forked from osmocom/wireshark
Update to Sun, February 27 2005.
svn path=/trunk/; revision=13610
This commit is contained in:
parent
476c8da086
commit
723feba68e
246
FAQ
246
FAQ
|
@ -86,7 +86,7 @@ Using Ethereal:
|
|||
box popped up by "Capture->Start"?
|
||||
|
||||
5.6 I'm running Ethereal on Windows; why doesn't my serial port/ADSL
|
||||
modem/ISDN modem/show up in the list of interfaces in the "Interface:"
|
||||
modem/ISDN modem show up in the list of interfaces in the "Interface:"
|
||||
field in the dialog box popped up by "Capture->Start"?
|
||||
|
||||
5.7 I'm running Ethereal on a UNIX-flavored OS; why does some network
|
||||
|
@ -147,11 +147,12 @@ Using Ethereal:
|
|||
5.23 When I try to run Ethereal on Windows, it fails to run because it
|
||||
can't find packet.dll.
|
||||
|
||||
5.24 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has
|
||||
a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
|
||||
"Interface" item in the "Capture Options" dialog box. Why can no
|
||||
packets be sent on or received from that network while I'm trying to
|
||||
capture traffic on that interface?
|
||||
5.24 I'm running Ethereal on Windows NT 4.0/Windows 2000/Windows
|
||||
XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN,
|
||||
etc.) interface, and it shows up in the "Interface" item in the
|
||||
"Capture Options" dialog box. Why can no packets be sent on or
|
||||
received from that network while I'm trying to capture traffic on that
|
||||
interface?
|
||||
|
||||
5.25 I'm running Ethereal on Windows 95/98/Me, on a machine with more
|
||||
than one network adapter of the same type; Ethereal shows all of those
|
||||
|
@ -252,7 +253,7 @@ General Questions
|
|||
|
||||
Q 1.4: Can I use Ethereal as part of my commercial product?
|
||||
|
||||
A: As noted, Ethereal is licended under the GNU General Public
|
||||
A: As noted, Ethereal is licensed under the GNU General Public
|
||||
License. The GPL imposes conditions on your use of GPL'ed code in your
|
||||
own products; you cannot, for example, make a "derived work" from
|
||||
Ethereal, by making modifications to it, and then sell the resulting
|
||||
|
@ -271,7 +272,7 @@ General Questions
|
|||
|
||||
Q 1.5: What protocols are currently supported?
|
||||
|
||||
A: There are currently 620 supported protocols and media, listed
|
||||
A: There are currently 658 supported protocols and media, listed
|
||||
below. Descriptions can be found in the ethereal(1) man page.
|
||||
|
||||
3GPP2 A11
|
||||
|
@ -320,6 +321,7 @@ General Questions
|
|||
AVS WLAN Capture header
|
||||
AX/4000 Test Block
|
||||
Ad hoc On-demand Distance Vector Routing Protocol
|
||||
Adaptive Multi-Rate
|
||||
Address Resolution Protocol
|
||||
Aggregate Server Access Protocol
|
||||
Alert Standard Forum
|
||||
|
@ -334,6 +336,7 @@ General Questions
|
|||
Application Configuration Access Protocol
|
||||
Art-Net
|
||||
Async data over ISDN (V.120)
|
||||
Asynchronous Layered Coding
|
||||
Authentication Header
|
||||
BACnet Virtual Link Control
|
||||
BEA Tuxedo
|
||||
|
@ -360,9 +363,12 @@ General Questions
|
|||
Border Gateway Protocol
|
||||
Building Automation and Control Network APDU
|
||||
Building Automation and Control Network NPDU
|
||||
CBAPhysicalDevice
|
||||
CCSDS
|
||||
CDS Clerk Server Calls
|
||||
Cast Client Control Protocol
|
||||
Certificate Management Protocol
|
||||
Certificate Request Message Format
|
||||
Check Point High Availability Protocol
|
||||
Checkpoint FW-1
|
||||
Cisco Auto-RP
|
||||
|
@ -399,7 +405,7 @@ General Questions
|
|||
DCE/RPC Conversation Manager
|
||||
DCE/RPC Directory Acl Interface
|
||||
DCE/RPC Endpoint Mapper
|
||||
DCE/RPC Endpoint Mapper4
|
||||
DCE/RPC Endpoint Mapper v4
|
||||
DCE/RPC FLDB
|
||||
DCE/RPC FLDB UBIK TRANSFER
|
||||
DCE/RPC FLDB UBIKVOTE
|
||||
|
@ -423,8 +429,10 @@ cies
|
|||
DCE/RPC Repserver Calls
|
||||
DCE/RPC TokenServer Calls
|
||||
DCE/RPC UpServer
|
||||
DCOM
|
||||
DCOM IDispatch
|
||||
DCOM IRemoteActivation
|
||||
DCOM OXID Resolver
|
||||
DCOM Remote Activation
|
||||
DEC Spanning Tree Protocol
|
||||
DFS Calls
|
||||
DG Gryphon Protocol
|
||||
|
@ -507,27 +515,51 @@ cies
|
|||
GSM A-I/F BSSMAP
|
||||
GSM A-I/F DTAP
|
||||
GSM A-I/F RP
|
||||
GSM Mobile Application Part
|
||||
GSM SMS TPDU (GSM 03.40)
|
||||
GSM Short Message Service User Data
|
||||
GSM_MobileAPplication
|
||||
General Inter-ORB Protocol
|
||||
Generic Routing Encapsulation
|
||||
Generic Security Service Application Program Interface
|
||||
Gnutella Protocol
|
||||
H.248 MEGACO
|
||||
H225
|
||||
H235-SECURITY-MESSAGES
|
||||
H245
|
||||
H4501
|
||||
HP Extended Local-Link Control
|
||||
HP Remote Maintenance Protocol
|
||||
Hummingbird NFS Daemon
|
||||
HyperSCSI
|
||||
Hypertext Transfer Protocol
|
||||
ICBAAccoCallback
|
||||
ICBAAccoCallback2
|
||||
ICBAAccoMgt
|
||||
ICBAAccoMgt2
|
||||
ICBAAccoServer
|
||||
ICBAAccoServer2
|
||||
ICBAAccoServerSRT
|
||||
ICBAAccoSync
|
||||
ICBABrowse
|
||||
ICBABrowse2
|
||||
ICBAGroupError
|
||||
ICBAGroupErrorEvent
|
||||
ICBALogicalDevice
|
||||
ICBALogicalDevice2
|
||||
ICBAPersist
|
||||
