* Some recent settings (recent), such as pane sizes in the Main window
(<<ChUseMainWindowSection>>), column widths in the packet list
(<<ChUsePacketListPaneSection>>), all selections in the ``View'' menu
(<<ChUseViewMenuSection>>) and the last directory navigated to in the File
Open dialog.
All other configurations are stored in the personal configuration folder, and
are common to all profiles.
[[ChCustGUIConfigProfilesPage]]
.The configuration profiles dialog box
image::wsug_graphics/ws-gui-config-profiles.png[]
New::
This button adds a new profile to the profiles list. The name of the created
profile is ``New profile'' and can be changed in the Properties field.
Copy::
This button adds a new profile to the profiles list, copying all configuration
from the profile currently selected in the list. The name of the created profile
is the same as the copied profile, with the text ``(copy)'' applied. The name
can be changed in the Properties field.
Delete::
This button deletes the selected profile, including all configuration files used
in this profile. It is not possible to delete the ``Default'' profile.
Configuration Profiles::
You can select a configuration profile from this list (which will fill in the
profile name in the fields down at the bottom of the dialog box).
Profile name::
You can change the name of the currently selected profile here.
+
--
The profile name will be used as a folder name in the configured ``Personal
configurations'' folder. If adding multiple profiles with the same name, only
one profile will be created.
On Windows the profile name cannot start or end with a period (.), and cannot
contain any of the following characters: `\', `/', `:', `*',
`?', ``', `<', `>', `|', or `+'. On Unix the profile name
cannot contain the `/' character.
--
button:[OK]::
This button saves all changes, applies the selected profile and closes the
dialog.
button:[Apply]::
This button saves all changes, applies the selected profile and keeps the dialog
open.
button:[Cancel]::
Close this dialog. This will discard unsaved settings, new profiles will not be
added and deleted profiles will not be deleted.
button:[Help]::
Show this help page.
[[ChUserTable]]
=== User Table
The User Table editor is used for managing various tables in wireshark. Its main
dialog works very similarly to that of <<ChCustColorizationSection>>.
[[ChDisplayFilterMacrosSection]]
=== Display Filter Macros
Display Filter Macros are a mechanism to create shortcuts for complex filters.
For example defining a display filter macro named _$$tcp_conv$$_ whose text is
_( (ip.src == $1 and ip.dst == $2 and tcp.srcport == $3 and tcp.dstport == $4)
or (ip.src == $2 and ip.dst == $1 and tcp.srcport == $4 and tcp.dstport == $3)
)_ would allow to use a display filter like
_$$${tcp_conv:10.1.1.2;10.1.1.3;1200;1400}$$_ instead of typing the whole
filter.
Display Filter Macros can be managed with a <<ChUserTable>> by selecting
menu:Analyze[Display Filter Macros] from the menu. The User Table has the
following fields
Name::
The name of the macro.
Text::
The replacement text for the macro it uses $1, $2, $3, ... as the input arguments.
[[ChEssCategoryAttributes]]
=== ESS Category Attributes
Wireshark uses this table to map ESS Security Category attributes to textual representations. The values to put in this table are usually found in a link:$$http://www.xmlspif.org/$$[XML SPIF], which is used for defining security labels.
This table is handled by an <<ChUserTable>> with the following fields.
Tag Set::
An Object Identifier representing the Category Tag Set.
Value::
The value (Label And Cert Value) representing the Category.
Name::
The textual representation for the value.
[[ChGeoIPDbPaths]]
=== GeoIP Database Paths
If your copy of Wireshark supports link:http://www.maxmind.com/[MaxMind's]
GeoIP library, you can use their databases to match IP addresses to countries,
cites, autonomous system numbers, ISPs, and other bits of information. Some
databases are link:http://www.maxmind.com/download/geoip/database/[available
at no cost], while others require a licensing fee. See
link:http://www.maxmind.com/app/ip-location[the MaxMind web site] for more
information.
This table is handled by an <<ChUserTable>> with the following fields.
Database pathname::
This specifies a directory containing GeoIP data files. Any files beginning with
_Geo_ and ending with _.dat_ will be automatically loaded. A total of 8 files
can be loaded.
