forked from osmocom/wireshark
Docs: Use modern Asciidoctor section IDs.
Change our legacy block anchors to section IDs as described at https://docs.asciidoctor.org/asciidoc/latest/sections/custom-ids/
This commit is contained in:
parent
92c8c2f7a0
commit
fad709a582
|
@ -24,7 +24,7 @@ include::wsdg_src/WSDG_preface.adoc[]
|
|||
|
||||
include::common_src/typographic_conventions.adoc[]
|
||||
|
||||
[[PartEnvironment]]
|
||||
[#PartEnvironment]
|
||||
= Wireshark Build Environment
|
||||
|
||||
[partintro]
|
||||
|
@ -44,7 +44,7 @@ include::wsdg_src/WSDG_chapter_tools.adoc[]
|
|||
|
||||
include::wsdg_src/WSDG_chapter_libraries.adoc[]
|
||||
|
||||
[[PartDevelopment]]
|
||||
[#PartDevelopment]
|
||||
= Wireshark Development
|
||||
|
||||
[partintro]
|
||||
|
|
|
@ -32,7 +32,7 @@ unsupported and has known security vulnerabilities.
|
|||
For more information, please see the
|
||||
https://www.wireshark.org/about.html[About Wireshark] page.
|
||||
|
||||
[[wheretogethelp]]
|
||||
[#wheretogethelp]
|
||||
=== Where can I get help?
|
||||
|
||||
Community support is available on the
|
||||
|
@ -305,7 +305,7 @@ happens; see the previous question.
|
|||
|
||||
== Capturing packets
|
||||
|
||||
[[promiscsniff]]
|
||||
[#promiscsniff]
|
||||
=== When I use Wireshark to capture packets, why do I see only packets to and from my machine, or not see all the traffic I'm expecting to see from or to the machine I'm trying to monitor?
|
||||
|
||||
This might be because the interface on which you're capturing is
|
||||
|
@ -651,7 +651,7 @@ information (e.g., passwords), then please do not send it.
|
|||
|
||||
== Capturing packets on Windows
|
||||
|
||||
[[capprobwin]]
|
||||
[#capprobwin]
|
||||
=== I'm running Wireshark on Windows; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Wireshark give me an error if I try to capture on that interface?
|
||||
|
||||
Wireshark relies on the Npcap library, the Npcap device driver,
|
||||
|
@ -787,7 +787,7 @@ seeing VLAN headers and seeing outgoing packets.
|
|||
|
||||
== Capturing packets on UN*Xes
|
||||
|
||||
[[capprobunix]]
|
||||
[#capprobunix]
|
||||
=== I'm running Wireshark on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Wireshark give me an error if I try to capture on that interface?
|
||||
|
||||
You may need to run Wireshark from an account with sufficient
|
||||
|
|
|
@ -261,16 +261,16 @@ my $function;
|
|||
my @functions;
|
||||
|
||||
my $asciidoc_template = {
|
||||
module_header => "[[lua_module_%s]]\n\n",
|
||||
module_header => "[#lua_module_%s]\n\n",
|
||||
# module_desc => "\t<title>%s</title>\n",
|
||||
class_header => "[[lua_class_%s]]\n\n" .
|
||||
class_header => "[#lua_class_%s]\n\n" .
|
||||
"==== %s\n\n",
|
||||
#class_desc => "\t\t<para>%s</para>\n",
|
||||
class_attr_header => "[[lua_class_attrib_%s]]\n\n" .
|
||||
class_attr_header => "[#lua_class_attrib_%s]\n\n" .
|
||||
"===== %s\n\n",
|
||||
#class_attr_descr => "\t\t\t<para>%s%s</para>\n",
|
||||
class_attr_footer => "// End %s\n\n",
|
||||
function_header => "[[lua_fn_%s]]\n\n" .
|
||||
function_header => "[#lua_fn_%s]\n\n" .
|
||||
"===== %s\n\n",
|
||||
#function_descr => "\t\t\t<para>%s</para>\n",
|
||||
function_args_header => "[float]\n" .
|
||||
|
@ -294,7 +294,7 @@ my $asciidoc_template = {
|
|||
function_errors_footer => "// function_errors_footer: %s\n",
|
||||
function_footer => "// function_footer: %s\n\n",
|
||||
class_footer => "// class_footer: %s\n",
|
||||
global_functions_header => "[[global_functions_%s]]\n\n" .
|
||||
global_functions_header => "[#global_functions_%s]\n\n" .
|
||||
"==== Global Functions\n\n",
|
||||
global_functions_footer => "// Global function\n",
|
||||
module_footer => "// end of module\n",
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
[[CreatingAsn1Dissectors]]
|
||||
[#CreatingAsn1Dissectors]
|
||||
|
||||
== Creating ASN.1 Dissectors
|
||||
|
||||
|
@ -28,7 +28,7 @@ It has inbuilt support for:
|
|||
(07/1994), Information technology - Remote Operations: Concepts, model
|
||||
and notation
|
||||
|
||||
[[AboutASN1]]
|
||||
[#AboutASN1]
|
||||
|
||||
=== About ASN.1
|
||||
|
||||
|
@ -37,7 +37,7 @@ learn about ASN.1. There are a number of free resources available to
|
|||
help with this. One collection of such resources is maintained on
|
||||
https://www.itu.int/en/ITU-T/asn1/Pages/asn1_project.aspx[the ASN.1 Consortium's web site].
|
||||
|
||||
[[Asn1DissectorRequirements]]
|
||||
[#Asn1DissectorRequirements]
|
||||
=== ASN.1 Dissector Requirements
|
||||
|
||||
The compiler needs 4 input files: an ASN.1 description of a protocol, a .cnf file, and two template files.
|
||||
|
@ -47,7 +47,7 @@ The H.248 Binary encoding dissector is a good example of a dissector with relati
|
|||
|
||||
A complete <<SimpleASN1BasedDissector,simple ASN1 UDP-based dissector>> is also available.
|
||||
|
||||
[[BuildingAnASN1BasedPlugin]]
|
||||
[#BuildingAnASN1BasedPlugin]
|
||||
==== Building An ASN.1-Based Plugin
|
||||
|
||||
The usual way to build an ASN.1-based dissector is to put it into the
|
||||
|
@ -66,7 +66,7 @@ Reasons one might _not_ want to build as a plugin:
|
|||
|
||||
If you still think you'd like to build your module as a plugin, see https://gitlab.com/wireshark/wireshark/-/wikis/ASN1_plugin[Building ASN1 Plugins].
|
||||
|
||||
[[UnderstandingErrorMessages]]
|
||||
[#UnderstandingErrorMessages]
|
||||
=== Understanding Error Messages
|
||||
|
||||
When running asn2wrs, you could get the following errors:
|
||||
|
@ -77,13 +77,13 @@ around the dot (.) - can be the dot itself.
|
|||
|
||||
* A ParseError (`__main__.ParseError: LexToken(SEMICOLON,';',88)`) means that the ';' (SEMICOLON) is not understood. Maybe removing it will work?
|
||||
|
||||
[[HandMassagingTheASN1File]]
|
||||
[#HandMassagingTheASN1File]
|
||||
=== Hand-Massaging The ASN.1 File
|
||||
|
||||
If a portion of your ASN.1 file is unsupported you can modify it by hand as needed.
|
||||
However, the preferred way to resolve the issue is to report it on the link:{wireshark-mailing-lists-url}wireshark-dev[wireshark-dev] mailing list or in the issue tracker so that asn2wrs can be improved.
|
||||
|
||||
[[CommandLineSyntax]]
|
||||
[#CommandLineSyntax]
|
||||
=== Command Line Syntax
|
||||
|
||||
----
|
||||
|
@ -124,7 +124,7 @@ ASN.1 to Wireshark dissector compiler
|
|||
o - list of output files
|
||||
----
|
||||
|
||||
[[GeneratedFiles]]
|
||||
[#GeneratedFiles]
|
||||
=== Generated Files
|
||||
|
||||
Asn2wrs creates the following intermediate files:
|
||||
|
@ -142,7 +142,7 @@ Asn2wrs creates the following intermediate files:
|
|||
These files should be included in the template file as described in the <<ConformanceFiles,conformance file examples>>.
|
||||
Some are optional.
|
||||
|
||||
[[ASN1StepByStepInstructions]]
|
||||
[#ASN1StepByStepInstructions]
|
||||
=== Step By Step Instructions
|
||||
|
||||
. Create a directory for your protocol in the _epan/dissectors/asn1_ directory and put
|
||||
|
@ -159,14 +159,14 @@ appropriate places.
|
|||
etc...
|
||||
. Build Wireshark.
|
||||
|
||||
[[HintsForUsingAsn2wrs]]
|
||||
[#HintsForUsingAsn2wrs]
|
||||
=== Hints For Using Asn2wrs
|
||||
|
||||
Asn2wrs does not support all of ASN.1 yet.
|
||||
This means you might need to modify the ASN.1 definition before it will compile.
|
||||
This page lists some tips and tricks that might make your life easier.
|
||||
|
||||
[[COMPONENTS_OF]]
|
||||
[#COMPONENTS_OF]
|
||||
[discrete]
|
||||
==== COMPONENTS OF
|
||||
|
||||
|
@ -177,7 +177,7 @@ COMPONENTS OF is a directive in ASN.1 which include
|
|||
all specified fields in the referenced SEQUENCE by those fields as if
|
||||
they had been explicitly specified.
|
||||
|
||||
[[ASN1ComponentsOfExample]]
|
||||
[#ASN1ComponentsOfExample]
|
||||
[discrete]
|
||||
==== Example
|
||||
|
||||
|
@ -208,7 +208,7 @@ Bar ::= SEQUENCE {
|
|||
|
||||
That was pretty easy wasn't it?
|
||||
|
||||
[[SemicolonCharacters]]
|
||||
[#SemicolonCharacters]
|
||||
[discrete]
|
||||
==== Semicolon Characters
|
||||
|
||||
|
@ -222,7 +222,7 @@ PBAddressString ::= SEQUENCE {
|
|||
|
||||
You will have to remove the last semicolon character.
|
||||
|
||||
[[ASN1Parameters]]
|
||||
[#ASN1Parameters]
|
||||
[discrete]
|
||||
==== Parameters
|
||||
|
||||
|
@ -241,7 +241,7 @@ Will have to be replaced with the real values of the parameters:
|
|||
AChBillingChargingCharacteristics ::= OCTET STRING (SIZE (5 .. 177))
|
||||
----
|
||||
|
||||
[[ASN1ANYAndParameterizedTypes]]
|
||||
[#ASN1ANYAndParameterizedTypes]
|
||||
==== ANY And Parameterized Types
|
||||
|
||||
Asn2wrs can handle the type ANY but not parameterized types.
|
||||
|
@ -292,7 +292,7 @@ offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree);
|
|||
This example comes from the X509AF dissector. Please see the code there
|
||||
for more examples on how to do this.
|
||||
|
||||
[[TaggedAssignments]]
|
||||
[#TaggedAssignments]
|
||||
==== Tagged Assignments
|
||||
|
||||
There is currently a bug in Asn2wrs that makes it
|
||||
|
@ -353,7 +353,7 @@ generated. Then put that line in the conformance directive and replace
|
|||
`implicit_tag` with either TRUE or FALSE depending on whether IMPLICIT
|
||||
is used or not.
|
||||
|
||||
[[UntaggedCHOICEs]]
|
||||
[#UntaggedCHOICEs]
|
||||
==== Untagged CHOICEs
|
||||
|
||||
Asn2wrs cannot handle untagged CHOICEs within either a SET or a SEQUENCE. For example:
|
||||
|
@ -397,7 +397,7 @@ MessageTransferEnvelope ::= SET {
|
|||
This isn't an entirely correct ASN.1 definition, but should allow
|
||||
successful parsing.
|
||||
|
||||
[[ImportedModuleNameConflicts]]
|
||||
[#ImportedModuleNameConflicts]
|
||||
==== Imported Module Name Conflicts
|
||||
|
||||
When importing a module using <<ASN1CnfDirectiveINCLUDE,++#++.INCLUDE>> in the conformance file, this
|
||||
|
@ -429,7 +429,7 @@ into the conformance file *before* the <<ASN1CnfDirectiveINCLUDE,++#++.INCLUDE>>
|
|||
Time TYPE = FT_STRING DISPLAY = BASE_NONE STRING = NULL BITMASK = 0
|
||||
----
|
||||
|
||||
[[SimpleASN1BasedDissector]]
|
||||
[#SimpleASN1BasedDissector]
|
||||
=== Simple ASN.1-Based Dissector
|
||||
|
||||
// https://gitlab.com/wireshark/wireshark/-/wikis/uploads/__moin_import__/attachments/ASN1_sample/foo.tar.gz
|
||||
|
@ -675,7 +675,7 @@ set( A2W_FLAGS )
|
|||
ASN2WRS()
|
||||
----
|
||||
|
||||
[[ConformanceFiles]]
|
||||
[#ConformanceFiles]
|
||||
=== Conformance (.cnf) Files
|
||||
|
||||
The .cnf file tells the compiler what to do with certain things, such as skipping auto generation for some ASN.1 entries.
|
||||
|
@ -731,7 +731,7 @@ End of directive
|
|||
#.END_OF_CNF::
|
||||
End of conformance file
|
||||
|
||||
[[ExampleCnfFile]]
|
||||
[#ExampleCnfFile]
|
||||
==== Example .cnf File
|
||||
|
||||
----
|
||||
|
@ -828,7 +828,7 @@ if (foo_reassemble) {
|
|||
#.END
|
||||
----
|
||||
|
||||
[[ExamplePacketProtocolTemplateHFile]]
|
||||
[#ExamplePacketProtocolTemplateHFile]
|
||||
==== Example packet-protocol-template.h File
|
||||
|
||||
Example template.h file.
|
||||
|
@ -856,7 +856,7 @@ Replace all PROTOCOL/protocol references with the name of your protocol.
|
|||
#endif /* PACKET_PROTOCOL_H */
|
||||
----
|
||||
|
||||
[[ExamplePacketProtocolTemplateCFile]]
|
||||
[#ExamplePacketProtocolTemplateCFile]
|
||||
==== Example packet-protocol-template.c File
|
||||
|
||||
Example template.c file.
|
||||
|
@ -929,24 +929,24 @@ void proto_reg_handoff_protocol(void) {
|
|||
}
|
||||
----
|
||||
|
||||
[[ASN1ConformanceFileDirectiveReference]]
|
||||
[#ASN1ConformanceFileDirectiveReference]
|
||||
=== Conformance File Directive Reference
|
||||
|
||||
The following directives can be used in conformance (.cnf) files:
|
||||
|
||||
[[ASN1CnfDirectiveEND]]
|
||||
[#ASN1CnfDirectiveEND]
|
||||
==== #.END
|
||||
|
||||
Some of the other directives in the Asn2wrs conformance file consists of multiple lines.
|
||||
The #.END directive is used to terminate such a directive.
|
||||
All other “#.” directives (except #.INCLUDE) automatically act as an implicit #.END directive which is why you will not see many #.END directives in the conformance files for the dissectors shipped with Wireshark.
|
||||
|
||||
[[ASN1CnfDirectiveEXPORTS]]
|
||||
[#ASN1CnfDirectiveEXPORTS]
|
||||
==== #.EXPORTS
|
||||
|
||||
This directive in the Asn2wrs conformation file is used to export functions for type decoding from the dissector.
|
||||
|
||||
[[ASN1CnfDirectiveEXPORTSSyntax]]
|
||||
[#ASN1CnfDirectiveEXPORTSSyntax]
|
||||
===== Syntax
|
||||
|
||||
----
|
||||
|
@ -965,7 +965,7 @@ Options:
|
|||
* WS_VAR and WS_VAR_IMPORT: Used for value string table so as it can be exported from libwireshark.dll.
|
||||
* NO_PROT_PREFIX: - value string table name does not have protocol prefix
|
||||
|
||||
[[ASN1CnfDirectiveEXPORTSExample]]
|
||||
[#ASN1CnfDirectiveEXPORTSExample]
|
||||
===== Example
|
||||
|
||||
----
|
||||
|
@ -976,14 +976,14 @@ H323-UU-PDU/h323-message-body ONLY_VALS WS_VAR
|
|||
#.END
|
||||
----
|
||||
|
||||
[[ASN1CnfDirectiveFN_BODY]]
|
||||
[#ASN1CnfDirectiveFN_BODY]
|
||||
==== #.FN_BODY
|
||||
|
||||
Sometimes, like when we have ANY types, we might want to replace
|
||||
whatever function body that Asn2wrs generates with code
|
||||
of our own. This is what this directive allows us to do.
|
||||
|
||||
[[ASN1CnfDirectiveFN_BODYExample]]
|
||||
[#ASN1CnfDirectiveFN_BODYExample]
|
||||
===== Example: ANY
|
||||
|
||||
Asn2wrs can handle the type ANY but we have to help it by adding some small changes to the conformance file.
|
||||
|
@ -1037,13 +1037,13 @@ for more examples on how to do this.
|
|||
|
||||
|
||||
|
||||
[[ASN1CnfDirectiveMODULE_IMPORTAndINCLUDE]]
|
||||
[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDE]
|
||||
==== #.MODULE_IMPORT And #.INCLUDE
|
||||
|
||||
These directive in the Asn2wrs conformation file are used to manage references to external type definitions, i.e. IMPORTS.
|
||||
The examples below are all from the X.509 Authentication Framework (x509af) dissector source code in Wireshark.
|
||||
|
||||
[[ASN1CnfDirectiveMODULE_IMPORTAndINCLUDEExample]]
|
||||
[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDEExample]
|
||||
===== Example ASN
|
||||
|
||||
This is an example from the X509AF dissector which amongst other things
|
||||
|
@ -1069,7 +1069,7 @@ important that these types have been declared as #.EXPORTS in the X509
|
|||
InformationFramework dissector so that they are exported and that we
|
||||
can link to them.
|
||||
|
||||
[[ASN1CnfDirectiveMODULE_IMPORT]]
|
||||
[#ASN1CnfDirectiveMODULE_IMPORT]
|
||||
==== #.MODULE_IMPORT
|
||||
|
||||
First we need to tell Asn2wrs which protocol name
|
||||
|
@ -1090,7 +1090,7 @@ This tells Asn2wrs that the function name to call to
|
|||
dissect Name would be dissect_x509if_Name(...). Without this knowledge
|
||||
Asn2wrs would not know which function name to generate. +
|
||||
|
||||
[[ASN1CnfDirectiveINCLUDE]]
|
||||
[#ASN1CnfDirectiveINCLUDE]
|
||||
==== #.INCLUDE
|
||||
|
||||
Second, in order for Asn2wrs to generate correct code it
|
||||
|
@ -1107,7 +1107,7 @@ have are done using the #.INCLUDE directive in the conformance file:
|
|||
See #.EXPORTS for a description and examples of these types of include
|
||||
files.
|
||||
|
||||
[[ASN1CnfDirectiveNO_EMITAndUSER_DEFINED]]
|
||||
[#ASN1CnfDirectiveNO_EMITAndUSER_DEFINED]
|
||||
==== #.NO_EMIT And #.USER_DEFINED
|
||||
|
||||
These two directives in the conformance file for Asn2wrs
|
||||
|
@ -1132,7 +1132,7 @@ and
|
|||
Use #.NO_EMIT if you dont need to call this function at all from anywhere (except from the template itself) and use #.USER_DEFINED is better if you implement the function inside the template but still want to allow it to be called from other places.
|
||||
// (need much better explanation here)
|
||||
|
||||
[[ASN1CnfDirectiveNO_EMITSyntax]]
|
||||
[#ASN1CnfDirectiveNO_EMITSyntax]
|
||||
===== Syntax
|
||||
|
||||
----
|
||||
|
@ -1155,7 +1155,7 @@ Options:
|
|||
* WITHOUT_VALS: Only dissection function is user defined and not emitted.
|
||||
* ONLY_VALS: Only value string table is user defined and not emitted.
|
||||
|
||||
[[ASN1CnfDirectivePDUAndPDU_NEW]]
|
||||
[#ASN1CnfDirectivePDUAndPDU_NEW]
|
||||
==== #.PDU and #.PDU_NEW
|
||||
|
||||
This directive in the Asn2wrs conformation file will
|
||||
|
@ -1164,7 +1164,7 @@ This is useful if there is an object inside the
|
|||
ASN.1 definition that we really want to register as a protocol dissector
|
||||
or if we want it to have a well known signature.
|
||||
|
||||
[[ASN1CnfDirectivePDUFunctionNames]]
|
||||
[#ASN1CnfDirectivePDUFunctionNames]
|
||||
===== Function Names
|
||||
|
||||
The wrapper functions that are created will all be named and have the
|
||||
|
@ -1176,14 +1176,14 @@ static void dissect_ProtocolName_ObjectName(tvbuff_t *tvb, packet_info *pinfo, p
|
|||
|
||||
Notice that this is exactly the same signature as `dissector_t` which is used by all dissector entry points.
|
||||
|
||||
[[ASN1CnfDirectivePDUUsage]]
|
||||
[#ASN1CnfDirectivePDUUsage]
|
||||
===== Usage
|
||||
|
||||
To get Asn2wrs to generate such wrapper functions you
|
||||
just have to list all objects one by one on the lines following the
|
||||
#.PDU declaration.
|
||||
|
||||
[[ASN1CnfDirectivePDUExample]]
|
||||
[#ASN1CnfDirectivePDUExample]
|
||||
===== Example
|
||||
|
||||
----
|
||||
|
@ -1202,7 +1202,7 @@ static void dissect_SomeObject_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree
|
|||
|
||||
This function can then later be called or referenced from the template file or even exported.
|
||||
|
||||
[[ASN1CnfDirectiveREGISTERAndREGISTER_NEW]]
|
||||
[#ASN1CnfDirectiveREGISTERAndREGISTER_NEW]
|
||||
==== #.REGISTER and #.REGISTER_NEW
|
||||
|
||||
This directive in the Asn2wrs conformation file can be used to register a dissector for an object to an OID.
|
||||
|
@ -1223,14 +1223,14 @@ A whole bunch of protocols use similar types of constructs.
|
|||
While dissection of this particular structure itself currently has to be hand implemented inside the template (see x509af for examples of how this very structure is handled there).
|
||||
The #.REGISTER option in the conformance file will at least make it easy and painless to attach the actual OID to dissector mappings.
|
||||
|
||||
[[ASN1CnfDirectiveREGISTERUsage]]
|
||||
[#ASN1CnfDirectiveREGISTERUsage]
|
||||
===== Usage
|
||||
|
||||
To get Asn2wrs to generate such automatic registration of
|
||||
OID to dissector mappings just use the #.REGISTER directive in the
|
||||
conformation file.
|
||||
|
||||
[[ASN1CnfDirectiveREGISTERExample]]
|
||||
[#ASN1CnfDirectiveREGISTERExample]
|
||||
===== Example
|
||||
|
||||
----
|
||||
|
@ -1241,14 +1241,14 @@ Certificate B "2.5.4.36" "id-at-userCertificate"
|
|||
Which will generate the extra code to make sure that anytime Wireshark needs to dissect the blob associated to the OID "2.5.4.36" it now knows that that is done by calling the subroutine to dissect a Certificate in the current protocol file.
|
||||
The "id-at-userCertificate" is just a free form text string to make Wireshark print a nice name together with the OID when it presents it in the decode pane. While this can be just about anything you want I would STRONGLY use the name used to this object/oid in the actual ASN.1 definition file.
|
||||
|
||||
[[ASN1CnfDirectiveREGISTERIncludeFile]]
|
||||
[#ASN1CnfDirectiveREGISTERIncludeFile]
|
||||
===== Include File
|
||||
|
||||
During the compilation phase Asn2wrs will put all the extra registration code for this in the include file
|
||||
packet-protocol-dis-tab.c.
|
||||
Make sure that you include this file from the template file or the registration to an OID will never occur. `#include "packet-protocol-dis-tab.c"` should be included from the proto_reg_handoff_protocol function in the template file.
|
||||
|
||||
[[ASN1CnfDirectiveREGISTERSeeAlso]]
|
||||
[#ASN1CnfDirectiveREGISTERSeeAlso]
|
||||
===== See Also
|
||||
|
||||
The various dissectors we have for X.509 such as the X.509AF which contains several examples of how to use this option.
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSDG Chapter Build Introduction
|
||||
|
||||
[[ChapterBuildIntro]]
|
||||
[#ChapterBuildIntro]
|
||||
|
||||
== Introduction
|
||||
|
||||
[[ChCodeOverview]]
|
||||
[#ChCodeOverview]
|
||||
|
||||
=== Source overview
|
||||
|
||||
|
@ -24,14 +24,14 @@ the _/capture_ directory
|
|||
|
||||
* Help - using an external web browser and text output
|
||||
|
||||
[[ChCodeStyle]]
|
||||
[#ChCodeStyle]
|
||||
|
||||
=== Coding Style
|
||||
|
||||
The coding style guides for Wireshark can be found in the “Portability”
|
||||
section of the file _doc/README.developer_.
|
||||
|
||||
[[ChCodeGLib]]
|
||||
[#ChCodeGLib]
|
||||
|
||||
=== The GLib library
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// WSDG Chapter Capture
|
||||
|
||||
[[ChapterCapture]]
|
||||
[#ChapterCapture]
|
||||
|
||||
== Packet Capture
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
|||
This chapter needs to be reviewed and extended.
|
||||
****
|
||||
|
||||
[[ChCaptureAddLibpcap]]
|
||||
[#ChCaptureAddLibpcap]
|
||||
|
||||
=== How To Add A New Capture Type To Libpcap
|
||||
|
||||
|
@ -34,7 +34,7 @@ the link-layer protocols or protocols and have them register themselves
|
|||
with the `wtap_encap` dissector table, with the appropriate _WTAP_ENCAP_
|
||||
values by calling `dissector_add_uint()`.
|
||||
|
||||
[[ChCaptureExtcap]]
|
||||
[#ChCaptureExtcap]
|
||||
|
||||
=== Extcap: Developer Guide
|
||||
|
||||
|
@ -73,7 +73,7 @@ can be found (it is not designed to be launched by hand). This is done on purpo
|
|||
only be extcap programs (executable, python scripts, ...) in the extcap folder to reduce the startup
|
||||
time and not have Wireshark trying to execute other file types.
|
||||
|
||||
[[ChCaptureExtcapProcess]]
|
||||
[#ChCaptureExtcapProcess]
|
||||
|
||||
==== Extcap command line interface
|
||||
|
||||
|
@ -204,7 +204,7 @@ the other options are automatically added to run the capture. The extcap interfa
|
|||
is used like all other interfaces (meaning that capture on multiple interfaces, as
|
||||
well as stopping and restarting the capture is supported).
|
||||
|
||||
[[ChCaptureExtcapWindowsShell]]
|
||||
[#ChCaptureExtcapWindowsShell]
|
||||
|
||||
====== Execute a script-based extcap on Windows
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSDG Chapter Dissection
|
||||
|
||||
[[ChapterDissection]]
|
||||
[#ChapterDissection]
|
||||
|
||||
== Packet Dissection
|
||||
|
||||
[[ChDissectWorks]]
|
||||
[#ChDissectWorks]
|
||||
|
||||
=== How packet dissection works
|
||||
|
||||
|
@ -37,7 +37,7 @@ The file _doc/README.dissector_ contains detailed information about writing
|
|||
a dissector. In many cases it is more up to date than this document.
|
||||
====
|
||||
|
||||
[[ChDissectAdd]]
|
||||
[#ChDissectAdd]
|
||||
|
||||
=== Adding a basic dissector
|
||||
|
||||
|
@ -52,7 +52,7 @@ protocol. It consists of the following basic items.
|
|||
|
||||
* An IPv4 address.
|
||||
|
||||
[[ChDissectSetup]]
|
||||
[#ChDissectSetup]
|
||||
|
||||
==== Setting up the dissector
|
||||
|
||||
|
@ -243,7 +243,7 @@ Compile the dissector to a DLL or shared library and either run Wireshark from
|
|||
the build directory as detailed in <<ChSrcRunFirstTime>> or copy the plugin
|
||||
binary into the plugin directory of your Wireshark installation and run that.
|
||||
|
||||
[[ChDissectDetails]]
|
||||
[#ChDissectDetails]
|
||||
|
||||
==== Dissecting the protocol's details
|
||||
|
||||
|
@ -607,7 +607,7 @@ isn't found we provide a fallback which just prints the value in hex. We use
|
|||
this twice, once in the INFO field of the columns -- if it’s displayed, and
|
||||
similarly we append this data to the base of our dissecting tree.
|
||||
|
||||
[[ChDissectExpertInfo]]
|
||||
[#ChDissectExpertInfo]
|
||||
|
||||
=== How to add an expert item
|
||||
|
||||
|
@ -726,7 +726,7 @@ Adding the expert item is simply done by calling `expert_add_info()` with refere
|
|||
to the `packet_info` structure, the proto item `ti` to add the expert item to and
|
||||
the previously defined and registered expert item information.
|
||||
|
||||
[[ChDissectTransformed]]
|
||||
[#ChDissectTransformed]
|
||||
|
||||
=== How to handle transformed data
|
||||
|
||||
|
@ -798,7 +798,7 @@ on the old one but starting at the current offset, and extending to the end.
|
|||
This makes dissecting the packet from this point on exactly the same regardless
|
||||
of compression.
|
||||
|
||||
[[ChDissectReassemble]]
|
||||
[#ChDissectReassemble]
|
||||
|
||||
=== How to reassemble split packets
|
||||
|
||||
|
@ -813,7 +813,7 @@ The following sections will guide you through two common cases. For a
|
|||
description of all possible functions, structures and parameters, see
|
||||
_epan/reassemble.h_.
|
||||
|
||||
[[ChDissectReassembleUdp]]
|
||||
[#ChDissectReassembleUdp]
|
||||
|
||||
==== How to reassemble split UDP packets
|
||||
|
||||
|
@ -1052,7 +1052,7 @@ packet to another, such as a partial packet having a link to the fully
|
|||
reassembled packet. Likewise there are back pointers to the individual packets
|
||||
from the reassembled one. The other variables are used for flagging up errors.
|
||||
|
||||
[[TcpDissectPdus]]
|
||||
[#TcpDissectPdus]
|
||||
|
||||
==== How to reassemble split TCP Packets
|
||||
|
||||
|
@ -1132,7 +1132,7 @@ Protocols which need more data before the message length can be determined can
|
|||
return zero. Other values smaller than the fixed length will result in an
|
||||
exception.