ICBAPersist2
|
||||
ICBAPhysicalDevice
|
||||
ICBAPhysicalDevice2
|
||||
ICBAPhysicalDevicePC
|
||||
ICBAPhysicalDevicePCEvent
|
||||
ICBARTAuto
|
||||
ICBARTAuto2
|
||||
ICBAState
|
||||
ICBAStateEvent
|
||||
ICBASystemProperties
|
||||
ICBATime
|
||||
ICQ Protocol
|
||||
IEEE 802.11 Radiotap Capture header
|
||||
IEEE 802.11 wireless LAN
|
||||
IEEE 802.11 wireless LAN management frame
|
||||
IEEE802a OUI Extended Ethertype
|
||||
ILMI
|
||||
IP Device Control (SS7 over IP)
|
||||
IP Over FC
|
||||
|
@ -536,8 +568,8 @@ cies
|
|||
IPX Message
|
||||
IPX Routing Information Protocol
|
||||
IPX WAN
|
||||
IRemUnknown IRemUnknown Resolver
|
||||
IRemUnknown2 IRemUnknown2 Resolver
|
||||
IRemUnknown
|
||||
IRemUnknown2
|
||||
ISDN
|
||||
ISDN Q.921-User Adaptation Layer
|
||||
ISDN User Part
|
||||
|
@ -578,6 +610,7 @@ cies
|
|||
IrDA Link Access Protocol
|
||||
IrDA Link Management Protocol
|
||||
JPEG File Interchange Format
|
||||
JXTA P2P
|
||||
Jabber XML Messaging
|
||||
Java RMI
|
||||
Java Serialization
|
||||
|
@ -628,6 +661,7 @@ cies
|
|||
Message Transfer Part Level 2
|
||||
Message Transfer Part Level 3
|
||||
Message Transfer Part Level 3 Management
|
||||
Meta Analysis Tracing Engine
|
||||
Microsoft Directory Replication Service
|
||||
Microsoft Distributed File System
|
||||
Microsoft Distributed Link Tracking Server Service
|
||||
|
@ -668,6 +702,7 @@ cies
|
|||
NTLM Secure Service Provider
|
||||
Name Binding Protocol
|
||||
Name Management Protocol over IPX
|
||||
Negative-acknowledgment Oriented Reliable Multicast
|
||||
NetBIOS
|
||||
NetBIOS Datagram Service
|
||||
NetBIOS Name Service
|
||||
|
@ -707,7 +742,6 @@ cies
|
|||
PKIX1Explitit
|
||||
PKIX1Implitit
|
||||
PKIXProxy (RFC3820)
|
||||
POSTGRESQL
|
||||
PPP Bandwidth Allocation Control Protocol
|
||||
PPP Bandwidth Allocation Protocol
|
||||
PPP CDP Control Protocol
|
||||
|
@ -717,6 +751,7 @@ cies
|
|||
PPP Compression Control Protocol
|
||||
PPP IP Control Protocol
|
||||
PPP IPv6 Control Protocol
|
||||
PPP In HDLC-Like Framing
|
||||
PPP Link Control Protocol
|
||||
PPP MPLS Control Protocol
|
||||
PPP Multilink Protocol
|
||||
|
@ -738,6 +773,7 @@ cies
|
|||
Port Aggregation Protocol
|
||||
Portmap
|
||||
Post Office Protocol
|
||||
PostgreSQL
|
||||
Pragmatic General Multicast
|
||||
Precision Time Protocol (IEEE1588)
|
||||
Prism
|
||||
|
@ -893,6 +929,9 @@ cies
|
|||
Zone Information Protocol
|
||||
eDonkey Protocol
|
||||
giFT Internet File Transfer
|
||||
h225
|
||||
h245
|
||||
h450
|
||||
iSCSI
|
||||
iSNS
|
||||
|
||||
|
@ -1111,9 +1150,10 @@ Using Ethereal
|
|||
to see from or to the machine I'm trying to monitor.
|
||||
|
||||
A: This might be because the interface on which you're capturing is
|
||||
plugged into a switch; on a switched network, unicast traffic between
|
||||
two ports will not necessarily appear on other ports - only broadcast
|
||||
and multicast traffic will be sent to all ports.
|
||||
plugged into an Ethernet or Token Ring switch; on a switched network,
|
||||
unicast traffic between two ports will not necessarily appear on other
|
||||
ports - only broadcast and multicast traffic will be sent to all
|
||||
ports.
|
||||
|
||||
Note that even if your machine is plugged into a hub, the "hub" may be
|
||||
a switched hub, in which case you're still on a switched network.
|
||||
|
@ -1182,11 +1222,8 @@ Using Ethereal
|
|||
|
||||
In the case of token ring interfaces, the drivers for some of them, on
|
||||
Windows, may require you to enable promiscuous mode in order to
|
||||
capture in promiscuous mode. Ask the vendor of the card how to do
|
||||
this, or see, for example, this information on promiscuous mode on
|
||||
some Madge token ring adapters (note that those cards can have
|
||||
promiscuous mode disabled permanently, in which case you can't enable
|
||||
it).
|
||||
capture in promiscuous mode. See the Ethereal Wiki item on Token Ring
|
||||
capturing for details.
|
||||
|
||||
In the case of wireless LAN interfaces, it appears that, when those
|
||||
interfaces are promiscuously sniffing, they're running in a
|
||||
|
@ -1237,19 +1274,20 @@ Using Ethereal
|
|||
interface?
|
||||
|
||||
A: If you are running Ethereal on Windows NT 4.0, Windows 2000,
|
||||
Windows XP, or Windows Server, and this is the first time you have run
|
||||
a WinPcap-based program (such as Ethereal, or Tethereal, or WinDump,
|
||||
or Analyzer, or...) since the machine was rebooted, you need to run
|
||||
that program from an account with administrator privileges; once you
|
||||
have run such a program, you will not need administrator privileges to
|
||||
run any such programs until you reboot.
|
||||
Windows XP, or Windows Server 2003, and this is the first time you
|
||||
have run a WinPcap-based program (such as Ethereal, or Tethereal, or
|
||||
WinDump, or Analyzer, or...) since the machine was rebooted, you need
|
||||
to run that program from an account with administrator privileges;
|
||||
once you have run such a program, you will not need administrator
|
||||
privileges to run any such programs until you reboot.
