forked from osmocom/wireshark
4f567703de
svn path=/trunk/; revision=16794
816 lines
28 KiB
XML
816 lines
28 KiB
XML
<!-- EUG Chapter Customizing -->
|
|
<!-- $Id$ -->
|
|
|
|
<chapter id="ChapterCustomize">
|
|
<title>Customizing Ethereal</title>
|
|
|
|
<section id="ChCustIntroduction"><title>Introduction</title>
|
|
<para>
|
|
Ethereal's default behaviour will usually suit your needs pretty well.
|
|
However, as you become more familiar with Ethereal, it can be customized
|
|
in various ways to suit your needs even better. In this chapter we explore:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
How to start Ethereal with command line parameters
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
How to colorize the packet list
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
How to control protocol dissection
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
How to use the various preference settings
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChCustCommandLine"><title>Start Ethereal from the command line</title>
|
|
<para>
|
|
You can start <application>Ethereal</application> from the command
|
|
line, but it can also be started from most Window managers
|
|
as well. In this section we will look at starting it from the command
|
|
line.
|
|
</para>
|
|
<para>
|
|
<application>Ethereal</application> supports a large number of
|
|
command line parameters. To see what they are, simply enter the
|
|
command <command> ethereal -h</command> and the help information
|
|
shown in <xref linkend="ChCustEx1"/> (or something similar) should be
|
|
printed.
|
|
<example id="ChCustEx1">
|
|
<title>Help information available from Ethereal</title>
|
|
<programlisting>
|
|
This is ethereal 0.10.13
|
|
(C) 1998-2005 Gerald Combs <gerald@ethereal.com>
|
|
|
|
Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown),
|
|
with libz 1.2.3, with libpcre 6.3, with Net-SNMP 5.2.1.2, with ADNS.
|
|
|
|
Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libp
|
|
cap version 0.9[.x] on Windows XP Service Pack 2, build 2600.
|
|
|
|
ethereal [ -vh ] [ -DklLnpQS ] [ -a <capture autostop condition> ] ...
|
|
[ -b <capture ring buffer option> ] ...
|
|
[ -B <capture buffer size> ]
|
|
[ -c <capture packet count> ] [ -f <capture filter> ]
|
|
[ -g <packet number> ] [ -i <capture interface> ] [ -m <font> ]
|
|
[ -N <name resolving flags> ] [ -o <preference/recent setting> ] ...
|
|
[ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ]
|
|
[ -t <time stamp format> ] [ -w <savefile> ] [ -y <capture link type> ]
|
|
[ -z <statistics> ] [ <infile> ] </programlisting>
|
|
</example>
|
|
|
|
We will examine each of the command line options in turn.
|
|
</para>
|
|
<para>
|
|
The first thing to notice is that issuing the command
|
|
<command>ethereal</command> by itself will bring up
|
|
<application>Ethereal</application>.
|
|
However, you can include as many of the command line parameters as
|
|
you like. Their meanings are as follows ( in alphabetical order ):
|
|
XXX - is the alphabetical order a good choice? Maybe better task based?
|
|
<variablelist>
|
|
<varlistentry><term><command>-a <capture autostop condition></command></term>
|
|
<listitem>
|
|
<para>
|
|
Specify a criterion that specifies when Ethereal is to stop writing
|
|
to a capture file. The criterion is of the form test:value, where test
|
|
is one of:
|
|
<variablelist>
|
|
<varlistentry><term><command>duration</command>:value</term>
|
|
<listitem><para>
|
|
Stop writing to a capture file after value of seconds have elapsed.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>filesize</command>:value</term>
|
|
<listitem><para>
|
|
Stop writing to a capture file after it reaches a size of value
|
|
kilobytes (where a kilobyte is 1000 bytes, not 1024 bytes). If
|
|
this option is used together with the -b option, Ethereal will
|
|
stop writing to the current capture file and switch to the next
|
|
one if filesize is reached.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>files</command>:value</term>
|
|
<listitem><para>
|
|
Stop writing to capture files after value number of files were
|
|
written.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-b <capture ring buffer option></command></term>
|
|
<listitem>
|
|
<para>
|
|
If a maximum capture file size was specified, cause Ethereal to run
|
|
in "ring buffer" mode, with the specified number of files. In "ring
|
|
buffer" mode, Ethereal will write to several capture files. Their
|
|
name is based on the number of the file and on the creation date and
|
|
time.
