, FAQ_SIZE, faq_part[0] ... faq_part[FAQ_PARTS-1] */
|
||||
#include "../FAQ.include"
|
||||
"\n";
|
||||
|
||||
static char *cfilter_help =
|
||||
"Packet capturing is performed with the pcap library. The capture filter "
|
||||
|
@ -406,6 +408,7 @@ static void set_help_text(GtkWidget *w, help_type_t type)
|
|||
#define BUFF_LEN 4096
|
||||
#define B_LEN 256
|
||||
char buffer[BUFF_LEN];
|
||||
char faq_help[FAQ_SIZE];
|
||||
header_field_info *hfinfo;
|
||||
int i, len, maxlen = 0, maxlen2 = 0;
|
||||
#if GTK_MAJOR_VERSION < 2
|
||||
|
@ -545,6 +548,10 @@ static void set_help_text(GtkWidget *w, help_type_t type)
|
|||
#endif
|
||||
break;
|
||||
case FAQ_HELP :
|
||||
for (i=0; i<FAQ_PARTS; i++) {
|
||||
/* this is O(n^2) but with very small n */
|
||||
strcat(faq_help, faq_part[i]);
|
||||
}
|
||||
insert_text(w, faq_help, -1);
|
||||
break;
|
||||
case CFILTER_HELP :
|
||||
|
|
28
make-faq
28
make-faq
|
@ -1,14 +1,16 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $Id: make-faq,v 1.3 2003/02/18 11:24:19 jmayer Exp $
|
||||
# $Id: make-faq,v 1.4 2003/03/02 17:42:28 jmayer Exp $
|
||||
#
|
||||
# Make-faq - Creates a plain text version of the Ethereal FAQ
|
||||
# from http://www.ethereal.com/faq
|
||||
|
||||
FAQ=FAQ
|
||||
# Split the FAQ every LINECOUNT lines so the strings don't become too long
|
||||
# for # some compilers.
|
||||
LINECOUNT=400
|
||||
|
||||
rm -f $FAQ
|
||||
cat >$FAQ <<EOF
|
||||
rm -f FAQ
|
||||
cat >FAQ <<EOF
|
||||
|
||||
The Ethereal FAQ
|
||||
|
||||
|
@ -24,6 +26,22 @@ EOF
|
|||
lynx -dump -nolist "http://www.ethereal.com/faq" | sed -e '1,/INDEX/d' >>FAQ
|
||||
|
||||
# Create an #include'able version for gtk/help_dlg.c
|
||||
sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/^/"/' -e 's/$/\\n"/' <FAQ >FAQ.include
|
||||
rm -f FAQ.include FAQTMP*
|
||||
split -l $LINECOUNT FAQ FAQTMP
|
||||
NUM=0
|
||||
echo "const char *faq_part[] = {" >>FAQ.include
|
||||
for i in FAQTMP*; do
|
||||
if [ $NUM -ne 0 ]; then
|
||||
echo "," >>FAQ.include
|
||||
echo >>FAQ.include
|
||||
fi
|
||||
sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/^/"/' -e 's/$/\\n"/' <$i >>FAQ.include
|
||||
NUM=`expr $NUM + 1`
|
||||
done
|
||||
echo "};" >>FAQ.include
|
||||
echo "#define FAQ_PARTS $NUM" >>FAQ.include
|
||||
SIZE=`wc -c FAQ | tr -d ' A-Za-z'`
|
||||
echo "#define FAQ_SIZE $SIZE" >>FAQ.include
|
||||
rm -f FAQTMP*
|
||||
|
||||
exit 0
|
||||
|
|
Loading…
Reference in New Issue