From dabb19572d954ac9d7b0771d79bdb594fcaadcde Mon Sep 17 00:00:00 2001 From: Gerald Combs Date: Sun, 4 Feb 2018 15:15:02 -0800 Subject: [PATCH] =?UTF-8?q?More=20AsciiDoc=20=E2=86=92=20Asciidoctor=20upd?= =?UTF-8?q?ates.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Switch from AsciiDoc's smart quotes markup to the quotes themselves. Use double curly quotes in place of singles. Switch from XML entities to their direct equivalents where we can. Switch from hex entities to decimal entities where we can't or it's not convenient. (Asciidoctor PDF doesn't yet handle hex entities). Change-Id: Iaf5ec33249e1c91b3d50b5d96251763243b72836 Reviewed-on: https://code.wireshark.org/review/25606 Reviewed-by: Gerald Combs --- docbook/attributes.asciidoc | 2 + docbook/common_src/GPL_appendix.asciidoc | 6 +- .../typographic_conventions.asciidoc | 4 +- docbook/developer-guide.asciidoc | 4 +- docbook/release-notes.asciidoc | 8 +- docbook/user-guide.asciidoc | 2 +- .../WSDG_chapter_build_intro.asciidoc | 2 +- .../wsdg_src/WSDG_chapter_capture.asciidoc | 22 ++-- .../wsdg_src/WSDG_chapter_dissection.asciidoc | 56 ++++---- .../wsdg_src/WSDG_chapter_env_intro.asciidoc | 20 +-- .../wsdg_src/WSDG_chapter_libraries.asciidoc | 8 +- .../WSDG_chapter_quick_setup.asciidoc | 18 +-- .../wsdg_src/WSDG_chapter_sources.asciidoc | 58 ++++----- docbook/wsdg_src/WSDG_chapter_tools.asciidoc | 26 ++-- .../WSDG_chapter_userinterface.asciidoc | 28 ++-- docbook/wsdg_src/WSDG_chapter_works.asciidoc | 8 +- docbook/wsdg_src/WSDG_preface.asciidoc | 2 +- docbook/wsluarm.asciidoc | 34 ++--- docbook/wsug_src/WSUG_app_files.asciidoc | 24 ++-- docbook/wsug_src/WSUG_app_howitworks.asciidoc | 10 +- docbook/wsug_src/WSUG_app_messages.asciidoc | 8 +- docbook/wsug_src/WSUG_app_tools.asciidoc | 26 ++-- .../wsug_src/WSUG_chapter_advanced.asciidoc | 110 ++++++++-------- .../WSUG_chapter_build_install.asciidoc | 12 +- .../wsug_src/WSUG_chapter_capture.asciidoc | 62 ++++----- .../wsug_src/WSUG_chapter_customize.asciidoc | 74 +++++------ .../WSUG_chapter_introduction.asciidoc | 25 ++-- docbook/wsug_src/WSUG_chapter_io.asciidoc | 83 ++++++------ .../wsug_src/WSUG_chapter_statistics.asciidoc | 22 ++-- .../WSUG_chapter_troubleshoot.asciidoc | 10 +- docbook/wsug_src/WSUG_chapter_use.asciidoc | 122 +++++++++--------- docbook/wsug_src/WSUG_chapter_work.asciidoc | 30 ++--- docbook/wsug_src/WSUG_preface.asciidoc | 2 +- 33 files changed, 466 insertions(+), 462 deletions(-) diff --git a/docbook/attributes.asciidoc b/docbook/attributes.asciidoc index f0b2cbcf45..00a5f7bd38 100644 --- a/docbook/attributes.asciidoc +++ b/docbook/attributes.asciidoc @@ -74,3 +74,5 @@ // XXX height=22 results in content-height="22px" in the .fo file. Not sure // how to make scaledwidth take precedence. :statusbar-attrs: scaledwidth="85%",height=22 + +:multiplication: × diff --git a/docbook/common_src/GPL_appendix.asciidoc b/docbook/common_src/GPL_appendix.asciidoc index 61ab50e7aa..6b9ec83406 100644 --- a/docbook/common_src/GPL_appendix.asciidoc +++ b/docbook/common_src/GPL_appendix.asciidoc @@ -3,7 +3,7 @@ ++++++++++++++++++++++++++++++++++++++ [[AppGPL]] -== This Document's License (GPL) +== This Document’s License (GPL) As with the original license and documentation distributed with Wireshark, this document is covered by the GNU General Public @@ -306,7 +306,7 @@ to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. - <one line to give the program's name and a brief idea of what it does.> + Copyright (C) This program is free software; you can redistribute it and/or modify @@ -346,7 +346,7 @@ necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. - <signature of Ty Coon>, 1 April 1989 + , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into diff --git a/docbook/common_src/typographic_conventions.asciidoc b/docbook/common_src/typographic_conventions.asciidoc index 5b568f25c2..ccb4f3a752 100644 --- a/docbook/common_src/typographic_conventions.asciidoc +++ b/docbook/common_src/typographic_conventions.asciidoc @@ -9,7 +9,7 @@ The following table shows the typographic conventions that are used in this guid // AsciiDoc allows alternative markup for some styles, specifially // 'single quotes' and _underlines_ for italics and +plus signs+ and // `backticks` for monospaces. -// Asciidoctor's modern mode is more strict, and only allows _underline_ +// Asciidoctor’s modern mode is more strict, and only allows _underline_ // italics and `backtick` monospaces. // http://asciidoctor.org/docs/migration/ @@ -18,7 +18,7 @@ The following table shows the typographic conventions that are used in this guid |=============== |Style|Description|Example |_Italic_ |File names, folder names, and extensions |_C:\Development\wireshark_. -|`Monospace` |Commands, flags, and environment variables|CMake's `-G` option. +|`Monospace` |Commands, flags, and environment variables|CMake’s `-G` option. |**`Bold Monospace`** |Commands that should be run by the user|Run **`cmake -G Ninja ..`**. |btn:[Button] |Dialog and window buttons |Press btn:[Launch] to go to the Moon. |kbd:[Key] |Keyboard shortcut |Press kbd:[Ctrl+Down] to move to the next packet. diff --git a/docbook/developer-guide.asciidoc b/docbook/developer-guide.asciidoc index 78fe7c4928..468e42874c 100644 --- a/docbook/developer-guide.asciidoc +++ b/docbook/developer-guide.asciidoc @@ -1,10 +1,10 @@ -= Wireshark Developer's Guide += Wireshark Developer’s Guide //v1.0, February 2014: Finished conversion from DocBook to AsciiDoc :doctype: book include::attributes.asciidoc[] // Convenience attribute. -// XXX This should be surrounded by single quotes in the text. It's +// XXX This should be surrounded by single quotes in the text. It’s // currently surrounded by plus signs for AsciiDoc compatibility. :dlt-glob: DLT_* diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc index 0a7ec2aebe..d90a45b6e0 100644 --- a/docbook/release-notes.asciidoc +++ b/docbook/release-notes.asciidoc @@ -8,10 +8,10 @@ Wireshark 2.6. == What is Wireshark? -Wireshark is the world's most popular network protocol analyzer. It is +Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. -== What's New +== What’s New Many user interface improvements have been made. See the New and Updated Features section below for more details. @@ -168,9 +168,9 @@ Wireshark should let you work with multiple capture files. (ws-buglink:10488[]) == Getting Help -Community support is available on https://ask.wireshark.org/[Wireshark's +Community support is available on https://ask.wireshark.org/[Wireshark’s Q&A site] and on the wireshark-users mailing list. Subscription -information and archives for all of Wireshark's mailing lists can be +information and archives for all of Wireshark’s mailing lists can be found on https://www.wireshark.org/lists/[the web site]. Official Wireshark training and certification are available from diff --git a/docbook/user-guide.asciidoc b/docbook/user-guide.asciidoc index 0e7c51cd8c..72f45d247f 100644 --- a/docbook/user-guide.asciidoc +++ b/docbook/user-guide.asciidoc @@ -1,4 +1,4 @@ -= Wireshark User's Guide += Wireshark User’s Guide //v1.0, February 2014: Finished conversion from DocBook to AsciiDoc :doctype: book include::attributes.asciidoc[] diff --git a/docbook/wsdg_src/WSDG_chapter_build_intro.asciidoc b/docbook/wsdg_src/WSDG_chapter_build_intro.asciidoc index 8162d6cbb9..7221306da7 100644 --- a/docbook/wsdg_src/WSDG_chapter_build_intro.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_build_intro.asciidoc @@ -14,7 +14,7 @@ Wireshark consists of the following major parts: * Packet dissection - in the _/epan/dissector_ and _/plugin/\*_ directories -* File I/O - using Wireshark's own wiretap library +* File I/O - using Wireshark’s own wiretap library * Capture - using the libpcap/winpcap library, in _/wiretap_ diff --git a/docbook/wsdg_src/WSDG_chapter_capture.asciidoc b/docbook/wsdg_src/WSDG_chapter_capture.asciidoc index ccae1815da..bc434677f9 100644 --- a/docbook/wsdg_src/WSDG_chapter_capture.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_capture.asciidoc @@ -17,8 +17,8 @@ This chapter needs to be reviewed and extended. The following is an updated excerpt from a developer mailing list mail about adding ISO 9141 and 14230 (simple serial line card diagnostics) to Wireshark: -For libpcap, the first thing you'd need to do would be to get +{dlt-glob}+ values -for all the link-layer protocols you'd need. If ISO 9141 and 14230 use the same +For libpcap, the first thing you’d need to do would be to get +{dlt-glob}+ values +for all the link-layer protocols you’d need. If ISO 9141 and 14230 use the same link-layer protocol, they might be able to share a +{dlt-glob}+ value, unless the only way to know what protocols are running above the link layer is to know which link-layer protocol is being used, in which case you might want separate @@ -30,7 +30,7 @@ work with a version older than 1.0, even if whatever OS you're using happens to include libpcap - older versions are not as friendly towards adding support for devices other than standard network interfaces. -Then you'd probably add to the `pcap_open_live()` routine, for whatever +Then you’d probably add to the `pcap_open_live()` routine, for whatever platform or platforms this code should work, something such as a check for device names that look like serial port names and, if the check succeeds, a call to a routine to open the serial port. @@ -39,7 +39,7 @@ See, for example, the `#ifdef HAVE_DAG_API` code in _pcap-linux.c_ and _pcap-bpf.c_. The serial port open routine would open the serial port device, set the baud -rate and do anything else needed to open the device. It'd allocate a `pcap_t`, +rate and do anything else needed to open the device. It’d allocate a `pcap_t`, set its `fd` member to the file descriptor for the serial device, set the `snapshot` member to the argument passed to the open routine, set the `linktype` member to one of the +{dlt-glob}+ values, and set the `selectable_fd` member to @@ -48,22 +48,22 @@ the number of +{dlt-glob}+ values to support, and allocate an array of `dlt_count` `u_int`s, assign it to the `dlt_list` member, and fill in that list with all the +{dlt-glob}+ values. -You'd then set the various `_*_op` fields to routines to handle the operations in -question. `read_op` is the routine that'd read packets from the device. `inject_op` -would be for sending packets; if you don't care about that, you'd set it to a +You’d then set the various `_*_op` fields to routines to handle the operations in +question. `read_op` is the routine that’d read packets from the device. `inject_op` +would be for sending packets; if you don't care about that, you’d set it to a routine that returns an error indication. `setfilter_op` can probably just be set to `install_bpf_program`. `set_datalink` would just set the `linktype` member to the -specified value if it's one of the values for OBD, otherwise it should return an +specified value if it’s one of the values for OBD, otherwise it should return an error. `getnonblock_op` can probably be set to `pcap_getnonblock_fd`. `setnonblock_op` can probably be set to `pcap_setnonblock_fd`. `stats_op` would be set to a routine that reports statistics. `close_op` can probably be set to `pcap_close_common`. -If there's more than one +{dlt-glob}+ value, you definitely want a `set_datalink` +If there’s more than one +{dlt-glob}+ value, you definitely want a `set_datalink` routine so that the user can select the appropriate link-layer type. -For Wireshark, you'd add support for those +{dlt-glob}+ values to +For Wireshark, you’d add support for those +{dlt-glob}+ values to _wiretap/libpcap.c_, which might mean adding one or more _WTAP_ENCAP_ types to -_wtap.h_ and to the `encap_table[]` table in _wiretap/wtap.c_. You'd then +_wtap.h_ and to the `encap_table[]` table in _wiretap/wtap.c_. You’d then have to write a dissector or dissectors for the link-layer protocols or protocols and have them register themselves with the `wtap_encap` dissector table, with the appropriate _WTAP_ENCAP_ values by calling diff --git a/docbook/wsdg_src/WSDG_chapter_dissection.asciidoc b/docbook/wsdg_src/WSDG_chapter_dissection.asciidoc index 6ecf36a95b..56e9f607a3 100644 --- a/docbook/wsdg_src/WSDG_chapter_dissection.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_dissection.asciidoc @@ -21,7 +21,7 @@ IP) and so on. At each stage, details of the packet will be decoded and displayed. Dissection can be implemented in two possible ways. One is to have a dissector -module compiled into the main program, which means it's always available. +module compiled into the main program, which means it’s always available. Another way is to make a plugin (a shared library or DLL) that registers itself to handle dissection. @@ -44,7 +44,7 @@ a dissector. In many cases it is more up to date than this document. === Adding a basic dissector -Let's step through adding a basic dissector. We'll start with the made up "foo" +Let’s step through adding a basic dissector. We'll start with the made up "foo" protocol. It consists of the following basic items. * A packet type - 8 bits, possible values: 1 - initialisation, 2 - terminate, 3 - data. @@ -62,7 +62,7 @@ protocol. It consists of the following basic items. The first decision you need to make is if this dissector will be a built-in dissector, included in the main program, or a plugin. -Plugins are the easiest to write initially, so let's start with that. +Plugins are the easiest to write initially, so let’s start with that. With a little care, the plugin can be made to run as a built-in easily too so we haven't lost anything. @@ -90,12 +90,12 @@ proto_register_foo(void) ---- ==== -Let's go through this a bit at a time. First we have some boilerplate +Let’s go through this a bit at a time. First we have some boilerplate include files. These will be pretty constant to start with. Next we have an int that is initialised to `-1` that records our protocol. This will get updated when we register this dissector with the main program. -It's good practice to make all variables and functions that aren't exported +It’s good practice to make all variables and functions that aren't exported static to keep name space pollution down. Normally this isn't a problem unless your dissector gets so big it has to span multiple files. @@ -126,7 +126,7 @@ proto_reg_handoff_foo(void) ---- ==== -What's happening here? We are initialising the dissector. First we create a +What’s happening here? We are initialising the dissector. First we create a dissector handle; It is associated with the foo protocol and with a routine to be called to do the actual dissecting. Then we associate the handle with a UDP port number so that the main program will know to call us when it gets UDP @@ -160,8 +160,8 @@ info structure contains general data about the protocol, and we can update information here. The tree parameter is where the detail dissection takes place. For now we'll do the minimum we can get away with. In the first line we set the -text of this to our protocol, so everyone can see it's being recognised. The -only other thing we do is to clear out any data in the INFO column if it's being +text of this to our protocol, so everyone can see it’s being recognised. The +only other thing we do is to clear out any data in the INFO column if it’s being displayed. At this point we should have a basic dissector ready to compile and install. @@ -194,7 +194,7 @@ binary into the plugin directory of your Wireshark installation and run that. ==== Dissecting the details of the protocol -Now that we have our basic dissector up and running, let's do something with it. +Now that we have our basic dissector up and running, let’s do something with it. The simplest thing to do to start with is to just label the payload. This will allow us to set up some of the parts we will need. @@ -224,7 +224,7 @@ This subtree will hold all the details of this protocol and so not clutter up the display when not required. We are also marking the area of data that is being consumed by this -protocol. In our case it's all that has been passed to us, as we're assuming +protocol. In our case it’s all that has been passed to us, as we're assuming this protocol does not encapsulate another. Therefore, we add the new tree node with `proto_tree_add_item()`, adding it to the passed in tree, label it with the protocol, use the passed in @@ -234,7 +234,7 @@ ENC_NA ("not applicable") is specified as the "encoding" parameter. After this change, there should be a label in the detailed display for the protocol, and selecting this will highlight the remaining contents of the packet. -Now let's go to the next step and add some protocol dissection. For this step +Now let’s go to the next step and add some protocol dissection. For this step we'll need to construct a couple of tables that help with dissection. This needs some additions to the `proto_register_foo()` function shown previously. @@ -335,7 +335,7 @@ We'll ignore the rest of the structure for now. If you install this plugin and try it out, you'll see something that begins to look useful. -Now let's finish off dissecting the simple protocol. We need to add a few +Now let’s finish off dissecting the simple protocol. We need to add a few more variables to the hfarray, and a couple more procedure calls. .Wrapping up the packet dissection. @@ -405,7 +405,7 @@ now dissected. ==== Improving the dissection information We can certainly improve the display of the protocol with a bit of extra data. -The first step is to add some text labels. Let's start by labeling the packet +The first step is to add some text labels. Let’s start by labeling the packet types. There is some useful support for this sort of thing by adding a couple of extra things. First we add a simple table of type to name. @@ -507,7 +507,7 @@ to the dissection routine. Note we keep the same offset for each of the flags. This is starting to look fairly full featured now, but there are a couple of other things we can do to make things look even more pretty. At the moment our dissection shows the packets as "Foo Protocol" which whilst correct is a little -uninformative. We can enhance this by adding a little more detail. First, let's +uninformative. We can enhance this by adding a little more detail. First, let’s get hold of the actual value of the protocol type. We can use the handy function `tvb_get_guint8()` to do this. With this value in hand, there are a couple of things we can do. First we can set the INFO column of the non-detailed view to @@ -545,7 +545,7 @@ dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) So here, after grabbing the value of the first 8 bits, we use it with one of the built-in utility routines `val_to_str()`, to lookup the value. If the value isn't found we provide a fallback which just prints the value in hex. We use -this twice, once in the INFO field of the columns -- if it's displayed, and +this twice, once in the INFO field of the columns -- if it’s displayed, and similarly we append this data to the base of our dissecting tree. [[ChDissectTransformed]] @@ -557,7 +557,7 @@ encrypt the data, or compress data, or part of it. If you know how these steps are taken it is possible to reverse them within the dissector. -As encryption can be tricky, let's consider the case of compression. +As encryption can be tricky, let’s consider the case of compression. These techniques can also work for other transformations of data, where some step is required before the data can be examined. @@ -594,7 +594,7 @@ effect. The first steps here are to recognise the compression. In this case a flag byte alerts us to the fact the remainder of the packet is compressed. Next we retrieve the original size of the packet, which in this case is conveniently -within the protocol. If it's not, it may be part of the compression routine to +within the protocol. If it’s not, it may be part of the compression routine to work it out for you, in which case the logic would be different. So armed with the size, a buffer is allocated to receive the uncompressed data @@ -613,7 +613,7 @@ tvb as a new data source, so that the detailed display can show the decompressed bytes as well as the original. After this has been set up the remainder of the dissector can dissect the buffer -next_tvb, as it's a new buffer the offset needs to be 0 as we start again from +next_tvb, as it’s a new buffer the offset needs to be 0 as we start again from the beginning of this buffer. To make the rest of the dissector work regardless of whether compression was involved or not, in the case that compression was not signaled, we use `tvb_new_subset_remaining()` to deliver us a new buffer based @@ -640,7 +640,7 @@ _epan/reassemble.h_. ==== How to reassemble split UDP packets -As an example, let's examine a protocol that is layered on top of UDP that +As an example, let’s examine a protocol that is layered on top of UDP that splits up its own data stream. If a packet is bigger than some given size, it will be split into chunks, and somehow signaled within its protocol. @@ -693,7 +693,7 @@ if (flags & FL_FRAGMENT) { /* fragmented */ We start by saving the fragmented state of this packet, so we can restore it later. Next comes some protocol specific stuff, to dig the fragment data out of -the stream if it's present. Having decided it is present, we let the function +the stream if it’s present. Having decided it is present, we let the function `fragment_add_seq_check()` do its work. We need to provide this with a certain amount of parameters: @@ -967,7 +967,7 @@ exception. Adding a Tap interface to a protocol allows it to do some useful things. In particular you can produce protocol statistics from the tap interface. -A tap is basically a way of allowing other items to see what's happening as +A tap is basically a way of allowing other items to see what’s happening as a protocol is dissected. A tap is registered with the main program, and then called on each dissection. Some arbitrary protocol specific data is provided with the routine that can be used. @@ -998,15 +998,15 @@ void proto_register_foo(void) ==== Whilst you can program a tap without protocol specific data, it is generally not -very useful. Therefore it's a good idea to declare a structure that can be +very useful. Therefore it’s a good idea to declare a structure that can be passed through the tap. This needs to be a static structure as it will be used -after the dissection routine has returned. It's generally best to pick out some +after the dissection routine has returned. It’s generally best to pick out some generic parts of the protocol you are dissecting into the tap data. A packet type, a priority or a status code maybe. The structure really needs to be included in a header file so that it can be included by other components that want to listen in to the tap. -Once you have these defined, it's simply a case of populating the protocol +Once you have these defined, it’s simply a case of populating the protocol specific structure and then calling `tap_queue_packet`, probably as the last part of the dissector. @@ -1073,7 +1073,7 @@ strings, an integer, and three callback functions. . An abbreviation of the stats name. -. The name of the stats module. A `/' character can be used to make sub menus. +. The name of the stats module. A “/” character can be used to make sub menus. . Flags for per-packet callback @@ -1136,14 +1136,14 @@ _doc/README.dissector_, chapter 2.2. === __idl2wrs__: Creating dissectors from CORBA IDL files -Many of Wireshark's dissectors are automatically generated. This section shows +Many of Wireshark’s dissectors are automatically generated. This section shows how to generate one from a CORBA IDL file. ==== What is it? As you have probably guessed from the name, `idl2wrs` takes a user specified IDL file and attempts to build a dissector that can decode the IDL traffic over -GIOP. The resulting file is ``C'' code, that should compile okay as a Wireshark +GIOP. The resulting file is “C” code, that should compile okay as a Wireshark dissector. `idl2wrs` parses the data struct given to it by the `omniidl` compiler, @@ -1176,7 +1176,7 @@ I have also had comments/feedback that this tool would be good for say a CORBA class when teaching students what CORBA traffic looks like ``on the wire''. It is also COOL to work on a great Open Source project such as the case with -``Wireshark'' ({wireshark-main-url}) +“Wireshark” ({wireshark-main-url}) ==== How to use idl2wrs diff --git a/docbook/wsdg_src/WSDG_chapter_env_intro.asciidoc b/docbook/wsdg_src/WSDG_chapter_env_intro.asciidoc index 1e76ae80a2..af713bb169 100644 --- a/docbook/wsdg_src/WSDG_chapter_env_intro.