doc: Apply proper capitalization to the Wireshark name
Change-Id: I9d29cd705c9af39bae6cffdefaba0b9c8b4bb2e6 Reviewed-on: https://code.wireshark.org/review/36081 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
52de94394e
commit
9ea4bd2b96
|
@ -2604,7 +2604,7 @@ it is wise to check the relevant header and source files for additional details.
|
||||||
|
|
||||||
2.2 Following "conversations".
|
2.2 Following "conversations".
|
||||||
|
|
||||||
In wireshark a conversation is defined as a series of data packets between two
|
In Wireshark a conversation is defined as a series of data packets between two
|
||||||
address:port combinations. A conversation is not sensitive to the direction of
|
address:port combinations. A conversation is not sensitive to the direction of
|
||||||
the packet. The same conversation will be returned for a packet bound from
|
the packet. The same conversation will be returned for a packet bound from
|
||||||
ServerA:1000 to ClientA:2000 and the packet from ClientA:2000 to ServerA:1000.
|
ServerA:1000 to ClientA:2000 and the packet from ClientA:2000 to ServerA:1000.
|
||||||
|
@ -3031,7 +3031,7 @@ whether it is registered to our protocol or not.
|
||||||
We should do this because it is uncommon but it does happen that multiple
|
We should do this because it is uncommon but it does happen that multiple
|
||||||
different protocols can use the same socketpair during different stages of
|
different protocols can use the same socketpair during different stages of
|
||||||
an application cycle. By keeping track of the frame number a conversation
|
an application cycle. By keeping track of the frame number a conversation
|
||||||
was started in wireshark can still tell these different protocols apart.
|
was started in Wireshark can still tell these different protocols apart.
|
||||||
|
|
||||||
The second argument to conversation_set_dissector is a dissector handle,
|
The second argument to conversation_set_dissector is a dissector handle,
|
||||||
which is created with a call to create_dissector_handle or
|
which is created with a call to create_dissector_handle or
|
||||||
|
@ -3117,7 +3117,7 @@ conversation already exists or not and if it exists we also check whether the
|
||||||
registered dissector_handle for that conversation is "our" dissector or not.
|
registered dissector_handle for that conversation is "our" dissector or not.
|
||||||
If not we create a new conversation on top of the previous one and set this new
|
If not we create a new conversation on top of the previous one and set this new
|
||||||
conversation to use our protocol.
|
conversation to use our protocol.
|
||||||
Since wireshark keeps track of the frame number where a conversation started
|
Since Wireshark keeps track of the frame number where a conversation started
|
||||||
wireshark will still be able to keep the packets apart even though they do use
|
wireshark will still be able to keep the packets apart even though they do use
|
||||||
the same socketpair.
|
the same socketpair.
|
||||||
(See packet-tftp.c and packet-snmp.c for examples of this)
|
(See packet-tftp.c and packet-snmp.c for examples of this)
|
||||||
|
|
|
@ -7,7 +7,7 @@ What is it ?
|
||||||
As you have probably guessed from the name, "idl2wrs" takes a
|
As you have probably guessed from the name, "idl2wrs" takes a
|
||||||
user specified IDL file and attempts to build a dissector that
|
user specified IDL file and attempts to build a dissector that
|
||||||
can decode the IDL traffic over GIOP. The resulting file is
|
can decode the IDL traffic over GIOP. The resulting file is
|
||||||
"C" code that should compile okay as a wireshark dissector.
|
"C" code that should compile okay as a Wireshark dissector.
|
||||||
|
|
||||||
idl2wrs basically parses the data struct given to it by
|
idl2wrs basically parses the data struct given to it by
|
||||||
the omniidl compiler, and using the GIOP API available in packet-giop.[ch],
|
the omniidl compiler, and using the GIOP API available in packet-giop.[ch],
|
||||||
|
@ -41,7 +41,7 @@ the case with "Wireshark" (https://www.wireshark.org)
|
||||||
How to use idl2wrs
|
How to use idl2wrs
|
||||||
==================
|
==================
|
||||||
|
|
||||||
To use the idl2wrs to generate wireshark dissectors, you
|
To use the idl2wrs to generate Wireshark dissectors, you
|
||||||
need the following.