|
||||
|
||||
If you are running on Windows 95/98/Me, or if you are running on
|
||||
Windows NT 4.0/2000/XP/Server and have administrator privileges or a
|
||||
WinPcap-based program has been run with those privileges since the
|
||||
machine rebooted, then note that Ethereal relies on the WinPcap
|
||||
library, on the WinPcap device driver, and on the facilities that come
|
||||
with the OS on which it's running in order to do captures.
|
||||
Windows NT 4.0/Windows 2000/Windows XP/Windows Server 2003 and have
|
||||
administrator privileges or a WinPcap-based program has been run with
|
||||
those privileges since the machine rebooted, then note that Ethereal
|
||||
relies on the WinPcap library, on the WinPcap device driver, and on
|
||||
the facilities that come with the OS on which it's running in order to
|
||||
do captures.
|
||||
|
||||
Therefore, if the OS, the WinPcap library, or the WinPcap driver don't
|
||||
support capturing on a particular network interface device, Ethereal
|
||||
|
@ -1276,14 +1314,22 @@ Using Ethereal
|
|||
capture on the interface you're currently using. In that case, you
|
||||
might, for example, have to remove the VPN interface from the
|
||||
system in order to capture on the PPP serial interface.
|
||||
3. WinPcap 3.0 doesn't support PPP WAN interfaces, and WinPcap 2.3
|
||||
doesn't support PPP WAN interfaces on Windows NT/2000/XP/Server,
|
||||
so Ethereal cannot capture packets on those devices with WinPcap
|
||||
3.0, or with WInPcap 2.x when running on Windows
|
||||
NT/2000/XP/Server. Regular dial-up lines, ISDN lines, and various
|
||||
other lines such as T1/E1 lines are all PPP interfaces. This may
|
||||
cause the interface not to show up on the list of interfaces in
|
||||
the "Capture Options" dialog.
|
||||
3. WinPcap 2.3 has problems supporting PPP WAN interfaces on Windows
|
||||
NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, and, to
|
||||
avoid those problems, support for PPP WAN interfaces on those
|
||||
versions of Windows has been disabled in WinPcap 3.0. Regular
|
||||
dial-up lines, ISDN lines, ADSL connections using PPPoE or PPPoA,
|
||||
and various other lines such as T1/E1 lines are all PPP
|
||||
interfaces, so those interfaces might not show up on the list of
|
||||
interfaces in the "Capture Options" dialog on those OSes.
|
||||
On Windows 2000 and later, installing the beta version of WinPcap
|
||||
3.1 might help, although, as it's a beta version, that might cause
|
||||
some other problems that don't occur with older versions of
|
||||
WinPcap; you should report those problems to the WinPcap
|
||||
developers, so that they can try to fix those problems before the
|
||||
final version of WinPcap 3.1 is released. WinPcap 3.1 will not
|
||||
support PPP captures on Windows NT 4.0. See the Ethereal Wiki item
|
||||
on PPP capturing for details.
|
||||
4. WinPcap prior to 3.0 does not support multiprocessor machines
|
||||
(note that machines with a single multi-threaded processor, such
|
||||
as Intel's new multi-threaded x86 processors, are multiprocessor
|
||||
|
@ -1365,16 +1411,23 @@ Using Ethereal
|
|||
response to that question.
|
||||
|
||||
Q 5.6: I'm running Ethereal on Windows; why doesn't my serial
|
||||
port/ADSL modem/ISDN modem/show up in the list of interfaces in the
|
||||
port/ADSL modem/ISDN modem show up in the list of interfaces in the
|
||||
"Interface:" field in the dialog box popped up by "Capture->Start"?
|
||||
|
||||
A: All of those devices support Internet access using the
|
||||
Point-to-Point (PPP) protocol; WinPcap 3.0 doesn't support PPP
|
||||
interfaces, and WinPcap 2.x doesn't support PPP interfaces on Windows
|
||||
NT/2000/XP/Server, so Ethereal cannot capture packets on those devices
|
||||
with WinPcap 3.0, or with WinPcap 2.x when running on Windows
|
||||
NT/2000/XP/Server. This may cause the interface not to show up on the
|
||||
list of interfaces in the "Capture Options" dialog.
|
||||
A: Internet access on those devices is often done with the
|
||||
Point-to-Point (PPP) protocol; WinPcap 2.3 has problems supporting PPP
|
||||
WAN interfaces on Windows NT 4.0, Windows 2000, Windows XP, and
|
||||
Windows Server 2003, and, to avoid those problems, support for PPP WAN
|
||||
interfaces on those versions of Windows has been disabled in WinPcap
|
||||
3.0.
|
||||
|
||||
On Windows 2000 and later, installing the beta version of WinPcap 3.1
|
||||
might help, although, as it's a beta version, that might cause some
|
||||
other problems that don't occur with older versions of WinPcap; you
|
||||
should report those problems to the WinPcap developers, so that they
|
||||
can try to fix those problems before the final version of WinPcap 3.1
|
||||
is released. WinPcap 3.1 will not support PPP captures on Windows NT
|
||||
4.0. See the Ethereal Wiki item on PPP capturing for details.
|
||||
|
||||
Q 5.7: I'm running Ethereal on a UNIX-flavored OS; why does some
|
||||
network interface on my machine not show up in the list of interfaces
|
||||
|
@ -1383,31 +1436,27 @@ Using Ethereal
|
|||
to capture on that interface?
|
||||
|
||||
A: You may need to run Ethereal from an account with sufficient
|
||||
privileges to capture packets, such as the super-user account. Only
|
||||
those interfaces that Ethereal can open for capturing show up in that
|
||||
list; if you don't have sufficient privileges to capture on any
|
||||
interfaces, no interfaces will show up in the list.
|
||||
privileges to capture packets, such as the super-user account, or may
|
||||
need to give your account sufficient privileges to capture packets.
|
||||
Only those interfaces that Ethereal can open for capturing show up in
|
||||
that list; if you don't have sufficient privileges to capture on any
|
||||
interfaces, no interfaces will show up in the list. See the Ethereal
|
||||
Wiki item on capture privileges for details on how to give a
|
||||
particular account or account group capture privileges on platforms
|
||||
where that can be done.