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_env_intro.asciidoc @@ -19,7 +19,7 @@ development in general. Well, if you want to start Wireshark development, you might already know what Wireshark is doing. If not, please have a look at the -link:{wireshark-users-guide-url}[Wireshark User's Guide], +link:{wireshark-users-guide-url}[Wireshark User’s Guide], which will provide a lot of general information about it. [[ChIntroPlatforms]] @@ -32,7 +32,7 @@ order to run. As Wireshark is developed in a platform independent way and uses libraries (such as the Qt GUI library) which are available for many different platforms, -it's thus available on a wide variety of platforms. +it’s thus available on a wide variety of platforms. If a binary package is not available for your platform, you should download the source and try to build it. Please report your experiences @@ -84,7 +84,7 @@ others: Wireshark supports Windows natively via the https://en.wikipedia.org/wiki/Windows_API[Windows API]. Note that in this documentation and elsewhere we tend to use the terms -``Win32'', ``Win'', and ``Windows'' interchangeably to refer to the +“Win32”, “Win”, and “Windows” interchangeably to refer to the Windows API. Wireshark runs on and can be compiled on the following platforms: @@ -168,7 +168,7 @@ community: will know that you have helped people in the same way that the developers of Wireshark have helped you and other people. -* The developers of Wireshark might improve your changes even more, as there's +* The developers of Wireshark might improve your changes even more, as there’s always room for improvement. Or they may implement some advanced things on top of your code, which can be useful for yourself too. @@ -235,10 +235,10 @@ e.g. if you need a distribution for a special audience, see ==== Source code distributions -It's still common for UNIX developers to give the end user a source +It’s still common for UNIX developers to give the end user a source tarball and let the user compile it on their target machine (configure, make, make install). However, for different UNIX (Linux) distributions -it's becoming more common to release binary packages (e.g. .deb or .rpm +it’s becoming more common to release binary packages (e.g. .deb or .rpm files) these days. You should use the released sources if you want to build Wireshark from @@ -340,7 +340,7 @@ You will find lots of useful information on the Wireshark homepage at The Wireshark Wiki at {wireshark-wiki-url} provides a wide range of information related to Wireshark and packet capturing in general. -You will find a lot of information not part of this developer's guide. For +You will find a lot of information not part of this developer’s guide. For example, there is an explanation how to capture on a switched network, an ongoing effort to build a protocol reference and a lot more. @@ -365,7 +365,7 @@ You will find the FAQ inside Wireshark by clicking the menu item Help/Contents and selecting the FAQ page in the upcoming dialog. An online version is available at the Wireshark website: -{wireshark-faq-url}. You might prefer this online version as it's +{wireshark-faq-url}. You might prefer this online version as it’s typically more up to date and the HTML format is easier to use. [[ChIntroOtherSources]] @@ -495,7 +495,7 @@ as this won't give any direction to look at. [NOTE] .Don't send large files ==== -Do not send large files (>100KB) to the mailing lists, just place a note +Do not send large files (>100KB) to the mailing lists, just place a note that further data is available on request. Large files will only annoy a lot of people on the list who are not interested in your specific problem. If required, you will be asked for further data by the persons who really @@ -542,7 +542,7 @@ _bt.txt_ in the current directory. Include the file with your bug report. If you do not have `gdb` available, you -will have to check out your operating system's debugger. +will have to check out your operating system’s debugger. ==== You should mail the traceback to mailto:{wireshark-dev-list-email}[] or attach it diff --git a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc index 0cc3d3987c..ef825fb482 100644 --- a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc @@ -63,7 +63,7 @@ format. You will recognize MSVC libraries by the .lib/.dll file extension. ==== Win32: cygwin gcc Cygwin provides most of the required libraries (with file extension .a or .lib) -for Wireshark suitable for cygwin's gcc compiler. +for Wireshark suitable for cygwin’s gcc compiler. [[ChLibsSetup]] @@ -120,7 +120,7 @@ bin directory, e.g. C:\Qt\Qt5.6.2\5.6\msvc2013 === GTK+ / GLib / GDK / Pango / ATK / GNU gettext / GNU libiconv -The Glib library is used as a basic platform abstraction library, it's +The Glib library is used as a basic platform abstraction library, it’s not related to graphical user interface (GUI) things. For a detailed description about GLib, see <>. @@ -172,7 +172,7 @@ http://www.ibr.cs.tu-bs.de/projects/libsmi/[]. Wireshark uses the source libSMI distribution at http://www.ibr.cs.tu-bs.de/projects/libsmi/[]. -LibSMI is cross-compiled using MinGW32. It's stored in the libsmi zip archive at +LibSMI is cross-compiled using MinGW32. It’s stored in the libsmi zip archive at https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[]. [[ChLibsCares]] @@ -230,7 +230,7 @@ locally. === libpcap/WinPcap (optional) Libpcap and WinPcap provide that packet capture capabilities that are central -to Wireshark's core functionality. +to Wireshark’s core functionality. [[ChLibsLibpcap]] diff --git a/docbook/wsdg_src/WSDG_chapter_quick_setup.asciidoc b/docbook/wsdg_src/WSDG_chapter_quick_setup.asciidoc index 218785eb5b..8ad0c6fc28 100644 --- a/docbook/wsdg_src/WSDG_chapter_quick_setup.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_quick_setup.asciidoc @@ -16,7 +16,7 @@ If a tool is not already installed on your system, you can usually install it using the package in your distribution: aptitude, yum, Synaptic, etc. If an install package is not available or you have a -reason not to use it (maybe because it's simply too old), you +reason not to use it (maybe because it’s simply too old), you can install that tool from source code. The following sections will provide you with the webpage addresses where you can get these sources. @@ -81,7 +81,7 @@ PS$>choco install VisualStudio2015Community --timeout 0 -package-parameters "--A ---- You can use other Microsoft C compiler variants, but VS2015 is used to -build the development releases and is the preferred option. It's +build the development releases and is the preferred option. It’s possible to compile Wireshark with a wide range of Microsoft C compiler variants. For details see <>. @@ -185,7 +185,7 @@ You can directly download packages via `cyg-get` PS$>cyg-get asciidoc patch docbook-xml45 [...] ---- -You can use Chocolatey's Win flex-bison packages rather than the Cygwin +You can use Chocolatey’s Win flex-bison packages rather than the Cygwin Bison and Flex package: ---- @@ -199,7 +199,7 @@ PS$>choco install winflexbison Get the Python 3.5 or 2.7 installer from http://python.org/download/[] and install Python into the default location (_C:\Python35_ or _C:\Python27_). -Why is this recommended? Cygwin's _/usr/bin/python_ is a Cygwin-specific +Why is this recommended? Cygwin’s _/usr/bin/python_ is a Cygwin-specific symbolic link which cannot be run from Windows. The native package is faster as well. @@ -288,7 +288,7 @@ Chocolatey ensures cmake.exe is on your path. [TIP] .Make sure everything works ==== -It's a good idea to make sure Wireshark compiles and runs at least once before +It’s a good idea to make sure Wireshark compiles and runs at least once before you start hacking the Wireshark sources for your own project. This example uses Git Extensions but any other Git client should work as well. ==== @@ -318,7 +318,7 @@ Repository to clone: *`https://code.wireshark.org/review/wireshark`* + Destination: Your top-level development directory, e.g. _C:\Development_. + -Subdirectory to create: Anything you'd like. Usually _wireshark_. +Subdirectory to create: Anything you’d like. Usually _wireshark_. + [TIP] .Check your paths @@ -457,7 +457,7 @@ the environment variables `WIRESHARK_BASE_DIR` and `QT5_BASE_DIR`. ==== Build Wireshark -Now it's time to build Wireshark! +Now it’s time to build Wireshark! . If you've closed the Visual Studio Command Prompt <> it again. @@ -491,7 +491,7 @@ The build files produced by CMake will regenerate themselves if required by chan You can debug using the Visual Studio Debugger or WinDbg. See the section on using the <>. -==== Optional: Create User's and Developer's Guide +==== Optional: Create User’s and Developer’s Guide Detailed information to build these guides can be found in the file _docbook\README.txt_ in the Wireshark sources. @@ -538,6 +538,6 @@ to build a Wireshark installer. ---- > C:\Development\wireshark\packaging\nsis\wireshark-win32-{wireshark-version}-myprotocol123.exe ---- -to test your new installer. It's a good idea to test on a different machine +to test your new installer. It’s a good idea to test on a different machine than the developer machine. Note that if you've built an x64 version, the installer will be named accordingly. -- diff --git a/docbook/wsdg_src/WSDG_chapter_sources.asciidoc b/docbook/wsdg_src/WSDG_chapter_sources.asciidoc index 01b2a59778..e39e916764 100644 --- a/docbook/wsdg_src/WSDG_chapter_sources.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_sources.asciidoc @@ -28,7 +28,7 @@ such as where to find specific functionality. This is done in === The Wireshark Git repository http://git-scm.com/[Git] is used to keep track of the changes made to the -Wireshark source code. The code is stored inside Wireshark project's Git +Wireshark source code. The code is stored inside Wireshark project’s Git repository located at a server at the wireshark.org domain. Changes to the official repository are managed using the @@ -46,7 +46,7 @@ scale distributed development and ensures data integrity. .Why Gerrit? Gerrit makes it easy to contribute. You can sign in with any OpenID -provider and push your changes. It's usable from both the web and +provider and push your changes. It’s usable from both the web and command line and is integrated with many popular tools. .Git is our *third* revision control system @@ -57,7 +57,7 @@ Wireshark originally used http://www.nongnu.org/cvs/[Concurrent Versions System] The Subversion repository was subsequently migrated to Git in January 2014. ==== -Using Wireshark's Git repository you can: +Using Wireshark’s Git repository you can: * Keep your private sources up to date with very little effort * Get a mail notification when the official source code changes @@ -92,7 +92,7 @@ Wireshark uses the following branches for official releases: === Obtain the Wireshark sources -There are several ways to obtain the sources from Wireshark's Git +There are several ways to obtain the sources from Wireshark’s Git repository. [TIP] @@ -109,7 +109,7 @@ source tree several times a day without much effort. ==== The following ways to retrieve the Wireshark sources are sorted in decreasing source timeliness. If you plan to commit changes you've -made to the sources, it's a good idea to keep your private source +made to the sources, it’s a good idea to keep your private source tree as current as possible. ==== @@ -126,7 +126,7 @@ Recommended for development purposes. Age: a few minutes. -You can use a Git client to download the source code from Wireshark's code +You can use a Git client to download the source code from Wireshark’s code review system. Anyone can clone from the anonymous git URL: * {wireshark-git-anonhttp-url} @@ -141,7 +141,7 @@ https://code.wireshark.org/review/Documentation/cmd-index.html#_server[command l HTTP lets you access the repository in environments that block the Gerrit SSH port (29418). At the time of this writing (early 2014) we recommend that you use the SSH interface. However, this may change as more tools take -advantage of Gerrit's HTTP REST API. +advantage of Gerrit’s HTTP REST API. The following example shows how to get up and running on the command line. See <> for information on installing and configuring @@ -258,14 +258,14 @@ possible (e.g. because of a restrictive firewall). Age: some number of minutes (a bit older than the Git access). The Buildbot server will automatically start to generate a snapshot of -Wireshark's source tree after a source code change is committed. These +Wireshark’s source tree after a source code change is committed. These snapshots can be found at {wireshark-snapshots-url}. If Git access isn't possible, e.g. if the connection to the server isn't possible because of a corporate firewall, the sources can be obtained by downloading the Buildbot snapshots. However, if you are going to maintain your sources in parallel to the "official" sources -for some time, it's recommended to use the anonymous (or authenticated) +for some time, it’s recommended to use the anonymous (or authenticated) Git access if possible (believe it, it will save you a lot of time). [[ChSrcReleased]] @@ -310,7 +310,7 @@ sure the builds are in good shape. ==== Update Using Git -After you clone Wireshark's Git repository you can update +After you clone Wireshark’s Git repository you can update by running ---- @@ -359,7 +359,7 @@ error-prone than using Git. === Build Wireshark -The sources contain several documentation files. It's a good idea to read these +The sources contain several documentation files. It’s a good idea to read these files first. After obtaining the sources, tools and libraries, the first place to look at is _doc/README.developer_. Inside you will find the latest information for Wireshark development for all supported platforms. @@ -420,7 +420,7 @@ installed version first. ==== Unix/Linux After a successful build you can run Wireshark right from the build -directory. Still the program would need to know that it's being run from +directory. Still the program would need to know that it’s being run from the build directory and not from its install location. This has an impact on the directories where the program can find the other parts and relevant data files. @@ -436,7 +436,7 @@ command line to launch Wireshark would be: $ WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./wireshark ---- -There's no need to run Wireshark as root user, you just won't be able to +There’s no need to run Wireshark as root user, you just won't be able to capture. When you opt to run Wireshark this way, your terminal output can be informative when things don't work as expected. @@ -501,7 +501,7 @@ on using the <>. As the Wireshark developers are working on many different platforms, a lot of editors are used to develop Wireshark (emacs, vi, Microsoft Visual Studio -and many, many others). There's no "standard" or "default" development +and many, many others). There’s no "standard" or "default" development environment. There are several reasons why you might want to change the Wireshark @@ -521,7 +521,7 @@ The internal structure of the Wireshark sources will be described in .Ask the _wireshark-dev_ mailing list before you start a new development task. [TIP] ==== -If you have an idea what you want to add or change it's a good idea to +If you have an idea what you want to add or change it’s a good idea to contact the developer mailing list (see <>) and explain your idea. Someone else might already be working on the same @@ -541,12 +541,12 @@ If you have finished changing the Wireshark sources to suit your needs, you might want to contribute your changes back to the Wireshark community. You gain the following benefits by contributing your improvements: -* _It's the right thing to do._ Other people who find your contributions useful +* _It’s the right thing to do._ Other people who find your contributions useful will appreciate them, and you will know that you have helped people in the same way that the developers of Wireshark have helped you. * _You get free enhancements._ By making your code public, other developers have - a chance to make improvements, as there's always room for improvements. In + a chance to make improvements, as there’s always room for improvements. In addition someone may implement advanced features on top of your code, which can be useful for yourself too. @@ -557,7 +557,7 @@ the following benefits by contributing your improvements: version from the website and your changes will already be included without any effort for you. -There's no direct way to push changes to the Git repository. Only a few people +There’s no direct way to push changes to the Git repository. Only a few people are authorised to actually make changes to the source code (check-in changed files). If you want to submit your changes, you should upload them to the code review system at {wireshark-code-review-url}. This requires you to set up git @@ -696,7 +696,7 @@ as described at <>. // $ diff -N -r -u --strip-trailing-cr ./svn-dir ./working-dir > foo.diff // ---- // -// It's a good idea to run `make distclean` before the +// It’s a good idea to run `make distclean` before the // actual diff call, as this will remove a lot // of temporary files which might be otherwise included in the diff. After // doing the diff, you should edit the _foo.diff_ file and remove unnecessary @@ -731,7 +731,7 @@ as described at <>. Some tips that will make the merging of your changes into Git much more likely (and you want exactly that, don't you?): -* _Use the latest Git sources._ It's a good idea to work with the same +* _Use the latest Git sources._ It’s a good idea to work with the same sources that are used by the other developers. This usually makes it much easier to apply your patch. For information about the different ways to get the sources, see <>. @@ -774,7 +774,7 @@ and integrated. The core maintainers have done a lot of work fixing bugs and making code compile on the various platforms Wireshark supports. -To ensure Wireshark's source code quality, and to reduce the workload of the +To ensure Wireshark’s source code quality, and to reduce the workload of the core maintainers, there are some things you should think about _before_ submitting a patch. @@ -792,7 +792,7 @@ be rejected. details. * _Submit dissectors as built-in whenever possible._ Developing a new dissector -as a plugin is a good idea because compiling and testing is quicker, but it's +as a plugin is a good idea because compiling and testing is quicker, but it’s best to convert dissectors to the built-in style before submitting for check in. This reduces the number of files that must be installed with Wireshark and ensures your dissector will be available on all platforms. @@ -882,7 +882,7 @@ You might get one of the following responses to your patch request: your patch is in the review system it won't get lost. If you're concerned, feel free to add a comment to the patch or send an email -to the developer's list asking for status. But please be patient: most if not +to the developer’s list asking for status. But please be patient: most if not all of us do this in our spare time. [[ChSrcBackport]] @@ -947,23 +947,23 @@ Given the file _new.diff_ containing a unified diff, the right way to call the patch tool depends on what the pathnames in _new.diff_ look like. If they're relative to the top-level source directory (for example, if a -patch to _prefs.c_ just has _prefs.c_ as the file name) you'd run it as: +patch to _prefs.c_ just has _prefs.c_ as the file name) you’d run it as: ---- $ patch -p0 < new.diff ---- -If they're relative to a higher-level directory, you'd replace 0 with the +If they're relative to a higher-level directory, you’d replace 0 with the number of higher-level directories in the path, e.g. if the names are _wireshark.orig/prefs.c_ and -_wireshark.mine/prefs.c_, you'd run it with: +_wireshark.mine/prefs.c_, you’d run it with: ---- $ patch -p1 < new.diff ---- If they're relative to a _subdirectory_ of the top-level -directory, you'd run `patch` in _that_ directory and run it with `-p0`. +directory, you’d run `patch` in _that_ directory and run it with `-p0`. If you run it without `-pat` all, the patch tool flattens path names, so that if you @@ -977,12 +977,12 @@ _Makefile.am_ as well. At which position in the filesystem should the patch tool be called? If the pathnames are relative to the top-level source directory, or to a -directory above that directory, you'd run it in the top-level source +directory above that directory, you’d run it in the top-level source directory. If they're relative to a *subdirectory* -- for example, if somebody did a patch to _packet-ip.c_ and ran `diff` or `git diff` in -the _epan/dissectors_ directory -- you'd run it in that subdirectory. +the _epan/dissectors_ directory -- you’d run it in that subdirectory. It is preferred that people *not* submit patches like that, especially if they're only patching files that exist in multiple directories such as _Makefile.am_. diff --git a/docbook/wsdg_src/WSDG_chapter_tools.asciidoc b/docbook/wsdg_src/WSDG_chapter_tools.asciidoc index 906359205f..5f55f7ae06 100644 --- a/docbook/wsdg_src/WSDG_chapter_tools.