|
need the following.
|
||||||
|
|
||||||
|
|
||||||
|
@ -51,15 +51,15 @@ need the following.
|
||||||
2. omniidl from the omniORB package must be available.
|
2. omniidl from the omniORB package must be available.
|
||||||
http://omniorb.sourceforge.net/
|
http://omniorb.sourceforge.net/
|
||||||
|
|
||||||
3. Of course you need wireshark installed to compile the
|
3. Of course you need Wireshark installed to compile the
|
||||||
code and tweak it if required. idl2wrs is part of the
|
code and tweak it if required. idl2wrs is part of the
|
||||||
standard Wireshark distribution.
|
standard Wireshark distribution.
|
||||||
|
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
=========
|
=========
|
||||||
|
|
||||||
1. To write the C code to stdout.
|
1. To write the C code to stdout.
|
||||||
|
|
||||||
idl2wrs <your_file.idl>
|
idl2wrs <your_file.idl>
|
||||||
|
|
||||||
|
@ -77,7 +77,7 @@ Procedure
|
||||||
If you don't want to use the shell script wrapper, then try
|
If you don't want to use the shell script wrapper, then try
|
||||||
steps 3 or 4 instead.
|
steps 3 or 4 instead.
|
||||||
|
|
||||||
3. To write the C code to stdout.
|
3. To write the C code to stdout.
|
||||||
|
|
||||||
Usage: omniidl -p ./ -b wireshark_be <your_file.idl>
|
Usage: omniidl -p ./ -b wireshark_be <your_file.idl>
|
||||||
|
|
||||||
|
@ -92,9 +92,9 @@ steps 3 or 4 instead.
|
||||||
and that will leave you with heuristic dissection.
|
and that will leave you with heuristic dissection.
|
||||||
|
|
||||||
|
|
||||||
5. Copy the resulting C code to your wireshark src directory, edit the
|
5. Copy the resulting C code to your Wireshark src directory, edit the
|
||||||
following files to include the packet-test-idl.c
|
following files to include the packet-test-idl.c
|
||||||
|
|
||||||
cp packet-test-idl.c /dir/where/wireshark/lives/epan/dissectors/
|
cp packet-test-idl.c /dir/where/wireshark/lives/epan/dissectors/
|
||||||
edit epan/dissectors/CMakeLists.txt
|
edit epan/dissectors/CMakeLists.txt
|
||||||
|
|
||||||
|
@ -131,9 +131,9 @@ Notes
|
||||||
and wireshark_gen.py are residing in the current directory. This may need
|
and wireshark_gen.py are residing in the current directory. This may need
|
||||||
tweaking if you place these files somewhere else.
|
tweaking if you place these files somewhere else.
|
||||||
|
|
||||||
2. If it complains about being unable to find some modules (eg tempfile.py),
|
2. If it complains about being unable to find some modules (eg tempfile.py),
|
||||||
you may want to check if PYTHONPATH is set correctly.
|
you may want to check if PYTHONPATH is set correctly.
|
||||||
On my Linux box, it is PYTHONPATH=/usr/lib/python1.5/
|
On my Linux box, it is PYTHONPATH=/usr/lib/python1.5/
|
||||||
|
|
||||||
Frank Singleton.
|
Frank Singleton.
|
||||||
|
|
||||||
|
|
|
@ -149,7 +149,7 @@ One way of dealing with this problem is to set an environment variable
|
||||||
when running Wireshark: WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1.
|
when running Wireshark: WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1.