|
|
</para>
|
|
<para>
|
|
When the first capture file fills up, Ethereal will switch to writing
|
|
to the next file, until it fills up the last file, at which point
|
|
it'll discard the data in the first file (unless 0 is specified, in
|
|
which case, the number of files is unlimited) and start writing to
|
|
that file and so on.
|
|
</para>
|
|
<para>
|
|
If the optional duration is specified, Ethereal will switch also to
|
|
the next file when the specified number of seconds has elapsed even
|
|
if the current file is not completely fills up.
|
|
</para>
|
|
<para>
|
|
<variablelist>
|
|
<varlistentry><term><command>duration</command>:value</term>
|
|
<listitem><para>
|
|
Switch to the next file after value seconds have elapsed, even
|
|
if the current file is not completely filled up.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>filesize</command>:value</term>
|
|
<listitem><para>
|
|
Switch to the next file after it reaches a size of value kilobytes
|
|
(where a kilobyte is 1000 bytes, not 1024 bytes).
|
|
</para></listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>files</command>:value</term>
|
|
<listitem><para>
|
|
Begin again with the first file after value number of files were
|
|
written (form a ring buffer).
|
|
</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-B <capture buffer size (Win32 only)></command></term>
|
|
<listitem>
|
|
<para>
|
|
Win32 only: set capture buffer size (in MB, default is 1MB). This
|
|
is used by the the capture driver to buffer packet data until that
|
|
data can be written to disk. If you encounter packet drops while
|
|
capturing, try to increase this size.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-c <capture packet count></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option specifies the maximum number of packets to capture
|
|
when capturing live data. It would be used in conjunction
|
|
with the <command>-k</command> option.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-D</command></term>
|
|
<listitem>
|
|
<para>
|
|
Print a list of the interfaces on which Ethereal can capture, and
|
|
exit. For each network interface, a number and an
|
|
interface name, possibly followed by a text description of the
|
|
interface, is printed. The interface name or the number can be supplied
|
|
to the <command>-i</command> flag to specify an interface on which to capture.
|
|
</para>
|
|
<para>
|
|
This can be useful on systems that don't have a command to list them
|
|
(e.g., Windows systems, or UNIX systems lacking <command>ifconfig -a</command>);
|
|
the number can be useful on Windows 2000 and later systems, where the
|
|
interface name is a somewhat complex string.
|
|
</para>
|
|
<para>
|
|
Note that "can capture" means that Ethereal was able to open
|
|
that device to do a live capture; if, on your system, a program doing a
|
|
network capture must be run from an account with special privileges (for
|
|
example, as root), then, if Ethereal is run with the <command>-D</command> flag and
|
|
is not run from such an account, it will not list any interfaces.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-f <capture filter></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option sets the initial capture filter expression to
|
|
be used when capturing packets.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-g <packet number></command></term>
|
|
<listitem>
|
|
<para>
|
|
After reading in a capture file using the -r flag, go to the given
|
|
packet number.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-h</command></term>
|
|
<listitem>
|
|
<para>
|
|
The <command>-h</command> option requests Ethereal to print
|
|
its version and usage instructions (as shown above) and exit.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-i <capture interface></command></term>
|
|
<listitem>
|
|
<para>
|
|
Set the name of the network interface or pipe to use for live packet
|
|
capture.
|
|
</para>
|
|
<para>
|
|
Network interface names should match one of the names listed in
|
|
<command>ethereal -D</command> (described above); a number, as reported by
|
|
<command>ethereal -D</command>, can also be used. If you're using UNIX, <command>netstat
|
|
-i</command> or <command>ifconfig -a</command> might also work to list interface names,
|
|
although not all versions of UNIX support the <command>-a</command> flag to <command>ifconfig</command>.
|
|
</para>
|
|
<para>
|
|
If no interface is specified, Ethereal searches the list of
|
|
interfaces, choosing the first non-loopback interface if there are any
|
|
non-loopback interfaces, and choosing the first loopback interface if
|
|
there are no non-loopback interfaces; if there are no interfaces,
|
|
Ethereal reports an error and doesn't start the capture.
|
|
</para>
|
|
<para>
|
|
Pipe names should be either the name of a FIFO (named pipe) or ``-'' to
|
|
read data from the standard input. Data read from pipes must be in
|
|
standard libpcap format.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-k</command></term>
|
|
<listitem>
|
|
<para>
|
|
The <command>-k</command> option specifies that Ethereal
|
|
should start capturing packets immediately. This option
|
|
requires the use of the <command>-i</command> parameter to
|
|
specify the interface that packet capture will occur from.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-l</command></term>
|
|
<listitem>
|
|
<para>
|
|
This option turns on automatic scrolling if the packet
|
|
list pane is being updated automatically as packets arrive
|
|
during a capture ( as specified by the <command>-S</command>
|
|
flag).
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-L</command></term>
|
|
<listitem>
|
|
<para>
|
|
List the data link types supported by the interface and exit.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-m <font></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option sets the name of the font used for most text
|
|
displayed by Ethereal. XXX - add an example!
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-n</command></term>
|
|
<listitem>
|
|
<para>
|
|
Disable network object name resolution (such as hostname, TCP and UDP
|
|
port names).
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-N <name resolving flags></command></term>
|
|
<listitem>
|
|
<para>
|
|
Turns on name resolving for particular types of addresses
|
|
and port numbers; the argument is a string that may contain
|
|
the letters <command>m</command> to enable MAC address
|
|
resolution, <command>n</command> to enable network address
|
|
resolution, and <command>t</command> to enable transport-layer
|
|
port number resolution. This overrides <command>-n</command>
|
|
if both <command>-N</command> and <command>-n</command> are
|
|
present. The letter C enables concurrent (asynchronous) DNS lookups.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><command>-o <preference/recent settings></command></term>
|
|
<listitem>
|
|
<para>
|
|
Sets a preference or recent value, overriding the default value and
|
|
any value read from a preference/recent file. The argument to the
|
|
flag is a string of the form prefname:value, where prefname
|
|
is the name of the preference (which is the same name that
|
|
would appear in the preference/recent file), and value is the value
|
|
to which it should be set. Multiple instances of
|
|
<command>-o <preference settings> </command> can be
|
|
given on a single command line.
|
|
</para>
|
|
<para>An example of setting a single preference would be: </para>
|
|
<para>
|
|
<command>
|
|
ethereal -o mgcp.display_dissect_tree:TRUE
|
|
</command>
|
|
</para>
|
|
<para>
|
|
An example of setting multiple preferences would be:
|
|
</para>
|
|
<para>
|
|
<command>
|
|
ethereal -o mgcp.display_dissect_tree:TRUE -o mgcp.udp.callagent_port:2627
|
|
</command>
|
|
</para>
|
|
<tip><title>Tip!</title>
|
|
<para>
|
|
You can get a list of all available preference strings from the
|
|
preferences file, see <xref linkend="AppFiles"/>.
|
|
</para>
|
|
</tip>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-p</command></term>
|
|
<listitem>
|
|
<para>
|
|
Don't put the interface into promiscuous mode. Note that
|
|
the interface might be in promiscuous mode for some other
|
|
reason; hence, -p cannot be used to ensure that the only
|
|
traffic that is captured is traffic sent to or from the
|
|
machine on which Ethereal is running, broadcast traffic, and
|
|
multicast traffic to addresses received by that machine.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-Q</command></term>
|
|
<listitem>
|
|
<para>
|
|
This option forces Ethereal to exit when capturing is
|
|
complete. It can be used with the <command>-c</command> option.
|
|
It must be used in conjunction with the
|
|
<command>-i</command> and <command>-w</command> options.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-r <infile></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option provides the name of a capture file for Ethereal
|
|
to read and display. This capture file can be in one of the
|
|
formats Ethereal understands.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-R <read (display) filter></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option specifies a display filter to be applied when
|
|
reading packets from a capture file. The syntax of this
|
|
filter is that of the display filters discussed in
|
|
<xref linkend="ChWorkDisplayFilterSection"/>. Packets not
|
|
matching the filter are discarded.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-s <capture snaplen></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option specifies the snapshot length to use when
|
|
capturing packets. Ethereal will only capture
|
|
<command><snaplen></command> bytes of data for each packet.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-S</command></term>
|
|
<listitem>
|
|
<para>
|
|
This option specifies that Ethereal will display packets as
|
|
it captures them. This is done by capturing in one process
|
|
and displaying them in a separate process. This is the same
|
|
as "Update list of packets in real time" in the Capture Options
|
|
dialog box.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><command>-t <time stamp format></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option sets the format of packet timestamps that are
|
|
displayed in the packet list window. The format can be one of:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>r</command> relative, which specifies timestamps are
|
|
displayed relative to the first packet captured.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>a</command> absolute, which specifies that actual times
|
|
be displayed for all packets.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>ad</command> absolute with date, which specifies that
|
|
actual dates and times be displayed for all packets.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>d</command> delta, which specifies that timestamps
|
|
are relative to the previous packet.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-v</command></term>
|
|
<listitem>
|
|
<para>
|
|
The <command>-v</command> option requests
|
|
Ethereal to print out its version information and exit.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-w <savefile></command></term>
|
|
<listitem>
|
|
<para>
|
|
This option sets the name of the <command>savefile</command>
|
|
to be used when saving a capture file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-y <capture link type></command></term>
|
|
<listitem>
|
|
<para>
|
|
If a capture is started from the command line with -k, set the data
|
|
link type to use while capturing packets. The values reported by -L
|
|
are the values that can be used.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>-z <statistics-string></command></term>
|
|
<listitem>
|
|
<para>
|
|
Get Ethereal to collect various types of statistics and display the
|
|
result in a window that updates in semi-real time.
|
|
XXX - add more details here!
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChCustColorizationSection"><title>Packet colorization</title>
|
|
<para>
|
|
A very useful mechanism available in Ethereal is packet colorization.
|
|
You can set-up Ethereal so that it will colorize packets according to a
|
|
filter. This allows you to emphasize the packets you are usually
|
|
interested in.
|
|
</para>
|
|
<tip>
|
|
<title>Tip!</title>
|
|
<para>
|
|
You will find a lot of Coloring Rule examples at the <command>Ethereal
|
|
Wiki Coloring Rules page</command> at <ulink
|
|
url="&EtherealWikiColoringRulesPage;">&EtherealWikiColoringRulesPage;</ulink>.
|
|
</para>
|
|
</tip>
|
|
<para>
|
|
To colorize packets, select the Coloring Rules... menu item from
|
|
the View menu, Ethereal will pop up the "Coloring Rules"
|
|
dialog box as shown in <xref linkend="ChCustColoringRulesDialog"/>.
|
|
</para>
|
|
<figure id="ChCustColoringRulesDialog">
|
|
<title>The "Coloring Rules" dialog box</title>
|
|
<graphic entityref="EtherealColoringRulesDialog" format="PNG"/>
|
|
</figure>
|
|
<para>
|
|
Once the Coloring Rules dialog box is up, there are a number
|
|
of buttons you can use, depending on whether or not you have any
|
|
color filters installed already.
|
|
</para>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
You will need to carefully select the order the coloring rules are listed
|
|
(and thus applied) as they are applied in order from top to bottom.
|
|
So, more specific rules need to be listed before more general rules.
|
|
For example, if you have a color rule for UDP before the one for DNS,
|
|
the color rule for DNS will never be applied (as DNS uses UDP, so the
|
|
UDP rule will be matching first).
|
|
</para>
|
|
</note>
|
|
<para>
|
|
If this is the first time you have used Coloring Rules, click on the New
|
|
button which will bring up the Edit color filter dialog box as shown in
|
|
<xref linkend="ChCustEditColorDialog"/>.
|
|
</para>
|
|
<figure id="ChCustEditColorDialog">
|
|
<title>The "Edit Color Filter" dialog box</title>
|
|
<graphic entityref="EtherealEditColorDialog" format="PNG"/>
|
|
</figure>
|
|
<para>
|
|
In the Edit Color dialog box, simply enter a name for the color filter,
|
|
and enter a filter string in the Filter text field.
|
|
<xref linkend="ChCustEditColorDialog"/> shows the values
|
|
<command>arp</command> and <command>arp</command> which means that
|
|
the name of the color filter is <command>arp</command> and the filter
|
|
will select protocols of type <command>arp</command>. Once you have
|
|
entered these values, you can choose a foreground and background
|
|
color for packets that match the filter expression. Click on
|
|
<command>Foreground color...</command> or
|
|
<command>Background color...</command> to achieve this and
|
|
Ethereal will pop up the Choose foreground/background color for
|
|
protocol dialog box as shown in
|
|
<xref linkend="ChCustChooseColorDialog"/>.
|
|
</para>
|
|
<figure id="ChCustChooseColorDialog">
|
|
<title>The "Choose color" dialog box</title>
|
|
<graphic entityref="EtherealChooseColorDialog" format="PNG"/>
|
|
</figure>
|
|
<para>
|
|
Select the color you desire for the selected packets and click on OK.
|
|
</para>
|
|
<note>
|
|
<title>Note!</title>
|
|
<para>
|
|
You must select a color in the colorbar next to the colorwheel to
|
|
load values into the RGB values. Alternatively, you can set the
|
|
values to select the color you want.
|
|
</para>
|
|
</note>
|
|
<para>
|
|
<xref linkend="ChCustColorFilterMany"/> shows an example of several color
|
|
filters being used in Ethereal. You may not like the color choices,
|
|
however, feel free to choose your own.
|
|
</para>
|
|
<figure id="ChCustColorFilterMany">
|
|
<title>Using color filters with Ethereal</title>
|
|
<graphic entityref="EtherealThreePane1" format="PNG"/>
|
|
</figure>
|
|
</section>
|
|
|
|
<section id="ChCustProtocolDissectionSection">
|
|
<title>Control Protocol dissection</title>
|
|
<para>
|
|
The user can control how protocols are dissected.
|
|
</para>
|
|
<para>
|
|
Each protocol has its own dissector, so dissecting a complete packet will
|
|
typically involve several dissectors. As Ethereal tries to find the
|
|
right dissector for each packet (using static "routes" and heuristics
|
|
"guessing"), it might choose the wrong dissector in your specific
|
|
case. For example, Ethereal won't know if you use a common protocol
|
|
on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of
|
|
the standard port 80.
|
|
</para>
|
|
<para>
|
|
There are two ways to control the relations between protocol
|
|
dissectors: disable a protocol dissector completely or temporarily
|
|
divert the way Ethereal calls the dissectors.
|
|
</para>
|
|
<section id="ChAdvEnabledProtocols"><title>The "Enabled Protocols" dialog
|
|
box</title>
|
|
<para>
|
|
The Enabled Protocols dialog box lets you enable or
|
|
disable specific protocols, all protocols are enabled by default.
|
|
When a protocol is disabled, Ethereal stops processing a packet
|
|
whenever that protocol is encountered.
|
|
</para>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
Disabling a protocol will prevent information about higher-layer
|
|
protocols from being displayed. For example,
|
|
suppose you disabled the IP protocol and selected
|
|
a packet containing Ethernet, IP, TCP, and HTTP
|
|
information. The Ethernet information would be
|
|
displayed, but the IP, TCP and HTTP information
|
|
would not - disabling IP would prevent it and
|
|
the other protocols from being displayed.
|
|
</para>
|
|
</note>
|
|
<figure id="ChAdvEnabledProtocolsFig">
|
|
<title>The "Enabled Protocols" dialog box</title>
|
|
<graphic entityref="EtherealEnabledProtocols" format="PNG"/>
|
|
</figure>
|
|
<para>
|
|
To disable or enable a protocol, simply click on it using the
|
|
mouse or press the space bar when the protocol is highlighted.
|
|
</para>
|
|
<warning><title>Warning!</title>
|
|
<para>
|
|
You have to use the Save button to save your settings. The OK or Apply
|
|
buttons will not save your changes permanently, so they will be lost
|
|
when Ethereal is closed.
|
|
</para>
|
|
</warning>
|
|
<para>
|
|
You can choose from the following actions:
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>Enable All</command> Enable all protocols in the list.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Disable All</command> Disable all protocols in the list.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Invert</command> Toggle the state of all protocols in the
|
|
list.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>OK</command> Apply the changes and close the dialog box.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Apply</command> Apply the changes and keep the dialog box
|
|
open.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Save</command> Save the settings to the disabled_protos, see
|
|
<xref linkend="AppFiles"/> for details.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Cancel</command> Cancel the changes and close the dialog box.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChAdvDecodeAs"><title>User Specified Decodes</title>
|
|
<para>
|
|
The "Decode As" functionality let you temporarily divert specific
|
|
protocol dissections. This might be useful for example, if you do some
|
|
uncommon experiments on your network.
|
|
</para>
|
|
<para>
|
|
<figure id="ChAdvDecodeAsFig">
|
|
<title>The "Decode As" dialog box</title>
|
|
<graphic scale="100" entityref="EtherealDecodeAs" format="PNG"/>
|
|
</figure>
|
|
The content of this dialog box depends on the selected packet when it
|
|
was opened.
|
|
<warning><title>Warning!</title>
|
|
<para>
|
|
The user specified decodes can not be saved. If you quit Ethereal,
|
|
these settings will be lost.
|
|
</para>
|
|
</warning>
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>Decode</command> Decode packets the selected way.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Do not decode</command> Do not decode packets the selected
|
|
way.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Link/Network/Transport</command> Specify the network layer
|
|
at which "Decode As" should take place. Which of these pages are
|
|
available, depends on the content of the selected packet when this
|
|
dialog box was opened.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Show Current</command> Open a dialog box showing the
|
|
current list of user specified decodes.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>OK</command> Apply the currently selected decode and close
|
|
the dialog box.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Apply</command> Apply the currently selected decode and keep
|
|
the dialog box open.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Cancel</command> Cancel the changes and close the dialog box.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChAdvDecodeAsShow"><title>Show User Specified Decodes</title>
|
|
<para>
|
|
This dialog box shows the currently active user specified decodes.
|
|
<figure id="ChAdvDecodeAsShowFig">
|
|
<title>The "Decode As: Show" dialog box</title>
|
|
<graphic entityref="EtherealDecodeAsShow" format="PNG"/>
|
|
</figure>
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>OK</command> Close this dialog box.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Clear</command> Removes all user specified decodes.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
</para>
|
|
</section>
|
|
</section>
|
|
|
|
<section id="ChCustPreferencesSection"><title>Preferences</title>
|
|
<para>
|
|
There are a number of preferences you can set. Simply
|
|
select the Preferences... menu item from the Edit menu, and Ethereal
|
|
will pop up the Preferences dialog box as shown in
|
|
<xref linkend="ChCustGUIPrefPage"/>, with the "User Interface" page as
|
|
default. On the left side is a tree where you can select the page to be
|
|
shown.
|
|
<note><title>Note!</title>
|
|
<para>
|
|
Preference settings are added frequently. For a recent explanation of
|
|
the preference pages and their settings have a look at the
|
|
<command>Ethereal Wiki Preferences page</command> at <ulink
|
|
url="&EtherealWikiPreferencesPage;">&EtherealWikiPreferencesPage;</ulink>.
|
|
</para>
|
|
</note>
|
|
<warning>
|
|
<title>Warning!</title>
|
|
<para>
|
|
The OK or Apply button will not save the preference settings,
|
|
you'll have to save the settings by clicking the Save button.
|
|
</para>
|
|
</warning>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The <command>OK</command> button will apply the preferences
|
|
settings and close the dialog.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <command>Apply</command> button will apply the preferences
|
|
settings and keep the dialog open.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <command>Save</command> button will apply the preferences
|
|
settings, save the settings on the harddisk and keep the dialog open.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <command>Cancel</command> button will restore all preferences
|
|
settings to the last saved state.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
<figure id="ChCustGUIPrefPage">
|
|
<title>The preferences dialog box</title>
|
|
<graphic entityref="EtherealGUIPreferences" format="PNG"/>
|
|
</figure>
|
|
</section>
|
|
|
|
</chapter>
|
|
<!-- End of EUG Chapter Customizing -->
|
|
|