|
||||
|
||||
If you are running Ethereal from an account with sufficient
|
||||
privileges, then note that Ethereal relies on the libpcap library, and
|
||||
on the facilities that come with the OS on which it's running in order
|
||||
to do captures.
|
||||
to do captures. On some OSes, those facilities aren't present by
|
||||
default; see the Ethereal Wiki item on adding capture support for
|
||||
details.
|
||||
|
||||
Therefore, if the OS or the libpcap library don't support capturing on
|
||||
a particular network interface device, Ethereal won't be able to
|
||||
capture on that device.
|
||||
|
||||
On Linux, note that you need to have "packet socket" support enabled
|
||||
in your kernel; see the "Packet socket" item in the Linux
|
||||
"Configure.help" file.
|
||||
|
||||
On BSD, note that you need to have BPF support enabled in your kernel;
|
||||
see the documentation for your system for information on how to enable
|
||||
BPF support (if it's not enabled by default on your system).
|
||||
|
||||
On DEC OSF/1, Digital UNIX, or Tru64 UNIX, note that you need to have
|
||||
packet filtering support in your kernel; the doconfig command will
|
||||
allow you to configure and build a new kernel with that option.
|
||||
And, even if you're running with an account that has sufficient
|
||||
privileges to capture, and capture support is present in your OS, if
|
||||
the OS or the libpcap library don't support capturing on a particular
|
||||
network interface device or particular types of devices, Ethereal
|
||||
won't be able to capture on that device.
|
||||
|
||||
On Solaris, note that libpcap 0.6.2 and earlier didn't support Token
|
||||
Ring interfaces; the current version, 0.7.2, does support Token Ring,
|
||||
|
@ -1716,19 +1765,29 @@ Using Ethereal
|
|||
Web site, the local mirror of the WinPcap Web site, or the
|
||||
Wiretapped.net mirror of the WinPcap site.
|
||||
|
||||
Q 5.24: I'm running Ethereal on Windows NT/2000/XP/Server; my machine
|
||||
has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
|
||||
"Interface" item in the "Capture Options" dialog box. Why can no
|
||||
packets be sent on or received from that network while I'm trying to
|
||||
capture traffic on that interface?
|
||||
Q 5.24: I'm running Ethereal on Windows NT 4.0/Windows 2000/Windows
|
||||
XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN,
|
||||
etc.) interface, and it shows up in the "Interface" item in the
|
||||
"Capture Options" dialog box. Why can no packets be sent on or
|
||||
received from that network while I'm trying to capture traffic on that
|
||||
interface?
|
||||
|
||||
A: WinPcap doesn't support PPP WAN interfaces on Windows
|
||||
NT/2000/XP/Server; one symptom that may be seen is that attempts to
|
||||
capture in promiscuous mode on the interface cause the interface to be
|
||||
incapable of sending or receiving packets. You can disable promiscuous
|
||||
mode using the -p command-line flag or the item in the "Capture
|
||||
Preferences" dialog box, but this may mean that outgoing packets, or
|
||||
incoming packets, won't be seen in the capture.
|
||||
A: Some versions of WinPcap have problems with PPP WAN interfaces on
|
||||
Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003; one
|
||||
symptom that may be seen is that attempts to capture in promiscuous
|
||||
mode on the interface cause the interface to be incapable of sending
|
||||
or receiving packets. You can disable promiscuous mode using the -p
|
||||
command-line flag or the item in the "Capture Preferences" dialog box,
|
||||
but this may mean that outgoing packets, or incoming packets, won't be
|
||||
seen in the capture.
|
||||
|
||||
On Windows 2000 and later, installing the beta version of WinPcap 3.1
|
||||
might help, although, as it's a beta version, that might cause some
|
||||
other problems that don't occur with older versions of WinPcap; you
|
||||
should report those problems to the WinPcap developers, so that they
|
||||
can try to fix those problems before the final version of WinPcap 3.1
|
||||
is released. WinPcap 3.1 will not support PPP captures on Windows NT
|
||||
4.0. See the Ethereal Wiki item on PPP capturing for details.
|
||||
|
||||
Q 5.25: I'm running Ethereal on Windows 95/98/Me, on a machine with
|
||||
more than one network adapter of the same type; Ethereal shows all of
|
||||
|
@ -1900,7 +1959,8 @@ Using Ethereal
|
|||
In order to see the raw Ethernet packets, rather than "de-VLANized"
|
||||
packets, you would have to capture not on the virtual interface for
|
||||
the VLAN, but on the interface corresponding to the physical network
|
||||
device, if possible.
|
||||
device, if possible. See the Ethereal Wiki item on VLAN capturing for
|
||||
details.
|
||||
|
||||
Q 5.37: How can I capture raw 802.11 packets, including non-data
|
||||
(management, beacon) packets?
|
||||
|
@ -2304,13 +2364,13 @@ Using Ethereal
|
|||
or /var/tmp on UNIX-flavored OSes, \TEMP on the main system disk
|
||||
(normally C:) on Windows 9x/Me/NT 4.0, and \Documents and
|
||||
Settings\your login name\Local Settings\Temp on the main system disk
|
||||
on Windows 2000/XP/Server 2003, so the capture file will probably be
|
||||
there. It will have a name beginning with ether, with some mixture of
|
||||
letters and numbers after that. Please don't send a trace file greater
|
||||
than 1 MB when compressed; instead, make it available via FTP or HTTP,
|
||||
or say it's available but leave it up to a developer to ask for it. If
|
||||
the trace file contains sensitive information (e.g., passwords), then
|
||||
please do not send it.
|
||||
on Windows 2000/Windows XP/Windows Server 2003, so the capture file
|
||||
will probably be there. It will have a name beginning with ether, with
|
||||
some mixture of letters and numbers after that. Please don't send a
|
||||
trace file greater than 1 MB when compressed; instead, make it
|
||||
available via FTP or HTTP, or say it's available but leave it up to a
|
||||
developer to ask for it. If the trace file contains sensitive
|
||||
information (e.g., passwords), then please do not send it.
|
||||
|
||||
Q 5.46: How can I search for, or filter, packets that have a
|
||||
particular string anywhere in them?
|
||||
|
@ -2353,4 +2413,4 @@ Using Ethereal
|
|||
For corrections/additions/suggestions for this web page (and not
|
||||
Ethereal support questions), please send email to
|
||||
ethereal-web[AT]ethereal.com .
|
||||
Last modified: Fri, January 14 2005.
