osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Docs: Use modern Asciidoctor section IDs. 

Change our legacy block anchors to section IDs as described at

https://docs.asciidoctor.org/asciidoc/latest/sections/custom-ids/
This commit is contained in:
Gerald Combs 2022-01-16 10:55:52 -08:00 committed by A Wireshark GitLab Utility
parent 92c8c2f7a0
commit fad709a582
36 changed files with 676 additions and 676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docbook/developer-guide.adoc
View File

@ -24,7 +24,7 @@ include::wsdg_src/WSDG_preface.adoc[]
include::common_src/typographic_conventions.adoc[]
[[PartEnvironment]]
[#PartEnvironment]
= Wireshark Build Environment
[partintro]
@ -44,7 +44,7 @@ include::wsdg_src/WSDG_chapter_tools.adoc[]
include::wsdg_src/WSDG_chapter_libraries.adoc[]
[[PartDevelopment]]
[#PartDevelopment]
= Wireshark Development
[partintro]

8
docbook/faq.adoc
View File

@ -32,7 +32,7 @@ unsupported and has known security vulnerabilities.
For more information, please see the
https://www.wireshark.org/about.html[About Wireshark] page.
[[wheretogethelp]]
[#wheretogethelp]
=== Where can I get help?
Community support is available on the
@ -305,7 +305,7 @@ happens; see the previous question.
== Capturing packets
[[promiscsniff]]
[#promiscsniff]
=== When I use Wireshark to capture packets, why do I see only packets to and from my machine, or not see all the traffic I'm expecting to see from or to the machine I'm trying to monitor?
This might be because the interface on which you're capturing is
@ -651,7 +651,7 @@ information (e.g., passwords), then please do not send it.
== Capturing packets on Windows
[[capprobwin]]
[#capprobwin]
=== I'm running Wireshark on Windows; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Wireshark give me an error if I try to capture on that interface?
Wireshark relies on the Npcap library, the Npcap device driver,
@ -787,7 +787,7 @@ seeing VLAN headers and seeing outgoing packets.
== Capturing packets on UN*Xes
[[capprobunix]]
[#capprobunix]
=== I'm running Wireshark on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Wireshark give me an error if I try to capture on that interface?
You may need to run Wireshark from an account with sufficient

10
docbook/make-wsluarm.pl
View File

@ -261,16 +261,16 @@ my $function;
my @functions;
my $asciidoc_template = {
module_header => "[[lua_module_%s]]\n\n",
module_header => "[#lua_module_%s]\n\n",
# module_desc => "\t<title>%s</title>\n",
class_header => "[[lua_class_%s]]\n\n" .
class_header => "[#lua_class_%s]\n\n" .
"==== %s\n\n",
#class_desc => "\t\t<para>%s</para>\n",
class_attr_header => "[[lua_class_attrib_%s]]\n\n" .
class_attr_header => "[#lua_class_attrib_%s]\n\n" .
"===== %s\n\n",
#class_attr_descr => "\t\t\t<para>%s%s</para>\n",
class_attr_footer => "// End %s\n\n",
function_header => "[[lua_fn_%s]]\n\n" .
function_header => "[#lua_fn_%s]\n\n" .
"===== %s\n\n",
#function_descr => "\t\t\t<para>%s</para>\n",
function_args_header => "[float]\n" .
@ -294,7 +294,7 @@ my $asciidoc_template = {
function_errors_footer => "// function_errors_footer: %s\n",
function_footer => "// function_footer: %s\n\n",
class_footer => "// class_footer: %s\n",
global_functions_header => "[[global_functions_%s]]\n\n" .
global_functions_header => "[#global_functions_%s]\n\n" .
"==== Global Functions\n\n",
global_functions_footer => "// Global function\n",
module_footer => "// end of module\n",

90
docbook/wsdg_src/WSDG_chapter_asn2wrs.adoc
View File

@ -1,4 +1,4 @@
[[CreatingAsn1Dissectors]]
[#CreatingAsn1Dissectors]
== Creating ASN.1 Dissectors
@ -28,7 +28,7 @@ It has inbuilt support for:
(07/1994), Information technology - Remote Operations: Concepts, model
and notation
[[AboutASN1]]
[#AboutASN1]
=== About ASN.1
@ -37,7 +37,7 @@ learn about ASN.1. There are a number of free resources available to
help with this. One collection of such resources is maintained on
https://www.itu.int/en/ITU-T/asn1/Pages/asn1_project.aspx[the ASN.1 Consortium's web site].
[[Asn1DissectorRequirements]]
[#Asn1DissectorRequirements]
=== ASN.1 Dissector Requirements
The compiler needs 4 input files: an ASN.1 description of a protocol, a .cnf file, and two template files.
@ -47,7 +47,7 @@ The H.248 Binary encoding dissector is a good example of a dissector with relati
A complete <<SimpleASN1BasedDissector,simple ASN1 UDP-based dissector>> is also available.
[[BuildingAnASN1BasedPlugin]]
[#BuildingAnASN1BasedPlugin]
==== Building An ASN.1-Based Plugin
The usual way to build an ASN.1-based dissector is to put it into the
@ -66,7 +66,7 @@ Reasons one might _not_ want to build as a plugin:
If you still think you'd like to build your module as a plugin, see https://gitlab.com/wireshark/wireshark/-/wikis/ASN1_plugin[Building ASN1 Plugins].
[[UnderstandingErrorMessages]]
[#UnderstandingErrorMessages]
=== Understanding Error Messages
When running asn2wrs, you could get the following errors:
@ -77,13 +77,13 @@ around the dot (.) - can be the dot itself.
* A ParseError (`__main__.ParseError: LexToken(SEMICOLON,';',88)`) means that the ';' (SEMICOLON) is not understood. Maybe removing it will work?
[[HandMassagingTheASN1File]]
[#HandMassagingTheASN1File]
=== Hand-Massaging The ASN.1 File
If a portion of your ASN.1 file is unsupported you can modify it by hand as needed.
However, the preferred way to resolve the issue is to report it on the link:{wireshark-mailing-lists-url}wireshark-dev[wireshark-dev] mailing list or in the issue tracker so that asn2wrs can be improved.
[[CommandLineSyntax]]
[#CommandLineSyntax]
=== Command Line Syntax
----
@ -124,7 +124,7 @@ ASN.1 to Wireshark dissector compiler
o - list of output files
----
[[GeneratedFiles]]
[#GeneratedFiles]
=== Generated Files
Asn2wrs creates the following intermediate files:
@ -142,7 +142,7 @@ Asn2wrs creates the following intermediate files:
These files should be included in the template file as described in the <<ConformanceFiles,conformance file examples>>.
Some are optional.
[[ASN1StepByStepInstructions]]
[#ASN1StepByStepInstructions]
=== Step By Step Instructions
. Create a directory for your protocol in the _epan/dissectors/asn1_ directory and put
@ -159,14 +159,14 @@ appropriate places.
etc...
. Build Wireshark.
[[HintsForUsingAsn2wrs]]
[#HintsForUsingAsn2wrs]
=== Hints For Using Asn2wrs
Asn2wrs does not support all of ASN.1 yet.
This means you might need to modify the ASN.1 definition before it will compile.
This page lists some tips and tricks that might make your life easier.
[[COMPONENTS_OF]]
[#COMPONENTS_OF]
[discrete]
==== COMPONENTS OF
@ -177,7 +177,7 @@ COMPONENTS OF is a directive in ASN.1 which include
all specified fields in the referenced SEQUENCE by those fields as if
they had been explicitly specified.
[[ASN1ComponentsOfExample]]
[#ASN1ComponentsOfExample]
[discrete]
==== Example
@ -208,7 +208,7 @@ Bar ::= SEQUENCE {
That was pretty easy wasn't it?
[[SemicolonCharacters]]
[#SemicolonCharacters]
[discrete]
==== Semicolon Characters
@ -222,7 +222,7 @@ PBAddressString ::= SEQUENCE {
You will have to remove the last semicolon character.
[[ASN1Parameters]]
[#ASN1Parameters]
[discrete]
==== Parameters
@ -241,7 +241,7 @@ Will have to be replaced with the real values of the parameters:
AChBillingChargingCharacteristics ::= OCTET STRING (SIZE (5 .. 177))
----
[[ASN1ANYAndParameterizedTypes]]
[#ASN1ANYAndParameterizedTypes]
==== ANY And Parameterized Types
Asn2wrs can handle the type ANY but not parameterized types.
@ -292,7 +292,7 @@ offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree);
This example comes from the X509AF dissector. Please see the code there
for more examples on how to do this.
[[TaggedAssignments]]
[#TaggedAssignments]
==== Tagged Assignments
There is currently a bug in Asn2wrs that makes it
@ -353,7 +353,7 @@ generated. Then put that line in the conformance directive and replace
`implicit_tag` with either TRUE or FALSE depending on whether IMPLICIT
is used or not.
[[UntaggedCHOICEs]]
[#UntaggedCHOICEs]
==== Untagged CHOICEs
Asn2wrs cannot handle untagged CHOICEs within either a SET or a SEQUENCE. For example:
@ -397,7 +397,7 @@ MessageTransferEnvelope ::= SET {
This isn't an entirely correct ASN.1 definition, but should allow
successful parsing.
[[ImportedModuleNameConflicts]]
[#ImportedModuleNameConflicts]
==== Imported Module Name Conflicts
When importing a module using <<ASN1CnfDirectiveINCLUDE,++#++.INCLUDE>> in the conformance file, this
@ -429,7 +429,7 @@ into the conformance file *before* the <<ASN1CnfDirectiveINCLUDE,++#++.INCLUDE>>
Time TYPE = FT_STRING DISPLAY = BASE_NONE STRING = NULL BITMASK = 0
----
[[SimpleASN1BasedDissector]]
[#SimpleASN1BasedDissector]
=== Simple ASN.1-Based Dissector
// https://gitlab.com/wireshark/wireshark/-/wikis/uploads/__moin_import__/attachments/ASN1_sample/foo.tar.gz
@ -675,7 +675,7 @@ set( A2W_FLAGS )
ASN2WRS()
----
[[ConformanceFiles]]
[#ConformanceFiles]
=== Conformance (.cnf) Files
The .cnf file tells the compiler what to do with certain things, such as skipping auto generation for some ASN.1 entries.
@ -731,7 +731,7 @@ End of directive
#.END_OF_CNF::
End of conformance file
[[ExampleCnfFile]]
[#ExampleCnfFile]
==== Example .cnf File
----
@ -828,7 +828,7 @@ if (foo_reassemble) {
#.END
----
[[ExamplePacketProtocolTemplateHFile]]
[#ExamplePacketProtocolTemplateHFile]
==== Example packet-protocol-template.h File
Example template.h file.
@ -856,7 +856,7 @@ Replace all PROTOCOL/protocol references with the name of your protocol.
#endif /* PACKET_PROTOCOL_H */
----
[[ExamplePacketProtocolTemplateCFile]]
[#ExamplePacketProtocolTemplateCFile]
==== Example packet-protocol-template.c File
Example template.c file.
@ -929,24 +929,24 @@ void proto_reg_handoff_protocol(void) {
}
----
[[ASN1ConformanceFileDirectiveReference]]
[#ASN1ConformanceFileDirectiveReference]
=== Conformance File Directive Reference
The following directives can be used in conformance (.cnf) files:
[[ASN1CnfDirectiveEND]]
[#ASN1CnfDirectiveEND]
==== #.END
Some of the other directives in the Asn2wrs conformance file consists of multiple lines.
The #.END directive is used to terminate such a directive.
All other “#.” directives (except #.INCLUDE) automatically act as an implicit #.END directive which is why you will not see many #.END directives in the conformance files for the dissectors shipped with Wireshark.
[[ASN1CnfDirectiveEXPORTS]]
[#ASN1CnfDirectiveEXPORTS]
==== #.EXPORTS
This directive in the Asn2wrs conformation file is used to export functions for type decoding from the dissector.
[[ASN1CnfDirectiveEXPORTSSyntax]]
[#ASN1CnfDirectiveEXPORTSSyntax]
===== Syntax
----
@ -965,7 +965,7 @@ Options:
* WS_VAR and WS_VAR_IMPORT: Used for value string table so as it can be exported from libwireshark.dll.
* NO_PROT_PREFIX: - value string table name does not have protocol prefix
[[ASN1CnfDirectiveEXPORTSExample]]
[#ASN1CnfDirectiveEXPORTSExample]
===== Example
----
@ -976,14 +976,14 @@ H323-UU-PDU/h323-message-body ONLY_VALS WS_VAR
#.END
----
[[ASN1CnfDirectiveFN_BODY]]
[#ASN1CnfDirectiveFN_BODY]
==== #.FN_BODY
Sometimes, like when we have ANY types, we might want to replace
whatever function body that Asn2wrs generates with code
of our own. This is what this directive allows us to do.
[[ASN1CnfDirectiveFN_BODYExample]]
[#ASN1CnfDirectiveFN_BODYExample]
===== Example: ANY
Asn2wrs can handle the type ANY but we have to help it by adding some small changes to the conformance file.
@ -1037,13 +1037,13 @@ for more examples on how to do this.
[[ASN1CnfDirectiveMODULE_IMPORTAndINCLUDE]]
[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDE]
==== #.MODULE_IMPORT And #.INCLUDE
These directive in the Asn2wrs conformation file are used to manage references to external type definitions, i.e. IMPORTS.
The examples below are all from the X.509 Authentication Framework (x509af) dissector source code in Wireshark.
[[ASN1CnfDirectiveMODULE_IMPORTAndINCLUDEExample]]
[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDEExample]
===== Example ASN
This is an example from the X509AF dissector which amongst other things
@ -1069,7 +1069,7 @@ important that these types have been declared as #.EXPORTS in the X509
InformationFramework dissector so that they are exported and that we
can link to them.
[[ASN1CnfDirectiveMODULE_IMPORT]]
[#ASN1CnfDirectiveMODULE_IMPORT]
==== #.MODULE_IMPORT
First we need to tell Asn2wrs which protocol name
@ -1090,7 +1090,7 @@ This tells Asn2wrs that the function name to call to
dissect Name would be dissect_x509if_Name(...). Without this knowledge
Asn2wrs would not know which function name to generate. +
[[ASN1CnfDirectiveINCLUDE]]
[#ASN1CnfDirectiveINCLUDE]
==== #.INCLUDE
Second, in order for Asn2wrs to generate correct code it
@ -1107,7 +1107,7 @@ have are done using the #.INCLUDE directive in the conformance file:
See #.EXPORTS for a description and examples of these types of include
files.
[[ASN1CnfDirectiveNO_EMITAndUSER_DEFINED]]
[#ASN1CnfDirectiveNO_EMITAndUSER_DEFINED]
==== #.NO_EMIT And #.USER_DEFINED
These two directives in the conformance file for Asn2wrs
@ -1132,7 +1132,7 @@ and
Use #.NO_EMIT if you dont need to call this function at all from anywhere (except from the template itself) and use #.USER_DEFINED is better if you implement the function inside the template but still want to allow it to be called from other places.
// (need much better explanation here)
[[ASN1CnfDirectiveNO_EMITSyntax]]
[#ASN1CnfDirectiveNO_EMITSyntax]
===== Syntax
----
@ -1155,7 +1155,7 @@ Options:
* WITHOUT_VALS: Only dissection function is user defined and not emitted.
* ONLY_VALS: Only value string table is user defined and not emitted.
[[ASN1CnfDirectivePDUAndPDU_NEW]]
[#ASN1CnfDirectivePDUAndPDU_NEW]
==== #.PDU and #.PDU_NEW
This directive in the Asn2wrs conformation file will
@ -1164,7 +1164,7 @@ This is useful if there is an object inside the
ASN.1 definition that we really want to register as a protocol dissector
or if we want it to have a well known signature.
[[ASN1CnfDirectivePDUFunctionNames]]
[#ASN1CnfDirectivePDUFunctionNames]
===== Function Names
The wrapper functions that are created will all be named and have the
@ -1176,14 +1176,14 @@ static void dissect_ProtocolName_ObjectName(tvbuff_t *tvb, packet_info *pinfo, p
Notice that this is exactly the same signature as `dissector_t` which is used by all dissector entry points.
[[ASN1CnfDirectivePDUUsage]]
[#ASN1CnfDirectivePDUUsage]
===== Usage
To get Asn2wrs to generate such wrapper functions you
just have to list all objects one by one on the lines following the
#.PDU declaration.
[[ASN1CnfDirectivePDUExample]]
[#ASN1CnfDirectivePDUExample]
===== Example
----
@ -1202,7 +1202,7 @@ static void dissect_SomeObject_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree
This function can then later be called or referenced from the template file or even exported.
[[ASN1CnfDirectiveREGISTERAndREGISTER_NEW]]
[#ASN1CnfDirectiveREGISTERAndREGISTER_NEW]
==== #.REGISTER and #.REGISTER_NEW
This directive in the Asn2wrs conformation file can be used to register a dissector for an object to an OID.
@ -1223,14 +1223,14 @@ A whole bunch of protocols use similar types of constructs.
While dissection of this particular structure itself currently has to be hand implemented inside the template (see x509af for examples of how this very structure is handled there).
The #.REGISTER option in the conformance file will at least make it easy and painless to attach the actual OID to dissector mappings.
[[ASN1CnfDirectiveREGISTERUsage]]
[#ASN1CnfDirectiveREGISTERUsage]
===== Usage
To get Asn2wrs to generate such automatic registration of
OID to dissector mappings just use the #.REGISTER directive in the
conformation file.
[[ASN1CnfDirectiveREGISTERExample]]
[#ASN1CnfDirectiveREGISTERExample]
===== Example
----
@ -1241,14 +1241,14 @@ Certificate B "2.5.4.36" "id-at-userCertificate"
Which will generate the extra code to make sure that anytime Wireshark needs to dissect the blob associated to the OID "2.5.4.36" it now knows that that is done by calling the subroutine to dissect a Certificate in the current protocol file.
The "id-at-userCertificate" is just a free form text string to make Wireshark print a nice name together with the OID when it presents it in the decode pane. While this can be just about anything you want I would STRONGLY use the name used to this object/oid in the actual ASN.1 definition file.
[[ASN1CnfDirectiveREGISTERIncludeFile]]
[#ASN1CnfDirectiveREGISTERIncludeFile]
===== Include File
During the compilation phase Asn2wrs will put all the extra registration code for this in the include file
packet-protocol-dis-tab.c.
Make sure that you include this file from the template file or the registration to an OID will never occur. `#include "packet-protocol-dis-tab.c"` should be included from the proto_reg_handoff_protocol function in the template file.
[[ASN1CnfDirectiveREGISTERSeeAlso]]
[#ASN1CnfDirectiveREGISTERSeeAlso]
===== See Also
The various dissectors we have for X.509 such as the X.509AF which contains several examples of how to use this option.

8
docbook/wsdg_src/WSDG_chapter_build_intro.adoc
View File

@ -1,10 +1,10 @@
// WSDG Chapter Build Introduction
[[ChapterBuildIntro]]
[#ChapterBuildIntro]
== Introduction
[[ChCodeOverview]]
[#ChCodeOverview]
=== Source overview
@ -24,14 +24,14 @@ the _/capture_ directory
* Help - using an external web browser and text output
[[ChCodeStyle]]
[#ChCodeStyle]
=== Coding Style
The coding style guides for Wireshark can be found in the “Portability”
section of the file _doc/README.developer_.
[[ChCodeGLib]]
[#ChCodeGLib]
=== The GLib library

10
docbook/wsdg_src/WSDG_chapter_capture.adoc
View File

@ -1,6 +1,6 @@
// WSDG Chapter Capture
[[ChapterCapture]]
[#ChapterCapture]
== Packet Capture
@ -8,7 +8,7 @@
This chapter needs to be reviewed and extended.
****
[[ChCaptureAddLibpcap]]
[#ChCaptureAddLibpcap]
=== How To Add A New Capture Type To Libpcap
@ -34,7 +34,7 @@ the link-layer protocols or protocols and have them register themselves
with the `wtap_encap` dissector table, with the appropriate _WTAP_ENCAP_
values by calling `dissector_add_uint()`.
[[ChCaptureExtcap]]
[#ChCaptureExtcap]
=== Extcap: Developer Guide
@ -73,7 +73,7 @@ can be found (it is not designed to be launched by hand). This is done on purpo
only be extcap programs (executable, python scripts, ...) in the extcap folder to reduce the startup
time and not have Wireshark trying to execute other file types.
[[ChCaptureExtcapProcess]]
[#ChCaptureExtcapProcess]
==== Extcap command line interface
@ -204,7 +204,7 @@ the other options are automatically added to run the capture. The extcap interfa
is used like all other interfaces (meaning that capture on multiple interfaces, as
well as stopping and restarting the capture is supported).
[[ChCaptureExtcapWindowsShell]]
[#ChCaptureExtcapWindowsShell]
====== Execute a script-based extcap on Windows

28
docbook/wsdg_src/WSDG_chapter_dissection.adoc
View File

@ -1,10 +1,10 @@
// WSDG Chapter Dissection
[[ChapterDissection]]
[#ChapterDissection]
== Packet Dissection
[[ChDissectWorks]]
[#ChDissectWorks]
=== How packet dissection works
@ -37,7 +37,7 @@ The file _doc/README.dissector_ contains detailed information about writing
a dissector. In many cases it is more up to date than this document.
====
[[ChDissectAdd]]
[#ChDissectAdd]
=== Adding a basic dissector
@ -52,7 +52,7 @@ protocol. It consists of the following basic items.
* An IPv4 address.
[[ChDissectSetup]]
[#ChDissectSetup]
==== Setting up the dissector
@ -243,7 +243,7 @@ Compile the dissector to a DLL or shared library and either run Wireshark from
the build directory as detailed in <<ChSrcRunFirstTime>> or copy the plugin
binary into the plugin directory of your Wireshark installation and run that.
[[ChDissectDetails]]
[#ChDissectDetails]
==== Dissecting the protocol's details
@ -607,7 +607,7 @@ isn't found we provide a fallback which just prints the value in hex. We use
this twice, once in the INFO field of the columns -- if its displayed, and
similarly we append this data to the base of our dissecting tree.
[[ChDissectExpertInfo]]
[#ChDissectExpertInfo]
=== How to add an expert item
@ -726,7 +726,7 @@ Adding the expert item is simply done by calling `expert_add_info()` with refere
to the `packet_info` structure, the proto item `ti` to add the expert item to and
the previously defined and registered expert item information.
[[ChDissectTransformed]]
[#ChDissectTransformed]
=== How to handle transformed data
@ -798,7 +798,7 @@ on the old one but starting at the current offset, and extending to the end.
This makes dissecting the packet from this point on exactly the same regardless
of compression.
[[ChDissectReassemble]]
[#ChDissectReassemble]
=== How to reassemble split packets
@ -813,7 +813,7 @@ The following sections will guide you through two common cases. For a
description of all possible functions, structures and parameters, see
_epan/reassemble.h_.
[[ChDissectReassembleUdp]]
[#ChDissectReassembleUdp]
==== How to reassemble split UDP packets
@ -1052,7 +1052,7 @@ packet to another, such as a partial packet having a link to the fully
reassembled packet. Likewise there are back pointers to the individual packets
from the reassembled one. The other variables are used for flagging up errors.
[[TcpDissectPdus]]
[#TcpDissectPdus]
==== How to reassemble split TCP Packets
@ -1132,7 +1132,7 @@ Protocols which need more data before the message length can be determined can
return zero. Other values smaller than the fixed length will result in an
exception.
[[ChDissectTap]]
[#ChDissectTap]
=== How to tap protocols
@ -1201,7 +1201,7 @@ dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
This now enables those interested parties to listen in on the details
of this protocol conversation.
[[ChDissectStats]]
[#ChDissectStats]
=== How to produce protocol stats
@ -1294,14 +1294,14 @@ In this case the processing of the stats is quite simple. First we call the
call to `stats_tree_tick_pivot()` on the `st_node_packet_types` subtree allows
us to record statistics by packet type.
[[ChDissectConversation]]
[#ChDissectConversation]
=== How to use conversations
Some info about how to use conversations in a dissector can be found in the file
_doc/README.dissector_, chapter 2.2.
[[ChDissectIdl2wrs]]
[#ChDissectIdl2wrs]
=== __idl2wrs__: Creating dissectors from CORBA IDL files

36
docbook/wsdg_src/WSDG_chapter_env_intro.adoc
View File

@ -1,16 +1,16 @@
// WSDG Chapter Introduction
[[ChapterIntroduction]]
[#ChapterIntroduction]
== Introduction
[[ChIntroIntro]]
[#ChIntroIntro]
=== Introduction
This chapter will provide a general overview of Wireshark development.
[[ChIntroWhatIs]]
[#ChIntroWhatIs]
=== What Is Wireshark?
@ -19,7 +19,7 @@ know what Wireshark is doing. If not, please have a look at the
link:{wireshark-users-guide-url}[Wireshark Users Guide],
which will provide a lot of general information about it.
[[ChIntroPlatforms]]
[#ChIntroPlatforms]
=== Supported Platforms
@ -96,7 +96,7 @@ Development on Windows 7, Server 2008 R2, Vista, Server 2008, and older versions
Some versions of Windows support https://devblogs.microsoft.com/commandline/per-directory-case-sensitivity-and-wsl/[case sensitive directories].
We dont officially support building or running Wireshark in this environment, but we will accept patches to fix any issues that might arise.
[[ChIntroDevelopment]]
[#ChIntroDevelopment]
=== Development And Maintenance Of Wireshark
@ -170,7 +170,7 @@ available on the download page of the Wireshark website:
{wireshark-download-url}.
[[ChIntroReleases]]
[#ChIntroReleases]
=== Releases And Distributions
@ -179,7 +179,7 @@ Minor releases typically happen every six weeks and typically include bug fixes
Major releases happen about once a year and include new features and new protocol support.
Official releases include binary packages for Windows and macOS along with source code.
[[ChIntroReleaseBinary]]
[#ChIntroReleaseBinary]
==== Binary Distributions
@ -212,7 +212,7 @@ The Wireshark sources include support for creating the following types of packag
You can also create your own binary packages. See <<ChSrcBinary>> for details.
[[ChIntroReleaseSource]]
[#ChIntroReleaseSource]
==== The Source Code Distribution
@ -227,7 +227,7 @@ For details about the different ways to get the Wireshark source code see <<ChSr
Before building Wireshark from a source distribution, make sure you have all the tools and libraries required to build.
Later chapters describe the required tools and libraries in detail.
[[ChIntroAutomated]]
[#ChIntroAutomated]
=== Automated Builds (GitLab CI)
@ -282,7 +282,7 @@ Static code analysis and fuzz tests are run on the following platforms:
Each platform is represented at the status page by a single column, the most recent entries are at the top.
[[ChIntroHelp]]
[#ChIntroHelp]
=== Reporting problems and getting help
@ -291,14 +291,14 @@ If you have problems, or need help with Wireshark, there are several
places that may be of interest to you (well, beside this guide of
course).
[[ChIntroHomepage]]
[#ChIntroHomepage]
==== Website
You will find lots of useful information on the Wireshark homepage at
{wireshark-main-url}.
[[ChIntroWiki]]
[#ChIntroWiki]
==== Wiki
@ -312,7 +312,7 @@ And best of all, if you would like to contribute your knowledge on a
specific topic (maybe a network protocol you know well), you can edit the
Wiki pages by simply using your webbrowser.
[[ChIntroFAQ]]
[#ChIntroFAQ]
==== FAQ
@ -332,7 +332,7 @@ An online version is available at the Wireshark website:
{wireshark-faq-url}. You might prefer this online version as its
typically more up to date and the HTML format is easier to use.
[[ChIntroOtherSources]]
[#ChIntroOtherSources]
==== Other sources
@ -359,7 +359,7 @@ APIs available to the dissector developer, etc.
* The different mailing lists. See <<ChIntroMailingLists>>
[[ChIntroQA]]
[#ChIntroQA]
==== Q&amp;A Site
@ -370,7 +370,7 @@ knew about the issue. Answers are graded, so you can pick out the best
ones easily. If your issue isn't discussed before you can post one
yourself.
[[ChIntroMailingLists]]
[#ChIntroMailingLists]
==== Mailing Lists
@ -413,14 +413,14 @@ question and maybe already got an answer. That way you don't have to wait until
someone answers your question.
====
[[ChIntroBugDatabase]]
[#ChIntroBugDatabase]
==== Bug Database (Gitlab Issues)
The Wireshark community collects bug reports in an issues database at {wireshark-bugs-url}.
This database is filled with manually filed bug reports, usually after some discussion on wireshark-dev, and automatic bug reports from continuous integration jobs.
[[ChIntroReportProblems]]
[#ChIntroReportProblems]
==== Reporting Problems

78
docbook/wsdg_src/WSDG_chapter_libraries.adoc
View File

@ -1,10 +1,10 @@
// WSDG Chapter Libraries
[[ChapterLibraries]]
[#ChapterLibraries]
== Library Reference
[[ChLibIntro]]
[#ChLibIntro]
=== Introduction
@ -29,7 +29,7 @@ https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
See <<ChLibsSetup>> for an easier way to install them.
====
[[ChLibsFormat]]
[#ChLibsFormat]
=== Binary Library Formats
@ -37,7 +37,7 @@ Binary libraries are available in different formats, depending on the C
compiler used to build it and of course the platform they were built for.
[[ChLibsFormatUnix]]
[#ChLibsFormatUnix]
[discrete]
==== Unix
@ -48,7 +48,7 @@ available as a package from the platform installer, or you can download
and compile the source and then install the binaries.
[[ChLibsFormatWin32]]
[#ChLibsFormatWin32]
[discrete]
==== Windows
@ -57,7 +57,7 @@ Most of the Win32 binary libraries you will find on the web are in this
format. You will recognize MSVC libraries by the .lib/.dll file extension.
[[ChLibsSetup]]
[#ChLibsSetup]
=== Windows Automated Library Download
@ -73,7 +73,7 @@ You may also directly set the library directory with the environment variable
WIRESHARK_LIB_DIR, but if you switch between 32 bit and 64 bit builds, the value of this
must be set appropriately.
[[ChLibsQt]]
[#ChLibsQt]
=== Qt
@ -82,7 +82,7 @@ platform independent UI. Wireshark can be built with Qt 5.3 or later.
For more information on the Qt libraries, see <<ChUIQt>>.
[[ChLibsUnixQt]]
[#ChLibsUnixQt]
[discrete]
==== Unix
@ -95,7 +95,7 @@ _qtmultimedia5-dev_, and possibly others.
The Qt Project provides an installation tool for macOS, similar to Windows.
It is available at https://www.qt.io/download-open-source/#section-2[].
[[ChLibsWin32Qt]]
[#ChLibsWin32Qt]
[discrete]
==== Windows
@ -105,7 +105,7 @@ Note that separate installations (into different directories) of Qt are required
The environment variable `https://doc.qt.io/qt-5/cmake-get-started.html[CMAKE_PREFIX_PATH]` should be set to your Qt installation directory, e.g. _C:\Qt{backslash}{qt-lts-version}.2\msvc2019_64_.
You can alternatively set QT5_BASE_DIR to your Qt installation path, but this is no longer recommended.
[[ChLibsGLib]]
[#ChLibsGLib]
=== GLib And Supporting Libraries
@ -118,7 +118,7 @@ typically not come into contact with these while doing Wireshark
development. Wireshark's build system check for and require both GLib
and its dependencies.
[[ChLibsUnixGLib]]
[#ChLibsUnixGLib]
[discrete]
==== Unix
@ -127,7 +127,7 @@ The GLib library is available for most Linux distributions and UNIX
flavors. If it isn't already installed and isn't available as a package
for your platform, you can get it at https://wiki.gnome.org/Projects/GLib[].
[[ChLibsWin32GLib]]
[#ChLibsWin32GLib]
[discrete]
==== Windows
@ -137,13 +137,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsCares]]
[#ChLibsCares]
=== c-ares
C-Ares is used for asynchronous DNS resolution and lets us resolve names with a minimal performance impact.
[[ChLibsUnixCares]]
[#ChLibsUnixCares]
[discrete]
==== Unix
@ -151,7 +151,7 @@ C-Ares is used for asynchronous DNS resolution and lets us resolve names with a
If this library isn't already installed or available as a package for your
platform, you can get it at https://c-ares.org/[].
[[ChLibsWin32Cares]]
[#ChLibsWin32Cares]
[discrete]
==== Windows
@ -161,13 +161,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsSMI]]
[#ChLibsSMI]
=== SMI (Optional)
LibSMI is used for MIB and PIB parsing and for OID resolution.
[[ChLibsUnixSMI]]
[#ChLibsUnixSMI]
[discrete]
==== Unix
@ -176,7 +176,7 @@ If this library isn't already installed or available as a
package for your platform, you can get it at
https://www.ibr.cs.tu-bs.de/projects/libsmi/[].
[[ChLibsWin32SMI]]
[#ChLibsWin32SMI]
[discrete]
==== Windows
@ -189,7 +189,7 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsZlib]]
[#ChLibsZlib]
=== zlib (Optional)
@ -202,7 +202,7 @@ patents -- lossless data-compression library for use on virtually any computer
hardware and operating system.
____
[[ChLibsUnixZlib]]
[#ChLibsUnixZlib]
[discrete]
==== Unix
@ -211,7 +211,7 @@ This library is almost certain to be installed on your system. If it isn't or
you don't want to use the default library you can download it from
https://www.zlib.net/[].
[[ChLibsWin32Zlib]]
[#ChLibsWin32Zlib]
[discrete]
==== Windows
@ -221,14 +221,14 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsPcap]]
[#ChLibsPcap]
=== libpcap or Npcap (Optional, But Strongly Recommended)
Libpcap and Npcap provide the packet capture capabilities that are central
to Wiresharks core functionality.
[[ChLibsLibpcap]]
[#ChLibsLibpcap]
[discrete]
==== Unix: libpcap
@ -236,7 +236,7 @@ to Wiresharks core functionality.
If this library isn't already installed or available as a package for your
platform, you can get it at {tcpdump-main-url}.
[[ChLibsWinpPcap]]
[#ChLibsWinpPcap]
[discrete]
==== Windows: Npcap
@ -259,14 +259,14 @@ to purchase a redistribution license. Please see {npcap-main-url} for
more details.
====
[[ChLibsGNUTLS]]
[#ChLibsGNUTLS]
=== GnuTLS (Optional)
The GNU Transport Layer Security Library is used to enable TLS decryption
using an RSA private key.
[[ChLibsUnixGNUTLS]]
[#ChLibsUnixGNUTLS]
[discrete]
==== Unix
@ -275,7 +275,7 @@ If this library isn't already installed or available as a
package for your platform, you can get it at
https://gnutls.org/[].
[[ChLibsWin32GNUTLS]]
[#ChLibsWin32GNUTLS]
[discrete]
==== Windows
@ -285,7 +285,7 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsGcrypt]]
[#ChLibsGcrypt]
=== Gcrypt
@ -293,7 +293,7 @@ The Gcrypt Library is a low-level cryptographic library that provides
support for many ciphers and message authentication codes, such as DES, 3DES,
AES, Blowfish, SHA-1, SHA-256, and others.
[[ChLibsUnixGcrypt]]
[#ChLibsUnixGcrypt]
[discrete]
==== Unix
@ -302,7 +302,7 @@ If this library isn't already installed or available as a
package for your platform, you can get it at
https://directory.fsf.org/wiki/Libgcrypt[].
[[ChLibsWin32Gcrypt]]
[#ChLibsWin32Gcrypt]
[discrete]
==== Windows
@ -312,14 +312,14 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsKerberos]]
[#ChLibsKerberos]
=== Kerberos (Optional)
The Kerberos library is used to dissect Kerberos, sealed DCERPC and
secure LDAP protocols.
[[ChLibsUnixKerberos]]
[#ChLibsUnixKerberos]
[discrete]
==== Unix
@ -328,7 +328,7 @@ If this library isn't already installed or available as a
package for your platform, you can get it at
https://web.mit.edu/Kerberos/dist/[].
[[ChLibsWin32Kerberos]]
[#ChLibsWin32Kerberos]
[discrete]
==== Windows
@ -338,13 +338,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsLua]]
[#ChLibsLua]
=== Lua (Optional)
The Lua library is used to add scripting support to Wireshark.
[[ChLibsUnixLua]]
[#ChLibsUnixLua]
[discrete]
==== Unix
@ -353,7 +353,7 @@ If this library isn't already installed or available as a
package for your platform, you can get it at
https://www.lua.org/download.html[].
[[ChLibsWin32Lua]]
[#ChLibsWin32Lua]
[discrete]
==== Windows
@ -363,7 +363,7 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsMaxMindDB]]
[#ChLibsMaxMindDB]
=== MaxMindDB (Optional)
@ -380,13 +380,13 @@ https://anonsvn.wireshark.org/wireshark-win64-libs/trunk/packages/[]
and
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsSparkle]]
[#ChLibsSparkle]
=== WinSparkle (Optional)
WinSparkle is an easy-to-use software update library for Windows developers.
[[ChLibsWinSparkle]]
[#ChLibsWinSparkle]
[discrete]
==== Windows

28
docbook/wsdg_src/WSDG_chapter_quick_setup.adoc
View File

@ -1,14 +1,14 @@
// WSDG Chapter Setup
[[ChapterSetup]]
[#ChapterSetup]
== Quick Setup
[[ChSetupUNIX]]
[#ChSetupUNIX]
=== UNIX: Installation and Build Instructions
[[ChSetupUNIXBuildEnvironmentSetup]]
[#ChSetupUNIXBuildEnvironmentSetup]
==== Build environment setup
@ -75,7 +75,7 @@ can install that tool from source code. The following sections
will provide you with the webpage addresses where you can get
these sources.
[[ChSetupUNIXBuild]]
[#ChSetupUNIXBuild]
==== Building
@ -211,7 +211,7 @@ Known traps are:
====
[[ChSetupChocolatey]]
[#ChSetupChocolatey]
==== Recommended: Install Chocolatey
@ -233,7 +233,7 @@ You can install Chocolatey packages using the command `choco install` (or its sh
----
[[ChSetupMSVC]]
[#ChSetupMSVC]
==== Install Microsoft Visual Studio
@ -276,7 +276,7 @@ Why is this recommended?
While this is a huge download, the Community Editions of Visual Studio are free (as in beer) and include the Visual Studio integrated debugger.
Visual Studio 2019 is also used to create official Wireshark builds, so it will likely have fewer development-related problems.
[[ChSetupQt]]
[#ChSetupQt]
==== Install Qt
@ -297,7 +297,7 @@ The environment variable `https://doc.qt.io/qt-5/cmake-get-started.html[CMAKE_PR
The Qt maintenance tool (_C:\Qt\MaintenanceTool.exe_) can be used to
upgrade Qt to newer versions.
[[ChSetupPython]]
[#ChSetupPython]
==== Install Python
@ -335,7 +335,7 @@ PS$> choco install -y activeperl
// winget has StrawberryPerl.
// https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/StrawberryPerl/StrawberryPerl
[[ChSetupGit]]
[#ChSetupGit]
==== Install Git
@ -389,7 +389,7 @@ A list of other GUI interfaces for Git can be found at
https://git-scm.com/downloads/guis
[[ChSetupCMake]]
[#ChSetupCMake]
==== Install CMake
@ -410,7 +410,7 @@ PS$> choco install -y cmake
Chocolatey ensures cmake.exe is on your path.
[[ChSetupAsciidoctor]]
[#ChSetupAsciidoctor]
==== Install Asciidoctor, Xsltproc, And DocBook
@ -493,7 +493,7 @@ Make sure your repository path doesn't contain spaces.
. Click the btn:[Clone] button. Git Extensions should start cloning the
Wireshark repository.
[[ChSetupPrepareCommandCom]]
[#ChSetupPrepareCommandCom]
==== Open a Visual Studio Command Prompt
@ -558,7 +558,7 @@ to create and jump into the build directory.
The build directory can be deleted at any time and the build files regenerated as detailed in <<ChWin32Generate>>.
--
[[ChWin32Generate]]
[#ChWin32Generate]
==== Generate the build files
@ -602,7 +602,7 @@ If you get any other output, there is an issue in your environment that must be
Check the parameters passed to CMake, especially the `-G` option and the path to the Wireshark sources and
the environment variables `WIRESHARK_BASE_DIR` and `CMAKE_PREFIX_PATH`.
[[ChWin32Build]]
[#ChWin32Build]
==== Build Wireshark

68
docbook/wsdg_src/WSDG_chapter_sources.adoc
View File

@ -1,8 +1,8 @@
[[ChapterSources]]
[#ChapterSources]
== Work with the Wireshark sources
[[ChSrcIntro]]
[#ChSrcIntro]
=== Introduction
@ -19,7 +19,7 @@ This chapter will not explain the source file contents in detail,
such as where to find specific functionality. This is done in
<<ChCodeOverview>>.
[[ChSrcGitRepository]]
[#ChSrcGitRepository]
=== The Wireshark Git repository
@ -50,7 +50,7 @@ Using Wiresharks GitLab project you can:
* Browse and search the source code using a web interface.
* See which person changed a specific piece of code.
[[ChSrcWebInterface]]
[#ChSrcWebInterface]
==== Git Naming Conventions
@ -79,7 +79,7 @@ If you need a quick look at the Wireshark source code you can browse the reposit
You can view commit logs, branches, and tags, find files and search the repository contents.
You can also download individual files.
[[ChSrcObtain]]
[#ChSrcObtain]
=== Obtaining The Wireshark Sources
There are two primary ways to obtain Wiresharks source code: Git and compressed .tar archives.
@ -152,7 +152,7 @@ The `--shallow-since=1year` option limits cloned commits to the last 1 year.
The `--depth=5000` option limits cloned commits to the last 5000.
--
[[ChSrcDevelopmentSnapshots]]
[#ChSrcDevelopmentSnapshots]
==== Development Snapshots
This method is useful for one-off builds or if Git is inaccessible (e.g. because of a restrictive firewall).
@ -161,7 +161,7 @@ Our GitLab CI configuration automatically generates development packages, includ
They can be found at {wireshark-snapshots-url}.
Packages are available for recent commits in the master branch and each release branch.
[[ChSrcReleased]]
[#ChSrcReleased]
==== Official Source Releases
This method is recommended for building downstream release packages.
@ -169,7 +169,7 @@ This method is recommended for building downstream release packages.
The official source releases can be found at {wireshark-download-url}.
You should use these sources if you want to build Wireshark on your platform based on an official release with minimal or no changes, such as Linux distribution packages.
[[ChSrcUpdating]]
[#ChSrcUpdating]
=== Update Your Wireshark Sources
After you've obtained the Wireshark sources for the first time,
@ -194,7 +194,7 @@ You can do so by running:
$ git pull --rebase upstream master
----
[[ChSrcBuildFirstTime]]
[#ChSrcBuildFirstTime]
=== Build Wireshark
The sources contain several documentation files. Its a good idea to read these
@ -223,7 +223,7 @@ Follow the build procedure in <<ChSetupWindows>> to build Wireshark.
After the build process has successfully finished, you should find a
`Wireshark.exe` and some other files in the `run\RelWithDebInfo` directory.
[[ChSrcRunFirstTime]]
[#ChSrcRunFirstTime]
=== Run Your Version Of Wireshark
@ -236,7 +236,7 @@ running the first time, it might be a good idea to remove the previously
installed version first.
====
[[ChSrcRunFirstTimeUnix]]
[#ChSrcRunFirstTimeUnix]
==== Unix-Like Platforms
After a successful build you can run Wireshark right from the `run` directory.
@ -252,7 +252,7 @@ Running Wireshark this way can be helpful since debugging output will be display
You can also change Wiresharks behavior by setting various environment variables.
See the {wireshark-man-page-url}wireshark.html#ENVIRONMENT-VARIABLES[ENVIRONMENT VARIABLES] section of the Wireshark man page for more details.
[[ChSrcRunFirstTimeWin32]]
[#ChSrcRunFirstTimeWin32]
==== Windows Native
By default the CMake-generated Visual {cpp} project places all of the files necessary to run Wireshark in the subdirectory `run\RelWithDebInfo`.
@ -264,10 +264,10 @@ As with the Unix-like build described above, you can run Wireshark from the buil
----
[[ChSrcDebug]]
[#ChSrcDebug]
=== Debug Your Version Of Wireshark
[[ChSrcUnixDebug]]
[#ChSrcUnixDebug]
==== Unix-Like Platforms
You can debug using command-line debuggers such as gdb, dbx, or lldb.
@ -293,13 +293,13 @@ $ cmake .. -G Ninja -DENABLE_ASAN=1
See https://developer-old.gnome.org/glib/stable/glib-running.html
[[ChSrcWin32Debug]]
[#ChSrcWin32Debug]
==== Windows Native
You can debug using the Visual Studio Debugger or WinDbg. See the section
on using the <<ChToolsDebugger, Debugger Tools>>.
[[ChSrcChange]]
[#ChSrcChange]
=== Make Changes To The Wireshark Sources
There are several reasons why you might want to change Wiresharks sources:
@ -331,7 +331,7 @@ hard to see).
// XXX - Add a section on branching.
[[ChSrcContribute]]
[#ChSrcContribute]
=== Contribute Your Changes
If you have finished changing the Wireshark sources to suit your needs, you might want to contribute your changes back to the Wireshark community.
@ -353,7 +353,7 @@ Only a few people are authorised to actually make changes to the source code (ch
If you want to submit your changes, you should upload them to the code review system at {wireshark-code-review-url}.
This requires you to set up git as described at <<ChSrcGit>>.
[[ChSrcCreatingMergeRequests]]
[#ChSrcCreatingMergeRequests]
==== Creating Merge Requests
// To do:
@ -473,7 +473,7 @@ Press it.
// https://github.com/vishwanatharondekar/gitlab-cli - Might work well for people who don't mind using NPM.
[[ChSrcUpdatingMergeRequests]]
[#ChSrcUpdatingMergeRequests]
==== Updating Merge Requests
At this point various automated tests will be run and someone will review your change.
@ -507,7 +507,7 @@ $ git push downstream HEAD
The `+` sign is shorthand for forcing the push (`-f`).
--
[[ChSrcGoodPatch]]
[#ChSrcGoodPatch]
==== Some Tips For A Good Patch
Some tips that will make the merging of your changes into Git much more likely
@ -541,7 +541,7 @@ As a result, we cant guarantee a quick turnaround time.
Wiresharks GitLab CI jobs are disabled by default for forks, but if you need to test any CI jobs you can do so under the “Pipelines” section in your repository.
For example, if your change might affect Debian (apt) packaging you can run the “build:debian-stable” job.
[[ChSrcGoodCommitMessage]]
[#ChSrcGoodCommitMessage]
==== Writing a Good Commit Message
When running `git commit`, you will be prompted to describe your change.
@ -572,7 +572,7 @@ APN field is not encoded as a dotted string so the first character is not a
length. Closes #10323.
----
[[ChSrcCodeRequirements]]
[#ChSrcCodeRequirements]
==== Code Requirements
@ -630,7 +630,7 @@ In our case fuzzing involves making random changes to capture files and feeding
There are tools available to automatically do this on any number of input files.
See {wireshark-wiki-url}FuzzTesting for details.
[[ChSrcUpload]]
[#ChSrcUpload]
////
==== Uploading your changes
@ -677,7 +677,7 @@ to the developers list asking for status. But please be patient: most if not
all of us do this in our spare time.
////
[[ChSrcBackport]]
[#ChSrcBackport]
==== Backporting A Change
:example-branch: master-3.2
@ -714,7 +714,7 @@ You can also cherry-pick changes in the https://docs.gitlab.com/ee/user/project/
////
// XXX Is this relevant any more?
[[ChSrcPatchApply]]
[#ChSrcPatchApply]
=== Apply a patch from someone else
Sometimes you need to apply a patch to your private source tree. Maybe
@ -729,7 +729,7 @@ If you have problems applying a patch, make sure the line endings (CR/LF)
of the patch and your source files match.
====
[[ChSrcPatchUse]]
[#ChSrcPatchUse]
==== Using patch
Given the file _new.diff_ containing a unified diff,
@ -779,7 +779,7 @@ that, especially if they're only patching files that exist in multiple
directories such as _CMakeLists.txt_.
////
[[ChSrcBinary]]
[#ChSrcBinary]
=== Binary Packaging
@ -787,7 +787,7 @@ Delivering binary packages makes it much easier for the end-users to
install Wireshark on their target system. This section will explain how
the binary packages are made.
[[ChSrcVersioning]]
[#ChSrcVersioning]
==== Packaging Guidelines
@ -917,7 +917,7 @@ If you have a question not addressed here, please contact
{wireshark-dev-list-email}.
[[ChSrcDeb]]
[#ChSrcDeb]
==== Debian: .deb Packages
@ -936,7 +936,7 @@ dpkg-buildpackage -b -us -uc -jauto
to build the Debian Package.
[[ChSrcRpm]]
[#ChSrcRpm]
==== Red Hat: .rpm Packages
@ -997,7 +997,7 @@ obtained by installing the _qt5-devel_ package. For a complete list of
build requirements, look for the “BuildRequires” lines in
_packaging/rpm/wireshark.spec.in_.
[[ChSrcOSX]]
[#ChSrcOSX]
==== macOS: .dmg Packages
@ -1015,7 +1015,7 @@ make dmg_package
to build the macOS Package.
[[ChSrcNSIS]]
[#ChSrcNSIS]
==== Windows: NSIS .exe Installer
@ -1046,7 +1046,7 @@ If everything went well, you will now find something like:
_wireshark-setup-{wireshark-version}.exe_ in
the _packaging/nsis_ directory in your build directory.
[[ChSrcPortableApps]]
[#ChSrcPortableApps]
==== Windows: PortableApps .paf.exe Package
@ -1082,7 +1082,7 @@ If everything went well, you will now find something like:
_WiresharkPortable64_{wireshark-version}.paf.exe_ in
the _packaging/portableapps_ directory.
[[ChSrcMimeTypes]]
[#ChSrcMimeTypes]
=== Mime Types

20
docbook/wsdg_src/WSDG_chapter_tests.adoc
View File

@ -1,6 +1,6 @@
// WSDG Chapter Tests
[[ChapterTests]]
[#ChapterTests]
== Wireshark Tests
The Wireshark sources include a collection of Python scripts that test
@ -12,7 +12,7 @@ The command line options of Wireshark and its companion command line
tools are numerous. These tests help to ensure that we don't introduce
bugs as Wireshark grows and evolves.
[[TestsQuickStart]]
[#TestsQuickStart]
=== Quick Start
The recommended steps to prepare for and to run tests:
@ -38,12 +38,12 @@ see all options. For more details, see <<ChTestsRun>>.
CMake currently runs `test/test.py` when the “test” target is built.
[[ChTestsStructure]]
[#ChTestsStructure]
=== Test suite structure
The following sections describes how the test suite is organized.
[[TestCoverage]]
[#TestCoverage]
==== Test Coverage And Availability
The testing framework can run programs and check their stdout, stderr,
@ -63,7 +63,7 @@ If a feature is unavailable, the test will be skipped. For example, if
an old version of Libgcrypt is in use, then some decryption tests will
be skipped while other tests can still run to completion.
[[TestsLayout]]
[#TestsLayout]
==== Suites, Cases, and Tests
The `test/test.py` script uses Python's “unittest” module. Our tests are
@ -76,7 +76,7 @@ capture filter test in the TShark capture command line options test case
in the command line options suite has the ID
“suite_clopts.case_tshark_capture_clopts.test_tshark_invalid_capfilter”.
[[TestsPytest]]
[#TestsPytest]
==== pytest fixtures
A test has typically additional dependencies, like the path to an
@ -105,7 +105,7 @@ Each unittest test case must be decorated with
`@fixtures.uses_fixtures` to ensure that unittest test classes can
actually request fixture dependencies.
[[ChTestsRun]]
[#ChTestsRun]
=== Listing And Running Tests
Tests can be run via the `test/test.py` Python script. To run all tests,
@ -157,7 +157,7 @@ $ python3 test/test.py suite_clopts
Run `python3 test/test.py --help` for all available options.
[[ChTestsRunPytest]]
[#ChTestsRunPytest]
=== Listing And Running Tests (pytest)
Tests can also be run with https://pytest.org/[pytest]. Advantages include finer
@ -233,7 +233,7 @@ Note that with the option `--pdb`, stray processes are not killed on
test failures since the `SubprocessTestCase.tearDown` method is not
executed. This limitation might be addressed in the future.
[[ChTestsDevelop]]
[#ChTestsDevelop]
=== Adding Or Modifying Built-In Tests
Tests must be in a Python module whose name matches “suite_*.py”. The
@ -302,7 +302,7 @@ be unique for each test. “subprocesstest.filename_from_id” can be used
to generate a filename based on the current test name. It also ensures
that the file will be automatically removed after the test has run.
[[ChTestsExternal]]
[#ChTestsExternal]
=== Adding Or Modifying External Tests
You can test the dissection of files outside the Wireshark source code repository by using the external test generator, which creates tests using a JSON configuration file.

68
docbook/wsdg_src/WSDG_chapter_tools.adoc
View File

@ -1,10 +1,10 @@
// WSDG Chapter Tools
[[ChapterTools]]
[#ChapterTools]
== Tool Reference
[[ChToolsIntro]]
[#ChToolsIntro]
=== Introduction
@ -43,7 +43,7 @@ for the UNIX based tools with `**toolname** --help` or the man page via `man
You will find explanations of the tool usage for some of the specific
development tasks in <<ChapterSources>>.
[[ChToolsChocolatey]]
[#ChToolsChocolatey]
=== Chocolatey
Chocolatey is a Windows package manager that can be used to install (and update)
@ -73,7 +73,7 @@ python.org.
Other package managers for Windows include the https://docs.microsoft.com/en-us/windows/package-manager/[Windows Package Manager (winget)] and https://scoop.sh/[Scoop].
As of January 2022 neither option provides all of the packages we require, but that might change in the future.
[[ChToolsCMake]]
[#ChToolsCMake]
=== CMake
@ -144,11 +144,11 @@ Useful variables: https://gitlab.kitware.com/cmake/community/wikis/doc/cmake/Use
Frequently Asked Questions: https://gitlab.kitware.com/cmake/community/wikis/FAQ
[[ChToolsGNUChain]]
[#ChToolsGNUChain]
=== GNU Compiler Toolchain (UNIX And UNIX-like Platforms)
[[ChToolsGCC]]
[#ChToolsGCC]
==== gcc (GNU Compiler Collection)
@ -178,7 +178,7 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Your version string may vary, of course.
[[ChToolsGDB]]
[#ChToolsGDB]
==== gdb (GNU Project Debugger)
@ -212,7 +212,7 @@ There is NO WARRANTY, to the extent permitted by law.
Your version string may vary, of course.
[[ChToolsGNUmake]]
[#ChToolsGNUmake]
==== make (GNU Make)
@ -263,7 +263,7 @@ available as a package for your platform, you can get it from:
https://ninja-build.org. You can download the source code or binaries
for Linux, macOS, and Windows (we have not tested Ninja on Windows).
[[ChToolsMSChain]]
[#ChToolsMSChain]
=== Microsoft compiler toolchain (Windows native)
@ -395,7 +395,7 @@ However, the version string may vary.
Documentation on the linker can be found at
https://docs.microsoft.com/en-us/cpp/build/reference/linking?view=vs-2019[Microsoft Docs]
[[msvc-runtime-redistributable]]
[#msvc-runtime-redistributable]
==== Visual {cpp} Runtime “Redistributable” Files
@ -445,7 +445,7 @@ include new and updated APIs.
When you purchase a commercial Visual Studio or use the Community
Edition, it will include an SDK.
[[ChToolsDocumentationToolchain]]
[#ChToolsDocumentationToolchain]
=== Documentation Toolchain
Wiresharks documentation is split across two directories.
@ -492,7 +492,7 @@ These are available via installable packages on most Linux distributions, Chocol
http://xmlsoft.org/xslt/[xsltproc] converts DocBook XML to various formats based on XSL stylesheets.
It either ships as part of the operating system or is available via an installable package on most Linux distributions, Chocolatey, and Homebrew.
[[ChToolsDebugger]]
[#ChToolsDebugger]
=== Debugger
@ -501,7 +501,7 @@ Using a good debugger can save you a lot of development time.
The debugger you use must match the C compiler Wireshark was compiled with,
otherwise the debugger will simply fail or you will only see a lot of garbage.
[[ChToolsMSVCDebugger]]
[#ChToolsMSVCDebugger]
==== Visual Studio Integrated Debugger
@ -544,7 +544,7 @@ order of statements can jump around.
If you require a non-optimised version, then build using a debug configuration.
[[ChToolsMSDebuggingTools]]
[#ChToolsMSDebuggingTools]
==== Debugging Tools For Windows
@ -574,13 +574,13 @@ If you require a non-optimised version, then build using a debug configuration,
*`msbuild /m /p:Configuration=Debug Wireshark.sln`*. The build products will be found
in C:\Development\wsbuild64\run\Debug\.
[[ChToolsBash]]
[#ChToolsBash]
=== bash
The bash shell is needed to run several shell scripts.
[[ChToolsGNUBash]]
[#ChToolsGNUBash]
[discrete]
==== Unix
@ -606,7 +606,7 @@ Copyright (C) 2016 Free Software Foundation, Inc.
Your version string will likely vary.
[[ChToolsPython]]
[#ChToolsPython]
=== Python
@ -653,7 +653,7 @@ Python 3.5.1
Your version string may vary of course.
[[ChToolsPerl]]
[#ChToolsPerl]
=== Perl
@ -663,7 +663,7 @@ https://www.perl.org[]. Perl is used to convert
various text files into usable source code. Perl version 5.6
and above should work fine.
[[ChToolsUnixPerl]]
[#ChToolsUnixPerl]
[discrete]
==== Unix
@ -698,7 +698,7 @@ Internet, point your browser at http://www.perl.org/, the Perl Home Page.
However, the version string may vary.
[[ChToolsWindowsPerl]]
[#ChToolsWindowsPerl]
[discrete]
==== Windows
@ -742,14 +742,14 @@ Built 18:08:02 Feb 4 2003
However, the version string may vary.
[[ChToolsFlex]]
[#ChToolsFlex]
=== Flex
Flex is a lexical analyzer generator used for Wiresharks display filters, some
file formats, and other features.
[[ChToolsUnixFlex]]
[#ChToolsUnixFlex]
[discrete]
==== Unix
@ -775,7 +775,7 @@ flex version 2.5.4
Your version string may vary.
[[ChToolsWindowsFlex]]
[#ChToolsWindowsFlex]
[discrete]
==== Windows
@ -793,7 +793,7 @@ Native packages are available from other sources such as
http://gnuwin32.sourceforge.net/packages/flex.htm[GnuWin]. They aren't
officially supported but _should_ work.
[[ChToolsGit]]
[#ChToolsGit]
=== Git client
@ -809,7 +809,7 @@ the different ways to obtain the Wireshark sources, see <<ChSrcObtain>>.
You will find more instructions in <<ChSrcGit>> on how to use the Git
client.
[[ChToolsUnixGit]]
[#ChToolsUnixGit]
[discrete]
==== Unix
@ -833,7 +833,7 @@ git version 2.14.1
Your version will likely be different.
[[ChToolsWindowsGit]]
[#ChToolsWindowsGit]
[discrete]
==== Windows
@ -862,7 +862,7 @@ git version 2.16.1.windows.1
However, the version string may vary.
[[ChToolsGitPowerShellExtensions]]
[#ChToolsGitPowerShellExtensions]
=== Git Powershell Extensions (Optional)
@ -875,7 +875,7 @@ copy status. You can install it using Chocolatey:
PS:\> choco install poshgit
----
[[ChToolsGitGUI]]
[#ChToolsGitGUI]
=== Git GUI Client (Optional)
@ -886,7 +886,7 @@ https://git-scm.com/downloads/guis[] for details.
// [[ChToolsUnixGitGUI]]
// XXX Add Gui client section
[[ChToolsPatch]]
[#ChToolsPatch]
=== patch (Optional)
@ -900,7 +900,7 @@ handle patches for you.
// You will find more instructions in <<ChSrcPatchApply>>on how to use the patch tool.
[[ChToolsUnixPatch]]
[#ChToolsUnixPatch]
[discrete]
==== Unix
@ -934,7 +934,7 @@ written by Larry Wall and Paul Eggert
However, the version string may vary.
[[ChToolsWindowsPatch]]
[#ChToolsWindowsPatch]
[discrete]
==== Windows
@ -943,7 +943,7 @@ The Windows native Git tools provide patch. A native Windows patch package can b
http://gnuwin32.sourceforge.net/[]. The
installation should be straightforward.
[[ChToolsNSIS]]
[#ChToolsNSIS]
=== Windows: NSIS (Optional)
@ -963,7 +963,7 @@ PS$> choco install nsis
You can find more instructions on using NSIS in <<ChSrcNSIS>>.
[[ChToolsWiX]]
[#ChToolsWiX]
=== Windows: WiX Toolset (Optional)
@ -979,7 +979,7 @@ This also requires the Visual C++ redistributable merge modules, which can be in
Wiresharks .msi packaging is currently experimental and the generated packages may be incomplete.
[[ChToolsPortableApps]]
[#ChToolsPortableApps]
=== Windows: PortableApps (Optional)
The PortableApps.com Installer is used to generate

10
docbook/wsdg_src/WSDG_chapter_userinterface.adoc
View File

@ -1,10 +1,10 @@
// WSDG Chapter User Interface
[[ChapterUserInterface]]
[#ChapterUserInterface]
== User Interface
[[ChUIIntro]]
[#ChUIIntro]
=== Introduction
@ -21,7 +21,7 @@ development team:
This chapter is focused on the Wireshark frontend, and especially on
the Qt interface.
[[ChUIQt]]
[#ChUIQt]
=== The Qt Application Framework
@ -179,7 +179,7 @@ this safely].
Tapping usually involves declaring static methods for callbacks, passing `this`
as the tap data.
[[ChUII18N]]
[#ChUII18N]
===== Internationalization and Translation
Qt provides a convenient method for translating text: `Qobject::tr()`,
@ -280,7 +280,7 @@ _plugins/epan/pluginifdemo_.
https://www.kdab.com/development-resources/qt-tools/gammaray/[GammaRay] lets you inspect
the internals of a running Qt application similar to $$Spy++$$ on Windows.
[[ChUIGUIDocs]]
[#ChUIGUIDocs]
=== Human Interface Reference Documents

14
docbook/wsdg_src/WSDG_chapter_works.adoc
View File

@ -1,22 +1,22 @@
// WSDG Chapter Works
[[ChapterWorks]]
[#ChapterWorks]
== How Wireshark Works
[[ChWorksIntro]]
[#ChWorksIntro]
=== Introduction
This chapter will give you a short overview of how Wireshark works.
[[ChWorksOverview]]
[#ChWorksOverview]
=== Overview
The following will give you a simplified overview of Wiresharks function blocks:
[[ChWorksFigOverview]]
[#ChWorksFigOverview]
.Wireshark function blocks
image::wsdg_graphics/ws-function-blocks.png[{pdf-scaledwidth}]
@ -61,7 +61,7 @@ significantly different mechanism. Thats why there are different display and
capture filter syntaxes.
[[ChWorksCapturePackets]]
[#ChWorksCapturePackets]
=== Capturing packets
@ -78,7 +78,7 @@ and Npcap (see <<ChLibsPcap>>) libraries are used. These libraries provide a
general purpose interface to capture packets and are used by a wide variety of
applications.
[[ChWorksCaptureFiles]]
[#ChWorksCaptureFiles]
=== Capture Files
@ -90,7 +90,7 @@ Wireshark's wiretap library, which provides a general purpose interface for
reading and writing packet capture formats and supports more than twenty
packet capture formats.
[[ChWorksDissectPackets]]
[#ChWorksDissectPackets]
=== Dissect packets

14
docbook/wsdg_src/WSDG_preface.adoc
View File

@ -1,8 +1,8 @@
[[Preface]]
[#Preface]
["preface",id="Preface"]
== Preface
[[PreForeword]]
[#PreForeword]
=== Foreword
@ -23,7 +23,7 @@ source code.
We hope that you find this book useful, and look forward to your comments.
[[PreAudience]]
[#PreAudience]
=== Who should read this document?
@ -38,7 +38,7 @@ By reading this book, you will learn how to develop Wireshark. It will
hopefully guide you around some common problems that frequently appear for
new (and sometimes even advanced) developers of Wireshark.
[[PreAck]]
[#PreAck]
=== Acknowledgements
@ -60,7 +60,7 @@ helpful feedback on this document:
And of course a big thank you to the many, many contributors of the
Wireshark development community!
[[PreAbout]]
[#PreAbout]
=== About this document
@ -70,14 +70,14 @@ and updated for later versions of Visual Studio by various contributors.
It is written in AsciiDoc.
[[PreDownload]]
[#PreDownload]
=== Where to get the latest copy of this document?
The latest copy of this documentation can always be found at
{wireshark-developers-guide-url}.
[[PreFeedback]]
[#PreFeedback]
=== Providing feedback about this document