|
||||
|
||||
[[ChDissectTap]]
|
||||
[#ChDissectTap]
|
||||
|
||||
=== How to tap protocols
|
||||
|
||||
|
@ -1201,7 +1201,7 @@ dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
|
|||
This now enables those interested parties to listen in on the details
|
||||
of this protocol conversation.
|
||||
|
||||
[[ChDissectStats]]
|
||||
[#ChDissectStats]
|
||||
|
||||
=== How to produce protocol stats
|
||||
|
||||
|
@ -1294,14 +1294,14 @@ In this case the processing of the stats is quite simple. First we call the
|
|||
call to `stats_tree_tick_pivot()` on the `st_node_packet_types` subtree allows
|
||||
us to record statistics by packet type.
|
||||
|
||||
[[ChDissectConversation]]
|
||||
[#ChDissectConversation]
|
||||
|
||||
=== How to use conversations
|
||||
|
||||
Some info about how to use conversations in a dissector can be found in the file
|
||||
_doc/README.dissector_, chapter 2.2.
|
||||
|
||||
[[ChDissectIdl2wrs]]
|
||||
[#ChDissectIdl2wrs]
|
||||
|
||||
=== __idl2wrs__: Creating dissectors from CORBA IDL files
|
||||
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
// WSDG Chapter Introduction
|
||||
|
||||
[[ChapterIntroduction]]
|
||||
[#ChapterIntroduction]
|
||||
|
||||
== Introduction
|
||||
|
||||
[[ChIntroIntro]]
|
||||
[#ChIntroIntro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
This chapter will provide a general overview of Wireshark development.
|
||||
|
||||
[[ChIntroWhatIs]]
|
||||
[#ChIntroWhatIs]
|
||||
|
||||
=== What Is Wireshark?
|
||||
|
||||
|
@ -19,7 +19,7 @@ know what Wireshark is doing. If not, please have a look at the
|
|||
link:{wireshark-users-guide-url}[Wireshark User’s Guide],
|
||||
which will provide a lot of general information about it.
|
||||
|
||||
[[ChIntroPlatforms]]
|
||||
[#ChIntroPlatforms]
|
||||
|
||||
=== Supported Platforms
|
||||
|
||||
|
@ -96,7 +96,7 @@ Development on Windows 7, Server 2008 R2, Vista, Server 2008, and older versions
|
|||
Some versions of Windows support https://devblogs.microsoft.com/commandline/per-directory-case-sensitivity-and-wsl/[case sensitive directories].
|
||||
We don’t officially support building or running Wireshark in this environment, but we will accept patches to fix any issues that might arise.
|
||||
|
||||
[[ChIntroDevelopment]]
|
||||
[#ChIntroDevelopment]
|
||||
|
||||
=== Development And Maintenance Of Wireshark
|
||||
|
||||
|
@ -170,7 +170,7 @@ available on the download page of the Wireshark website:
|
|||
{wireshark-download-url}.
|
||||
|
||||
|
||||
[[ChIntroReleases]]
|
||||
[#ChIntroReleases]
|
||||
|
||||
=== Releases And Distributions
|
||||
|
||||
|
@ -179,7 +179,7 @@ Minor releases typically happen every six weeks and typically include bug fixes
|
|||
Major releases happen about once a year and include new features and new protocol support.
|
||||
Official releases include binary packages for Windows and macOS along with source code.
|
||||
|
||||
[[ChIntroReleaseBinary]]
|
||||
[#ChIntroReleaseBinary]
|
||||
|
||||
==== Binary Distributions
|
||||
|
||||
|
@ -212,7 +212,7 @@ The Wireshark sources include support for creating the following types of packag
|
|||
|
||||
You can also create your own binary packages. See <<ChSrcBinary>> for details.
|
||||
|
||||
[[ChIntroReleaseSource]]
|
||||
[#ChIntroReleaseSource]
|
||||
|
||||
==== The Source Code Distribution
|
||||
|
||||
|
@ -227,7 +227,7 @@ For details about the different ways to get the Wireshark source code see <<ChSr
|
|||
Before building Wireshark from a source distribution, make sure you have all the tools and libraries required to build.
|
||||
Later chapters describe the required tools and libraries in detail.
|
||||
|
||||
[[ChIntroAutomated]]
|
||||
[#ChIntroAutomated]
|
||||
|
||||
=== Automated Builds (GitLab CI)
|
||||
|
||||
|
@ -282,7 +282,7 @@ Static code analysis and fuzz tests are run on the following platforms:
|
|||
|
||||
Each platform is represented at the status page by a single column, the most recent entries are at the top.
|
||||
|
||||
[[ChIntroHelp]]
|
||||
[#ChIntroHelp]
|
||||
|
||||
|
||||
=== Reporting problems and getting help
|
||||
|
@ -291,14 +291,14 @@ If you have problems, or need help with Wireshark, there are several
|
|||
places that may be of interest to you (well, beside this guide of
|
||||
course).
|
||||
|
||||
[[ChIntroHomepage]]
|
||||
[#ChIntroHomepage]
|
||||
|
||||
==== Website
|
||||
|
||||
You will find lots of useful information on the Wireshark homepage at
|
||||
{wireshark-main-url}.
|
||||
|
||||
[[ChIntroWiki]]
|
||||
[#ChIntroWiki]
|
||||
|
||||
==== Wiki
|
||||
|
||||
|
@ -312,7 +312,7 @@ And best of all, if you would like to contribute your knowledge on a
|
|||
specific topic (maybe a network protocol you know well), you can edit the
|
||||
Wiki pages by simply using your webbrowser.
|
||||
|
||||
[[ChIntroFAQ]]
|
||||
[#ChIntroFAQ]
|
||||
|
||||
|
||||
==== FAQ
|
||||
|
@ -332,7 +332,7 @@ An online version is available at the Wireshark website:
|
|||
{wireshark-faq-url}. You might prefer this online version as it’s
|
||||
typically more up to date and the HTML format is easier to use.
|
||||
|
||||
[[ChIntroOtherSources]]
|
||||
[#ChIntroOtherSources]
|
||||
|
||||
==== Other sources
|
||||
|
||||
|
@ -359,7 +359,7 @@ APIs available to the dissector developer, etc.
|
|||
|
||||
* The different mailing lists. See <<ChIntroMailingLists>>
|
||||
|
||||
[[ChIntroQA]]
|
||||
[#ChIntroQA]
|
||||
|
||||
==== Q&A Site
|
||||
|
||||
|
@ -370,7 +370,7 @@ knew about the issue. Answers are graded, so you can pick out the best
|
|||
ones easily. If your issue isn't discussed before you can post one
|
||||
yourself.
|
||||
|
||||
[[ChIntroMailingLists]]
|
||||
[#ChIntroMailingLists]
|
||||
|
||||
==== Mailing Lists
|
||||
|
||||
|
@ -413,14 +413,14 @@ question and maybe already got an answer. That way you don't have to wait until
|
|||
someone answers your question.
|
||||
====
|
||||
|
||||
[[ChIntroBugDatabase]]
|
||||
[#ChIntroBugDatabase]
|
||||
|
||||
==== Bug Database (Gitlab Issues)
|
||||
|
||||
The Wireshark community collects bug reports in an issues database at {wireshark-bugs-url}.
|
||||
This database is filled with manually filed bug reports, usually after some discussion on wireshark-dev, and automatic bug reports from continuous integration jobs.
|
||||
|
||||
[[ChIntroReportProblems]]
|
||||
[#ChIntroReportProblems]
|
||||
|
||||
==== Reporting Problems
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSDG Chapter Libraries
|
||||
|
||||
[[ChapterLibraries]]
|
||||
[#ChapterLibraries]
|
||||
|
||||
== Library Reference
|
||||
|
||||
[[ChLibIntro]]
|
||||
[#ChLibIntro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -29,7 +29,7 @@ https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
|||
See <<ChLibsSetup>> for an easier way to install them.
|
||||
====
|
||||
|
||||
[[ChLibsFormat]]
|
||||
[#ChLibsFormat]
|
||||
|
||||
=== Binary Library Formats
|
||||
|
||||
|
@ -37,7 +37,7 @@ Binary libraries are available in different formats, depending on the C
|
|||
compiler used to build it and of course the platform they were built for.
|
||||
|
||||
|
||||
[[ChLibsFormatUnix]]
|
||||
[#ChLibsFormatUnix]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -48,7 +48,7 @@ available as a package from the platform installer, or you can download
|
|||
and compile the source and then install the binaries.
|
||||
|
||||
|
||||
[[ChLibsFormatWin32]]
|
||||
[#ChLibsFormatWin32]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -57,7 +57,7 @@ Most of the Win32 binary libraries you will find on the web are in this
|
|||
format. You will recognize MSVC libraries by the .lib/.dll file extension.
|
||||
|
||||
|
||||
[[ChLibsSetup]]
|
||||
[#ChLibsSetup]
|
||||
|
||||
=== Windows Automated Library Download
|
||||
|
||||
|
@ -73,7 +73,7 @@ You may also directly set the library directory with the environment variable
|
|||
WIRESHARK_LIB_DIR, but if you switch between 32 bit and 64 bit builds, the value of this
|
||||
must be set appropriately.
|
||||
|
||||
[[ChLibsQt]]
|
||||
[#ChLibsQt]
|
||||
|
||||
=== Qt
|
||||
|
||||
|
@ -82,7 +82,7 @@ platform independent UI. Wireshark can be built with Qt 5.3 or later.
|
|||
|
||||
For more information on the Qt libraries, see <<ChUIQt>>.
|
||||
|
||||
[[ChLibsUnixQt]]
|
||||
[#ChLibsUnixQt]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -95,7 +95,7 @@ _qtmultimedia5-dev_, and possibly others.
|
|||
The Qt Project provides an installation tool for macOS, similar to Windows.
|
||||
It is available at https://www.qt.io/download-open-source/#section-2[].
|
||||
|
||||
[[ChLibsWin32Qt]]
|
||||
[#ChLibsWin32Qt]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -105,7 +105,7 @@ Note that separate installations (into different directories) of Qt are required
|
|||
The environment variable `https://doc.qt.io/qt-5/cmake-get-started.html[CMAKE_PREFIX_PATH]` should be set to your Qt installation directory, e.g. _C:\Qt{backslash}{qt-lts-version}.2\msvc2019_64_.
|
||||
You can alternatively set QT5_BASE_DIR to your Qt installation path, but this is no longer recommended.
|
||||
|
||||
[[ChLibsGLib]]
|
||||
[#ChLibsGLib]
|
||||
|
||||
=== GLib And Supporting Libraries
|
||||
|
||||
|
@ -118,7 +118,7 @@ typically not come into contact with these while doing Wireshark
|
|||
development. Wireshark's build system check for and require both GLib
|
||||
and its dependencies.
|
||||
|
||||
[[ChLibsUnixGLib]]
|
||||
[#ChLibsUnixGLib]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -127,7 +127,7 @@ The GLib library is available for most Linux distributions and UNIX
|
|||
flavors. If it isn't already installed and isn't available as a package
|
||||
for your platform, you can get it at https://wiki.gnome.org/Projects/GLib[].
|
||||
|
||||
[[ChLibsWin32GLib]]
|
||||
[#ChLibsWin32GLib]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -137,13 +137,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsCares]]
|
||||
[#ChLibsCares]
|
||||
|
||||
=== c-ares
|
||||
|
||||
C-Ares is used for asynchronous DNS resolution and lets us resolve names with a minimal performance impact.
|
||||
|
||||
[[ChLibsUnixCares]]
|
||||
[#ChLibsUnixCares]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -151,7 +151,7 @@ C-Ares is used for asynchronous DNS resolution and lets us resolve names with a
|
|||
If this library isn't already installed or available as a package for your
|
||||
platform, you can get it at https://c-ares.org/[].
|
||||
|
||||
[[ChLibsWin32Cares]]
|
||||
[#ChLibsWin32Cares]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -161,13 +161,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsSMI]]
|
||||
[#ChLibsSMI]
|
||||
|
||||
=== SMI (Optional)
|
||||
|
||||
LibSMI is used for MIB and PIB parsing and for OID resolution.
|
||||
|
||||
[[ChLibsUnixSMI]]
|
||||
[#ChLibsUnixSMI]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -176,7 +176,7 @@ If this library isn't already installed or available as a
|
|||
package for your platform, you can get it at
|
||||
https://www.ibr.cs.tu-bs.de/projects/libsmi/[].
|
||||
|
||||
[[ChLibsWin32SMI]]
|
||||
[#ChLibsWin32SMI]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -189,7 +189,7 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsZlib]]
|
||||
[#ChLibsZlib]
|
||||
|
||||
=== zlib (Optional)
|
||||
|
||||
|
@ -202,7 +202,7 @@ patents -- lossless data-compression library for use on virtually any computer
|
|||
hardware and operating system.
|
||||
____
|
||||
|
||||
[[ChLibsUnixZlib]]
|
||||
[#ChLibsUnixZlib]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -211,7 +211,7 @@ This library is almost certain to be installed on your system. If it isn't or
|
|||
you don't want to use the default library you can download it from
|
||||
https://www.zlib.net/[].
|
||||
|
||||
[[ChLibsWin32Zlib]]
|
||||
[#ChLibsWin32Zlib]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -221,14 +221,14 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsPcap]]
|
||||
[#ChLibsPcap]
|
||||
|
||||
=== libpcap or Npcap (Optional, But Strongly Recommended)
|
||||
|
||||
Libpcap and Npcap provide the packet capture capabilities that are central
|
||||
to Wireshark’s core functionality.
|
||||
|
||||
[[ChLibsLibpcap]]
|
||||
[#ChLibsLibpcap]
|
||||
|
||||
[discrete]
|
||||
==== Unix: libpcap
|
||||
|
@ -236,7 +236,7 @@ to Wireshark’s core functionality.
|
|||
If this library isn't already installed or available as a package for your
|
||||
platform, you can get it at {tcpdump-main-url}.
|
||||
|
||||
[[ChLibsWinpPcap]]
|
||||
[#ChLibsWinpPcap]
|
||||
|
||||
[discrete]
|
||||
==== Windows: Npcap
|
||||
|
@ -259,14 +259,14 @@ to purchase a redistribution license. Please see {npcap-main-url} for
|
|||
more details.
|
||||
====
|
||||
|
||||
[[ChLibsGNUTLS]]
|
||||
[#ChLibsGNUTLS]
|
||||
|
||||
=== GnuTLS (Optional)
|
||||
|
||||
The GNU Transport Layer Security Library is used to enable TLS decryption
|
||||
using an RSA private key.
|
||||
|
||||
[[ChLibsUnixGNUTLS]]
|
||||
[#ChLibsUnixGNUTLS]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -275,7 +275,7 @@ If this library isn't already installed or available as a
|
|||
package for your platform, you can get it at
|
||||
https://gnutls.org/[].
|
||||
|
||||
[[ChLibsWin32GNUTLS]]
|
||||
[#ChLibsWin32GNUTLS]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -285,7 +285,7 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsGcrypt]]
|
||||
[#ChLibsGcrypt]
|
||||
|
||||
=== Gcrypt
|
||||
|
||||
|
@ -293,7 +293,7 @@ The Gcrypt Library is a low-level cryptographic library that provides
|
|||
support for many ciphers and message authentication codes, such as DES, 3DES,
|
||||
AES, Blowfish, SHA-1, SHA-256, and others.
|
||||
|
||||
[[ChLibsUnixGcrypt]]
|
||||
[#ChLibsUnixGcrypt]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -302,7 +302,7 @@ If this library isn't already installed or available as a
|
|||
package for your platform, you can get it at
|
||||
https://directory.fsf.org/wiki/Libgcrypt[].
|
||||
|
||||
[[ChLibsWin32Gcrypt]]
|
||||
[#ChLibsWin32Gcrypt]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -312,14 +312,14 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsKerberos]]
|
||||
[#ChLibsKerberos]
|
||||
|
||||
=== Kerberos (Optional)
|
||||
|
||||
The Kerberos library is used to dissect Kerberos, sealed DCERPC and
|
||||
secure LDAP protocols.
|
||||
|
||||
[[ChLibsUnixKerberos]]
|
||||
[#ChLibsUnixKerberos]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -328,7 +328,7 @@ If this library isn't already installed or available as a
|
|||
package for your platform, you can get it at
|
||||
https://web.mit.edu/Kerberos/dist/[].
|
||||
|
||||
[[ChLibsWin32Kerberos]]
|
||||
[#ChLibsWin32Kerberos]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -338,13 +338,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsLua]]
|
||||
[#ChLibsLua]
|
||||
|
||||
=== Lua (Optional)
|
||||
|
||||
The Lua library is used to add scripting support to Wireshark.
|
||||
|
||||
[[ChLibsUnixLua]]
|
||||
[#ChLibsUnixLua]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -353,7 +353,7 @@ If this library isn't already installed or available as a
|
|||
package for your platform, you can get it at
|
||||
https://www.lua.org/download.html[].
|
||||
|
||||
[[ChLibsWin32Lua]]
|
||||
[#ChLibsWin32Lua]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -363,7 +363,7 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsMaxMindDB]]
|
||||
[#ChLibsMaxMindDB]
|
||||
|
||||
=== MaxMindDB (Optional)
|
||||
|
||||
|
@ -380,13 +380,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
|
|||
and
|
||||
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
|
||||
|
||||
[[ChLibsSparkle]]
|
||||
[#ChLibsSparkle]
|
||||
|
||||
=== WinSparkle (Optional)
|
||||
|
||||
WinSparkle is an easy-to-use software update library for Windows developers.
|
||||
|
||||
[[ChLibsWinSparkle]]
|
||||
[#ChLibsWinSparkle]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
// WSDG Chapter Setup
|
||||
|
||||
[[ChapterSetup]]
|
||||
[#ChapterSetup]
|
||||
|
||||
== Quick Setup
|
||||
|
||||
[[ChSetupUNIX]]
|
||||
[#ChSetupUNIX]
|
||||
|
||||
=== UNIX: Installation and Build Instructions
|
||||
|
||||
[[ChSetupUNIXBuildEnvironmentSetup]]
|
||||
[#ChSetupUNIXBuildEnvironmentSetup]
|
||||
|
||||
==== Build environment setup
|
||||
|
||||
|
@ -75,7 +75,7 @@ can install that tool from source code. The following sections
|
|||
will provide you with the webpage addresses where you can get
|
||||
these sources.
|
||||
|
||||
[[ChSetupUNIXBuild]]
|
||||
[#ChSetupUNIXBuild]
|
||||
|
||||
==== Building
|
||||
|
||||
|
@ -211,7 +211,7 @@ Known traps are:
|
|||
|
||||
====
|
||||
|
||||
[[ChSetupChocolatey]]
|
||||
[#ChSetupChocolatey]
|
||||
|
||||
==== Recommended: Install Chocolatey
|
||||
|
||||
|
@ -233,7 +233,7 @@ You can install Chocolatey packages using the command `choco install` (or its sh
|
|||
----
|
||||
|
||||
|
||||
[[ChSetupMSVC]]
|
||||
[#ChSetupMSVC]
|
||||
|
||||
==== Install Microsoft Visual Studio
|
||||
|
||||
|
@ -276,7 +276,7 @@ Why is this recommended?
|
|||
While this is a huge download, the Community Editions of Visual Studio are free (as in beer) and include the Visual Studio integrated debugger.
|
||||
Visual Studio 2019 is also used to create official Wireshark builds, so it will likely have fewer development-related problems.
|
||||
|
||||
[[ChSetupQt]]
|
||||
[#ChSetupQt]
|
||||
|
||||
==== Install Qt
|
||||
|
||||
|
@ -297,7 +297,7 @@ The environment variable `https://doc.qt.io/qt-5/cmake-get-started.html[CMAKE_PR
|
|||
The Qt maintenance tool (_C:\Qt\MaintenanceTool.exe_) can be used to
|
||||
upgrade Qt to newer versions.
|
||||
|
||||
[[ChSetupPython]]
|
||||
[#ChSetupPython]
|
||||
|
||||
==== Install Python
|
||||
|
||||
|
@ -335,7 +335,7 @@ PS$> choco install -y activeperl
|
|||
// winget has StrawberryPerl.
|
||||
// https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/StrawberryPerl/StrawberryPerl
|
||||
|
||||
[[ChSetupGit]]
|
||||
[#ChSetupGit]
|
||||
|
||||
==== Install Git
|
||||
|
||||
|
@ -389,7 +389,7 @@ A list of other GUI interfaces for Git can be found at
|
|||
https://git-scm.com/downloads/guis
|
||||
|
||||
|
||||
[[ChSetupCMake]]
|
||||
[#ChSetupCMake]
|
||||
|
||||
==== Install CMake
|
||||
|
||||
|
@ -410,7 +410,7 @@ PS$> choco install -y cmake
|
|||
|
||||
Chocolatey ensures cmake.exe is on your path.
|
||||
|
||||
[[ChSetupAsciidoctor]]
|
||||
[#ChSetupAsciidoctor]
|
||||
|
||||
==== Install Asciidoctor, Xsltproc, And DocBook
|
||||
|
||||
|
@ -493,7 +493,7 @@ Make sure your repository path doesn't contain spaces.
|
|||
. Click the btn:[Clone] button. Git Extensions should start cloning the
|
||||
Wireshark repository.
|
||||
|
||||
[[ChSetupPrepareCommandCom]]
|
||||
[#ChSetupPrepareCommandCom]
|
||||
|
||||
==== Open a Visual Studio Command Prompt
|
||||
|
||||
|
@ -558,7 +558,7 @@ to create and jump into the build directory.
|
|||
The build directory can be deleted at any time and the build files regenerated as detailed in <<ChWin32Generate>>.
|
||||
--
|
||||
|
||||
[[ChWin32Generate]]
|
||||
[#ChWin32Generate]
|
||||
|
||||
==== Generate the build files
|
||||
|
||||
|
@ -602,7 +602,7 @@ If you get any other output, there is an issue in your environment that must be
|
|||
Check the parameters passed to CMake, especially the `-G` option and the path to the Wireshark sources and
|
||||
the environment variables `WIRESHARK_BASE_DIR` and `CMAKE_PREFIX_PATH`.
|
||||
|
||||
[[ChWin32Build]]
|
||||
[#ChWin32Build]
|
||||
|
||||
==== Build Wireshark
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
[[ChapterSources]]
|
||||
[#ChapterSources]
|
||||
|
||||
== Work with the Wireshark sources
|
||||
|
||||
[[ChSrcIntro]]
|
||||
[#ChSrcIntro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -19,7 +19,7 @@ This chapter will not explain the source file contents in detail,
|
|||
such as where to find specific functionality. This is done in
|
||||
<<ChCodeOverview>>.
|
||||
|
||||
[[ChSrcGitRepository]]
|
||||
[#ChSrcGitRepository]
|
||||
|
||||
=== The Wireshark Git repository
|
||||
|
||||
|
@ -50,7 +50,7 @@ Using Wireshark’s GitLab project you can:
|
|||
* Browse and search the source code using a web interface.
|
||||
* See which person changed a specific piece of code.
|
||||
|
||||
[[ChSrcWebInterface]]
|
||||
[#ChSrcWebInterface]
|
||||
|
||||
==== Git Naming Conventions
|
||||
|
||||
|
@ -79,7 +79,7 @@ If you need a quick look at the Wireshark source code you can browse the reposit
|
|||
You can view commit logs, branches, and tags, find files and search the repository contents.
|
||||
You can also download individual files.
|
||||
|
||||
[[ChSrcObtain]]
|
||||
[#ChSrcObtain]
|
||||
=== Obtaining The Wireshark Sources
|
||||
|
||||
There are two primary ways to obtain Wireshark’s source code: Git and compressed .tar archives.
|
||||
|
@ -152,7 +152,7 @@ The `--shallow-since=1year` option limits cloned commits to the last 1 year.
|
|||
The `--depth=5000` option limits cloned commits to the last 5000.
|
||||
--
|
||||
|
||||
[[ChSrcDevelopmentSnapshots]]
|
||||
[#ChSrcDevelopmentSnapshots]
|
||||
==== Development Snapshots
|
||||
|
||||
This method is useful for one-off builds or if Git is inaccessible (e.g. because of a restrictive firewall).
|
||||
|
@ -161,7 +161,7 @@ Our GitLab CI configuration automatically generates development packages, includ
|
|||
They can be found at {wireshark-snapshots-url}.
|
||||
Packages are available for recent commits in the master branch and each release branch.
|
||||
|
||||
[[ChSrcReleased]]
|
||||
[#ChSrcReleased]
|
||||
==== Official Source Releases
|
||||
|
||||
This method is recommended for building downstream release packages.
|
||||
|
@ -169,7 +169,7 @@ This method is recommended for building downstream release packages.
|
|||
The official source releases can be found at {wireshark-download-url}.
|
||||
You should use these sources if you want to build Wireshark on your platform based on an official release with minimal or no changes, such as Linux distribution packages.
|
||||
|
||||
[[ChSrcUpdating]]
|
||||
[#ChSrcUpdating]
|
||||
=== Update Your Wireshark Sources
|
||||
|
||||
After you've obtained the Wireshark sources for the first time,
|
||||
|
@ -194,7 +194,7 @@ You can do so by running:
|
|||
$ git pull --rebase upstream master
|
||||
----
|
||||
|
||||
[[ChSrcBuildFirstTime]]
|
||||
[#ChSrcBuildFirstTime]
|
||||
=== Build Wireshark
|
||||
|
||||
The sources contain several documentation files. It’s a good idea to read these
|
||||
|
@ -223,7 +223,7 @@ Follow the build procedure in <<ChSetupWindows>> to build Wireshark.
|
|||
After the build process has successfully finished, you should find a
|
||||
`Wireshark.exe` and some other files in the `run\RelWithDebInfo` directory.
|
||||
|
||||
[[ChSrcRunFirstTime]]
|
||||
[#ChSrcRunFirstTime]
|
||||
=== Run Your Version Of Wireshark
|
||||
|
||||
|
||||
|
@ -236,7 +236,7 @@ running the first time, it might be a good idea to remove the previously
|
|||
installed version first.
|
||||
====
|
||||
|
||||
[[ChSrcRunFirstTimeUnix]]
|
||||
[#ChSrcRunFirstTimeUnix]
|
||||
==== Unix-Like Platforms
|
||||
|
||||
After a successful build you can run Wireshark right from the `run` directory.
|
||||
|
@ -252,7 +252,7 @@ Running Wireshark this way can be helpful since debugging output will be display
|
|||
You can also change Wireshark’s behavior by setting various environment variables.
|
||||
See the {wireshark-man-page-url}wireshark.html#ENVIRONMENT-VARIABLES[ENVIRONMENT VARIABLES] section of the Wireshark man page for more details.
|
||||
|
||||
[[ChSrcRunFirstTimeWin32]]
|
||||
[#ChSrcRunFirstTimeWin32]
|
||||
==== Windows Native
|
||||
|
||||
By default the CMake-generated Visual {cpp} project places all of the files necessary to run Wireshark in the subdirectory `run\RelWithDebInfo`.
|
||||
|
@ -264,10 +264,10 @@ As with the Unix-like build described above, you can run Wireshark from the buil
|
|||
----
|
||||
|
||||
|
||||
[[ChSrcDebug]]
|
||||
[#ChSrcDebug]
|
||||
=== Debug Your Version Of Wireshark
|
||||
|
||||
[[ChSrcUnixDebug]]
|
||||
[#ChSrcUnixDebug]
|
||||
==== Unix-Like Platforms
|
||||
|
||||
You can debug using command-line debuggers such as gdb, dbx, or lldb.
|
||||
|
@ -293,13 +293,13 @@ $ cmake .. -G Ninja -DENABLE_ASAN=1
|
|||
|
||||
See https://developer-old.gnome.org/glib/stable/glib-running.html
|
||||
|
||||
[[ChSrcWin32Debug]]
|
||||
[#ChSrcWin32Debug]
|
||||
==== Windows Native
|
||||
|
||||
You can debug using the Visual Studio Debugger or WinDbg. See the section
|
||||
on using the <<ChToolsDebugger, Debugger Tools>>.
|
||||
|
||||
[[ChSrcChange]]
|
||||
[#ChSrcChange]
|
||||
=== Make Changes To The Wireshark Sources
|
||||
|
||||
There are several reasons why you might want to change Wireshark’s sources:
|
||||
|
@ -331,7 +331,7 @@ hard to see).
|
|||
|
||||
// XXX - Add a section on branching.
|
||||
|
||||
[[ChSrcContribute]]
|
||||
[#ChSrcContribute]
|
||||
=== Contribute Your Changes
|
||||
|
||||
If you have finished changing the Wireshark sources to suit your needs, you might want to contribute your changes back to the Wireshark community.
|
||||
|
@ -353,7 +353,7 @@ Only a few people are authorised to actually make changes to the source code (ch
|
|||
If you want to submit your changes, you should upload them to the code review system at {wireshark-code-review-url}.
|
||||
This requires you to set up git as described at <<ChSrcGit>>.
|
||||
|
||||
[[ChSrcCreatingMergeRequests]]
|
||||
[#ChSrcCreatingMergeRequests]
|
||||
==== Creating Merge Requests
|
||||
|
||||
// To do:
|
||||
|
@ -473,7 +473,7 @@ Press it.
|
|||
// https://github.com/vishwanatharondekar/gitlab-cli - Might work well for people who don't mind using NPM.
|
||||
|
||||
|
||||
[[ChSrcUpdatingMergeRequests]]
|
||||
[#ChSrcUpdatingMergeRequests]
|
||||
==== Updating Merge Requests
|
||||
|
||||
At this point various automated tests will be run and someone will review your change.
|
||||
|
@ -507,7 +507,7 @@ $ git push downstream HEAD
|
|||
The `+` sign is shorthand for forcing the push (`-f`).
|
||||
--
|
||||
|
||||
[[ChSrcGoodPatch]]
|
||||
[#ChSrcGoodPatch]
|
||||
==== Some Tips For A Good Patch
|
||||
|
||||
Some tips that will make the merging of your changes into Git much more likely
|
||||
|
@ -541,7 +541,7 @@ As a result, we can’t guarantee a quick turnaround time.
|
|||
Wireshark’s GitLab CI jobs are disabled by default for forks, but if you need to test any CI jobs you can do so under the “Pipelines” section in your repository.