|
||||
Last modified: Sun, February 27 2005.
|
||||
|
|
246
help/faq.txt
246
help/faq.txt
|
@ -86,7 +86,7 @@ Using Ethereal:
|
|||
box popped up by "Capture->Start"?
|
||||
|
||||
5.6 I'm running Ethereal on Windows; why doesn't my serial port/ADSL
|
||||
modem/ISDN modem/show up in the list of interfaces in the "Interface:"
|
||||
modem/ISDN modem show up in the list of interfaces in the "Interface:"
|
||||
field in the dialog box popped up by "Capture->Start"?
|
||||
|
||||
5.7 I'm running Ethereal on a UNIX-flavored OS; why does some network
|
||||
|
@ -147,11 +147,12 @@ Using Ethereal:
|
|||
5.23 When I try to run Ethereal on Windows, it fails to run because it
|
||||
can't find packet.dll.
|
||||
|
||||
5.24 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has
|
||||
a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
|
||||
"Interface" item in the "Capture Options" dialog box. Why can no
|
||||
packets be sent on or received from that network while I'm trying to
|
||||
capture traffic on that interface?
|
||||
5.24 I'm running Ethereal on Windows NT 4.0/Windows 2000/Windows
|
||||
XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN,
|
||||
etc.) interface, and it shows up in the "Interface" item in the
|
||||
"Capture Options" dialog box. Why can no packets be sent on or
|
||||
received from that network while I'm trying to capture traffic on that
|
||||
interface?
|
||||
|
||||
5.25 I'm running Ethereal on Windows 95/98/Me, on a machine with more
|
||||
than one network adapter of the same type; Ethereal shows all of those
|
||||
|
@ -252,7 +253,7 @@ General Questions
|
|||
|
||||
Q 1.4: Can I use Ethereal as part of my commercial product?
|
||||
|
||||
A: As noted, Ethereal is licended under the GNU General Public
|
||||
A: As noted, Ethereal is licensed under the GNU General Public
|
||||
License. The GPL imposes conditions on your use of GPL'ed code in your
|
||||
own products; you cannot, for example, make a "derived work" from
|
||||
Ethereal, by making modifications to it, and then sell the resulting
|
||||
|
@ -271,7 +272,7 @@ General Questions
|
|||
|
||||
Q 1.5: What protocols are currently supported?
|
||||
|
||||
A: There are currently 620 supported protocols and media, listed
|
||||
A: There are currently 658 supported protocols and media, listed
|
||||
below. Descriptions can be found in the ethereal(1) man page.
|
||||
|
||||
3GPP2 A11
|
||||
|
@ -320,6 +321,7 @@ General Questions
|
|||
AVS WLAN Capture header
|
||||
AX/4000 Test Block
|
||||
Ad hoc On-demand Distance Vector Routing Protocol
|
||||
Adaptive Multi-Rate
|
||||
Address Resolution Protocol
|
||||
Aggregate Server Access Protocol
|
||||
Alert Standard Forum
|
||||
|
@ -334,6 +336,7 @@ General Questions
|
|||
Application Configuration Access Protocol
|
||||
Art-Net
|
||||
Async data over ISDN (V.120)
|
||||
Asynchronous Layered Coding
|
||||
Authentication Header
|
||||
BACnet Virtual Link Control
|
||||
BEA Tuxedo
|
||||
|
@ -360,9 +363,12 @@ General Questions
|
|||
Border Gateway Protocol
|
||||
Building Automation and Control Network APDU
|
||||
Building Automation and Control Network NPDU
|
||||
CBAPhysicalDevice
|
||||
CCSDS
|
||||
CDS Clerk Server Calls
|
||||
Cast Client Control Protocol
|
||||
Certificate Management Protocol
|
||||
Certificate Request Message Format
|
||||
Check Point High Availability Protocol
|
||||
Checkpoint FW-1
|
||||
Cisco Auto-RP
|
||||
|
@ -399,7 +405,7 @@ General Questions
|
|||
DCE/RPC Conversation Manager
|
||||
DCE/RPC Directory Acl Interface
|
||||
DCE/RPC Endpoint Mapper
|
||||
DCE/RPC Endpoint Mapper4
|
||||
DCE/RPC Endpoint Mapper v4
|
||||
DCE/RPC FLDB
|
||||
DCE/RPC FLDB UBIK TRANSFER
|
||||
DCE/RPC FLDB UBIKVOTE
|
||||
|
@ -423,8 +429,10 @@ cies
|
|||
DCE/RPC Repserver Calls
|
||||
DCE/RPC TokenServer Calls
|
||||
DCE/RPC UpServer
|
||||
DCOM
|
||||
DCOM IDispatch
|
||||
DCOM IRemoteActivation
|
||||
DCOM OXID Resolver
|
||||
DCOM Remote Activation
|
||||
DEC Spanning Tree Protocol
|
||||
DFS Calls
|
||||
DG Gryphon Protocol
|
||||
|
@ -507,27 +515,51 @@ cies
|
|||
GSM A-I/F BSSMAP
|
||||
GSM A-I/F DTAP
|
||||
GSM A-I/F RP
|
||||
GSM Mobile Application Part
|
||||
GSM SMS TPDU (GSM 03.40)
|
||||
GSM Short Message Service User Data
|
||||
GSM_MobileAPplication
|
||||
General Inter-ORB Protocol
|
||||
Generic Routing Encapsulation
|
||||
Generic Security Service Application Program Interface
|
||||
Gnutella Protocol
|
||||
H.248 MEGACO
|
||||
H225
|
||||
H235-SECURITY-MESSAGES
|
||||
H245
|
||||
H4501
|
||||
HP Extended Local-Link Control
|
||||
HP Remote Maintenance Protocol
|
||||
Hummingbird NFS Daemon
|
||||
HyperSCSI
|
||||
Hypertext Transfer Protocol
|
||||
ICBAAccoCallback
|
||||
ICBAAccoCallback2
|
||||
ICBAAccoMgt
|
||||
ICBAAccoMgt2
|
||||
ICBAAccoServer
|
||||
ICBAAccoServer2
|
||||
ICBAAccoServerSRT
|
||||
ICBAAccoSync
|
||||
ICBABrowse
|
||||
ICBABrowse2
|
||||
ICBAGroupError
|
||||
ICBAGroupErrorEvent
|
||||
ICBALogicalDevice
|
||||
ICBALogicalDevice2
|
||||
ICBAPersist
|
||||
ICBAPersist2
|
||||
ICBAPhysicalDevice
|
||||
ICBAPhysicalDevice2
|
||||
ICBAPhysicalDevicePC
|
||||
ICBAPhysicalDevicePCEvent
|
||||
ICBARTAuto
|
||||
ICBARTAuto2
|
||||
ICBAState
|
||||
ICBAStateEvent
|
||||
ICBASystemProperties
|
||||
ICBATime
|
||||
ICQ Protocol
|
||||
IEEE 802.11 Radiotap Capture header
|
||||
IEEE 802.11 wireless LAN
|
||||
IEEE 802.11 wireless LAN management frame
|
||||
IEEE802a OUI Extended Ethertype
|
||||
ILMI
|
||||
IP Device Control (SS7 over IP)
|
||||
IP Over FC
|
||||
|
@ -536,8 +568,8 @@ cies
|
|||
IPX Message
|
||||
IPX Routing Information Protocol
|
||||
IPX WAN
|
||||
IRemUnknown IRemUnknown Resolver
|
||||
IRemUnknown2 IRemUnknown2 Resolver
|
||||
IRemUnknown
|
||||
IRemUnknown2
|
||||
ISDN
|
||||
ISDN Q.921-User Adaptation Layer
|
||||
ISDN User Part
|
||||
|
@ -578,6 +610,7 @@ cies
|
|||
IrDA Link Access Protocol
|
||||
IrDA Link Management Protocol
|
||||
JPEG File Interchange Format
|
||||
JXTA P2P
|
||||
Jabber XML Messaging
|
||||
Java RMI
|
||||
Java Serialization
|
||||
|
@ -628,6 +661,7 @@ cies
|
|||
Message Transfer Part Level 2
|
||||
Message Transfer Part Level 3
|
||||
Message Transfer Part Level 3 Management
|
||||
Meta Analysis Tracing Engine
|
||||
Microsoft Directory Replication Service
|
||||
Microsoft Distributed File System
|
||||
Microsoft Distributed Link Tracking Server Service
|
||||
|
@ -668,6 +702,7 @@ cies
|
|||
NTLM Secure Service Provider
|
||||
Name Binding Protocol
|
||||
Name Management Protocol over IPX
|
||||
Negative-acknowledgment Oriented Reliable Multicast
|
||||
NetBIOS
|
||||
NetBIOS Datagram Service
|
||||
NetBIOS Name Service
|
||||
|
@ -707,7 +742,6 @@ cies
|
|||
PKIX1Explitit
|
||||
PKIX1Implitit
|
||||
PKIXProxy (RFC3820)
|
||||
POSTGRESQL
|
||||
PPP Bandwidth Allocation Control Protocol
|
||||
PPP Bandwidth Allocation Protocol
|
||||
PPP CDP Control Protocol
|
||||
|
@ -717,6 +751,7 @@ cies
|
|||
PPP Compression Control Protocol
|
||||
PPP IP Control Protocol
|
||||
PPP IPv6 Control Protocol
|
||||
PPP In HDLC-Like Framing
|
||||
PPP Link Control Protocol
|
||||
PPP MPLS Control Protocol
|
||||
PPP Multilink Protocol
|
||||
|
@ -738,6 +773,7 @@ cies
|
|||
Port Aggregation Protocol
|
||||
Portmap
|
||||
Post Office Protocol
|
||||
PostgreSQL
|
||||
Pragmatic General Multicast
|
||||
Precision Time Protocol (IEEE1588)
|
||||
Prism
|
||||
|
@ -893,6 +929,9 @@ cies
|
|||
Zone Information Protocol
|
||||
eDonkey Protocol
|
||||
giFT Internet File Transfer
|
||||
h225
|
||||
h245
|
||||
h450
|
||||
iSCSI
|
||||
iSNS
|
||||
|
||||
|
@ -1111,9 +1150,10 @@ Using Ethereal
|
|||
to see from or to the machine I'm trying to monitor.
|
||||
|
||||
A: This might be because the interface on which you're capturing is
|
||||
plugged into a switch; on a switched network, unicast traffic between
|
||||
two ports will not necessarily appear on other ports - only broadcast
|
||||
and multicast traffic will be sent to all ports.
|
||||
plugged into an Ethernet or Token Ring switch; on a switched network,
|
||||
unicast traffic between two ports will not necessarily appear on other
|
||||
ports - only broadcast and multicast traffic will be sent to all
|
||||
ports.
|
||||
|
||||
Note that even if your machine is plugged into a hub, the "hub" may be
|
||||
a switched hub, in which case you're still on a switched network.
|
||||
|
@ -1182,11 +1222,8 @@ Using Ethereal
|
|||
|
||||
In the case of token ring interfaces, the drivers for some of them, on
|
||||
Windows, may require you to enable promiscuous mode in order to
|
||||
capture in promiscuous mode. Ask the vendor of the card how to do
|
||||
this, or see, for example, this information on promiscuous mode on
|
||||
some Madge token ring adapters (note that those cards can have
|
||||
promiscuous mode disabled permanently, in which case you can't enable
|
||||
it).
|
||||
capture in promiscuous mode. See the Ethereal Wiki item on Token Ring
|
||||
capturing for details.
|
||||
|
||||
In the case of wireless LAN interfaces, it appears that, when those
|
||||
interfaces are promiscuously sniffing, they're running in a
|
||||
|
@ -1237,19 +1274,20 @@ Using Ethereal
|
|||
interface?
|
||||
|
||||
A: If you are running Ethereal on Windows NT 4.0, Windows 2000,
|
||||
Windows XP, or Windows Server, and this is the first time you have run
|
||||
a WinPcap-based program (such as Ethereal, or Tethereal, or WinDump,
|
||||
or Analyzer, or...) since the machine was rebooted, you need to run
|
||||
that program from an account with administrator privileges; once you
|
||||
have run such a program, you will not need administrator privileges to
|
||||
run any such programs until you reboot.
|
||||
Windows XP, or Windows Server 2003, and this is the first time you
|
||||
have run a WinPcap-based program (such as Ethereal, or Tethereal, or
|
||||
WinDump, or Analyzer, or...) since the machine was rebooted, you need
|
||||
to run that program from an account with administrator privileges;
|
||||
once you have run such a program, you will not need administrator
|
||||
privileges to run any such programs until you reboot.