+
The locations for your data files are up to you, but `/usr/share/GeoIP` (Linux),
`C:\GeoIP` (Windows), `C:\Program Files\Wireshark\GeoIP` (Windows) might be good
choices.
[[ChIKEv2DecryptionSection]]
=== IKEv2 decryption table
Wireshark can decrypt Encrypted Payloads of IKEv2 (Internet Key Exchange version
2) packets if necessary information is provided. Note that you can decrypt only
IKEv2 packets with this feature. If you want to decrypt IKEv1 packets or ESP
packets, use Log Filename setting under ISAKMP protocol preference or settings
under ESP protocol preference respectively.
This table is handled by an <<ChUserTable>> with the following fields.
Initiator's SPI::
Initiator's SPI of the IKE_SA. This field takes hexadecimal string without
``0x'' prefix and the length must be 16 hex chars (represents 8 octets).
Responder's SPI::
Responder's SPI of the IKE_SA. This field takes hexadecimal string without
``0x'' prefix and the length must be 16 hex chars (represents 8 octets).
$$SK_ei$$::
Key used to encrypt/decrypt IKEv2 packets from initiator to responder. This
field takes hexadecimal string without ``0x'' prefix and its length must meet
the requirement of the encryption algorithm selected.
$$SK_er$$::
Key used to encrypt/decrypt IKEv2 packets from responder to initiator. This
field takes hexadecimal string without ``0x'' prefix and its length must meet
the requirement of the encryption algorithm selected.
Encryption Algorithm::
Encryption algorithm of the IKE_SA.
$$SK_ai$$::
Key used to calculate Integrity Checksum Data for IKEv2 packets from responder
to initiator. This field takes hexadecimal string without ``0x'' prefix and its
length must meet the requirement of the integrity algorithm selected.
$$SK_ar$$::
Key used to calculate Integrity Checksum Data for IKEv2 packets from initiator
to responder. This field takes hexadecimal string without ``0x'' prefix and its
length must meet the requirement of the integrity algorithm selected.
Integrity Algorithm::
Integrity algorithm of the IKE_SA.
[[ChObjectIdentifiers]]
=== Object Identifiers
Many protocols that use ASN.1 use Object Identifiers (OIDs) to uniquely identify
certain pieces of information. In many cases, they are used in an extension
mechanism so that new object identifiers (and associated values) may be defined
without needing to change the base standard.
Whilst Wireshark has knowledge about many of the OIDs and the syntax of their
associated values, the extensibility means that other values may be encountered.
Wireshark uses this table to allow the user to define the name and syntax of
Object Identifiers that Wireshark does not know about (for example, a privately
defined X.400 extension). It also allows the user to override the name and
syntax of Object Identifiers that Wireshark does know about (e.g. changing the
name ``id-at-countryName'' to just ``c'').
This table is handled by an <<ChUserTable>> with the following fields.
OID::
The string representation of the Object Identifier e.g. ``2.5.4.6''.
Name::
The name that should be displayed by Wireshark when the Object Identifier is
dissected e.g. ('c');
Syntax::
The syntax of the value associated with the Object Identifier. This must be one
of the syntaxes that Wireshark already knows about (e.g. ``PrintableString'').
[[ChPresContextList]]
=== PRES Users Context List
Wireshark uses this table to map a presentation context identifier to a given
object identifier when the capture does not contain a PRES package with a
presentation context definition list for the conversation.
This table is handled by an <<ChUserTable>> with the following fields.
Context Id::
An Integer representing the presentation context identifier for which this
association is valid.
Syntax Name OID::
The object identifier representing the abstract syntax name, which defines the
protocol that is carried over this association.
[[ChSccpUsers]]
=== SCCP users Table
Wireshark uses this table to map specific protocols to a certain DPC/SSN
combination for SCCP.
This table is handled by an <<ChUserTable>> with the following fields.
Network Indicator::
An Integer representing the network indicator for which this association is
valid.
Called DPCs::
An range of integers representing the dpcs for which this association is valid.
Called SSNs::
An range of integers representing the ssns for which this association is valid.