|
||||
For example, if your change might affect Debian (apt) packaging you can run the “build:debian-stable” job.
|
||||
|
||||
[[ChSrcGoodCommitMessage]]
|
||||
[#ChSrcGoodCommitMessage]
|
||||
==== Writing a Good Commit Message
|
||||
|
||||
When running `git commit`, you will be prompted to describe your change.
|
||||
|
@ -572,7 +572,7 @@ APN field is not encoded as a dotted string so the first character is not a
|
|||
length. Closes #10323.
|
||||
----
|
||||
|
||||
[[ChSrcCodeRequirements]]
|
||||
[#ChSrcCodeRequirements]
|
||||
|
||||
==== Code Requirements
|
||||
|
||||
|
@ -630,7 +630,7 @@ In our case fuzzing involves making random changes to capture files and feeding
|
|||
There are tools available to automatically do this on any number of input files.
|
||||
See {wireshark-wiki-url}FuzzTesting for details.
|
||||
|
||||
[[ChSrcUpload]]
|
||||
[#ChSrcUpload]
|
||||
|
||||
////
|
||||
==== Uploading your changes
|
||||
|
@ -677,7 +677,7 @@ to the developer’s list asking for status. But please be patient: most if not
|
|||
all of us do this in our spare time.
|
||||
////
|
||||
|
||||
[[ChSrcBackport]]
|
||||
[#ChSrcBackport]
|
||||
==== Backporting A Change
|
||||
|
||||
:example-branch: master-3.2
|
||||
|
@ -714,7 +714,7 @@ You can also cherry-pick changes in the https://docs.gitlab.com/ee/user/project/
|
|||
|
||||
////
|
||||
// XXX Is this relevant any more?
|
||||
[[ChSrcPatchApply]]
|
||||
[#ChSrcPatchApply]
|
||||
=== Apply a patch from someone else
|
||||
|
||||
Sometimes you need to apply a patch to your private source tree. Maybe
|
||||
|
@ -729,7 +729,7 @@ If you have problems applying a patch, make sure the line endings (CR/LF)
|
|||
of the patch and your source files match.
|
||||
====
|
||||
|
||||
[[ChSrcPatchUse]]
|
||||
[#ChSrcPatchUse]
|
||||
==== Using patch
|
||||
|
||||
Given the file _new.diff_ containing a unified diff,
|
||||
|
@ -779,7 +779,7 @@ that, especially if they're only patching files that exist in multiple
|
|||
directories such as _CMakeLists.txt_.
|
||||
////
|
||||
|
||||
[[ChSrcBinary]]
|
||||
[#ChSrcBinary]
|
||||
|
||||
=== Binary Packaging
|
||||
|
||||
|
@ -787,7 +787,7 @@ Delivering binary packages makes it much easier for the end-users to
|
|||
install Wireshark on their target system. This section will explain how
|
||||
the binary packages are made.
|
||||
|
||||
[[ChSrcVersioning]]
|
||||
[#ChSrcVersioning]
|
||||
|
||||
==== Packaging Guidelines
|
||||
|
||||
|
@ -917,7 +917,7 @@ If you have a question not addressed here, please contact
|
|||
{wireshark-dev-list-email}.
|
||||
|
||||
|
||||
[[ChSrcDeb]]
|
||||
[#ChSrcDeb]
|
||||
|
||||
==== Debian: .deb Packages
|
||||
|
||||
|
@ -936,7 +936,7 @@ dpkg-buildpackage -b -us -uc -jauto
|
|||
|
||||
to build the Debian Package.
|
||||
|
||||
[[ChSrcRpm]]
|
||||
[#ChSrcRpm]
|
||||
|
||||
==== Red Hat: .rpm Packages
|
||||
|
||||
|
@ -997,7 +997,7 @@ obtained by installing the _qt5-devel_ package. For a complete list of
|
|||
build requirements, look for the “BuildRequires” lines in
|
||||
_packaging/rpm/wireshark.spec.in_.
|
||||
|
||||
[[ChSrcOSX]]
|
||||
[#ChSrcOSX]
|
||||
|
||||
==== macOS: .dmg Packages
|
||||
|
||||
|
@ -1015,7 +1015,7 @@ make dmg_package
|
|||
|
||||
to build the macOS Package.
|
||||
|
||||
[[ChSrcNSIS]]
|
||||
[#ChSrcNSIS]
|
||||
|
||||
==== Windows: NSIS .exe Installer
|
||||
|
||||
|
@ -1046,7 +1046,7 @@ If everything went well, you will now find something like:
|
|||
_wireshark-setup-{wireshark-version}.exe_ in
|
||||
the _packaging/nsis_ directory in your build directory.
|
||||
|
||||
[[ChSrcPortableApps]]
|
||||
[#ChSrcPortableApps]
|
||||
|
||||
==== Windows: PortableApps .paf.exe Package
|
||||
|
||||
|
@ -1082,7 +1082,7 @@ If everything went well, you will now find something like:
|
|||
_WiresharkPortable64_{wireshark-version}.paf.exe_ in
|
||||
the _packaging/portableapps_ directory.
|
||||
|
||||
[[ChSrcMimeTypes]]
|
||||
[#ChSrcMimeTypes]
|
||||
|
||||
=== Mime Types
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// WSDG Chapter Tests
|
||||
|
||||
[[ChapterTests]]
|
||||
[#ChapterTests]
|
||||
== Wireshark Tests
|
||||
|
||||
The Wireshark sources include a collection of Python scripts that test
|
||||
|
@ -12,7 +12,7 @@ The command line options of Wireshark and its companion command line
|
|||
tools are numerous. These tests help to ensure that we don't introduce
|
||||
bugs as Wireshark grows and evolves.
|
||||
|
||||
[[TestsQuickStart]]
|
||||
[#TestsQuickStart]
|
||||
=== Quick Start
|
||||
|
||||
The recommended steps to prepare for and to run tests:
|
||||
|
@ -38,12 +38,12 @@ see all options. For more details, see <<ChTestsRun>>.
|
|||
|
||||
CMake currently runs `test/test.py` when the “test” target is built.
|
||||
|
||||
[[ChTestsStructure]]
|
||||
[#ChTestsStructure]
|
||||
=== Test suite structure
|
||||
|
||||
The following sections describes how the test suite is organized.
|
||||
|
||||
[[TestCoverage]]
|
||||
[#TestCoverage]
|
||||
==== Test Coverage And Availability
|
||||
|
||||
The testing framework can run programs and check their stdout, stderr,
|
||||
|
@ -63,7 +63,7 @@ If a feature is unavailable, the test will be skipped. For example, if
|
|||
an old version of Libgcrypt is in use, then some decryption tests will
|
||||
be skipped while other tests can still run to completion.
|
||||
|
||||
[[TestsLayout]]
|
||||
[#TestsLayout]
|
||||
==== Suites, Cases, and Tests
|
||||
|
||||
The `test/test.py` script uses Python's “unittest” module. Our tests are
|
||||
|
@ -76,7 +76,7 @@ capture filter test in the TShark capture command line options test case
|
|||
in the command line options suite has the ID
|
||||
“suite_clopts.case_tshark_capture_clopts.test_tshark_invalid_capfilter”.
|
||||
|
||||
[[TestsPytest]]
|
||||
[#TestsPytest]
|
||||
==== pytest fixtures
|
||||
|
||||
A test has typically additional dependencies, like the path to an
|
||||
|
@ -105,7 +105,7 @@ Each unittest test case must be decorated with
|
|||
`@fixtures.uses_fixtures` to ensure that unittest test classes can
|
||||
actually request fixture dependencies.
|
||||
|
||||
[[ChTestsRun]]
|
||||
[#ChTestsRun]
|
||||
=== Listing And Running Tests
|
||||
|
||||
Tests can be run via the `test/test.py` Python script. To run all tests,
|
||||
|
@ -157,7 +157,7 @@ $ python3 test/test.py suite_clopts
|
|||
|
||||
Run `python3 test/test.py --help` for all available options.
|
||||
|
||||
[[ChTestsRunPytest]]
|
||||
[#ChTestsRunPytest]
|
||||
=== Listing And Running Tests (pytest)
|
||||
|
||||
Tests can also be run with https://pytest.org/[pytest]. Advantages include finer
|
||||
|
@ -233,7 +233,7 @@ Note that with the option `--pdb`, stray processes are not killed on
|
|||
test failures since the `SubprocessTestCase.tearDown` method is not
|
||||
executed. This limitation might be addressed in the future.
|
||||
|
||||
[[ChTestsDevelop]]
|
||||
[#ChTestsDevelop]
|
||||
=== Adding Or Modifying Built-In Tests
|
||||
|
||||
Tests must be in a Python module whose name matches “suite_*.py”. The
|
||||
|
@ -302,7 +302,7 @@ be unique for each test. “subprocesstest.filename_from_id” can be used
|
|||
to generate a filename based on the current test name. It also ensures
|
||||
that the file will be automatically removed after the test has run.
|
||||
|
||||
[[ChTestsExternal]]
|
||||
[#ChTestsExternal]
|
||||
=== Adding Or Modifying External Tests
|
||||
|
||||
You can test the dissection of files outside the Wireshark source code repository by using the external test generator, which creates tests using a JSON configuration file.
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSDG Chapter Tools
|
||||
|
||||
[[ChapterTools]]
|
||||
[#ChapterTools]
|
||||
|
||||
== Tool Reference
|
||||
|
||||
[[ChToolsIntro]]
|
||||
[#ChToolsIntro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -43,7 +43,7 @@ for the UNIX based tools with `**toolname** --help` or the man page via `man
|
|||
You will find explanations of the tool usage for some of the specific
|
||||
development tasks in <<ChapterSources>>.
|
||||
|
||||
[[ChToolsChocolatey]]
|
||||
[#ChToolsChocolatey]
|
||||
=== Chocolatey
|
||||
|
||||
Chocolatey is a Windows package manager that can be used to install (and update)
|
||||
|
@ -73,7 +73,7 @@ python.org.
|
|||
Other package managers for Windows include the https://docs.microsoft.com/en-us/windows/package-manager/[Windows Package Manager (winget)] and https://scoop.sh/[Scoop].
|
||||
As of January 2022 neither option provides all of the packages we require, but that might change in the future.
|
||||
|
||||
[[ChToolsCMake]]
|
||||
[#ChToolsCMake]
|
||||
|
||||
=== CMake
|
||||
|
||||
|
@ -144,11 +144,11 @@ Useful variables: https://gitlab.kitware.com/cmake/community/wikis/doc/cmake/Use
|
|||
|
||||
Frequently Asked Questions: https://gitlab.kitware.com/cmake/community/wikis/FAQ
|
||||
|
||||
[[ChToolsGNUChain]]
|
||||
[#ChToolsGNUChain]
|
||||
|
||||
=== GNU Compiler Toolchain (UNIX And UNIX-like Platforms)
|
||||
|
||||
[[ChToolsGCC]]
|
||||
[#ChToolsGCC]
|
||||
|
||||
==== gcc (GNU Compiler Collection)
|
||||
|
||||
|
@ -178,7 +178,7 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|||
|
||||
Your version string may vary, of course.
|
||||
|
||||
[[ChToolsGDB]]
|
||||
[#ChToolsGDB]
|
||||
|
||||
==== gdb (GNU Project Debugger)
|
||||
|
||||
|
@ -212,7 +212,7 @@ There is NO WARRANTY, to the extent permitted by law.
|
|||
|
||||
Your version string may vary, of course.
|
||||
|
||||
[[ChToolsGNUmake]]
|
||||
[#ChToolsGNUmake]
|
||||
|
||||
==== make (GNU Make)
|
||||
|
||||
|
@ -263,7 +263,7 @@ available as a package for your platform, you can get it from:
|
|||
https://ninja-build.org. You can download the source code or binaries
|
||||
for Linux, macOS, and Windows (we have not tested Ninja on Windows).
|
||||
|
||||
[[ChToolsMSChain]]
|
||||
[#ChToolsMSChain]
|
||||
|
||||
=== Microsoft compiler toolchain (Windows native)
|
||||
|
||||
|
@ -395,7 +395,7 @@ However, the version string may vary.
|
|||
Documentation on the linker can be found at
|
||||
https://docs.microsoft.com/en-us/cpp/build/reference/linking?view=vs-2019[Microsoft Docs]
|
||||
|
||||
[[msvc-runtime-redistributable]]
|
||||
[#msvc-runtime-redistributable]
|
||||
|
||||
==== Visual {cpp} Runtime “Redistributable” Files
|
||||
|
||||
|
@ -445,7 +445,7 @@ include new and updated APIs.
|
|||
When you purchase a commercial Visual Studio or use the Community
|
||||
Edition, it will include an SDK.
|
||||
|
||||
[[ChToolsDocumentationToolchain]]
|
||||
[#ChToolsDocumentationToolchain]
|
||||
=== Documentation Toolchain
|
||||
|
||||
Wireshark’s documentation is split across two directories.
|
||||
|
@ -492,7 +492,7 @@ These are available via installable packages on most Linux distributions, Chocol
|
|||
http://xmlsoft.org/xslt/[xsltproc] converts DocBook XML to various formats based on XSL stylesheets.
|
||||
It either ships as part of the operating system or is available via an installable package on most Linux distributions, Chocolatey, and Homebrew.
|
||||
|
||||
[[ChToolsDebugger]]
|
||||
[#ChToolsDebugger]
|
||||
|
||||
=== Debugger
|
||||
|
||||
|
@ -501,7 +501,7 @@ Using a good debugger can save you a lot of development time.
|
|||
The debugger you use must match the C compiler Wireshark was compiled with,
|
||||
otherwise the debugger will simply fail or you will only see a lot of garbage.
|
||||
|
||||
[[ChToolsMSVCDebugger]]
|
||||
[#ChToolsMSVCDebugger]
|
||||
|
||||
==== Visual Studio Integrated Debugger
|
||||
|
||||
|
@ -544,7 +544,7 @@ order of statements can jump around.
|
|||
|
||||
If you require a non-optimised version, then build using a debug configuration.
|
||||
|
||||
[[ChToolsMSDebuggingTools]]
|
||||
[#ChToolsMSDebuggingTools]
|
||||
|
||||
==== Debugging Tools For Windows
|
||||
|
||||
|
@ -574,13 +574,13 @@ If you require a non-optimised version, then build using a debug configuration,
|
|||
*`msbuild /m /p:Configuration=Debug Wireshark.sln`*. The build products will be found
|
||||
in C:\Development\wsbuild64\run\Debug\.
|
||||
|
||||
[[ChToolsBash]]
|
||||
[#ChToolsBash]
|
||||
|
||||
=== bash
|
||||
|
||||
The bash shell is needed to run several shell scripts.
|
||||
|
||||
[[ChToolsGNUBash]]
|
||||
[#ChToolsGNUBash]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -606,7 +606,7 @@ Copyright (C) 2016 Free Software Foundation, Inc.
|
|||
|
||||
Your version string will likely vary.
|
||||
|
||||
[[ChToolsPython]]
|
||||
[#ChToolsPython]
|
||||
|
||||
=== Python
|
||||
|
||||
|
@ -653,7 +653,7 @@ Python 3.5.1
|
|||
|
||||
Your version string may vary of course.
|
||||
|
||||
[[ChToolsPerl]]
|
||||
[#ChToolsPerl]
|
||||
|
||||
=== Perl
|
||||
|
||||
|
@ -663,7 +663,7 @@ https://www.perl.org[]. Perl is used to convert
|
|||
various text files into usable source code. Perl version 5.6
|
||||
and above should work fine.
|
||||
|
||||
[[ChToolsUnixPerl]]
|
||||
[#ChToolsUnixPerl]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -698,7 +698,7 @@ Internet, point your browser at http://www.perl.org/, the Perl Home Page.
|
|||
|
||||
However, the version string may vary.
|
||||
|
||||
[[ChToolsWindowsPerl]]
|
||||
[#ChToolsWindowsPerl]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -742,14 +742,14 @@ Built 18:08:02 Feb 4 2003
|
|||
|
||||
However, the version string may vary.
|
||||
|
||||
[[ChToolsFlex]]
|
||||
[#ChToolsFlex]
|
||||
|
||||
=== Flex
|
||||
|
||||
Flex is a lexical analyzer generator used for Wireshark’s display filters, some
|
||||
file formats, and other features.
|
||||
|
||||
[[ChToolsUnixFlex]]
|
||||
[#ChToolsUnixFlex]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -775,7 +775,7 @@ flex version 2.5.4
|
|||
|
||||
Your version string may vary.
|
||||
|
||||
[[ChToolsWindowsFlex]]
|
||||
[#ChToolsWindowsFlex]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -793,7 +793,7 @@ Native packages are available from other sources such as
|
|||
http://gnuwin32.sourceforge.net/packages/flex.htm[GnuWin]. They aren't
|
||||
officially supported but _should_ work.
|
||||
|
||||
[[ChToolsGit]]
|
||||
[#ChToolsGit]
|
||||
|
||||
=== Git client
|
||||
|
||||
|
@ -809,7 +809,7 @@ the different ways to obtain the Wireshark sources, see <<ChSrcObtain>>.
|
|||
You will find more instructions in <<ChSrcGit>> on how to use the Git
|
||||
client.
|
||||
|
||||
[[ChToolsUnixGit]]
|
||||
[#ChToolsUnixGit]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -833,7 +833,7 @@ git version 2.14.1
|
|||
|
||||
Your version will likely be different.
|
||||
|
||||
[[ChToolsWindowsGit]]
|
||||
[#ChToolsWindowsGit]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -862,7 +862,7 @@ git version 2.16.1.windows.1
|
|||
|
||||
However, the version string may vary.
|
||||
|
||||
[[ChToolsGitPowerShellExtensions]]
|
||||
[#ChToolsGitPowerShellExtensions]
|
||||
|
||||
=== Git Powershell Extensions (Optional)
|
||||
|
||||
|
@ -875,7 +875,7 @@ copy status. You can install it using Chocolatey:
|
|||
PS:\> choco install poshgit
|
||||
----
|
||||
|
||||
[[ChToolsGitGUI]]
|
||||
[#ChToolsGitGUI]
|
||||
|
||||
=== Git GUI Client (Optional)
|
||||
|
||||
|
@ -886,7 +886,7 @@ https://git-scm.com/downloads/guis[] for details.
|
|||
// [[ChToolsUnixGitGUI]]
|
||||
// XXX Add Gui client section
|
||||
|
||||
[[ChToolsPatch]]
|
||||
[#ChToolsPatch]
|
||||
|
||||
=== patch (Optional)
|
||||
|
||||
|
@ -900,7 +900,7 @@ handle patches for you.
|
|||
|
||||
// You will find more instructions in <<ChSrcPatchApply>>on how to use the patch tool.
|
||||
|
||||
[[ChToolsUnixPatch]]
|
||||
[#ChToolsUnixPatch]
|
||||
|
||||
[discrete]
|
||||
==== Unix
|
||||
|
@ -934,7 +934,7 @@ written by Larry Wall and Paul Eggert
|
|||
|
||||
However, the version string may vary.
|
||||
|
||||
[[ChToolsWindowsPatch]]
|
||||
[#ChToolsWindowsPatch]
|
||||
|
||||
[discrete]
|
||||
==== Windows
|
||||
|
@ -943,7 +943,7 @@ The Windows native Git tools provide patch. A native Windows patch package can b
|
|||
http://gnuwin32.sourceforge.net/[]. The
|
||||
installation should be straightforward.
|
||||
|
||||
[[ChToolsNSIS]]
|
||||
[#ChToolsNSIS]
|
||||
|
||||
=== Windows: NSIS (Optional)
|
||||
|
||||
|
@ -963,7 +963,7 @@ PS$> choco install nsis
|
|||
|
||||
You can find more instructions on using NSIS in <<ChSrcNSIS>>.
|
||||
|
||||
[[ChToolsWiX]]
|
||||
[#ChToolsWiX]
|
||||
|
||||
=== Windows: WiX Toolset (Optional)
|
||||
|
||||
|
@ -979,7 +979,7 @@ This also requires the Visual C++ redistributable merge modules, which can be in
|
|||
|
||||
Wireshark’s .msi packaging is currently experimental and the generated packages may be incomplete.
|
||||
|
||||
[[ChToolsPortableApps]]
|
||||
[#ChToolsPortableApps]
|
||||
=== Windows: PortableApps (Optional)
|
||||
|
||||
The PortableApps.com Installer is used to generate
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSDG Chapter User Interface
|
||||
|
||||
[[ChapterUserInterface]]
|
||||
[#ChapterUserInterface]
|
||||
|
||||
== User Interface
|
||||
|
||||
[[ChUIIntro]]
|
||||
[#ChUIIntro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -21,7 +21,7 @@ development team:
|
|||
This chapter is focused on the Wireshark frontend, and especially on
|
||||
the Qt interface.
|
||||
|
||||
[[ChUIQt]]
|
||||
[#ChUIQt]
|
||||
|
||||
=== The Qt Application Framework
|
||||
|
||||
|
@ -179,7 +179,7 @@ this safely].
|
|||
Tapping usually involves declaring static methods for callbacks, passing `this`
|
||||
as the tap data.
|
||||
|
||||
[[ChUII18N]]
|
||||
[#ChUII18N]
|
||||
===== Internationalization and Translation
|
||||
|
||||
Qt provides a convenient method for translating text: `Qobject::tr()`,
|
||||
|
@ -280,7 +280,7 @@ _plugins/epan/pluginifdemo_.
|
|||
https://www.kdab.com/development-resources/qt-tools/gammaray/[GammaRay] lets you inspect
|
||||
the internals of a running Qt application similar to $$Spy++$$ on Windows.
|
||||
|
||||
[[ChUIGUIDocs]]
|
||||
[#ChUIGUIDocs]
|
||||
|
||||
=== Human Interface Reference Documents
|
||||
|
||||
|
|
|
@ -1,22 +1,22 @@
|
|||
// WSDG Chapter Works
|
||||
|
||||
[[ChapterWorks]]
|
||||
[#ChapterWorks]
|
||||
|
||||
== How Wireshark Works
|
||||
|
||||
[[ChWorksIntro]]
|
||||
[#ChWorksIntro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
This chapter will give you a short overview of how Wireshark works.
|
||||
|
||||
[[ChWorksOverview]]
|
||||
[#ChWorksOverview]
|
||||
|
||||
=== Overview
|
||||
|
||||
The following will give you a simplified overview of Wireshark’s function blocks:
|
||||
|
||||
[[ChWorksFigOverview]]
|
||||
[#ChWorksFigOverview]
|
||||
|
||||
.Wireshark function blocks
|
||||
image::wsdg_graphics/ws-function-blocks.png[{pdf-scaledwidth}]
|
||||
|
@ -61,7 +61,7 @@ significantly different mechanism. That’s why there are different display and
|
|||
capture filter syntaxes.
|
||||
|
||||
|
||||
[[ChWorksCapturePackets]]
|
||||
[#ChWorksCapturePackets]
|
||||
|
||||
=== Capturing packets
|
||||
|
||||
|
@ -78,7 +78,7 @@ and Npcap (see <<ChLibsPcap>>) libraries are used. These libraries provide a
|
|||
general purpose interface to capture packets and are used by a wide variety of
|
||||
applications.
|
||||
|
||||
[[ChWorksCaptureFiles]]
|
||||
[#ChWorksCaptureFiles]
|
||||
|
||||
=== Capture Files
|
||||
|
||||
|
@ -90,7 +90,7 @@ Wireshark's wiretap library, which provides a general purpose interface for
|
|||
reading and writing packet capture formats and supports more than twenty
|
||||
packet capture formats.
|
||||
|
||||
[[ChWorksDissectPackets]]
|
||||
[#ChWorksDissectPackets]
|
||||
|
||||
=== Dissect packets
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
[[Preface]]
|
||||
[#Preface]
|
||||
["preface",id="Preface"]
|
||||
== Preface
|
||||
|
||||
[[PreForeword]]
|
||||
[#PreForeword]
|
||||
|
||||
=== Foreword
|
||||
|
||||
|
@ -23,7 +23,7 @@ source code.
|
|||
|
||||
We hope that you find this book useful, and look forward to your comments.
|
||||
|
||||
[[PreAudience]]
|
||||
[#PreAudience]
|
||||
|
||||
=== Who should read this document?
|
||||
|
||||
|
@ -38,7 +38,7 @@ By reading this book, you will learn how to develop Wireshark. It will
|
|||
hopefully guide you around some common problems that frequently appear for
|
||||
new (and sometimes even advanced) developers of Wireshark.
|
||||
|
||||
[[PreAck]]
|
||||
[#PreAck]
|
||||
|
||||
=== Acknowledgements
|
||||
|
||||
|
@ -60,7 +60,7 @@ helpful feedback on this document:
|
|||
And of course a big thank you to the many, many contributors of the
|
||||
Wireshark development community!
|
||||
|
||||
[[PreAbout]]
|
||||
[#PreAbout]
|
||||
|
||||
=== About this document
|
||||
|
||||
|
@ -70,14 +70,14 @@ and updated for later versions of Visual Studio by various contributors.
|
|||
|
||||
It is written in AsciiDoc.
|
||||
|
||||
[[PreDownload]]
|
||||
[#PreDownload]
|
||||
|
||||
=== Where to get the latest copy of this document?
|
||||
|
||||
The latest copy of this documentation can always be found at
|
||||
{wireshark-developers-guide-url}.
|
||||
|
||||
[[PreFeedback]]
|
||||
[#PreFeedback]
|
||||
|
||||
=== Providing feedback about this document
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
[[wsluarm]]
|
||||
[#wsluarm]
|
||||
|
||||
// Attributes
|
||||
:build_dir: .
|
||||
|
||||
== Lua Support in Wireshark
|
||||
|
||||
[[wsluarm_intro]]
|
||||
[#wsluarm_intro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -41,7 +41,7 @@ Wireshark for Windows uses a modified Lua runtime
|
|||
support Unicode (UTF-8) filesystem paths. This brings consistency with other
|
||||
platforms (for example, Linux and macOS).
|
||||
|
||||
[[wslua_menu_example]]
|
||||
[#wslua_menu_example]
|
||||
|
||||
=== Example: Creating a Menu with Lua
|
||||
|
||||
|
@ -75,7 +75,7 @@ end
|
|||
|
||||
----
|
||||
|
||||
[[wslua_dissector_example]]
|
||||
[#wslua_dissector_example]
|
||||
|
||||
=== Example: Dissector written in Lua
|
||||
|
||||
|
@ -146,7 +146,7 @@ wtap_encap_table:add(wtap.USER12, p_multi)
|
|||
udp_encap_table:add(7555, p_multi)
|
||||
----
|
||||
|
||||
[[wslua_tap_example]]
|
||||
[#wslua_tap_example]
|
||||
|
||||
=== Example: Listener written in Lua
|
||||
|
||||
|
@ -206,7 +206,7 @@ end
|
|||
register_menu("Test/Packets", menuable_tap, MENU_TOOLS_UNSORTED)
|
||||
----
|
||||
|
||||
[[wsluarm_modules]]
|
||||
[#wsluarm_modules]
|
||||
|
||||
== Wireshark’s Lua API Reference Manual
|
||||
|
||||
|
@ -248,7 +248,7 @@ include::{build_dir}/wsluarm_src/wslua_util.adoc[]
|
|||
include::{build_dir}/wsluarm_src/wslua_int64.adoc[]
|
||||
include::{build_dir}/wsluarm_src/wslua_struct.adoc[]
|
||||
|
||||
[[lua_module_GRegex]]
|
||||
[#lua_module_GRegex]
|
||||
|
||||
=== GLib Regular Expressions
|
||||
|
||||
|
@ -295,7 +295,7 @@ The GLib Regular expression syntax (which is essentially PCRE syntax) can be
|
|||
found at
|
||||
https://developer-old.gnome.org/glib/stable/glib-regex-syntax.html[]
|
||||
|
||||
[[lua_class_GRegex]]
|
||||
[#lua_class_GRegex]
|
||||
|
||||
==== GRegex
|
||||
|
||||
|
@ -303,7 +303,7 @@ GLib Regular Expressions based on PCRE.
|
|||
|
||||
Since: 1.11.3
|
||||
|
||||
[[lua_class_GRegex_notes]]
|
||||
[#lua_class_GRegex_notes]
|
||||
|
||||
===== Notes
|
||||
|
||||
|
@ -348,7 +348,7 @@ characters stand for compilation flags. Combinations of the following characters
|
|||
that they are not greedy by default, but become greedy if followed by “?”.
|
||||
It can also be set by a “(?U)” option setting within the pattern.
|
||||
|
||||
[[lua_fn_GRegex_new_pattern_]]
|
||||
[#lua_fn_GRegex_new_pattern_]
|
||||
|
||||
===== GRegex.new(pattern)
|
||||
|
||||
|
@ -374,7 +374,7 @@ The compiled regular expression (a userdata object)
|
|||
|
||||
* A malformed pattern generates a Lua error
|
||||
|
||||
[[lua_fn_GRegex_flags__table__]]
|
||||
[#lua_fn_GRegex_flags__table__]
|
||||
|
||||
===== GRegex.flags([table])
|
||||
|
||||
|
@ -398,7 +398,7 @@ table (optional):: A table for placing results into
|
|||
|
||||
A table filled with the results.
|
||||
|
||||
[[lua_fn_GRegex_compile_flags__table__]]
|
||||
[#lua_fn_GRegex_compile_flags__table__]
|
||||
|
||||
|
||||
===== GRegex.compile_flags([table])
|
||||
|
@ -420,7 +420,7 @@ table (optional):: A table for placing results into
|
|||
|
||||
A table filled with the results.
|
||||
|
||||
[[lua_fn_GRegex_match_flags__table__]]
|
||||
[#lua_fn_GRegex_match_flags__table__]
|
||||
|
||||
===== GRegex.match_flags([table])
|
||||
|
||||
|
@ -441,7 +441,7 @@ table (optional):: A table for placing results into
|
|||
|
||||
A table filled with the results.
|
||||
|
||||
[[lua_fn_GRegex_match_subject__pattern___init____cf____ef__]]
|
||||
[#lua_fn_GRegex_match_subject__pattern___init____cf____ef__]
|
||||
|
||||
===== GRegex.match(subject, pattern, [init], [cf], [ef])
|
||||
|
||||
|
@ -472,7 +472,7 @@ in the pattern. false is returned for sub-patterns that did not participate in
|
|||
the match. If the pattern specified no captures then the whole matched substring
|
||||
is returned. On failure, returns nil.
|
||||
|
||||
[[lua_fn_GRegex_find_subject__pattern___init____cf____ef__]]
|
||||
[#lua_fn_GRegex_find_subject__pattern___init____cf____ef__]
|
||||
|
||||
===== GRegex.find(subject, pattern, [init], [cf], [ef])
|
||||
|
||||
|
@ -503,7 +503,7 @@ the match (a number), and all substring matches ("captures"), in the order they
|
|||
appear in the pattern. false is returned for sub-patterns that did not
|
||||
participate in the match. On failure, returns nil.
|
||||
|
||||
[[lua_fn_GRegex_gmatch_subject__pattern___init____cf____ef__]]
|
||||
[#lua_fn_GRegex_gmatch_subject__pattern___init____cf____ef__]
|
||||
|
||||
|
||||
===== GRegex.gmatch(subject, pattern, [init], [cf], [ef])
|
||||
|
@ -536,7 +536,7 @@ match), it returns all captures in the order they appear in the pattern (or the
|
|||
entire match if the pattern specified no captures). The iteration will continue
|
||||
till the subject fails to match.
|
||||
|
||||
[[lua_fn_GRegex_gsub_subject__pattern___repl____max____cf____ef__]]
|
||||
[#lua_fn_GRegex_gsub_subject__pattern___repl____max____cf____ef__]
|
||||
|
||||
===== GRegex.gsub(subject, pattern, [repl], [max], [cf], [ef])
|
||||
|
||||
|
@ -570,7 +570,7 @@ ef (optional):: Match execution flags (bitwise OR)
|
|||
On success, returns the subject string with the substitutions made, the number
|
||||
of matches found, and the number of substitutions made.
|
||||
|
||||
[[lua_fn_GRegex_split_subject__sep___cf____ef__]]
|
||||
[#lua_fn_GRegex_split_subject__sep___cf____ef__]
|
||||
|
||||
===== GRegex.split(subject, sep, [cf], [ef])
|
||||
|
||||
|
@ -605,7 +605,7 @@ captures). If there is no match (this can occur only in the last iteration),
|
|||
then nothing is returned after the subject section. The iteration will continue
|
||||
till the end of the subject.
|
||||
|
||||
[[lua_fn_GRegex_version__]]
|
||||
[#lua_fn_GRegex_version__]
|
||||
|
||||
===== GRegex.version()
|
||||
|
||||
|
@ -618,7 +618,7 @@ Since: 1.11.3
|
|||
|
||||
The version string
|
||||
|
||||
[[lua_fn_gregex_match_subject___init____ef__]]
|
||||
[#lua_fn_gregex_match_subject___init____ef__]
|
||||
|
||||
===== gregex:match(subject, [init], [ef])
|
||||
|
||||
|
@ -644,7 +644,7 @@ in the pattern. false is returned for sub-patterns that did not participate in
|
|||
the match. If the pattern specified no captures then the whole matched substring
|
||||
is returned. nil is returned if the pattern did not match.
|
||||
|
||||
[[lua_fn_gregex_find_subject___init____ef__]]
|
||||
[#lua_fn_gregex_find_subject___init____ef__]
|
||||
|
||||
===== gregex:find(subject, [init], [ef])
|
||||
|
||||
|
@ -670,7 +670,7 @@ the match (a number), and all substring matches ("captures"), in the order they
|
|||
appear in the pattern. false is returned for sub-patterns that did not
|
||||
participate in the match. On failure, returns nil.
|
||||
|
||||
[[lua_fn_gregex_exec_subject___init____ef__]]
|
||||
[#lua_fn_gregex_exec_subject___init____ef__]
|
||||
|
||||
===== gregex:exec(subject, [init], [ef])
|
||||
|
||||
|
@ -699,7 +699,7 @@ participate in the match. On failure, returns nil. Example: If the whole match
|
|||
is at offsets 10,20 and substring matches are at offsets 12,14 and 16,19 then
|
||||
the function returns the following: 10, 20, { 12,14,16,19 }.
|
||||
|
||||
[[lua_fn_gregex_dfa_exec_subject___init____ef__]]
|
||||
[#lua_fn_gregex_dfa_exec_subject___init____ef__]
|
||||
|
||||
===== gregex:dfa_exec(subject, [init], [ef])
|
||||
|
||||
|
@ -727,7 +727,7 @@ Example: If there are 3 matches found starting at offset 10 and ending at
|
|||
offsets 15, 20 and 25 then the function returns the following: 10, { 25,20,15 },
|
||||
3
|
||||
|
||||
[[lua_fn_gregex___tostring__]]
|
||||
[#lua_fn_gregex___tostring__]
|
||||
|
||||
===== gregex:__tostring()
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
// WSUG Appendix Files
|
||||
|
||||
[[AppFiles]]
|
||||
[#AppFiles]
|
||||
|
||||
[appendix]
|
||||
== Files and Folders
|
||||
|
||||
[[ChAppFilesCaptureFilesSection]]
|
||||
[#ChAppFilesCaptureFilesSection]
|
||||
|
||||
=== Capture Files
|
||||
|
||||
|
@ -29,7 +29,7 @@ In addition to the libpcap format, Wireshark supports several different capture
|
|||
file formats. However, the problems described above also applies for these
|
||||
formats.
|
||||
|
||||
[[ChIOFileContentSection]]
|
||||
[#ChIOFileContentSection]
|
||||
|
||||
==== Libpcap File Contents
|
||||
|
||||
|
@ -51,7 +51,7 @@ The following data is saved for each packet:
|
|||
A detailed description of the libpcap file format can be found at
|
||||
https://gitlab.com/wireshark/wireshark/-/wikis/Development/LibpcapFileFormat
|
||||
|
||||
[[ChIOFileNotContentSection]]
|
||||
[#ChIOFileNotContentSection]
|
||||
|
||||
==== Not Saved in the Capture File
|
||||
|
||||
|
@ -74,7 +74,7 @@ can’t. Other file formats have varying levels of support.
|
|||
|
||||
* The current display filter
|
||||
|
||||
[[ChConfigurationPluginFolders]]
|
||||
[#ChConfigurationPluginFolders]
|
||||
|
||||
=== Configuration File and Plugin Folders
|
||||
|
||||
|
@ -120,7 +120,7 @@ bundled with the system (for example, provided as a package with a Linux
|
|||
distribution) and _/usr/local_ if, for example, you’ve build Wireshark
|
||||
from source and installed it.
|
||||
|
||||
[[ChAppFilesConfigurationSection]]
|
||||
[#ChAppFilesConfigurationSection]
|
||||
|
||||
=== Configuration Files
|
||||
|
||||
|
@ -154,7 +154,7 @@ global configuration folder is _INSTALLDIR/share/wireshark_.
|
|||
actually used on your system may vary, maybe something like:
|
||||
_/usr/local/etc_.
|
||||
|
||||
[[AppFilesTabFolders]]
|
||||
[#AppFilesTabFolders]
|
||||
.Configuration files overview
|
||||
[options="header"]
|
||||
|===
|
||||
|
@ -540,7 +540,7 @@ The settings from this file are read in at program start or when changing
|
|||
the active profile and are never written by Wireshark.
|
||||
--
|
||||
|
||||
[[ChPluginFolders]]
|
||||
[#ChPluginFolders]
|
||||
|
||||
=== Plugin folders
|
||||
|
||||
|
@ -582,7 +582,7 @@ application bundle, the global plugin folder is
|
|||
_%APPDIR%/Contents/PlugIns/wireshark_, otherwise it’s
|
||||
_INSTALLDIR/lib/wireshark/plugins_.
|
||||
|
||||
[[ChWindowsFolder]]
|
||||
[#ChWindowsFolder]
|
||||
|
||||
=== Windows folders
|
||||
|
||||
|
@ -592,7 +592,7 @@ Windows versions.
|
|||
As already mentioned, you can find the currently used folders in the “About
|
||||
Wireshark” dialog.
|
||||
|
||||
[[ChWindowsProfiles]]
|
||||
[#ChWindowsProfiles]
|
||||
|
||||
==== Windows profiles
|
||||
|
||||
|
@ -617,7 +617,7 @@ Windows XP and Windows Server 2003 footnote:historical[No longer supported by Wi
|
|||
_C:\Documents and Settings{backslash}**username**\Application Data_. “Documents and
|
||||
Settings” and “Application Data” might be internationalized.
|
||||
|
||||
[[ChWindowsRoamingProfiles]]
|
||||
[#ChWindowsRoamingProfiles]
|
||||
|
||||
==== Windows roaming profiles
|
||||
|
||||
|
@ -631,7 +631,7 @@ _C:\Documents and Settings{backslash}**username**\Local Settings_) will not be
|
|||
transferred to the domain server. This is the default for temporary capture
|
||||
files.
|
||||
|
||||
[[ChWindowsTempFolder]]
|
||||
[#ChWindowsTempFolder]
|
||||
|
||||
==== Windows temporary folder
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// WSUG Appendix How it Works
|
||||
|
||||
[[AppHowItWorks]]
|
||||
[#AppHowItWorks]
|
||||
|
||||
[appendix]
|
||||
== How Wireshark Works
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// WSUG Appendix Messages
|
||||
|
||||
[[AppMessages]]
|
||||
[#AppMessages]
|
||||
|
||||
[appendix]
|
||||
== Wireshark Messages
|
||||
|
@ -9,7 +9,7 @@ Wireshark provides you with additional information generated out of the plain
|
|||
packet data or it may need to indicate dissection problems. Messages generated
|
||||
by Wireshark are usually placed in square brackets (“[]”).
|
||||
|
||||
[[AppMessagesList]]
|
||||
[#AppMessagesList]
|
||||
|
||||
=== Packet List Messages
|
||||
|
||||
|
@ -52,7 +52,7 @@ was simply running out of packet bytes and had to give up. There’s nothing els
|
|||
you can do now, except to repeat the whole capture process again with a higher
|
||||
(or no) packet size limitation.
|
||||
|
||||
[[AppMessagesDetails]]
|
||||
[#AppMessagesDetails]
|
||||
|
||||
=== Packet Details Messages
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// WSUG Appendix Protocols
|
||||
|
||||
[[AppProtocols]]
|
||||
[#AppProtocols]
|
||||
|
||||
[appendix]
|
||||
== Protocols and Protocol Fields
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
// WSUG Appendix Tools
|
||||
|
||||
[[AppTools]]
|
||||
[#AppTools]
|
||||
|
||||
[appendix]
|
||||
== Related command line tools
|
||||
|
||||
[[AppToolsIntroduction]]
|
||||
[#AppToolsIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -15,7 +15,7 @@ these tools are described in this chapter. You can find more
|
|||
information about all of Wireshark’s command line tools on
|
||||
link:{wireshark-man-page-url}[the web site].
|
||||
|
||||
[[AppToolstshark]]
|
||||
[#AppToolstshark]
|
||||
|
||||
=== __tshark__: Terminal-based Wireshark
|
||||
|
||||
|
@ -25,13 +25,13 @@ available. It supports the same options as `wireshark`. For more information on
|
|||
`tshark` consult your local manual page (`man tshark`) or
|
||||
link:{wireshark-man-page-url}tshark.html[the online version].
|
||||
|
||||
[[AppToolstsharkEx]]
|
||||
[#AppToolstsharkEx]
|
||||
.Help information available from `tshark`
|
||||
----
|
||||
include::tshark-h.txt[]
|
||||
----
|
||||
|
||||
[[AppToolstcpdump]]
|
||||
[#AppToolstcpdump]
|
||||
|
||||
=== __tcpdump__: Capturing with “tcpdump” for viewing with Wireshark
|
||||
|
||||
|
@ -55,7 +55,7 @@ believe you have captured enough packets.
|
|||
For more information on `tcpdump` consult your local manual page (`man
|
||||
tcpdump`) or link:{tcpdump-man-page-url}[the online version].
|
||||
|
||||
[[AppToolsdumpcap]]
|
||||
[#AppToolsdumpcap]
|
||||
|
||||
=== __dumpcap__: Capturing with “dumpcap” for viewing with Wireshark
|
||||
|
||||
|
@ -70,13 +70,13 @@ capture filter syntax follows the rules of the pcap library. For more
|
|||
information on `dumpcap` consult your local manual page (`man dumpcap`)
|
||||
or link:{wireshark-man-page-url}dumpcap.html[the online version].
|
||||
|
||||
[[AppToolsdumpcapEx]]
|
||||
[#AppToolsdumpcapEx]
|
||||
.Help information available from `dumpcap`
|
||||
----
|
||||
include::dumpcap-h.txt[]
|
||||
----
|
||||
|
||||
[[AppToolscapinfos]]
|
||||
[#AppToolscapinfos]
|
||||
|
||||
=== __capinfos__: Print information about capture files
|
||||
|
||||
|
@ -87,13 +87,13 @@ more information on `capinfos` consult your local manual page (`man
|
|||
capinfos`) or link:{wireshark-man-page-url}capinfos.html[the online
|
||||
version].
|
||||
|
||||
[[AppToolscapinfosEx]]
|
||||
[#AppToolscapinfosEx]
|
||||
.Help information available from `capinfos`
|
||||
----
|
||||
include::capinfos-h.txt[]
|
||||
----
|
||||
|
||||
[[AppToolsrawshark]]
|
||||
[#AppToolsrawshark]
|
||||
|
||||
=== __rawshark__: Dump and analyze network traffic.
|
||||
|
||||
|
@ -103,13 +103,13 @@ each packet on stdout. For more information on `rawshark` consult your
|
|||
local manual page (`man rawshark`) or
|
||||
link:{wireshark-man-page-url}rawshark.html[the online version].
|
||||
|
||||
[[AppToolsrawsharkEx]]
|
||||
[#AppToolsrawsharkEx]
|
||||
.Help information available from `rawshark`
|
||||
----
|
||||
include::rawshark-h.txt[]
|
||||
----
|
||||
|
||||
[[AppToolseditcap]]
|
||||
[#AppToolseditcap]
|
||||
|
||||
=== __editcap__: Edit capture files
|
||||
|
||||
|
@ -120,26 +120,26 @@ to print information about capture files. For more information on
|
|||
`editcap` consult your local manual page (`man editcap`) or
|
||||
link:{wireshark-man-page-url}editcap.html[the online version].
|
||||
|
||||
[[AppToolseditcapEx]]
|
||||
[#AppToolseditcapEx]
|
||||
.Help information available from editcap
|
||||
----
|
||||
include::editcap-h.txt[]
|
||||
----
|
||||
|
||||
[[AppToolseditcapEx1]]
|
||||
[#AppToolseditcapEx1]
|
||||
.Capture file types available from `editcap -F`
|
||||
----
|
||||
include::editcap-F.txt[]
|
||||
----
|
||||
|
||||
[[AppToolseditcapEx2]]
|
||||
[#AppToolseditcapEx2]
|
||||
.Encapsulation types available from `editcap -T`
|
||||
|
||||
----
|
||||
include::editcap-T.txt[]
|
||||
----
|
||||
|
||||
[[AppToolsmergecap]]
|
||||
[#AppToolsmergecap]
|
||||
|
||||
=== __mergecap__: Merging multiple capture files into one
|
||||
|
||||
|
@ -192,7 +192,7 @@ For more information on `mergecap` consult your local manual page (`man
|
|||
mergecap`) or link:{wireshark-man-page-url}mergecap.html[the online
|
||||
version].
|
||||
|
||||
[[AppToolsmergecapEx]]
|
||||
[#AppToolsmergecapEx]
|
||||
.Help information available from `mergecap`
|
||||
----
|
||||
include::mergecap-h.txt[]
|
||||
|
@ -201,13 +201,13 @@ include::mergecap-h.txt[]
|
|||
A simple example merging `dhcp-capture.pcapng` and `imap-1.pcapng` into
|
||||
`outfile.pcapng` is shown below.
|
||||
|
||||
[[AppToolsmergecapExSimple]]
|
||||
[#AppToolsmergecapExSimple]
|
||||
.Simple example of using mergecap
|
||||
----
|
||||
$ mergecap -w outfile.pcapng dhcp-capture.pcapng imap-1.pcapng
|
||||
----
|
||||
|
||||
[[AppToolstext2pcap]]
|
||||
[#AppToolstext2pcap]
|
||||
|
||||
=== __text2pcap__: Converting ASCII hexdumps to network captures
|
||||
|
||||
|
@ -275,14 +275,14 @@ For more information on `text2pcap` consult your local manual page (`man
|
|||
text2pcap`) or link:{wireshark-man-page-url}text2pcap.html[the online
|
||||
version].
|
||||
|
||||
[[AppToolstext2pcapEx]]
|
||||
[#AppToolstext2pcapEx]
|
||||
.Help information available from text2pcap
|
||||
|
||||
----
|
||||
include::text2pcap-h.txt[]
|
||||
----
|
||||
|
||||
[[AppToolsreordercap]]
|
||||
[#AppToolsreordercap]
|
||||
|
||||
=== __reordercap__: Reorder a capture file
|
||||
|
||||
|
@ -291,7 +291,7 @@ timestamp. For more information on `reordercap` consult your local
|
|||
manual page (`man reordercap`) or
|
||||
link:{wireshark-man-page-url}reordercap.html[the online version].
|
||||
|
||||
[[AppToolsreordercapEx]]
|
||||
[#AppToolsreordercapEx]
|
||||
.Help information available from reordercap
|
||||
----
|
||||
include::reordercap-h.txt[]
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter Advanced
|
||||
|
||||
[[ChapterAdvanced]]
|
||||
[#ChapterAdvanced]
|
||||
|
||||
== Advanced Topics
|
||||
|
||||
[[ChAdvIntroduction]]
|
||||
[#ChAdvIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -37,7 +37,7 @@ particular stream. Closing the dialog with the “Back” button will reset
|
|||
the display filter if this behavior is not desired.
|
||||
====
|
||||
|
||||
[[ChAdvFollowStream]]
|
||||
[#ChAdvFollowStream]
|
||||
|
||||
.The “Follow TCP Stream” dialog box
|
||||
image::wsug_graphics/ws-follow-stream.png[{screenshot-attrs}]
|
||||
|
@ -196,7 +196,7 @@ image::wsug_graphics/ws-follow-sip-stream.png[{screenshot-attrs}]
|
|||
The SIP call is shown with same dialog, just filter is based on sip.Call-ID
|
||||
field. Count of streams is fixed to 0 and the field is disabled.
|
||||
|
||||
[[ChAdvShowPacketBytes]]
|
||||
[#ChAdvShowPacketBytes]
|
||||
|
||||
=== Show Packet Bytes
|
||||
|
||||
|
@ -270,7 +270,7 @@ menu:YAML[]:: This will show the bytes as a YAML binary dump.
|
|||
You can search for text by entering it in the “Find” entry box and
|
||||
pressing btn:[Find Next].
|
||||
|
||||
[[ChAdvExpert]]
|
||||
[#ChAdvExpert]
|
||||
|
||||
=== Expert Information
|
||||
|
||||
|
@ -290,13 +290,13 @@ While dissectors for some common protocols like TCP and IP will show detailed in
|
|||
|
||||
The following describes the components of a single expert information entry along with the expert user interface.
|
||||
|
||||
[[ChAdvExpertInfoEntries]]
|
||||
[#ChAdvExpertInfoEntries]
|
||||
|
||||
==== Expert Information Entries
|
||||
|
||||
Expert information entries are grouped by severity level (described below) and contain the following:
|
||||
|
||||
[[ChAdvTabExpertInfoEntries]]
|
||||
[#ChAdvTabExpertInfoEntries]
|
||||
|
||||
.Example expert information items
|
||||
[options="header"]
|
||||
|
@ -307,7 +307,7 @@ Expert information entries are grouped by severity level (described below) and c
|
|||
|443|TCP: 80 → 59322 [RST] Seq=12761 Win=0 Len=0|Sequence|TCP
|
||||
|===
|
||||
|
||||
[[ChAdvExpertSeverity]]
|
||||
[#ChAdvExpertSeverity]
|
||||
|
||||
===== Severity
|
||||
|
||||
|
@ -327,7 +327,7 @@ Warnings, e.g. application returned an unusual error code like a connection prob
|
|||
Error [white red-background]#(red)#::
|
||||
Serious problems, such as malformed packets.
|
||||
|
||||
[[ChAdvExpertGroup]]
|
||||
[#ChAdvExpertGroup]
|
||||
|
||||
===== Summary
|
||||
|
||||
|
@ -385,15 +385,15 @@ Dissection incomplete or data can’t be decoded for other reasons.
|
|||
|
||||
It’s possible that more groups will be added in the future.
|
||||
|
||||
[[ChAdvExpertProtocol]]
|
||||
[#ChAdvExpertProtocol]
|
||||
|
||||
===== Protocol
|
||||
|
||||
The protocol dissector that created the expert information item.
|
||||
|
||||
[[ChAdvExpertSummary]]
|
||||
[#ChAdvExpertSummary]
|
||||
|
||||
[[ChAdvExpertDialog]]
|
||||
[#ChAdvExpertDialog]
|
||||
|
||||
==== The “Expert Information” Dialog
|
||||
|
||||
|
@ -449,7 +449,7 @@ Closes the dialog
|
|||
// have all entries in the sequence as they appeared, this is sometimes a help to
|
||||
// pinpoint problems.
|
||||
|
||||
[[ChAdvExpertColorizedTree]]
|
||||
[#ChAdvExpertColorizedTree]
|
||||
|
||||
==== “Colorized” Protocol Details Tree
|
||||
|
||||
|
@ -462,7 +462,7 @@ This color is propagated to the top-level protocol item in the tree in order to
|
|||
For the example screenshot above, the IP “Time to live” value is very low (only 1), so the corresponding protocol field is marked with a cyan background.
|
||||
To make it easier find that item in the packet tree, the IP protocol toplevel item is marked cyan as well.
|
||||
|
||||
[[ChAdvExpertColumn]]
|
||||
[#ChAdvExpertColumn]
|
||||
|
||||
==== “Expert” Packet List Column (Optional)
|
||||
|
||||
|
@ -474,7 +474,7 @@ displays the most significant severity of a packet or stays empty if everything
|
|||
seems OK. This column is not displayed by default but can be easily added using
|
||||
the Preferences Columns page described in <<ChCustPreferencesSection>>.
|
||||
|
||||
[[ChAdvTCPAnalysis]]
|
||||
[#ChAdvTCPAnalysis]
|
||||
|
||||
=== TCP Analysis
|
||||
|
||||
|
@ -719,7 +719,7 @@ data transfer will be found with a longer filter as closing a connection can be
|
|||
associated with FIN or RST packets, or even both :
|
||||
'tcp.completeness==31 or tcp.completeness==47 or tcp.completeness==63'
|
||||
|
||||
[[ChAdvTimestamps]]
|
||||
[#ChAdvTimestamps]
|
||||
|
||||
=== Time Stamps
|
||||
|
||||
|
@ -792,7 +792,7 @@ accuracy.
|
|||
// (XXX - are there any such NIC’s that generate time stamps on the USB
|
||||
// hardware?)
|
||||
|
||||
[[ChAdvTimezones]]
|
||||
[#ChAdvTimezones]
|
||||
|
||||
=== Time Zones
|
||||
|
||||
|
@ -929,7 +929,7 @@ done correctly; the conversion back to local time for display might undo this
|
|||
correctly, in which case the arrival time will be displayed as the arrival time
|
||||
in which the packet was captured.
|
||||
|
||||
[[ChAdvTabTimezones]]
|
||||
[#ChAdvTabTimezones]
|
||||
|
||||
.Time zone examples for UTC arrival times (without DST)
|
||||
[options="header"]
|
||||
|
@ -958,7 +958,7 @@ to find out the time zone/DST difference between the two local times and
|
|||
“mentally adjust” the time stamps accordingly. In any case, make sure that
|
||||
every computer in question has the correct time and time zone setting.
|
||||
|
||||
[[ChAdvReassemblySection]]
|
||||
[#ChAdvReassemblySection]
|
||||
|
||||
|
||||
=== Packet Reassembly
|
||||
|
@ -987,7 +987,7 @@ corresponding packets of this chunk, and will show the combined data as
|
|||
additional tabs in the “Packet Bytes” pane (for information about this pane.
|
||||
See <<ChUsePacketBytesPaneSection>>).
|
||||
|
||||
[[ChAdvWiresharkBytesPaneTabs]]
|
||||
[#ChAdvWiresharkBytesPaneTabs]
|
||||
|
||||
.The “Packet Bytes” pane with a reassembled tab
|
||||
image::wsug_graphics/ws-bytes-pane-tabs.png[{screenshot-attrs}]
|
||||
|
@ -1018,7 +1018,7 @@ settings for a protocol typically requires two things:
|
|||
The tooltip of the higher level protocol setting will notify you if and which
|
||||
lower level protocol setting also has to be considered.
|
||||
|
||||
[[ChAdvReassemblyTcp]]
|
||||
[#ChAdvReassemblyTcp]
|
||||
|
||||
==== TCP Reassembly
|
||||
|
||||
|
@ -1078,7 +1078,7 @@ Regardless of the setting of these two reassembly-related preferences, you can
|
|||
always use the “Follow TCP Stream” option (<<ChAdvFollowStreamSection>>) which
|
||||
displays segments in the expected order.
|
||||
|
||||
[[ChAdvNameResolutionSection]]
|
||||
[#ChAdvNameResolutionSection]
|
||||
|
||||
=== Name Resolution
|
||||
|
||||
|
@ -1183,7 +1183,7 @@ To get a node name for a SS7 point code a ss7pcs file can be used.
|
|||
|
||||
// XXX - mention the role of the /etc/services file (but don’t forget the files and folders section)!
|
||||
|
||||
[[ChAdvChecksums]]
|
||||
[#ChAdvChecksums]
|
||||
|
||||
=== Checksums
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter BuildInstall
|
||||
|
||||
[[ChapterBuildInstall]]
|
||||
[#ChapterBuildInstall]
|
||||
|
||||
== Building and Installing Wireshark
|
||||
|
||||
[[ChBuildInstallIntro]]
|
||||
[#ChBuildInstallIntro]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -32,7 +32,7 @@ The general steps are the following:
|
|||
|
||||
. Install the binaries into their final destinations.
|
||||
|
||||
[[ChBuildInstallDistro]]
|
||||
[#ChBuildInstallDistro]
|
||||
|
||||
=== Obtaining the source and binary distributions
|
||||
|
||||
|
@ -55,7 +55,7 @@ This is covered in detail below.
|
|||
// Windows
|
||||
//
|
||||
|
||||
[[ChBuildInstallWinInstall]]
|
||||
[#ChBuildInstallWinInstall]
|
||||
|
||||
=== Installing Wireshark under Windows
|
||||
|
||||
|
@ -69,7 +69,7 @@ Official packages are signed by the *Wireshark Foundation, Inc.*.
|
|||
You can choose to install several optional components and select the location of the installed package.
|
||||
The default settings are recommended for most users.
|
||||
|
||||
[[ChBuildInstallWinComponents]]
|
||||
[#ChBuildInstallWinComponents]
|
||||
|
||||
==== Installation Components
|
||||
|
||||
|
@ -111,7 +111,7 @@ On the _Choose Components_ page of the installer you can select from the followi
|
|||
most dialogs will require an internet connection to show help pages if the
|
||||
User’s Guide is not installed locally.
|
||||
|
||||
[[ChBuildInstallWinAdditionalTasks]]
|
||||
[#ChBuildInstallWinAdditionalTasks]
|
||||
|
||||
==== Additional Tasks
|
||||
|
||||
|
@ -123,7 +123,7 @@ On the _Choose Components_ page of the installer you can select from the followi
|
|||
|
||||
* *Associate file extensions to Wireshark* - Associate standard network trace files to Wireshark.
|
||||
|
||||
[[ChBuildInstallWinLocation]]
|
||||
[#ChBuildInstallWinLocation]
|
||||
|
||||
==== Install Location
|
||||
|
||||
|
@ -131,7 +131,7 @@ By default Wireshark installs into `%ProgramFiles%\Wireshark` on 32-bit Windows
|
|||
and `%ProgramFiles64%\Wireshark` on 64-bit Windows. This expands to `C:\Program
|
||||
Files\Wireshark` on most systems.
|
||||
|
||||
[[ChBuildInstallNpcap]]
|
||||
[#ChBuildInstallNpcap]
|
||||
|
||||
==== Installing Npcap
|
||||
|
||||
|
@ -146,7 +146,7 @@ For more information about Npcap see {npcap-main-url} and
|
|||
{wireshark-wiki-url}Npcap.
|
||||
|
||||
|
||||
[[ChBuildInstallWinWiresharkCommandLine]]
|
||||
[#ChBuildInstallWinWiresharkCommandLine]
|
||||
|
||||
==== Windows installer command line options
|
||||
|
||||
|
@ -191,7 +191,7 @@ Example:
|
|||
|
||||
Running the installer without any parameters shows the normal interactive installer.
|
||||
|
||||
[[ChBuildInstallNpcapManually]]
|
||||
[#ChBuildInstallNpcapManually]
|
||||
|
||||
==== Manual Npcap Installation
|
||||
|
||||
|
@ -200,7 +200,7 @@ If you prefer to install Npcap manually or want to use a different version than
|
|||
one included in the Wireshark installer, you can download Npcap from
|
||||
the main Npcap site at {npcap-main-url}.
|
||||
|
||||
[[ChBuildInstallWinWiresharkUpdate]]
|
||||
[#ChBuildInstallWinWiresharkUpdate]
|
||||
|
||||
==== Update Wireshark
|
||||
|
||||
|
@ -215,7 +215,7 @@ Wireshark is done the same way as installing it. Simply download and start the
|
|||
installer exe. A reboot is usually not required and all your personal settings
|
||||
remain unchanged.
|
||||
|
||||
[[ChBuildInstallNpcapUpdate]]
|
||||
[#ChBuildInstallNpcapUpdate]
|
||||
|
||||
==== Update Npcap
|
||||
|
||||
|
@ -224,7 +224,7 @@ Manual Npcap updates instructions can be found on the Npcap web
|
|||
site at {npcap-main-url}. You may have to reboot your machine after installing
|
||||
a new Npcap version.