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_tools.asciidoc @@ -65,7 +65,7 @@ PS:\>iex ((new-object net.webclient).DownloadString(_https://chocolatey.org/inst ---- Chocolatey sometimes installs packages in unexpected locations. Cygwin is a notable -example -- recent versions of the Cygwin package are installed in _C:\ProgramData\chocolatey\lib\Cygwin\tools\cygwin_ instead of Cygwin's default location +example -- recent versions of the Cygwin package are installed in _C:\ProgramData\chocolatey\lib\Cygwin\tools\cygwin_ instead of Cygwin’s default location (_C:\cygwin_ or _C:\cygwin64_). [[ChToolsCygwin]] @@ -85,7 +85,7 @@ Although Cygwin consists of several separate packages, the installation and update is done through a single utility, _setup-x86.exe_ or _setup-x86_64.exe_, which acts similarly to other web based installers. You can install Cygwin and its packages using Chocolatey, but this is not -recommended due to Chocolatey's default installation location, described +recommended due to Chocolatey’s default installation location, described in the previous section. ==== Installing Cygwin using the Cygwin installer @@ -198,7 +198,7 @@ Your version string may vary, of course. [[ChToolsCMake]] -Wireshark's build environment can be configured using CMake on Windows +Wireshark’s build environment can be configured using CMake on Windows and either CMake or Autotools on Linux, macOS, and UNIX. CMake is designed to support out of tree builds. So much so, that in tree builds do not work properly in all cases. Along with being cross-platform, CMake supports @@ -237,7 +237,7 @@ using the `-D` flag. Useful variables and generators include the following: +++-DCMAKE_C_FLAGS='-Qunused-arguments'+++:: Make ccache and clang work together --DPYTHON_EXECUTABLE=c:/Python27/python:: Force the Python path. Useful on Windows since Cygwin's /usrbin/python is a symlink. +-DPYTHON_EXECUTABLE=c:/Python27/python:: Force the Python path. Useful on Windows since Cygwin’s /usrbin/python is a symlink. -DENABLE_APPLICATION_BUNDLE=OFF:: Disable building an application bundle (Wireshark.app) on macOS @@ -522,7 +522,7 @@ http://msdn.microsoft.com/en-us/library/t2fck18t.aspx[Microsoft MSDN] ==== C-Runtime "Redistributable" Files Please note: The following is not legal advice - ask your preferred lawyer -instead. It's the authors view and this view might be wrong. +instead. It’s the authors view and this view might be wrong. Depending on the Microsoft compiler version you use, some binary files coming from Microsoft might be required to be installed on Windows machine to run @@ -575,7 +575,7 @@ this for applications built with Visual Studio 2013) . _Using Visual {cpp} Redistributable Merge Modules._ (Loadable modules for building msi installers. -Not suitable for Wireshark's NSIS based installer) +Not suitable for Wireshark’s NSIS based installer) . _Install a particular Visual {cpp} assembly as a private assembly for the application._ The @@ -596,7 +596,7 @@ is used (this produces the smallest package). The Windows Platform SDK (PSDK) or Windows SDK is a free (as in beer) download and contains platform specific headers and libraries (e.g. _windows.h_, _WSock32.lib_, etc.). As new Windows -features evolve in time, updated SDK's become available that +features evolve in time, updated SDK’s become available that include new and updated APIs. When you purchase a commercial Visual Studio or use the Community Edition, it will @@ -611,15 +611,15 @@ search for SetEnv.* in the SDK directory. ==== HTML Help -HTML Help is used to create the User's and Developer's Guide in .chm format and -to show the User's Guide as the Wireshark "Online Help". +HTML Help is used to create the User’s and Developer’s Guide in .chm format and +to show the User’s Guide as the Wireshark "Online Help". Both features are currently optional, and might be removed in future versions. ===== HTML Help Compiler (hhc.exe) This compiler is used to generate a .chm file from a bunch of HTML files -- in -our case to generate the User's and Developer's Guide in .chm format. +our case to generate the User’s and Developer’s Guide in .chm format. The compiler is only available as the free (as in beer) "HTML Help Workshop" download. If you want to compile the guides yourself, you need to download and @@ -688,7 +688,7 @@ If you require a non-optimised version, then build using a debug configuration. ===== Debugging Tools for Windows You can also use the Microsoft Debugging Tools for Windows toolkit, which is a -standalone GUI debugger. Although it's not that comfortable compared to +standalone GUI debugger. Although it’s not that comfortable compared to debugging with the Visual Studio integrated debugger it can be helpful if you have to debug on a machine where an integrated debugger is not available. @@ -897,7 +897,7 @@ However, the version string may vary. === Bison -Bison is a parser generator used for some of Wireshark's file format support. +Bison is a parser generator used for some of Wireshark’s file format support. [[ChToolsUnixBison]] @@ -944,7 +944,7 @@ officially supported but _should_ work. === Flex -Flex is a lexical analyzer generator used for Wireshark's display filters, some +Flex is a lexical analyzer generator used for Wireshark’s display filters, some file formats, and other features. [[ChToolsUnixFlex]] diff --git a/docbook/wsdg_src/WSDG_chapter_userinterface.asciidoc b/docbook/wsdg_src/WSDG_chapter_userinterface.asciidoc index b97fe763fb..75e9e4c9df 100644 --- a/docbook/wsdg_src/WSDG_chapter_userinterface.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_userinterface.asciidoc @@ -66,7 +66,7 @@ instead of requiring that options be specified. documentation and instead prefer to learn an application as they use it. Providing feedback increases your sense of control and awareness, and makes the application more enjoyable to use. Most of the Qt dialogs -provide a ``hint'' area near the bottom which shows useful information. +provide a “hint” area near the bottom which shows useful information. For example, the ``Follow Stream'' dialog shows the packet corresponding to the text under the mouse. The profile management dialog shows a clickable path to the current profile. The main welcome screen shows @@ -77,7 +77,7 @@ keyboard shortcuts. Qt Creator is a full-featured IDE and user interface editor. It makes adding new UI features much easier. It doesn't work well on Windows at -the present time, so it's recommended that you use it on macOS or Linux. +the present time, so it’s recommended that you use it on macOS or Linux. To edit and build Wireshark using Qt Cretor, open the top-level _CMakeLists.txt_ within Qt Creator. It should ask you to choose a build @@ -87,14 +87,14 @@ ENABLE_GTK3=OFF") and click the ``Run CMake'' button. When that completes select ``Build → Open Build and Run Kit Selector...'' and make sure _wireshark_ is selected. -Note that Qt Creator uses output created by CMake's *CodeBlocks* +Note that Qt Creator uses output created by CMake’s *CodeBlocks* generator. If you run CMake outside of Qt Creator you should use the ``CodeBlocks - Unix Makefiles'' generator, otherwise Qt Creator will prompt you to re-run CMake. ==== Source Code Overview -Wireshark's `main` entry point is in _wireshark-qt.cpp_. Command-line arguments +Wireshark’s `main` entry point is in _wireshark-qt.cpp_. Command-line arguments are processed there and the main application class (`WiresharkApplication`) instance is created there along with the main window. @@ -119,7 +119,7 @@ open when the capture file closes. The code in _ui/qt_ directory uses three APIs: Qt (which uses InterCapConvention), GLib (which uses underscore_convention), and the Wireshark -API (which also uses underscore_convention). As a general rule Wireshark's Qt +API (which also uses underscore_convention). As a general rule Wireshark’s Qt code uses InterCapConvention for class names, interCapConvention for methods, and underscore_convention for variables, with a trailing_underscore_ for member variables. @@ -130,9 +130,9 @@ Dialogs that work with capture file information shouldn't close just because the capture file closes. Subclassing `WiresharkDialog` as described above can make it easier to persist across capture files. -When you create a window with a row of standard ``OK'' and ``Close'' buttons at +When you create a window with a row of standard “OK” and “Close” buttons at the bottom using Qt Creator you will end up with a subclass of QDialog. This is -fine for traditional modal dialogs, but many times the ``dialog'' needs to behave +fine for traditional modal dialogs, but many times the “dialog” needs to behave like a QWindow instead. Modal dialogs should be constructed with `QDialog(parent)`. Modeless dialogs @@ -143,7 +143,7 @@ this for you. Most of the dialogs in ui/qt share many similarities, including method names, widget names, and behavior. Most dialogs should have the following, although -it's not strictly required: +it’s not strictly required: - An `updateWidgets()` method, which enables and disables widgets depending on the current state and constraints of the dialog. For example, the Coloring @@ -163,7 +163,7 @@ it's not strictly required: ===== Strings -Wireshark's C code and GLib use UTF-8 encoded character arrays. Qt +Wireshark’s C code and GLib use UTF-8 encoded character arrays. Qt (specifically QString) uses UTF-16. You can convert a `char *` to a `QString` using simple assignment. You can convert a `QString` to a `const char *` using `qUtf8Printable`. @@ -184,7 +184,7 @@ your code. ===== Mixing C and {cpp} Sometimes we have to call {cpp} functions from one of -Wireshark's C callbacks and pass {cpp} objects to or from C. Tap +Wireshark’s C callbacks and pass {cpp} objects to or from C. Tap listeners are a common example. The {cpp} FAQ link:http://www. parashift.com/c++-faq/mixing-c-and-cpp.html:[describes how to do this safely]. @@ -266,7 +266,7 @@ the internals of a running Qt application similar to $$Spy++$$ on Windows. .We have switched to Qt [NOTE] ==== -Wireshark's default interface uses Qt. If you would like to add a new +Wireshark’s default interface uses Qt. If you would like to add a new interface feature you should use it and not GTK{plus}. The documentation below is primarily historical. ==== @@ -278,13 +278,13 @@ intended to be a multiplatform tool, there are some drawbacks, as the result is a somewhat "non native" look and feel. GTK{plus} is available for many different platforms including, but not limited to: -Unix/Linux, macOS and Win32. It's the foundation of the famous GNOME desktop, +Unix/Linux, macOS and Win32. It’s the foundation of the famous GNOME desktop, so the future development of GTK should be certain. GTK is implemented in plain C (as is Wireshark itself), and available under the LGPL (Lesser General Public License), making it free to used by commercial and noncommercial applications. There are other similar toolkits like wxWidgets which could also be used for -Wireshark. There's no "one and only" reason for or against any of these +Wireshark. There’s no "one and only" reason for or against any of these toolkits. However, the decision towards GTK was made a long time ago :-) There are two major GTK versions available: @@ -353,7 +353,7 @@ Several mailing lists are available about GTK development, see http://mail.gnome.org/mailman/listinfo[], the gtk-app-devel-list may be your friend. -As it's often done wrong: You should post a mail to *help* the developers +As it’s often done wrong: You should post a mail to *help* the developers there instead of only complaining. Posting such a thing like "I don't like your dialog, it looks ugly" won't be of much help. You might think about what you dislike and describe why you dislike it and provide a suggestion diff --git a/docbook/wsdg_src/WSDG_chapter_works.asciidoc b/docbook/wsdg_src/WSDG_chapter_works.asciidoc index 07adfec2bd..6ba6c53e15 100644 --- a/docbook/wsdg_src/WSDG_chapter_works.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_works.asciidoc @@ -16,7 +16,7 @@ This chapter will give you a short overview of how Wireshark works. === Overview -The following will give you a simplified overview of Wireshark's function blocks: +The following will give you a simplified overview of Wireshark’s function blocks: [[ChWorksFigOverview]] @@ -58,8 +58,8 @@ with elevated privileges. Source code is in the root directory. WinPcap and libpcap:: These are separate libraries that provide packet capture and filtering support on different platforms. The filtering WinPcap and libpcap -works at a much lower level than Wireshark's display filters and uses a -significantly different mechanism. That's why we have different display and +works at a much lower level than Wireshark’s display filters and uses a +significantly different mechanism. That’s why we have different display and capture filter syntaxes. @@ -71,7 +71,7 @@ Capturing takes packets from a network adapter and saves them to a file on your hard disk. Since raw network adapter access requires elevated privileges these functions -are isolated into the `dumpcap` program. It's only this program that needs these +are isolated into the `dumpcap` program. It’s only this program that needs these privileges, allowing the main part of the code (dissectors, user interface, etc) to run with normal user privileges. diff --git a/docbook/wsdg_src/WSDG_preface.asciidoc b/docbook/wsdg_src/WSDG_preface.asciidoc index c3f62c4b67..92cd596e05 100644 --- a/docbook/wsdg_src/WSDG_preface.asciidoc +++ b/docbook/wsdg_src/WSDG_preface.asciidoc @@ -32,7 +32,7 @@ Wireshark. This book is not intended to explain the usage of Wireshark in general. Please refer the -{wireshark-users-guide-url}[Wireshark User's Guide] about Wireshark usage. +{wireshark-users-guide-url}[Wireshark User’s Guide] about Wireshark usage. By reading this book, you will learn how to develop Wireshark. It will hopefully guide you around some common problems that frequently appear for diff --git a/docbook/wsluarm.asciidoc b/docbook/wsluarm.asciidoc index 175a70103c..d7c559a561 100644 --- a/docbook/wsluarm.asciidoc +++ b/docbook/wsluarm.asciidoc @@ -20,13 +20,13 @@ the Department of Computer Science. In Wireshark Lua can be used to write dissectors, taps, and capture file readers and writers. -Wireshark's Lua interpreter starts by loading `init.lua` that is located in the +Wireshark’s Lua interpreter starts by loading `init.lua` that is located in the global configuration directory of Wireshark. Lua is enabled by default. To disable Lua the line variable _$$disable_lua$$_ should be set to _true_ in `init.lua`. After loading _init.lua_ from the data directory if Lua is enabled Wireshark -will try to load a file named `init.lua` in the user's directory. +will try to load a file named `init.lua` in the user’s directory. Wireshark will also load all files with `.lua` suffix from both the global and the personal plugins directory. @@ -167,7 +167,7 @@ register_menu("Test/Packets", menuable_tap, MENU_TOOLS_UNSORTED) [[wsluarm_modules]] -== Wireshark's Lua API Reference Manual +== Wireshark’s Lua API Reference Manual This Part of the User Guide describes the Wireshark specific functions in the embedded Lua. @@ -211,9 +211,9 @@ include::{build_dir}/wsluarm_src/wslua_struct.asciidoc[] === GLib Regular Expressions Lua has its own native _pattern_ syntax in the string library, but sometimes a -real regex engine is more useful. Wireshark comes with GLib's Regex +real regex engine is more useful. Wireshark comes with GLib’s Regex implementation, which itself is based on Perl Compatible Regular Expressions -(PCRE). This engine is exposed into Wireshark's Lua engine through the +(PCRE). This engine is exposed into Wireshark’s Lua engine through the well-known Lrexlib library, following the same syntax and semantics as the Lrexlib PCRE implementation, with a few differences as follows: @@ -277,34 +277,34 @@ characters stand for compilation flags. Combinations of the following characters (case sensitive) are supported: * _i_ = G_REGEX_CASELESS - Letters in the pattern match both upper- and - lowercase letters. This option can be changed within a pattern by a ``(?i)'' + lowercase letters. This option can be changed within a pattern by a “(?i)” option setting. * _m_ = G_REGEX_MULTILINE - By default, GRegex treats the strings as consisting of a single line of characters (even if it actually contains - newlines). The ``start of line'' metacharacter (``^'') matches only at the start - of the string, while the ``end of line'' metacharacter (``$'') matches only at + newlines). The ``start of line'' metacharacter (“^”) matches only at the start + of the string, while the ``end of line'' metacharacter (“$”) matches only at the end of the string, or before a terminating newline (unless G_REGEX_DOLLAR_ENDONLY is set). When G_REGEX_MULTILINE is set, the ``start of line'' and ``end of line'' constructs match immediately following or immediately before any newline in the string, respectively, as well as at the - very start and end. This can be changed within a pattern by a ``(?m)'' option + very start and end. This can be changed within a pattern by a “(?m)” option setting. -* _s_ = G_REGEX_DOTALL - A dot metacharater (``.'') in the pattern matches +* _s_ = G_REGEX_DOTALL - A dot metacharater (“.”) in the pattern matches all characters, including newlines. Without it, newlines are excluded. This option can be changed within a pattern by a ("?s") option setting. * _x_ = G_REGEX_EXTENDED - Whitespace data characters in the pattern are totally ignored except when escaped or inside a character class. Whitespace does not include the VT character (code 11). In addition, characters between - an unescaped ``$$#$$'' outside a character class and the next newline character, + an unescaped “$$#$$” outside a character class and the next newline character, inclusive, are also ignored. This can be changed within a pattern by a - ``(?x)'' option setting. + “(?x)” option setting. -* _U_ = G_REGEX_UNGREEDY - Inverts the ``greediness'' of the quantifiers so - that they are not greedy by default, but become greedy if followed by ``?''. - It can also be set by a ``(?U)'' option setting within the pattern. +* _U_ = G_REGEX_UNGREEDY - Inverts the “greediness” of the quantifiers so + that they are not greedy by default, but become greedy if followed by “?”