|
||||||
|
|
||||||
Another way to deal with this problem is to set up a working root for
|
Another way to deal with this problem is to set up a working root for
|
||||||
wireshark, say in $HOME/build/root and build wireshark to install
|
wireshark, say in $HOME/build/root and build Wireshark to install
|
||||||
there
|
there
|
||||||
|
|
||||||
cmake -D CMAKE_INSTALL_PREFIX=${HOME}/build/root && make install
|
cmake -D CMAKE_INSTALL_PREFIX=${HOME}/build/root && make install
|
||||||
|
|
|
@ -3,9 +3,9 @@ tapping with stats_tree
|
||||||
Let's suppose that you want to write a tap only to keep counters, and you
|
Let's suppose that you want to write a tap only to keep counters, and you
|
||||||
don't want to get involved with GUI programming or maybe you'd like to make
|
don't want to get involved with GUI programming or maybe you'd like to make
|
||||||
it a plugin. A stats_tree might be the way to go. The stats_tree module takes
|
it a plugin. A stats_tree might be the way to go. The stats_tree module takes
|
||||||
care of the representation (GUI for wireshark and text for tshark) of the
|
care of the representation (GUI for Wireshark and text for Tshark) of the
|
||||||
tap data. So there's very little code to write to make a tap listener usable
|
tap data. So there's very little code to write to make a tap listener usable
|
||||||
from both wireshark and tshark.
|
from both Wireshark and Tshark.
|
||||||
|
|
||||||
First, you should add the TAP to the dissector in question as described in
|
First, you should add the TAP to the dissector in question as described in
|
||||||
README.tapping .
|
README.tapping .
|
||||||
|
@ -29,8 +29,8 @@ The cleanup callback:
|
||||||
Other than that the stats_tree should be registered.
|
Other than that the stats_tree should be registered.
|
||||||
|
|
||||||
If you want to make it a plugin, stats_tree_register() should be called by
|
If you want to make it a plugin, stats_tree_register() should be called by
|
||||||
plugin_register_tap_listener() read README.plugin for other information
|
plugin_register_tap_listener() read README.plugins for other information
|
||||||
regarding wireshark plugins.
|
regarding Wireshark plugins.
|
||||||
|
|
||||||
If you want it as part of the dissector stats_tree_register() can be called
|
If you want it as part of the dissector stats_tree_register() can be called
|
||||||
either by proto_register_xxx() or if you prefer by proto_reg_handoff_xxx().
|
either by proto_register_xxx() or if you prefer by proto_reg_handoff_xxx().
|
||||||
|
@ -186,7 +186,7 @@ The difference between the above functions is whether the item count is
|
||||||
increased or not. To properly compute the average you need to either call
|
increased or not. To properly compute the average you need to either call
|
||||||
avg_stat_node_add_value or avg_stat_node_add_value_notick combined
|
avg_stat_node_add_value or avg_stat_node_add_value_notick combined
|
||||||
tick_stat_node. The later sequence allows for plug-ins which are compatible
|
tick_stat_node. The later sequence allows for plug-ins which are compatible
|
||||||
with older wireshark versions which ignores avg_stat_node_add_value because
|
with older Wireshark versions which ignores avg_stat_node_add_value because
|
||||||
it does not understand the command. This would result in 0 counts for all
|
it does not understand the command. This would result in 0 counts for all
|
||||||
nodes. It is preferred to use avg_stat_node_add_value if you are not writing
|
nodes. It is preferred to use avg_stat_node_add_value if you are not writing
|
||||||
a plug-in.
|
a plug-in.
|
||||||
|
|
|
@ -48,8 +48,8 @@ out-of-tree cmake build and then triggering a build.
|
||||||
|
|
||||||
4. Usage
|
4. Usage
|
||||||
|
|
||||||
Running `vagrant ssh ubuntu` from the wireshark source directory will log you into
|
Running `vagrant ssh ubuntu` from the Wireshark source directory will log you
|
||||||
Ubuntu VM as the userid vagrant.
|
into Ubuntu VM as the userid vagrant.
|
||||||
|
|
||||||
The Ubuntu VM's build folder is located in ~/build. The Ubuntu VM's source
|
The Ubuntu VM's build folder is located in ~/build. The Ubuntu VM's source
|
||||||
folder is actually the source folder from the host system mounted as
|
folder is actually the source folder from the host system mounted as
|
||||||
|
|
|
@ -6,7 +6,7 @@ Wireshark has the ability to export its protocol dissection in an
|
||||||
XML format, tshark has similar functionality by using the "-Tpdml"
|
XML format, tshark has similar functionality by using the "-Tpdml"
|
||||||
option.
|
option.