|
||||
|
||||
If you are running on Windows 95/98/Me, or if you are running on
|
||||
Windows NT 4.0/2000/XP/Server and have administrator privileges or a
|
||||
WinPcap-based program has been run with those privileges since the
|
||||
machine rebooted, then note that Ethereal relies on the WinPcap
|
||||
library, on the WinPcap device driver, and on the facilities that come
|
||||
with the OS on which it's running in order to do captures.
|
||||
Windows NT 4.0/Windows 2000/Windows XP/Windows Server 2003 and have
|
||||
administrator privileges or a WinPcap-based program has been run with
|
||||
those privileges since the machine rebooted, then note that Ethereal
|
||||
relies on the WinPcap library, on the WinPcap device driver, and on
|
||||
the facilities that come with the OS on which it's running in order to
|
||||
do captures.
|
||||
|
||||
Therefore, if the OS, the WinPcap library, or the WinPcap driver don't
|
||||
support capturing on a particular network interface device, Ethereal
|
||||
|
@ -1276,14 +1314,22 @@ Using Ethereal
|
|||
capture on the interface you're currently using. In that case, you
|
||||
might, for example, have to remove the VPN interface from the
|
||||
system in order to capture on the PPP serial interface.
|
||||
3. WinPcap 3.0 doesn't support PPP WAN interfaces, and WinPcap 2.3
|
||||
doesn't support PPP WAN interfaces on Windows NT/2000/XP/Server,
|
||||
so Ethereal cannot capture packets on those devices with WinPcap
|
||||
3.0, or with WInPcap 2.x when running on Windows
|
||||
NT/2000/XP/Server. Regular dial-up lines, ISDN lines, and various
|
||||
other lines such as T1/E1 lines are all PPP interfaces. This may
|
||||
cause the interface not to show up on the list of interfaces in
|
||||
the "Capture Options" dialog.
|
||||
3. WinPcap 2.3 has problems supporting PPP WAN interfaces on Windows
|
||||
NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, and, to
|
||||
avoid those problems, support for PPP WAN interfaces on those
|
||||
versions of Windows has been disabled in WinPcap 3.0. Regular
|
||||
dial-up lines, ISDN lines, ADSL connections using PPPoE or PPPoA,
|
||||
and various other lines such as T1/E1 lines are all PPP
|
||||
interfaces, so those interfaces might not show up on the list of
|
||||
interfaces in the "Capture Options" dialog on those OSes.
|
||||
On Windows 2000 and later, installing the beta version of WinPcap
|
||||
3.1 might help, although, as it's a beta version, that might cause
|
||||
some other problems that don't occur with older versions of
|
||||
WinPcap; you should report those problems to the WinPcap
|
||||
developers, so that they can try to fix those problems before the
|
||||
final version of WinPcap 3.1 is released. WinPcap 3.1 will not
|
||||
support PPP captures on Windows NT 4.0. See the Ethereal Wiki item
|
||||
on PPP capturing for details.
|
||||
4. WinPcap prior to 3.0 does not support multiprocessor machines
|
||||
(note that machines with a single multi-threaded processor, such
|
||||
as Intel's new multi-threaded x86 processors, are multiprocessor
|
||||
|
@ -1365,16 +1411,23 @@ Using Ethereal
|
|||
response to that question.
|
||||
|
||||
Q 5.6: I'm running Ethereal on Windows; why doesn't my serial
|
||||
port/ADSL modem/ISDN modem/show up in the list of interfaces in the
|
||||
port/ADSL modem/ISDN modem show up in the list of interfaces in the
|
||||
"Interface:" field in the dialog box popped up by "Capture->Start"?
|
||||
|
||||
A: All of those devices support Internet access using the
|
||||
Point-to-Point (PPP) protocol; WinPcap 3.0 doesn't support PPP
|
||||
interfaces, and WinPcap 2.x doesn't support PPP interfaces on Windows
|
||||
NT/2000/XP/Server, so Ethereal cannot capture packets on those devices
|
||||
with WinPcap 3.0, or with WinPcap 2.x when running on Windows
|
||||
NT/2000/XP/Server. This may cause the interface not to show up on the
|
||||
list of interfaces in the "Capture Options" dialog.
|
||||
A: Internet access on those devices is often done with the
|
||||
Point-to-Point (PPP) protocol; WinPcap 2.3 has problems supporting PPP
|
||||
WAN interfaces on Windows NT 4.0, Windows 2000, Windows XP, and
|
||||
Windows Server 2003, and, to avoid those problems, support for PPP WAN
|
||||
interfaces on those versions of Windows has been disabled in WinPcap
|
||||
3.0.
|
||||
|
||||
On Windows 2000 and later, installing the beta version of WinPcap 3.1
|
||||
might help, although, as it's a beta version, that might cause some
|
||||
other problems that don't occur with older versions of WinPcap; you
|
||||
should report those problems to the WinPcap developers, so that they
|
||||
can try to fix those problems before the final version of WinPcap 3.1
|
||||
is released. WinPcap 3.1 will not support PPP captures on Windows NT
|
||||
4.0. See the Ethereal Wiki item on PPP capturing for details.
|
||||
|
||||
Q 5.7: I'm running Ethereal on a UNIX-flavored OS; why does some
|
||||
network interface on my machine not show up in the list of interfaces
|
||||
|
@ -1383,31 +1436,27 @@ Using Ethereal
|
|||
to capture on that interface?
|
||||
|
||||
A: You may need to run Ethereal from an account with sufficient
|
||||
privileges to capture packets, such as the super-user account. Only
|
||||
those interfaces that Ethereal can open for capturing show up in that
|
||||
list; if you don't have sufficient privileges to capture on any
|
||||
interfaces, no interfaces will show up in the list.
|
||||
privileges to capture packets, such as the super-user account, or may
|
||||
need to give your account sufficient privileges to capture packets.
|
||||
Only those interfaces that Ethereal can open for capturing show up in
|
||||
that list; if you don't have sufficient privileges to capture on any
|
||||
interfaces, no interfaces will show up in the list. See the Ethereal
|
||||
Wiki item on capture privileges for details on how to give a
|
||||
particular account or account group capture privileges on platforms
|
||||
where that can be done.
|
||||
|
||||
If you are running Ethereal from an account with sufficient
|
||||
privileges, then note that Ethereal relies on the libpcap library, and
|
||||
on the facilities that come with the OS on which it's running in order
|
||||
to do captures.