. + It can also be set by a “(?U)” option setting within the pattern. [[lua_fn_GRegex_new_pattern_]] @@ -597,7 +597,7 @@ ef (optional):: match execution flags (bitwise OR) [float] ===== Returns -On success, returns all substring matches (``captures''), in the order they appear +On success, returns all substring matches (“captures”), in the order they appear in the pattern. false is returned for sub-patterns that did not participate in the match. If the pattern specified no captures then the whole matched substring is returned. nil is returned if the pattern did not match. @@ -650,7 +650,7 @@ ef (optional):: match execution flags (bitwise OR) ===== Returns On success, returns the start point of the first match (a number), the end point -of the first match (a number), and the offsets of substring matches (``captures'' +of the first match (a number), and the offsets of substring matches (“captures” in Lua terminology) are returned as a third result, in a table. This table contains false in the positions where the corresponding sub-pattern did not participate in the match. On failure, returns nil. Example: If the whole match diff --git a/docbook/wsug_src/WSUG_app_files.asciidoc b/docbook/wsug_src/WSUG_app_files.asciidoc index e849b11e3b..05cfa37f8a 100644 --- a/docbook/wsug_src/WSUG_app_files.asciidoc +++ b/docbook/wsug_src/WSUG_app_files.asciidoc @@ -12,7 +12,7 @@ === Capture Files To understand which information will remain available after the captured packets -are saved to a capture file, it's helpful to know a bit about the capture file +are saved to a capture file, it’s helpful to know a bit about the capture file contents. Wireshark uses the @@ -23,7 +23,7 @@ but other tools may not support it. Wireshark also supports the link:https://wiki.wireshark.org/Development/LibpcapFileFormat[libpcap] file format. This is a much simpler format and is well established. However, it has -some drawbacks: it's not extensible and lacks some information that would be +some drawbacks: it’s not extensible and lacks some information that would be really helpful (e.g. being able to add a comment to a packet such as ``the problems start here'' would be really nice). @@ -46,9 +46,9 @@ The following data is saved for each packet: * The packet length as it was ``on the wire'' -* The packet length as it's saved in the file +* The packet length as it’s saved in the file -* The packet's raw bytes +* The packet’s raw bytes A detailed description of the libpcap file format can be found at: link:$$https://wiki.wireshark.org/Development/LibpcapFileFormat$$[] @@ -108,7 +108,7 @@ Files\Wireshark_. ==== Folders on Unix-like systems _$XDG_CONFIG_HOME_ is the folder for user-specific configuration files. -It's usually _$HOME/.config_, where _$HOME_ is the user's home folder, which +It’s usually _$HOME/.config_, where _$HOME_ is the user’s home folder, which is usually something such as _$HOME/**username**_, or _/Users/**username**_ on macOS. @@ -195,7 +195,7 @@ _preferences_ file in the personal configuration folder, that is read; if there is a preference set in both files, the setting in the personal preferences file overrides the setting in the global preference file. -If you press the Save button in the ``Preferences'' dialog box, all the +If you press the Save button in the “Preferences” dialog box, all the current settings are written to the personal preferences file. -- @@ -390,7 +390,7 @@ overrides the setting in the personal preference file. + -- Each line in one of these files consists of an IPv4 address, a subnet -mask length separated only by a ``/'' and a name separated by whitespace. +mask length separated only by a “/” and a name separated by whitespace. While the address must be a full IPv4 address, any values beyond the mask length are subsequently ignored. @@ -400,10 +400,10 @@ An example is: 192.168.0.0/24 ws_test_network ---- -A partially matched name will be printed as ``subnet-name.remaining-address''. -For example, ``192.168.0.1'' under the subnet above would be printed as +A partially matched name will be printed as “subnet-name.remaining-address”. +For example, “192.168.0.1” under the subnet above would be printed as ``ws_test_network.1"; if the mask length above had been 16 rather than 24, the -printed address would be ``ws_test_network.0.1''. +printed address would be “ws_test_network.0.1”. The settings from these files are read in at program start and never written by Wireshark. @@ -487,7 +487,7 @@ of duplicate file names between old and new the new folder wins. * If you are running on macOS and Wireshark is installed as an application bundle, the global plugin folder is -_%APPDIR%/Contents/PlugIns/wireshark_, otherwise it's +_%APPDIR%/Contents/PlugIns/wireshark_, otherwise it’s _INSTALLDIR/lib/wireshark/plugins_. [[ChWindowsFolder]] @@ -515,7 +515,7 @@ If you've upgraded to a new Windows version, your profile might be kept in the former location. The defaults mentioned here might not apply. ==== -The following guides you to the right place where to look for Wireshark's +The following guides you to the right place where to look for Wireshark’s profile data. Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, and associated server editions:: diff --git a/docbook/wsug_src/WSUG_app_howitworks.asciidoc b/docbook/wsug_src/WSUG_app_howitworks.asciidoc index 9db04fb360..7bf24bc05e 100644 --- a/docbook/wsug_src/WSUG_app_howitworks.asciidoc +++ b/docbook/wsug_src/WSUG_app_howitworks.asciidoc @@ -7,7 +7,7 @@ [appendix] == How Wireshark Works -When using such a complex program like Wireshark, it's sometimes useful to +When using such a complex program like Wireshark, it’s sometimes useful to understand the mechanisms and concepts behind the surface. This is an approach to shed some light on the inner workings of Wireshark. @@ -51,19 +51,19 @@ At program start, the dissector registers itself at the appropriate place(s). There are two ways for a dissector to register itself for packet data: * _Static_. If the dissector knows a specific value of a lower layer, if can - directly register itself there (e.g. the HTTP dissector ``knows'', that + directly register itself there (e.g. the HTTP dissector “knows”, that typically the well known TCP port 80 is used to transport HTTP data). * _Heuristic_. If no such well known way exists, the dissector can register itself for the heuristic mechanism. If a lower layer dissector has to handle some packet data where no well known way exists, it can - handover the packet to Wireshark's heuristic mechanism. This will ask all - registered upper layer dissectors, if they ``like'' that data. Each of these + handover the packet to Wireshark’s heuristic mechanism. This will ask all + registered upper layer dissectors, if they “like” that data. Each of these dissectors will typically look into the first few bytes of the packet, if it contains some characteristic data of that protocol. So the dissector can accept or reject to dissect that packet. -Let's look at an example. We'll assume, Wireshark loads a TCP/IP/Ethernet +Let’s look at an example. We'll assume, Wireshark loads a TCP/IP/Ethernet packet. Wireshark will call the Ethernet dissector, which will dissect the Ethernet related data (usually the first 6 + 6 + 2 bytes). Then this dissector calls back into Wireshark and will pass the rest of the data back to Wireshark. diff --git a/docbook/wsug_src/WSUG_app_messages.asciidoc b/docbook/wsug_src/WSUG_app_messages.asciidoc index 2b09a313ad..02a7bdcad8 100644 --- a/docbook/wsug_src/WSUG_app_messages.asciidoc +++ b/docbook/wsug_src/WSUG_app_messages.asciidoc @@ -9,7 +9,7 @@ Wireshark provides you with additional information generated out of the plain packet data or it may need to indicate dissection problems. Messages generated -by Wireshark are usually placed in square brackets (``[]''). +by Wireshark are usually placed in square brackets (“[]”). [[AppMessagesList]] @@ -40,7 +40,7 @@ the packet any further. There can be various reasons: Any of the above is possible. You'll have to look into the specific situation to determine the reason. You could disable the dissector by disabling the protocol on the Analyze menu and check how Wireshark displays the packet then. You could -(if it's TCP) enable reassembly for TCP and the specific dissector (if possible) +(if it’s TCP) enable reassembly for TCP and the specific dissector (if possible) in the Edit|Preferences menu. You could check the packet contents yourself by reading the packet bytes and comparing it to the protocol specification. This could reveal a dissector bug. Or you could find out that the packet is indeed @@ -50,7 +50,7 @@ wrong. The packet size was limited during capture, see ``Limit each packet to n bytes'' at the <>. While dissecting, the current protocol dissector -was simply running out of packet bytes and had to give up. There's nothing else +was simply running out of packet bytes and had to give up. There’s nothing else you can do now, except to repeat the whole capture process again with a higher (or no) packet size limitation. @@ -82,4 +82,4 @@ by double clicking on this message. ++++++++++++++++++++++++++++++++++++++ -++++++++++++++++++++++++++++++++++++++ \ No newline at end of file +++++++++++++++++++++++++++++++++++++++ diff --git a/docbook/wsug_src/WSUG_app_tools.asciidoc b/docbook/wsug_src/WSUG_app_tools.asciidoc index 0511383eca..23cf5425e6 100644 --- a/docbook/wsug_src/WSUG_app_tools.asciidoc +++ b/docbook/wsug_src/WSUG_app_tools.asciidoc @@ -14,7 +14,7 @@ Along with the main application, Wireshark comes with an array of command line tools which can be helpful for specialized tasks. Some of these tools will be described in this chapter. You can find more -information about all of Wireshark's command line tools on +information about all of Wireshark’s command line tools on link:{wireshark-man-page-url}[the web site]. [[AppToolstshark]] @@ -35,9 +35,9 @@ include::tshark-h.txt[] [[AppToolstcpdump]] -=== __tcpdump__: Capturing with ``tcpdump'' for viewing with Wireshark +=== __tcpdump__: Capturing with “tcpdump” for viewing with Wireshark -It's often more useful to capture packets using `tcpdump` rather than +It’s often more useful to capture packets using `tcpdump` rather than `wireshark`. For example, you might want to do a remote capture and either don't have GUI access or don't have Wireshark installed on the remote machine. @@ -59,10 +59,10 @@ tcpdump`) or link:{tcpdump-man-page-url}[the online version]. [[AppToolsdumpcap]] -=== __dumpcap__: Capturing with ``dumpcap'' for viewing with Wireshark +=== __dumpcap__: Capturing with “dumpcap” for viewing with Wireshark Dumpcap is a network traffic dump tool. It captures packet data from a live -network and writes the packets to a file. Dumpcap's native capture file format +network and writes the packets to a file. Dumpcap’s native capture file format is pcapng, which is also the format used by Wireshark. Without any options set it will use the pcap library to capture traffic @@ -149,13 +149,13 @@ Mergecap is a program that combines multiple saved capture files into a single output file specified by the `-w` argument. Mergecap knows how to read libpcap capture files, including those of tcpdump. In addition, Mergecap can read capture files from snoop (including Shomiti) and atmsnoop, LanAlyzer, Sniffer -(compressed or uncompressed), Microsoft Network Monitor, AIX's iptrace, NetXray, -Sniffer Pro, RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug output, -HP-UX's nettl, and the dump output from Toshiba's ISDN routers. There is no need +(compressed or uncompressed), Microsoft Network Monitor, AIX’s iptrace, NetXray, +Sniffer Pro, RADCOM’s WAN/LAN analyzer, Lucent/Ascend router debug output, +HP-UX’s nettl, and the dump output from Toshiba’s ISDN routers. There is no need to tell Mergecap what type of file you are reading; it will determine the file type by itself. Mergecap is also capable of reading any of these file formats if they are compressed using `gzip`. Mergecap recognizes this directly from the -file; the ``.gz'' extension is not required for this purpose. +file; the “.gz” extension is not required for this purpose. By default, it writes the capture file in pcapng format, and writes all of the packets in the input capture files to the output file. The `-F` flag can be used @@ -167,10 +167,10 @@ Network Monitor 1.x format, and the format used by Windows-based versions of the Sniffer software. Packets from the input files are merged in chronological order based on each -frame's timestamp, unless the `-a` flag is specified. Mergecap assumes that +frame’s timestamp, unless the `-a` flag is specified. Mergecap assumes that frames within a single capture file are already stored in chronological order. When the `-a` flag is specified, packets are copied directly from each input -file to the output file, independent of each frame's timestamp. +file to the output file, independent of each frame’s timestamp. If the `-s` flag is used to specify a snapshot length, frames in the input file with more captured data than the specified snapshot length will have only the @@ -242,7 +242,7 @@ is a sample dump that `text2pcap` can recognize: There is no limit on the width or number of bytes per line. Also the text dump at the end of the line is ignored. Bytes/hex numbers can be uppercase or lowercase. Any text before the offset is ignored, including email forwarding -characters `>'. Any lines of text between the bytestring lines is ignored. +characters “>”. Any lines of text between the bytestring lines is ignored. The offsets are used to track the bytes, so offsets must be correct. Any line which has only bytes without a leading offset is ignored. An offset is recognized as being a hex number longer than two characters. Any text after the @@ -256,7 +256,7 @@ of mangled outputs (including being forwarded through email multiple times, with limited line wrap etc.) There are a couple of other special features to note. Any line where the first -non-whitespace character is `#' will be ignored as a comment. Any line beginning +non-whitespace character is “#” will be ignored as a comment. Any line beginning with #TEXT2PCAP is a directive and options can be inserted after this command to be processed by `text2pcap`. Currently there are no directives implemented; in the future, these may be used to give more fine grained control on the dump and the diff --git a/docbook/wsug_src/WSUG_chapter_advanced.asciidoc b/docbook/wsug_src/WSUG_chapter_advanced.asciidoc index f030d2d96b..73b515c765 100644 --- a/docbook/wsug_src/WSUG_chapter_advanced.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_advanced.asciidoc @@ -10,7 +10,7 @@ === Introduction -This chapter some of Wireshark's advanced features. +This chapter some of Wireshark’s advanced features. [[ChAdvFollowTCPSection]] @@ -20,7 +20,7 @@ If you are working with TCP based protocols it can be very helpful to see the data from a TCP stream in the way that the application layer sees it. Perhaps you are looking for passwords in a Telnet stream, or you are trying to make sense of a data stream. Maybe you just need a display filter to show only the -packets of that TCP stream. If so, Wireshark's ability to follow a TCP stream +packets of that TCP stream. If so, Wireshark’s ability to follow a TCP stream will be useful to you. Simply select a TCP packet in the packet list of the stream/connection you are @@ -47,7 +47,7 @@ image::wsug_graphics/ws-follow-stream.png[{screenshot-attrs}] The stream content is displayed in the same sequence as it appeared on the network. Traffic from A to B is marked in red, while traffic from B to A is marked in blue. If you like, you can change these colors in the -``Colors'' page if the ``Preferences'' dialog. +“Colors” page if the “Preferences” dialog. Non-printable characters will be replaced by dots. @@ -98,13 +98,13 @@ more formatting because they contain an image or HTML then this dialog can be us This dialog can also be used to decode field bytes from base64, zlib compressed or quoted-printable and show the decoded bytes as configurable output. -It's also possible to select a subset of bytes setting the start byte and end byte. +It’s also possible to select a subset of bytes setting the start byte and end byte. You can choose from the following actions: . __Find__: Search for the given text. Matching text will be highlighted, and the ``Find Next'' will search for more. In the context menu for the - find text it's possible to configure to use regular expression find. + find text it’s possible to configure to use regular expression find. . __Print__: Print the bytes in the currently selected format. @@ -145,10 +145,10 @@ You can choose to view the data in one of the following formats: screen space and is best used with binary protocols. *HTML*:: This allows you to see all the data formatted as a HTML document. - The HTML supported is what's supported by the Qt QTextEdit class. + The HTML supported is what’s supported by the Qt QTextEdit class. *Image*:: This will try to convert the bytes into an image. - Images supported are what's supported by the Qt QImage class. + Images supported are what’s supported by the Qt QImage class. *ISO 8859-1*:: In this view you see the bytes as ISO 8859-1. @@ -168,14 +168,14 @@ The expert infos is a kind of log of the anomalies found by Wireshark in a capture file. The general idea behind the following ``Expert Info'' is to have a better -display of ``uncommon'' or just notable network behaviour. This way, both novice +display of “uncommon” or just notable network behaviour. This way, both novice and expert users will hopefully find probable network problems a lot faster, -compared to scanning the packet list ``manually'' . +compared to scanning the packet list “manually” . [WARNING] .Expert infos are only a hint ==== -Take expert infos as a hint what's worth looking at, but not more. For example, +Take expert infos as a hint what’s worth looking at, but not more. For example, the absence of expert infos doesn't necessarily mean everything is OK. ==== @@ -216,10 +216,10 @@ GUI: * __Chat (grey)__: information about usual workflow, e.g. a TCP packet with the SYN flag set -* __Note (cyan)__: notable things, e.g. an application returned an ``usual'' +* __Note (cyan)__: notable things, e.g. an application returned an “usual” error code like HTTP 404 -* __Warn (yellow)__: warning, e.g. application returned an ``unusual'' error +* __Warn (yellow)__: warning, e.g. application returned an “unusual” error code like a connection problem * __Error (red)__: serious problem, e.g. [Malformed Packet] @@ -254,7 +254,7 @@ There are some common groups of expert infos. The following are currently implem * __Debug__: debugging (should not occur in release versions) -It's possible that more groups will be added in the future. +It’s possible that more groups will be added in the future. [[ChAdvExpertProtocol]] @@ -285,7 +285,7 @@ image::wsug_graphics/ws-expert-infos.png[{screenshot-attrs}] An easy and quick way to find the most interesting infos (rather than using the Details tab), is to have a look at the separate tabs for each severity level. As -the tab label also contains the number of existing entries, it's easy to find +the tab label also contains the number of existing entries, it’s easy to find the tab with the most important entries. There are usually a lot of identical expert infos only differing in the packet @@ -306,14 +306,14 @@ pinpoint problems. [[ChAdvExpertColorizedTree]] -==== ``Colorized'' Protocol Details Tree +==== “Colorized” Protocol Details Tree -.The ``Colorized'' protocol details tree +.The “Colorized” protocol details tree image::wsug_graphics/ws-expert-colored-tree.png[{screenshot-attrs}] The protocol field causing an expert info is colorized, e.g. uses a cyan background for a note severity level. This color is propagated to the toplevel -protocol item in the tree, so it's easy to find the field that caused the expert +protocol item in the tree, so it’s easy to find the field that caused the expert info. For the example screenshot above, the IP ``Time to live'' value is very low @@ -323,9 +323,9 @@ marked cyan as well. [[ChAdvExpertColumn]] -==== ``Expert'' Packet List Column (optional) +==== “Expert” Packet List Column (optional) -.The ``Expert'' packet list column +.The “Expert” packet list column image::wsug_graphics/ws-expert-column.png[{screenshot-attrs}] An optional ``Expert Info Severity'' packet list column is available that @@ -337,7 +337,7 @@ the Preferences Columns page described in <>. === TCP Analysis -By default, Wireshark's TCP dissector tracks the state of each TCP +By default, Wireshark’s TCP dissector tracks the state of each TCP session and provides additional information when problems or potential problems are detected. Analysis is done once for each TCP packet when a capture file is first opened. Packets are processed in the order in @@ -376,7 +376,7 @@ that this is not the same as the next expected acknowledgment number. ==== TCP ACKed unseen segment Set when the expected next acknowledgement number is set for the reverse -direction and it's less than the current acknowledgement number. +direction and it’s less than the current acknowledgement number. // TCP_A_DUPLICATE_ACK [float] @@ -402,7 +402,7 @@ Set when all of the following are true: - The current sequence number equals the next expected acknowledgement number. - We saw the last acknowledgement less than 20ms ago. -Supersedes ``Out-Of-Order'', ``Spurious Retransmission'', and ``Retransmission''. +Supersedes “Out-Of-Order”, ``Spurious Retransmission'', and “Retransmission”. // TCP_A_KEEP_ALIVE [float] @@ -412,8 +412,8 @@ Set when the segment size is zero or one, the current sequence number is one byte less than the next expected sequence number, and any of SYN, FIN, or RST are set. -Supersedes ``Fast Retransmission'', ``Out-Of-Order'', ``Spurious -Retransmission'', and ``Retransmission''. +Supersedes ``Fast Retransmission'', “Out-Of-Order”, ``Spurious +Retransmission'', and “Retransmission”. // TCP_A_KEEP_ALIVE_ACK [float] @@ -428,7 +428,7 @@ Set when all of the following are true: - The most recently seen packet in the reverse direction was a keepalive. - The packet is not a SYN, FIN, or RST. -Supersedes ``Dup ACK'' and ``ZeroWindowProbeAck''. +Supersedes ``Dup ACK'' and “ZeroWindowProbeAck”. // TCP_A_OUT_OF_ORDER [float] @@ -442,13 +442,13 @@ Set when all of the following are true: - The next expected sequence number and the next sequence number differ. - The last segment arrived within the calculated RTT (3ms by default). -Supersedes ``Spurious Retransmission'' and ``Retransmission''. +Supersedes ``Spurious Retransmission'' and “Retransmission”. // TCP_A_REUSED_PORTS [float] ==== TCP Port numbers reused -Set when the SYN flag is set (not SYN+ACK), we have an existing conversation using the same addresses and ports, and the sequencue number is different than the existing conversation's initial sequence number. +Set when the SYN flag is set (not SYN+ACK), we have an existing conversation using the same addresses and ports, and the sequencue number is different than the existing conversation’s initial sequence number. // TCP_A_LOST_PACKET [float] @@ -469,7 +469,7 @@ direction. Set when all of the following are true: - Data for this flow has been acknowledged. That is, the last-seen acknowledgement number has been set. - The next sequence number is less than or equal to the last-seen acknowledgement number. -Supersedes ``Retransmission''. +Supersedes “Retransmission”. // TCP_A_RETRANSMISSION [float] @@ -534,7 +534,7 @@ Supersedes ``TCP Dup ACK''. === Time Stamps Time stamps, their precisions and all that can be quite confusing. This section -will provide you with information about what's going on while Wireshark +will provide you with information about what’s going on while Wireshark processes time stamps. While packets are captured, each packet is time stamped as it comes in. These @@ -565,13 +565,13 @@ capturing hardware, this resolution should be adequate. Every capture file format that Wireshark knows supports time stamps. The time stamp precision supported by a specific capture file format differs widely and -varies from one second ``0'' to one nanosecond ``0.123456789''. Most file +varies from one second “0” to one nanosecond “0.123456789”. Most file formats store the time stamps with a fixed precision (e.g. microseconds), while some file formats are even capable of storing the time stamp precision itself (whatever the benefit may be). The common libpcap capture file format that is used by Wireshark (and a lot of -other tools) supports a fixed microsecond resolution ``0.123456'' only. +other tools) supports a fixed microsecond resolution “0.123456” only. Writing data into a capture file format that doesn't provide the capability to store the actual precision will lead to loss of information. For example, if you @@ -599,7 +599,7 @@ Don't use USB connected NICs when you need precise time stamp accuracy. ==== -// (XXX - are there any such NIC's that generate time stamps on the USB +// (XXX - are there any such NIC’s that generate time stamps on the USB // hardware?) [[ChAdvTimezones]] @@ -632,15 +632,15 @@ only at a small part of the world. For that reason, the earth is split into several different time zones, each zone with a local time that corresponds to the local sunset. -The time zone's base time is UTC (Coordinated Universal Time) or Zulu Time +The time zone’s base time is UTC (Coordinated Universal Time) or Zulu Time (military and aviation). The older term GMT (Greenwich Mean Time) shouldn't be used as it is slightly incorrect (up to 0.9 seconds difference to UTC). The UTC base time equals to 0 (based at Greenwich, England) and all time zones have an offset to UTC between -12 to +14 hours! For example: If you live in Berlin you are in a time zone one hour earlier than -UTC, so you are in time zone ``+1'' (time difference in hours compared to UTC). -If it's 3 o'clock in Berlin it's 2 o'clock in UTC ``at the same moment''. +UTC, so you are in time zone “+1” (time difference in hours compared to UTC). +If it’s 3 o'clock in Berlin it’s 2 o'clock in UTC ``at the same moment''. Be aware that at a few places on earth don't use time zones with even hour offsets (e.g. New Delhi uses UTC+05:30)! @@ -653,7 +653,7 @@ Further information can be found at: {wikipedia-main-url}Time_zone and .What is daylight saving time (DST)? **** -Daylight Saving Time (DST), also known as Summer Time is intended to ``save'' +Daylight Saving Time (DST), also known as Summer Time is intended to “save” some daylight during the summer months. To do this, a lot of countries (but not all!) add a DST hour to the already existing UTC offset. So you may need to take another hour (or in very rare cases even two hours!) difference into your ``time @@ -661,7 +661,7 @@ zone calculations''. Unfortunately, the date at which DST actually takes effect is different throughout the world. You may also note, that the northern and southern -hemispheres have opposite DST's (e.g. while it's summer in Europe it's winter in +hemispheres have opposite DST’s (e.g. while it’s summer in Europe it’s winter in Australia). Keep in mind: UTC remains the same all year around, regardless of DST! @@ -673,16 +673,16 @@ link:{wikipedia-main-url}Daylight_saving[]. Further time zone and DST information can be found at {greenwichmeantime-main-url} and {timeanddate-main-url}. -==== Set your computer's time correctly! +==== Set your computer’s time correctly! -If you work with people around the world it's very helpful to set your -computer's time and time zone right. +If you work with people around the world it’s very helpful to set your +computer’s time and time zone right. You should set your computers time and time zone in the correct sequence: . Set your time zone to your current location -. Set your computer's clock to the local time +. Set your computer’s clock to the local time This way you will tell your computer both the local time and also the time offset to UTC. Many organizations simply set the time zone on their servers and @@ -690,7 +690,7 @@ networking gear to UTC in order to make coordination and troubleshooting easier. [TIP] ==== -If you travel around the world, it's an often made mistake to adjust the hours +If you travel around the world, it’s an often made mistake to adjust the hours of your computer clock to the local time. Don't adjust the hours but your time zone setting instead! For your computer, the time is essentially the same as before, you are simply in a different time zone with a different local time. @@ -704,16 +704,16 @@ for a lot more), for examples see {ntp-main-url}. ==== Wireshark and Time Zones -So what's the relationship between Wireshark and time zones anyway? +So what’s the relationship between Wireshark and time zones anyway? -Wireshark's native capture file format (libpcap format), and some other capture +Wireshark’s native capture file format (libpcap format), and some other capture file formats, such as the Windows Sniffer, EtherPeek, AiroPeek, and Sun snoop formats, save the arrival time of packets as UTC values. UN*X systems, and ``Windows NT based'' systems represent time internally as UTC. When Wireshark is capturing, no conversion is necessary. However, if the system time zone is not -set correctly, the system's UTC time might not be correctly set even if the +set correctly, the system’s UTC time might not be correctly set even if the system clock appears to display correct local time. When capturing, WinPcap has -to convert the time to UTC before supplying it to Wireshark. If the system's +to convert the time to UTC before supplying it to Wireshark. If the system’s time zone is not set correctly, that conversion will not be done correctly. Other capture file formats, such as the Microsoft Network Monitor, DOS-based @@ -731,7 +731,7 @@ values, this means that the arrival time will be displayed as the local time in your time zone, which might not be the same as the arrival time in the time zone in which the packet was captured. For capture files saving the arrival time of packets as local time values, the conversion to UTC will be done using your time -zone's offset from UTC and DST rules, which means the conversion will not be +zone’s offset from UTC and DST rules, which means the conversion will not be done correctly; the conversion back to local time for display might undo this correctly, in which case the arrival time will be displayed as the arrival time in which the packet was captured. @@ -747,9 +747,9 @@ in which the packet was captured. |_Displayed Time (Local Time)_|02:00|05:00|09:00|10:00|11:00|19:00 |=============== -For example let's assume that someone in Los Angeles captured a packet with +For example let’s assume that someone in Los Angeles captured a packet with Wireshark at exactly 2 o'clock local time and sends you this capture file. The -capture file's time stamp will be represented in UTC as 10 o'clock. You are +capture file’s time stamp will be represented in UTC as 10 o'clock. You are located in Berlin and will see 11 o'clock on your Wireshark display. Now you have a phone call, video conference or Internet meeting with that one to @@ -799,7 +799,7 @@ See <>). .The ``Packet Bytes'' pane with a reassembled tab image::wsug_graphics/ws-bytes-pane-tabs.png[{screenshot-attrs}] -Reassembly might take place at several protocol layers, so it's possible that +Reassembly might take place at several protocol layers, so it’s possible that multiple tabs in the ``Packet Bytes'' pane appear. [NOTE] @@ -846,7 +846,7 @@ you hours of work. Unfortunately, it also has its drawbacks. * _Name resolution will often fail._ The name to be resolved might simply be unknown by the name servers asked, or the servers are just not available and - the name is also not found in Wireshark's configuration files. + the name is also not found in Wireshark’s configuration files. * _The resolved names are not stored in the capture file or somewhere else._ So the resolved names might not be available if you open the capture file later @@ -925,7 +925,7 @@ The asynchronous DNS service works a bit differently. It will also ask the DNS server, but it won't wait for the answer. It will just return to Wireshark in a very short amount of time. The actual (and the following) address fields won't show the resolved name until the DNS server returns an answer. As mentioned -above, the values get cached, so you can use menu:View[Reload] to ``update'' these +above, the values get cached, so you can use menu:View[Reload] to “update” these fields to show the resolved values. __hosts name resolution (hosts file)__: If DNS name resolution failed, Wireshark @@ -1005,7 +1005,7 @@ protocol preferences, e.g. to (very slightly) increase performance. If the checksum validation is enabled and it detected an invalid checksum, features like packet reassembly won't be processed. This is avoided as -incorrect connection data could ``confuse'' the internal database. +incorrect connection data could “confuse” the internal database. ==== Checksum offloading @@ -1017,7 +1017,7 @@ checksum and the receiving hardware validates this checksum. If the received checksum is wrong Wireshark won't even see the packet, as the Ethernet hardware internally throws away the packet. -Higher level checksums are ``traditionally'' calculated by the protocol +Higher level checksums are “traditionally” calculated by the protocol implementation and the completed packet is then handed over to the hardware. Recent network hardware can perform advanced features such as IP checksum @@ -1030,7 +1030,7 @@ garbage filled) checksum field to the hardware. ==== Checksum offloading often causes confusion as the network packets to be transmitted are handed over to Wireshark before the checksums are actually -calculated. Wireshark gets these ``empty'' checksums and displays them as +calculated. Wireshark gets these “empty” checksums and displays them as invalid, even though the packets will contain valid checksums when they leave the network hardware later. ==== diff --git a/docbook/wsug_src/WSUG_chapter_build_install.asciidoc b/docbook/wsug_src/WSUG_chapter_build_install.asciidoc index 438bdef92a..332361346d 100644 --- a/docbook/wsug_src/WSUG_chapter_build_install.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_build_install.asciidoc @@ -115,9 +115,9 @@ On the _Choose Components_ page of the installer you can select from the followi - *Rawshark* - Raw packet filter. -* *User's Guide* - Local installation of the User's Guide. The Help buttons on +* *User’s Guide* - Local installation of the User’s Guide. The Help buttons on most dialogs will require an internet connection to show help pages if the - User's Guide is not installed locally. + User’s Guide is not installed locally. [[ChBuildInstallWinAdditionalTasks]] @@ -260,7 +260,7 @@ included _Read me first_ file for more details. === Building Wireshark from source under UNIX Building Wireshark requires the proper build environment including a -compiler and many supporting libraries. See the Developer's Guide at +compiler and many supporting libraries. See the Developer’s Guide at {wireshark-developers-guide-url} for more information. Use the following general steps to build Wireshark from source under UNIX or Linux: @@ -323,7 +323,7 @@ UNIX (formerly Digital UNIX) you would use _setld_. ==== Installing from RPMs under Red Hat and alike -Building RPMs from Wireshark's source code results in several packages (most +Building RPMs from Wireshark’s source code results in several packages (most distributions follow the same system): * The `wireshark` package contains the core Wireshark libraries and command-line @@ -369,7 +369,7 @@ Use the following command to install downloaded Wireshark debs under Debian: $ dpkg -i wireshark-common_2.0.5.0-1_i386.deb wireshark_wireshark-2.0.5.0-1_i386.deb ---- -dpkg doesn't take care of all dependencies, but reports what's missing. +dpkg doesn't take care of all dependencies, but reports what’s missing. [NOTE] @@ -430,7 +430,7 @@ We strongly recommended that you use the binary installer for Windows unless you want to start developing Wireshark on the Windows platform. For further information how to build Wireshark for Windows from the sources -see the Developer's Guide at {wireshark-developers-guide-url}. +see the Developer’s Guide at {wireshark-developers-guide-url}. You may also want to have a look at the Development Wiki ({wireshark-wiki-url}Development) for the latest available development diff --git a/docbook/wsug_src/WSUG_chapter_capture.asciidoc b/docbook/wsug_src/WSUG_chapter_capture.asciidoc index 5e44aa4c63..558fa5a9d9 100644 --- a/docbook/wsug_src/WSUG_chapter_capture.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_capture.asciidoc @@ -25,7 +25,7 @@ The Wireshark capture engine provides the following features: <>. * Save packets in multiple files while doing a long term capture, optionally - rotating through a fixed number of files (a ``ringbuffer''). See + rotating through a fixed number of files (a “ringbuffer”). See <>. * Simultaneously capture from multiple network interfaces. @@ -131,7 +131,7 @@ comment added in <>. _IP_:: The first IP address Wireshark could find for this interface. You can click on the address to cycle through other addresses assigned to it, if available. If no -address could be found ``none'' will be displayed. +address could be found “none” will be displayed. _Packets_:: @@ -186,7 +186,7 @@ the defaults as this should work well in many cases. The table shows the settings for all available interfaces: * The name of the interface and its IP addresses. If no address could be - resolved from the system, ``none'' will be shown. + resolved from the system, “none” will be shown. -- [NOTE] ==== @@ -366,7 +366,7 @@ You can set the following fields in this dialog box: _IP address_:: The IP address(es) of the selected interface. If no address could be resolved -from the system ``none'' will be shown. +from the system “none” will be shown. _Link-layer header type_:: Unless you are in the rare situation that requires this keep the default setting. @@ -410,7 +410,7 @@ most protocols. Some rules of thumb: dropped if traffic is very heavy. * If you don't capture all of the data in a packet you might find that the - packet data you want is in the part that's dropped or that reassembly isn't + packet data you want is in the part that’s dropped or that reassembly isn't possible as the data required for reassembly is missing. _Buffer size: n megabyte(s)_:: @@ -498,7 +498,7 @@ activated, it is not automatically added to the list to prevent the constant scanning for a change in the list of available interfaces. To renew the list a rescan can be done. -One way to hide an interface is to change the preferences. If the ``Hide'' +One way to hide an interface is to change the preferences. If the “Hide” checkbox is activated and the btn:[Apply] button clicked, the interface will not be seen in the lists of the ``Capture Interfaces'' dialog box any more. The changes are also saved in the `preferences` file. @@ -645,9 +645,9 @@ from the network card and keep the packet data in a (relatively) small kernel buffer. This data is read by Wireshark and saved into a capture file. By default Wireshark saves packets to a temporary file. You can also tell -Wireshark to save to a specific (``permanent'') file and switch to a +Wireshark to save to a specific (“permanent”) file and switch to a different file after a given time has elapsed or a given number of packets -have been captured. These options are controlled in the ``Output'' tab in +have been captured. These options are controlled in the “Output” tab in the ``Capture Options'' dialog. [[ChCapCaptureOptionsOutputDialog]] @@ -703,7 +703,7 @@ _Multiple files, ring buffer_:: conditions (one of the ``Next file every ...'' values) will switch to the next file. This will be a newly created file if value of ``Ring buffer with n files'' is not reached, otherwise it will replace the oldest of the formerly used files - (thus forming a ``ring''). + (thus forming a “ring”). + This mode will limit the maximum disk usage, even for an unlimited amount of capture input data, only keeping the latest captured data. @@ -716,16 +716,16 @@ In most cases you won't have to modify link-layer header type. Some exceaptions are as follows: If you are capturing on an Ethernet device you might be offered a choice of -``Ethernet'' or ``DOCSIS''. If you are capturing traffic from a Cisco Cable +“Ethernet” or “DOCSIS”. If you are capturing traffic from a Cisco Cable Modem Termination System that is putting DOCSIS traffic onto the Ethernet to be -captured, select ``DOCSIS'', otherwise select ``Ethernet''. +captured, select “DOCSIS”, otherwise select “Ethernet”. If you are capturing on an 802.11 device on some versions of BSD you might be -offered a choice of ``Ethernet'' or ``802.11''. ``Ethernet'' will cause the -captured packets to have fake (``cooked'') Ethernet headers. ``802.11'' will +offered a choice of “Ethernet” or “802.11”. “Ethernet” will cause the +captured packets to have fake (“cooked”) Ethernet headers. “802.11” will cause them to have full IEEE 802.11 headers. Unless the capture needs to be read by an application that doesn't support 802.11 headers you should select -``802.11''. +“802.11”. If you are capturing on an Endace DAG card connected to a synchronous serial line you might be offered a choice of ``PPP over serial'' or ``Cisco HDLC''. If @@ -747,7 +747,7 @@ overview of the syntax follows. Complete documentation can be found in the link:{pcap-filter-man-page-url}[pcap-filter man page]. You can find a lot of Capture Filter examples at {wireshark-wiki-url}CaptureFilters. -You enter the capture filter into the ``Filter'' field of the Wireshark +You enter the capture filter into the “Filter” field of the Wireshark ``Capture Options'' dialog box, as shown in <>. A capture filter takes the form of a series of primitive expressions connected @@ -786,26 +786,26 @@ tcp port 23 and not src host 10.0.0.5 // XXX - add examples to the following list. -A primitive is simply one of the following: _[src|dst] host <host>_:: +A primitive is simply one of the following: _[src|dst] host _:: This primitive allows you to filter on a host IP address or name. You can optionally precede the primitive with the keyword _src|dst_ to specify that you are only interested in source or destination addresses. If these are not present, packets where the specified address appears as either the source or the destination address will be selected. -_ether [src|dst] host <ehost>_:: +_ether [src|dst] host _:: This primitive allows you to filter on Ethernet host addresses. You can optionally include the keyword _src|dst_ between the keywords _ether_ and _host_ to specify that you are only interested in source or destination addresses. If these are not present, packets where the specified address appears in either the source or destination address will be selected. -_gateway host <host>_:: +_gateway host _:: This primitive allows you to filter on packets that used _host_ as a gateway. That is, where the Ethernet source or destination was _host_ but neither the source nor destination IP address was _host_. -_[src|dst] net <net> [{mask <mask>}|{len <len>}]_:: +_[src|dst] net [{mask }|{len }]_:: This