|
||||||
|
|
||||||
The XML that wireshark produces follows the Packet Details Markup
|
The XML that Wireshark produces follows the Packet Details Markup
|
||||||
Language (PDML) specified by the group at the Politecnico Di Torino
|
Language (PDML) specified by the group at the Politecnico Di Torino
|
||||||
working on Analyzer. The specification was found at:
|
working on Analyzer. The specification was found at:
|
||||||
|
|
||||||
|
@ -37,12 +37,12 @@ be ambiguous.
|
||||||
|
|
||||||
PDML
|
PDML
|
||||||
====
|
====
|
||||||
The PDML that wireshark produces is known not to be loadable into Analyzer.
|
The PDML that Wireshark produces is known not to be loadable into Analyzer.
|
||||||
It causes Analyzer to crash. As such, the PDML that wireshark produces
|
It causes Analyzer to crash. As such, the PDML that Wireshark produces
|
||||||
is labeled with a version number of "0", which means that the PDML does
|
is labeled with a version number of "0", which means that the PDML does
|
||||||
not fully follow the PDML spec. Furthermore, a creator attribute in the
|
not fully follow the PDML spec. Furthermore, a creator attribute in the
|
||||||
"<pdml>" tag gives the version number of wireshark/tshark that produced the PDML.
|
"<pdml>" tag gives the version number of wireshark/tshark that produced the PDML.
|
||||||
In that way, as the PDML produced by wireshark matures, but still does not
|
In that way, as the PDML produced by Wireshark matures, but still does not
|
||||||
meet the PDML spec, scripts can make intelligent decisions about how to
|
meet the PDML spec, scripts can make intelligent decisions about how to
|
||||||
best parse the PDML, based on the "creator" attribute.
|
best parse the PDML, based on the "creator" attribute.
|
||||||
|
|
||||||
|
@ -104,7 +104,7 @@ Many dissectors label the undissected payload of a protocol as belonging
|
||||||
to a "data" protocol, and the "data" protocol usually resided inside
|
to a "data" protocol, and the "data" protocol usually resided inside
|
||||||
that last protocol dissected. In the PDML, The "data" protocol becomes
|
that last protocol dissected. In the PDML, The "data" protocol becomes
|
||||||
a "data" field, placed exactly where the "data" protocol is in wireshark's
|
a "data" field, placed exactly where the "data" protocol is in wireshark's
|
||||||
protocol tree. So, if wireshark would normally show:
|
protocol tree. So, if Wireshark would normally show:
|
||||||
|
|
||||||
+-- Frame
|
+-- Frame
|
||||||
|
|
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ S<[ B<--version> ]>
|
||||||
|
|
||||||
This manual page documents briefly the B<asn2deb> command. B<asn2deb>
|
This manual page documents briefly the B<asn2deb> command. B<asn2deb>
|
||||||
takes an ASN.1 file as input and creates a Debian package from it. The package
|
takes an ASN.1 file as input and creates a Debian package from it. The package
|
||||||
contains a loadable type table file for the wireshark network analyser.
|
contains a loadable type table file for the Wireshark network analyser.
|
||||||
The type table is generated by the ASN.1 compiler B<snacc>.
|
The type table is generated by the ASN.1 compiler B<snacc>.
|
||||||
|
|
||||||
=head1 OPTIONS
|
=head1 OPTIONS
|
||||||
|
|
|
@ -11,10 +11,10 @@ extcap - The extcap interface
|
||||||
=head1 DESCRIPTION
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
The extcap interface is a versatile plugin interface that allows external binaries
|
The extcap interface is a versatile plugin interface that allows external binaries
|
||||||
to act as capture interfaces directly in wireshark. It is used in scenarios, where
|
to act as capture interfaces directly in Wireshark. It is used in scenarios, where
|
||||||
the source of the capture is not a traditional capture model
|
the source of the capture is not a traditional capture model
|
||||||
(live capture from an interface, from a pipe, from a file, etc). The typical
|
(live capture from an interface, from a pipe, from a file, etc). The typical
|
||||||
example is connecting esoteric hardware of some kind to the main wireshark app.
|
example is connecting esoteric hardware of some kind to the main Wireshark application.