User protocol::
The protocol that is carried over this association
[[ChSNMPSMIModules]]
=== SMI (MIB and PIB) Modules
If your copy of Wireshark supports libSMI, you can specify a list of MIB and PIB
modules here. The COPS and SNMP dissectors can use them to resolve OIDs.
Module name::
The name of the module, e.g. IF-MIB.
[[ChSNMPSMIPaths]]
=== SMI (MIB and PIB) Paths
If your copy of Wireshark supports libSMI, you can specify one or more paths to
MIB and PIB modules here.
Directory name::
A module directory, e.g. `/usr/local/snmp/mibs`. Wireshark automatically uses
the standard SMI path for your system, so you usually don't have to add anything
here.
[[ChSNMPEnterpriseSpecificTrapTypes]]
=== SNMP Enterprise Specific Trap Types
Wireshark uses this table to map specific-trap values to user defined
descriptions in a Trap PDU. The description is shown in the packet details
specific-trap element.
This table is handled by an <<ChUserTable>> with the following fields.
Enterprise OID::
The object identifier representing the object generating the trap.
Trap Id::
An Integer representing the specific-trap code.
Description::
The description to show in the packet details.
[[ChSNMPUsersSection]]
=== SNMP users Table
Wireshark uses this table to verify authentication and to decrypt encrypted
SNMPv3 packets.
This table is handled by an <<ChUserTable>> with the following fields.
Engine ID::
If given this entry will be used only for packets whose engine id is this. This
field takes an hexadecimal string in the form 0102030405.
Username::
This is the userName. When a single user has more than one password for
different SNMP-engines the first entry to match both is taken, if you need a
catch all engine-id (empty) that entry should be the last one.
Authentication model::
Which auth model to use (either ``MD5'' or ``SHA1'').
Password::
The authentication password. Use '\xDD' for unprintable characters. An
hexadecimal password must be entered as a sequence of '\xDD' characters. For
example the hex password 010203040506 must be entered as
'\x01\x02\x03\x04\x05\x06'. The '\' character must be treated as an unprintable
character, i.e. it must be entered as '\x5C' or '\x5c'.
Privacy protocol::
Which encryption algorithm to use (either ``DES'' or ``AES").
Privacy password::
The privacy password. Use '\xDD' for unprintable characters. An hexadecimal
password must be entered as a sequence of '\xDD' characters. For example the hex
password 010203040506 must be entered as '\x01\x02\x03\x04\x05\x06'. The '\'
character must be treated as an unprintable character, i.e. it must be entered
as '\x5C' or '\x5c'.
[[ChK12ProtocolsSection]]
=== Tektronix K12xx/15 RF5 protocols Table
The Tektronix K12xx/15 rf5 file format uses helper files (*.stk) to identify the
various protocols that are used by a certain interface. Wireshark doesn't read
these stk files, it uses a table that helps it identify which lowest layer
protocol to use.
Stk file to protocol matching is handled by an <<ChUserTable>> with the following fields.
Match string::
A partial match for an stk filename, the first match wins, so if you have a
specific case and a general one the specific one must appear first in the list.
Protocol::
This is the name of the encapsulating protocol (the lowest layer in the packet
data) it can be either just the name of the protocol (e.g. mtp2, eth_witoutfcs,
sscf-nni ) or the name of the encapsulation protocol and the ``application''
protocol over it separated by a colon (e.g sscop:sscf-nni, sscop:alcap,
sscop:nbap, ...)
[[ChUserDLTsSection]]
=== User DLTs protocol table
When a pcap file uses one of the user DLTs (147 to 162) wireshark uses this
table to know which protocol(s) to use for each user DLT.
This table is handled by an <<ChUserTable>> with the following fields.
DLT::
One of the user dlts.
Payload protocol::
This is the name of the payload protocol (the lowest layer in the packet data).
(e.g. ``eth'' for ethernet, ``ip'' for IPv4)
Header size::
If there is a header protocol (before the payload protocol) this tells which
size this header is. A value of 0 disables the header protocol.
Header protocol::
The name of the header protocol to be used (uses ``data'' as default).
Trailer size::
If there is a trailer protocol (after the payload protocol) this tells which
size this trailer is. A value of 0 disables the trailer protocol.
Trailer protocol::
The name of the trailer protocol to be used (uses ``data'' as default).