forked from osmocom/wireshark
Update user guide for development release
Change-Id: I9b4c5ab2e98ad6daa618bcda20b53a23467e16e0 Reviewed-on: https://code.wireshark.org/review/11734 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This commit is contained in:
parent
f1ff6d62c4
commit
fb3d38225e
|
@ -1617,7 +1617,7 @@ DIAG_ON(cast-qual)
|
|||
case 'h':
|
||||
printf("Capinfos (Wireshark) %s\n"
|
||||
"Print various information (infos) about capture files.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
print_usage(stdout);
|
||||
exit(0);
|
||||
|
|
|
@ -189,7 +189,7 @@ DIAG_ON(cast-qual)
|
|||
case 'h':
|
||||
printf("Captype (Wireshark) %s\n"
|
||||
"Print the file types of capture files.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
print_usage(stdout);
|
||||
exit(0);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!-- Document information for the Developer's Guide. -->
|
||||
|
||||
<subtitle>For Wireshark 1.99</subtitle>
|
||||
<subtitle>For Wireshark 2.1</subtitle>
|
||||
|
||||
<!-- <title><inlinegraphic entityref="WiresharkLogo" valign="middle" format="PNG"/> &DocumentTitle;</title> -->
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<!-- Document information for the User's Guide. -->
|
||||
|
||||
<subtitle>For Wireshark 1.99</subtitle>
|
||||
<subtitle>For Wireshark 2.1</subtitle>
|
||||
|
||||
<!--
|
||||
<title><inlinegraphic entityref="WiresharkLogo" valign="middle" format="PNG"/> &DocumentTitle;</title>
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
= Wireshark User's Guide
|
||||
= Wireshark User Guide
|
||||
//v1.0, February 2014: Finished conversion from DocBook to AsciiDoc
|
||||
:doctype: book
|
||||
|
||||
|
|
|
@ -28,13 +28,9 @@ available. It supports the same options as `wireshark`. For more information on
|
|||
[[AppToolstsharkEx]]
|
||||
.Help information available from `tshark`
|
||||
----
|
||||
TShark 1.12.1 (Git Rev Unknown from unknown)
|
||||
TShark (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Dump and analyze network traffic.
|
||||
See http://www.wireshark.org for more information.
|
||||
|
||||
Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: tshark [options] ...
|
||||
|
||||
|
@ -58,6 +54,8 @@ Capture output:
|
|||
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
|
||||
filesize:NUM - switch to next file after NUM KB
|
||||
files:NUM - ringbuffer: replace after NUM files
|
||||
RPCAP options:
|
||||
-A <user>:<password> use RPCAP password authentication
|
||||
Input file:
|
||||
-r <infile> set the filename to read from (- to read from stdin)
|
||||
|
||||
|
@ -73,13 +71,12 @@ Processing:
|
|||
Example: tcp.port==8888,http
|
||||
-H <hosts file> read a list of entries from a hosts file, which will
|
||||
then be written to a capture file. (Implies -W n)
|
||||
--disable-protocol <proto_name> disable dissection of proto_name
|
||||
Repeat option for each protocol
|
||||
--enable-heuristic <short_name> enable dissection of heuristic protocol
|
||||
Repeat option for each protocol
|
||||
--disable-heuristic <short_name> disable dissection of heuristic protocol
|
||||
Repeat option for each protocol
|
||||
|
||||
--disable-protocol <proto_name>
|
||||
disable dissection of proto_name
|
||||
--enable-heuristic <short_name>
|
||||
enable dissection of heuristic protocol
|
||||
--disable-heuristic <short_name>
|
||||
disable dissection of heuristic protocol
|
||||
Output:
|
||||
-w <outfile|-> write packets to a pcap-format file named "outfile"
|
||||
(or to the standard output for "-")
|
||||
|
@ -172,9 +169,9 @@ follows the rules of the pcap library.
|
|||
[[AppToolsdumpcapEx]]
|
||||
.Help information available from dumpcap
|
||||
----
|
||||
Dumpcap 1.12.1 (Git Rev Unknown from unknown)
|
||||
Capture network packets and dump them into a pcapng file.
|
||||
See http://www.wireshark.org for more information.
|
||||
Dumpcap (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Capture network packets and dump them into a pcapng or pcap file.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: dumpcap [options] ...
|
||||
|
||||
|
@ -196,6 +193,13 @@ Capture interface:
|
|||
-S print statistics for each interface once per second
|
||||
-M for -D, -L, and -S, produce machine-readable output
|
||||
|
||||
RPCAP options:
|
||||
-r don't ignore own RPCAP traffic in capture
|
||||
-u use UDP for RPCAP data transfer
|
||||
-A <user>:<password> use RPCAP password authentication
|
||||
-m <sampling type> use packet sampling
|
||||
count:NUM - capture one packet of every NUM
|
||||
timer:NUM - capture no more than 1 packet in NUM ms
|
||||
Stop conditions:
|
||||
-c <packet count> stop after n packets (def: infinite)
|
||||
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
|
||||
|
@ -241,15 +245,17 @@ Use Ctrl-C to stop capturing at any time.
|
|||
[[AppToolscapinfosEx]]
|
||||
.Help information available from capinfos
|
||||
----
|
||||
Capinfos 1.12.1 (Git Rev Unknown from unknown)
|
||||
Prints various information (infos) about capture files.
|
||||
See http://www.wireshark.org for more information.
|
||||
Capinfos (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Print various information (infos) about capture files.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: capinfos [options] <infile> ...
|
||||
|
||||
General infos:
|
||||
-t display the capture file type
|
||||
-E display the capture file encapsulation
|
||||
-I display the capture file interface information
|
||||
-F display additional capture file information
|
||||
-H display the SHA1, RMD160, and MD5 hashes of the file
|
||||
-k display the capture comment
|
||||
|
||||
|
@ -312,13 +318,9 @@ stdout.
|
|||
[[AppToolsrawsharkEx]]
|
||||
.Help information available from rawshark
|
||||
----
|
||||
Rawshark 1.12.1 (Git Rev Unknown from unknown)
|
||||
Rawshark (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Dump and analyze network traffic.
|
||||
See http://www.wireshark.org for more information.
|
||||
|
||||
Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: rawshark [options] ...
|
||||
|
||||
|
@ -360,9 +362,9 @@ information about capture files.
|
|||
[[AppToolseditcapEx]]
|
||||
.Help information available from editcap
|
||||
----
|
||||
Editcap 1.12.1 (Git Rev Unknown from unknown)
|
||||
Editcap (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Edit and/or translate the format of capture files.
|
||||
See http://www.wireshark.org for more information.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]
|
||||
|
||||
|
@ -386,6 +388,15 @@ Duplicate packet removal:
|
|||
LESS THAN <dup time window> prior to current packet.
|
||||
A <dup time window> is specified in relative seconds
|
||||
(e.g. 0.000001).
|
||||
-a <framenum>:<comment> Add or replace comment for given frame number
|
||||
|
||||
-I <bytes to ignore> ignore the specified bytes at the beginning of
|
||||
the frame during MD5 hash calculation
|
||||
Useful to remove duplicated packets taken on
|
||||
several routers(differents mac addresses for
|
||||
example)
|
||||
e.g. -I 26 in case of Ether/IP/ will ignore
|
||||
ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
|
||||
|
||||
NOTE: The use of the 'Duplicate packet removal' options with
|
||||
other editcap options except -v may not always work as expected.
|
||||
|
@ -403,7 +414,8 @@ Packet manipulation:
|
|||
this option more than once, allowing up to 2 chopping
|
||||
regions within a packet provided that at least 1
|
||||
choplen is positive and at least 1 is negative.
|
||||
-L adjust the frame length when chopping and/or snapping
|
||||
-L adjust the frame (i.e. reported) length when chopping
|
||||
and/or snapping
|
||||
-t <time adjustment> adjust the timestamp of each packet;
|
||||
<time adjustment> is in relative seconds (e.g. -0.5).
|
||||
-S <strict adjustment> adjust timestamp of packets if necessary to insure
|
||||
|
@ -416,6 +428,9 @@ Packet manipulation:
|
|||
all packets to the timestamp of the first packet.
|
||||
-E <error probability> set the probability (between 0.0 and 1.0 incl.) that
|
||||
a particular packet byte will be randomly changed.
|
||||
-o <change offset> When used in conjuction with -E, skip some bytes from the
|
||||
beginning of the packet. This allows to preserve some
|
||||
bytes, in order to have some headers untouched.
|
||||
|
||||
Output File(s):
|
||||
-c <packets per file> split the packet output to different files based on
|
||||
|
@ -473,6 +488,7 @@ editcap: The available capture file types for the "-F" flag are:
|
|||
nstrace10 - NetScaler Trace (Version 1.0)
|
||||
nstrace20 - NetScaler Trace (Version 2.0)
|
||||
nstrace30 - NetScaler Trace (Version 3.0)
|
||||
nstrace35 - NetScaler Trace (Version 3.5)
|
||||
pcap - Wireshark/tcpdump/... - pcap
|
||||
pcapng - Wireshark/... - pcapng
|
||||
rf5 - Tektronix K12xx 32-bit .rf5 format
|
||||
|
@ -556,6 +572,7 @@ editcap: The available encapsulation types for the "-T" flag are:
|
|||
isdn - ISDN
|
||||
ixveriwave - IxVeriWave header and stats block
|
||||
jfif - JPEG/JFIF
|
||||
json - JavaScript Object Notation
|
||||
juniper-atm1 - Juniper ATM1
|
||||
juniper-atm2 - Juniper ATM2
|
||||
juniper-chdlc - Juniper C-HDLC
|
||||
|
@ -584,6 +601,7 @@ editcap: The available encapsulation types for the "-T" flag are:
|
|||
logcat_thread - Android Logcat Thread text format
|
||||
logcat_threadtime - Android Logcat Threadtime text format
|
||||
logcat_time - Android Logcat Time text format
|
||||
loop - OpenBSD loopback
|
||||
ltalk - Localtalk
|
||||
mime - MIME
|
||||
most - Media Oriented Systems Transport
|
||||
|
@ -601,7 +619,8 @@ editcap: The available encapsulation types for the "-T" flag are:
|
|||
nstrace10 - NetScaler Encapsulation 1.0 of Ethernet
|
||||
nstrace20 - NetScaler Encapsulation 2.0 of Ethernet
|
||||
nstrace30 - NetScaler Encapsulation 3.0 of Ethernet
|
||||
null - NULL
|
||||
nstrace35 - NetScaler Encapsulation 3.5 of Ethernet
|
||||
null - NULL/Loopback
|
||||
packetlogger - PacketLogger
|
||||
pflog - OpenBSD PF Firewall logs
|
||||
pflog-old - OpenBSD PF Firewall logs, pre-3.4
|
||||
|
@ -718,9 +737,9 @@ FDDI capture if an Ethernet capture is read and `-T fddi` is specified).
|
|||
[[AppToolsmergecapEx]]
|
||||
.Help information available from mergecap
|
||||
----
|
||||
Mergecap 1.12.1 (Git Rev Unknown from unknown)
|
||||
Mergecap (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Merge two or more capture files into one.
|
||||
See http://www.wireshark.org for more information.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: mergecap [options] -w <outfile>|- <infile> [<infile> ...]
|
||||
|
||||
|
@ -731,9 +750,8 @@ Output:
|
|||
-w <outfile>|- set the output filename to <outfile> or '-' for stdout.
|
||||
-F <capture type> set the output file type; default is pcapng.
|
||||
an empty "-F" option will list the file types.
|
||||
-T <encap type> set the output file encapsulation type;
|
||||
default is the same as the first input file.
|
||||
an empty "-T" option will list the encapsulation types.
|
||||
-I <IDB merge mode> set the merge mode for Interface Description Blocks; default is 'all'.
|
||||
an empty "-I" option will list the merge modes.
|
||||
|
||||
Miscellaneous:
|
||||
-h display this help and exit.
|
||||
|
@ -812,9 +830,9 @@ full-packet decoder to handle these dumps.
|
|||
.Help information available from text2pcap
|
||||
|
||||
----
|
||||
Text2pcap 1.12.1 (Git Rev Unknown from unknown)
|
||||
Text2pcap (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Generate a capture file from an ASCII hexdump of packets.
|
||||
See http://www.wireshark.org for more information.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: text2pcap [options] <infile> <outfile>
|
||||
|
||||
|
@ -902,9 +920,9 @@ Miscellaneous:
|
|||
[[AppToolsreordercapEx]]
|
||||
.Help information available from reordercap
|
||||
----
|
||||
Reordercap 1.12.1
|
||||
Reordercap (Wireshark) 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Reorder timestamps of input file frames into output file.
|
||||
See http://www.wireshark.org for more information.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Usage: reordercap [options] <infile> <outfile>
|
||||
|
||||
|
|
|
@ -38,14 +38,10 @@ are, simply enter the command _wireshark -h_ and the help information shown in
|
|||
.Help information available from Wireshark
|
||||
====
|
||||
----
|
||||
Wireshark 1.12.1 (Git Rev Unknown from unknown)
|
||||
Wireshark 2.1.0 (v2.1.0rc0-502-g328fbc0 from master)
|
||||
Interactively dump and analyze network traffic.
|
||||
See https://www.wireshark.org for more information.
|
||||
|
||||
Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
Usage: wireshark [options] ... [ <infile> ]
|
||||
|
||||
Capture interface:
|
||||
|
@ -71,6 +67,8 @@ Capture output:
|
|||
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
|
||||
filesize:NUM - switch to next file after NUM KB
|
||||
files:NUM - ringbuffer: replace after NUM files
|
||||
RPCAP options:
|
||||
-A <user>:<password> use RPCAP password authentication
|
||||
Input file:
|
||||
-r <infile> set the filename to read from (no pipes or stdin!)
|
||||
|
||||
|
@ -78,12 +76,12 @@ Processing:
|
|||
-R <read filter> packet filter in Wireshark display filter syntax
|
||||
-n disable all name resolutions (def: all enabled)
|
||||
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
|
||||
--disable-protocol <proto_name> disable dissection of proto_name
|
||||
Repeat option for each protocol
|
||||
--enable-heuristic <short_name> enable dissection of heuristic protocol
|
||||
Repeat option for each protocol
|
||||
--disable-heuristic <short_name> disable dissection of heuristic protocol
|
||||
Repeat option for each protocol
|
||||
--disable-protocol <proto_name>
|
||||
disable dissection of proto_name
|
||||
--enable-heuristic <short_name>
|
||||
enable dissection of heuristic protocol
|
||||
--disable-heuristic <short_name>
|
||||
disable dissection of heuristic protocol
|
||||
|
||||
User interface:
|
||||
-C <config profile> start with specified configuration profile
|
||||
|
@ -108,7 +106,6 @@ Miscellaneous:
|
|||
persdata:path - personal data files
|
||||
-o <name>:<value> ... override preference or recent setting
|
||||
-K <keytab> keytab file to use for kerberos decryption
|
||||
--display=DISPLAY X display to use
|
||||
----
|
||||
====
|
||||
|
||||
|
|
|
@ -1160,7 +1160,7 @@ DIAG_ON(cast-qual)
|
|||
case 'h':
|
||||
printf("Editcap (Wireshark) %s\n"
|
||||
"Edit and/or translate the format of capture files.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
print_usage(stdout);
|
||||
exit(0);
|
||||
|
|
|
@ -322,7 +322,7 @@ DIAG_ON(cast-qual)
|
|||
case 'h':
|
||||
printf("Mergecap (Wireshark) %s\n"
|
||||
"Merge two or more capture files into one.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
print_usage(stdout);
|
||||
exit(0);
|
||||
|
|
|
@ -605,7 +605,7 @@ DIAG_ON(cast-qual)
|
|||
case 'h': /* Print help and exit */
|
||||
printf("Rawshark (Wireshark) %s\n"
|
||||
"Dump and analyze network traffic.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
print_usage(stdout);
|
||||
exit(0);
|
||||
|
|
|
@ -229,7 +229,7 @@ DIAG_ON(cast-qual)
|
|||
case 'h':
|
||||
printf("Reordercap (Wireshark) %s\n"
|
||||
"Reorder timestamps of input file frames into output file.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
print_usage(stdout);
|
||||
exit(0);
|
||||
|
|
|
@ -1564,7 +1564,7 @@ DIAG_ON(cast-qual)
|
|||
case 'h':
|
||||
printf("Text2pcap (Wireshark) %s\n"
|
||||
"Generate a capture file from an ASCII hexdump of packets.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
print_usage(stdout);
|
||||
exit(0);
|
||||
|
|
|
@ -164,7 +164,7 @@ print_usage(gboolean for_help_option) {
|
|||
output = stdout;
|
||||
fprintf(output, "Wireshark %s\n"
|
||||
"Interactively dump and analyze network traffic.\n"
|
||||
"See http://www.wireshark.org for more information.\n",
|
||||
"See https://www.wireshark.org for more information.\n",
|
||||
get_ws_vcs_version_info());
|
||||
} else {
|
||||
output = stderr;
|
||||
|
|
Loading…
Reference in New Issue