|
||||
to do captures. On some OSes, those facilities aren't present by
|
||||
default; see the Ethereal Wiki item on adding capture support for
|
||||
details.
|
||||
|
||||
Therefore, if the OS or the libpcap library don't support capturing on
|
||||
a particular network interface device, Ethereal won't be able to
|
||||
capture on that device.
|
||||
|
||||
On Linux, note that you need to have "packet socket" support enabled
|
||||
in your kernel; see the "Packet socket" item in the Linux
|
||||
"Configure.help" file.
|
||||
|
||||
On BSD, note that you need to have BPF support enabled in your kernel;
|
||||
see the documentation for your system for information on how to enable
|
||||
BPF support (if it's not enabled by default on your system).
|
||||
|
||||
On DEC OSF/1, Digital UNIX, or Tru64 UNIX, note that you need to have
|
||||
packet filtering support in your kernel; the doconfig command will
|
||||
allow you to configure and build a new kernel with that option.
|
||||
And, even if you're running with an account that has sufficient
|
||||
privileges to capture, and capture support is present in your OS, if
|
||||
the OS or the libpcap library don't support capturing on a particular
|
||||
network interface device or particular types of devices, Ethereal
|
||||
won't be able to capture on that device.
|
||||
|
||||
On Solaris, note that libpcap 0.6.2 and earlier didn't support Token
|
||||
Ring interfaces; the current version, 0.7.2, does support Token Ring,
|
||||
|
@ -1716,19 +1765,29 @@ Using Ethereal
|
|||
Web site, the local mirror of the WinPcap Web site, or the
|
||||
Wiretapped.net mirror of the WinPcap site.
|
||||
|
||||
Q 5.24: I'm running Ethereal on Windows NT/2000/XP/Server; my machine
|
||||
has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
|
||||
"Interface" item in the "Capture Options" dialog box. Why can no
|
||||
packets be sent on or received from that network while I'm trying to
|
||||
capture traffic on that interface?
|
||||
Q 5.24: I'm running Ethereal on Windows NT 4.0/Windows 2000/Windows
|
||||
XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN,
|
||||
etc.) interface, and it shows up in the "Interface" item in the
|
||||
"Capture Options" dialog box. Why can no packets be sent on or
|
||||
received from that network while I'm trying to capture traffic on that
|
||||
interface?
|
||||
|
||||
A: WinPcap doesn't support PPP WAN interfaces on Windows
|
||||
NT/2000/XP/Server; one symptom that may be seen is that attempts to
|
||||
capture in promiscuous mode on the interface cause the interface to be
|
||||
incapable of sending or receiving packets. You can disable promiscuous
|
||||
mode using the -p command-line flag or the item in the "Capture
|
||||
Preferences" dialog box, but this may mean that outgoing packets, or
|
||||
incoming packets, won't be seen in the capture.
|
||||
A: Some versions of WinPcap have problems with PPP WAN interfaces on
|
||||
Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003; one
|
||||
symptom that may be seen is that attempts to capture in promiscuous
|
||||
mode on the interface cause the interface to be incapable of sending
|
||||
or receiving packets. You can disable promiscuous mode using the -p
|
||||
command-line flag or the item in the "Capture Preferences" dialog box,
|
||||
but this may mean that outgoing packets, or incoming packets, won't be
|
||||
seen in the capture.
|
||||
|
||||
On Windows 2000 and later, installing the beta version of WinPcap 3.1
|
||||
might help, although, as it's a beta version, that might cause some
|
||||
other problems that don't occur with older versions of WinPcap; you
|
||||
should report those problems to the WinPcap developers, so that they
|
||||
can try to fix those problems before the final version of WinPcap 3.1
|
||||
is released. WinPcap 3.1 will not support PPP captures on Windows NT
|
||||
4.0. See the Ethereal Wiki item on PPP capturing for details.
|
||||
|
||||
Q 5.25: I'm running Ethereal on Windows 95/98/Me, on a machine with
|
||||
more than one network adapter of the same type; Ethereal shows all of
|
||||
|
@ -1900,7 +1959,8 @@ Using Ethereal
|
|||
In order to see the raw Ethernet packets, rather than "de-VLANized"
|
||||
packets, you would have to capture not on the virtual interface for
|
||||
the VLAN, but on the interface corresponding to the physical network
|
||||
device, if possible.
|
||||
device, if possible. See the Ethereal Wiki item on VLAN capturing for
|
||||
details.
|
||||
|
||||
Q 5.37: How can I capture raw 802.11 packets, including non-data
|
||||
(management, beacon) packets?
|
||||
|
@ -2304,13 +2364,13 @@ Using Ethereal
|
|||
or /var/tmp on UNIX-flavored OSes, \TEMP on the main system disk
|
||||
(normally C:) on Windows 9x/Me/NT 4.0, and \Documents and
|
||||
Settings\your login name\Local Settings\Temp on the main system disk
|
||||
on Windows 2000/XP/Server 2003, so the capture file will probably be
|
||||
there. It will have a name beginning with ether, with some mixture of
|
||||
letters and numbers after that. Please don't send a trace file greater
|
||||
than 1 MB when compressed; instead, make it available via FTP or HTTP,
|
||||
or say it's available but leave it up to a developer to ask for it. If
|
||||
the trace file contains sensitive information (e.g., passwords), then
|
||||
please do not send it.
|
||||
on Windows 2000/Windows XP/Windows Server 2003, so the capture file
|
||||
will probably be there. It will have a name beginning with ether, with
|
||||
some mixture of letters and numbers after that. Please don't send a
|
||||
trace file greater than 1 MB when compressed; instead, make it
|
||||
available via FTP or HTTP, or say it's available but leave it up to a
|
||||
developer to ask for it. If the trace file contains sensitive
|
||||
information (e.g., passwords), then please do not send it.
|
||||
|
||||
Q 5.46: How can I search for, or filter, packets that have a
|
||||
particular string anywhere in them?
|
||||
|
@ -2353,4 +2413,4 @@ Using Ethereal
|
|||
For corrections/additions/suggestions for this web page (and not
|
||||
Ethereal support questions), please send email to
|
||||
ethereal-web[AT]ethereal.com .
|
||||
Last modified: Fri, January 14 2005.
|
||||
Last modified: Sun, February 27 2005.
|
||||
|
|
Loading…
Reference in New Issue