primitive allows you to filter on network numbers. You can optionally precede this primitive with the keyword _src|dst_ to specify that you are only interested in a source or destination network. If neither of these are present, @@ -814,7 +814,7 @@ destination address. In addition, you can specify either the netmask or the CIDR prefix for the network if they are different from your own. -_[tcp|udp] [src|dst] port <port>_:: +_[tcp|udp] [src|dst] port _:: This primitive allows you to filter on TCP and UDP port numbers. You can optionally precede this primitive with the keywords _src|dst_ and _tcp|udp_ which allow you to specify that you are only interested in source or destination @@ -825,12 +825,12 @@ If these are not specified, packets will be selected for both the TCP and UDP protocols and when the specified address appears in either the source or destination port field. -_less|greater <length>_:: +_less|greater _:: This primitive allows you to filter on packets whose length was less than or equal to the specified length, or greater than or equal to the specified length, respectively. -_ip|ether proto <protocol>_:: +_ip|ether proto _:: This primitive allows you to filter on the specified protocol at either the Ethernet layer or the IP layer. @@ -838,7 +838,7 @@ _ether|ip broadcast|multicast_:: This primitive allows you to filter on either Ethernet or IP broadcasts or multicasts. -_<expr> relop <expr>_:: This primitive allows you to create +_ relop _:: This primitive allows you to create complex filter expressions that select bytes or ranges of bytes in packets. Please see the pcap-filter man page at {pcap-filter-man-page-url} for more details. @@ -853,31 +853,31 @@ terminal server, ...), the remote content has to be transported over the network, adding a lot of (usually unimportant) packets to the actually interesting traffic. -To avoid this, Wireshark tries to figure out if it's remotely connected (by +To avoid this, Wireshark tries to figure out if it’s remotely connected (by looking at some specific environment variables) and automatically creates a capture filter that matches aspects of the connection. The following environment variables are analyzed: _$$SSH_CONNECTION$$_ (ssh):: -<remote IP> <remote port> <local IP> <local port> + _$$SSH_CLIENT$$_ (ssh):: -<remote IP> <remote port> <local port> + _REMOTEHOST_ (tcsh, others?):: -<remote name> + _DISPLAY_ (x11):: -[remote name]:<display num> +[remote name]: _SESSIONNAME_ (terminal server):: -<remote name> + -On Windows it asks the operating system if it's running in a Remote Desktop Services environment. +On Windows it asks the operating system if it’s running in a Remote Desktop Services environment. //// @@ -934,7 +934,7 @@ dialog'' option is used. A running capture session can be restarted with the same capture options as the last time, this will remove all packets previously captured. This can be useful, -if some uninteresting packets are captured and there's no need to keep them. +if some uninteresting packets are captured and there’s no need to keep them. Restart is a convenience function and equivalent to a capture stop following by an immediate capture start. A restart can be triggered in one of the following diff --git a/docbook/wsug_src/WSUG_chapter_customize.asciidoc b/docbook/wsug_src/WSUG_chapter_customize.asciidoc index a599547ef5..1631ab1ce4 100644 --- a/docbook/wsug_src/WSUG_chapter_customize.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_customize.asciidoc @@ -10,7 +10,7 @@ === Introduction -Wireshark's default behaviour will usually suit your needs pretty well. However, +Wireshark’s default behaviour will usually suit your needs pretty well. However, as you become more familiar with Wireshark, it can be customized in various ways to suit your needs even better. In this chapter we explore: @@ -152,7 +152,7 @@ name is based on the number of the file and on the creation date and time. + When the first capture file fills up Wireshark will switch to writing -to the next file, and so on. With the files option it's +to the next file, and so on. With the files option it’s also possible to form a ``ring buffer.'' This will fill up new files until the number of files specified, at which point the data in the first file will be discarded so a new file can be written. @@ -235,7 +235,7 @@ interfaces, and choosing the first loopback interface if there are no non-loopback interfaces; if there are no interfaces, Wireshark reports an error and doesn't start the capture. + -Pipe names should be either the name of a FIFO (named pipe) or ``-'' to read +Pipe names should be either the name of a FIFO (named pipe) or “-” to read data from the standard input. Data read from pipes must be in standard libpcap format. @@ -322,7 +322,7 @@ wireshark -o mgcp.display_dissect_tree:TRUE -o mgcp.udp.callagent_port:2627 You can get a list of all available preference strings from the preferences file. See <> for details. -User access tables can be overridden using ``uat,'' followed by +User access tables can be overridden using “uat,” followed by the UAT file name and a valid record for the file: ---- @@ -355,7 +355,7 @@ The criterion is of the form key:path, where key is one of: persdata:path:: - Path of personal data files, it's the folder initially opened. After the + Path of personal data files, it’s the folder initially opened. After the initialization, the recent file will keep the folder last used. -- @@ -413,7 +413,7 @@ are seconds since epoch (Jan 1, 1970 00:00:00) -u :: -Show timesamps as seconds (`s', the default) or hours, minutes, and seconds (`hms') +Show timesamps as seconds (“s”, the default) or hours, minutes, and seconds (“hms”) -v:: @@ -509,7 +509,7 @@ will match first). ==== You can create a new rule by clicking on the btn:[+] button. You can delete -one or more rules by clicking the btn:[-] button. The ``copy'' button will +one or more rules by clicking the btn:[-] button. The “copy” button will duplicate a rule. You can edit a rule by double-clicking on its name or filter. In @@ -543,7 +543,7 @@ The user can control how protocols are dissected. Each protocol has its own dissector, so dissecting a complete packet will typically involve several dissectors. As Wireshark tries to find the right -dissector for each packet (using static ``routes'' and heuristics ``guessing"), +dissector for each packet (using static “routes” and heuristics ``guessing"), it might choose the wrong dissector in your specific case. For example, Wireshark won't know if you use a common protocol on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of the standard port 80. @@ -683,8 +683,8 @@ image::wsug_graphics/ws-gui-preferences.png[{screenshot-attrs}] ==== Interface Options -In the ``Capture'' preferences it is possible to configure several options for the -interfaces available on your computer. Select the ``Capture'' pane and press the +In the “Capture” preferences it is possible to configure several options for the +interfaces available on your computer. Select the “Capture” pane and press the btn:[Edit] button. In this window it is possible to change the default link-layer header type for the interface, add a comment or choose to hide a interface from other parts of the program. @@ -718,7 +718,7 @@ Configuration Profiles can be used to configure and use more than one set of preferences and configurations. Select the _Configuration Profiles..._ menu item from the _Edit_ menu, or simply press Shift-Ctrl-A; and Wireshark will pop up the Configuration Profiles dialog box as shown in -<>. It is also possible to click in the ``Profile'' +<>. It is also possible to click in the “Profile” part of the statusbar to popup a menu with available Configuration Profiles (<>). @@ -774,7 +774,7 @@ Configuration files stored in the Profiles: * Some recent settings (recent), such as pane sizes in the Main window (<>), column widths in the packet list - (<>), all selections in the ``View'' menu + (<>), all selections in the “View” menu (<>) and the last directory navigated to in the File Open dialog. @@ -792,12 +792,12 @@ profile is ``New profile'' and can be changed in the Properties field. Copy:: This button adds a new profile to the profiles list, copying all configuration from the profile currently selected in the list. The name of the created profile -is the same as the copied profile, with the text ``(copy)'' applied. The name +is the same as the copied profile, with the text “(copy)” applied. The name can be changed in the Properties field. Delete:: This button deletes the selected profile, including all configuration files used -in this profile. It is not possible to delete the ``Default'' profile. +in this profile. It is not possible to delete the “Default” profile. Configuration Profiles:: You can select a configuration profile from this list (which will fill in the @@ -812,9 +812,9 @@ configurations'' folder. If adding multiple profiles with the same name, only one profile will be created. On Windows the profile name cannot start or end with a period (.), and cannot -contain any of the following characters: `\', `/', `:', `*', -`?', ``', `<', `>', `|', or `+'. On Unix the profile name -cannot contain the `/' character. +contain any of the following characters: “{backslash}”, “/”, “:”, “{asterisk}”, +“?”, “{backtick}”, “<”, “>”, “|”, or “{plus}”. On Unix the profile name +cannot contain the “/” character. -- btn:[OK]:: @@ -913,23 +913,23 @@ under ESP protocol preference respectively. This table is handled by an <> with the following fields. -Initiator's SPI:: -Initiator's SPI of the IKE_SA. This field takes hexadecimal string without -``0x'' prefix and the length must be 16 hex chars (represents 8 octets). +Initiator’s SPI:: +Initiator’s SPI of the IKE_SA. This field takes hexadecimal string without +“0x” prefix and the length must be 16 hex chars (represents 8 octets). -Responder's SPI:: -Responder's SPI of the IKE_SA. This field takes hexadecimal string without -``0x'' prefix and the length must be 16 hex chars (represents 8 octets). +Responder’s SPI:: +Responder’s SPI of the IKE_SA. This field takes hexadecimal string without +“0x” prefix and the length must be 16 hex chars (represents 8 octets). SK_ei:: Key used to encrypt/decrypt IKEv2 packets from initiator to responder. This -field takes hexadecimal string without ``0x'' prefix and its length must meet +field takes hexadecimal string without “0x” prefix and its length must meet the requirement of the encryption algorithm selected. SK_er:: Key used to encrypt/decrypt IKEv2 packets from responder to initiator. This -field takes hexadecimal string without ``0x'' prefix and its length must meet +field takes hexadecimal string without “0x” prefix and its length must meet the requirement of the encryption algorithm selected. Encryption Algorithm:: @@ -937,12 +937,12 @@ Encryption algorithm of the IKE_SA. $$SK_ai$$:: Key used to calculate Integrity Checksum Data for IKEv2 packets from responder -to initiator. This field takes hexadecimal string without ``0x'' prefix and its +to initiator. This field takes hexadecimal string without “0x” prefix and its length must meet the requirement of the integrity algorithm selected. $$SK_ar$$:: Key used to calculate Integrity Checksum Data for IKEv2 packets from initiator -to responder. This field takes hexadecimal string without ``0x'' prefix and its +to responder. This field takes hexadecimal string without “0x” prefix and its length must meet the requirement of the integrity algorithm selected. Integrity Algorithm:: @@ -964,20 +964,20 @@ Wireshark uses this table to allow the user to define the name and syntax of Object Identifiers that Wireshark does not know about (for example, a privately defined X.400 extension). It also allows the user to override the name and syntax of Object Identifiers that Wireshark does know about (e.g. changing the -name ``id-at-countryName'' to just ``c''). +name “id-at-countryName” to just “c”). This table is handled by an <> with the following fields. OID:: -The string representation of the Object Identifier e.g. ``2.5.4.6''. +The string representation of the Object Identifier e.g. “2.5.4.6”. Name:: The name that should be displayed by Wireshark when the Object Identifier is -dissected e.g. (``c''); +dissected e.g. (“c”); Syntax:: The syntax of the value associated with the Object Identifier. This must be one -of the syntaxes that Wireshark already knows about (e.g. ``PrintableString''). +of the syntaxes that Wireshark already knows about (e.g. “PrintableString”). [[ChPresContextList]] @@ -1081,7 +1081,7 @@ different SNMP-engines the first entry to match both is taken, if you need a catch all engine-id (empty) that entry should be the last one. Authentication model:: -Which auth model to use (either ``MD5'' or ``SHA1''). +Which auth model to use (either “MD5” or “SHA1”). Password:: The authentication password. Use _\xDD_ for unprintable characters. An @@ -1091,7 +1091,7 @@ _\x01\x02\x03\x04\x05\x06_. The _\_ character must be treated as an unprintable character, i.e. it must be entered as _\x5C_ or _\x5c_. Privacy protocol:: -Which encryption algorithm to use (either ``DES'' or ``AES"). +Which encryption algorithm to use (either “DES” or ``AES"). Privacy password:: The privacy password. Use _\xDD_ for unprintable characters. An hexadecimal @@ -1118,7 +1118,7 @@ specific case and a general one the specific one must appear first in the list. Protocol:: This is the name of the encapsulating protocol (the lowest layer in the packet data) it can be either just the name of the protocol (e.g. mtp2, eth_witoutfcs, -sscf-nni ) or the name of the encapsulation protocol and the ``application'' +sscf-nni ) or the name of the encapsulation protocol and the “application” protocol over it separated by a colon (e.g sscop:sscf-nni, sscop:alcap, sscop:nbap, ...) @@ -1136,21 +1136,21 @@ One of the user dlts. Payload protocol:: This is the name of the payload protocol (the lowest layer in the packet data). -(e.g. ``eth'' for ethernet, ``ip'' for IPv4) +(e.g. “eth” for ethernet, “ip” for IPv4) Header size:: If there is a header protocol (before the payload protocol) this tells which size this header is. A value of 0 disables the header protocol. Header protocol:: -The name of the header protocol to be used (uses ``data'' as default). +The name of the header protocol to be used (uses “data” as default). Trailer size:: If there is a trailer protocol (after the payload protocol) this tells which size this trailer is. A value of 0 disables the trailer protocol. Trailer protocol:: -The name of the trailer protocol to be used (uses ``data'' as default). +The name of the trailer protocol to be used (uses “data” as default). ++++++++++++++++++++++++++++++++++++++ diff --git a/docbook/wsug_src/WSUG_chapter_introduction.asciidoc b/docbook/wsug_src/WSUG_chapter_introduction.asciidoc index 90ee42cea4..9e7d9f3b5f 100644 --- a/docbook/wsug_src/WSUG_chapter_introduction.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_introduction.asciidoc @@ -15,8 +15,8 @@ capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to -examine what's going on inside a network cable, just like a voltmeter is used by -an electrician to examine what's going on inside an electric cable (but at a +examine what’s going on inside a network cable, just like a voltmeter is used by +an electrician to examine what’s going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. @@ -164,9 +164,10 @@ is single-threaded and won't benefit much from multi-core systems. * 300 MB available disk space. Capture files require additional disk space. -* 1024×768 (1280×1024 or higher recommended) resolution with at - least 16 bit color. 8 bit color should work but user experience will be - degraded. Power users will find multiple monitors useful. +* 1024 {multiplication} 768 (1280 {multiplication} 1024 or higher + recommended) resolution with at least 16-bit color. 8-bit color should + work but user experience will be degraded. Power users will find + multiple monitors useful. * A supported network card for capturing @@ -181,7 +182,7 @@ is single-threaded and won't benefit much from multi-core systems. - Other media. See link:{wireshark-wiki-url}CaptureSetup/NetworkMedia[]. -Older versions of Windows which are outside Microsoft's extended lifecycle +Older versions of Windows which are outside Microsoft’s extended lifecycle support window are no longer supported. It is often difficult or impossible to support these systems due to circumstances beyond our control, such as third party libraries on which we depend or due to necessary features that are only @@ -310,7 +311,7 @@ You gain three benefits by contributing your improvements back to the community: will know that you have helped people in the same way that the developers of Wireshark have helped people. -. The developers of Wireshark might improve your changes even more, as there's +. The developers of Wireshark might improve your changes even more, as there’s always room for improvement. Or they may implement some advanced things on top of your code, which can be useful for yourself too. @@ -344,7 +345,7 @@ You will find lots of useful information on the Wireshark homepage at The Wireshark Wiki at {wireshark-wiki-url} provides a wide range of information related to Wireshark and packet capture in general. -You will find a lot of information not part of this user's guide. For example, +You will find a lot of information not part of this user’s guide. For example, there is an explanation how to capture on a switched network, an ongoing effort to build a protocol reference and a lot more. @@ -383,7 +384,7 @@ You will find the FAQ inside Wireshark by clicking the menu item Help/Contents and selecting the FAQ page in the dialog shown. An online version is available at the Wireshark website at -{wireshark-faq-url}. You might prefer this online version, as it's +{wireshark-faq-url}. You might prefer this online version, as it’s typically more up to date and the HTML format is easier to use. [[ChIntroMailingLists]] @@ -430,7 +431,7 @@ version of Wireshark. When reporting problems with Wireshark please supply the following information: . The version number of Wireshark and the dependent libraries linked with it, - such as Qt or GLib. You can obtain this from Wireshark's about box or the + such as Qt or GLib. You can obtain this from Wireshark’s about box or the command _wireshark -v_. . Information about the platform you run Wireshark on. @@ -445,7 +446,7 @@ When reporting problems with Wireshark please supply the following information: [NOTE] .Don't send large files ==== -Do not send large files (> 1 MB) to the mailing lists. Just place a note that +Do not send large files (> 1 MB) to the mailing lists. Just place a note that further data is available on request. Large files will only annoy a lot of people on the list who are not interested in your specific problem. If required you will be asked for further data by the persons who really can help you. @@ -473,7 +474,7 @@ backtrace ^D ---- -If you do not have _gdb_ available, you will have to check out your operating system's debugger. +If you do not have _gdb_ available, you will have to check out your operating system’s debugger. Mail _backtrace.txt_ to mailto:{wireshark-dev-list-email}[]. diff --git a/docbook/wsug_src/WSUG_chapter_io.asciidoc b/docbook/wsug_src/WSUG_chapter_io.asciidoc index c76c379fc1..062b58cd7e 100644 --- a/docbook/wsug_src/WSUG_chapter_io.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_io.asciidoc @@ -31,10 +31,10 @@ select the menu:File[Open] menu or toolbar item. Wireshark will then pop up the ``File Open'' dialog box, which is discussed in more detail in <>. [TIP] -.It's convenient to use drag-and-drop +.It’s convenient to use drag-and-drop ==== You can open a file by simply dragging it in your file manager and dropping it -onto Wireshark's main window. However, drag-and-drop may not be available in all +onto Wireshark’s main window. However, drag-and-drop may not be available in all desktop environments. ==== @@ -73,7 +73,7 @@ Wireshark extensions to the standard behaviour of these dialogs: * Specify a display filter with the btn:[Filter] button and filter field. This filter will be used when opening the new file. The text field background becomes green for a valid filter string and red for an invalid one. Clicking - on the btn:[Filter] button causes Wireshark to pop up the ``Filters'' + on the btn:[Filter] button causes Wireshark to pop up the “Filters” dialog box (which is discussed further in <>). + // XXX - we need a better description of these read filters @@ -93,18 +93,18 @@ it can be a good idea to set at least the filter in advance here. [[ChIOOpenFileDialogWin32]] -.``Open'' on Microsoft Windows +.“Open” on Microsoft Windows image::wsug_graphics/ws-open-win32.png[{screenshot-attrs}] This is the common Windows file open dialog - plus some Wireshark extensions. Specific for this dialog: -* The btn:[Help] button will lead you to this section of this ``User's Guide''. +* The btn:[Help] button will lead you to this section of this “`User”s Guide''. [[ChIOOpenFileDialog]] -.``Open'' - Linux and UNIX +.