|
||||
|
||||
[[ChBuildInstallWinUninstall]]
|
||||
[#ChBuildInstallWinUninstall]
|
||||
|
||||
==== Uninstall Wireshark
|
||||
|
||||
|
@ -235,7 +235,7 @@ The Wireshark uninstaller provides several options for removal. The default is
|
|||
to remove the core components but keep your personal settings and Npcap.
|
||||
Npcap is kept in case other programs need it.
|
||||
|
||||
[[ChBuildInstallNpcapUninstall]]
|
||||
[#ChBuildInstallNpcapUninstall]
|
||||
|
||||
==== Uninstall Npcap
|
||||
|
||||
|
@ -243,7 +243,7 @@ You can uninstall Npcap independently of Wireshark using the _Npcap_ entry
|
|||
in the _Programs and Features_ control panel. Remember that if you uninstall
|
||||
Npcap you won’t be able to capture anything with Wireshark.
|
||||
|
||||
[[ChBuildInstallWinBuild]]
|
||||
[#ChBuildInstallWinBuild]
|
||||
|
||||
=== Building from source under Windows
|
||||
|
||||
|
@ -265,7 +265,7 @@ documentation.
|
|||
// macOS
|
||||
//
|
||||
|
||||
[[ChBuildInstallOSXInstall]]
|
||||
[#ChBuildInstallOSXInstall]
|
||||
|
||||
=== Installing Wireshark under macOS
|
||||
|
||||
|
@ -278,7 +278,7 @@ You can do so by opening the _Install ChmodBPF.pkg_ file in the Wireshark .dmg o
|
|||
The installer package includes Wireshark along with ChmodBPF and system path packages.
|
||||
See the included _Read me first.html_ file for more details.
|
||||
|
||||
[[ChBuildInstallUnixInstallBins]]
|
||||
[#ChBuildInstallUnixInstallBins]
|
||||
|
||||
=== Installing the binaries under UNIX
|
||||
|
||||
|
@ -354,7 +354,7 @@ pkg_add -r wireshark
|
|||
|
||||
pkg_add should take care of all of the dependency issues for you.
|
||||
|
||||
[[ChBuildInstallUnixBuild]]
|
||||
[#ChBuildInstallUnixBuild]
|
||||
|
||||
=== Building from source under UNIX or Linux
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter Capture
|
||||
|
||||
[[ChapterCapture]]
|
||||
[#ChapterCapture]
|
||||
|
||||
== Capturing Live Network Data
|
||||
|
||||
[[ChCapIntroduction]]
|
||||
[#ChCapIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -32,7 +32,7 @@ The capture engine still lacks the following features:
|
|||
|
||||
* Stop capturing (or perform some other action) depending on the captured data.
|
||||
|
||||
[[ChCapPrerequisitesSection]]
|
||||
[#ChCapPrerequisitesSection]
|
||||
|
||||
=== Prerequisites
|
||||
|
||||
|
@ -52,7 +52,7 @@ Here are some common pitfalls:
|
|||
If you have any problems setting up your capture environment you should have a
|
||||
look at the guide mentioned above.
|
||||
|
||||
[[ChCapCapturingSection]]
|
||||
[#ChCapCapturingSection]
|
||||
|
||||
=== Start Capturing
|
||||
|
||||
|
@ -72,7 +72,7 @@ $ wireshark -i eth0 -k
|
|||
--
|
||||
This will start Wireshark capturing on interface `eth0`. More details can be found at <<ChCustCommandLine>>.
|
||||
|
||||
[[ChCapInterfaceSection]]
|
||||
[#ChCapInterfaceSection]
|
||||
|
||||
=== The “Capture” Section Of The Welcome Screen
|
||||
|
||||
|
@ -80,12 +80,12 @@ When you open Wireshark without starting a capture or opening a capture file it
|
|||
Network activity for each interface will be shown in a sparkline next to the interface name.
|
||||
It is possible to select more than one interface and capture from them simultaneously.
|
||||
|
||||
[[ChCapCaptureInterfacesMainWin32]]
|
||||
[#ChCapCaptureInterfacesMainWin32]
|
||||
|
||||
.Capture interfaces on Microsoft Windows
|
||||
image::wsug_graphics/ws-capture-interfaces-main-win32.png[{screenshot-attrs}]
|
||||
|
||||
[[ChCapCaptureInterfacesMainMacos]]
|
||||
[#ChCapCaptureInterfacesMainMacos]
|
||||
|
||||
.Capture interfaces on macOS
|
||||
image::wsug_graphics/ws-capture-interfaces-main-macos.png[{screenshot-attrs}]
|
||||
|
@ -101,7 +101,7 @@ Hovering over an interface will show any associated IPv4 and IPv6 addresses and
|
|||
Wireshark isn't limited to just network interfaces -- on most systems you can also capture USB, Bluetooth, and other types of packets.
|
||||
Note also that an interface might be hidden if it’s inaccessible to Wireshark or if it has been hidden as described in <<ChManageInterfacesSection>>.
|
||||
|
||||
[[ChCapCaptureOptions]]
|
||||
[#ChCapCaptureOptions]
|
||||
|
||||
=== The “Capture Options” Dialog Box
|
||||
|
||||
|
@ -110,7 +110,7 @@ main toolbar), Wireshark pops up the “Capture Options” dialog box as shown i
|
|||
<<ChCapCaptureOptionsDialog>>.
|
||||
If you are unsure which options to choose in this dialog box, leaving the defaults settings as they are should work well in many cases.
|
||||
|
||||
[[ChCapCaptureOptionsDialog]]
|
||||
[#ChCapCaptureOptionsDialog]
|
||||
.The “Capture Options” input tab
|
||||
image::wsug_graphics/ws-capture-options.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -258,11 +258,11 @@ Capturing can be stopped based on the following conditions:
|
|||
|
||||
You can double click on an interface row in the “Input“ tab or click btn:[Start] from any tab to commence the capture. You can click btn:[Cancel] to apply your changes and close the dialog.
|
||||
|
||||
[[ChManageInterfacesSection]]
|
||||
[#ChManageInterfacesSection]
|
||||
|
||||
=== The “Manage Interfaces” Dialog Box
|
||||
|
||||
[[ChCapManageInterfacesDialog]]
|
||||
[#ChCapManageInterfacesDialog]
|
||||
.The “Manage Interfaces” dialog box
|
||||
image::wsug_graphics/ws-manage-interfaces.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -429,13 +429,13 @@ To remove a host including all its interfaces from the list, select it and click
|
|||
// .The “Interface Details” dialog box
|
||||
// image::wsug_graphics/ws-capture-interface-details.png[{screenshot-attrs}]
|
||||
|
||||
[[ChCapCompiledFilterOutputSection]]
|
||||
[#ChCapCompiledFilterOutputSection]
|
||||
|
||||
=== The “Compiled Filter Output” Dialog Box
|
||||
|
||||
This figure shows the results of compiling the BPF filter for the selected interfaces.
|
||||
|
||||
[[ChCapCompiledFilterOutputDialog]]
|
||||
[#ChCapCompiledFilterOutputDialog]
|
||||
|
||||
.The “Compiled Filter Output” dialog box
|
||||
image::wsug_graphics/ws-capture-options-compile-selected-bpfs.png[{medium-screenshot-attrs}]
|
||||
|
@ -443,7 +443,7 @@ image::wsug_graphics/ws-capture-options-compile-selected-bpfs.png[{medium-screen
|
|||
In the list on the left the interface names are listed.
|
||||
The results of compiling a filter for the selected interface are shown on the right.
|
||||
|
||||
[[ChCapCaptureFiles]]
|
||||
[#ChCapCaptureFiles]
|
||||
|
||||
=== Capture files and file modes
|
||||
|
||||
|
@ -457,7 +457,7 @@ different file after a given time has elapsed or a given number of packets
|
|||
have been captured. These options are controlled in the “Output” tab in
|
||||
the “Capture Options” dialog.
|
||||
|
||||
[[ChCapCaptureOptionsOutputDialog]]
|
||||
[#ChCapCaptureOptionsOutputDialog]
|
||||
.Capture output options
|
||||
image::wsug_graphics/ws-capture-options-output.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -481,7 +481,7 @@ in another, you might not see some of the valuable context related information.
|
|||
Information about the folders used for capture files can be found in
|
||||
<<AppFiles>>.
|
||||
|
||||
[[ChCapTabCaptureFiles]]
|
||||
[#ChCapTabCaptureFiles]
|
||||
.Capture file mode selected by capture options
|
||||
[options="header",cols="2,2,2,3,5"]
|
||||
|===
|
||||
|
@ -513,7 +513,7 @@ is not reached, otherwise it will replace the oldest of the formerly used files
|
|||
This mode will limit the maximum disk usage, even for an unlimited amount of
|
||||
capture input data, only keeping the latest captured data.
|
||||
|
||||
[[ChCapLinkLayerHeader]]
|
||||
[#ChCapLinkLayerHeader]
|
||||
|
||||
=== Link-layer header type
|
||||
|
||||
|
@ -543,7 +543,7 @@ traffic being captured is RFC 1483 LLC-encapsulated IP, or if the capture needs
|
|||
to be read by an application that doesn’t support SunATM headers, select “RFC
|
||||
1483 IP-over-ATM”, otherwise select “Sun raw ATM”.
|
||||
|
||||
[[ChCapCaptureFilterSection]]
|
||||
[#ChCapCaptureFilterSection]
|
||||
|
||||
=== Filtering while capturing
|
||||
|
||||
|
@ -566,7 +566,7 @@ by conjunctions (__and/or__) and optionally preceded by __not__:
|
|||
|
||||
An example is shown in <<ChCapExFilt1>>.
|
||||
|
||||
[[ChCapExFilt1]]
|
||||
[#ChCapExFilt1]
|
||||
.A capture filter for telnet that captures traffic to and from a particular host
|
||||
====
|
||||
----
|
||||
|
@ -579,7 +579,7 @@ how to use two primitives and the __and__ conjunction. Another example is shown
|
|||
in <<ChCapExFilt2>>, and shows how to capture all telnet traffic except that
|
||||
from 10.0.0.5.
|
||||
|
||||
[[ChCapExFilt2]]
|
||||
[#ChCapExFilt2]
|
||||
.Capturing all telnet traffic not from 10.0.0.5
|
||||
====
|
||||
----
|
||||
|
@ -646,7 +646,7 @@ This primitive allows you to create complex filter expressions that select bytes
|
|||
Please see the pcap-filter man page at {pcap-filter-man-page-url} for more details.
|
||||
|
||||
|
||||
[[ChCapCaptureAutoFilterSection]]
|
||||
[#ChCapCaptureAutoFilterSection]
|
||||
|
||||
==== Automatic Remote Traffic Filtering
|
||||
|
||||
|
@ -681,13 +681,13 @@ The following environment variables are analyzed:
|
|||
|
||||
On Windows it asks the operating system if it’s running in a Remote Desktop Services environment.
|
||||
|
||||
[[ChCapRunningSection]]
|
||||
[#ChCapRunningSection]
|
||||
|
||||
=== While a Capture is running ...
|
||||
|
||||
You might see the following dialog box while a capture is running:
|
||||
|
||||
[[ChCapCaptureInfoDialog]]
|
||||
[#ChCapCaptureInfoDialog]
|
||||
.The “Capture Information” dialog box
|
||||
image::wsug_graphics/ws-capture-info.png[{small-screenshot-attrs}]
|
||||
|
||||
|
@ -695,7 +695,7 @@ This dialog box shows a list of protocols and their activity over time.
|
|||
It can be enabled via the “capture.show_info” setting in the “Advanced”
|
||||
preferences.
|
||||
|
||||
[[ChCapStopSection]]
|
||||
[#ChCapStopSection]
|
||||
|
||||
==== Stop the running capture
|
||||
|
||||
|
@ -712,7 +712,7 @@ A running capture session will be stopped in one of the following ways:
|
|||
. The capture will be automatically stopped if one of the _Stop Conditions_ is
|
||||
met, e.g. the maximum amount of data was captured.
|
||||
|
||||
[[ChCapRestartSection]]
|
||||
[#ChCapRestartSection]
|
||||
|
||||
==== Restart a running capture
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter Customizing
|
||||
|
||||
[[ChapterCustomize]]
|
||||
[#ChapterCustomize]
|
||||
|
||||
== Customizing Wireshark
|
||||
|
||||
[[ChCustIntroduction]]
|
||||
[#ChCustIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -20,7 +20,7 @@ to suit your needs even better. In this chapter we explore:
|
|||
|
||||
* How to use the various preference settings
|
||||
|
||||
[[ChCustCommandLine]]
|
||||
[#ChCustCommandLine]
|
||||
|
||||
=== Start Wireshark from the command line
|
||||
|
||||
|
@ -32,7 +32,7 @@ Wireshark supports a large number of command line parameters. To see what they
|
|||
are, simply enter the command _wireshark -h_ and the help information shown in
|
||||
<<ChCustEx1>> (or something similar) should be printed.
|
||||
|
||||
[[ChCustEx1]]
|
||||
[#ChCustEx1]
|
||||
.Help information available from Wireshark
|
||||
----
|
||||
include::wireshark-h.txt[]
|
||||
|
@ -441,7 +441,7 @@ implemented statistics consult the Wireshark manual page.
|
|||
// XXX - add more details here!
|
||||
|
||||
|
||||
[[ChCustColorizationSection]]
|
||||
[#ChCustColorizationSection]
|
||||
|
||||
=== Packet colorization
|
||||
|
||||
|
@ -469,7 +469,7 @@ To permanently colorize packets, select menu:View[Coloring Rules...]. Wireshark
|
|||
will display the “Coloring Rules” dialog box as shown in
|
||||
<<ChCustColoringRulesDialog>>.
|
||||
|
||||
[[ChCustColoringRulesDialog]]
|
||||
[#ChCustColoringRulesDialog]
|
||||
.The “Coloring Rules” dialog box
|
||||
image::wsug_graphics/ws-coloring-rules-dialog.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -495,7 +495,7 @@ edited. Clicking on the btn:[Foreground] and btn:[Background] buttons will
|
|||
open a color chooser (<<ChCustChooseColorDialog>>) for the foreground (text) and
|
||||
background colors respectively.
|
||||
|
||||
[[ChCustChooseColorDialog]]
|
||||
[#ChCustChooseColorDialog]
|
||||
.A color chooser
|
||||
image::wsug_graphics/ws-choose-color-rule.png[{small-screenshot-attrs}]
|
||||
|
||||
|
@ -507,12 +507,12 @@ btn:[OK].
|
|||
in Wireshark. Note that the frame detail shows that the “Bad TCP” rule
|
||||
was applied, along with the matching filter.
|
||||
|
||||
[[ChCustColorFilterMany]]
|
||||
[#ChCustColorFilterMany]
|
||||
.Using color filters with Wireshark
|
||||
image::wsug_graphics/ws-coloring-fields.png[{screenshot-attrs}]
|
||||
|
||||
|
||||
[[ChCustProtocolDissectionSection]]
|
||||
[#ChCustProtocolDissectionSection]
|
||||
|
||||
=== Control Protocol dissection
|
||||
|
||||
|
@ -529,7 +529,7 @@ There are two ways to control the relations between protocol dissectors: disable
|
|||
a protocol dissector completely or temporarily divert the way Wireshark calls
|
||||
the dissectors.
|
||||
|
||||
[[ChAdvEnabledProtocols]]
|
||||
[#ChAdvEnabledProtocols]
|
||||
|
||||
==== The “Enabled Protocols” dialog box
|
||||
|
||||
|
@ -550,7 +550,7 @@ To enable or disable protocols select menu:Analyze[Enabled Protocols...].
|
|||
Wireshark will pop up the “Enabled Protocols” dialog box as shown in
|
||||
<<ChAdvEnabledProtocolsFig>>.
|
||||
|
||||
[[ChAdvEnabledProtocolsFig]]
|
||||
[#ChAdvEnabledProtocolsFig]
|
||||
.The “Enabled Protocols” dialog box
|
||||
image::wsug_graphics/ws-enabled-protocols.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -570,7 +570,7 @@ btn:[OK]:: Save and apply the changes and close the dialog box, see <<AppFiles>>
|
|||
|
||||
btn:[Cancel]:: Cancel the changes and close the dialog box.
|
||||
|
||||
[[ChAdvDecodeAs]]
|
||||
[#ChAdvDecodeAs]
|
||||
|
||||
==== User Specified Decodes
|
||||
|
||||
|
@ -581,7 +581,7 @@ experiments on your network.
|
|||
Decode As is accessed by selecting the menu:Analyze[Decode As...]. Wireshark
|
||||
will pop up the “Decode As” dialog box as shown in <<ChAdvDecodeAsFig>>.
|
||||
|
||||
[[ChAdvDecodeAsFig]]
|
||||
[#ChAdvDecodeAsFig]
|
||||
.The “Decode As” dialog box
|
||||
image::wsug_graphics/ws-decode-as.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -609,7 +609,7 @@ btn:[Save]:: Save and apply the user specified decodes and close the dialog box.
|
|||
|
||||
btn:[Cancel]:: Cancel the changes and close the dialog box.
|
||||
|
||||
[[ChCustPreferencesSection]]
|
||||
[#ChCustPreferencesSection]
|
||||
|
||||
=== Preferences
|
||||
|
||||
|
@ -626,7 +626,7 @@ side is a tree where you can select the page to be shown.
|
|||
|
||||
* The btn:[Cancel] button will restore all preferences settings to the last saved state.
|
||||
|
||||
[[ChCustGUIPrefPage]]
|
||||
[#ChCustGUIPrefPage]
|
||||
.The preferences dialog box
|
||||
image::wsug_graphics/ws-gui-preferences.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -648,7 +648,7 @@ $ wireshark -o "gui.prepend_window_title:Internal Network" &
|
|||
$ wireshark -o "gui.prepend_window_title:External Network" &
|
||||
----
|
||||
|
||||
[[ChCustConfigProfilesSection]]
|
||||
[#ChCustConfigProfilesSection]
|
||||
|
||||
=== Configuration Profiles
|
||||
|
||||
|
@ -722,7 +722,7 @@ Configuration files stored in each profile include:
|
|||
All other configurations are stored in the personal configuration folder and
|
||||
are common to all profiles.
|
||||
|
||||
[[ChCustGUIConfigProfilesPage]]
|
||||
[#ChCustGUIConfigProfilesPage]
|
||||
.The configuration profiles dialog box
|
||||
image::wsug_graphics/ws-gui-config-profiles.png[{medium-screenshot-attrs}]
|
||||
|
||||
|
@ -773,14 +773,14 @@ added and deleted profiles will not be deleted.
|
|||
btn:[Help]::
|
||||
Show this help page.
|
||||
|
||||
[[ChUserTable]]
|
||||
[#ChUserTable]
|
||||
|
||||
=== User Table
|
||||
|
||||
The User Table editor is used for managing various tables in Wireshark. Its main
|
||||
dialog works very similarly to that of <<ChCustColorizationSection>>.
|
||||
|
||||
[[ChDisplayFilterMacrosSection]]
|
||||
[#ChDisplayFilterMacrosSection]
|
||||
|
||||
=== Display Filter Macros
|
||||
|
||||
|
@ -810,7 +810,7 @@ The name of the macro.
|
|||
Text::
|
||||
The replacement text for the macro it uses $1, $2, $3, ... as the input arguments.
|
||||
|
||||
[[ChEssCategoryAttributes]]
|
||||
[#ChEssCategoryAttributes]
|
||||
|
||||
=== ESS Category Attributes
|
||||
|
||||
|
@ -828,7 +828,7 @@ The value (Label And Cert Value) representing the Category.
|
|||
Name::
|
||||
The textual representation for the value.
|
||||
|
||||
[[ChMaxMindDbPaths]]
|
||||
[#ChMaxMindDbPaths]
|
||||
|
||||
=== MaxMind Database Paths
|
||||
|
||||
|
@ -847,7 +847,7 @@ The locations for your data files are up to you, but `/usr/share/GeoIP`
|
|||
and `/var/lib/GeoIP` are common on Linux and `C:\ProgramData\GeoIP`,
|
||||
`C:\Program Files\Wireshark\GeoIP` might be good choices on Windows.
|
||||
|
||||
[[ChGeoIPDbPaths]]
|
||||
[#ChGeoIPDbPaths]
|
||||
|
||||
Previous versions of Wireshark supported MaxMind's original GeoIP Legacy
|
||||
database format. They were configured similar to MaxMindDB files above,
|
||||
|
@ -855,7 +855,7 @@ except GeoIP files must begin with _Geo_ and end with _.dat_. They are
|
|||
no longer supported and MaxMind stopped distributing GeoLite Legacy
|
||||
databases in April 2018.
|
||||
|
||||
[[ChIKEv2DecryptionSection]]
|
||||
[#ChIKEv2DecryptionSection]
|
||||
|
||||
=== IKEv2 decryption table
|
||||
|
||||
|
@ -903,7 +903,7 @@ length must meet the requirement of the integrity algorithm selected.
|
|||
Integrity Algorithm::
|
||||
Integrity algorithm of the IKE_SA.
|
||||
|
||||
[[ChObjectIdentifiers]]
|
||||
[#ChObjectIdentifiers]
|
||||
|
||||
=== Object Identifiers
|
||||
|
||||
|
@ -935,7 +935,7 @@ Syntax::
|
|||
The syntax of the value associated with the Object Identifier. This must be one
|
||||
of the syntaxes that Wireshark already knows about (e.g. “PrintableString”).
|
||||
|
||||
[[ChPresContextList]]
|
||||
[#ChPresContextList]
|
||||
|
||||
=== PRES Users Context List
|
||||
|
||||
|
@ -954,7 +954,7 @@ Syntax Name OID::
|
|||
The object identifier representing the abstract syntax name, which defines the
|
||||
protocol that is carried over this association.
|
||||
|
||||
[[ChSccpUsers]]
|
||||
[#ChSccpUsers]
|
||||
|
||||
=== SCCP users Table
|
||||
|
||||
|
@ -977,7 +977,7 @@ An range of integers representing the ssns for which this association is valid.
|
|||
User protocol::
|
||||
The protocol that is carried over this association
|
||||
|
||||
[[ChSNMPSMIModules]]
|
||||
[#ChSNMPSMIModules]
|
||||
|
||||
=== SMI (MIB and PIB) Modules
|
||||
|
||||
|
@ -987,7 +987,7 @@ modules here. The COPS and SNMP dissectors can use them to resolve OIDs.
|
|||
Module name::
|
||||
The name of the module, e.g. IF-MIB.
|
||||
|
||||
[[ChSNMPSMIPaths]]
|
||||
[#ChSNMPSMIPaths]
|
||||
|
||||
=== SMI (MIB and PIB) Paths
|
||||
|
||||
|
@ -999,7 +999,7 @@ A module directory, e.g. `/usr/local/snmp/mibs`. Wireshark automatically uses
|
|||
the standard SMI path for your system, so you usually don’t have to add anything
|
||||
here.
|
||||
|
||||
[[ChSNMPEnterpriseSpecificTrapTypes]]
|
||||
[#ChSNMPEnterpriseSpecificTrapTypes]
|
||||
|
||||
=== SNMP Enterprise Specific Trap Types
|
||||
|
||||
|
@ -1021,7 +1021,7 @@ An Integer representing the specific-trap code.
|
|||
Description::
|
||||
The description to show in the packet details.
|
||||
|
||||
[[ChSNMPUsersSection]]
|
||||
[#ChSNMPUsersSection]
|
||||
|
||||
=== SNMP users Table
|
||||
|
||||
|
@ -1060,7 +1060,7 @@ password 010203040506 must be entered as _\x01\x02\x03\x04\x05\x06_. The _\_
|
|||
character must be treated as an unprintable character, i.e. it must be entered
|
||||
as _\x5C_ or _\x5c_.
|
||||
|
||||
[[ChK12ProtocolsSection]]
|
||||
[#ChK12ProtocolsSection]
|
||||
|
||||
=== Tektronix K12xx/15 RF5 protocols Table
|
||||
|
||||
|
@ -1083,7 +1083,7 @@ sscf-nni ) or the name of the encapsulation protocol and the “application”
|
|||
protocol over it separated by a colon (e.g sscop:sscf-nni, sscop:alcap,
|
||||
sscop:nbap, ...)
|
||||
|
||||
[[ChUserDLTsSection]]
|
||||
[#ChUserDLTsSection]
|
||||
|
||||
=== User DLTs protocol table
|
||||
|
||||
|
@ -1114,7 +1114,7 @@ size this trailer is. A value of 0 disables the trailer protocol.
|
|||
Trailer protocol::
|
||||
The name of the trailer protocol to be used (uses “data” as default).
|
||||
|
||||
[[ChProtobufSearchPaths]]
|
||||
[#ChProtobufSearchPaths]
|
||||
|
||||
=== Protobuf Search Paths
|
||||
|
||||
|
@ -1151,7 +1151,7 @@ changed. Note that the source directories that configured to protobuf official o
|
|||
libraries path (like `d:/protobuf-3.4.1/include/`) should not be set to load all
|
||||
files, that may cause unnecessary memory use.
|
||||
|
||||
[[ChProtobufUDPMessageTypes]]
|
||||
[#ChProtobufUDPMessageTypes]
|
||||
|
||||
=== Protobuf UDP Message Types
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter Introduction
|
||||
|
||||
[[ChapterIntroduction]]
|
||||
[#ChapterIntroduction]
|
||||
|
||||
== Introduction
|
||||
|
||||
[[ChIntroWhatIs]]
|
||||
[#ChIntroWhatIs]
|
||||
|
||||
=== What is Wireshark?
|
||||
|
||||
|
@ -21,7 +21,7 @@ However, with the advent of Wireshark, that has changed. Wireshark is
|
|||
available for free, is open source, and is one of the best packet
|
||||
analyzers available today.
|
||||
|
||||
[[ChIntroPurposes]]
|
||||
[#ChIntroPurposes]
|
||||
|
||||
==== Some intended purposes
|
||||
|
||||
|
@ -39,7 +39,7 @@ Here are some reasons people use Wireshark:
|
|||
|
||||
Wireshark can also be helpful in many other situations.
|
||||
|
||||
[[ChIntroFeatures]]
|
||||
[#ChIntroFeatures]
|
||||
|
||||
==== Features
|
||||
|
||||
|
@ -75,7 +75,7 @@ However, to really appreciate its power you have to start using it.
|
|||
<<ChIntroFig1>> shows Wireshark having captured some packets and waiting for you
|
||||
to examine them.
|
||||
|
||||
[[ChIntroFig1]]
|
||||
[#ChIntroFig1]
|
||||
.Wireshark captures packets and lets you examine their contents.
|
||||
image::wsug_graphics/ws-main.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -111,7 +111,7 @@ keys or fees or such. In addition, all source code is freely available under the
|
|||
GPL. Because of that, it is very easy for people to add new protocols to
|
||||
Wireshark, either as plugins, or built into the source, and they often do!
|
||||
|
||||
[[ChIntroNoFeatures]]
|
||||
[#ChIntroNoFeatures]
|
||||
|
||||
==== What Wireshark is not
|
||||
|
||||
|
@ -126,7 +126,7 @@ Here are some things Wireshark does not provide:
|
|||
things from it. Wireshark doesn’t send packets on the network or do other
|
||||
active things (except domain name resolution, but that can be disabled).
|
||||
|
||||
[[ChIntroPlatforms]]
|
||||
[#ChIntroPlatforms]
|
||||
|
||||
=== System Requirements
|
||||
|
||||
|
@ -256,7 +256,7 @@ If a binary package is not available for your platform you can download
|
|||
the source and try to build it. Please report your experiences to
|
||||
mailto:{wireshark-dev-list-email}[].
|
||||
|
||||
[[ChIntroDownload]]
|
||||
[#ChIntroDownload]
|
||||
|
||||
=== Where To Get Wireshark
|
||||
|
||||
|
@ -275,7 +275,7 @@ Announcement messages are archived at https://www.wireshark.org/lists/wireshark-
|
|||
Both are GPG-signed and include verification instructions for Windows, Linux, and macOS.
|
||||
As noted above, you can also verify downloads on Windows and macOS using the code signature validation features on those systems.
|
||||
|
||||
[[ChIntroHistory]]
|
||||
[#ChIntroHistory]
|
||||
|
||||
=== A Brief History Of Wireshark
|
||||
|
||||
|
@ -312,7 +312,7 @@ Conference, called Sharkfest.
|
|||
|
||||
In 2015 Wireshark 2.0 was released, which featured a new user interface.
|
||||
|
||||
[[ChIntroMaintenance]]
|
||||
[#ChIntroMaintenance]
|
||||
|
||||
=== Development And Maintenance Of Wireshark
|
||||
|
||||
|
@ -351,21 +351,21 @@ The Wireshark source code and binary kits for some platforms are all
|
|||
available on the download page of the Wireshark website:
|
||||
{wireshark-download-url}.
|
||||
|
||||
[[ChIntroHelp]]
|
||||
[#ChIntroHelp]
|
||||
|
||||
=== Reporting Problems And Getting Help
|
||||
|
||||
If you have problems or need help with Wireshark there are several places that
|
||||
may be of interest (besides this guide, of course).
|
||||
|
||||
[[ChIntroHomepage]]
|
||||
[#ChIntroHomepage]
|
||||
|
||||
==== Website
|
||||
|
||||
You will find lots of useful information on the Wireshark homepage at
|
||||
{wireshark-main-url}.
|
||||
|
||||
[[ChIntroWiki]]
|
||||
[#ChIntroWiki]
|
||||
|
||||
==== Wiki
|
||||
|
||||
|
@ -379,7 +379,7 @@ And best of all, if you would like to contribute your knowledge on a specific
|
|||
topic (maybe a network protocol you know well), you can edit the wiki pages
|
||||
with your web browser.
|
||||
|
||||
[[ChIntroQA]]
|
||||
[#ChIntroQA]
|
||||
|
||||
==== Q&A Site
|
||||
|
||||
|
@ -390,7 +390,7 @@ knew about the issue. Answers are ranked, so you can easily pick out the best
|
|||
ones. If your question hasn’t been discussed before you can post
|
||||
one yourself.
|
||||
|
||||
[[ChIntroFAQ]]
|
||||
[#ChIntroFAQ]
|
||||
|
||||
==== FAQ
|
||||
|
||||
|
@ -413,7 +413,7 @@ An online version is available at the Wireshark website at
|
|||
{wireshark-faq-url}. You might prefer this online version, as it’s
|
||||
typically more up to date and the HTML format is easier to use.
|
||||
|
||||
[[ChIntroMailingLists]]
|
||||
[#ChIntroMailingLists]
|
||||
|
||||
==== Mailing Lists
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter IO
|
||||
|
||||
[[ChapterIO]]
|
||||
[#ChapterIO]
|
||||
|
||||
== File Input, Output, And Printing
|
||||
|
||||
[[ChIOIntroductionSection]]
|
||||
[#ChIOIntroductionSection]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -20,7 +20,7 @@ This chapter will describe input and output of capture data.
|
|||
|
||||
* Print packets
|
||||
|
||||
[[ChIOOpenSection]]
|
||||
[#ChIOOpenSection]
|
||||
|
||||
=== Open Capture Files
|
||||
|
||||
|
@ -42,7 +42,7 @@ capture files from a large number of other packet capture programs as well. See
|
|||
<<ChIOInputFormatsSection>> for the list of capture formats Wireshark
|
||||
understands.
|
||||
|
||||
[[ChIOOpen]]
|
||||
[#ChIOOpen]
|
||||
|
||||
==== The “Open Capture File” Dialog Box
|
||||
|
||||
|
@ -75,14 +75,14 @@ Wireshark adds the following controls:
|
|||
|
||||
* Optionally force Wireshark to read a file as a particular type using the “Automatically detect file type” dropdown.
|
||||
|
||||
[[ChIOOpenFileDialogWin32]]
|
||||
[#ChIOOpenFileDialogWin32]
|
||||
|
||||
.“Open” on Microsoft Windows
|
||||
image::wsug_graphics/ws-open-win32.png[{medium-screenshot-attrs}]
|
||||
|
||||
This is the common Windows file open dialog along with some Wireshark extensions.
|
||||
|
||||
[[ChIOOpenFileDialog]]
|
||||
[#ChIOOpenFileDialog]
|
||||
|
||||
.“Open” - Linux and UNIX
|
||||
image::wsug_graphics/ws-open-qt5.png[{medium-screenshot-attrs}]
|
||||
|
@ -91,7 +91,7 @@ This is the common Qt file open dialog along with some Wireshark extensions.
|
|||
|
||||
// XXX Add macOS
|
||||
|
||||
[[ChIOInputFormatsSection]]
|
||||
[#ChIOInputFormatsSection]
|
||||
|
||||
|
||||
==== Input File Formats
|
||||
|
@ -214,7 +214,7 @@ captured. Ethernet captures are usually supported for most file formats but it
|
|||
may not be possible to read other packet types such as PPP or IEEE 802.11 from
|
||||
all file formats.
|
||||
|
||||
[[ChIOSaveSection]]
|
||||
[#ChIOSaveSection]
|
||||
|
||||
=== Saving Captured Packets
|
||||
|
||||
|
@ -225,7 +225,7 @@ Not all information will be saved in a capture file. For example, most file
|
|||
formats don’t record the number of dropped packets. See
|
||||
<<ChAppFilesCaptureFilesSection>> for details.
|
||||
|
||||
[[ChIOSaveAs]]
|
||||
[#ChIOSaveAs]
|
||||
|
||||
==== The “Save Capture File As” Dialog Box
|
||||
|
||||
|
@ -234,14 +234,14 @@ The exact appearance of this dialog depends on your system.
|
|||
However, the functionality is the same across systems.
|
||||
Examples are shown below.
|
||||
|
||||
[[ChIOSaveAsFileWin32]]
|
||||
[#ChIOSaveAsFileWin32]
|
||||
|
||||
.“Save” on Microsoft Windows
|
||||
image::wsug_graphics/ws-save-as-win32.png[{medium-screenshot-attrs}]
|
||||
|
||||
This is the common Windows file save dialog with some additional Wireshark extensions.
|
||||
|
||||
[[ChIOSaveAsFile2]]
|
||||
[#ChIOSaveAsFile2]
|
||||
|
||||
.“Save” on Linux and UNIX
|
||||
image::wsug_graphics/ws-save-as-qt5.png[{medium-screenshot-attrs}]
|
||||
|
@ -278,7 +278,7 @@ You can convert capture files from one format to another by opening a capture an
|
|||
|
||||
If you wish to save some of the packets in your capture file you can do so via <<ChIOExportSpecifiedPacketsDialog>>.
|
||||
|
||||
[[ChIOOutputFormatsSection]]
|
||||
[#ChIOOutputFormatsSection]
|
||||
|
||||
==== Output File Formats
|
||||
|
||||
|
@ -357,7 +357,7 @@ the `.cap` extension in order to open a file using the Windows version
|
|||
of _Sniffer_.
|
||||
====
|
||||
|
||||
[[ChIOMergeSection]]
|
||||
[#ChIOMergeSection]
|
||||
|
||||
=== Merging Capture Files
|
||||
|
||||
|
@ -379,7 +379,7 @@ There are three ways to merge capture files using Wireshark:
|
|||
This tool provides the most options to merge capture files.
|
||||
See <<AppToolsmergecap>> for details.
|
||||
|
||||
[[ChIOMergeDialog]]
|
||||
[#ChIOMergeDialog]
|
||||
|
||||
==== The “Merge With Capture File” Dialog Box
|
||||
|
||||
|
@ -400,18 +400,18 @@ Merge both the packets from the selected and currently loaded file in chronologi
|
|||
Append packets::
|
||||
Append the packets from the selected file after the currently loaded packets.
|
||||
|
||||
[[ChIOMergeFileTab]]
|
||||
[#ChIOMergeFileTab]
|
||||
|
||||
.“Merge Capture File As” dialog box examples
|
||||
|
||||
[[ChIOMergeFileWin32]]
|
||||
[#ChIOMergeFileWin32]
|
||||
|
||||
.“Merge” on Microsoft Windows
|
||||
image::wsug_graphics/ws-merge-win32.png[{medium-screenshot-attrs}]
|
||||
|
||||
This is the common Windows file open dialog with additional Wireshark extensions.
|
||||
|
||||
[[ChIOMergeFile2]]
|
||||
[#ChIOMergeFile2]
|
||||
|
||||
.“Merge” on Linux and UNIX
|
||||
image::wsug_graphics/ws-merge-qt5.png[{medium-screenshot-attrs}]
|
||||
|
@ -420,7 +420,7 @@ This is the Qt file open dialog with additional Wireshark extensions.
|
|||
|
||||
// XXX Add macOS
|
||||
|
||||
[[ChIOImportSection]]
|
||||
[#ChIOImportSection]
|
||||
|
||||
=== Import Hex Dump
|
||||
|
||||
|
@ -553,7 +553,7 @@ be used to reorder out of order captures after the import.
|
|||
If this field is not given, no IDs will be present in the resulting file.
|
||||
+
|
||||
|
||||
[[ChIOImportDialog]]
|
||||
[#ChIOImportDialog]
|
||||
|
||||
|
||||
==== The “Import From Hex Dump” Dialog Box
|
||||
|
@ -561,7 +561,7 @@ If this field is not given, no IDs will be present in the resulting file.
|
|||
This dialog box lets you select a text file, containing a hex dump of packet
|
||||
data, to be imported and set import parameters.
|
||||
|
||||
[[ChIOFileImportDialog]]
|
||||
[#ChIOFileImportDialog]
|
||||
|
||||
.The “Import from Hex Dump” dialog in Hex Dump mode
|
||||
image::wsug_graphics/ws-file-import.png[{medium-screenshot-attrs}]
|
||||
|
@ -677,7 +677,7 @@ in the expected range and all unlocked fields are populated when using regex mod
|
|||
When completed there will be a new capture file loaded with the frames imported
|
||||
from the text file.
|
||||
|
||||
[[ChIOFileSetSection]]
|
||||
[#ChIOFileSetSection]
|
||||
|
||||
=== File Sets
|
||||
|
||||
|
@ -717,7 +717,7 @@ with file sets in a convenient way:
|
|||
* btn:[Previous File] closes the current and opens the previous file in the
|
||||
file set.
|
||||
|
||||
[[ChIOFileSetListDialog]]
|
||||
[#ChIOFileSetListDialog]
|
||||
|
||||
==== The “List Files” Dialog Box
|
||||
|
||||
|
@ -748,7 +748,7 @@ opened/closed.
|
|||
|
||||
The btn:[Close] button will, well, close the dialog box.
|
||||
|
||||
[[ChIOExportSection]]
|
||||
[#ChIOExportSection]
|
||||
|
||||
// - Add {missing} for other exports?
|
||||
|
||||
|
@ -758,7 +758,7 @@ Wireshark provides a variety of options for exporting packet data.
|
|||
This section describes general ways to export data from the main Wireshark application.
|
||||
There are many other ways to export or extract data from capture files, including processing <<AppToolstshark,tshark>> output and customizing Wireshark and TShark using Lua scripts.
|
||||
|
||||
[[ChIOExportSpecifiedPacketsDialog]]
|
||||
[#ChIOExportSpecifiedPacketsDialog]
|
||||
|
||||
==== The “Export Specified Packets” Dialog Box
|
||||
|
||||
|
@ -769,7 +769,7 @@ This is similar to the “<<ChIOSaveAs,Save>>” dialog box, but it lets you sav
|
|||
This can be useful for trimming irrelevant or unwanted packets from a capture file.
|
||||
See <<ChIOPacketRangeSection,Packet Range>> for details on the range controls.
|
||||
|
||||
[[ChIOExportPacketDissectionsDialog]]
|
||||
[#ChIOExportPacketDissectionsDialog]
|
||||
|
||||
==== The “Export Packet Dissections” Dialog Box
|
||||
|
||||
|
@ -958,7 +958,7 @@ If you would like to be able to <<ChIOImportSection,import>> any previously expo
|
|||
]
|
||||
----
|
||||
|
||||
[[ChIOExportSelectedDialog]]
|
||||
[#ChIOExportSelectedDialog]
|
||||
|
||||
==== The “Export Selected Packet Bytes” Dialog Box
|
||||
|
||||
|
@ -973,7 +973,7 @@ The file name to export the packet data to.
|
|||
Save as type::
|
||||
The file extension.
|
||||
|
||||
[[ChIOExportPDUSDialog]]
|
||||
[#ChIOExportPDUSDialog]
|
||||
|
||||
==== The “Export PDUs to File...” Dialog Box
|
||||
|
||||
|
@ -981,7 +981,7 @@ The “Export PDUs to File...” dialog box allows you to filter the captured Pr
|
|||
|
||||
. In the main menu select menu:File[Export PDUs to File...]. Wireshark will open a corresponding dialog <<ExportPDUsToFile>>.
|
||||
+
|
||||
[[ExportPDUsToFile]]
|
||||
[#ExportPDUsToFile]
|
||||
+
|
||||
.Export PDUs to File window
|
||||
image::wsug_graphics/ws-export-pdus-to-file.png[{screenshot-attrs}]
|
||||
|
@ -1008,7 +1008,7 @@ NOTE: You can add any dissector to the existing list, or define a new entry in t
|
|||
|
||||
. You can open the file from the main Wireshark window by choosing it in the bottom-left corner. That closes the originally captured file and opens the exported results instead.
|
||||
|
||||
[[ChIOExportTLSSessionKeys]]
|
||||
[#ChIOExportTLSSessionKeys]
|
||||
|
||||
==== The “Export TLS Session Keys...” Dialog Box
|
||||
|
||||
|
@ -1022,7 +1022,7 @@ To export captured TLS session keys, follow the steps below:
|
|||
|
||||
. In the main menu select menu:File[Export TLS Session Keys...]. Wireshark will open a corresponding dialog <<TlsSessionKeys>>.
|
||||
+
|
||||
[[TlsSessionKeys]]
|
||||
[#TlsSessionKeys]
|
||||
+
|
||||
.Export TLS Session Keys window
|
||||
image::wsug_graphics/ws-tls-session-keys.png[{screenshot-attrs}]
|
||||
|
@ -1033,7 +1033,7 @@ image::wsug_graphics/ws-tls-session-keys.png[{screenshot-attrs}]
|
|||
|
||||
. Press the btn:[Save] button to complete the export file procedure.
|
||||
|
||||
[[ChIOExportObjectsDialog]]
|
||||
[#ChIOExportObjectsDialog]
|
||||
|
||||
==== The “Export Objects” Dialog Box
|
||||
|
||||
|
@ -1088,7 +1088,7 @@ Saves the currently selected object as a filename you specify. The
|
|||
default filename to save as is taken from the filename column of the objects
|
||||
list.
|
||||
|
||||
[[ChIOPrintSection]]
|
||||
[#ChIOPrintSection]
|
||||
|
||||
=== Printing Packets
|
||||
|
||||
|
@ -1103,7 +1103,7 @@ Printed output can contain lots of text, particularly if you print packet detail
|
|||
|
||||
==== The “Print” Dialog Box
|
||||
|
||||
[[ChIOPrintDialogBox]]
|
||||
[#ChIOPrintDialogBox]
|
||||
|
||||
.The “Print” dialog box
|
||||
image::wsug_graphics/ws-print.png[{medium-screenshot-attrs}]
|
||||
|
@ -1136,14 +1136,14 @@ btn:[Cancel] will close the dialog without printing.
|
|||
|
||||
btn:[Help] will display this section of the “User’s Guide”.
|
||||
|
||||
[[ChIOPacketRangeSection]]
|
||||
[#ChIOPacketRangeSection]
|
||||
|
||||
=== The “Packet Range” Frame
|
||||
|
||||
The packet range frame is a part of the “<<ChIOExportSpecifiedPacketsDialog,Export Specified Packets>>,” “<<ChIOExportPacketDissectionsDialog,Export Packet Dissections>>,” and “<<ChIOPrintSection,Print>>” dialog boxes.
|
||||
You can use it to specify which packets will be exported or printed.
|
||||
|
||||
[[ChIOPacketRangeFrame]]
|
||||
[#ChIOPacketRangeFrame]
|
||||
|
||||
.The “Packet Range” frame
|
||||
image::wsug_graphics/ws-packet-range.png[{medium-screenshot-attrs}]
|
||||
|
@ -1171,14 +1171,14 @@ Remove ignored packets::
|
|||
Don't export or print ignored packets.
|
||||
See <<ChWorkIgnorePacketSection>>.
|
||||
|
||||
[[ChIOPacketFormatSection]]
|
||||
[#ChIOPacketFormatSection]
|
||||
|
||||
=== The Packet Format Frame
|
||||
|
||||
The packet format frame is also a part of the “<<ChIOExportPacketDissectionsDialog,Export Packet Dissections>>” and “<<ChIOPrintSection,Print>>” dialog boxes.
|
||||
You can use it to specify which parts of dissection are exported or printed.
|
||||
|
||||
[[ChIOPacketFormatFrame]]
|
||||
[#ChIOPacketFormatFrame]
|
||||
|
||||
.The “Packet Format” frame
|
||||
image::wsug_graphics/ws-packet-format.png[{small-screenshot-attrs}]
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
[[ChMate]]
|
||||
[#ChMate]
|
||||
|
||||
== MATE
|
||||
|
||||
[[ChMateIntroduction]]
|
||||
[#ChMateIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -41,7 +41,7 @@ that timeout)
|
|||
* Follow requests through more gateways/proxies.
|
||||
* more...
|
||||
|
||||
[[ChMateGettingStarted]]
|
||||
[#ChMateGettingStarted]
|
||||
|
||||
=== Getting Started
|
||||
|
||||
|
@ -62,7 +62,7 @@ If anything went well, your packet details might look something like this:
|
|||
|
||||
image::wsug_graphics/ws-mate-tcp-output.png[]
|
||||
|
||||
[[ChMateManual]]
|
||||
[#ChMateManual]
|
||||
|
||||
=== MATE Manual
|
||||
|
||||
|
@ -116,7 +116,7 @@ AVPLs to operate against the Gop's AVPL to relate Gops together into Gogs.
|
|||
A good understanding on how AVPs and AVPLs work is fundamental to understand how
|
||||
MATE works.
|
||||
|
||||
[[AVP]]
|
||||
[#AVP]
|
||||
==== Attribute Value Pairs
|
||||
|
||||
Information used by MATE to relate different frames is contained in Attribute/
|
||||
|
@ -896,7 +896,7 @@ from huge capture files using just the calling number. Later he used the time he
|
|||
had saved to make it flexible enough to work with protocols other than the ones
|
||||
he was directly involved with.
|
||||
|
||||
[[ChMateConfigurationTutorial]]
|
||||
[#ChMateConfigurationTutorial]
|
||||
|
||||
=== MATE's configuration tutorial
|
||||
|
||||
|
@ -1156,7 +1156,7 @@ declarations the following way:
|
|||
|
||||
Now we got it, every "usage" gets it's own Gog.
|
||||
|
||||
[[ChMateConfigurationExamples]]
|
||||
[#ChMateConfigurationExamples]
|
||||
|
||||
=== MATE configuration examples
|
||||
|
||||
|
@ -1409,7 +1409,7 @@ Gog mms {
|
|||
};
|
||||
----
|
||||
|
||||
[[ChMateConfigurationLibrary]]
|
||||
[#ChMateConfigurationLibrary]
|
||||
|
||||
=== MATE's configuration library
|
||||
|
||||
|
@ -1543,7 +1543,7 @@ Action=GopStop; For=mgc_tr; megaco_msg=Reply;
|
|||
Action=GopExtra; For=mgc_tr; term^DS1; megaco_ctx!Choose one;
|
||||
----
|
||||
|
||||
[[ChMateReferenceManual]]
|
||||
[#ChMateReferenceManual]
|
||||
|
||||
=== MATE's reference manual
|
||||
|
||||
|
@ -1603,7 +1603,7 @@ higher than the configuration value string.
|
|||
* <<Exists,Exists>> _?_ (can be omitted) will match if the AVP name matches, regardless
|
||||
what the value string is.
|
||||
|
||||
[[Equal]]
|
||||
[#Equal]
|
||||
====== Equal AVP Operator
|
||||
|
||||
This operator tests whether the values of the operator and the operand AVP are
|
||||
|
@ -1613,7 +1613,7 @@ Example::
|
|||
attrib=aaa *matches* attrib=aaa +
|
||||
attrib=aaa *does not match* attrib=bbb
|
||||
|
||||
[[NotEqual]]
|
||||
[#NotEqual]
|
||||
====== Not equal AVP operator
|
||||
|
||||
This operator matches if the value strings of two AVPs are not equal.
|
||||
|
@ -1622,7 +1622,7 @@ Example::
|
|||
attrib=aaa matches attrib!bbb +
|
||||
attrib=aaa does not match attrib!aaa
|
||||
|
||||
[[OneOf]]
|
||||
[#OneOf]
|
||||
====== "One of" AVP operator
|
||||
|
||||
The "one of" operator matches if the data AVP value is equal to one of the
|
||||
|
@ -1633,7 +1633,7 @@ attrib=1 matches attrib{1|2|3} +
|
|||
attrib=2 matches attrib{1|2|3} +
|
||||
attrib=4 does not match attrib{1|2|3}
|
||||
|
||||
[[StartsWith]]
|
||||
[#StartsWith]
|
||||
====== "Starts with" AVP operator
|
||||
|
||||
The "starts with" operator matches if the first characters of the data AVP
|
||||
|
@ -1646,7 +1646,7 @@ attrib=ab does not match attrib^abc +
|
|||
attrib=abcd does not match attrib^bcd +
|
||||
attrib=abc does not match attrib^abcd +
|
||||
|
||||
[[EndsWith]]
|
||||
[#EndsWith]
|
||||
====== "Ends with" operator
|
||||
|
||||
The ends with operator will match if the last bytes of the data AVP value are
|
||||
|
@ -1657,7 +1657,7 @@ attrib=wxyz matches attrib$xyz +
|
|||
attrib=yz does not match attrib$xyz +
|
||||
attrib=abc...wxyz does not match attrib$abc
|
||||
|
||||
[[Contains]]
|
||||
[#Contains]
|
||||
====== Contains operator
|
||||
|
||||
The "contains" operator will match if the data AVP value contains a string
|
||||
|
@ -1669,7 +1669,7 @@ attrib=abcde matches attrib~abc +
|
|||
attrib=abcde matches attrib~cde +
|
||||
attrib=abcde does not match attrib~xyz
|
||||
|
||||
[[LowerThan]]
|
||||
[#LowerThan]
|
||||
====== "Lower than" operator
|
||||
|
||||
The "lower than" operator will match if the data AVP value is semantically lower
|
||||
|
@ -1686,7 +1686,7 @@ BUGS
|
|||
|
||||
It should check whether the values are numbers and compare them numerically
|
||||
|
||||
[[HigherThan]]
|
||||
[#HigherThan]
|
||||
====== "Higher than" operator
|
||||
|
||||
The "higher than" operator will match if the data AVP value is semantically
|
||||
|
@ -1704,7 +1704,7 @@ BUGS
|
|||
|
||||
It should check whether the values are numbers and compare them numerically
|
||||
|
||||
[[Exists]]
|
||||
[#Exists]
|
||||
====== Exists operator
|
||||
|
||||
The exists operator will always match as far as the two operands have the same
|
||||
|
@ -1747,7 +1747,7 @@ configuration AVPL.
|
|||
configuration AVPL has at least one match in the data AVPL. If it matches, it
|
||||
returns a result AVPL containing those AVPs from the data AVPL that matched.
|
||||
|
||||
[[Loose]]
|
||||
[#Loose]
|
||||
====== Loose Match
|
||||
|
||||
A loose match between AVPLs succeeds if at least one of the data AVPs matches at
|
||||
|
@ -1774,7 +1774,7 @@ Loose Match Examples
|
|||
|
||||
(attr_a=aaa, attr_b=bbb, attr_c=xxx) Match Loose (attr_a=xxx; attr_c=ccc) ==> No Match!
|
||||
|
||||
[[Every]]
|
||||
[#Every]
|
||||
====== Every Match
|
||||
|
||||
An "every" match between AVPLs succeeds if none of the configuration's AVPs that
|
||||
|
@ -1799,7 +1799,7 @@ https://gitlab.com/wireshark/wireshark/-/issues/12184[issue 12184].
|
|||
|
||||
(attr_a=aaa; attr_b=bbb; attr_c=xxx) Match Every (attr_a=xxx, attr_c=ccc) ==> No Match!
|
||||
|
||||
[[Strict]]
|
||||
[#Strict]
|
||||
====== Strict Match
|
||||
|
||||
A Strict match between AVPLs succeeds if and only if every AVP in the
|
||||
|
@ -1819,7 +1819,7 @@ Examples
|
|||
|
||||
(attr_a=aaa, attr_b=bbb, attr_c=xxx) Match Strict (attr_a?, attr_c?, attr_d?) ==> No Match!
|
||||
|
||||
[[Merge]]
|
||||
[#Merge]
|
||||
====== AVPL Merge
|
||||
|
||||
An AVPL may be merged into another one. That would add to the latter every AVP
|
||||
|
@ -1841,7 +1841,7 @@ Examples
|
|||
|
||||
(attr_a=aaa, attr_b=bbb) Merge (attr_c=xxx, attr_d=ddd) former becomes (attr_a=aaa, attr_b=bbb, attr_c=xxx, attr_d=ddd)
|
||||
|
||||
[[Transform]]
|
||||
[#Transform]
|
||||
====== Transforms
|
||||
|
||||
A Transform is a sequence of Match rules optionally followed by an instruction
|
||||
|
@ -1871,9 +1871,9 @@ and in the order given, i.e. left to right.
|
|||
In MATE configuration file, a Transform must be declared before declaring any
|
||||
item which uses it.
|
||||
|
||||
[[Config]]
|
||||
[#Config]
|
||||
=== Configuration AVPLs
|
||||
[[Pdu]]
|
||||
[#Pdu]
|
||||
==== Pdsu's configuration actions
|
||||
|
||||
The following configuration AVPLs deal with PDU creation and data extraction.
|
||||
|
@ -1980,7 +1980,7 @@ it. The list is always executed completely, left to right. On the contrary, the
|
|||
list of Match clauses inside each individual _Transform_ is executed only until
|
||||
the first match succeeds.
|
||||
|
||||
[[Criteria]]
|
||||
[#Criteria]
|
||||
====== Criteria clause
|
||||
|
||||
This clause tells MATE whether to use the Pdu for analysis. It specifies a match
|
||||
|
@ -2012,7 +2012,7 @@ Pdus of other types in the frame. If set to _TRUE_, it will not try to create
|
|||
Pdus of other types from the current frame, yet it will continue to try for the
|
||||
current type.
|
||||
|
||||
[[Gop]]
|
||||
[#Gop]
|
||||
===== Gop's configuration actions
|
||||
|
||||
====== Gop declaration block header
|
||||
|
@ -2131,7 +2131,7 @@ Whether or not to show the times subtree of the Gop. If _TRUE_, the default,
|
|||
the subtree with the timers is added to the Gop's tree. If _FALSE_, the subtree
|
||||
is suppressed.
|
||||
|
||||
[[Gog]]
|
||||
[#Gog]
|
||||
===== Gog's configuration actions
|
||||
|
||||
====== Gop declaration block header
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter Statistics
|
||||
|
||||
[[ChStatistics]]
|
||||
[#ChStatistics]
|
||||
|
||||
== Statistics
|
||||
|
||||
[[ChStatIntroduction]]
|
||||
[#ChStatIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -47,7 +47,7 @@ version of this document.
|
|||
Some of these statistics are described at
|
||||
{wireshark-wiki-url}Statistics.
|
||||
|
||||
[[ChStatSummary]]
|
||||
[#ChStatSummary]
|
||||
|
||||
=== The “Capture File Properties” Dialog
|
||||
|
||||
|
@ -100,7 +100,7 @@ Copies the “Details” information to the clipboard.
|
|||
btn:[Help]::
|
||||
Opens this section of the User’s Guide.
|
||||
|
||||
[[ChStatResolvedAddresses]]
|
||||
[#ChStatResolvedAddresses]
|
||||
|
||||
=== Resolved Addresses
|
||||
|
||||
|
@ -119,7 +119,7 @@ Wireshark reads the entries for port mappings from the `hosts` service configura
|
|||
.Resolved Addresses window
|
||||
image::wsug_graphics/ws-resolved-addr.png[{screenshot-attrs}]
|
||||
|
||||
[[ChStatHierarchy]]
|
||||
[#ChStatHierarchy]
|
||||
|
||||
=== The “Protocol Hierarchy” Window
|
||||
|
||||
|
@ -178,7 +178,7 @@ A single packet can contain the same protocol more than once. In this case, the
|
|||
protocol is counted more than once. For example ICMP replies and many tunneling
|
||||
protocols will carry more than one IP header.
|
||||
|
||||
[[ChStatConversations]]
|
||||
[#ChStatConversations]
|
||||
|
||||
=== Conversations
|
||||
|
||||
|
@ -187,7 +187,7 @@ example, an IP conversation is all the traffic between two IP addresses. The
|
|||
description of the known endpoint types can be found in
|
||||
<<ChStatEndpoints>>.
|
||||
|
||||
[[ChStatConversationsWindow]]
|
||||
[#ChStatConversationsWindow]
|
||||
|
||||
==== The “Conversations” Window
|
||||
|
||||
|
@ -230,7 +230,7 @@ it before (or while) you are doing a live capture.
|
|||
// Removed:
|
||||
// [[ChStatConversationListWindow]]
|
||||
|
||||
[[ChStatEndpoints]]
|
||||
[#ChStatEndpoints]
|
||||
|
||||
=== Endpoints
|
||||
|
||||
|
@ -293,7 +293,7 @@ endpoints. Of course, as these aren’t physical endpoints the real traffic
|
|||
will be received by some or all of the listed unicast endpoints.
|
||||
====
|
||||
|
||||
[[ChStatEndpointsWindow]]
|
||||
[#ChStatEndpointsWindow]
|
||||
|
||||
==== The “Endpoints” Window
|
||||
|
||||
|
@ -335,7 +335,7 @@ it before (or while) you are doing a live capture.
|
|||
// [[ChStatEndpointListWindow]]
|
||||
|
||||
|
||||
[[ChStatPacketLengths]]
|
||||
[#ChStatPacketLengths]
|
||||
|
||||
=== Packet Lengths
|
||||
|
||||
|
@ -381,7 +381,7 @@ You can show statistics for a portion of the capture by entering a display filte
|
|||
btn:[Copy] copies the statistics to the clipboard.
|
||||
btn:[Save as...] lets you save the data as text, CSV, YAML, or XML.
|
||||
|
||||
[[ChStatIOGraphs]]
|
||||
[#ChStatIOGraphs]
|
||||
|
||||
=== The “I/O Graphs” Window
|
||||
|
||||
|
@ -492,7 +492,7 @@ btn:[Save As...] will save the currently displayed graph as an image or CSV data
|
|||
You can see a list of useful keyboard shortcuts by right-clicking on the graph.
|
||||
====
|
||||
|
||||
[[ChStatIOGraphsMissingValues]]
|
||||
[#ChStatIOGraphsMissingValues]
|
||||
|
||||
[discrete]
|
||||
==== Missing Values Are Zero
|
||||
|
@ -509,7 +509,7 @@ Zero values are shown in line graphs, and bar charts.
|
|||
// If you need to display zero values in a scatter plot, you can do so by making the Y Axis a calculated field.
|
||||
// For example, the calculated equivalent of “Packets” is a “COUNT FRAMES” Y Axis with a Y Field set to “frame”.
|
||||
|
||||
[[ChStatSRT]]
|
||||
[#ChStatSRT]
|
||||
|
||||
=== Service Response Time
|
||||
|
||||
|
@ -537,7 +537,7 @@ This information is available for many protocols, including the following:
|
|||
As an example, the SMB2 service response time is described below in more detail.
|
||||
The other Service Response Time windows will show statistics specific to their respective protocols, but will offer the same menu options.
|
||||
|
||||
[[ChStatSRTSMB2]]
|
||||
[#ChStatSRTSMB2]
|
||||
|
||||
==== The “SMB2 Service Response Time Statistics” Window
|
||||
|
||||
|
@ -558,13 +558,13 @@ btn:[Save As...] will save the response time information in various formats.
|
|||
|
||||
btn:[Close] will close this dialog.
|
||||
|
||||
[[ChStatDHCPBOOTP]]
|
||||
[#ChStatDHCPBOOTP]
|
||||
|
||||
=== DHCP (BOOTP) Statistics
|
||||
|
||||
The Dynamic Host Configuration Protocol (DHCP) is an option of the Bootstrap Protocol (BOOTP). It dynamically assigns IP addresses and other parameters to a DHCP client. The DHCP (BOOTP) Statistics window displays a table over the number of occurrences of a DHCP message type. The user can filter, copy or save the data into a file.
|
||||
|
||||
[[ChStatNetPerfMeter]]
|
||||
[#ChStatNetPerfMeter]
|
||||
|
||||
=== NetPerfMeter Statistics
|
||||
|
||||
|
@ -584,12 +584,12 @@ link:https://duepublico2.uni-due.de/servlets/MCRFileNodeServlet/duepublico_deriv
|
|||
.NetPerfMeter Statistics window
|
||||
image::wsug_graphics/ws-netperfmeter-statistics.png[{screenshot-attrs}]
|
||||
|
||||
[[ChStatONCRPC]]
|
||||
[#ChStatONCRPC]
|
||||
|
||||
=== ONC-RPC Programs
|
||||
|
||||
Open Network Computing (ONC) Remote Procedure Call (RPC) uses TCP or UDP protocols to map a program number to a specific port on a remote machine and call a required service at that port. The ONC-RPC Programs window shows the description for captured program calls, such as program name, its number, version, and other data.
|
||||
[[ChStat29West]]
|
||||
[#ChStat29West]
|
||||
|
||||
=== 29West
|
||||
|
||||
|
@ -623,7 +623,7 @@ a|* Advertisement by Queue
|
|||
|The LBT-Ru Transport Statistics window shows the Sources and Receivers sequence numbers for transport and other data.
|
||||
|===
|
||||
|
||||
[[ChStatANCP]]
|
||||
[#ChStatANCP]
|
||||
|
||||
=== ANCP
|
||||
|
||||
|
@ -635,19 +635,19 @@ The Access Node Control Protocol (ANCP) is an TCP based protocol, which operates
|
|||
|
||||
The ANCP window shows the related statistical data. The user can filter, copy or save the data into a file.
|
||||
|
||||
[[ChStatBACnet]]
|
||||
[#ChStatBACnet]
|
||||
|
||||
=== BACnet
|
||||
|
||||
Building Automation and Control Networks (BACnet) is a communication protocol which provides control for various building automated facilities, such as light control, fire alarm control, and others. Wireshark provides the BACnet statistics which is a packet counter. You can sort packets by instance ID, IP address, object type or service.
|
||||
|
||||
[[ChStatCollectd]]
|
||||
[#ChStatCollectd]
|
||||
|
||||
=== Collectd
|
||||
|
||||
Collectd is a system statistics collection daemon. It collects various statistics from your system and converts it for the network use. The Collectd statistics window shows counts for values, which split into type, plugin, and host as well as total packets counter. You can filter, copy or save the data to a file.
|
||||
|
||||
[[ChStatDNS]]
|
||||
[#ChStatDNS]
|
||||
|
||||
=== DNS
|
||||
|
||||
|
@ -664,7 +664,7 @@ You might find these statistics useful for quickly examining the health of a DNS
|
|||
|
||||
You can filter, copy or save the data into a file.
|
||||
|
||||
[[ChStatFlowGraph]]
|
||||
[#ChStatFlowGraph]
|
||||
|
||||
=== Flow Graph
|
||||
|
||||
|
@ -708,41 +708,41 @@ Additional controls available for VoIP calls:
|
|||
|
||||
|
||||
|
||||
[[ChStatHARTIP]]
|
||||
[#ChStatHARTIP]
|
||||
|
||||
=== HART-IP
|
||||
|
||||
Highway Addressable Remote Transducer over IP (HART-IP) is an application layer protocol. It sends and receives digital information between smart devices and control or monitoring systems. The HART-IP statistics window shows the counter for response, request, publish and error packets. You can filter, copy or save the data to a file.
|
||||
|
||||
[[ChStatHPFEEDS]]
|
||||
[#ChStatHPFEEDS]
|
||||
|
||||
=== HPFEEDS
|
||||
|
||||
Hpfeeds protocol provides a lightweight authenticated publishing and subscription. It supports arbitrary binary payloads which can be separated into different channels. HPFEEDS statistics window shows a counter for payload size per channel and opcodes. You can filter, copy or save the data to a file.
|
||||
|
||||
[[ChStatHTTP]]
|
||||
[#ChStatHTTP]
|
||||
|
||||
=== HTTP Statistics
|
||||
|
||||
[[ChStatHTTPPacketCounter]]
|
||||
[#ChStatHTTPPacketCounter]
|
||||
|
||||
==== HTTP Packet Counter
|
||||
|
||||
Statistics for HTTP request types and response codes.
|
||||
|
||||
[[ChStatHTTPRequests]]
|
||||
[#ChStatHTTPRequests]
|
||||
|
||||
==== HTTP Requests
|
||||
|
||||
HTTP statistics based on the host and URI.
|
||||
|
||||
[[ChStatHTTPLoadDistribution]]
|
||||
[#ChStatHTTPLoadDistribution]
|
||||
|
||||
==== HTTP Load Distribution
|
||||
|
||||
HTTP request and response statistics based on the server address and host.
|
||||
|
||||
[[ChStatHTTPRequestSequences]]
|
||||
[#ChStatHTTPRequestSequences]
|
||||
|
||||
==== HTTP Request Sequences
|
||||
|
||||
|
@ -754,7 +754,7 @@ request leads to the next.
|
|||
image::wsug_graphics/ws-stats-http-requestsequences.png[{screenshot-attrs}]
|
||||
|
||||
|
||||
[[ChStatHTTP2]]
|
||||
[#ChStatHTTP2]
|
||||
|
||||
=== HTTP2
|
||||
|
||||
|
@ -762,13 +762,13 @@ Hypertext Transfer Protocol version 2 (HTTP/2) allows multiplexing various HTTP
|
|||
|
||||
As HTTP/2 traffic is typically encrypted with TLS, you must configure decryption to observe HTTP/2 traffic. For more details, see the link:{wireshark-wiki-url}TLS[TLS wiki page].
|
||||
|
||||
[[ChStatSametime]]
|
||||
[#ChStatSametime]
|
||||
|
||||
=== Sametime
|
||||
|
||||
Sametime is a protocol for the IBM Sametime software. The Sametime statistics window shows the counter for message type, send type, and user status.
|
||||
|
||||
[[ChStatTCPStreamGraphs]]
|
||||
[#ChStatTCPStreamGraphs]
|
||||
|
||||
=== TCP Stream Graphs
|
||||
|
||||
|
@ -791,7 +791,7 @@ segment.
|
|||
|
||||
Window Scaling:: Window size and outstanding bytes.
|
||||
|
||||
[[ChStatUDPMulticastStreams]]
|
||||
[#ChStatUDPMulticastStreams]
|
||||
|
||||
=== UDP Multicast Streams
|
||||
|
||||
|
@ -806,7 +806,7 @@ With this statistics you can:
|
|||
.UDP Multicast Streams window
|
||||
image::wsug_graphics/ws-udp-multicast-stream.png[{screenshot-attrs}]
|
||||
|
||||
[[ChStatRSerPool]]
|
||||
[#ChStatRSerPool]
|
||||
|
||||
=== Reliable Server Pooling (RSerPool)
|
||||
|
||||
|
@ -854,7 +854,7 @@ image::wsug_graphics/ws-pingpongprotocol-statistics.png[{screenshot-attrs}]
|
|||
.Scripting Service Protocol Statistics window
|
||||
image::wsug_graphics/ws-ssp-statistics.png[{screenshot-attrs}]
|
||||
|
||||
[[ChStatF5]]
|
||||
[#ChStatF5]
|
||||
|
||||
=== F5
|
||||
|
||||
|
@ -877,7 +877,7 @@ Each `tmm Distribution` window contains the statistics for the following data:
|
|||
*** Traffic without a flow ID.
|
||||
|
||||
|
||||
[[ChStatIPv4]]
|
||||
[#ChStatIPv4]
|
||||
|
||||
=== IPv4 Statistics
|
||||
|
||||
|
@ -892,7 +892,7 @@ The menu:Statistics[IPv4] menu provides the packet counter by submenus:
|
|||
|
||||
You can see similar statistics in the menu:Statistics[Conversations] and menu:Statistics[Endpoints] menus.
|
||||
|
||||
[[ChStatIPv6]]
|
||||
[#ChStatIPv6]
|
||||
|
||||
=== IPv6 Statistics
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter Telephony
|
||||
|
||||
[[ChTelephony]]
|
||||
[#ChTelephony]
|
||||
|
||||
== Telephony
|
||||
|
||||
[[ChTelIntroduction]]
|
||||
[#ChTelIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -21,7 +21,7 @@ specific protocols and might be described in a later version of this document.
|
|||
Some of these statistics are described at the
|
||||
{wireshark-wiki-url}Statistics pages.
|
||||
|
||||
[[ChTelPlayingCalls]]
|
||||
[#ChTelPlayingCalls]
|
||||
|
||||
=== Playing VoIP Calls
|
||||
|
||||
|
@ -75,7 +75,7 @@ image::wsug_graphics/ws-tel-playlist.png[]
|
|||
Same approach with set/add/remove actions is used for RTP Stream Analysis window. The playlist is there handled as different tabs in the window, see <<ChTelRTPAnalysis,RTP Stream Analysis>> window.
|
||||
====
|
||||
|
||||
[[ChTelPlayingCallsLive]]
|
||||
[#ChTelPlayingCallsLive]
|
||||
|
||||
==== Playing audio during live capture
|
||||
|
||||
|
@ -139,7 +139,7 @@ RTP Player plays audio by OS sound system and OS is responsible for mixing audio
|
|||
RTP Analysis window can handle 1000+ streams, but it is difficult to use it with so many streams - it is difficult to navigate between them. It is expected that RTP Analysis window will be used for analysis of lower tens of streams.
|
||||
|
||||
|
||||
[[ChTelVoipCalls]]
|
||||
[#ChTelVoipCalls]
|
||||
|
||||
=== VoIP Calls Window
|
||||
|
||||
|
@ -181,7 +181,7 @@ Available controls are:
|
|||
* btn:[Play Streams] opens <<ChTelRtpPlayer,RTP Player>> window. Actions btn:[Set], btn:[Add] and btn:[Remove] are available.
|
||||
* btn:[Copy] copies information from table to clipboard in CSV or YAML.
|
||||
|
||||
[[ChTelANSI]]
|
||||
[#ChTelANSI]
|
||||
|
||||
=== ANSI
|
||||
|
||||
|
@ -195,30 +195,30 @@ The A-Interface Base Station Management Application Part (BSMAP) Statistics wind
|
|||
|
||||
The A-Interface Direct Transfer Application Part (DTAP) Statistics widow shows the messages list and the number of the captured messages. There is a possibility to filter the messages, copy or save the date into a file.
|
||||
|
||||
[[ChTelGSM]]
|
||||
[#ChTelGSM]
|
||||
|
||||
=== GSM Windows
|
||||
|
||||
The Global System for Mobile Communications (GSM) is a standard for mobile networks. This menu shows a group of statistic data for mobile communication protocols according to ETSI GSM standard.
|
||||
|
||||
[[ChTelIAX2Analysis]]
|
||||
[#ChTelIAX2Analysis]
|
||||
|
||||
=== IAX2 Stream Analysis Window
|
||||
|
||||
The “IAX2 Stream Analysis” window shows statistics for the forward and reverse
|
||||
streams of a selected IAX2 call along with a graph.
|
||||
|
||||
[[ChTelISUPMessages]]
|
||||
[#ChTelISUPMessages]
|
||||
|
||||
=== ISUP Messages Window
|
||||
|
||||
Integrated Service User Part (ISUP) protocol provides voice and non-voice signaling for telephone communications. ISUP Messages menu opens the window which shows the related statistics. The user can filter, copy or save the data into a file.
|
||||
|
||||
[[ChTelLTE]]
|
||||
[#ChTelLTE]
|
||||
|
||||
=== LTE
|
||||
|
||||
[[ChTelLTEMACTraffic]]
|
||||
[#ChTelLTEMACTraffic]
|
||||
|
||||
==== LTE MAC Traffic Statistics Window
|
||||
|
||||
|
@ -233,7 +233,7 @@ shows statistical highlights for exactly one UE/C-RNTI. In the lower pane, you
|
|||
can see the for the currently selected UE/C-RNTI the traffic broken down by
|
||||
individual channel.
|
||||
|
||||
[[ChTelLTERLCGraph]]
|
||||
[#ChTelLTERLCGraph]
|
||||
|
||||
==== LTE RLC Graph Window
|
||||
|
||||
|
@ -246,7 +246,7 @@ image::wsug_graphics/ws-rlc-graph.png[{screenshot-attrs}]
|
|||
|
||||
[.small]#_The image of the RLC Graph is borrowed from link:https://gitlab.com/wireshark/wireshark/-/wikis/RLC-LTE[Wireshark wiki]._#
|
||||
|
||||
[[ChTelLTERLCTraffic]]
|
||||
[#ChTelLTERLCTraffic]
|
||||
|
||||
==== LTE RLC Traffic Statistics Window
|
||||
|
||||
|
@ -268,7 +268,7 @@ the selected channel. Note that in the case of Acknowledged Mode channels, if a
|
|||
single direction is chosen, the generated filter will show data in that
|
||||
direction and control PDUs in the opposite direction.
|
||||
|
||||
[[ChTelMTP3]]
|
||||
[#ChTelMTP3]
|
||||
|
||||
=== MTP3 Windows
|
||||
|
||||
|
@ -276,7 +276,7 @@ The Message Transfer Part level 3 (MTP3) protocol is a part of the Signaling Sys
|
|||
|
||||
This menu shows MTP3 Statistics and MTP3 Summary windows.
|
||||
|
||||
[[ChTelOsmux]]
|
||||
[#ChTelOsmux]
|
||||
|
||||
=== Osmux Windows
|
||||
|
||||
|
@ -284,7 +284,7 @@ OSmux is a multiplex protocol which benefits satellite based GSM back-haul syste
|
|||
|
||||
=== RTP
|
||||
|
||||
[[ChTelRTPStreams]]
|
||||
[#ChTelRTPStreams]
|
||||
|
||||
==== RTP Streams Window
|
||||
|
||||
|
@ -323,7 +323,7 @@ Available controls are:
|
|||
* btn:[Export] exports selected streams in RTPDump format.
|
||||
|
||||
|
||||
[[ChTelRTPAnalysis]]
|
||||
[#ChTelRTPAnalysis]
|
||||
|
||||
==== RTP Stream Analysis Window
|
||||
|
||||
|
@ -397,7 +397,7 @@ for every stream. Checkboxes below graph are enabling or disabling showing of a
|
|||
Stream Analysis window contained tool for save audio and payload for analyzed streams. This tool was moved in Wireshark 3.5.0 to <<ChTelRtpPlayer,RTP Player>> window. New tool has more features.
|
||||
====
|
||||
|
||||
[[ChTelRtpPlayer]]
|
||||
[#ChTelRtpPlayer]
|
||||
|
||||
==== RTP Player Window
|
||||
|
||||
|
@ -505,7 +505,7 @@ User can use shortcuts:
|
|||
** kbd:[N] - Select all inaudible streams
|
||||
** kbd:[Shift + N] - Deselect all inaudible streams
|
||||
|
||||
[[tel-rtp-export]]
|
||||
[#tel-rtp-export]
|
||||
|
||||
===== Export
|
||||
|
||||
|
@ -536,13 +536,13 @@ Default value of btn:[Output Audio Rate] is btn:[Automatic]. When multiple codec
|
|||
In this case user must manually select one of rates in btn:[Output Audio Rate], streams will be resampled and audio export succeeds.
|
||||
====
|
||||
|
||||
[[ChTelRTSP]]
|
||||
[#ChTelRTSP]
|
||||
|
||||
=== RTSP Window
|
||||
|
||||
In the Real Time Streaming Protocol (RTSP) menu the user can check the Packet Counter window. It shows Total RTCP Packets and divided into RTSP Response Packets, RTSP Request Packets and Other RTSP packets. The user can filter, copy or save the data into a file.
|
||||
|
||||
[[ChTelSCTP]]
|
||||
[#ChTelSCTP]
|
||||
|
||||
=== SCTP Windows
|
||||
|
||||
|
@ -558,25 +558,25 @@ The SCTP Associations window shows the table with the data for captured packets,
|
|||
.SCTP Associations window
|
||||
image::wsug_graphics/ws-sctp.png[{screenshot-attrs}]
|
||||
|
||||
[[ChTelSMPPOperations]]
|
||||
[#ChTelSMPPOperations]
|
||||
|
||||
=== SMPP Operations Window
|
||||
|
||||
Short Message Peer-to-Peer (SMPP) protocol uses TCP protocol as its transfer for exchanging Short Message Service (SMS) Messages, mainly between Short Message Service Centers (SMSC). The dissector determines whether the captured packet is SMPP or not by using the heuristics in the fixed header. The SMPP Operations window displays the related statistical data. The user can filter, copy or save the data into a file.
|
||||
|
||||
[[ChTelUCPMessages]]
|
||||
[#ChTelUCPMessages]
|
||||
|
||||
=== UCP Messages Window
|
||||
|
||||
The Universal Computer Protocol (UCP) plays role in transferring Short Messages between a Short Message Service Centre (SMSC) and an application, which is using transport protocol, such as TCP or X.25. The UCP Messages window displays the related statistical data. The user can filter, copy or save the data into a file.
|
||||
|
||||
[[ChTelH225]]
|
||||
[#ChTelH225]
|
||||
|
||||
=== H.225 Window
|
||||
|
||||
H.225 telecommunication protocol which is responsible for messages in call signaling and media stream packetization for packet-based multimedia communication systems. The H.225 window shows the counted messages by types and reasons. The user can filter, copy or save the data into a file.
|
||||
|
||||
[[ChTelSIPFlows]]
|
||||
[#ChTelSIPFlows]
|
||||
|
||||
=== SIP Flows Window
|
||||
|
||||
|
@ -586,13 +586,13 @@ This window will list both complete and in-progress SIP transactions.
|
|||
|
||||
Window has same features as <<ChTelVoipCalls,VoIP Calls>> window.
|
||||
|
||||
[[ChTelSIPStatistics]]
|
||||
[#ChTelSIPStatistics]
|
||||
|
||||
=== SIP Statistics Window
|
||||
|
||||
SIP Statistics window shows captured SIP transactions. It is divided into SIP Responses and SIP Requests. In this window the user can filter, copy or save the statistics into a file.
|
||||
|
||||
[[ChTelWAPWSPPacketCounter]]
|
||||
[#ChTelWAPWSPPacketCounter]
|
||||
|
||||
=== WAP-WSP Packet Counter Window
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// WSUG Chapter Four
|
||||
|
||||
[[Chap04]]
|
||||
[#Chap04]
|
||||
|
||||
== Troubleshooting with Wireshark
|
||||
|
||||
|
@ -43,7 +43,7 @@ more details on capturing with _tcpdump_, see <<Ch05tcpdump>>.
|
|||
* Examine the appropriate fields within the packets where the problem appears to
|
||||
be. These can often help to reveal the problem.
|
||||
|
||||
[[Ch04ROUSWI]]
|
||||
[#Ch04ROUSWI]
|
||||
|
||||
=== Capturing in the presence of switches and routers
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG User Interface Chapter
|
||||
|
||||
[[ChapterUsing]]
|
||||
[#ChapterUsing]
|
||||
|
||||
== User Interface
|
||||
|
||||
[[ChUseIntroductionSection]]
|
||||
[#ChUseIntroductionSection]
|
||||
|
||||
=== Introduction
|
||||
|
||||
|
@ -17,7 +17,7 @@ capturing your first packets. In the next chapters we will explore:
|
|||
* How to filter packets in Wireshark
|
||||
* ... and many other things!
|
||||
|
||||
[[ChUseStartSection]]
|
||||
[#ChUseStartSection]
|
||||
|
||||
=== Start Wireshark
|
||||
|
||||
|
@ -37,7 +37,7 @@ toolkit used, your screen might look different from the provided screenshots.
|
|||
But as there are no real differences in functionality these screenshots should
|
||||
still be well understandable.
|
||||
|
||||
[[ChUseMainWindowSection]]
|
||||
[#ChUseMainWindowSection]
|
||||
|
||||
=== The Main window
|
||||
|
||||
|
@ -45,7 +45,7 @@ Let’s look at Wireshark’s user interface. <<ChUseFig01>> shows Wireshark as
|
|||
would usually see it after some packets are captured or loaded (how to do this
|
||||
will be described later).
|
||||
|
||||
[[ChUseFig01]]
|
||||
[#ChUseFig01]
|
||||
.The Main window
|
||||
image::wsug_graphics/ws-main.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -76,7 +76,7 @@ The layout of the main window can be customized by changing preference settings.
|
|||
See <<ChCustPreferencesSection>> for details.
|
||||
====
|
||||
|
||||
[[ChUseMainWindowNavSection]]
|
||||
[#ChUseMainWindowNavSection]
|
||||
|
||||
==== Main Window Navigation
|
||||
|
||||
|
@ -84,7 +84,7 @@ Packet list and detail navigation can be done entirely from the keyboard.
|
|||
<<ChUseTabNav>> shows a list of keystrokes that will let you quickly move around
|
||||
a capture file. See <<ChUseTabGo>> for additional navigation keystrokes.
|
||||
|
||||
[[ChUseTabNav]]
|
||||
[#ChUseTabNav]
|
||||
.Keyboard Navigation
|
||||
[options="header",cols="1,3"]
|
||||
|===
|
||||
|
@ -111,7 +111,7 @@ menu:Help[About Wireshark,Keyboard Shortcuts] will show a list of all shortcuts
|
|||
in the main window. Additionally, typing anywhere in the main window will start
|
||||
filling in a display filter.
|
||||
|
||||
[[ChUseMenuSection]]
|
||||
[#ChUseMenuSection]
|
||||
|
||||
=== The Menu
|
||||
|
||||
|
@ -126,7 +126,7 @@ available. For example, you cannot save a capture file if you haven’t captured
|
|||
or loaded any packets.
|
||||
====
|
||||
|
||||
[[ChUseWiresharkMenu]]
|
||||
[#ChUseWiresharkMenu]
|
||||
.The Menu
|
||||
image::wsug_graphics/ws-menu.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -191,17 +191,17 @@ press the Control (or Strg in German) and the K keys together to open the
|
|||
“Capture Options” dialog.
|
||||
====
|
||||
|
||||
[[ChUseFileMenuSection]]
|
||||
[#ChUseFileMenuSection]
|
||||
|
||||
=== The “File” Menu
|
||||
|
||||
The Wireshark file menu contains the fields shown in <<ChUseTabFile>>.
|
||||
|
||||
[[ChUseWiresharkFileMenu]]
|
||||
[#ChUseWiresharkFileMenu]
|
||||
.The “File” Menu
|
||||
image::wsug_graphics/ws-file-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseTabFile]]
|
||||
[#ChUseTabFile]
|
||||
.File menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -287,17 +287,17 @@ preference setting).
|
|||
|
||||
|===
|
||||
|
||||
[[ChUseEditMenuSection]]
|
||||
[#ChUseEditMenuSection]
|
||||
|
||||
=== The “Edit” Menu
|
||||
|
||||
The Wireshark Edit menu contains the fields shown in <<ChUseTabEdit>>.
|
||||
|
||||
[[ChUseWiresharkEditMenu]]
|
||||
[#ChUseWiresharkEditMenu]
|
||||
.The “Edit” Menu
|
||||
image::wsug_graphics/ws-edit-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseTabEdit]]
|
||||
[#ChUseTabEdit]
|
||||
.Edit menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -385,17 +385,17 @@ Wireshark will use them the next time you start it. More detail is provided in
|
|||
|
||||
|===
|
||||
|
||||
[[ChUseViewMenuSection]]
|
||||
[#ChUseViewMenuSection]
|
||||
|
||||
=== The “View” Menu
|
||||
|
||||
The Wireshark View menu contains the fields shown in <<ChUseTabView>>.
|
||||
|
||||
[[ChUseWiresharkViewMenu]]
|
||||
[#ChUseWiresharkViewMenu]
|
||||
.The “View” Menu
|
||||
image::wsug_graphics/ws-view-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseTabView]]
|
||||
[#ChUseTabView]
|
||||
.View menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -463,7 +463,7 @@ details.
|
|||
|menu:Reload[] |kbd:[Ctrl+R] |This menu item allows you to reload the current capture file.
|
||||
|===
|
||||
|
||||
[[ChUseInternals]]
|
||||
[#ChUseInternals]
|
||||
.Internals menu items
|
||||
[options="header",cols="3,5"]
|
||||
|===
|
||||
|
@ -474,17 +474,17 @@ details.
|
|||
|===
|
||||
|
||||
|
||||
[[ChUseGoMenuSection]]
|
||||
[#ChUseGoMenuSection]
|
||||
|
||||
=== The “Go” Menu
|
||||
|
||||
The Wireshark Go menu contains the fields shown in <<ChUseTabGo>>.
|
||||
|
||||
[[ChUseWiresharkGoMenu]]
|
||||
[#ChUseWiresharkGoMenu]
|
||||
.The “Go” Menu
|
||||
image::wsug_graphics/ws-go-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseTabGo]]
|
||||
[#ChUseTabGo]
|
||||
.Go menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -501,17 +501,17 @@ image::wsug_graphics/ws-go-menu.png[{screenshot-attrs}]
|
|||
|menu:Next Packet In Conversation[] |kbd:[Ctrl+.] |Move to the next packet in the current conversation. This can be used to move to the previous packet even if the packet list doesn’t have keyboard focus.
|
||||
|===
|
||||
|
||||
[[ChUseCaptureMenuSection]]
|
||||
[#ChUseCaptureMenuSection]
|
||||
|
||||
=== The “Capture” Menu
|
||||
|
||||
The Wireshark Capture menu contains the fields shown in <<ChUseTabCap>>.
|
||||
|
||||
[[ChUseWiresharkCaptureMenu]]
|
||||
[#ChUseWiresharkCaptureMenu]
|
||||
.The “Capture” Menu
|
||||
image::wsug_graphics/ws-capture-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseTabCap]]
|
||||
[#ChUseTabCap]
|
||||
.Capture menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -543,17 +543,17 @@ Clear and recreate the interface list.
|
|||
|
||||
|===
|
||||
|
||||
[[ChUseAnalyzeMenuSection]]
|
||||
[#ChUseAnalyzeMenuSection]
|
||||
|
||||
=== The “Analyze” Menu
|
||||
|
||||
The Wireshark Analyze menu contains the fields shown in <<ChUseAnalyze>>.
|
||||
|
||||
[[ChUseWiresharkAnalyzeMenu]]
|
||||
[#ChUseWiresharkAnalyzeMenu]
|
||||
.The “Analyze” Menu
|
||||
image::wsug_graphics/ws-analyze-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseAnalyze]]
|
||||
[#ChUseAnalyze]
|
||||
.Analyze menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -619,19 +619,19 @@ See <<ChAdvExpert>> for more information.
|
|||
The amount of information will vary depend on the protocol
|
||||
|===
|
||||
|
||||
[[ChUseStatisticsMenuSection]]
|
||||
[#ChUseStatisticsMenuSection]
|
||||
|
||||
=== The “Statistics” Menu
|
||||
|
||||
The Wireshark Statistics menu contains the fields shown in <<ChUseStatistics>>.
|
||||
|
||||
[[ChUseWiresharkStatisticsMenu]]
|
||||
[#ChUseWiresharkStatisticsMenu]
|
||||
.The “Statistics” Menu
|
||||
image::wsug_graphics/ws-statistics-menu.png[{screenshot-attrs}]
|
||||
|
||||
Each menu item brings up a new window showing specific statistics.
|
||||
|
||||
[[ChUseStatistics]]
|
||||
[#ChUseStatistics]
|
||||
.Statistics menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -669,19 +669,19 @@ Each menu item brings up a new window showing specific statistics.
|
|||
|
||||
|===
|
||||
|
||||
[[ChUseTelephonyMenuSection]]
|
||||
[#ChUseTelephonyMenuSection]
|
||||
|
||||
=== The “Telephony” Menu
|
||||
|
||||
The Wireshark Telephony menu contains the fields shown in <<ChUseTelephony>>.
|
||||
|
||||
[[ChUseWiresharkTelephonyMenu]]
|
||||
[#ChUseWiresharkTelephonyMenu]
|
||||
.The “Telephony” Menu
|
||||
image::wsug_graphics/ws-telephony-menu.png[{screenshot-attrs}]
|
||||
|
||||
Each menu item shows specific telephony related statistics.
|
||||
|
||||
[[ChUseTelephony]]
|
||||
[#ChUseTelephony]
|
||||
.Telephony menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -706,19 +706,19 @@ Each menu item shows specific telephony related statistics.
|
|||
|
||||
|===
|
||||
|
||||
[[ChUseWirelessMenuSection]]
|
||||
[#ChUseWirelessMenuSection]
|
||||
|
||||
=== The “Wireless” Menu
|
||||
|
||||
The Wireless menu lets you analyze Bluetooth and IEEE 802.11 wireless LAN activity as shown in <<ChUseWiresharkWirelessMenu>>.
|
||||
|
||||
[[ChUseWiresharkWirelessMenu]]
|
||||
[#ChUseWiresharkWirelessMenu]
|
||||
.The “Wireless” Menu
|
||||
image::wsug_graphics/ws-wireless-menu.png[{screenshot-attrs}]
|
||||
|
||||
Each menu item shows specific Bluetooth and IEEE 802.11 statistics.
|
||||
|
||||
[[ChUseWireless]]
|
||||
[#ChUseWireless]
|
||||
.Wireless menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -731,17 +731,17 @@ Each menu item shows specific Bluetooth and IEEE 802.11 statistics.
|
|||
|
||||
|===
|
||||
|
||||
[[ChUseToolsMenuSection]]
|
||||
[#ChUseToolsMenuSection]
|
||||
|
||||
=== The “Tools” Menu
|
||||
|
||||
The Wireshark Tools menu contains the fields shown in <<ChUseTools>>.
|
||||
|
||||
[[ChUseWiresharkToolsMenu]]
|
||||
[#ChUseWiresharkToolsMenu]
|
||||
.The “Tools” Menu
|
||||
image::wsug_graphics/ws-tools-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseTools]]
|
||||
[#ChUseTools]
|
||||
.Tools menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -758,17 +758,17 @@ See “Lua Support in Wireshark” in the Wireshark Developer’s Guide.
|
|||
The Lua menu structure is set by console.lua in the Wireshark install directory.
|
||||
|===
|
||||
|
||||
[[ChUseHelpMenuSection]]
|
||||
[#ChUseHelpMenuSection]
|
||||
|
||||
=== The “Help” Menu
|
||||
|
||||
The Wireshark Help menu contains the fields shown in <<ChUseHelp>>.
|
||||
|
||||
[[ChUseWiresharkHelpMenu]]
|
||||
[#ChUseWiresharkHelpMenu]
|
||||
.The “Help” Menu
|
||||
image::wsug_graphics/ws-help-menu.png[{screenshot-attrs}]
|
||||
|
||||
[[ChUseHelp]]
|
||||
[#ChUseHelp]
|
||||
.Help menu items
|
||||
[options="header",cols="3,2,5"]
|
||||
|===
|
||||
|
@ -794,7 +794,7 @@ starts but no page is shown, have a look at the web browser setting in the
|
|||
preferences dialog.
|
||||
====
|
||||
|
||||
[[ChUseMainToolbarSection]]
|
||||
[#ChUseMainToolbarSection]
|
||||
|
||||
=== The “Main” Toolbar
|
||||
|
||||
|
@ -809,14 +809,14 @@ the main window toolbar after a file has been opened. Various
|
|||
file-related buttons are enabled, but the stop capture button is
|
||||
disabled because a capture is not in progress.
|
||||
|
||||
[[ChUseWiresharkMainToolbar]]
|
||||
[#ChUseWiresharkMainToolbar]
|
||||
|
||||
.The “Main” toolbar
|
||||
image::wsug_graphics/ws-main-toolbar.png[{screenshot-attrs}]
|
||||
|
||||
:toolbar-icon-attrs: height=24,width=24
|
||||
|
||||
[[ChUseMainToolbar]]
|
||||
[#ChUseMainToolbar]
|
||||
.Main toolbar items
|
||||
[options="header",cols="1,2,2,4"]
|
||||
|===
|
||||
|
@ -849,14 +849,14 @@ image::wsug_graphics/ws-main-toolbar.png[{screenshot-attrs}]
|
|||
//|image:wsug_graphics/toolbar/stock_colorselector_24.png[{toolbar-icon-attrs}]|btn:[Coloring Rules...]|menu:View[Coloring Rules...]| This item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets. More detail on this subject is provided in <<ChCustColorizationSection>>.
|
||||
|===
|
||||
|
||||
[[ChUseFilterToolbarSection]]
|
||||
[#ChUseFilterToolbarSection]
|
||||
|
||||
=== The “Filter” Toolbar
|
||||
|
||||
The filter toolbar lets you quickly edit and apply display filters. More
|
||||
information on display filters is available in <<ChWorkDisplayFilterSection>>.
|
||||
|
||||
[[ChUseWiresharkFilterToolbar]]
|
||||
[#ChUseWiresharkFilterToolbar]
|
||||
|
||||
.The “Filter” toolbar
|
||||
image::wsug_graphics/ws-filter-toolbar.png[{screenshot-attrs}]
|
||||
|
@ -864,7 +864,7 @@ image::wsug_graphics/ws-filter-toolbar.png[{screenshot-attrs}]
|
|||
// Icons themselves are 32px high.
|
||||
:filter-icon-attrs: height=24
|
||||
|
||||
[[ChUseFilterToolbar]]
|
||||
[#ChUseFilterToolbar]
|
||||
.Filter toolbar items
|
||||
[options="header",cols="1,3,5"]
|
||||
|===
|
||||
|
@ -894,13 +894,13 @@ For example if you create buttons named “Not Squirrels // Rabbits” and “No
|
|||
|===
|
||||
|
||||
|
||||
[[ChUsePacketListPaneSection]]
|
||||
[#ChUsePacketListPaneSection]
|
||||
|
||||
=== The “Packet List” Pane
|
||||
|
||||
The packet list pane displays all the packets in the current capture file.
|
||||
|
||||
[[ChUseWiresharkListPane]]
|
||||
[#ChUseWiresharkListPane]
|
||||
.The “Packet List” pane
|
||||
image::wsug_graphics/ws-list-pane.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -992,14 +992,14 @@ packets along with the 15 shown in the packet list itself.
|
|||
Right clicking will show a context menu, described in
|
||||
<<ChWorkPacketListPanePopUpMenu>>.
|
||||
|
||||
[[ChUsePacketDetailsPaneSection]]
|
||||
[#ChUsePacketDetailsPaneSection]
|
||||
|
||||
=== The “Packet Details” Pane
|
||||
|
||||
The packet details pane shows the current packet (selected in the “Packet List”
|
||||
pane) in a more detailed form.
|
||||
|
||||
[[ChUseWiresharkDetailsPane]]
|
||||
[#ChUseWiresharkDetailsPane]
|
||||
|
||||
.The “Packet Details” pane
|
||||
image::wsug_graphics/ws-details-pane.png[{screenshot-attrs}]
|
||||
|
@ -1024,14 +1024,14 @@ Some protocol fields have special meanings.
|
|||
displayed in blue. If you double-clicked on a link Wireshark will jump to the
|
||||
corresponding packet.
|
||||
|
||||
[[ChUsePacketBytesPaneSection]]
|
||||
[#ChUsePacketBytesPaneSection]
|
||||
|
||||
=== The “Packet Bytes” Pane
|
||||
|
||||
The packet bytes pane shows the data of the current packet (selected in the
|
||||
“Packet List” pane) in a hexdump style.
|
||||
|
||||
[[ChUseWiresharkBytesPane]]
|
||||
[#ChUseWiresharkBytesPane]
|
||||
|
||||
.The “Packet Bytes” pane
|
||||
image::wsug_graphics/ws-bytes-pane.png[{screenshot-attrs}]
|
||||
|
@ -1058,14 +1058,14 @@ methods for deactivating the functionality:
|
|||
may be activated/deactivated. This setting is stored in the selected profile
|
||||
__recent__ file.
|
||||
|
||||
[[ChUseWiresharkBytesPaneTabs]]
|
||||
[#ChUseWiresharkBytesPaneTabs]
|
||||
.The “Packet Bytes” pane with tabs
|
||||
image::wsug_graphics/ws-bytes-pane-tabs.png[{screenshot-attrs}]
|
||||
|
||||
Additional tabs typically contain data reassembled from multiple packets or
|
||||
decrypted data.
|
||||
|
||||
[[ChUsePacketDiagramPaneSection]]
|
||||
[#ChUsePacketDiagramPaneSection]
|
||||
|
||||
////
|
||||
=== The “Packet Diagram” Pane
|
||||
|
@ -1073,7 +1073,7 @@ decrypted data.
|
|||
The packet diagram pane shows the current packet (selected in the “Packet List”
|
||||
pane) as a diagram, similar to ones used in textbooks and IETF RFCs.
|
||||
|
||||
[[ChUseWiresharkDiagramPane]]
|
||||
[#ChUseWiresharkDiagramPane]
|
||||
|
||||
.The “Packet Diagram” pane
|
||||
image::wsug_graphics/ws-diagram-pane.png[{screenshot-attrs}]
|
||||
|
@ -1084,7 +1084,7 @@ There is a context menu (right mouse click) available.
|
|||
For details see <<ChWorkPacketDiagramPanePopUpMenu>>.
|
||||
////
|
||||
|
||||
[[ChUseStatusbarSection]]
|
||||
[#ChUseStatusbarSection]
|
||||
|
||||
=== The Statusbar
|
||||
|
||||
|
@ -1095,13 +1095,13 @@ will show information about the current capture file, and the right side will
|
|||
show the selected configuration profile. Drag the handles between the text areas
|
||||
to change the size.
|
||||
|
||||
[[ChUseWiresharkStatusbarEmpty]]
|
||||
[#ChUseWiresharkStatusbarEmpty]
|
||||
.The initial Statusbar
|
||||
image::wsug_graphics/ws-statusbar-empty.png[{statusbar-attrs}]
|
||||
|
||||
This statusbar is shown while no capture file is loaded, e.g. when Wireshark is started.
|
||||
|
||||
[[ChUseWiresharkStatusbarLoaded]]
|
||||
[#ChUseWiresharkStatusbarLoaded]
|
||||
.The Statusbar with a loaded capture file
|
||||
image::wsug_graphics/ws-statusbar-loaded.png[{statusbar-attrs}]
|
||||
|
||||
|
@ -1132,13 +1132,13 @@ Ignored::: The number of ignored packets Only displayed if you ignored any packe
|
|||
The right side...:: shows the selected configuration profile.
|
||||
Clicking on this part of the statusbar will bring up a menu with all available configuration profiles, and selecting from this list will change the configuration profile.
|
||||
|
||||
[[ChUseWiresharkStatusbarProfile]]
|
||||
[#ChUseWiresharkStatusbarProfile]
|
||||
.The Statusbar with a configuration profile menu
|
||||
image::wsug_graphics/ws-statusbar-profile.png[{pdf-scaledwidth},height=192]
|
||||
|
||||
For a detailed description of configuration profiles, see <<ChCustConfigProfilesSection>>.
|
||||
|
||||
[[ChUseWiresharkStatusbarSelected]]
|
||||
[#ChUseWiresharkStatusbarSelected]
|
||||
.The Statusbar with a selected protocol field
|
||||
image::wsug_graphics/ws-statusbar-selected.png[{statusbar-attrs}]
|
||||
|
||||
|
@ -1150,7 +1150,7 @@ The value between the parentheses (in this example “ipv6.src”) is the displa
|
|||
You can become more familiar with display filter fields by selecting different packet detail items.
|
||||
====
|
||||
|
||||
[[ChUseWiresharkStatusbarFilter]]
|
||||
[#ChUseWiresharkStatusbarFilter]
|
||||
|
||||
//FIXME: Remove or choose a better example of a display filter message.
|
||||
.The Statusbar with a display filter message
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
// WSUG Chapter Wireless
|
||||
|
||||
[[ChWireless]]
|
||||
[#ChWireless]
|
||||
|
||||
== Wireless
|
||||
|
||||
[[ChWirelessIntroduction]]
|
||||
[#ChWirelessIntroduction]
|
||||
|
||||
=== Introduction
|
||||
|
||||
The Wireless menu provides access to statistics related to wireless traffic.
|
||||
|
||||
[[ChWirelessBluetoothATTServerAttributes]]
|
||||
[#ChWirelessBluetoothATTServerAttributes]
|
||||
|
||||
=== Bluetooth ATT Server Attributes
|
||||
|
||||
|
@ -22,7 +22,7 @@ Bluetooth ATT Server Attributes window displays a list of captured Attribute Pro
|
|||
|
||||
`UUID Name` is a specified name for the captured packet.
|
||||
|
||||
[[ChWirelessBluetoothDevices]]
|
||||
[#ChWirelessBluetoothDevices]
|
||||
|
||||
=== Bluetooth Devices
|
||||
|
||||
|
@ -31,7 +31,7 @@ The Bluetooth Devices window displays the list of the captured information about
|
|||
.Bluetooth Devices window
|
||||
image::wsug_graphics/ws-bluetooth-devices.png[{screenshot-attrs}]
|
||||
|
||||
[[ChWirelessBluetoothHCISummary]]
|
||||
[#ChWirelessBluetoothHCISummary]
|
||||
|
||||
=== Bluetooth HCI Summary
|
||||
|
||||
|
@ -40,7 +40,7 @@ The Bluetooth HCI Summary window displays the summary for the captured Host Cont
|
|||
.Bluetooth HCI Summary window
|
||||
image::wsug_graphics/ws-bt-hci-summary.png[{screenshot-attrs}]
|
||||
|
||||
[[ChWirelessWLANTraffic]]
|
||||
[#ChWirelessWLANTraffic]
|
||||
|
||||
=== WLAN Traffic
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// WSUG Chapter Work
|
||||
|
||||
[[ChapterWork]]
|
||||
[#ChapterWork]
|
||||
|
||||
== Working With Captured Packets
|
||||
|
||||
[[ChWorkViewPacketsSection]]
|
||||
[#ChWorkViewPacketsSection]
|
||||
|
||||
=== Viewing Packets You Have Captured
|
||||
|
||||
|
@ -19,7 +19,7 @@ corresponding bytes in the byte view. An example with a TCP packet selected is
|
|||
shown in <<ChWorkSelPack1>>. It also has the Acknowledgment number in the TCP
|
||||
header selected, which shows up in the byte view as the selected bytes.
|
||||
|
||||
[[ChWorkSelPack1]]
|
||||
[#ChWorkSelPack1]
|
||||
|
||||
.Wireshark with a TCP packet selected for viewing
|
||||
image::wsug_graphics/ws-packet-selected.png[{screenshot-attrs}]
|
||||
|
@ -34,7 +34,7 @@ packet list or by selecting the packet in which you are interested in the packet
|
|||
list pane and selecting menu:View[Show Packet in New Window]. This allows you to
|
||||
easily compare two or more packets, even across multiple files.
|
||||
|
||||
[[ChWorkPacketSepView]]
|
||||
[#ChWorkPacketSepView]
|
||||
|
||||
.Viewing a packet in a separate window
|
||||
image::wsug_graphics/ws-packet-sep-win.png[{screenshot-attrs}]
|
||||
|
@ -47,7 +47,7 @@ number of other ways to open a new packet window:
|
|||
- From <<PacketListPopupMenuTable>>.
|
||||
- From <<PacketDetailsPopupMenuTable>>.
|
||||
|
||||
[[ChWorkDisplayPopUpSection]]
|
||||
[#ChWorkDisplayPopUpSection]
|
||||
|
||||
=== Pop-up Menus
|
||||
|
||||
|
@ -55,11 +55,11 @@ You can open a pop-up menu over the “Packet List”, its column heading,
|
|||
“Packet Details”, or “Packet Bytes” by clicking your right mouse button
|
||||
on the corresponding item.
|
||||
|
||||
[[ChWorkColumnHeaderPopUpMenuSection]]
|
||||
[#ChWorkColumnHeaderPopUpMenuSection]
|
||||
|
||||
==== Pop-up Menu Of The “Packet List” Column Header
|
||||
|
||||
[[ChWorkColumnHeaderPopUpMenu]]
|
||||
[#ChWorkColumnHeaderPopUpMenu]
|
||||
.Pop-up menu of the “Packet List” column header
|
||||
image::wsug_graphics/ws-column-header-popup-menu.png[{screenshot-attrs}]
|
||||
|
||||
|
@ -67,7 +67,7 @@ The following table gives an overview of which functions are available
|
|||
in this header, where to find the corresponding function in the main
|
||||
menu, and a description of each item.
|
||||
|
||||
[[ColumnHeaderPopupMenuTable]]
|
||||
[#ColumnHeaderPopupMenuTable]
|
||||
.The menu items of the “Packet List” column header pop-up menu
|
||||
[options="header",cols="3,7"]
|
||||
|===
|
||||
|
@ -102,11 +102,11 @@ Remove this column, similar to deleting it in the “Preferences” dialog.
|
|||
|
||||
|===
|
||||
|
||||
[[ChWorkPacketListPanePopUpMenuSection]]
|
||||
[#ChWorkPacketListPanePopUpMenuSection]
|
||||
|
||||
==== Pop-up Menu Of The “Packet List” Pane
|
||||
|
||||
[[ChWorkPacketListPanePopUpMenu]]
|
||||
[#ChWorkPacketListPanePopUpMenu]
|
||||
|
||||
.Pop-up menu of the “Packet List” pane
|
||||
image::wsug_graphics/ws-packet-pane-popup-menu.png[{screenshot-attrs}]
|
||||
|
@ -115,7 +115,7 @@ The following table gives an overview of which functions are available
|
|||
in this pane, where to find the corresponding function in the main menu,
|
||||
and a short description of each item.
|
||||
|
||||
[[PacketListPopupMenuTable]]
|
||||
[#PacketListPopupMenuTable]
|
||||
.The menu items of the “Packet List” pop-up menu
|
||||
[options="header",cols="3,1,6"]
|
||||
|===
|
||||
|
@ -221,11 +221,11 @@ details.
|
|||
|===
|
||||
|
||||
|
||||
[[ChWorkPacketDetailsPanePopUpMenuSection]]
|
||||
[#ChWorkPacketDetailsPanePopUpMenuSection]
|
||||
|
||||
==== Pop-up Menu Of The “Packet Details” Pane
|
||||
|
||||
[[ChWorkPacketDetailsPanePopUpMenu]]
|
||||
[#ChWorkPacketDetailsPanePopUpMenu]
|
||||
|
||||
.Pop-up menu of the “Packet Details” pane
|
||||
image::wsug_graphics/ws-details-pane-popup-menu.png[{screenshot-attrs}]
|
||||
|
@ -234,7 +234,7 @@ The following table gives an overview of which functions are available in this
|
|||
pane, where to find the corresponding function in the main menu, and a short
|
||||
description of each item.
|
||||
|
||||
[[PacketDetailsPopupMenuTable]]
|
||||
[#PacketDetailsPopupMenuTable]
|
||||
|
||||
.The menu items of the “Packet Details” pop-up menu
|
||||
[options="header",cols="3,1,6"]
|
||||
|
@ -335,11 +335,11 @@ window. See <<ChWorkPacketSepView>> for details.
|
|||
|
||||
|===
|
||||
|
||||
[[ChWorkPacketBytesPanePopUpMenuSection]]
|
||||
[#ChWorkPacketBytesPanePopUpMenuSection]
|
||||
|
||||
==== Pop-up Menu Of The “Packet Bytes” Pane
|
||||
|
||||
[[ChWorkPacketBytesPanePopUpMenu]]
|
||||
[#ChWorkPacketBytesPanePopUpMenu]
|
||||
|
||||
.Pop-up menu of the “Packet Bytes” pane
|
||||
image::wsug_graphics/ws-bytes-pane-popup-menu.png[{screenshot-attrs}]
|
||||
|
@ -347,7 +347,7 @@ image::wsug_graphics/ws-bytes-pane-popup-menu.png[{screenshot-attrs}]
|
|||
The following table gives an overview of which functions are available
|
||||
in this pane along with a short description of each item.
|
||||
|
||||
[[PacketBytesPopupMenuTable]]
|
||||
[#PacketBytesPopupMenuTable]
|
||||
|
||||
.The menu items of the “Packet Bytes” pop-up menu
|
||||
[options="header",cols="3,7"]
|
||||
|
@ -393,7 +393,7 @@ Use EBCDIC encoding when displaying “hexdump” text.
|
|||
|
||||
|===
|
||||
|
||||
[[ChWorkDisplayFilterSection]]
|
||||
[#ChWorkDisplayFilterSection]
|
||||
|
||||
=== Filtering Packets While Viewing
|
||||
|
||||
|
@ -434,7 +434,7 @@ expression.
|
|||
====
|
||||
|
||||
|
||||
[[ChWorkTCPFilter]]
|
||||
[#ChWorkTCPFilter]
|
||||
|
||||
.Filtering on the TCP protocol
|
||||
image::wsug_graphics/ws-display-filter-tcp.png[{screenshot-attrs}]
|
||||
|
@ -461,7 +461,7 @@ the _Display Filter Expression_ dialog box is available in
|
|||
<<ChWorkFilterAddExpressionSection>>.
|
||||
|
||||
|
||||
[[ChWorkBuildDisplayFilterSection]]
|
||||
[#ChWorkBuildDisplayFilterSection]
|
||||
|
||||
=== Building Display Filter Expressions
|
||||
|
||||
|
@ -513,7 +513,7 @@ A complete list of available comparison operators is shown in <<DispCompOps>>.
|
|||
English and C-like operators are interchangeable and can be mixed within a filter string.
|
||||
====
|
||||
|
||||
[[DispCompOps]]
|
||||
[#DispCompOps]
|
||||
|
||||
.Display Filter comparison operators
|
||||
[options="header",cols="1,1,1,3,3"]
|
||||
|
@ -535,7 +535,7 @@ English and C-like operators are interchangeable and can be mixed within a filte
|
|||
All protocol fields have a type. <<ChWorkFieldTypes>> provides a list
|
||||
of the types with examples of how to use them in display filters.
|
||||
|
||||
[[ChWorkFieldTypes]]
|
||||
[#ChWorkFieldTypes]
|
||||
|
||||
===== Display Filter Field Types
|
||||
|
||||
|
@ -621,7 +621,7 @@ date must be specified:
|
|||
In the second format, a `T` may appear between the date and time as in
|
||||
ISO 8601, but not when less significant times are dropped.
|
||||
|
||||
[[ChWorkFilterExamples]]
|
||||
[#ChWorkFilterExamples]
|
||||
|
||||
===== Some Examples
|
||||
|
||||
|
@ -669,7 +669,7 @@ TIP: Using raw strings avoids most problem with the "matches" operator and doubl
|
|||
|
||||
You can combine filter expressions in Wireshark using the logical operators shown in <<FiltLogOps>>
|
||||
|
||||
[[FiltLogOps]]
|
||||
[#FiltLogOps]
|
||||
|
||||
.Display Filter Logical Operations
|
||||
[options="header",cols="1,1,1,4"]
|
||||
|
@ -766,7 +766,7 @@ frame.time_delta in {10 .. 10.5}
|
|||
The display filter language has a number of functions to convert fields, see
|
||||
<<DispFunctions>>.
|
||||
|
||||
[[DispFunctions]]
|
||||
[#DispFunctions]
|
||||
.Display Filter Functions
|
||||
[options="header",cols="1,4"]
|
||||
|===
|
||||
|
@ -804,7 +804,7 @@ To match IP addresses ending in 255 in a block of subnets (172.16 to 172.31):
|
|||
string(ip.dst) matches r"^172\.(1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.255"
|
||||
----
|
||||
|
||||
[[ChWorkBuildDisplayFilterTransitional]]
|
||||
[#ChWorkBuildDisplayFilterTransitional]
|
||||
|
||||
==== Sometimes Fields Change Names
|
||||
|
||||
|
@ -823,7 +823,7 @@ the old filter names for the time being, e.g. “bootp.type” is equivalent
|
|||
to “dhcp.type” but Wireshark will show the warning “"bootp" is deprecated”
|
||||
when you use it. Support for the deprecated fields may be removed in the future.
|
||||
|
||||
[[ChWorkFilterAddExpressionSection]]
|
||||
[#ChWorkFilterAddExpressionSection]
|
||||
|
||||
=== The “Display Filter Expression” Dialog Box
|
||||
|
||||
|
@ -840,7 +840,7 @@ Wireshark display filter strings.
|
|||
====
|
||||
|
||||
|
||||
[[ChWorkFilterAddExpression1]]
|
||||
[#ChWorkFilterAddExpression1]
|
||||
|
||||
.The “Display Filter Expression” dialog box
|
||||
image::wsug_graphics/ws-filter-add-expression.png[{screenshot-attrs}]
|
||||
|
@ -895,7 +895,7 @@ btn:[Cancel]::
|
|||
You can leave the “Add Expression...” dialog box without any effect by
|
||||
clicking the btn:[Cancel] button.
|
||||
|
||||
[[ChWorkDefineFilterSection]]
|
||||
[#ChWorkDefineFilterSection]
|
||||
|
||||
=== Defining And Saving Filters
|
||||
|
||||
|
@ -908,7 +908,7 @@ Wireshark will open the corresponding dialog as shown in <<FiltersDialog>>.
|
|||
The two dialogs look and work similar to one another.
|
||||
Both are described here, and the differences are noted as needed.
|
||||
|
||||
[[FiltersDialog]]
|
||||
[#FiltersDialog]
|
||||
|
||||
.The “Capture Filters” and “Display Filters” dialog boxes
|
||||
image::wsug_graphics/ws-filters.png[{screenshot-attrs}]
|
||||
|
@ -938,7 +938,7 @@ Saves the filter settings and closes the dialog.
|
|||
btn:[Cancel]::
|
||||
Closes the dialog without saving any changes.
|
||||
|
||||
[[ChWorkDefineFilterMacrosSection]]
|
||||
[#ChWorkDefineFilterMacrosSection]
|
||||
|
||||
=== Defining And Saving Filter Macros
|
||||
|
||||
|
@ -950,7 +950,7 @@ To define and save your own filter macros, follow the steps below:
|
|||
|
||||
. In the main menu select menu:Analyze[Display Filter Macros...]. Wireshark will open a corresponding dialog <<FilterMacrosDialog>>.
|
||||
+
|
||||
[[FilterMacrosDialog]]
|
||||
[#FilterMacrosDialog]
|
||||
+
|
||||
.Display Filter Macros window
|
||||
image::wsug_graphics/ws-filter-macros.png[{screenshot-attrs}]
|
||||
|
@ -963,7 +963,7 @@ image::wsug_graphics/ws-filter-macros.png[{screenshot-attrs}]
|
|||
|
||||
To learn more about display filter macro syntax, see <<ChDisplayFilterMacrosSection>>.
|
||||
|
||||
[[ChWorkFindPacketSection]]
|
||||
[#ChWorkFindPacketSection]
|
||||
|
||||
=== Finding Packets
|
||||
|
||||
|
@ -974,7 +974,7 @@ main toolbar and the packet list shown in <<ChWorkFindPacketToolbar>>.
|
|||
|
||||
==== The “Find Packet” Toolbar
|
||||
|
||||
[[ChWorkFindPacketToolbar]]
|
||||
[#ChWorkFindPacketToolbar]
|
||||
|
||||
.The “Find Packet” toolbar
|
||||
image::wsug_graphics/ws-find-packet.png[{screenshot-attrs}]
|
||||
|
@ -1011,7 +1011,7 @@ Regular Expression::
|
|||
should return a number of sites that will help you test and explore
|
||||
your expressions.
|
||||
|
||||
[[ChWorkGoToPacketSection]]
|
||||
[#ChWorkGoToPacketSection]
|
||||
|
||||
=== Go To A Specific Packet
|
||||
|
||||
|
@ -1030,7 +1030,7 @@ most web browsers.
|
|||
|
||||
==== The “Go to Packet” Toolbar
|
||||
|
||||
[[ChWorkGoToPacketToolbar]]
|
||||
[#ChWorkGoToPacketToolbar]
|
||||
|
||||
.The “Go To Packet” toolbar
|
||||
image::wsug_graphics/ws-goto-packet.png[{screenshot-attrs}]
|
||||
|
@ -1058,7 +1058,7 @@ This command will jump to the first packet displayed.
|
|||
|
||||
This command will jump to the last packet displayed.
|
||||
|
||||
[[ChWorkMarkPacketSection]]
|
||||
[#ChWorkMarkPacketSection]
|
||||
|
||||
=== Marking Packets
|
||||
|
||||
|
@ -1086,7 +1086,7 @@ you can select from the following:
|
|||
You can also mark and unmark a packet by clicking on it in the packet list
|
||||
with the middle mouse button.
|
||||
|
||||
[[ChWorkIgnorePacketSection]]
|
||||
[#ChWorkIgnorePacketSection]
|
||||
|
||||
=== Ignoring Packets
|
||||
|
||||
|
@ -1108,7 +1108,7 @@ menu:Edit[] menu you can select from the following:
|
|||
|
||||
* menu:Unignore All Displayed[] reset the ignored state of all packets.
|
||||
|
||||
[[ChWorkTimeFormatsSection]]
|
||||
[#ChWorkTimeFormatsSection]
|
||||
|
||||
=== Time Display Formats And Time References
|
||||
|
||||
|
@ -1159,7 +1159,7 @@ using the “Automatic” setting for libpcap files (which is microseconds). If
|
|||
you use Seconds it would show simply 1 and if you use Nanoseconds it shows
|
||||
1.123456000.
|
||||
|
||||
[[ChWorkTimeReferencePacketSection]]
|
||||
[#ChWorkTimeReferencePacketSection]
|
||||
|
||||
==== Packet Time Referencing
|
||||
|
||||
|
@ -1187,7 +1187,7 @@ the menu:[Edit] menu or from the pop-up menu of the “Packet List” pane. See
|
|||
* menu:Find Previous[] Find the previous time referenced packet in the “Packet
|
||||
List” pane.
|
||||
|
||||
[[ChWorkTimeReference]]
|
||||
[#ChWorkTimeReference]
|
||||
|
||||
.Wireshark showing a time referenced packet
|
||||
image::wsug_graphics/ws-time-reference.png[{screenshot-attrs}]
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
[[Preface]]
|
||||
[#Preface]
|
||||
["preface",id="Preface"]
|
||||
== Preface
|
||||
|
||||
[[PreForeword]]
|
||||
[#PreForeword]
|
||||
|
||||
=== Foreword
|
||||
|
||||
|
@ -12,7 +12,7 @@ This document is part of an effort by the Wireshark team to improve
|
|||
Wireshark's usability.
|
||||
We hope that you find it useful and look forward to your comments.
|
||||
|
||||
[[PreAudience]]
|
||||
[#PreAudience]
|
||||
|
||||
=== Who should read this document?
|
||||
|
||||
|
@ -33,7 +33,7 @@ behind some of the advanced features that are not always obvious at first sight.
|
|||
It will hopefully guide you around some common problems that frequently appear
|
||||
for new (and sometimes even advanced) Wireshark users.
|
||||
|
||||
[[PreAck]]
|
||||
[#PreAck]
|
||||
|
||||
=== Acknowledgements
|
||||
|
||||
|
@ -64,7 +64,7 @@ Wireshark project from who sections of this document borrow heavily:
|
|||
|
||||
* Ashok Narayanan from whose `text2pcap` man page <<AppToolstext2pcap>> is derived.
|
||||
|
||||
[[PreAbout]]
|
||||
[#PreAbout]
|
||||
|
||||
=== About this document
|
||||
|
||||
|
@ -76,14 +76,14 @@ updated by mailto:{wsug-author-email}[Ulf Lamping].
|
|||
It was originally written in DocBook/XML and converted to AsciiDoc by
|
||||
Gerald Combs.
|
||||
|
||||
[[PreDownload]]
|
||||
[#PreDownload]
|
||||
|
||||
=== Where to get the latest copy of this document?
|
||||
|
||||
The latest copy of this documentation can always be found at
|
||||
{wireshark-users-guide-url}.
|
||||
|
||||
[[PreFeedback]]
|
||||
[#PreFeedback]
|
||||
|
||||
=== Providing feedback about this document
|
||||
|
||||
|
|
Loading…
Reference in New Issue