This is an extension to the Wireshark context sensitive protocol help. Rows in
TreeView window are analyzed and suitable help file (as HTML) is opened in a
browser.
The help part (large file, 23 MB) of the Protocol Help can be downloaded under
www.inacon.com/dowload/stuff/protocol_help.tar.gz
This protocol help "light" provides descriptive content for the most frequently
used standard protocols, including IP, TCP or SMTP.
From me:
Changes:
Rename "ph_" in some function names to "proto_help_". Move the protocol
help code to its own module.
Make a bunch of functions static. Remove unused code.
Use browser_open_url() instead of a custom function.
Increase the logging levels. Don't clobber the normal log handler.
Update some Doxygen comments to match the format in the rest of the code
base.
Removed GTK version checks. We've been 2.x only for a while.
Move ph_replace_string to string_replace() in epan/strutil.[ch].
Fix a bunch of memory leaks.
Add a NULL pointer check.
Reformat the overview menu label.
Document the file format and locations.
Add Edgar to AUTHORS.
svn path=/trunk/; revision=32995
Update the compare stats documentation.
From me: Add a screen shot and editorial updates. Change some lables to
better match the IP and TCP dissectors.
svn path=/trunk/; revision=32545
the argument to "-s" (1500 is too small even for Ethernet, as the
maximum size of packets on Ethernet is 1514 bytes if you don't count the
FCS and 1518 bytes if you do).
svn path=/trunk/; revision=31615
the use of these keys while editing a filter in the filter toolbar.
The keys "ctrl-home" and "ctrl-end" already provide the functionality to
go to the first or last packet in the packet-list. I added these as
accelerator keys and updated the users guide accordingly.
Of course we can also make "home" and "end" work, without breaking
functionality in the filter toolbar, but that takes a little more
work (at least for me... maybe not after going to Steve's session
at Sharkfest :-)).
(will add this to inclusion list for 1.0.9 and 1.2.0)
svn path=/trunk/; revision=28670
Currently wireshark has ability to decrypt ISAKMP IKEv1 packets, but not IKEv2
packets. With attached patch decryption of IKEv2 packets is now passible.
svn path=/trunk/; revision=28089
- Enabled "Copy Description" in the main menu and gave it
accelerator key CTRL+SHIFT+D
- Added "Copy Fieldname" to copy the fieldname of the selected
field in the detail view (Acc.Key: CTRL+SHIFT+F)
- Added "Copy Value" to copy the value of the selected
field in the detail view (Acc.Key: CTRL+SHIFT+V)
- Updated documentation to reflect the changes
svn path=/trunk/; revision=28006
object identifier when the capture does not contain a PRES package with a
presentation context definition list for the conversation.
Added a few expert infos.
svn path=/trunk/; revision=27631
- Added description of the expert info bullet
- Added description of the configuration profile with menu
- Show the correct Packets/Displayed/Marked(/Dropped) names
- Describe the display filter message when using the != operator
svn path=/trunk/; revision=25513
to show and document the "Device" column.
Added a note about hidden interfaces.
Added some missing graphics files to Makefile.common.
svn path=/trunk/; revision=25115
selected profile.
Don't save SMI Paths and SMI Modules in the profiles because reloading
currently doesn't work (bug 2309).
svn path=/trunk/; revision=24580
- Added description for WLAN Traffic statistics.
- Added "Limit to display filter" description in conversations and endpoints.
- Added a tip in IO Graphs to click in the graph to select a matching packet.
- Some indentation fixes.
svn path=/trunk/; revision=24371
to override UAT entries from the command line, e.g.
-o "uat:user_dlts:\"User 0 (DLT=147)\",\"http\",\"0\",\"\",\"0\",\"\""
Fix up white space.
svn path=/trunk/; revision=24338
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
- New column "Marked" in the summary window
- New label "Capture filter" in the hierarchy window
- Moved Copy button in conversations and endpoints
- Added the zero value on the x-axis in io graphs
svn path=/trunk/; revision=23690
quit. Temporary coloring filters can be set by:
- pressing <ctrl>-<digit> will create a conversation coloring filter based on the
addresses of the currently selected packet (order TCP/UDP/IP/Ethernet)
This can also be achieved from the "View|Colorize Conversation" menu.
- Rightclicking on a packet in the packet-list will give the option to
"Colorize Conversation" just as "Conversation Filter" does.
- Rightclicking on an item in the packet-detail-list will give the option to
"Colorize with filter" which works similar to "Apply as filter"
Temporary filters can be cleared from the same menus or by pressing <ctrl>-<space>.
This patch also adds an item to the above mentioned menu's to add a permanent color filter
in the same way.
The colors for the temporary coloring rules are now hardcoded as I do not know
how to change the color of menu-items and therefore I chose to use icons to
show the actual color of each of the ten temporary coloring rules. Is it at all
possible to have different menu items in different colors?
One other way of solving this is to recreate the icons on the fly after changing
the colors. I will have a look into that once it is clear whether I can use
different colors within the menu structure.
svn path=/trunk/; revision=23560
This new code adds a save button to the Statistics IO Graphs window and
is also reusable by any other code that uses GDK Pixmaps to draw graphs.
The Gdk-pixbuf library included in GTK is used for this save function.
svn path=/trunk/; revision=22166
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
I did however see some small errors in the
documentation that I did not notice when I sent in the patch. This
patch corrects them and adds an accelerated key:
- table 6.1 remove "Analyze" from "Identical..." column for "Copy as Filter"
- table 6.2 add "Edit" from "Identical..." column for "Copy as Filter"
- Added accelerator key for "Copy as Filter". I chose "Shift+Ctrl+C", so
that "Ctrl+C" is still available for "standard" copy
Image figure 3.4 should be renewed, reflecting the change in the menu
structure.
svn path=/trunk/; revision=21140
I have changed the patch according to your suggestions and also changed
the doc[book] files accordingly. I tested the patch and it does seem to
work fine on my test-system.
ULFL: In addition, I've added the en-/disabling to the other (already existing) Copy menu items - some just did nothing, some crashed if nothing was selected.
I've also sligthly changed the menu seperators and made both context menus look a bit more identical.
svn path=/trunk/; revision=21005
- Note in the user's guide that export object is not available
in GTK1 builds of Wireshark.
- Make scanning through the slists more efficient
- Use new tap.c function called have_tap_listener() to only save
object payload data when the export object listener is actively
listening for it.
- Save objects in the HTTP dissector with g_malloc() instead of
se_malloc() and free it when we're done with it - when the
export object window is closed (Fixes bug #1412)
- Various minor improvements
svn path=/trunk/; revision=20980
- Add to User's Guide
- Add a help button
- Move a lot of code into the shared export_object.c file and out of
dissector specific file export_object_http.c. This will make adding
additional protocols much easier.
- Change comment in packet-http.c to reflect new name (Export Object)
- Various other minor improvements
svn path=/trunk/; revision=20961
There is an error in the page:
http://wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
According to Example 4.2, the filter 'tcp port 23 and not host 10.0.0.5'
captures all telnet traffic not from 10.0.0.5. But this filter also discards
traffic to 10.0.0.5. Either you use this filter to capture all telnet traffic
not to and not from 10.0.0.5 or you use filter 'tcp port 23 and not src host
10.0.0.5'.
svn path=/trunk/; revision=20955
- Vista is no longer beta
- disk space min. 75MB
- be a bit more specific about no longer supported NT 4.0
- some editing
svn path=/trunk/; revision=20904
Based on comments from Ulf (http://www.wireshark.org/lists/wireshark-dev/200701/msg02802.html), have revised menu structure and labels for copying items, and updated the documentation to match.
(a) All copying now under one sub-menu in each of packet list and details panes
(b) Revised names for copy items, now the same for both panes
(c) Export Selected Packet Bytes item now in pop-up menu for packet list and details panes
(d) Removed Copy and Export from packet bytes pane; this leaves no items in the pop-up menu.
This last is because the functionality in the bytes pane was odd and inconsistent
- right-clicking would often change the selection in unexpected ways
- the export worked on the selected bytes, the copy on the whole packet
- the documentation did not reflect the functionality correctly (at least for Copy / Text Only).
svn path=/trunk/; revision=20787
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040