“Open” - Linux and UNIX image::wsug_graphics/ws-open-gtk24.png[{screenshot-attrs}] This is the common Gimp/GNOME file open dialog plus some Wireshark extensions. @@ -116,7 +116,7 @@ Specific for this dialog: persistent. * The btn:[-] button allows you to remove a selected directory from the list. - Some items (such as ``Desktop'') cannot be removed from the favorites list. + Some items (such as “Desktop”) cannot be removed from the favorites list. * If Wireshark doesn't recognize the selected file as a capture file it will grey out the btn:[Open] button. @@ -155,15 +155,15 @@ The following file formats from other capture tools can be opened by Wireshark: * AG Group/WildPackets/Savvius EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures -* RADCOM's WAN/LAN Analyzer captures +* RADCOM’s WAN/LAN Analyzer captures * Network Instruments Observer version 9 captures * Lucent/Ascend router debug output -* HP-UX's nettl +* HP-UX’s nettl -* Toshiba's ISDN routers dump output +* Toshiba’s ISDN routers dump output * ISDN4BSD _i4btrace_ utility @@ -173,7 +173,7 @@ The following file formats from other capture tools can be opened by Wireshark: * pppd logs (pppdump format) -* the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities +* the output from VMS’s TCPIPtrace/TCPtrace/UCX$TRACE utilities * the text output from the DBS Etherwatch VMS utility @@ -181,7 +181,7 @@ The following file formats from other capture tools can be opened by Wireshark: * the output from CoSine L2 debug -* the output from Accellent's 5Views LAN agents +* the output from Accellent’s 5Views LAN agents * Endace Measurement Systems' ERF format captures @@ -236,21 +236,21 @@ should be the same across systems. [[ChIOSaveAsFileWin32]] -.``Save'' on Microsoft Windows +.“Save” on Microsoft Windows image::wsug_graphics/ws-save-as-win32.png[{screenshot-attrs}] This is the common Windows file save dialog with some additional Wireshark extensions. Specific behavior for this dialog: -* If available, the ``Help'' button will lead you to this section of this "User's Guide". +* If available, the “Help” button will lead you to this section of this "User’s Guide". * If you don't provide a file extension to the filename (e.g. `.pcap`) Wireshark will append the standard file extension for that file format. [[ChIOSaveAsFile2]] -.``Save'' on Linux and UNIX +.“Save” on Linux and UNIX image::wsug_graphics/ws-save-as-gtk24.png[{screenshot-attrs}] This is the common Gimp/GNOME file save dialog with additional Wireshark extensions. @@ -309,29 +309,30 @@ time stamp accuracy; see the <> for details. The following file formats can be saved by Wireshark (with the known file extensions): -* pcapng ($$*$$.pcapng). A flexible, etensible successor to the libpcap format. - Wireshark 1.8 and later save files as pcapng by default. Versions prior to 1.8 - used libpcap. +* pcapng ({asterisk}.pcapng). A flexible, etensible successor to the + libpcap format. Wireshark 1.8 and later save files as pcapng by + default. Versions prior to 1.8 used libpcap. -* libpcap, tcpdump and various other tools using tcpdump's capture format ($$*$$.pcap,$$*$$.cap,$$*$$.dmp) +* libpcap, tcpdump and various other tools using tcpdump’s capture + format ({asterisk}.pcap,{asterisk}.cap,{asterisk}.dmp) -* Accellent 5Views ($$*$$.5vw) +* Accellent 5Views ({asterisk}.5vw) -* HP-UX's nettl ($$*$$.TRC0,$$*$$.TRC1) +* HP-UX’s nettl ({asterisk}.TRC0,{asterisk}.TRC1) -* Microsoft Network Monitor - NetMon ($$*$$.cap) +* Microsoft Network Monitor - NetMon ({asterisk}.cap) -* Network Associates Sniffer - DOS ($$*$$.cap,$$*$$.enc,$$*$$.trc,*fdc,$$*$$.syc) +* Network Associates Sniffer - DOS ({asterisk}.cap,{asterisk}.enc,{asterisk}.trc,*fdc,{asterisk}.syc) -* Network Associates Sniffer - Windows ($$*$$.cap) +* Network Associates Sniffer - Windows ({asterisk}.cap) -* Network Instruments Observer version 9 ($$*$$.bfr) +* Network Instruments Observer version 9 ({asterisk}.bfr) -* Novell LANalyzer ($$*$$.tr1) +* Novell LANalyzer ({asterisk}.tr1) -* Oracle (previously Sun) snoop ($$*$$.snoop,$$*$$.cap) +* Oracle (previously Sun) snoop ({asterisk}.snoop,{asterisk}.cap) -* Visual Networks Visual UpTime traffic ($$*.*$$) +* Visual Networks Visual UpTime traffic ({asterisk}.{asterisk}) New file formats are added from time to time. @@ -341,7 +342,7 @@ Whether or not the above tools will be more helpful than Wireshark is a differen [NOTE] .Third party protocol analyzers may require specific file extensions ==== -Wireshark examines a file's contents to determine its type. Some other protocol +Wireshark examines a file’s contents to determine its type. Some other protocol analyzers only look at a filename extensions. For example, you might need to use the `.cap` extension in order to open a file using _Sniffer_. ==== @@ -356,7 +357,7 @@ be useful if you have captured simultaneously from multiple interfaces at once There are three ways to merge capture files using Wireshark: -* Use the menu:File[Merge] menu to open the ``Merge'' dialog. See +* Use the menu:File[Merge] menu to open the “Merge” dialog. See <>. This menu item will be disabled unless you have loaded a capture file. @@ -398,14 +399,14 @@ Append the packets from the selected file after the currently loaded packets. [[ChIOMergeFileWin32]] -.``Merge'' on Microsoft Windows +.“Merge” on Microsoft Windows image::wsug_graphics/ws-merge-win32.png[{screenshot-attrs}] This is the common Windows file open dialog with additional Wireshark extensions. [[ChIOMergeFile2]] -.``Merge'' on Linux and UNIX +.“Merge” on Linux and UNIX image::wsug_graphics/ws-merge-gtk24.png[{screenshot-attrs}] This is the common Gimp/GNOME file open dialog with additional Wireshark extensions. @@ -440,7 +441,7 @@ Here is a sample dump that can be imported: There is no limit on the width or number of bytes per line. Also the text dump at the end of the line is ignored. Byte and hex numbers can be uppercase or lowercase. Any text before the offset is ignored, including email forwarding -characters _>_. Any lines of text between the bytestring lines are ignored. +characters _>_. Any lines of text between the bytestring lines are ignored. The offsets are used to track the bytes, so offsets must be correct. Any line which has only bytes without a leading offset is ignored. An offset is recognized as being a hex number longer than two characters. Any text after the @@ -550,7 +551,7 @@ some features to handle these file sets in a convenient way. **** A filename in a file set uses the format Prefix_Number_DateTimeSuffix which might look something like `test_00001_20060420183910.pcap`. All files of a file -set share the same prefix (e.g. ``test'') and suffix (e.g. ``.pcap'') and a +set share the same prefix (e.g. “test”) and suffix (e.g. “.pcap”) and a varying middle part. To find the files of a file set, Wireshark scans the directory where the @@ -716,7 +717,7 @@ image::wsug_graphics/ws-export-psml.png[{screenshot-attrs}] * The _Packet Range_ frame is described in <>. -There's no such thing as a packet details frame for PSML export, as the packet +There’s no such thing as a packet details frame for PSML export, as the packet format is defined by the PSML specification. [[ChIOExportPDMLDialog]] @@ -729,7 +730,7 @@ link:http://www.nbee.org/doku.php?id=netpdl:pdml_specification[]. [NOTE] ==== -The PDML specification is not officially released and Wireshark's implementation +The PDML specification is not officially released and Wireshark’s implementation of it is still in an early beta state, so please expect changes in future Wireshark versions. ==== @@ -741,7 +742,7 @@ image::wsug_graphics/ws-export-pdml.png[{screenshot-attrs}] * The _Packet Range_ frame is described in <>. -There's no such thing as a packet details frame for PDML export, as the packet +There’s no such thing as a packet details frame for PDML export, as the packet format is defined by the PDML specification. [[ChIOExportSelectedDialog]] @@ -790,7 +791,7 @@ image::wsug_graphics/ws-export-objects.png[{screenshot-attrs}] typically indicates that the file was received in response to a HTTP POST request. -* _Help:_ Opens this section in the user's guide. +* _Help:_ Opens this section in the user’s guide. * _Close:_ Closes this dialog. @@ -809,14 +810,14 @@ image::wsug_graphics/ws-export-objects.png[{screenshot-attrs}] === Printing packets To print packets, select the menu:File[Print...] menu item. When you -do this Wireshark pops up the ``Print'' dialog box as shown in +do this Wireshark pops up the “Print” dialog box as shown in <>. -==== The ``Print'' dialog box +==== The “Print” dialog box [[ChIOPrintDialogBox]] -.The ``Print'' dialog box +.The “Print” dialog box image::wsug_graphics/ws-print.png[{screenshot-attrs}] The following fields are available in the Print dialog box: _Printer_:: diff --git a/docbook/wsug_src/WSUG_chapter_statistics.asciidoc b/docbook/wsug_src/WSUG_chapter_statistics.asciidoc index 3644e38be7..83c262062d 100644 --- a/docbook/wsug_src/WSUG_chapter_statistics.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_statistics.asciidoc @@ -44,11 +44,11 @@ be pretty hard to understand. [[ChStatSummary]] -=== The ``Summary'' window +=== The “Summary” window General statistics about the current capture file. -.The ``Summary'' window +.The “Summary” window image::wsug_graphics/ws-stats-summary.png[{screenshot-attrs}] * __File__: general information about the capture file. @@ -88,7 +88,7 @@ The btn:[Copy] button will let you copy the window contents as CSV or YAML. .Protocol hierarchy columns -_Protocol_:: This protocol's name +_Protocol_:: This protocol’s name _Percent Packets_:: The percentage of protocol packets relative to all packets in the capture @@ -136,7 +136,7 @@ description of the known endpoint types can be found in [[ChStatConversationsWindow]] -==== The ``Conversations'' window +==== The “Conversations” window The conversations window is similar to the endpoint Window. See <> for a description of their common features. Along with @@ -144,9 +144,9 @@ addresses, packet counters, and byte counters the conversation window adds four columns: the start time of the conversation (``Rel Start'') or (``Abs Start''), the duration of the conversation in seconds, and the average bits (not bytes) per second in each direction. A timeline graph is also drawn across the -``Rel Start'' / ``Abs Start'' and ``Duration'' columns. +``Rel Start'' / ``Abs Start'' and “Duration” columns. -.The ``Conversations'' window +.The “Conversations” window image::wsug_graphics/ws-stats-conversations.png[{screenshot-attrs}] Each row in the list shows the statistical values for exactly one conversation. @@ -196,7 +196,7 @@ you're looking for. _Bluetooth_:: A MAC-48 address similar to Ethernet. -_Ethernet_:: Identical to the Ethernet device's MAC-48 identifier. +_Ethernet_:: Identical to the Ethernet device’s MAC-48 identifier. _Fibre Channel_:: A MAC-48 address similar to Ethernet. @@ -209,7 +209,7 @@ _IPv4_:: Identical to the 32-bit IPv4 address. _IPv6_:: Identical to the 128-bit IPv6 address. _IPX_:: A concatenation of a 32 bit network number and 48 bit node address, by -default the Ethernet interface's MAC-48 address. +default the Ethernet interface’s MAC-48 address. _JXTA_:: A 160 bit SHA-1 URN. @@ -242,11 +242,11 @@ will be received by some or all of the listed unicast endpoints. [[ChStatEndpointsWindow]] -==== The ``Endpoints'' window +==== The “Endpoints” window This window shows statistics about the endpoints captured. -.The ``Endpoints'' window +.The “Endpoints” window image::wsug_graphics/ws-stats-endpoints.png[{screenshot-attrs}] For each supported protocol, a tab is shown in this window. Each tab label shows @@ -421,7 +421,7 @@ You can configure the following: The info column contains new numbering so the same packets are parallel. The color filtering differentiate the two files from each other. A -``zebra'' effect is create if the Info column is sorted. +“zebra” effect is create if the Info column is sorted. [TIP] ==== diff --git a/docbook/wsug_src/WSUG_chapter_troubleshoot.asciidoc b/docbook/wsug_src/WSUG_chapter_troubleshoot.asciidoc index 1e2312df7c..78bcd7a264 100644 --- a/docbook/wsug_src/WSUG_chapter_troubleshoot.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_troubleshoot.asciidoc @@ -38,7 +38,7 @@ systems and then copy the capture file to your system for later analysis. For more details on capturing with _tcpdump_, see <>. * Once you have captured packets that you think relate to the problem, load them - into Wireshark and look for your problem. Using Wireshark's filtering and + into Wireshark and look for your problem. Using Wireshark’s filtering and colorization capabilities, you can quickly narrow down the capture to the area of interest. @@ -49,7 +49,7 @@ more details on capturing with _tcpdump_, see <>. === Capturing in the presence of switches and routers -In the old days of Ethernet, all network traffic was spread over one ``yellow'' +In the old days of Ethernet, all network traffic was spread over one “yellow” cable through the whole network. Capturing data was easy, as all packets from the network could be captured using the ``promiscuous mode'' at any place in the network. The only devices blocking network traffic, were routers. But as routers @@ -62,12 +62,12 @@ change. At the next stage, Ethernet switches became widely available. This complicated things a lot. When capturing traffic on a computer connected to a switch, usually the switch will only forward packets to the computer, which are directed -to it, or to all computers (broadcasts). It's much the same like deactivating +to it, or to all computers (broadcasts). It’s much the same like deactivating the promiscuous mode of the capturing network card. There are some ways to circumvent this. -Many vendor's switches support a feature known as ``port spanning'' or ``port +Many vendor’s switches support a feature known as ``port spanning'' or ``port mirroring'' in which all of the traffic to and from port A are also sent out port B. An excellent reference on the ``port spanning'' feature of Cisco switches can be found at @@ -82,4 +82,4 @@ exchanged. ++++++++++++++++++++++++++++++++++++++ -++++++++++++++++++++++++++++++++++++++ \ No newline at end of file +++++++++++++++++++++++++++++++++++++++ diff --git a/docbook/wsug_src/WSUG_chapter_use.asciidoc b/docbook/wsug_src/WSUG_chapter_use.asciidoc index 188b2fc189..d36309e1ba 100644 --- a/docbook/wsug_src/WSUG_chapter_use.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_use.asciidoc @@ -28,7 +28,7 @@ You can start Wireshark from your shell or window manager. [TIP] .Power user tip ==== -When starting Wireshark it's possible to specify optional settings using the +When starting Wireshark it’s possible to specify optional settings using the command line. See <> for details. ==== @@ -43,7 +43,7 @@ still be well understandable. === The Main window -Let's look at Wireshark's user interface. <> shows Wireshark as you +Let’s look at Wireshark’s user interface. <> shows Wireshark as you would usually see it after some packets are captured or loaded (how to do this will be described later). @@ -51,7 +51,7 @@ will be described later). .The Main window image::wsug_graphics/ws-main.png[{screenshot-attrs}] -Wireshark's main window consists of parts that are commonly known from many +Wireshark’s main window consists of parts that are commonly known from many other GUI programs. . The _menu_ (see <>) is used to start actions. @@ -91,19 +91,19 @@ a capture file. See <> for additional navigation keystrokes. |=============== |Accelerator |Description |kbd:[Tab], kbd:[Shift+Tab]|Move between screen elements, e.g. from the toolbars to the packet list to the packet detail. -|kbd:[Down] |Move to the next packet or detail item. -|kbd:[Up] |Move to the previous packet or detail item. -|kbd:[Ctrl+Down], kbd:[F8] |Move to the next packet, even if the packet list isn't focused. -|kbd:[Ctrl+Up], kbd:[F7] |Move to the previous packet, even if the packet list isn't focused. +|kbd:[↓] |Move to the next packet or detail item. +|kbd:[↑] |Move to the previous packet or detail item. +|kbd:[Ctrl+↓], kbd:[F8] |Move to the next packet, even if the packet list isn't focused. +|kbd:[Ctrl+↑], kbd:[F7] |Move to the previous packet, even if the packet list isn't focused. |kbd:[Ctrl+.] |Move to the next packet of the conversation (TCP, UDP or IP). -|kbd:[Ctrl+,] |Move to the previous packet of the conversation (TCP, UDP or IP). -|kbd:[Alt+Right] or kbd:[Option+Right] (macOS) |Move to the next packet in the selection history. -|kbd:[Alt+Left] or kbd:[Option+Right] (macOS) |Move to the previous packet in the selection history. -|kbd:[Left] |In the packet detail, closes the selected tree item. If it's already closed, jumps to the parent node. -|kbd:[Right] |In the packet detail, opens the selected tree item. -|kbd:[Shift+Right] |In the packet detail, opens the selected tree item and all of its subtrees. -|kbd:[Ctrl+Right] |In the packet detail, opens all tree items. -|kbd:[Ctrl+Left] |In the packet detail, closes all tree items. +|kbd:[Ctrl+,] |Move to the previous packet of the conversation (TCP, UDP or IP). +|kbd:[Alt+→] or kbd:[Option+→] (macOS) |Move to the next packet in the selection history. +|kbd:[Alt+←] or kbd:[Option+←] (macOS) |Move to the previous packet in the selection history. +|kbd:[←] |In the packet detail, closes the selected tree item. If it’s already closed, jumps to the parent node. +|kbd:[→] |In the packet detail, opens the selected tree item. +|kbd:[Shift+→] |In the packet detail, opens the selected tree item and all of its subtrees. +|kbd:[Ctrl+→] |In the packet detail, opens all tree items. +|kbd:[Ctrl+←] |In the packet detail, closes all tree items. |kbd:[Backspace] |In the packet detail, jumps to the parent node. |kbd:[Return], kbd:[Enter] |In the packet detail, toggles the selected tree item. |=============== @@ -116,7 +116,7 @@ filling in a display filter. === The Menu -Wireshark's main menu is located either at the top of the main window (Windows, +Wireshark’s main menu is located either at the top of the main window (Windows, Linux) or at the top of your main screen (macOS). An example is shown in <>. @@ -194,12 +194,12 @@ press the Control (or Strg in German) and the K keys together to open the [[ChUseFileMenuSection]] -=== The ``File'' menu +=== The “File” menu The Wireshark file menu contains the fields shown in <>. [[ChUseWiresharkFileMenu]] -.The ``File'' Menu +.The “File” Menu image::wsug_graphics/ws-file-menu.png[{screenshot-attrs}] [[ChUseTabFile]] @@ -232,7 +232,7 @@ will be asked to do so first (this can be disabled by a preference setting). |menu:Save[] |kbd:[Ctrl+S]| This menu item saves the current capture. If you have not set a default capture -file name (perhaps with the -w <capfile> option), Wireshark pops up the +file name (perhaps with the -w option), Wireshark pops up the Save Capture File As dialog box (which is discussed further in <>). If you have already saved the current capture, this menu item will be greyed @@ -290,12 +290,12 @@ preference setting). [[ChUseEditMenuSection]] -=== The ``Edit'' menu +=== The “Edit” menu The Wireshark Edit menu contains the fields shown in <>. [[ChUseWiresharkEditMenu]] -.The ``Edit'' Menu +.The “Edit” Menu image::wsug_graphics/ws-edit-menu.png[{screenshot-attrs}] [[ChUseTabEdit]] @@ -388,12 +388,12 @@ Wireshark will use them the next time you start it. More detail is provided in [[ChUseViewMenuSection]] -=== The ``View'' menu +=== The “View” menu The Wireshark View menu contains the fields shown in <>. [[ChUseWiresharkViewMenu]] -.The ``View'' Menu +.The “View” Menu image::wsug_graphics/ws-view-menu.png[{screenshot-attrs}] [[ChUseTabView]] @@ -435,7 +435,7 @@ The fields "Automatic", "Seconds" and "...seconds" are mutually exclusive. Enabling colorization will slow down the display of new packets while capturing / loading capture files. |menu:Auto Scroll in Live Capture[] | |This item allows you to specify that Wireshark should scroll the packet list pane as new packets come in, so you are always looking at the last packet. If you do not specify this, Wireshark simply adds new packets onto the end of the list, but does not scroll the packet list pane. -|menu:Zoom In[] |kbd:[Ctrl++] | Zoom into the packet data (increase the font size). +|menu:Zoom In[] |kbd:[Ctrl++] | Zoom into the packet data (increase the font size). |menu:Zoom Out[] |kbd:[Ctrl+-] | Zoom out of the packet data (decrease the font size). |menu:Normal Size[] |kbd:[Ctrl+=] | Set zoom level back to 100% (set font size back to normal). |menu:Resize All Columns[] |kbd:[Shift+Ctrl+R] | Resize all column widths so the content will fit into it. @@ -443,10 +443,10 @@ Enabling colorization will slow down the display of new packets while capturing Resizing may take a significant amount of time, especially if a large capture file is loaded. |menu:Displayed Columns[] | |This menu items folds out with a list of all configured columns. These columns can now be shown or hidden in the packet list. -|menu:Expand Subtrees[] |kbd:[Shift+→]|This menu item expands the currently selected subtree in the packet details tree. -|menu:Collapse Subtrees[] |kbd:[Shift+←]|This menu item collapses the currently selected subtree in the packet details tree. -|menu:Expand All[] |kbd:[Ctrl+→] |Wireshark keeps a list of all the protocol subtrees that are expanded, and uses it to ensure that the correct subtrees are expanded when you display a packet. This menu item expands all subtrees in all packets in the capture. -|menu:Collapse All[] |kbd:[Ctrl+←] |This menu item collapses the tree view of all packets in the capture list. +|menu:Expand Subtrees[] |kbd:[Shift+→]|This menu item expands the currently selected subtree in the packet details tree. +|menu:Collapse Subtrees[] |kbd:[Shift+←]|This menu item collapses the currently selected subtree in the packet details tree. +|menu:Expand All[] |kbd:[Ctrl+→] |Wireshark keeps a list of all the protocol subtrees that are expanded, and uses it to ensure that the correct subtrees are expanded when you display a packet. This menu item expands all subtrees in all packets in the capture. +|menu:Collapse All[] |kbd:[Ctrl+←] |This menu item collapses the tree view of all packets in the capture list. |menu:Colorize Conversation[] | |This menu item brings up a submenu that allows you to color packets in the packet list pane based on the addresses of the currently selected packet. This makes it easy to distinguish packets belonging to different conversations. <>. |menu:Colorize Conversation[Color 1-10] | |These menu items enable one of the ten temporary color filters based on the currently selected conversation. |menu:Colorize Conversation[Reset coloring] | |This menu item clears all temporary coloring rules. @@ -458,12 +458,12 @@ Resizing may take a significant amount of time, especially if a large capture fi [[ChUseGoMenuSection]] -=== The ``Go'' menu +=== The “Go” menu The Wireshark Go menu contains the fields shown in <>. [[ChUseWiresharkGoMenu]] -.The ``Go'' Menu +.The “Go” Menu image::wsug_graphics/ws-go-menu.png[{screenshot-attrs}] [[ChUseTabGo]] @@ -471,26 +471,26 @@ image::wsug_graphics/ws-go-menu.png[{screenshot-attrs}] [options="header",cols="3,2,5"] |=============== |Menu Item |Accelerator |Description -|menu:Back[] |kbd:[Alt+←] |Jump to the recently visited packet in the packet history, much like the page history in a web browser. -|menu:Forward[] |kbd:[Alt+→] |Jump to the next visited packet in the packet history, much like the page history in a web browser. +|menu:Back[] |kbd:[Alt+←] |Jump to the recently visited packet in the packet history, much like the page history in a web browser. +|menu:Forward[] |kbd:[Alt+→] |Jump to the next visited packet in the packet history, much like the page history in a web browser. |menu:Go to Packet...[] |kbd:[Ctrl+G] |Bring up a window frame that allows you to specify a packet number, and then goes to that packet. See <> for details. |menu:Go to Corresponding Packet[] | |Go to the corresponding packet of the currently selected protocol field. If the selected field doesn't correspond to a packet, this item is greyed out. -|menu:Previous Packet[] |kbd:[Ctrl+↑]|Move to the previous packet in the list. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. -|menu:Next Packet[] |kbd:[Ctrl+↓]|Move to the next packet in the list. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. +|menu:Previous Packet[] |kbd:[Ctrl+↑]|Move to the previous packet in the list. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. +|menu:Next Packet[] |kbd:[Ctrl+↓]|Move to the next packet in the list. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. |menu:First Packet[] |kbd:[Ctrl+Home] |Jump to the first packet of the capture file. |menu:Last Packet[] |kbd:[Ctrl+End] |Jump to the last packet of the capture file. -|menu:Previous Packet In Conversation[] |kbd:[Ctrl+,] |Move to the previous packet in the current conversation. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. +|menu:Previous Packet In Conversation[] |kbd:[Ctrl+,] |Move to the previous packet in the current conversation. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. |menu:Next Packet In Conversation[] |kbd:[Ctrl+.] |Move to the next packet in the current conversation. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. |=============== [[ChUseCaptureMenuSection]] -=== The ``Capture'' menu +=== The “Capture” menu The Wireshark Capture menu contains the fields shown in <>. [[ChUseWiresharkCaptureMenu]] -.The ``Capture'' Menu +.The “Capture” Menu image::wsug_graphics/ws-capture-menu.png[{screenshot-attrs}] [[ChUseTabCap]] @@ -498,7 +498,7 @@ image::wsug_graphics/ws-capture-menu.png[{screenshot-attrs}] [options="header",cols="3,2,5"] |=============== |Menu Item |Accelerator |Description -|menu:Interfaces...[] |kbd:[Ctrl+I] |This menu item brings up a dialog box that shows what's going on at the network interfaces Wireshark knows of, see <>) . +|menu:Interfaces...[] |kbd:[Ctrl+I] |This menu item brings up a dialog box that shows what’s going on at the network interfaces Wireshark knows of, see <>) . |menu:Options...[] |kbd:[Ctrl+K] |This menu item brings up the Capture Options dialog box (discussed further in <>) and allows you to start capturing packets. |menu:Start[] |kbd:[Ctrl+E] |Immediately start capturing packets with the same settings than the last time. |menu:Stop[] |kbd:[Ctrl+E] |This menu item stops the currently running capture, see <>) . @@ -508,12 +508,12 @@ image::wsug_graphics/ws-capture-menu.png[{screenshot-attrs}] [[ChUseAnalyzeMenuSection]] -=== The ``Analyze'' menu +=== The “Analyze” menu The Wireshark Analyze menu contains the fields shown in <>. [[ChUseWiresharkAnalyzeMenu]] -.The ``Analyze'' Menu +.The “Analyze” Menu image::wsug_graphics/ws-analyze-menu.png[{screenshot-attrs}] [[ChUseAnalyze]] @@ -538,12 +538,12 @@ image::wsug_graphics/ws-analyze-menu.png[{screenshot-attrs}] [[ChUseStatisticsMenuSection]] -=== The ``Statistics'' menu +=== The “Statistics” menu The Wireshark Statistics menu contains the fields shown in <>. [[ChUseWiresharkStatisticsMenu]] -.The ``Statistics'' Menu +.The “Statistics” Menu image::wsug_graphics/ws-statistics-menu.png[{screenshot-attrs}] All menu items will bring up a new window showing specific statistical information. @@ -579,12 +579,12 @@ All menu items will bring up a new window showing specific statistical informati [[ChUseTelephonyMenuSection]] -=== The ``Telephony'' menu +=== The “Telephony” menu The Wireshark Telephony menu contains the fields shown in <>. [[ChUseWiresharkTelephonyMenu]] -.The ``Telephony'' Menu +.The “Telephony” Menu image::wsug_graphics/ws-telephony-menu.png[{screenshot-attrs}] All menu items will bring up a new window showing specific telephony related statistical information. @@ -613,12 +613,12 @@ All menu items will bring up a new window showing specific telephony related sta [[ChUseToolsMenuSection]] -=== The ``Tools'' menu +=== The “Tools” menu The Wireshark Tools menu contains the fields shown in <>. [[ChUseWiresharkToolsMenu]] -.The ``Tools'' Menu +.The “Tools” Menu image::wsug_graphics/ws-tools-menu.png[{screenshot-attrs}] [[ChUseTools]] @@ -630,17 +630,17 @@ image::wsug_graphics/ws-tools-menu.png[{screenshot-attrs}] It is assumed that the rules will be applied to an outside interface. -|menu:Lua[]|| These options allow you to work with the Lua interpreter optionally build into Wireshark. See the ``Lua Support in Wireshark'' in the Wireshark Developer's Guide. +|menu:Lua[]|| These options allow you to work with the Lua interpreter optionally build into Wireshark. See the ``Lua Support in Wireshark'' in the Wireshark Developer’s Guide. |=============== [[ChUseInternalsMenuSection]] -=== The ``Internals'' menu +=== The “Internals” menu The Wireshark Internals menu contains the fields shown in <>. [[ChUseWiresharkInternalsMenu]] -.The ``Internals'' Menu +.The “Internals” Menu image::wsug_graphics/ws-internals-menu.png[{screenshot-attrs}] [[ChUseInternals]] @@ -654,12 +654,12 @@ image::wsug_graphics/ws-internals-menu.png[{screenshot-attrs}] [[ChUseHelpMenuSection]] -=== The ``Help'' menu +=== The “Help” menu The Wireshark Help menu contains the fields shown in <>. [[ChUseWiresharkHelpMenu]] -.The ``Help'' Menu +.The “Help” Menu image::wsug_graphics/ws-help-menu.png[{screenshot-attrs}] [[ChUseHelp]] @@ -674,7 +674,7 @@ image::wsug_graphics/ws-help-menu.png[{screenshot-attrs}] |menu:Downloads[]|| This menu item starts a Web browser showing the downloads from: link:{wireshark-download-url}[]. |menu:Wiki[]|| This menu item starts a Web browser showing the front page from: link:{wireshark-wiki-url}[]. |menu:Sample Captures[]|| This menu item starts a Web browser showing the sample captures from: link:{wireshark-wiki-url}SampleCaptures[]. -|menu:About Wireshark[]|| This menu item brings up an information window that provides various detailed information items on Wireshark, such as how it's built, the plugins loaded, the used folders, ... +|menu:About Wireshark[]|| This menu item brings up an information window that provides various detailed information items on Wireshark, such as how it’s built, the plugins loaded, the used folders, ... |=============== @@ -690,7 +690,7 @@ preferences dialog. [[ChUseMainToolbarSection]] -=== The ``Main'' toolbar +=== The “Main” toolbar The main toolbar provides quick access to frequently used items from the menu. This toolbar cannot be customized by the user, but it can be hidden using the @@ -702,7 +702,7 @@ you haven't loaded one). [[ChUseWiresharkMainToolbar]] -.The ``Main'' toolbar +.The “Main” toolbar image::wsug_graphics/ws-main-toolbar.png[{screenshot-attrs}] [[ChUseMainToolbar]] @@ -744,14 +744,14 @@ If you currently have a temporary capture file, the Save icon will be shown ins [[ChUseFilterToolbarSection]] -=== The ``Filter'' toolbar +=== The “Filter” toolbar The filter toolbar lets you quickly edit and apply display filters. More information on display filters is available in <>. [[ChUseWiresharkFilterToolbar]] -.The ``Filter'' toolbar +.The “Filter” toolbar image::wsug_graphics/ws-filter-toolbar.png[{screenshot-attrs}] [[ChUseFilterToolbar]] @@ -794,7 +794,7 @@ dissectors into the columns. As higher level protocols might overwrite information from lower levels, you will typically see the information from the highest possible level only. -For example, let's look at a packet containing TCP inside IP inside an Ethernet +For example, let’s look at a packet containing TCP inside IP inside an Ethernet packet. The Ethernet dissector will write its data (such as the Ethernet addresses), the IP dissector will overwrite this by its own (such as the IP addresses), the TCP dissector will overwrite the IP information, and so on. @@ -866,7 +866,7 @@ The packet list has an _Intelligent Scrollbar_ which shows a miniature map of nearby packets. Each https://en.wikipedia.org/wiki/Raster_graphics[raster line] of the scrollbar corresponds to a single packet, so the number of packets shown in the map depends on your physical display and the height of the packet list. A -tall packet list on a high-resolution (``Retina'') display will show you quite a +tall packet list on a high-resolution (“Retina”) display will show you quite a few packets. In the image above the scrollbar shows the status of more than 500 packets along with the 15 shown in the packet list itself. @@ -896,7 +896,7 @@ Some protocol fields have special meanings. * *Generated fields.* Wireshark itself will generate additional protocol information which isn't present in the captured data. This information is - enclosed in square brackets (`[' and `]'). Generated information includes + enclosed in square brackets (“[” and “]”). Generated information includes response times, TCP analysis, GeoIP information, and checksum validation. * *Links.* If Wireshark detects a relationship to another packet in the capture @@ -919,7 +919,7 @@ image::wsug_graphics/ws-bytes-pane.png[{screenshot-attrs}] The ``Packet Bytes'' pane shows a canonical https://en.wikipedia.org/wiki/Hex_dump[hex dump] of the packet data. Each line contains the data offset, sixteen hexadecimal bytes, and sixteen ASCII bytes. -Non-printalbe bytes are replaced with a period (`.'). +Non-printalbe bytes are replaced with a period (“.”). Depending on the packet data, sometimes more than one page is available, e.g. when Wireshark has reassembled some packets into a single chunk of data. (See @@ -1006,7 +1006,7 @@ Details'' pane. [TIP] ==== -The value between the parentheses (in this example `ipv6.src') can be used as a +The value between the parentheses (in this example “ipv6.src”) can be used as a display filter, representing the selected protocol field. ==== diff --git a/docbook/wsug_src/WSUG_chapter_work.asciidoc b/docbook/wsug_src/WSUG_chapter_work.asciidoc index 1499ee8043..3b09f7fa78 100644 --- a/docbook/wsug_src/WSUG_chapter_work.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_work.asciidoc @@ -73,7 +73,7 @@ description of each item. .The menu items of the ``Packet List'' column header pop-up menu [options="header",cols="3,2,5"] |=============== -|Item|Identical to main menu's item:|Description +|Item|Identical to main menu’s item:|Description |menu:Sort Ascending[]|| Sort the packet list in ascending order based on this column. |menu:Sort Descending[]|| Sort the packet list in descending order based on this column. |menu:No Sort[]|| Remove sorting order based on this column. @@ -103,7 +103,7 @@ The following table gives an overview of which functions are available in this .The menu items of the ``Packet List'' pop-up menu [options="header",cols="3,2,5"] |=============== -|Item|Identical to main menu's item:|Description +|Item|Identical to main menu’s item:|Description |menu:Mark Packet (toggle)[]|menu:Edit[]| Mark/unmark a packet. |menu:Ignore Packet (toggle)[]|menu:Edit[]| Ignore or inspect this packet while dissecting the capture file. |menu:Set Time Reference (toggle)[]|menu:Edit[]| Set/reset a time reference. @@ -123,7 +123,7 @@ The following table gives an overview of which functions are available in this |menu:Copy/ Bytes (Offset Hex)[]|| Copy the packet bytes to the clipboard in hexdump-like format, but without the text portion. |menu:Copy/ Bytes (Printable Text Only)[]|| Copy the packet bytes to the clipboard as ASCII text, excluding non-printable characters. |menu:Copy/ Bytes (Hex Stream)[]|| Copy the packet bytes to the clipboard as an unpunctuated list of hex digits. -|menu:Copy/ Bytes (Binary Stream)[]|| Copy the packet bytes to the clipboard as raw binary. The data is stored in the clipboard as MIME-type ``application/octet-stream''. +|menu:Copy/ Bytes (Binary Stream)[]|| Copy the packet bytes to the clipboard as raw binary. The data is stored in the clipboard as MIME-type “application/octet-stream”. |menu:Decode As...[]|menu:Analyze[]| Change or apply a new relation between two dissectors. |menu:Print...[]|File| Print packets. |menu:Show Packet in New Window[]|menu:View[]| Display the selected packet in a new window. @@ -148,7 +148,7 @@ description of each item. .The menu items of the ``Packet Details'' pop-up menu [options="header",cols="3,2,5"] |=============== -|Item|Identical to main menu's item:|Description +|Item|Identical to main menu’s item:|Description |menu:Expand Subtrees[]|menu:View[]| Expand the currently selected subtree. |menu:Collapse Subtrees[]|menu:View[]| Collapse the currently selected subtree. |menu:Expand All[]|menu:View[]| Expand all subtrees in all packets in the capture. @@ -168,7 +168,7 @@ description of each item. |menu:Copy/ Bytes (Offset Hex)[]|| Copy the packet bytes to the clipboard in hexdump-like format, but without the text portion; similar to the Packet List Pane command, but copies only the bytes relevant to the selected part of the tree (the bytes selected in the Packet Bytes Pane). |menu:Copy/ Bytes (Printable Text Only)[]|| Copy the packet bytes to the clipboard as ASCII text, excluding non-printable characters; similar to the Packet List Pane command, but copies only the bytes relevant to the selected part of the tree (the bytes selected in the Packet Bytes Pane). |menu:Copy/ Bytes (Hex Stream)[]|| Copy the packet bytes to the clipboard as an unpunctuated list of hex digits; similar to the Packet List Pane command, but copies only the bytes relevant to the selected part of the tree (the bytes selected in the Packet Bytes Pane). -|menu:Copy/ Bytes (Binary Stream)[]|| Copy the packet bytes to the clipboard as raw binary; similar to the Packet List Pane command, but copies only the bytes relevant to the selected part of the tree (the bytes selected in the Packet Bytes Pane). The data is stored in the clipboard as MIME-type ``application/octet-stream''. +|menu:Copy/ Bytes (Binary Stream)[]|| Copy the packet bytes to the clipboard as raw binary; similar to the Packet List Pane command, but copies only the bytes relevant to the selected part of the tree (the bytes selected in the Packet Bytes Pane). The data is stored in the clipboard as MIME-type “application/octet-stream”. |menu:Export Selected Packet Bytes...[]|menu:File[]| This menu item is the same as the File menu item of the same name. It allows you to export raw packet bytes to a binary file. |menu:Wiki Protocol Page[]|| Show the wiki page corresponding to the currently selected protocol in your web browser. |menu:Filter Field Reference[]|| Show the filter field reference web page corresponding to the currently selected protocol in your web browser. @@ -474,7 +474,7 @@ for which there are no occurrences of a field named ip.addr with the value === The ``Filter Expression'' dialog box -When you are accustomed to Wireshark's filtering system and know what labels you +When you are accustomed to Wireshark’s filtering system and know what labels you wish to use in your filters it can be very quick to simply type a filter string. However if you are new to Wireshark or are working with a slightly unfamiliar protocol it can be very confusing to try to figure out what to type. The @@ -518,7 +518,7 @@ also indicate the type of value for the _field name_ you have selected (like character string). _Predefined values_:: -Some of the protocol fields have predefined values available, much like enum's +Some of the protocol fields have predefined values available, much like enum’s in C. If the selected protocol field has such values defined, you can choose one of them here. @@ -565,7 +565,7 @@ image::wsug_graphics/ws-filters.png[{screenshot-attrs}] _New_:: This button adds a new filter to the list of filters. The currently entered values from Filter name and Filter string will be used. If any of these fields -are empty, it will be set to ``new''. +are empty, it will be set to “new”. _Delete_:: @@ -651,7 +651,7 @@ For more details on display filters, see <> + Search for a specific byte sequence in the packet data. + -For example, use ``00:00'' to find the next packet including two null bytes in the packet data. +For example, use “00:00” to find the next packet including two null bytes in the packet data. * _String_ + @@ -710,7 +710,7 @@ Wireshark will jump to that packet. If a protocol field is selected which points to another packet in the capture file, this command will jump to that packet. -As these protocol fields now work like links (just as in your Web browser), it's +As these protocol fields now work like links (just as in your Web browser), it’s easier to simply double-click on the field to jump to the corresponding field. ==== The ``Go to First Packet'' command @@ -744,7 +744,7 @@ There are three functions to manipulate the marked state of a packet: * _Unmark all packets_ reset the mark state of all packets. -These mark functions are available from the ``Edit'' menu, and the ``Mark packet +These mark functions are available from the “Edit” menu, and the ``Mark packet (toggle)'' function is also available from the pop-up menu of the ``Packet List'' pane. @@ -768,7 +768,7 @@ There are three functions to manipulate the ignored state of a packet: * _Un-Ignore all packets_ reset the ignored state of all packets. -These ignore functions are available from the ``Edit'' menu, and the ``Ignore +These ignore functions are available from the “Edit” menu, and the ``Ignore packet (toggle)'' function is also available from the pop-up menu of the ``Packet List'' pane. @@ -816,9 +816,9 @@ The available precisions (aka. the number of displayed decimal places) are: the actually available precision is smaller, zeros will be appended. If the precision is larger, the remaining decimal places will be cut off. -Precision example: If you have a timestamp and it's displayed using, ``Seconds +Precision example: If you have a timestamp and it’s displayed using, ``Seconds Since Previous Packet'' the value might be 1.123456. This will be displayed -using the ``Automatic'' setting for libpcap files (which is microseconds). If +using the “Automatic” setting for libpcap files (which is microseconds). If you use Seconds it would show simply 1 and if you use Nanoseconds it shows 1.123456000. @@ -829,7 +829,7 @@ you use Seconds it would show simply 1 and if you use Nanoseconds it shows The user can set time references to packets. A time reference is the starting point for all subsequent packet time calculations. It will be useful, if you want to see the time values relative to a special packet, e.g. the start of a -new request. It's possible to set multiple time references in the capture file. +new request. It’s possible to set multiple time references in the capture file. The time references will not be saved permanently and will be lost when you close the capture file. diff --git a/docbook/wsug_src/WSUG_preface.asciidoc b/docbook/wsug_src/WSUG_preface.asciidoc index 959d86f9b1..e7ffeec608 100644 --- a/docbook/wsug_src/WSUG_preface.asciidoc +++ b/docbook/wsug_src/WSUG_preface.asciidoc @@ -31,7 +31,7 @@ useful information regarding these topics can be found at the Wireshark Wiki at link:{wireshark-wiki-url}[]. By reading this book, you will learn how to install Wireshark, how to use the -basic elements of the graphical user interface (such as the menu) and what's +basic elements of the graphical user interface (such as the menu) and what’s behind some of the advanced features that are not always obvious at first sight. It will hopefully guide you around some common problems that frequently appear for new (and sometimes even advanced) users of Wireshark.