|
||||||
|
|
||||||
Without extcap, a capture can always be achieved by directly writing to a capture file:
|
Without extcap, a capture can always be achieved by directly writing to a capture file:
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ Without extcap, a capture can always be achieved by directly writing to a captur
|
||||||
wireshark dumpfile.pcap
|
wireshark dumpfile.pcap
|
||||||
|
|
||||||
but the extcap interface allows for such a connection to be easily established and
|
but the extcap interface allows for such a connection to be easily established and
|
||||||
configured using the wireshark GUI.
|
configured using the Wireshark GUI.
|
||||||
|
|
||||||
The extcap subsystem is made of multiple extcap binaries that are automatically
|
The extcap subsystem is made of multiple extcap binaries that are automatically
|
||||||
called by the GUI in a row. In the following chapters we will refer to them as
|
called by the GUI in a row. In the following chapters we will refer to them as
|
||||||
|
|
|
@ -30,7 +30,7 @@ S< [ B<--version> ]>
|
||||||
|
|
||||||
This manual page documents briefly the B<idl2deb> command. B<idl2deb>
|
This manual page documents briefly the B<idl2deb> command. B<idl2deb>
|
||||||
takes an CORBA IDL file as input and creates a Debian package from it. The
|
takes an CORBA IDL file as input and creates a Debian package from it. The
|
||||||
package contains a loadable module for the wireshark network analyser.
|
package contains a loadable module for the Wireshark network analyser.
|
||||||
|
|
||||||
=head1 OPTIONS
|
=head1 OPTIONS
|
||||||
|
|
||||||
|
|
|
@ -801,7 +801,7 @@ Example of usage to import data into Elasticsearch:
|
||||||
curl -H "Content-Type: application/x-ndjson" -XPOST http://elasticsearch:9200/_bulk --data-binary "@file.json"
|
curl -H "Content-Type: application/x-ndjson" -XPOST http://elasticsearch:9200/_bulk --data-binary "@file.json"
|
||||||
|
|
||||||
Elastic requires a mapping file to be loaded as template for packets-*
|
Elastic requires a mapping file to be loaded as template for packets-*
|
||||||
index in order to convert wireshark types to elastic types. This file
|
index in order to convert Wireshark types to elastic types. This file
|
||||||
can be auto-generated with the command "tshark -G elastic-mapping". Since
|
can be auto-generated with the command "tshark -G elastic-mapping". Since
|
||||||
the mapping file can be huge, protocols can be selected by using the option
|
the mapping file can be huge, protocols can be selected by using the option
|
||||||
--elastic-mapping-filter:
|
--elastic-mapping-filter:
|
||||||
|
|
|
@ -1643,7 +1643,7 @@ ascending or descending order by any column.
|
||||||
|
|
||||||
By first selecting a conversation by clicking on it and then using the
|
By first selecting a conversation by clicking on it and then using the
|
||||||
right mouse button (on those platforms that have a right
|
right mouse button (on those platforms that have a right
|
||||||
mouse button) wireshark will display a popup menu offering several different
|
mouse button) Wireshark will display a popup menu offering several different
|
||||||
filter operations to apply to the capture.
|
filter operations to apply to the capture.
|
||||||
|
|
||||||
These statistics windows can also be invoked from the Wireshark command
|
These statistics windows can also be invoked from the Wireshark command
|
||||||
|
@ -1762,7 +1762,7 @@ string is specified all request/response pairs will be used.
|
||||||
|
|
||||||
By first selecting a conversation by clicking on it and then using the
|
By first selecting a conversation by clicking on it and then using the
|
||||||
right mouse button (on those platforms that have a right
|
right mouse button (on those platforms that have a right
|
||||||
mouse button) wireshark will display a popup menu offering several different
|
mouse button) Wireshark will display a popup menu offering several different
|
||||||
filter operations to apply to the capture.
|
filter operations to apply to the capture.
|
||||||
|
|
||||||
=item *
|
=item *
|
||||||
|
@ -1795,7 +1795,7 @@ on those calls matching that filter.