48
docbook/wsluarm.adoc
View File

@ -1,11 +1,11 @@
[[wsluarm]]
[#wsluarm]
// Attributes
:build_dir: .
== Lua Support in Wireshark
[[wsluarm_intro]]
[#wsluarm_intro]
=== Introduction
@ -41,7 +41,7 @@ Wireshark for Windows uses a modified Lua runtime
support Unicode (UTF-8) filesystem paths. This brings consistency with other
platforms (for example, Linux and macOS).
[[wslua_menu_example]]
[#wslua_menu_example]
=== Example: Creating a Menu with Lua
@ -75,7 +75,7 @@ end
----
[[wslua_dissector_example]]
[#wslua_dissector_example]
=== Example: Dissector written in Lua
@ -146,7 +146,7 @@ wtap_encap_table:add(wtap.USER12, p_multi)
udp_encap_table:add(7555, p_multi)
----
[[wslua_tap_example]]
[#wslua_tap_example]
=== Example: Listener written in Lua
@ -206,7 +206,7 @@ end
register_menu("Test/Packets", menuable_tap, MENU_TOOLS_UNSORTED)
----
[[wsluarm_modules]]
[#wsluarm_modules]
== Wiresharks Lua API Reference Manual
@ -248,7 +248,7 @@ include::{build_dir}/wsluarm_src/wslua_util.adoc[]
include::{build_dir}/wsluarm_src/wslua_int64.adoc[]
include::{build_dir}/wsluarm_src/wslua_struct.adoc[]
[[lua_module_GRegex]]
[#lua_module_GRegex]
=== GLib Regular Expressions
@ -295,7 +295,7 @@ The GLib Regular expression syntax (which is essentially PCRE syntax) can be
found at
https://developer-old.gnome.org/glib/stable/glib-regex-syntax.html[]
[[lua_class_GRegex]]
[#lua_class_GRegex]
==== GRegex
@ -303,7 +303,7 @@ GLib Regular Expressions based on PCRE.
Since: 1.11.3
[[lua_class_GRegex_notes]]
[#lua_class_GRegex_notes]
===== Notes
@ -348,7 +348,7 @@ characters stand for compilation flags. Combinations of the following characters
that they are not greedy by default, but become greedy if followed by “?”.
It can also be set by a “(?U)” option setting within the pattern.
[[lua_fn_GRegex_new_pattern_]]
[#lua_fn_GRegex_new_pattern_]
===== GRegex.new(pattern)
@ -374,7 +374,7 @@ The compiled regular expression (a userdata object)
* A malformed pattern generates a Lua error
[[lua_fn_GRegex_flags__table__]]
[#lua_fn_GRegex_flags__table__]
===== GRegex.flags([table])
@ -398,7 +398,7 @@ table (optional):: A table for placing results into
A table filled with the results.
[[lua_fn_GRegex_compile_flags__table__]]
[#lua_fn_GRegex_compile_flags__table__]
===== GRegex.compile_flags([table])
@ -420,7 +420,7 @@ table (optional):: A table for placing results into
A table filled with the results.
[[lua_fn_GRegex_match_flags__table__]]
[#lua_fn_GRegex_match_flags__table__]
===== GRegex.match_flags([table])
@ -441,7 +441,7 @@ table (optional):: A table for placing results into
A table filled with the results.
[[lua_fn_GRegex_match_subject__pattern___init____cf____ef__]]
[#lua_fn_GRegex_match_subject__pattern___init____cf____ef__]
===== GRegex.match(subject, pattern, [init], [cf], [ef])
@ -472,7 +472,7 @@ in the pattern. false is returned for sub-patterns that did not participate in
the match. If the pattern specified no captures then the whole matched substring
is returned. On failure, returns nil.
[[lua_fn_GRegex_find_subject__pattern___init____cf____ef__]]
[#lua_fn_GRegex_find_subject__pattern___init____cf____ef__]
===== GRegex.find(subject, pattern, [init], [cf], [ef])
@ -503,7 +503,7 @@ the match (a number), and all substring matches ("captures"), in the order they
appear in the pattern. false is returned for sub-patterns that did not
participate in the match. On failure, returns nil.
[[lua_fn_GRegex_gmatch_subject__pattern___init____cf____ef__]]
[#lua_fn_GRegex_gmatch_subject__pattern___init____cf____ef__]
===== GRegex.gmatch(subject, pattern, [init], [cf], [ef])
@ -536,7 +536,7 @@ match), it returns all captures in the order they appear in the pattern (or the
entire match if the pattern specified no captures). The iteration will continue
till the subject fails to match.
[[lua_fn_GRegex_gsub_subject__pattern___repl____max____cf____ef__]]
[#lua_fn_GRegex_gsub_subject__pattern___repl____max____cf____ef__]
===== GRegex.gsub(subject, pattern, [repl], [max], [cf], [ef])
@ -570,7 +570,7 @@ ef (optional):: Match execution flags (bitwise OR)
On success, returns the subject string with the substitutions made, the number
of matches found, and the number of substitutions made.
[[lua_fn_GRegex_split_subject__sep___cf____ef__]]
[#lua_fn_GRegex_split_subject__sep___cf____ef__]
===== GRegex.split(subject, sep, [cf], [ef])
@ -605,7 +605,7 @@ captures). If there is no match (this can occur only in the last iteration),
then nothing is returned after the subject section. The iteration will continue
till the end of the subject.
[[lua_fn_GRegex_version__]]
[#lua_fn_GRegex_version__]
===== GRegex.version()
@ -618,7 +618,7 @@ Since: 1.11.3
The version string
[[lua_fn_gregex_match_subject___init____ef__]]
[#lua_fn_gregex_match_subject___init____ef__]
===== gregex:match(subject, [init], [ef])
@ -644,7 +644,7 @@ in the pattern. false is returned for sub-patterns that did not participate in
the match. If the pattern specified no captures then the whole matched substring
is returned. nil is returned if the pattern did not match.
[[lua_fn_gregex_find_subject___init____ef__]]
[#lua_fn_gregex_find_subject___init____ef__]
===== gregex:find(subject, [init], [ef])
@ -670,7 +670,7 @@ the match (a number), and all substring matches ("captures"), in the order they
appear in the pattern. false is returned for sub-patterns that did not
participate in the match. On failure, returns nil.
[[lua_fn_gregex_exec_subject___init____ef__]]
[#lua_fn_gregex_exec_subject___init____ef__]
===== gregex:exec(subject, [init], [ef])
@ -699,7 +699,7 @@ participate in the match. On failure, returns nil. Example: If the whole match
is at offsets 10,20 and substring matches are at offsets 12,14 and 16,19 then
the function returns the following: 10, 20, { 12,14,16,19 }.
[[lua_fn_gregex_dfa_exec_subject___init____ef__]]
[#lua_fn_gregex_dfa_exec_subject___init____ef__]
===== gregex:dfa_exec(subject, [init], [ef])
@ -727,7 +727,7 @@ Example: If there are 3 matches found starting at offset 10 and ending at
offsets 15, 20 and 25 then the function returns the following: 10, { 25,20,15 },
3
[[lua_fn_gregex___tostring__]]
[#lua_fn_gregex___tostring__]
===== gregex:__tostring()

24
docbook/wsug_src/WSUG_app_files.adoc
View File

@ -1,11 +1,11 @@
// WSUG Appendix Files
[[AppFiles]]
[#AppFiles]
[appendix]
== Files and Folders
[[ChAppFilesCaptureFilesSection]]
[#ChAppFilesCaptureFilesSection]
=== Capture Files
@ -29,7 +29,7 @@ In addition to the libpcap format, Wireshark supports several different capture
file formats. However, the problems described above also applies for these
formats.
[[ChIOFileContentSection]]
[#ChIOFileContentSection]
==== Libpcap File Contents
@ -51,7 +51,7 @@ The following data is saved for each packet:
A detailed description of the libpcap file format can be found at
https://gitlab.com/wireshark/wireshark/-/wikis/Development/LibpcapFileFormat
[[ChIOFileNotContentSection]]
[#ChIOFileNotContentSection]
==== Not Saved in the Capture File
@ -74,7 +74,7 @@ cant. Other file formats have varying levels of support.
* The current display filter
[[ChConfigurationPluginFolders]]
[#ChConfigurationPluginFolders]
=== Configuration File and Plugin Folders
@ -120,7 +120,7 @@ bundled with the system (for example, provided as a package with a Linux
distribution) and _/usr/local_ if, for example, youve build Wireshark
from source and installed it.
[[ChAppFilesConfigurationSection]]
[#ChAppFilesConfigurationSection]
=== Configuration Files
@ -154,7 +154,7 @@ global configuration folder is _INSTALLDIR/share/wireshark_.
actually used on your system may vary, maybe something like:
_/usr/local/etc_.
[[AppFilesTabFolders]]
[#AppFilesTabFolders]
.Configuration files overview
[options="header"]
|===
@ -540,7 +540,7 @@ The settings from this file are read in at program start or when changing
the active profile and are never written by Wireshark.
--
[[ChPluginFolders]]
[#ChPluginFolders]
=== Plugin folders
@ -582,7 +582,7 @@ application bundle, the global plugin folder is
_%APPDIR%/Contents/PlugIns/wireshark_, otherwise its
_INSTALLDIR/lib/wireshark/plugins_.
[[ChWindowsFolder]]
[#ChWindowsFolder]
=== Windows folders
@ -592,7 +592,7 @@ Windows versions.
As already mentioned, you can find the currently used folders in the “About
Wireshark” dialog.
[[ChWindowsProfiles]]
[#ChWindowsProfiles]
==== Windows profiles
@ -617,7 +617,7 @@ Windows XP and Windows Server 2003 footnote:historical[No longer supported by Wi
_C:\Documents and Settings{backslash}**username**\Application Data_. “Documents and
Settings” and “Application Data” might be internationalized.
[[ChWindowsRoamingProfiles]]
[#ChWindowsRoamingProfiles]
==== Windows roaming profiles
@ -631,7 +631,7 @@ _C:\Documents and Settings{backslash}**username**\Local Settings_) will not be
transferred to the domain server. This is the default for temporary capture
files.
[[ChWindowsTempFolder]]
[#ChWindowsTempFolder]
==== Windows temporary folder

2
docbook/wsug_src/WSUG_app_howitworks.adoc
View File

@ -1,6 +1,6 @@
// WSUG Appendix How it Works
[[AppHowItWorks]]
[#AppHowItWorks]
[appendix]
== How Wireshark Works

6
docbook/wsug_src/WSUG_app_messages.adoc
View File

@ -1,6 +1,6 @@
// WSUG Appendix Messages
[[AppMessages]]
[#AppMessages]
[appendix]
== Wireshark Messages
@ -9,7 +9,7 @@ Wireshark provides you with additional information generated out of the plain
packet data or it may need to indicate dissection problems. Messages generated
by Wireshark are usually placed in square brackets (“[]”).
[[AppMessagesList]]
[#AppMessagesList]
=== Packet List Messages
@ -52,7 +52,7 @@ was simply running out of packet bytes and had to give up. Theres nothing els
you can do now, except to repeat the whole capture process again with a higher
(or no) packet size limitation.
[[AppMessagesDetails]]
[#AppMessagesDetails]
=== Packet Details Messages

2
docbook/wsug_src/WSUG_app_protocols.adoc
View File

@ -1,6 +1,6 @@
// WSUG Appendix Protocols
[[AppProtocols]]
[#AppProtocols]
[appendix]
== Protocols and Protocol Fields

44
docbook/wsug_src/WSUG_app_tools.adoc
View File

@ -1,11 +1,11 @@
// WSUG Appendix Tools
[[AppTools]]
[#AppTools]
[appendix]
== Related command line tools
[[AppToolsIntroduction]]
[#AppToolsIntroduction]
=== Introduction
@ -15,7 +15,7 @@ these tools are described in this chapter. You can find more
information about all of Wiresharks command line tools on
link:{wireshark-man-page-url}[the web site].
[[AppToolstshark]]
[#AppToolstshark]
=== __tshark__: Terminal-based Wireshark
@ -25,13 +25,13 @@ available. It supports the same options as `wireshark`. For more information on
`tshark` consult your local manual page (`man tshark`) or
link:{wireshark-man-page-url}tshark.html[the online version].
[[AppToolstsharkEx]]
[#AppToolstsharkEx]
.Help information available from `tshark`
----
include::tshark-h.txt[]
----
[[AppToolstcpdump]]
[#AppToolstcpdump]
=== __tcpdump__: Capturing with “tcpdump” for viewing with Wireshark
@ -55,7 +55,7 @@ believe you have captured enough packets.
For more information on `tcpdump` consult your local manual page (`man
tcpdump`) or link:{tcpdump-man-page-url}[the online version].
[[AppToolsdumpcap]]
[#AppToolsdumpcap]
=== __dumpcap__: Capturing with “dumpcap” for viewing with Wireshark
@ -70,13 +70,13 @@ capture filter syntax follows the rules of the pcap library. For more
information on `dumpcap` consult your local manual page (`man dumpcap`)
or link:{wireshark-man-page-url}dumpcap.html[the online version].
[[AppToolsdumpcapEx]]
[#AppToolsdumpcapEx]
.Help information available from `dumpcap`
----
include::dumpcap-h.txt[]
----
[[AppToolscapinfos]]
[#AppToolscapinfos]
=== __capinfos__: Print information about capture files
@ -87,13 +87,13 @@ more information on `capinfos` consult your local manual page (`man
capinfos`) or link:{wireshark-man-page-url}capinfos.html[the online
version].
[[AppToolscapinfosEx]]
[#AppToolscapinfosEx]
.Help information available from `capinfos`
----
include::capinfos-h.txt[]
----
[[AppToolsrawshark]]
[#AppToolsrawshark]
=== __rawshark__: Dump and analyze network traffic.
@ -103,13 +103,13 @@ each packet on stdout. For more information on `rawshark` consult your
local manual page (`man rawshark`) or
link:{wireshark-man-page-url}rawshark.html[the online version].
[[AppToolsrawsharkEx]]
[#AppToolsrawsharkEx]
.Help information available from `rawshark`
----
include::rawshark-h.txt[]
----
[[AppToolseditcap]]
[#AppToolseditcap]
=== __editcap__: Edit capture files
@ -120,26 +120,26 @@ to print information about capture files. For more information on
`editcap` consult your local manual page (`man editcap`) or
link:{wireshark-man-page-url}editcap.html[the online version].
[[AppToolseditcapEx]]
[#AppToolseditcapEx]
.Help information available from editcap
----
include::editcap-h.txt[]
----
[[AppToolseditcapEx1]]
[#AppToolseditcapEx1]
.Capture file types available from `editcap -F`
----
include::editcap-F.txt[]
----
[[AppToolseditcapEx2]]
[#AppToolseditcapEx2]
.Encapsulation types available from `editcap -T`
----
include::editcap-T.txt[]
----
[[AppToolsmergecap]]
[#AppToolsmergecap]
=== __mergecap__: Merging multiple capture files into one
@ -192,7 +192,7 @@ For more information on `mergecap` consult your local manual page (`man
mergecap`) or link:{wireshark-man-page-url}mergecap.html[the online
version].
[[AppToolsmergecapEx]]
[#AppToolsmergecapEx]
.Help information available from `mergecap`
----
include::mergecap-h.txt[]
@ -201,13 +201,13 @@ include::mergecap-h.txt[]
A simple example merging `dhcp-capture.pcapng` and `imap-1.pcapng` into
`outfile.pcapng` is shown below.
[[AppToolsmergecapExSimple]]
[#AppToolsmergecapExSimple]
.Simple example of using mergecap
----
$ mergecap -w outfile.pcapng dhcp-capture.pcapng imap-1.pcapng
----
[[AppToolstext2pcap]]
[#AppToolstext2pcap]
=== __text2pcap__: Converting ASCII hexdumps to network captures
@ -275,14 +275,14 @@ For more information on `text2pcap` consult your local manual page (`man
text2pcap`) or link:{wireshark-man-page-url}text2pcap.html[the online
version].
[[AppToolstext2pcapEx]]
[#AppToolstext2pcapEx]
.Help information available from text2pcap
----
include::text2pcap-h.txt[]
----
[[AppToolsreordercap]]
[#AppToolsreordercap]
=== __reordercap__: Reorder a capture file
@ -291,7 +291,7 @@ timestamp. For more information on `reordercap` consult your local
manual page (`man reordercap`) or
link:{wireshark-man-page-url}reordercap.html[the online version].
[[AppToolsreordercapEx]]
[#AppToolsreordercapEx]
.Help information available from reordercap
----
include::reordercap-h.txt[]

46
docbook/wsug_src/WSUG_chapter_advanced.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter Advanced
[[ChapterAdvanced]]
[#ChapterAdvanced]
== Advanced Topics
[[ChAdvIntroduction]]
[#ChAdvIntroduction]
=== Introduction
@ -37,7 +37,7 @@ particular stream. Closing the dialog with the “Back” button will reset
the display filter if this behavior is not desired.
====
[[ChAdvFollowStream]]
[#ChAdvFollowStream]
.The “Follow TCP Stream” dialog box
image::wsug_graphics/ws-follow-stream.png[{screenshot-attrs}]
@ -196,7 +196,7 @@ image::wsug_graphics/ws-follow-sip-stream.png[{screenshot-attrs}]
The SIP call is shown with same dialog, just filter is based on sip.Call-ID
field. Count of streams is fixed to 0 and the field is disabled.
[[ChAdvShowPacketBytes]]
[#ChAdvShowPacketBytes]
=== Show Packet Bytes
@ -270,7 +270,7 @@ menu:YAML[]:: This will show the bytes as a YAML binary dump.
You can search for text by entering it in the “Find” entry box and
pressing btn:[Find Next].
[[ChAdvExpert]]
[#ChAdvExpert]
=== Expert Information
@ -290,13 +290,13 @@ While dissectors for some common protocols like TCP and IP will show detailed in
The following describes the components of a single expert information entry along with the expert user interface.
[[ChAdvExpertInfoEntries]]
[#ChAdvExpertInfoEntries]
==== Expert Information Entries
Expert information entries are grouped by severity level (described below) and contain the following:
[[ChAdvTabExpertInfoEntries]]
[#ChAdvTabExpertInfoEntries]
.Example expert information items
[options="header"]
@ -307,7 +307,7 @@ Expert information entries are grouped by severity level (described below) and c
|443|TCP: 80 → 59322 [RST] Seq=12761 Win=0 Len=0|Sequence|TCP
|===
[[ChAdvExpertSeverity]]
[#ChAdvExpertSeverity]
===== Severity
@ -327,7 +327,7 @@ Warnings, e.g. application returned an unusual error code like a connection prob
Error [white red-background]#(red)#::
Serious problems, such as malformed packets.
[[ChAdvExpertGroup]]
[#ChAdvExpertGroup]
===== Summary
@ -385,15 +385,15 @@ Dissection incomplete or data cant be decoded for other reasons.
Its possible that more groups will be added in the future.
[[ChAdvExpertProtocol]]
[#ChAdvExpertProtocol]
===== Protocol
The protocol dissector that created the expert information item.
[[ChAdvExpertSummary]]
[#ChAdvExpertSummary]
[[ChAdvExpertDialog]]
[#ChAdvExpertDialog]
==== The “Expert Information” Dialog
@ -449,7 +449,7 @@ Closes the dialog
// have all entries in the sequence as they appeared, this is sometimes a help to
// pinpoint problems.
[[ChAdvExpertColorizedTree]]
[#ChAdvExpertColorizedTree]
==== “Colorized” Protocol Details Tree
@ -462,7 +462,7 @@ This color is propagated to the top-level protocol item in the tree in order to
For the example screenshot above, the IP “Time to live” value is very low (only 1), so the corresponding protocol field is marked with a cyan background.
To make it easier find that item in the packet tree, the IP protocol toplevel item is marked cyan as well.
[[ChAdvExpertColumn]]
[#ChAdvExpertColumn]
==== “Expert” Packet List Column (Optional)
@ -474,7 +474,7 @@ displays the most significant severity of a packet or stays empty if everything
seems OK. This column is not displayed by default but can be easily added using
the Preferences Columns page described in <<ChCustPreferencesSection>>.
[[ChAdvTCPAnalysis]]
[#ChAdvTCPAnalysis]
=== TCP Analysis
@ -719,7 +719,7 @@ data transfer will be found with a longer filter as closing a connection can be
associated with FIN or RST packets, or even both :
'tcp.completeness==31 or tcp.completeness==47 or tcp.completeness==63'
[[ChAdvTimestamps]]
[#ChAdvTimestamps]
=== Time Stamps
@ -792,7 +792,7 @@ accuracy.
// (XXX - are there any such NICs that generate time stamps on the USB
// hardware?)
[[ChAdvTimezones]]
[#ChAdvTimezones]
=== Time Zones
@ -929,7 +929,7 @@ done correctly; the conversion back to local time for display might undo this
correctly, in which case the arrival time will be displayed as the arrival time
in which the packet was captured.
[[ChAdvTabTimezones]]
[#ChAdvTabTimezones]
.Time zone examples for UTC arrival times (without DST)
[options="header"]
@ -958,7 +958,7 @@ to find out the time zone/DST difference between the two local times and
“mentally adjust” the time stamps accordingly. In any case, make sure that
every computer in question has the correct time and time zone setting.
[[ChAdvReassemblySection]]
[#ChAdvReassemblySection]
=== Packet Reassembly
@ -987,7 +987,7 @@ corresponding packets of this chunk, and will show the combined data as
additional tabs in the “Packet Bytes” pane (for information about this pane.
See <<ChUsePacketBytesPaneSection>>).
[[ChAdvWiresharkBytesPaneTabs]]
[#ChAdvWiresharkBytesPaneTabs]
.The “Packet Bytes” pane with a reassembled tab
image::wsug_graphics/ws-bytes-pane-tabs.png[{screenshot-attrs}]
@ -1018,7 +1018,7 @@ settings for a protocol typically requires two things:
The tooltip of the higher level protocol setting will notify you if and which
lower level protocol setting also has to be considered.
[[ChAdvReassemblyTcp]]
[#ChAdvReassemblyTcp]
==== TCP Reassembly
@ -1078,7 +1078,7 @@ Regardless of the setting of these two reassembly-related preferences, you can
always use the “Follow TCP Stream” option (<<ChAdvFollowStreamSection>>) which
displays segments in the expected order.
[[ChAdvNameResolutionSection]]
[#ChAdvNameResolutionSection]
=== Name Resolution
@ -1183,7 +1183,7 @@ To get a node name for a SS7 point code a ss7pcs file can be used.
// XXX - mention the role of the /etc/services file (but dont forget the files and folders section)!
[[ChAdvChecksums]]
[#ChAdvChecksums]
=== Checksums

36
docbook/wsug_src/WSUG_chapter_build_install.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter BuildInstall
[[ChapterBuildInstall]]
[#ChapterBuildInstall]
== Building and Installing Wireshark
[[ChBuildInstallIntro]]
[#ChBuildInstallIntro]
=== Introduction
@ -32,7 +32,7 @@ The general steps are the following:
. Install the binaries into their final destinations.
[[ChBuildInstallDistro]]
[#ChBuildInstallDistro]
=== Obtaining the source and binary distributions
@ -55,7 +55,7 @@ This is covered in detail below.
// Windows
//
[[ChBuildInstallWinInstall]]
[#ChBuildInstallWinInstall]
=== Installing Wireshark under Windows
@ -69,7 +69,7 @@ Official packages are signed by the *Wireshark Foundation, Inc.*.
You can choose to install several optional components and select the location of the installed package.
The default settings are recommended for most users.
[[ChBuildInstallWinComponents]]
[#ChBuildInstallWinComponents]
==== Installation Components
@ -111,7 +111,7 @@ On the _Choose Components_ page of the installer you can select from the followi
most dialogs will require an internet connection to show help pages if the
Users Guide is not installed locally.
[[ChBuildInstallWinAdditionalTasks]]
[#ChBuildInstallWinAdditionalTasks]
==== Additional Tasks
@ -123,7 +123,7 @@ On the _Choose Components_ page of the installer you can select from the followi
* *Associate file extensions to Wireshark* - Associate standard network trace files to Wireshark.
[[ChBuildInstallWinLocation]]
[#ChBuildInstallWinLocation]
==== Install Location
@ -131,7 +131,7 @@ By default Wireshark installs into `%ProgramFiles%\Wireshark` on 32-bit Windows
and `%ProgramFiles64%\Wireshark` on 64-bit Windows. This expands to `C:\Program
Files\Wireshark` on most systems.
[[ChBuildInstallNpcap]]
[#ChBuildInstallNpcap]
==== Installing Npcap
@ -146,7 +146,7 @@ For more information about Npcap see {npcap-main-url} and
{wireshark-wiki-url}Npcap.
[[ChBuildInstallWinWiresharkCommandLine]]
[#ChBuildInstallWinWiresharkCommandLine]
==== Windows installer command line options
@ -191,7 +191,7 @@ Example:
Running the installer without any parameters shows the normal interactive installer.
[[ChBuildInstallNpcapManually]]
[#ChBuildInstallNpcapManually]
==== Manual Npcap Installation
@ -200,7 +200,7 @@ If you prefer to install Npcap manually or want to use a different version than
one included in the Wireshark installer, you can download Npcap from
the main Npcap site at {npcap-main-url}.
[[ChBuildInstallWinWiresharkUpdate]]
[#ChBuildInstallWinWiresharkUpdate]
==== Update Wireshark
@ -215,7 +215,7 @@ Wireshark is done the same way as installing it. Simply download and start the
installer exe. A reboot is usually not required and all your personal settings
remain unchanged.
[[ChBuildInstallNpcapUpdate]]
[#ChBuildInstallNpcapUpdate]
==== Update Npcap
@ -224,7 +224,7 @@ Manual Npcap updates instructions can be found on the Npcap web
site at {npcap-main-url}. You may have to reboot your machine after installing
a new Npcap version.
[[ChBuildInstallWinUninstall]]
[#ChBuildInstallWinUninstall]
==== Uninstall Wireshark
@ -235,7 +235,7 @@ The Wireshark uninstaller provides several options for removal. The default is
to remove the core components but keep your personal settings and Npcap.
Npcap is kept in case other programs need it.
[[ChBuildInstallNpcapUninstall]]
[#ChBuildInstallNpcapUninstall]
==== Uninstall Npcap
@ -243,7 +243,7 @@ You can uninstall Npcap independently of Wireshark using the _Npcap_ entry
in the _Programs and Features_ control panel. Remember that if you uninstall
Npcap you wont be able to capture anything with Wireshark.
[[ChBuildInstallWinBuild]]
[#ChBuildInstallWinBuild]
=== Building from source under Windows
@ -265,7 +265,7 @@ documentation.
// macOS
//
[[ChBuildInstallOSXInstall]]
[#ChBuildInstallOSXInstall]
=== Installing Wireshark under macOS
@ -278,7 +278,7 @@ You can do so by opening the _Install ChmodBPF.pkg_ file in the Wireshark .dmg o
The installer package includes Wireshark along with ChmodBPF and system path packages.
See the included _Read me first.html_ file for more details.
[[ChBuildInstallUnixInstallBins]]
[#ChBuildInstallUnixInstallBins]
=== Installing the binaries under UNIX
@ -354,7 +354,7 @@ pkg_add -r wireshark
pkg_add should take care of all of the dependency issues for you.
[[ChBuildInstallUnixBuild]]
[#ChBuildInstallUnixBuild]
=== Building from source under UNIX or Linux

50
docbook/wsug_src/WSUG_chapter_capture.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter Capture
[[ChapterCapture]]
[#ChapterCapture]
== Capturing Live Network Data
[[ChCapIntroduction]]
[#ChCapIntroduction]
=== Introduction
@ -32,7 +32,7 @@ The capture engine still lacks the following features:
* Stop capturing (or perform some other action) depending on the captured data.
[[ChCapPrerequisitesSection]]
[#ChCapPrerequisitesSection]
=== Prerequisites
@ -52,7 +52,7 @@ Here are some common pitfalls:
If you have any problems setting up your capture environment you should have a
look at the guide mentioned above.
[[ChCapCapturingSection]]
[#ChCapCapturingSection]
=== Start Capturing
@ -72,7 +72,7 @@ $ wireshark -i eth0 -k
--
This will start Wireshark capturing on interface `eth0`. More details can be found at <<ChCustCommandLine>>.
[[ChCapInterfaceSection]]
[#ChCapInterfaceSection]
=== The “Capture” Section Of The Welcome Screen
@ -80,12 +80,12 @@ When you open Wireshark without starting a capture or opening a capture file it
Network activity for each interface will be shown in a sparkline next to the interface name.
It is possible to select more than one interface and capture from them simultaneously.
[[ChCapCaptureInterfacesMainWin32]]
[#ChCapCaptureInterfacesMainWin32]
.Capture interfaces on Microsoft Windows
image::wsug_graphics/ws-capture-interfaces-main-win32.png[{screenshot-attrs}]
[[ChCapCaptureInterfacesMainMacos]]
[#ChCapCaptureInterfacesMainMacos]
.Capture interfaces on macOS
image::wsug_graphics/ws-capture-interfaces-main-macos.png[{screenshot-attrs}]
@ -101,7 +101,7 @@ Hovering over an interface will show any associated IPv4 and IPv6 addresses and
Wireshark isn't limited to just network interfaces -- on most systems you can also capture USB, Bluetooth, and other types of packets.
Note also that an interface might be hidden if its inaccessible to Wireshark or if it has been hidden as described in <<ChManageInterfacesSection>>.
[[ChCapCaptureOptions]]
[#ChCapCaptureOptions]
=== The “Capture Options” Dialog Box
@ -110,7 +110,7 @@ main toolbar), Wireshark pops up the “Capture Options” dialog box as shown i
<<ChCapCaptureOptionsDialog>>.
If you are unsure which options to choose in this dialog box, leaving the defaults settings as they are should work well in many cases.
[[ChCapCaptureOptionsDialog]]
[#ChCapCaptureOptionsDialog]
.The “Capture Options” input tab
image::wsug_graphics/ws-capture-options.png[{screenshot-attrs}]
@ -258,11 +258,11 @@ Capturing can be stopped based on the following conditions:
You can double click on an interface row in the “Input“ tab or click btn:[Start] from any tab to commence the capture. You can click btn:[Cancel] to apply your changes and close the dialog.
[[ChManageInterfacesSection]]
[#ChManageInterfacesSection]
=== The “Manage Interfaces” Dialog Box
[[ChCapManageInterfacesDialog]]
[#ChCapManageInterfacesDialog]
.The “Manage Interfaces” dialog box
image::wsug_graphics/ws-manage-interfaces.png[{screenshot-attrs}]
@ -429,13 +429,13 @@ To remove a host including all its interfaces from the list, select it and click
// .The “Interface Details” dialog box
// image::wsug_graphics/ws-capture-interface-details.png[{screenshot-attrs}]
[[ChCapCompiledFilterOutputSection]]
[#ChCapCompiledFilterOutputSection]
=== The “Compiled Filter Output” Dialog Box
This figure shows the results of compiling the BPF filter for the selected interfaces.
[[ChCapCompiledFilterOutputDialog]]
[#ChCapCompiledFilterOutputDialog]
.The “Compiled Filter Output” dialog box
image::wsug_graphics/ws-capture-options-compile-selected-bpfs.png[{medium-screenshot-attrs}]
@ -443,7 +443,7 @@ image::wsug_graphics/ws-capture-options-compile-selected-bpfs.png[{medium-screen
In the list on the left the interface names are listed.
The results of compiling a filter for the selected interface are shown on the right.
[[ChCapCaptureFiles]]
[#ChCapCaptureFiles]
=== Capture files and file modes
@ -457,7 +457,7 @@ different file after a given time has elapsed or a given number of packets
have been captured. These options are controlled in the “Output” tab in
the “Capture Options” dialog.
[[ChCapCaptureOptionsOutputDialog]]
[#ChCapCaptureOptionsOutputDialog]
.Capture output options
image::wsug_graphics/ws-capture-options-output.png[{screenshot-attrs}]
@ -481,7 +481,7 @@ in another, you might not see some of the valuable context related information.
Information about the folders used for capture files can be found in
<<AppFiles>>.
[[ChCapTabCaptureFiles]]
[#ChCapTabCaptureFiles]
.Capture file mode selected by capture options
[options="header",cols="2,2,2,3,5"]
|===
@ -513,7 +513,7 @@ is not reached, otherwise it will replace the oldest of the formerly used files
This mode will limit the maximum disk usage, even for an unlimited amount of
capture input data, only keeping the latest captured data.
[[ChCapLinkLayerHeader]]
[#ChCapLinkLayerHeader]
=== Link-layer header type
@ -543,7 +543,7 @@ traffic being captured is RFC 1483 LLC-encapsulated IP, or if the capture needs
to be read by an application that doesnt support SunATM headers, select “RFC
1483 IP-over-ATM”, otherwise select “Sun raw ATM”.
[[ChCapCaptureFilterSection]]
[#ChCapCaptureFilterSection]
=== Filtering while capturing
@ -566,7 +566,7 @@ by conjunctions (__and/or__) and optionally preceded by __not__:
An example is shown in <<ChCapExFilt1>>.
[[ChCapExFilt1]]
[#ChCapExFilt1]
.A capture filter for telnet that captures traffic to and from a particular host
====
----
@ -579,7 +579,7 @@ how to use two primitives and the __and__ conjunction. Another example is shown
in <<ChCapExFilt2>>, and shows how to capture all telnet traffic except that
from 10.0.0.5.
[[ChCapExFilt2]]
[#ChCapExFilt2]
.Capturing all telnet traffic not from 10.0.0.5
====
----
@ -646,7 +646,7 @@ This primitive allows you to create complex filter expressions that select bytes
Please see the pcap-filter man page at {pcap-filter-man-page-url} for more details.
[[ChCapCaptureAutoFilterSection]]
[#ChCapCaptureAutoFilterSection]
==== Automatic Remote Traffic Filtering
@ -681,13 +681,13 @@ The following environment variables are analyzed:
On Windows it asks the operating system if its running in a Remote Desktop Services environment.
[[ChCapRunningSection]]
[#ChCapRunningSection]
=== While a Capture is running ...
You might see the following dialog box while a capture is running:
[[ChCapCaptureInfoDialog]]
[#ChCapCaptureInfoDialog]
.The “Capture Information” dialog box
image::wsug_graphics/ws-capture-info.png[{small-screenshot-attrs}]
@ -695,7 +695,7 @@ This dialog box shows a list of protocols and their activity over time.
It can be enabled via the “capture.show_info” setting in the “Advanced”
preferences.
[[ChCapStopSection]]
[#ChCapStopSection]
==== Stop the running capture
@ -712,7 +712,7 @@ A running capture session will be stopped in one of the following ways:
. The capture will be automatically stopped if one of the _Stop Conditions_ is
met, e.g. the maximum amount of data was captured.
[[ChCapRestartSection]]
[#ChCapRestartSection]
==== Restart a running capture

68
docbook/wsug_src/WSUG_chapter_customize.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter Customizing
[[ChapterCustomize]]
[#ChapterCustomize]
== Customizing Wireshark
[[ChCustIntroduction]]
[#ChCustIntroduction]
=== Introduction
@ -20,7 +20,7 @@ to suit your needs even better. In this chapter we explore:
* How to use the various preference settings
[[ChCustCommandLine]]
[#ChCustCommandLine]
=== Start Wireshark from the command line
@ -32,7 +32,7 @@ Wireshark supports a large number of command line parameters. To see what they
are, simply enter the command _wireshark -h_ and the help information shown in
<<ChCustEx1>> (or something similar) should be printed.
[[ChCustEx1]]
[#ChCustEx1]
.Help information available from Wireshark
----
include::wireshark-h.txt[]
@ -441,7 +441,7 @@ implemented statistics consult the Wireshark manual page.
// XXX - add more details here!
[[ChCustColorizationSection]]
[#ChCustColorizationSection]
=== Packet colorization
@ -469,7 +469,7 @@ To permanently colorize packets, select menu:View[Coloring Rules...]. Wireshark
will display the “Coloring Rules” dialog box as shown in
<<ChCustColoringRulesDialog>>.
[[ChCustColoringRulesDialog]]
[#ChCustColoringRulesDialog]
.The “Coloring Rules” dialog box
image::wsug_graphics/ws-coloring-rules-dialog.png[{screenshot-attrs}]
@ -495,7 +495,7 @@ edited. Clicking on the btn:[Foreground] and btn:[Background] buttons will
open a color chooser (<<ChCustChooseColorDialog>>) for the foreground (text) and
background colors respectively.
[[ChCustChooseColorDialog]]
[#ChCustChooseColorDialog]
.A color chooser
image::wsug_graphics/ws-choose-color-rule.png[{small-screenshot-attrs}]
@ -507,12 +507,12 @@ btn:[OK].
in Wireshark. Note that the frame detail shows that the “Bad TCP” rule
was applied, along with the matching filter.
[[ChCustColorFilterMany]]
[#ChCustColorFilterMany]
.Using color filters with Wireshark
image::wsug_graphics/ws-coloring-fields.png[{screenshot-attrs}]
[[ChCustProtocolDissectionSection]]
[#ChCustProtocolDissectionSection]
=== Control Protocol dissection
@ -529,7 +529,7 @@ There are two ways to control the relations between protocol dissectors: disable
a protocol dissector completely or temporarily divert the way Wireshark calls
the dissectors.
[[ChAdvEnabledProtocols]]
[#ChAdvEnabledProtocols]
==== The “Enabled Protocols” dialog box
@ -550,7 +550,7 @@ To enable or disable protocols select menu:Analyze[Enabled Protocols...].
Wireshark will pop up the “Enabled Protocols” dialog box as shown in
<<ChAdvEnabledProtocolsFig>>.
[[ChAdvEnabledProtocolsFig]]
[#ChAdvEnabledProtocolsFig]
.The “Enabled Protocols” dialog box
image::wsug_graphics/ws-enabled-protocols.png[{screenshot-attrs}]
@ -570,7 +570,7 @@ btn:[OK]:: Save and apply the changes and close the dialog box, see <<AppFiles>>
btn:[Cancel]:: Cancel the changes and close the dialog box.
[[ChAdvDecodeAs]]
[#ChAdvDecodeAs]
==== User Specified Decodes
@ -581,7 +581,7 @@ experiments on your network.
Decode As is accessed by selecting the menu:Analyze[Decode As...]. Wireshark
will pop up the “Decode As” dialog box as shown in <<ChAdvDecodeAsFig>>.
[[ChAdvDecodeAsFig]]
[#ChAdvDecodeAsFig]
.The “Decode As” dialog box
image::wsug_graphics/ws-decode-as.png[{screenshot-attrs}]
@ -609,7 +609,7 @@ btn:[Save]:: Save and apply the user specified decodes and close the dialog box.
btn:[Cancel]:: Cancel the changes and close the dialog box.
[[ChCustPreferencesSection]]
[#ChCustPreferencesSection]
=== Preferences
@ -626,7 +626,7 @@ side is a tree where you can select the page to be shown.
* The btn:[Cancel] button will restore all preferences settings to the last saved state.
[[ChCustGUIPrefPage]]
[#ChCustGUIPrefPage]
.The preferences dialog box
image::wsug_graphics/ws-gui-preferences.png[{screenshot-attrs}]
@ -648,7 +648,7 @@ $ wireshark -o "gui.prepend_window_title:Internal Network" &
$ wireshark -o "gui.prepend_window_title:External Network" &
----
[[ChCustConfigProfilesSection]]
[#ChCustConfigProfilesSection]
=== Configuration Profiles
@ -722,7 +722,7 @@ Configuration files stored in each profile include:
All other configurations are stored in the personal configuration folder and
are common to all profiles.
[[ChCustGUIConfigProfilesPage]]
[#ChCustGUIConfigProfilesPage]
.The configuration profiles dialog box
image::wsug_graphics/ws-gui-config-profiles.png[{medium-screenshot-attrs}]
@ -773,14 +773,14 @@ added and deleted profiles will not be deleted.
btn:[Help]::
Show this help page.
[[ChUserTable]]
[#ChUserTable]
=== User Table
The User Table editor is used for managing various tables in Wireshark. Its main
dialog works very similarly to that of <<ChCustColorizationSection>>.
[[ChDisplayFilterMacrosSection]]
[#ChDisplayFilterMacrosSection]
=== Display Filter Macros
@ -810,7 +810,7 @@ The name of the macro.
Text::
The replacement text for the macro it uses $1, $2, $3, ... as the input arguments.
[[ChEssCategoryAttributes]]
[#ChEssCategoryAttributes]
=== ESS Category Attributes
@ -828,7 +828,7 @@ The value (Label And Cert Value) representing the Category.
Name::
The textual representation for the value.
[[ChMaxMindDbPaths]]
[#ChMaxMindDbPaths]
=== MaxMind Database Paths
@ -847,7 +847,7 @@ The locations for your data files are up to you, but `/usr/share/GeoIP`
and `/var/lib/GeoIP` are common on Linux and `C:\ProgramData\GeoIP`,
`C:\Program Files\Wireshark\GeoIP` might be good choices on Windows.
[[ChGeoIPDbPaths]]
[#ChGeoIPDbPaths]
Previous versions of Wireshark supported MaxMind's original GeoIP Legacy
database format. They were configured similar to MaxMindDB files above,
@ -855,7 +855,7 @@ except GeoIP files must begin with _Geo_ and end with _.dat_. They are
no longer supported and MaxMind stopped distributing GeoLite Legacy
databases in April 2018.
[[ChIKEv2DecryptionSection]]
[#ChIKEv2DecryptionSection]
=== IKEv2 decryption table
@ -903,7 +903,7 @@ length must meet the requirement of the integrity algorithm selected.
Integrity Algorithm::
Integrity algorithm of the IKE_SA.
[[ChObjectIdentifiers]]
[#ChObjectIdentifiers]
=== Object Identifiers
@ -935,7 +935,7 @@ Syntax::
The syntax of the value associated with the Object Identifier. This must be one
of the syntaxes that Wireshark already knows about (e.g. “PrintableString”).
[[ChPresContextList]]
[#ChPresContextList]
=== PRES Users Context List
@ -954,7 +954,7 @@ Syntax Name OID::
The object identifier representing the abstract syntax name, which defines the
protocol that is carried over this association.
[[ChSccpUsers]]
[#ChSccpUsers]
=== SCCP users Table
@ -977,7 +977,7 @@ An range of integers representing the ssns for which this association is valid.
User protocol::
The protocol that is carried over this association
[[ChSNMPSMIModules]]
[#ChSNMPSMIModules]
=== SMI (MIB and PIB) Modules
@ -987,7 +987,7 @@ modules here. The COPS and SNMP dissectors can use them to resolve OIDs.
Module name::
The name of the module, e.g. IF-MIB.
[[ChSNMPSMIPaths]]
[#ChSNMPSMIPaths]
=== SMI (MIB and PIB) Paths
@ -999,7 +999,7 @@ A module directory, e.g. `/usr/local/snmp/mibs`. Wireshark automatically uses
the standard SMI path for your system, so you usually dont have to add anything
here.
[[ChSNMPEnterpriseSpecificTrapTypes]]
[#ChSNMPEnterpriseSpecificTrapTypes]
=== SNMP Enterprise Specific Trap Types
@ -1021,7 +1021,7 @@ An Integer representing the specific-trap code.
Description::
The description to show in the packet details.
[[ChSNMPUsersSection]]
[#ChSNMPUsersSection]
=== SNMP users Table
@ -1060,7 +1060,7 @@ password 010203040506 must be entered as _\x01\x02\x03\x04\x05\x06_. The _\_
character must be treated as an unprintable character, i.e. it must be entered
as _\x5C_ or _\x5c_.
[[ChK12ProtocolsSection]]
[#ChK12ProtocolsSection]
=== Tektronix K12xx/15 RF5 protocols Table
@ -1083,7 +1083,7 @@ sscf-nni ) or the name of the encapsulation protocol and the “application”
protocol over it separated by a colon (e.g sscop:sscf-nni, sscop:alcap,
sscop:nbap, ...)
[[ChUserDLTsSection]]
[#ChUserDLTsSection]
=== User DLTs protocol table
@ -1114,7 +1114,7 @@ size this trailer is. A value of 0 disables the trailer protocol.
Trailer protocol::
The name of the trailer protocol to be used (uses “data” as default).
[[ChProtobufSearchPaths]]
[#ChProtobufSearchPaths]
=== Protobuf Search Paths
@ -1151,7 +1151,7 @@ changed. Note that the source directories that configured to protobuf official o
libraries path (like `d:/protobuf-3.4.1/include/`) should not be set to load all
files, that may cause unnecessary memory use.
[[ChProtobufUDPMessageTypes]]
[#ChProtobufUDPMessageTypes]
=== Protobuf UDP Message Types

32
docbook/wsug_src/WSUG_chapter_introduction.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter Introduction
[[ChapterIntroduction]]
[#ChapterIntroduction]
== Introduction
[[ChIntroWhatIs]]
[#ChIntroWhatIs]
=== What is Wireshark?
@ -21,7 +21,7 @@ However, with the advent of Wireshark, that has changed. Wireshark is
available for free, is open source, and is one of the best packet
analyzers available today.
[[ChIntroPurposes]]
[#ChIntroPurposes]
==== Some intended purposes
@ -39,7 +39,7 @@ Here are some reasons people use Wireshark:
Wireshark can also be helpful in many other situations.
[[ChIntroFeatures]]
[#ChIntroFeatures]
==== Features
@ -75,7 +75,7 @@ However, to really appreciate its power you have to start using it.
<<ChIntroFig1>> shows Wireshark having captured some packets and waiting for you
to examine them.
[[ChIntroFig1]]
[#ChIntroFig1]
.Wireshark captures packets and lets you examine their contents.
image::wsug_graphics/ws-main.png[{screenshot-attrs}]
@ -111,7 +111,7 @@ keys or fees or such. In addition, all source code is freely available under the
GPL. Because of that, it is very easy for people to add new protocols to
Wireshark, either as plugins, or built into the source, and they often do!
[[ChIntroNoFeatures]]
[#ChIntroNoFeatures]
==== What Wireshark is not
@ -126,7 +126,7 @@ Here are some things Wireshark does not provide:
things from it. Wireshark doesnt send packets on the network or do other
active things (except domain name resolution, but that can be disabled).
[[ChIntroPlatforms]]
[#ChIntroPlatforms]
=== System Requirements
@ -256,7 +256,7 @@ If a binary package is not available for your platform you can download
the source and try to build it. Please report your experiences to
mailto:{wireshark-dev-list-email}[].
[[ChIntroDownload]]
[#ChIntroDownload]
=== Where To Get Wireshark
@ -275,7 +275,7 @@ Announcement messages are archived at https://www.wireshark.org/lists/wireshark-
Both are GPG-signed and include verification instructions for Windows, Linux, and macOS.
As noted above, you can also verify downloads on Windows and macOS using the code signature validation features on those systems.
[[ChIntroHistory]]
[#ChIntroHistory]
=== A Brief History Of Wireshark
@ -312,7 +312,7 @@ Conference, called Sharkfest.
In 2015 Wireshark 2.0 was released, which featured a new user interface.
[[ChIntroMaintenance]]
[#ChIntroMaintenance]
=== Development And Maintenance Of Wireshark
@ -351,21 +351,21 @@ The Wireshark source code and binary kits for some platforms are all
available on the download page of the Wireshark website:
{wireshark-download-url}.
[[ChIntroHelp]]
[#ChIntroHelp]
=== Reporting Problems And Getting Help
If you have problems or need help with Wireshark there are several places that
may be of interest (besides this guide, of course).
[[ChIntroHomepage]]
[#ChIntroHomepage]
==== Website
You will find lots of useful information on the Wireshark homepage at
{wireshark-main-url}.
[[ChIntroWiki]]
[#ChIntroWiki]
==== Wiki
@ -379,7 +379,7 @@ And best of all, if you would like to contribute your knowledge on a specific
topic (maybe a network protocol you know well), you can edit the wiki pages
with your web browser.
[[ChIntroQA]]
[#ChIntroQA]
==== Q&amp;A Site
@ -390,7 +390,7 @@ knew about the issue. Answers are ranked, so you can easily pick out the best
ones. If your question hasnt been discussed before you can post
one yourself.
[[ChIntroFAQ]]
[#ChIntroFAQ]
==== FAQ
@ -413,7 +413,7 @@ An online version is available at the Wireshark website at
{wireshark-faq-url}. You might prefer this online version, as its
typically more up to date and the HTML format is easier to use.
[[ChIntroMailingLists]]
[#ChIntroMailingLists]
==== Mailing Lists

74
docbook/wsug_src/WSUG_chapter_io.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter IO
[[ChapterIO]]
[#ChapterIO]
== File Input, Output, And Printing
[[ChIOIntroductionSection]]
[#ChIOIntroductionSection]
=== Introduction
@ -20,7 +20,7 @@ This chapter will describe input and output of capture data.
* Print packets
[[ChIOOpenSection]]
[#ChIOOpenSection]
=== Open Capture Files
@ -42,7 +42,7 @@ capture files from a large number of other packet capture programs as well. See
<<ChIOInputFormatsSection>> for the list of capture formats Wireshark
understands.
[[ChIOOpen]]
[#ChIOOpen]
==== The “Open Capture File” Dialog Box
@ -75,14 +75,14 @@ Wireshark adds the following controls:
* Optionally force Wireshark to read a file as a particular type using the “Automatically detect file type” dropdown.
[[ChIOOpenFileDialogWin32]]
[#ChIOOpenFileDialogWin32]
.“Open” on Microsoft Windows
image::wsug_graphics/ws-open-win32.png[{medium-screenshot-attrs}]
This is the common Windows file open dialog along with some Wireshark extensions.
[[ChIOOpenFileDialog]]
[#ChIOOpenFileDialog]
.“Open” - Linux and UNIX
image::wsug_graphics/ws-open-qt5.png[{medium-screenshot-attrs}]
@ -91,7 +91,7 @@ This is the common Qt file open dialog along with some Wireshark extensions.
// XXX Add macOS
[[ChIOInputFormatsSection]]
[#ChIOInputFormatsSection]
==== Input File Formats
@ -214,7 +214,7 @@ captured. Ethernet captures are usually supported for most file formats but it
may not be possible to read other packet types such as PPP or IEEE 802.11 from
all file formats.
[[ChIOSaveSection]]
[#ChIOSaveSection]
=== Saving Captured Packets
@ -225,7 +225,7 @@ Not all information will be saved in a capture file. For example, most file
formats dont record the number of dropped packets. See
<<ChAppFilesCaptureFilesSection>> for details.
[[ChIOSaveAs]]
[#ChIOSaveAs]
==== The “Save Capture File As” Dialog Box
@ -234,14 +234,14 @@ The exact appearance of this dialog depends on your system.
However, the functionality is the same across systems.
Examples are shown below.
[[ChIOSaveAsFileWin32]]
[#ChIOSaveAsFileWin32]
.“Save” on Microsoft Windows
image::wsug_graphics/ws-save-as-win32.png[{medium-screenshot-attrs}]
This is the common Windows file save dialog with some additional Wireshark extensions.
[[ChIOSaveAsFile2]]
[#ChIOSaveAsFile2]
.“Save” on Linux and UNIX
image::wsug_graphics/ws-save-as-qt5.png[{medium-screenshot-attrs}]
@ -278,7 +278,7 @@ You can convert capture files from one format to another by opening a capture an
If you wish to save some of the packets in your capture file you can do so via <<ChIOExportSpecifiedPacketsDialog>>.
[[ChIOOutputFormatsSection]]
[#ChIOOutputFormatsSection]
==== Output File Formats
@ -357,7 +357,7 @@ the `.cap` extension in order to open a file using the Windows version
of _Sniffer_.
====
[[ChIOMergeSection]]
[#ChIOMergeSection]
=== Merging Capture Files
@ -379,7 +379,7 @@ There are three ways to merge capture files using Wireshark:
This tool provides the most options to merge capture files.
See <<AppToolsmergecap>> for details.
[[ChIOMergeDialog]]
[#ChIOMergeDialog]
==== The “Merge With Capture File” Dialog Box
@ -400,18 +400,18 @@ Merge both the packets from the selected and currently loaded file in chronologi
Append packets::
Append the packets from the selected file after the currently loaded packets.
[[ChIOMergeFileTab]]
[#ChIOMergeFileTab]
.“Merge Capture File As” dialog box examples
[[ChIOMergeFileWin32]]
[#ChIOMergeFileWin32]
.“Merge” on Microsoft Windows
image::wsug_graphics/ws-merge-win32.png[{medium-screenshot-attrs}]
This is the common Windows file open dialog with additional Wireshark extensions.
[[ChIOMergeFile2]]
[#ChIOMergeFile2]
.“Merge” on Linux and UNIX
image::wsug_graphics/ws-merge-qt5.png[{medium-screenshot-attrs}]
@ -420,7 +420,7 @@ This is the Qt file open dialog with additional Wireshark extensions.
// XXX Add macOS
[[ChIOImportSection]]
[#ChIOImportSection]
=== Import Hex Dump
@ -553,7 +553,7 @@ be used to reorder out of order captures after the import.
If this field is not given, no IDs will be present in the resulting file.
+
[[ChIOImportDialog]]
[#ChIOImportDialog]
==== The “Import From Hex Dump” Dialog Box
@ -561,7 +561,7 @@ If this field is not given, no IDs will be present in the resulting file.
This dialog box lets you select a text file, containing a hex dump of packet
data, to be imported and set import parameters.
[[ChIOFileImportDialog]]
[#ChIOFileImportDialog]
.The “Import from Hex Dump” dialog in Hex Dump mode
image::wsug_graphics/ws-file-import.png[{medium-screenshot-attrs}]
@ -677,7 +677,7 @@ in the expected range and all unlocked fields are populated when using regex mod
When completed there will be a new capture file loaded with the frames imported
from the text file.
[[ChIOFileSetSection]]
[#ChIOFileSetSection]
=== File Sets
@ -717,7 +717,7 @@ with file sets in a convenient way:
* btn:[Previous File] closes the current and opens the previous file in the
file set.
[[ChIOFileSetListDialog]]
[#ChIOFileSetListDialog]
==== The “List Files” Dialog Box
@ -748,7 +748,7 @@ opened/closed.
The btn:[Close] button will, well, close the dialog box.
[[ChIOExportSection]]
[#ChIOExportSection]
// - Add {missing} for other exports?
@ -758,7 +758,7 @@ Wireshark provides a variety of options for exporting packet data.
This section describes general ways to export data from the main Wireshark application.
There are many other ways to export or extract data from capture files, including processing <<AppToolstshark,tshark>> output and customizing Wireshark and TShark using Lua scripts.
[[ChIOExportSpecifiedPacketsDialog]]
[#ChIOExportSpecifiedPacketsDialog]
==== The “Export Specified Packets” Dialog Box
@ -769,7 +769,7 @@ This is similar to the “<<ChIOSaveAs,Save>>” dialog box, but it lets you sav
This can be useful for trimming irrelevant or unwanted packets from a capture file.
See <<ChIOPacketRangeSection,Packet Range>> for details on the range controls.
[[ChIOExportPacketDissectionsDialog]]
[#ChIOExportPacketDissectionsDialog]
==== The “Export Packet Dissections” Dialog Box
@ -958,7 +958,7 @@ If you would like to be able to <<ChIOImportSection,import>> any previously expo
]
----
[[ChIOExportSelectedDialog]]
[#ChIOExportSelectedDialog]
==== The “Export Selected Packet Bytes” Dialog Box
@ -973,7 +973,7 @@ The file name to export the packet data to.
Save as type::
The file extension.
[[ChIOExportPDUSDialog]]
[#ChIOExportPDUSDialog]
==== The “Export PDUs to File...” Dialog Box
@ -981,7 +981,7 @@ The “Export PDUs to File...” dialog box allows you to filter the captured Pr
. In the main menu select menu:File[Export PDUs to File...]. Wireshark will open a corresponding dialog <<ExportPDUsToFile>>.
+
[[ExportPDUsToFile]]
[#ExportPDUsToFile]
+
.Export PDUs to File window
image::wsug_graphics/ws-export-pdus-to-file.png[{screenshot-attrs}]
@ -1008,7 +1008,7 @@ NOTE: You can add any dissector to the existing list, or define a new entry in t
. You can open the file from the main Wireshark window by choosing it in the bottom-left corner. That closes the originally captured file and opens the exported results instead.
[[ChIOExportTLSSessionKeys]]
[#ChIOExportTLSSessionKeys]
==== The “Export TLS Session Keys...” Dialog Box
@ -1022,7 +1022,7 @@ To export captured TLS session keys, follow the steps below:
. In the main menu select menu:File[Export TLS Session Keys...]. Wireshark will open a corresponding dialog <<TlsSessionKeys>>.
+
[[TlsSessionKeys]]
[#TlsSessionKeys]
+
.Export TLS Session Keys window
image::wsug_graphics/ws-tls-session-keys.png[{screenshot-attrs}]
@ -1033,7 +1033,7 @@ image::wsug_graphics/ws-tls-session-keys.png[{screenshot-attrs}]
. Press the btn:[Save] button to complete the export file procedure.
[[ChIOExportObjectsDialog]]
[#ChIOExportObjectsDialog]
==== The “Export Objects” Dialog Box
@ -1088,7 +1088,7 @@ Saves the currently selected object as a filename you specify. The
default filename to save as is taken from the filename column of the objects
list.
[[ChIOPrintSection]]
[#ChIOPrintSection]
=== Printing Packets
@ -1103,7 +1103,7 @@ Printed output can contain lots of text, particularly if you print packet detail
==== The “Print” Dialog Box
[[ChIOPrintDialogBox]]
[#ChIOPrintDialogBox]
.The “Print” dialog box
image::wsug_graphics/ws-print.png[{medium-screenshot-attrs}]
@ -1136,14 +1136,14 @@ btn:[Cancel] will close the dialog without printing.
btn:[Help] will display this section of the “Users Guide”.
[[ChIOPacketRangeSection]]
[#ChIOPacketRangeSection]
=== The “Packet Range” Frame
The packet range frame is a part of the “<<ChIOExportSpecifiedPacketsDialog,Export Specified Packets>>,” “<<ChIOExportPacketDissectionsDialog,Export Packet Dissections>>,” and “<<ChIOPrintSection,Print>>” dialog boxes.
You can use it to specify which packets will be exported or printed.
[[ChIOPacketRangeFrame]]
[#ChIOPacketRangeFrame]
.The “Packet Range” frame
image::wsug_graphics/ws-packet-range.png[{medium-screenshot-attrs}]
@ -1171,14 +1171,14 @@ Remove ignored packets::
Don't export or print ignored packets.
See <<ChWorkIgnorePacketSection>>.
[[ChIOPacketFormatSection]]
[#ChIOPacketFormatSection]
=== The Packet Format Frame
The packet format frame is also a part of the “<<ChIOExportPacketDissectionsDialog,Export Packet Dissections>>” and “<<ChIOPrintSection,Print>>” dialog boxes.
You can use it to specify which parts of dissection are exported or printed.
[[ChIOPacketFormatFrame]]
[#ChIOPacketFormatFrame]
.The “Packet Format” frame
image::wsug_graphics/ws-packet-format.png[{small-screenshot-attrs}]

56
docbook/wsug_src/WSUG_chapter_mate.adoc
View File

@ -1,8 +1,8 @@
[[ChMate]]
[#ChMate]
== MATE
[[ChMateIntroduction]]
[#ChMateIntroduction]
=== Introduction
@ -41,7 +41,7 @@ that timeout)
* Follow requests through more gateways/proxies.
* more...
[[ChMateGettingStarted]]
[#ChMateGettingStarted]
=== Getting Started
@ -62,7 +62,7 @@ If anything went well, your packet details might look something like this:
image::wsug_graphics/ws-mate-tcp-output.png[]
[[ChMateManual]]
[#ChMateManual]
=== MATE Manual
@ -116,7 +116,7 @@ AVPLs to operate against the Gop's AVPL to relate Gops together into Gogs.
A good understanding on how AVPs and AVPLs work is fundamental to understand how
MATE works.
[[AVP]]
[#AVP]
==== Attribute Value Pairs
Information used by MATE to relate different frames is contained in Attribute/
@ -896,7 +896,7 @@ from huge capture files using just the calling number. Later he used the time he
had saved to make it flexible enough to work with protocols other than the ones
he was directly involved with.
[[ChMateConfigurationTutorial]]
[#ChMateConfigurationTutorial]
=== MATE's configuration tutorial
@ -1156,7 +1156,7 @@ declarations the following way:
Now we got it, every "usage" gets it's own Gog.
[[ChMateConfigurationExamples]]
[#ChMateConfigurationExamples]
=== MATE configuration examples
@ -1409,7 +1409,7 @@ Gog mms {
};
----
[[ChMateConfigurationLibrary]]
[#ChMateConfigurationLibrary]
=== MATE's configuration library
@ -1543,7 +1543,7 @@ Action=GopStop; For=mgc_tr; megaco_msg=Reply;
Action=GopExtra; For=mgc_tr; term^DS1; megaco_ctx!Choose one;
----
[[ChMateReferenceManual]]
[#ChMateReferenceManual]
=== MATE's reference manual
@ -1603,7 +1603,7 @@ higher than the configuration value string.
* <<Exists,Exists>> _?_ (can be omitted) will match if the AVP name matches, regardless
what the value string is.
[[Equal]]
[#Equal]
====== Equal AVP Operator
This operator tests whether the values of the operator and the operand AVP are
@ -1613,7 +1613,7 @@ Example::
attrib=aaa *matches* attrib=aaa +
attrib=aaa *does not match* attrib=bbb
[[NotEqual]]
[#NotEqual]
====== Not equal AVP operator
This operator matches if the value strings of two AVPs are not equal.
@ -1622,7 +1622,7 @@ Example::
attrib=aaa matches attrib!bbb +
attrib=aaa does not match attrib!aaa
[[OneOf]]
[#OneOf]
====== "One of" AVP operator
The "one of" operator matches if the data AVP value is equal to one of the
@ -1633,7 +1633,7 @@ attrib=1 matches attrib{1|2|3} +
attrib=2 matches attrib{1|2|3} +
attrib=4 does not match attrib{1|2|3}
[[StartsWith]]
[#StartsWith]
====== "Starts with" AVP operator
The "starts with" operator matches if the first characters of the data AVP
@ -1646,7 +1646,7 @@ attrib=ab does not match attrib^abc +
attrib=abcd does not match attrib^bcd +
attrib=abc does not match attrib^abcd +
[[EndsWith]]
[#EndsWith]
====== "Ends with" operator
The ends with operator will match if the last bytes of the data AVP value are
@ -1657,7 +1657,7 @@ attrib=wxyz matches attrib$xyz +
attrib=yz does not match attrib$xyz +
attrib=abc...wxyz does not match attrib$abc
[[Contains]]
[#Contains]
====== Contains operator
The "contains" operator will match if the data AVP value contains a string
@ -1669,7 +1669,7 @@ attrib=abcde matches attrib~abc +
attrib=abcde matches attrib~cde +
attrib=abcde does not match attrib~xyz
[[LowerThan]]
[#LowerThan]
====== "Lower than" operator
The "lower than" operator will match if the data AVP value is semantically lower
@ -1686,7 +1686,7 @@ BUGS
It should check whether the values are numbers and compare them numerically
[[HigherThan]]
[#HigherThan]
====== "Higher than" operator
The "higher than" operator will match if the data AVP value is semantically
@ -1704,7 +1704,7 @@ BUGS
It should check whether the values are numbers and compare them numerically
[[Exists]]
[#Exists]
====== Exists operator
The exists operator will always match as far as the two operands have the same
@ -1747,7 +1747,7 @@ configuration AVPL.
configuration AVPL has at least one match in the data AVPL. If it matches, it
returns a result AVPL containing those AVPs from the data AVPL that matched.
[[Loose]]
[#Loose]
====== Loose Match
A loose match between AVPLs succeeds if at least one of the data AVPs matches at
@ -1774,7 +1774,7 @@ Loose Match Examples
(attr_a=aaa, attr_b=bbb, attr_c=xxx) Match Loose (attr_a=xxx; attr_c=ccc) ==> No Match!
[[Every]]
[#Every]
====== Every Match
An "every" match between AVPLs succeeds if none of the configuration's AVPs that
@ -1799,7 +1799,7 @@ https://gitlab.com/wireshark/wireshark/-/issues/12184[issue 12184].
(attr_a=aaa; attr_b=bbb; attr_c=xxx) Match Every (attr_a=xxx, attr_c=ccc) ==> No Match!
[[Strict]]
[#Strict]
====== Strict Match
A Strict match between AVPLs succeeds if and only if every AVP in the
@ -1819,7 +1819,7 @@ Examples
(attr_a=aaa, attr_b=bbb, attr_c=xxx) Match Strict (attr_a?, attr_c?, attr_d?) ==> No Match!
[[Merge]]
[#Merge]
====== AVPL Merge
An AVPL may be merged into another one. That would add to the latter every AVP
@ -1841,7 +1841,7 @@ Examples
(attr_a=aaa, attr_b=bbb) Merge (attr_c=xxx, attr_d=ddd) former becomes (attr_a=aaa, attr_b=bbb, attr_c=xxx, attr_d=ddd)
[[Transform]]
[#Transform]
====== Transforms
A Transform is a sequence of Match rules optionally followed by an instruction
@ -1871,9 +1871,9 @@ and in the order given, i.e. left to right.
In MATE configuration file, a Transform must be declared before declaring any
item which uses it.
[[Config]]
[#Config]
=== Configuration AVPLs
[[Pdu]]
[#Pdu]
==== Pdsu's configuration actions
The following configuration AVPLs deal with PDU creation and data extraction.
@ -1980,7 +1980,7 @@ it. The list is always executed completely, left to right. On the contrary, the
list of Match clauses inside each individual _Transform_ is executed only until
the first match succeeds.
[[Criteria]]
[#Criteria]
====== Criteria clause
This clause tells MATE whether to use the Pdu for analysis. It specifies a match
@ -2012,7 +2012,7 @@ Pdus of other types in the frame. If set to _TRUE_, it will not try to create
Pdus of other types from the current frame, yet it will continue to try for the
current type.
[[Gop]]
[#Gop]
===== Gop's configuration actions
====== Gop declaration block header
@ -2131,7 +2131,7 @@ Whether or not to show the times subtree of the Gop. If _TRUE_, the default,
the subtree with the timers is added to the Gop's tree. If _FALSE_, the subtree
is suppressed.
[[Gog]]
[#Gog]
===== Gog's configuration actions
====== Gop declaration block header

76
docbook/wsug_src/WSUG_chapter_statistics.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter Statistics
[[ChStatistics]]
[#ChStatistics]
== Statistics
[[ChStatIntroduction]]
[#ChStatIntroduction]
=== Introduction
@ -47,7 +47,7 @@ version of this document.
Some of these statistics are described at
{wireshark-wiki-url}Statistics.
[[ChStatSummary]]
[#ChStatSummary]
=== The “Capture File Properties” Dialog
@ -100,7 +100,7 @@ Copies the “Details” information to the clipboard.
btn:[Help]::
Opens this section of the Users Guide.
[[ChStatResolvedAddresses]]
[#ChStatResolvedAddresses]
=== Resolved Addresses
@ -119,7 +119,7 @@ Wireshark reads the entries for port mappings from the `hosts` service configura
.Resolved Addresses window
image::wsug_graphics/ws-resolved-addr.png[{screenshot-attrs}]
[[ChStatHierarchy]]
[#ChStatHierarchy]
=== The “Protocol Hierarchy” Window
@ -178,7 +178,7 @@ A single packet can contain the same protocol more than once. In this case, the
protocol is counted more than once. For example ICMP replies and many tunneling
protocols will carry more than one IP header.
[[ChStatConversations]]
[#ChStatConversations]
=== Conversations
@ -187,7 +187,7 @@ example, an IP conversation is all the traffic between two IP addresses. The
description of the known endpoint types can be found in
<<ChStatEndpoints>>.
[[ChStatConversationsWindow]]
[#ChStatConversationsWindow]
==== The “Conversations” Window
@ -230,7 +230,7 @@ it before (or while) you are doing a live capture.
// Removed:
// [[ChStatConversationListWindow]]
[[ChStatEndpoints]]
[#ChStatEndpoints]
=== Endpoints
@ -293,7 +293,7 @@ endpoints. Of course, as these arent physical endpoints the real traffic
will be received by some or all of the listed unicast endpoints.
====
[[ChStatEndpointsWindow]]
[#ChStatEndpointsWindow]
==== The “Endpoints” Window
@ -335,7 +335,7 @@ it before (or while) you are doing a live capture.
// [[ChStatEndpointListWindow]]
[[ChStatPacketLengths]]
[#ChStatPacketLengths]
=== Packet Lengths
@ -381,7 +381,7 @@ You can show statistics for a portion of the capture by entering a display filte
btn:[Copy] copies the statistics to the clipboard.
btn:[Save as...] lets you save the data as text, CSV, YAML, or XML.
[[ChStatIOGraphs]]
[#ChStatIOGraphs]
=== The “I/O Graphs” Window
@ -492,7 +492,7 @@ btn:[Save As...] will save the currently displayed graph as an image or CSV data
You can see a list of useful keyboard shortcuts by right-clicking on the graph.
====
[[ChStatIOGraphsMissingValues]]
[#ChStatIOGraphsMissingValues]
[discrete]
==== Missing Values Are Zero
@ -509,7 +509,7 @@ Zero values are shown in line graphs, and bar charts.
// If you need to display zero values in a scatter plot, you can do so by making the Y Axis a calculated field.
// For example, the calculated equivalent of “Packets” is a “COUNT FRAMES” Y Axis with a Y Field set to “frame”.
[[ChStatSRT]]
[#ChStatSRT]
=== Service Response Time
@ -537,7 +537,7 @@ This information is available for many protocols, including the following:
As an example, the SMB2 service response time is described below in more detail.
The other Service Response Time windows will show statistics specific to their respective protocols, but will offer the same menu options.
[[ChStatSRTSMB2]]
[#ChStatSRTSMB2]
==== The “SMB2 Service Response Time Statistics” Window
@ -558,13 +558,13 @@ btn:[Save As...] will save the response time information in various formats.
btn:[Close] will close this dialog.
[[ChStatDHCPBOOTP]]
[#ChStatDHCPBOOTP]
=== DHCP (BOOTP) Statistics
The Dynamic Host Configuration Protocol (DHCP) is an option of the Bootstrap Protocol (BOOTP). It dynamically assigns IP addresses and other parameters to a DHCP client. The DHCP (BOOTP) Statistics window displays a table over the number of occurrences of a DHCP message type. The user can filter, copy or save the data into a file.
[[ChStatNetPerfMeter]]
[#ChStatNetPerfMeter]
=== NetPerfMeter Statistics
@ -584,12 +584,12 @@ link:https://duepublico2.uni-due.de/servlets/MCRFileNodeServlet/duepublico_deriv
.NetPerfMeter Statistics window
image::wsug_graphics/ws-netperfmeter-statistics.png[{screenshot-attrs}]
[[ChStatONCRPC]]
[#ChStatONCRPC]
=== ONC-RPC Programs
Open Network Computing (ONC) Remote Procedure Call (RPC) uses TCP or UDP protocols to map a program number to a specific port on a remote machine and call a required service at that port. The ONC-RPC Programs window shows the description for captured program calls, such as program name, its number, version, and other data.
[[ChStat29West]]
[#ChStat29West]
=== 29West
@ -623,7 +623,7 @@ a|* Advertisement by Queue
|The LBT-Ru Transport Statistics window shows the Sources and Receivers sequence numbers for transport and other data.
|===
[[ChStatANCP]]
[#ChStatANCP]
=== ANCP
@ -635,19 +635,19 @@ The Access Node Control Protocol (ANCP) is an TCP based protocol, which operates
The ANCP window shows the related statistical data. The user can filter, copy or save the data into a file.
[[ChStatBACnet]]
[#ChStatBACnet]
=== BACnet
Building Automation and Control Networks (BACnet) is a communication protocol which provides control for various building automated facilities, such as light control, fire alarm control, and others. Wireshark provides the BACnet statistics which is a packet counter. You can sort packets by instance ID, IP address, object type or service.
[[ChStatCollectd]]
[#ChStatCollectd]
=== Collectd
Collectd is a system statistics collection daemon. It collects various statistics from your system and converts it for the network use. The Collectd statistics window shows counts for values, which split into type, plugin, and host as well as total packets counter. You can filter, copy or save the data to a file.
[[ChStatDNS]]
[#ChStatDNS]
=== DNS
@ -664,7 +664,7 @@ You might find these statistics useful for quickly examining the health of a DNS
You can filter, copy or save the data into a file.
[[ChStatFlowGraph]]
[#ChStatFlowGraph]
=== Flow Graph
@ -708,41 +708,41 @@ Additional controls available for VoIP calls:
[[ChStatHARTIP]]
[#ChStatHARTIP]
=== HART-IP
Highway Addressable Remote Transducer over IP (HART-IP) is an application layer protocol. It sends and receives digital information between smart devices and control or monitoring systems. The HART-IP statistics window shows the counter for response, request, publish and error packets. You can filter, copy or save the data to a file.
[[ChStatHPFEEDS]]
[#ChStatHPFEEDS]
=== HPFEEDS
Hpfeeds protocol provides a lightweight authenticated publishing and subscription. It supports arbitrary binary payloads which can be separated into different channels. HPFEEDS statistics window shows a counter for payload size per channel and opcodes. You can filter, copy or save the data to a file.
[[ChStatHTTP]]
[#ChStatHTTP]
=== HTTP Statistics
[[ChStatHTTPPacketCounter]]
[#ChStatHTTPPacketCounter]
==== HTTP Packet Counter
Statistics for HTTP request types and response codes.
[[ChStatHTTPRequests]]
[#ChStatHTTPRequests]
==== HTTP Requests
HTTP statistics based on the host and URI.
[[ChStatHTTPLoadDistribution]]
[#ChStatHTTPLoadDistribution]
==== HTTP Load Distribution
HTTP request and response statistics based on the server address and host.
[[ChStatHTTPRequestSequences]]
[#ChStatHTTPRequestSequences]
==== HTTP Request Sequences
@ -754,7 +754,7 @@ request leads to the next.
image::wsug_graphics/ws-stats-http-requestsequences.png[{screenshot-attrs}]
[[ChStatHTTP2]]
[#ChStatHTTP2]
=== HTTP2
@ -762,13 +762,13 @@ Hypertext Transfer Protocol version 2 (HTTP/2) allows multiplexing various HTTP
As HTTP/2 traffic is typically encrypted with TLS, you must configure decryption to observe HTTP/2 traffic. For more details, see the link:{wireshark-wiki-url}TLS[TLS wiki page].
[[ChStatSametime]]
[#ChStatSametime]
=== Sametime
Sametime is a protocol for the IBM Sametime software. The Sametime statistics window shows the counter for message type, send type, and user status.
[[ChStatTCPStreamGraphs]]
[#ChStatTCPStreamGraphs]
=== TCP Stream Graphs
@ -791,7 +791,7 @@ segment.
Window Scaling:: Window size and outstanding bytes.
[[ChStatUDPMulticastStreams]]
[#ChStatUDPMulticastStreams]
=== UDP Multicast Streams
@ -806,7 +806,7 @@ With this statistics you can:
.UDP Multicast Streams window
image::wsug_graphics/ws-udp-multicast-stream.png[{screenshot-attrs}]
[[ChStatRSerPool]]
[#ChStatRSerPool]
=== Reliable Server Pooling (RSerPool)
@ -854,7 +854,7 @@ image::wsug_graphics/ws-pingpongprotocol-statistics.png[{screenshot-attrs}]
.Scripting Service Protocol Statistics window
image::wsug_graphics/ws-ssp-statistics.png[{screenshot-attrs}]
[[ChStatF5]]
[#ChStatF5]
=== F5
@ -877,7 +877,7 @@ Each `tmm Distribution` window contains the statistics for the following data:
*** Traffic without a flow ID.
[[ChStatIPv4]]
[#ChStatIPv4]
=== IPv4 Statistics
@ -892,7 +892,7 @@ The menu:Statistics[IPv4] menu provides the packet counter by submenus:
You can see similar statistics in the menu:Statistics[Conversations] and menu:Statistics[Endpoints] menus.
[[ChStatIPv6]]
[#ChStatIPv6]
=== IPv6 Statistics

54
docbook/wsug_src/WSUG_chapter_telephony.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter Telephony
[[ChTelephony]]
[#ChTelephony]
== Telephony
[[ChTelIntroduction]]
[#ChTelIntroduction]
=== Introduction
@ -21,7 +21,7 @@ specific protocols and might be described in a later version of this document.
Some of these statistics are described at the
{wireshark-wiki-url}Statistics pages.
[[ChTelPlayingCalls]]
[#ChTelPlayingCalls]
=== Playing VoIP Calls
@ -75,7 +75,7 @@ image::wsug_graphics/ws-tel-playlist.png[]
Same approach with set/add/remove actions is used for RTP Stream Analysis window. The playlist is there handled as different tabs in the window, see <<ChTelRTPAnalysis,RTP Stream Analysis>> window.
====
[[ChTelPlayingCallsLive]]
[#ChTelPlayingCallsLive]
==== Playing audio during live capture
@ -139,7 +139,7 @@ RTP Player plays audio by OS sound system and OS is responsible for mixing audio
RTP Analysis window can handle 1000+ streams, but it is difficult to use it with so many streams - it is difficult to navigate between them. It is expected that RTP Analysis window will be used for analysis of lower tens of streams.
[[ChTelVoipCalls]]
[#ChTelVoipCalls]
=== VoIP Calls Window
@ -181,7 +181,7 @@ Available controls are:
* btn:[Play Streams] opens <<ChTelRtpPlayer,RTP Player>> window. Actions btn:[Set], btn:[Add] and btn:[Remove] are available.
* btn:[Copy] copies information from table to clipboard in CSV or YAML.
[[ChTelANSI]]
[#ChTelANSI]
=== ANSI
@ -195,30 +195,30 @@ The A-Interface Base Station Management Application Part (BSMAP) Statistics wind
The A-Interface Direct Transfer Application Part (DTAP) Statistics widow shows the messages list and the number of the captured messages. There is a possibility to filter the messages, copy or save the date into a file.
[[ChTelGSM]]
[#ChTelGSM]
=== GSM Windows
The Global System for Mobile Communications (GSM) is a standard for mobile networks. This menu shows a group of statistic data for mobile communication protocols according to ETSI GSM standard.
[[ChTelIAX2Analysis]]
[#ChTelIAX2Analysis]
=== IAX2 Stream Analysis Window
The “IAX2 Stream Analysis” window shows statistics for the forward and reverse
streams of a selected IAX2 call along with a graph.
[[ChTelISUPMessages]]
[#ChTelISUPMessages]
=== ISUP Messages Window
Integrated Service User Part (ISUP) protocol provides voice and non-voice signaling for telephone communications. ISUP Messages menu opens the window which shows the related statistics. The user can filter, copy or save the data into a file.
[[ChTelLTE]]
[#ChTelLTE]
=== LTE
[[ChTelLTEMACTraffic]]
[#ChTelLTEMACTraffic]
==== LTE MAC Traffic Statistics Window
@ -233,7 +233,7 @@ shows statistical highlights for exactly one UE/C-RNTI. In the lower pane, you
can see the for the currently selected UE/C-RNTI the traffic broken down by
individual channel.
[[ChTelLTERLCGraph]]
[#ChTelLTERLCGraph]
==== LTE RLC Graph Window
@ -246,7 +246,7 @@ image::wsug_graphics/ws-rlc-graph.png[{screenshot-attrs}]
[.small]#_The image of the RLC Graph is borrowed from link:https://gitlab.com/wireshark/wireshark/-/wikis/RLC-LTE[Wireshark wiki]._#
[[ChTelLTERLCTraffic]]
[#ChTelLTERLCTraffic]
==== LTE RLC Traffic Statistics Window
@ -268,7 +268,7 @@ the selected channel. Note that in the case of Acknowledged Mode channels, if a
single direction is chosen, the generated filter will show data in that
direction and control PDUs in the opposite direction.
[[ChTelMTP3]]
[#ChTelMTP3]
=== MTP3 Windows
@ -276,7 +276,7 @@ The Message Transfer Part level 3 (MTP3) protocol is a part of the Signaling Sys
This menu shows MTP3 Statistics and MTP3 Summary windows.
[[ChTelOsmux]]
[#ChTelOsmux]
=== Osmux Windows
@ -284,7 +284,7 @@ OSmux is a multiplex protocol which benefits satellite based GSM back-haul syste
=== RTP
[[ChTelRTPStreams]]
[#ChTelRTPStreams]
==== RTP Streams Window
@ -323,7 +323,7 @@ Available controls are:
* btn:[Export] exports selected streams in RTPDump format.
[[ChTelRTPAnalysis]]
[#ChTelRTPAnalysis]
==== RTP Stream Analysis Window
@ -397,7 +397,7 @@ for every stream. Checkboxes below graph are enabling or disabling showing of a
Stream Analysis window contained tool for save audio and payload for analyzed streams. This tool was moved in Wireshark 3.5.0 to <<ChTelRtpPlayer,RTP Player>> window. New tool has more features.
====
[[ChTelRtpPlayer]]
[#ChTelRtpPlayer]
==== RTP Player Window
@ -505,7 +505,7 @@ User can use shortcuts:
** kbd:[N] - Select all inaudible streams
** kbd:[Shift + N] - Deselect all inaudible streams
[[tel-rtp-export]]
[#tel-rtp-export]
===== Export
@ -536,13 +536,13 @@ Default value of btn:[Output Audio Rate] is btn:[Automatic]. When multiple codec
In this case user must manually select one of rates in btn:[Output Audio Rate], streams will be resampled and audio export succeeds.
====
[[ChTelRTSP]]
[#ChTelRTSP]
=== RTSP Window
In the Real Time Streaming Protocol (RTSP) menu the user can check the Packet Counter window. It shows Total RTCP Packets and divided into RTSP Response Packets, RTSP Request Packets and Other RTSP packets. The user can filter, copy or save the data into a file.
[[ChTelSCTP]]
[#ChTelSCTP]
=== SCTP Windows
@ -558,25 +558,25 @@ The SCTP Associations window shows the table with the data for captured packets,
.SCTP Associations window
image::wsug_graphics/ws-sctp.png[{screenshot-attrs}]
[[ChTelSMPPOperations]]
[#ChTelSMPPOperations]
=== SMPP Operations Window
Short Message Peer-to-Peer (SMPP) protocol uses TCP protocol as its transfer for exchanging Short Message Service (SMS) Messages, mainly between Short Message Service Centers (SMSC). The dissector determines whether the captured packet is SMPP or not by using the heuristics in the fixed header. The SMPP Operations window displays the related statistical data. The user can filter, copy or save the data into a file.
[[ChTelUCPMessages]]
[#ChTelUCPMessages]
=== UCP Messages Window
The Universal Computer Protocol (UCP) plays role in transferring Short Messages between a Short Message Service Centre (SMSC) and an application, which is using transport protocol, such as TCP or X.25. The UCP Messages window displays the related statistical data. The user can filter, copy or save the data into a file.
[[ChTelH225]]
[#ChTelH225]
=== H.225 Window
H.225 telecommunication protocol which is responsible for messages in call signaling and media stream packetization for packet-based multimedia communication systems. The H.225 window shows the counted messages by types and reasons. The user can filter, copy or save the data into a file.
[[ChTelSIPFlows]]
[#ChTelSIPFlows]
=== SIP Flows Window
@ -586,13 +586,13 @@ This window will list both complete and in-progress SIP transactions.
Window has same features as <<ChTelVoipCalls,VoIP Calls>> window.
[[ChTelSIPStatistics]]
[#ChTelSIPStatistics]
=== SIP Statistics Window
SIP Statistics window shows captured SIP transactions. It is divided into SIP Responses and SIP Requests. In this window the user can filter, copy or save the statistics into a file.
[[ChTelWAPWSPPacketCounter]]
[#ChTelWAPWSPPacketCounter]
=== WAP-WSP Packet Counter Window

4
docbook/wsug_src/WSUG_chapter_troubleshoot.adoc
View File

@ -1,6 +1,6 @@
// WSUG Chapter Four
[[Chap04]]
[#Chap04]
== Troubleshooting with Wireshark
@ -43,7 +43,7 @@ more details on capturing with _tcpdump_, see <<Ch05tcpdump>>.
* Examine the appropriate fields within the packets where the problem appears to
be. These can often help to reveal the problem.
[[Ch04ROUSWI]]
[#Ch04ROUSWI]
=== Capturing in the presence of switches and routers

128
docbook/wsug_src/WSUG_chapter_use.adoc
View File

@ -1,10 +1,10 @@
// WSUG User Interface Chapter
[[ChapterUsing]]
[#ChapterUsing]
== User Interface
[[ChUseIntroductionSection]]
[#ChUseIntroductionSection]
=== Introduction
@ -17,7 +17,7 @@ capturing your first packets. In the next chapters we will explore:
* How to filter packets in Wireshark
* ... and many other things!
[[ChUseStartSection]]
[#ChUseStartSection]
=== Start Wireshark
@ -37,7 +37,7 @@ toolkit used, your screen might look different from the provided screenshots.
But as there are no real differences in functionality these screenshots should
still be well understandable.
[[ChUseMainWindowSection]]
[#ChUseMainWindowSection]
=== The Main window
@ -45,7 +45,7 @@ Lets look at Wiresharks user interface. <<ChUseFig01>> shows Wireshark as
would usually see it after some packets are captured or loaded (how to do this
will be described later).
[[ChUseFig01]]
[#ChUseFig01]
.The Main window
image::wsug_graphics/ws-main.png[{screenshot-attrs}]
@ -76,7 +76,7 @@ The layout of the main window can be customized by changing preference settings.
See <<ChCustPreferencesSection>> for details.
====
[[ChUseMainWindowNavSection]]
[#ChUseMainWindowNavSection]
==== Main Window Navigation
@ -84,7 +84,7 @@ Packet list and detail navigation can be done entirely from the keyboard.
<<ChUseTabNav>> shows a list of keystrokes that will let you quickly move around
a capture file. See <<ChUseTabGo>> for additional navigation keystrokes.
[[ChUseTabNav]]
[#ChUseTabNav]
.Keyboard Navigation
[options="header",cols="1,3"]
|===
@ -111,7 +111,7 @@ menu:Help[About Wireshark,Keyboard Shortcuts] will show a list of all shortcuts
in the main window. Additionally, typing anywhere in the main window will start
filling in a display filter.
[[ChUseMenuSection]]
[#ChUseMenuSection]
=== The Menu
@ -126,7 +126,7 @@ available. For example, you cannot save a capture file if you havent captured
or loaded any packets.
====
[[ChUseWiresharkMenu]]
[#ChUseWiresharkMenu]
.The Menu
image::wsug_graphics/ws-menu.png[{screenshot-attrs}]
@ -191,17 +191,17 @@ press the Control (or Strg in German) and the K keys together to open the
“Capture Options” dialog.
====
[[ChUseFileMenuSection]]
[#ChUseFileMenuSection]
=== The “File” Menu
The Wireshark file menu contains the fields shown in <<ChUseTabFile>>.
[[ChUseWiresharkFileMenu]]
[#ChUseWiresharkFileMenu]
.The “File” Menu
image::wsug_graphics/ws-file-menu.png[{screenshot-attrs}]
[[ChUseTabFile]]
[#ChUseTabFile]
.File menu items
[options="header",cols="3,2,5"]
|===
@ -287,17 +287,17 @@ preference setting).
|===
[[ChUseEditMenuSection]]
[#ChUseEditMenuSection]
=== The “Edit” Menu
The Wireshark Edit menu contains the fields shown in <<ChUseTabEdit>>.
[[ChUseWiresharkEditMenu]]
[#ChUseWiresharkEditMenu]
.The “Edit” Menu
image::wsug_graphics/ws-edit-menu.png[{screenshot-attrs}]
[[ChUseTabEdit]]
[#ChUseTabEdit]
.Edit menu items
[options="header",cols="3,2,5"]
|===
@ -385,17 +385,17 @@ Wireshark will use them the next time you start it. More detail is provided in
|===
[[ChUseViewMenuSection]]
[#ChUseViewMenuSection]
=== The “View” Menu
The Wireshark View menu contains the fields shown in <<ChUseTabView>>.
[[ChUseWiresharkViewMenu]]
[#ChUseWiresharkViewMenu]
.The “View” Menu
image::wsug_graphics/ws-view-menu.png[{screenshot-attrs}]
[[ChUseTabView]]
[#ChUseTabView]
.View menu items
[options="header",cols="3,2,5"]
|===
@ -463,7 +463,7 @@ details.
|menu:Reload[] |kbd:[Ctrl+R] |This menu item allows you to reload the current capture file.
|===
[[ChUseInternals]]
[#ChUseInternals]
.Internals menu items
[options="header",cols="3,5"]
|===
@ -474,17 +474,17 @@ details.
|===
[[ChUseGoMenuSection]]
[#ChUseGoMenuSection]
=== The “Go” Menu
The Wireshark Go menu contains the fields shown in <<ChUseTabGo>>.
[[ChUseWiresharkGoMenu]]
[#ChUseWiresharkGoMenu]
.The “Go” Menu
image::wsug_graphics/ws-go-menu.png[{screenshot-attrs}]
[[ChUseTabGo]]
[#ChUseTabGo]
.Go menu items
[options="header",cols="3,2,5"]
|===
@ -501,17 +501,17 @@ image::wsug_graphics/ws-go-menu.png[{screenshot-attrs}]
|menu:Next Packet In Conversation[] |kbd:[Ctrl+.] |Move to the next packet in the current conversation. This can be used to move to the previous packet even if the packet list doesnt have keyboard focus.
|===
[[ChUseCaptureMenuSection]]
[#ChUseCaptureMenuSection]
=== The “Capture” Menu
The Wireshark Capture menu contains the fields shown in <<ChUseTabCap>>.
[[ChUseWiresharkCaptureMenu]]
[#ChUseWiresharkCaptureMenu]
.The “Capture” Menu
image::wsug_graphics/ws-capture-menu.png[{screenshot-attrs}]
[[ChUseTabCap]]
[#ChUseTabCap]
.Capture menu items
[options="header",cols="3,2,5"]
|===
@ -543,17 +543,17 @@ Clear and recreate the interface list.
|===
[[ChUseAnalyzeMenuSection]]
[#ChUseAnalyzeMenuSection]
=== The “Analyze” Menu
The Wireshark Analyze menu contains the fields shown in <<ChUseAnalyze>>.
[[ChUseWiresharkAnalyzeMenu]]
[#ChUseWiresharkAnalyzeMenu]
.The “Analyze” Menu
image::wsug_graphics/ws-analyze-menu.png[{screenshot-attrs}]
[[ChUseAnalyze]]
[#ChUseAnalyze]
.Analyze menu items
[options="header",cols="3,2,5"]
|===
@ -619,19 +619,19 @@ See <<ChAdvExpert>> for more information.
The amount of information will vary depend on the protocol
|===
[[ChUseStatisticsMenuSection]]
[#ChUseStatisticsMenuSection]
=== The “Statistics” Menu
The Wireshark Statistics menu contains the fields shown in <<ChUseStatistics>>.
[[ChUseWiresharkStatisticsMenu]]
[#ChUseWiresharkStatisticsMenu]
.The “Statistics” Menu
image::wsug_graphics/ws-statistics-menu.png[{screenshot-attrs}]
Each menu item brings up a new window showing specific statistics.
[[ChUseStatistics]]
[#ChUseStatistics]
.Statistics menu items
[options="header",cols="3,2,5"]
|===
@ -669,19 +669,19 @@ Each menu item brings up a new window showing specific statistics.
|===
[[ChUseTelephonyMenuSection]]
[#ChUseTelephonyMenuSection]
=== The “Telephony” Menu
The Wireshark Telephony menu contains the fields shown in <<ChUseTelephony>>.
[[ChUseWiresharkTelephonyMenu]]
[#ChUseWiresharkTelephonyMenu]
.The “Telephony” Menu
image::wsug_graphics/ws-telephony-menu.png[{screenshot-attrs}]
Each menu item shows specific telephony related statistics.
[[ChUseTelephony]]
[#ChUseTelephony]
.Telephony menu items
[options="header",cols="3,2,5"]
|===
@ -706,19 +706,19 @@ Each menu item shows specific telephony related statistics.
|===
[[ChUseWirelessMenuSection]]
[#ChUseWirelessMenuSection]
=== The “Wireless” Menu
The Wireless menu lets you analyze Bluetooth and IEEE 802.11 wireless LAN activity as shown in <<ChUseWiresharkWirelessMenu>>.
[[ChUseWiresharkWirelessMenu]]
[#ChUseWiresharkWirelessMenu]
.The “Wireless” Menu
image::wsug_graphics/ws-wireless-menu.png[{screenshot-attrs}]
Each menu item shows specific Bluetooth and IEEE 802.11 statistics.
[[ChUseWireless]]
[#ChUseWireless]
.Wireless menu items
[options="header",cols="3,2,5"]
|===
@ -731,17 +731,17 @@ Each menu item shows specific Bluetooth and IEEE 802.11 statistics.
|===
[[ChUseToolsMenuSection]]
[#ChUseToolsMenuSection]
=== The “Tools” Menu
The Wireshark Tools menu contains the fields shown in <<ChUseTools>>.
[[ChUseWiresharkToolsMenu]]
[#ChUseWiresharkToolsMenu]
.The “Tools” Menu
image::wsug_graphics/ws-tools-menu.png[{screenshot-attrs}]
[[ChUseTools]]
[#ChUseTools]
.Tools menu items
[options="header",cols="3,2,5"]
|===
@ -758,17 +758,17 @@ See “Lua Support in Wireshark” in the Wireshark Developers Guide.
The Lua menu structure is set by console.lua in the Wireshark install directory.
|===
[[ChUseHelpMenuSection]]
[#ChUseHelpMenuSection]
=== The “Help” Menu
The Wireshark Help menu contains the fields shown in <<ChUseHelp>>.
[[ChUseWiresharkHelpMenu]]
[#ChUseWiresharkHelpMenu]
.The “Help” Menu
image::wsug_graphics/ws-help-menu.png[{screenshot-attrs}]
[[ChUseHelp]]
[#ChUseHelp]
.Help menu items
[options="header",cols="3,2,5"]
|===
@ -794,7 +794,7 @@ starts but no page is shown, have a look at the web browser setting in the
preferences dialog.
====
[[ChUseMainToolbarSection]]
[#ChUseMainToolbarSection]
=== The “Main” Toolbar
@ -809,14 +809,14 @@ the main window toolbar after a file has been opened. Various
file-related buttons are enabled, but the stop capture button is
disabled because a capture is not in progress.
[[ChUseWiresharkMainToolbar]]
[#ChUseWiresharkMainToolbar]
.The “Main” toolbar
image::wsug_graphics/ws-main-toolbar.png[{screenshot-attrs}]
:toolbar-icon-attrs: height=24,width=24
[[ChUseMainToolbar]]
[#ChUseMainToolbar]
.Main toolbar items
[options="header",cols="1,2,2,4"]
|===
@ -849,14 +849,14 @@ image::wsug_graphics/ws-main-toolbar.png[{screenshot-attrs}]
//|image:wsug_graphics/toolbar/stock_colorselector_24.png[{toolbar-icon-attrs}]|btn:[Coloring Rules...]|menu:View[Coloring Rules...]| This item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets. More detail on this subject is provided in <<ChCustColorizationSection>>.
|===
[[ChUseFilterToolbarSection]]
[#ChUseFilterToolbarSection]
=== The “Filter” Toolbar
The filter toolbar lets you quickly edit and apply display filters. More
information on display filters is available in <<ChWorkDisplayFilterSection>>.
[[ChUseWiresharkFilterToolbar]]
[#ChUseWiresharkFilterToolbar]
.The “Filter” toolbar
image::wsug_graphics/ws-filter-toolbar.png[{screenshot-attrs}]
@ -864,7 +864,7 @@ image::wsug_graphics/ws-filter-toolbar.png[{screenshot-attrs}]
// Icons themselves are 32px high.
:filter-icon-attrs: height=24
[[ChUseFilterToolbar]]
[#ChUseFilterToolbar]
.Filter toolbar items
[options="header",cols="1,3,5"]
|===
@ -894,13 +894,13 @@ For example if you create buttons named “Not Squirrels // Rabbits” and “No
|===
[[ChUsePacketListPaneSection]]
[#ChUsePacketListPaneSection]
=== The “Packet List” Pane
The packet list pane displays all the packets in the current capture file.
[[ChUseWiresharkListPane]]
[#ChUseWiresharkListPane]
.The “Packet List” pane
image::wsug_graphics/ws-list-pane.png[{screenshot-attrs}]
@ -992,14 +992,14 @@ packets along with the 15 shown in the packet list itself.
Right clicking will show a context menu, described in
<<ChWorkPacketListPanePopUpMenu>>.
[[ChUsePacketDetailsPaneSection]]
[#ChUsePacketDetailsPaneSection]
=== The “Packet Details” Pane
The packet details pane shows the current packet (selected in the “Packet List”
pane) in a more detailed form.
[[ChUseWiresharkDetailsPane]]
[#ChUseWiresharkDetailsPane]
.The “Packet Details” pane
image::wsug_graphics/ws-details-pane.png[{screenshot-attrs}]
@ -1024,14 +1024,14 @@ Some protocol fields have special meanings.
displayed in blue. If you double-clicked on a link Wireshark will jump to the
corresponding packet.
[[ChUsePacketBytesPaneSection]]
[#ChUsePacketBytesPaneSection]
=== The “Packet Bytes” Pane
The packet bytes pane shows the data of the current packet (selected in the
“Packet List” pane) in a hexdump style.
[[ChUseWiresharkBytesPane]]
[#ChUseWiresharkBytesPane]
.The “Packet Bytes” pane
image::wsug_graphics/ws-bytes-pane.png[{screenshot-attrs}]
@ -1058,14 +1058,14 @@ methods for deactivating the functionality:
may be activated/deactivated. This setting is stored in the selected profile
__recent__ file.
[[ChUseWiresharkBytesPaneTabs]]
[#ChUseWiresharkBytesPaneTabs]
.The “Packet Bytes” pane with tabs
image::wsug_graphics/ws-bytes-pane-tabs.png[{screenshot-attrs}]
Additional tabs typically contain data reassembled from multiple packets or
decrypted data.
[[ChUsePacketDiagramPaneSection]]
[#ChUsePacketDiagramPaneSection]
////
=== The “Packet Diagram” Pane
@ -1073,7 +1073,7 @@ decrypted data.
The packet diagram pane shows the current packet (selected in the “Packet List”
pane) as a diagram, similar to ones used in textbooks and IETF RFCs.
[[ChUseWiresharkDiagramPane]]
[#ChUseWiresharkDiagramPane]
.The “Packet Diagram” pane
image::wsug_graphics/ws-diagram-pane.png[{screenshot-attrs}]
@ -1084,7 +1084,7 @@ There is a context menu (right mouse click) available.
For details see <<ChWorkPacketDiagramPanePopUpMenu>>.
////
[[ChUseStatusbarSection]]
[#ChUseStatusbarSection]
=== The Statusbar
@ -1095,13 +1095,13 @@ will show information about the current capture file, and the right side will
show the selected configuration profile. Drag the handles between the text areas
to change the size.
[[ChUseWiresharkStatusbarEmpty]]
[#ChUseWiresharkStatusbarEmpty]
.The initial Statusbar
image::wsug_graphics/ws-statusbar-empty.png[{statusbar-attrs}]
This statusbar is shown while no capture file is loaded, e.g. when Wireshark is started.
[[ChUseWiresharkStatusbarLoaded]]
[#ChUseWiresharkStatusbarLoaded]
.The Statusbar with a loaded capture file
image::wsug_graphics/ws-statusbar-loaded.png[{statusbar-attrs}]
@ -1132,13 +1132,13 @@ Ignored::: The number of ignored packets Only displayed if you ignored any packe
The right side...:: shows the selected configuration profile.
Clicking on this part of the statusbar will bring up a menu with all available configuration profiles, and selecting from this list will change the configuration profile.
[[ChUseWiresharkStatusbarProfile]]
[#ChUseWiresharkStatusbarProfile]
.The Statusbar with a configuration profile menu
image::wsug_graphics/ws-statusbar-profile.png[{pdf-scaledwidth},height=192]
For a detailed description of configuration profiles, see <<ChCustConfigProfilesSection>>.
[[ChUseWiresharkStatusbarSelected]]
[#ChUseWiresharkStatusbarSelected]
.The Statusbar with a selected protocol field
image::wsug_graphics/ws-statusbar-selected.png[{statusbar-attrs}]
@ -1150,7 +1150,7 @@ The value between the parentheses (in this example “ipv6.src”) is the displa
You can become more familiar with display filter fields by selecting different packet detail items.
====
[[ChUseWiresharkStatusbarFilter]]
[#ChUseWiresharkStatusbarFilter]
//FIXME: Remove or choose a better example of a display filter message.
.The Statusbar with a display filter message

12
docbook/wsug_src/WSUG_chapter_wireless.adoc
View File

@ -1,16 +1,16 @@
// WSUG Chapter Wireless
[[ChWireless]]
[#ChWireless]
== Wireless
[[ChWirelessIntroduction]]
[#ChWirelessIntroduction]
=== Introduction
The Wireless menu provides access to statistics related to wireless traffic.
[[ChWirelessBluetoothATTServerAttributes]]
[#ChWirelessBluetoothATTServerAttributes]
=== Bluetooth ATT Server Attributes
@ -22,7 +22,7 @@ Bluetooth ATT Server Attributes window displays a list of captured Attribute Pro
`UUID Name` is a specified name for the captured packet.
[[ChWirelessBluetoothDevices]]
[#ChWirelessBluetoothDevices]
=== Bluetooth Devices
@ -31,7 +31,7 @@ The Bluetooth Devices window displays the list of the captured information about
.Bluetooth Devices window
image::wsug_graphics/ws-bluetooth-devices.png[{screenshot-attrs}]
[[ChWirelessBluetoothHCISummary]]
[#ChWirelessBluetoothHCISummary]
=== Bluetooth HCI Summary
@ -40,7 +40,7 @@ The Bluetooth HCI Summary window displays the summary for the captured Host Cont
.Bluetooth HCI Summary window
image::wsug_graphics/ws-bt-hci-summary.png[{screenshot-attrs}]
[[ChWirelessWLANTraffic]]
[#ChWirelessWLANTraffic]
=== WLAN Traffic

82
docbook/wsug_src/WSUG_chapter_work.adoc
View File

@ -1,10 +1,10 @@
// WSUG Chapter Work
[[ChapterWork]]
[#ChapterWork]
== Working With Captured Packets
[[ChWorkViewPacketsSection]]
[#ChWorkViewPacketsSection]
=== Viewing Packets You Have Captured
@ -19,7 +19,7 @@ corresponding bytes in the byte view. An example with a TCP packet selected is
shown in <<ChWorkSelPack1>>. It also has the Acknowledgment number in the TCP
header selected, which shows up in the byte view as the selected bytes.
[[ChWorkSelPack1]]
[#ChWorkSelPack1]
.Wireshark with a TCP packet selected for viewing
image::wsug_graphics/ws-packet-selected.png[{screenshot-attrs}]
@ -34,7 +34,7 @@ packet list or by selecting the packet in which you are interested in the packet
list pane and selecting menu:View[Show Packet in New Window]. This allows you to
easily compare two or more packets, even across multiple files.
[[ChWorkPacketSepView]]
[#ChWorkPacketSepView]
.Viewing a packet in a separate window
image::wsug_graphics/ws-packet-sep-win.png[{screenshot-attrs}]
@ -47,7 +47,7 @@ number of other ways to open a new packet window:
- From <<PacketListPopupMenuTable>>.
- From <<PacketDetailsPopupMenuTable>>.
[[ChWorkDisplayPopUpSection]]
[#ChWorkDisplayPopUpSection]
=== Pop-up Menus
@ -55,11 +55,11 @@ You can open a pop-up menu over the “Packet List”, its column heading,
“Packet Details”, or “Packet Bytes” by clicking your right mouse button
on the corresponding item.
[[ChWorkColumnHeaderPopUpMenuSection]]
[#ChWorkColumnHeaderPopUpMenuSection]
==== Pop-up Menu Of The “Packet List” Column Header
[[ChWorkColumnHeaderPopUpMenu]]
[#ChWorkColumnHeaderPopUpMenu]
.Pop-up menu of the “Packet List” column header
image::wsug_graphics/ws-column-header-popup-menu.png[{screenshot-attrs}]
@ -67,7 +67,7 @@ The following table gives an overview of which functions are available
in this header, where to find the corresponding function in the main
menu, and a description of each item.
[[ColumnHeaderPopupMenuTable]]
[#ColumnHeaderPopupMenuTable]
.The menu items of the “Packet List” column header pop-up menu
[options="header",cols="3,7"]
|===
@ -102,11 +102,11 @@ Remove this column, similar to deleting it in the “Preferences” dialog.
|===
[[ChWorkPacketListPanePopUpMenuSection]]
[#ChWorkPacketListPanePopUpMenuSection]
==== Pop-up Menu Of The “Packet List” Pane
[[ChWorkPacketListPanePopUpMenu]]
[#ChWorkPacketListPanePopUpMenu]
.Pop-up menu of the “Packet List” pane
image::wsug_graphics/ws-packet-pane-popup-menu.png[{screenshot-attrs}]
@ -115,7 +115,7 @@ The following table gives an overview of which functions are available
in this pane, where to find the corresponding function in the main menu,
and a short description of each item.
[[PacketListPopupMenuTable]]
[#PacketListPopupMenuTable]
.The menu items of the “Packet List” pop-up menu
[options="header",cols="3,1,6"]
|===
@ -221,11 +221,11 @@ details.
|===
[[ChWorkPacketDetailsPanePopUpMenuSection]]
[#ChWorkPacketDetailsPanePopUpMenuSection]
==== Pop-up Menu Of The “Packet Details” Pane
[[ChWorkPacketDetailsPanePopUpMenu]]
[#ChWorkPacketDetailsPanePopUpMenu]
.Pop-up menu of the “Packet Details” pane
image::wsug_graphics/ws-details-pane-popup-menu.png[{screenshot-attrs}]
@ -234,7 +234,7 @@ The following table gives an overview of which functions are available in this
pane, where to find the corresponding function in the main menu, and a short
description of each item.
[[PacketDetailsPopupMenuTable]]
[#PacketDetailsPopupMenuTable]
.The menu items of the “Packet Details” pop-up menu
[options="header",cols="3,1,6"]
@ -335,11 +335,11 @@ window. See <<ChWorkPacketSepView>> for details.
|===
[[ChWorkPacketBytesPanePopUpMenuSection]]
[#ChWorkPacketBytesPanePopUpMenuSection]
==== Pop-up Menu Of The “Packet Bytes” Pane
[[ChWorkPacketBytesPanePopUpMenu]]
[#ChWorkPacketBytesPanePopUpMenu]
.Pop-up menu of the “Packet Bytes” pane
image::wsug_graphics/ws-bytes-pane-popup-menu.png[{screenshot-attrs}]
@ -347,7 +347,7 @@ image::wsug_graphics/ws-bytes-pane-popup-menu.png[{screenshot-attrs}]
The following table gives an overview of which functions are available
in this pane along with a short description of each item.
[[PacketBytesPopupMenuTable]]
[#PacketBytesPopupMenuTable]
.The menu items of the “Packet Bytes” pop-up menu
[options="header",cols="3,7"]
@ -393,7 +393,7 @@ Use EBCDIC encoding when displaying “hexdump” text.
|===
[[ChWorkDisplayFilterSection]]
[#ChWorkDisplayFilterSection]
=== Filtering Packets While Viewing
@ -434,7 +434,7 @@ expression.
====
[[ChWorkTCPFilter]]
[#ChWorkTCPFilter]
.Filtering on the TCP protocol
image::wsug_graphics/ws-display-filter-tcp.png[{screenshot-attrs}]
@ -461,7 +461,7 @@ the _Display Filter Expression_ dialog box is available in
<<ChWorkFilterAddExpressionSection>>.
[[ChWorkBuildDisplayFilterSection]]
[#ChWorkBuildDisplayFilterSection]
=== Building Display Filter Expressions
@ -513,7 +513,7 @@ A complete list of available comparison operators is shown in <<DispCompOps>>.
English and C-like operators are interchangeable and can be mixed within a filter string.
====
[[DispCompOps]]
[#DispCompOps]
.Display Filter comparison operators
[options="header",cols="1,1,1,3,3"]
@ -535,7 +535,7 @@ English and C-like operators are interchangeable and can be mixed within a filte
All protocol fields have a type. <<ChWorkFieldTypes>> provides a list
of the types with examples of how to use them in display filters.
[[ChWorkFieldTypes]]
[#ChWorkFieldTypes]
===== Display Filter Field Types
@ -621,7 +621,7 @@ date must be specified:
In the second format, a `T` may appear between the date and time as in
ISO 8601, but not when less significant times are dropped.
[[ChWorkFilterExamples]]
[#ChWorkFilterExamples]
===== Some Examples
@ -669,7 +669,7 @@ TIP: Using raw strings avoids most problem with the "matches" operator and doubl
You can combine filter expressions in Wireshark using the logical operators shown in <<FiltLogOps>>
[[FiltLogOps]]
[#FiltLogOps]
.Display Filter Logical Operations
[options="header",cols="1,1,1,4"]
@ -766,7 +766,7 @@ frame.time_delta in {10 .. 10.5}
The display filter language has a number of functions to convert fields, see
<<DispFunctions>>.
[[DispFunctions]]
[#DispFunctions]
.Display Filter Functions
[options="header",cols="1,4"]
|===
@ -804,7 +804,7 @@ To match IP addresses ending in 255 in a block of subnets (172.16 to 172.31):
string(ip.dst) matches r"^172\.(1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.255"
----
[[ChWorkBuildDisplayFilterTransitional]]
[#ChWorkBuildDisplayFilterTransitional]
==== Sometimes Fields Change Names
@ -823,7 +823,7 @@ the old filter names for the time being, e.g. “bootp.type” is equivalent
to “dhcp.type” but Wireshark will show the warning “"bootp" is deprecated”
when you use it. Support for the deprecated fields may be removed in the future.
[[ChWorkFilterAddExpressionSection]]
[#ChWorkFilterAddExpressionSection]
=== The “Display Filter Expression” Dialog Box
@ -840,7 +840,7 @@ Wireshark display filter strings.
====
[[ChWorkFilterAddExpression1]]
[#ChWorkFilterAddExpression1]
.The “Display Filter Expression” dialog box
image::wsug_graphics/ws-filter-add-expression.png[{screenshot-attrs}]
@ -895,7 +895,7 @@ btn:[Cancel]::
You can leave the “Add Expression...” dialog box without any effect by
clicking the btn:[Cancel] button.
[[ChWorkDefineFilterSection]]
[#ChWorkDefineFilterSection]
=== Defining And Saving Filters
@ -908,7 +908,7 @@ Wireshark will open the corresponding dialog as shown in <<FiltersDialog>>.
The two dialogs look and work similar to one another.
Both are described here, and the differences are noted as needed.
[[FiltersDialog]]
[#FiltersDialog]
.The “Capture Filters” and “Display Filters” dialog boxes
image::wsug_graphics/ws-filters.png[{screenshot-attrs}]
@ -938,7 +938,7 @@ Saves the filter settings and closes the dialog.
btn:[Cancel]::
Closes the dialog without saving any changes.
[[ChWorkDefineFilterMacrosSection]]
[#ChWorkDefineFilterMacrosSection]
=== Defining And Saving Filter Macros
@ -950,7 +950,7 @@ To define and save your own filter macros, follow the steps below:
. In the main menu select menu:Analyze[Display Filter Macros...]. Wireshark will open a corresponding dialog <<FilterMacrosDialog>>.
+
[[FilterMacrosDialog]]
[#FilterMacrosDialog]
+
.Display Filter Macros window
image::wsug_graphics/ws-filter-macros.png[{screenshot-attrs}]
@ -963,7 +963,7 @@ image::wsug_graphics/ws-filter-macros.png[{screenshot-attrs}]
To learn more about display filter macro syntax, see <<ChDisplayFilterMacrosSection>>.
[[ChWorkFindPacketSection]]
[#ChWorkFindPacketSection]
=== Finding Packets
@ -974,7 +974,7 @@ main toolbar and the packet list shown in <<ChWorkFindPacketToolbar>>.
==== The “Find Packet” Toolbar
[[ChWorkFindPacketToolbar]]
[#ChWorkFindPacketToolbar]
.The “Find Packet” toolbar
image::wsug_graphics/ws-find-packet.png[{screenshot-attrs}]
@ -1011,7 +1011,7 @@ Regular Expression::
should return a number of sites that will help you test and explore
your expressions.
[[ChWorkGoToPacketSection]]
[#ChWorkGoToPacketSection]
=== Go To A Specific Packet
@ -1030,7 +1030,7 @@ most web browsers.
==== The “Go to Packet” Toolbar
[[ChWorkGoToPacketToolbar]]
[#ChWorkGoToPacketToolbar]
.The “Go To Packet” toolbar
image::wsug_graphics/ws-goto-packet.png[{screenshot-attrs}]
@ -1058,7 +1058,7 @@ This command will jump to the first packet displayed.
This command will jump to the last packet displayed.
[[ChWorkMarkPacketSection]]
[#ChWorkMarkPacketSection]
=== Marking Packets
@ -1086,7 +1086,7 @@ you can select from the following:
You can also mark and unmark a packet by clicking on it in the packet list
with the middle mouse button.
[[ChWorkIgnorePacketSection]]
[#ChWorkIgnorePacketSection]
=== Ignoring Packets
@ -1108,7 +1108,7 @@ menu:Edit[] menu you can select from the following:
* menu:Unignore All Displayed[] reset the ignored state of all packets.
[[ChWorkTimeFormatsSection]]
[#ChWorkTimeFormatsSection]
=== Time Display Formats And Time References
@ -1159,7 +1159,7 @@ using the “Automatic” setting for libpcap files (which is microseconds). If
you use Seconds it would show simply 1 and if you use Nanoseconds it shows
1.123456000.
[[ChWorkTimeReferencePacketSection]]
[#ChWorkTimeReferencePacketSection]
==== Packet Time Referencing
@ -1187,7 +1187,7 @@ the menu:[Edit] menu or from the pop-up menu of the “Packet List” pane. See
* menu:Find Previous[] Find the previous time referenced packet in the “Packet
List” pane.
[[ChWorkTimeReference]]
[#ChWorkTimeReference]
.Wireshark showing a time referenced packet
image::wsug_graphics/ws-time-reference.png[{screenshot-attrs}]

14
docbook/wsug_src/WSUG_preface.adoc
View File

@ -1,8 +1,8 @@
[[Preface]]
[#Preface]
["preface",id="Preface"]
== Preface
[[PreForeword]]
[#PreForeword]
=== Foreword
@ -12,7 +12,7 @@ This document is part of an effort by the Wireshark team to improve
Wireshark's usability.
We hope that you find it useful and look forward to your comments.
[[PreAudience]]
[#PreAudience]
=== Who should read this document?
@ -33,7 +33,7 @@ behind some of the advanced features that are not always obvious at first sight.
It will hopefully guide you around some common problems that frequently appear
for new (and sometimes even advanced) Wireshark users.
[[PreAck]]
[#PreAck]
=== Acknowledgements
@ -64,7 +64,7 @@ Wireshark project from who sections of this document borrow heavily:
* Ashok Narayanan from whose `text2pcap` man page <<AppToolstext2pcap>> is derived.
[[PreAbout]]
[#PreAbout]
=== About this document
@ -76,14 +76,14 @@ updated by mailto:{wsug-author-email}[Ulf Lamping].
It was originally written in DocBook/XML and converted to AsciiDoc by
Gerald Combs.
[[PreDownload]]
[#PreDownload]
=== Where to get the latest copy of this document?
The latest copy of this documentation can always be found at
{wireshark-users-guide-url}.
[[PreFeedback]]
[#PreFeedback]
=== Providing feedback about this document