|
||||||
|
|
||||||
By first selecting a conversation by clicking on it and then using the
|
By first selecting a conversation by clicking on it and then using the
|
||||||
right mouse button (on those platforms that have a right
|
right mouse button (on those platforms that have a right
|
||||||
mouse button) wireshark will display a popup menu offering several different
|
mouse button) Wireshark will display a popup menu offering several different
|
||||||
filter operations to apply to the capture.
|
filter operations to apply to the capture.
|
||||||
|
|
||||||
=item *
|
=item *
|
||||||
|
|
|
@ -391,7 +391,7 @@ To generate the build files enter the following at the Visual Studio command pro
|
||||||
> cmake -G "Visual Studio 16 2019" -A Win32 ..\wireshark
|
> cmake -G "Visual Studio 16 2019" -A Win32 ..\wireshark
|
||||||
----
|
----
|
||||||
|
|
||||||
Adjusting the paths as required to Python and the wireshark source tree.
|
Adjusting the paths as required to Python and the Wireshark source tree.
|
||||||
To use a different generator modify the `-G` parameter. `cmake -G` lists
|
To use a different generator modify the `-G` parameter. `cmake -G` lists
|
||||||
all the CMake supported generators, but only Visual Studio is supported
|
all the CMake supported generators, but only Visual Studio is supported
|
||||||
for Wireshark builds.
|
for Wireshark builds.
|
||||||
|
|
|
@ -764,7 +764,7 @@ Show this help page.
|
||||||
|
|
||||||
=== User Table
|
=== User Table
|
||||||
|
|
||||||
The User Table editor is used for managing various tables in wireshark. Its main
|
The User Table editor is used for managing various tables in Wireshark. Its main
|
||||||
dialog works very similarly to that of <<ChCustColorizationSection>>.
|
dialog works very similarly to that of <<ChCustColorizationSection>>.
|
||||||
|
|
||||||
[[ChDisplayFilterMacrosSection]]
|
[[ChDisplayFilterMacrosSection]]
|
||||||
|
@ -1074,7 +1074,7 @@ sscop:nbap, ...)
|
||||||
|
|
||||||
=== User DLTs protocol table
|
=== User DLTs protocol table
|
||||||
|
|
||||||
When a pcap file uses one of the user DLTs (147 to 162) wireshark uses this
|
When a pcap file uses one of the user DLTs (147 to 162) Wireshark uses this
|
||||||
table to know which protocol(s) to use for each user DLT.
|
table to know which protocol(s) to use for each user DLT.
|
||||||
|
|
||||||
This table is a user table, as described in <<ChUserTable>>, with the
|
This table is a user table, as described in <<ChUserTable>>, with the
|
||||||
|
|
|
@ -143,7 +143,7 @@ because in the old grammar, AVPL transformations use names starting with a “.
|
||||||
indicate they belong to the replacement AVPL.
|
indicate they belong to the replacement AVPL.
|
||||||
|
|
||||||
The value is a string that is either set in the configuration (for configuration
|
The value is a string that is either set in the configuration (for configuration
|
||||||
AVPs) or by wireshark while extracting interesting fields from a frame's tree.
|
AVPs) or by Wireshark while extracting interesting fields from a frame's tree.
|
||||||
The values extracted from fields use the same representation as they do in filter
|
The values extracted from fields use the same representation as they do in filter
|
||||||
strings except that no quotes are used.
|
strings except that no quotes are used.
|
||||||
|
|
||||||
|
@ -609,7 +609,7 @@ image::wsug_graphics/ws-mate-gop_analysis.png[]
|
||||||
There are several reasons for the author to believe that this feature needs to
|
There are several reasons for the author to believe that this feature needs to
|
||||||
be reimplemented, so probably there will be deep changes in the way this is done
|
be reimplemented, so probably there will be deep changes in the way this is done
|
||||||
in the near future. This section of the documentation reflects the version of
|
in the near future. This section of the documentation reflects the version of
|
||||||
MATE as of wireshark 0.10.9; in future releases this will change.
|
MATE as of Wireshark 0.10.9; in future releases this will change.
|
||||||
|
|
||||||
====== Declaring a Group Of Groups
|
====== Declaring a Group Of Groups
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue