c4209f569c
svn path=/trunk/; revision=35614
2799 lines
89 KiB
XML
2799 lines
89 KiB
XML
<!-- WSUG Chapter Three -->
|
|
<!-- $Id$ -->
|
|
|
|
<chapter id="ChapterUsing">
|
|
<title>User Interface</title>
|
|
<section id="ChUseIntroductionSection"><title>Introduction</title>
|
|
<para>
|
|
By now you have installed <application>Wireshark</application> and
|
|
are most likely keen to get started capturing your first packets. In
|
|
the next chapters we will explore:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
How the Wireshark user interface works
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
How to capture packets in <application>Wireshark</application>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
How to view packets in <application>Wireshark</application>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
How to filter packets in <application>Wireshark</application>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
... and many other things!
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChUseStartSection"><title>Start Wireshark</title>
|
|
<para>
|
|
You can start Wireshark from your shell or window manager.
|
|
<tip><title>Tip!</title>
|
|
<para>
|
|
When starting Wireshark it's possible to specify optional settings using
|
|
the command line. See <xref linkend="ChCustCommandLine"/> for details.
|
|
</para>
|
|
</tip>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
In the following chapters, a lot of screenshots from Wireshark will be shown.
|
|
As Wireshark runs on many different platforms with many different window
|
|
managers, different styles applied and there are different versions of the
|
|
underlying GUI toolkit used, your screen might look different from the provided
|
|
screenshots. But as there are no real differences in functionality, these
|
|
screenshots should still be well understandable.
|
|
</para>
|
|
</note>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChUseMainWindowSection"><title>The Main window</title>
|
|
<para>
|
|
Let's look at Wireshark's user interface. <xref linkend="ChUseFig01"/> shows
|
|
Wireshark as you would usually see it after some packets are captured or loaded
|
|
(how to do this will be described later).
|
|
<figure id="ChUseFig01">
|
|
<title>The Main window</title>
|
|
<graphic scale="100" entityref="WiresharkThreePane1" format="PNG"/>
|
|
</figure>
|
|
</para>
|
|
<para>
|
|
Wireshark's main window consists of parts that are commonly known from many
|
|
other GUI programs.
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>
|
|
The <emphasis>menu</emphasis> (see <xref linkend="ChUseMenuSection"/>)
|
|
is used to start actions.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <emphasis>main toolbar</emphasis> (see <xref linkend="ChUseMainToolbarSection"/>)
|
|
provides quick access to frequently used items from the menu.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <emphasis>filter toolbar</emphasis> (see <xref linkend="ChUseFilterToolbarSection"/>)
|
|
provides a way to directly manipulate the currently used display filter
|
|
(see <xref linkend="ChWorkDisplayFilterSection"/>).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <emphasis>packet list pane</emphasis> (see <xref linkend="ChUsePacketListPaneSection"/>)
|
|
displays a summary of each packet captured. By clicking on packets
|
|
in this pane you control what is displayed in the other two panes.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <emphasis>packet details pane</emphasis> (see <xref linkend="ChUsePacketDetailsPaneSection"/>)
|
|
displays the packet selected in the packet list pane in more detail.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <emphasis>packet bytes pane</emphasis> (see <xref linkend="ChUsePacketBytesPaneSection"/>)
|
|
displays the data from the packet selected in the packet list pane, and
|
|
highlights the field selected in the packet details pane.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <emphasis>statusbar</emphasis> (see <xref linkend="ChUseStatusbarSection"/>)
|
|
shows some detailed information about the current program state and
|
|
the captured data.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
<tip><title>Tip!</title>
|
|
<para>
|
|
The layout of the main window can be customized by changing preference settings.
|
|
See <xref linkend="ChCustPreferencesSection"/> for details!
|
|
</para>
|
|
</tip>
|
|
</para>
|
|
|
|
|
|
<section id="ChUseMainWindowNavSection"><title>Main Window Navigation</title>
|
|
<para>
|
|
Packet list and detail navigation can be done entirely from the
|
|
keyboard. <xref linkend="ChUseTabNav"/> shows a list of keystrokes
|
|
that will let you quickly move around a capture file. See
|
|
<xref linkend="ChUseTabGo"/> for additional navigation keystrokes.
|
|
</para>
|
|
<table id="ChUseTabNav" frame="none">
|
|
|
|
<title>Keyboard Navigation</title>
|
|
<tgroup cols="2">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry>Tab, Shift+Tab</entry>
|
|
<entry><para>
|
|
Move between screen elements, e.g. from the toolbars
|
|
to the packet list to the packet detail.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Down</entry>
|
|
<entry><para>
|
|
Move to the next packet or detail item.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Up</entry>
|
|
<entry><para>
|
|
Move to the previous packet or detail item.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Ctrl+Down, F8</entry>
|
|
<entry><para>
|
|
Move to the next packet, even if the packet
|
|
list isn't focused.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Ctrl+Up, F7</entry>
|
|
<entry><para>
|
|
Move to the previous packet, even if the packet
|
|
list isn't focused.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Ctrl+.</entry>
|
|
<entry><para>
|
|
Move to the next packet of the conversation
|
|
(TCP, UDP or IP)
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Ctrl+,</entry>
|
|
<entry><para>
|
|
Move to the previous packet of the conversation
|
|
(TCP, UDP or IP)
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Left</entry>
|
|
<entry><para>
|
|
In the packet detail, closes the selected tree item.
|
|
If it's already closed, jumps to the parent node.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Right</entry>
|
|
<entry><para>
|
|
In the packet detail, opens the selected tree item.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Shift+Right</entry>
|
|
<entry><para>
|
|
In the packet detail, opens the selected tree item
|
|
and all of its subtrees.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Ctrl+Right</entry>
|
|
<entry><para>
|
|
In the packet detail, opens all tree items.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Ctrl+Left</entry>
|
|
<entry><para>
|
|
In the packet detail, closes all tree items.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Backspace</entry>
|
|
<entry><para>
|
|
In the packet detail, jumps to the parent node.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry>Return, Enter</entry>
|
|
<entry><para>
|
|
In the packet detail, toggles the selected
|
|
tree item.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
<para>
|
|
Additionally, typing anywhere in the main window will start filling
|
|
in a display filter.
|
|
</para>
|
|
</section>
|
|
</section>
|
|
|
|
<section id="ChUseMenuSection"><title>The Menu</title>
|
|
<para>
|
|
The Wireshark menu sits on top of the Wireshark window.
|
|
An example is shown in <xref linkend="ChUseWiresharkMenu"/>.
|
|
</para>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
Menu items will be greyed out if the corresponding feature isn't
|
|
available. For example, you cannot save a capture file if you didn't
|
|
capture or load any data before.
|
|
</para>
|
|
</note>
|
|
<para>
|
|
<figure id="ChUseWiresharkMenu"><title>The Menu</title>
|
|
<graphic entityref="WiresharkMenuOnly" format="PNG"/>
|
|
</figure>
|
|
</para>
|
|
<para>
|
|
It contains the following items:
|
|
<variablelist>
|
|
<varlistentry><term><command>File</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains items to open and merge capture files,
|
|
save / print / export capture files in whole or in part,
|
|
and to quit from Wireshark. See <xref linkend="ChUseFileMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Edit</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains items to find a packet, time reference or mark one
|
|
or more packets, handle configuration profiles, and set your preferences;
|
|
(cut, copy, and paste are not presently implemented).
|
|
See <xref linkend="ChUseEditMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>View</command></term>
|
|
<listitem>
|
|
<para>This menu controls the display of the captured data,
|
|
including colorization of packets, zooming the font,
|
|
showing a packet in a separate window, expanding and collapsing trees in packet details, ....
|
|
See <xref linkend="ChUseViewMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Go</command></term>
|
|
<listitem>
|
|
<para>This menu contains items to go to a specific packet.
|
|
See <xref linkend="ChUseGoMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Capture</command></term>
|
|
<listitem>
|
|
<para>This menu allows you to start and stop captures and to edit capture filters.
|
|
See <xref linkend="ChUseCaptureMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Analyze</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains items to manipulate display filters, enable or
|
|
disable the dissection of protocols, configure user specified decodes
|
|
and follow a TCP stream.
|
|
See <xref linkend="ChUseAnalyzeMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Statistics</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains items to display various statistic windows,
|
|
including a summary of the packets that have been captured,
|
|
display protocol hierarchy statistics and much more.
|
|
See <xref linkend="ChUseStatisticsMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Telephony</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains items to display various telephony related
|
|
statistic windows, including a media analysis, flow diagrams,
|
|
display protocol hierarchy statistics and much more.
|
|
See <xref linkend="ChUseTelephonyMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Tools</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains various tools available in Wireshark, such as
|
|
creating Firewall ACL Rules.
|
|
See <xref linkend="ChUseToolsMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Internals</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains items that show information about the internals
|
|
of Wireshark.
|
|
See <xref linkend="ChUseInternalsMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term><command>Help</command></term>
|
|
<listitem>
|
|
<para>
|
|
This menu contains items to help the user, e.g. access to some basic
|
|
help, manual pages of the various command line tools, online access
|
|
to some of the webpages, and the usual about dialog.
|
|
See <xref linkend="ChUseHelpMenuSection"/>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
Each of these menu items is described in more detail in the sections
|
|
that follow.
|
|
</para>
|
|
<tip><title>Tip!</title>
|
|
<para>
|
|
You can access menu items directly or by pressing the corresponding
|
|
accelerator keys which are shown at the right side of the
|
|
menu. For example, you can press the Control (or Strg in German) and the K
|
|
keys together to open the capture dialog.
|
|
</para>
|
|
</tip>
|
|
</section>
|
|
|
|
<section id="ChUseFileMenuSection"><title>The "File" menu</title>
|
|
<para>
|
|
The Wireshark file menu contains the fields shown in
|
|
<xref linkend="ChUseTabFile"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkFileMenu">
|
|
<title>The "File" Menu</title>
|
|
<graphic entityref="WiresharkFileMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseTabFile" frame="none"><title>File menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Open...</command></entry>
|
|
<entry>Ctrl+O</entry>
|
|
<entry><para>
|
|
This menu item brings up the file open dialog box that
|
|
allows you to load a capture file for viewing. It is
|
|
discussed in more detail in <xref linkend="ChIOOpen"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Open Recent</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item shows a submenu containing the recently opened
|
|
capture files. Clicking on one of the submenu items will open the
|
|
corresponding capture file directly.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Merge...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up the merge file dialog box that
|
|
allows you to merge a capture file into the currently loaded one.
|
|
It is discussed in more detail in <xref linkend="ChIOMergeSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Import...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up the import file dialog box that
|
|
allows you to import a text file into a new temporary capture.
|
|
It is discussed in more detail in <xref linkend="ChIOImportSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Close</command></entry>
|
|
<entry>Ctrl+W</entry>
|
|
<entry><para>
|
|
This menu item closes the current capture. If you
|
|
haven't saved the capture, you will be asked to do so first
|
|
(this can be disabled by a preference setting).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Save</command></entry>
|
|
<entry>Ctrl+S</entry>
|
|
<entry><para>
|
|
This menu item saves the current capture. If you
|
|
have not set a default capture file name (perhaps with
|
|
the -w <capfile> option), Wireshark pops up the
|
|
Save Capture File As dialog box (which is discussed
|
|
further in <xref linkend="ChIOSaveAs"/>).
|
|
</para><note>
|
|
<title>Note!</title>
|
|
<para>
|
|
If you have already saved the current capture, this
|
|
menu item will be greyed out.
|
|
</para>
|
|
</note><note>
|
|
<title>Note!</title>
|
|
<para>
|
|
You cannot save a live capture while the capture is in
|
|
progress. You must stop the capture in order to
|
|
save.
|
|
</para>
|
|
</note></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Save As...</command></entry>
|
|
<entry>Shift+Ctrl+S</entry>
|
|
<entry><para>
|
|
This menu item allows you to save the current capture
|
|
file to whatever file you would like. It pops up the
|
|
Save Capture File As dialog box (which is discussed
|
|
further in <xref linkend="ChIOSaveAs"/>).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>File Set > List Files</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item allows you to show a list of files in a file set.
|
|
It pops up the Wireshark List File Set dialog box (which is
|
|
discussed further in <xref linkend="ChIOFileSetSection"/>).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>File Set > Next File</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
If the currently loaded file is part of a file set, jump to the
|
|
next file in the set. If it isn't part of a file set or just the
|
|
last file in that set, this item is greyed out.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>File Set > Previous File</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
If the currently loaded file is part of a file set, jump to the
|
|
previous file in the set. If it isn't part of a file set or just
|
|
the first file in that set, this item is greyed out.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Export > File...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item allows you to export all (or some) of the packets in
|
|
the capture file to file.
|
|
It pops up the Wireshark Export dialog box (which is discussed further in
|
|
<xref linkend="ChIOExportSection"/>).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Export > Selected Packet Bytes...</command></entry>
|
|
<entry>Ctrl+H</entry>
|
|
<entry><para>
|
|
This menu item allows you to export the currently selected bytes
|
|
in the packet bytes pane to a binary file. It pops up the
|
|
Wireshark Export dialog box (which is discussed further in
|
|
<xref linkend="ChIOExportSelectedDialog"/>)
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Export > Objects > HTTP</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item allows you to export all or some of the captured HTTP objects
|
|
into local files. It pops up the Wireshark HTTP object list (which is discussed
|
|
further in <xref linkend="ChIOExportObjectsDialog"/>)
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Export > Objects > DICOM</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item allows you to export all or some of the captured DICOM objects
|
|
into local files. It pops up the Wireshark DICOM object list (which is discussed
|
|
further in <xref linkend="ChIOExportObjectsDialog"/>)
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Export > Objects > SMB</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item allows you to export all or some of the captured SMB objects
|
|
into local files. It pops up the Wireshark SMB object list (which is discussed
|
|
further in <xref linkend="ChIOExportObjectsDialog"/>)
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Print...</command></entry>
|
|
<entry>Ctrl+P</entry>
|
|
<entry><para>
|
|
This menu item allows you to print all (or some) of the packets in
|
|
the capture file. It pops up the Wireshark Print dialog
|
|
box (which is discussed further in
|
|
<xref linkend="ChIOPrintSection"/>).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Quit</command></entry>
|
|
<entry>Ctrl+Q</entry>
|
|
<entry><para>
|
|
This menu item allows you to quit from Wireshark.
|
|
Wireshark will ask to save your capture file if you haven't previously saved
|
|
it (this can be disabled by a preference setting).
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseEditMenuSection"><title>The "Edit" menu</title>
|
|
<para>
|
|
The Wireshark Edit menu contains the fields shown in
|
|
<xref linkend="ChUseTabEdit"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkEditMenu">
|
|
<title>The "Edit" Menu</title>
|
|
<graphic entityref="WiresharkEditMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseTabEdit" frame="none">
|
|
<title>Edit menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Copy > Description</command></entry>
|
|
<entry>Shift+Ctrl+D</entry>
|
|
<entry><para>
|
|
This menu item will copy the description of the selected item
|
|
in the detail view to the clipboard.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Copy > Fieldname</command></entry>
|
|
<entry>Shift+Ctrl+F</entry>
|
|
<entry><para>
|
|
This menu item will copy the fieldname of the selected item
|
|
in the detail view to the clipboard.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Copy > Value</command></entry>
|
|
<entry>Shift+Ctrl+V</entry>
|
|
<entry><para>
|
|
This menu item will copy the value of the selected item
|
|
in the detail view to the clipboard.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Copy > As Filter</command></entry>
|
|
<entry>Shift+Ctrl+C</entry>
|
|
<entry><para>
|
|
This menu item will use the selected item in the detail view to
|
|
create a display filter. This display filter is then copied to
|
|
the clipboard.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Find Packet...</command></entry>
|
|
<entry>Ctrl+F</entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box that allows you
|
|
to find a packet by many criteria.
|
|
There is further information on finding packets in
|
|
<xref linkend="ChWorkFindPacketSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Find Next</command></entry>
|
|
<entry>Ctrl+N</entry>
|
|
<entry><para>
|
|
This menu item tries to find the next packet matching the
|
|
settings from "Find Packet...".
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Find Previous</command></entry>
|
|
<entry>Ctrl+B</entry>
|
|
<entry><para>
|
|
This menu item tries to find the previous packet matching the
|
|
settings from "Find Packet...".
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Mark Packet (toggle)</command></entry>
|
|
<entry>Ctrl+M</entry>
|
|
<entry><para>
|
|
This menu item "marks" the currently selected packet. See
|
|
<xref linkend="ChWorkMarkPacketSection"/> for details.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Toggle Marking Of All Displayed Packets</command></entry>
|
|
<entry>Shift+Ctrl+Alt+M</entry>
|
|
<entry><para>
|
|
This menu item toggles the mark on all displayed packets.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Mark All Displayed Packets</command></entry>
|
|
<entry>Shift+Ctrl+M</entry>
|
|
<entry><para>
|
|
This menu item "marks" all displayed packets.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Unmark All Displayed Packets</command></entry>
|
|
<entry>Ctrl+Alt+M</entry>
|
|
<entry><para>
|
|
This menu item "unmarks" all displayed packets.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Find Next Mark</command></entry>
|
|
<entry>Shift+Ctrl+N</entry>
|
|
<entry><para>
|
|
Find the next marked packet.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Find Previous Mark</command></entry>
|
|
<entry>Shift+Ctrl+B</entry>
|
|
<entry><para>
|
|
Find the previous marked packet.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Ignore Packet (toggle)</command></entry>
|
|
<entry>Ctrl+D</entry>
|
|
<entry><para>
|
|
This menu item marks the currently selected packet as ignored.
|
|
See <xref linkend="ChWorkIgnorePacketSection"/> for details.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Ignore All Displayed Packets (toggle)</command></entry>
|
|
<entry>Shift+Ctrl+D</entry>
|
|
<entry><para>
|
|
This menu item marks all displayed packets as ignored.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Un-Ignore All Packets</command></entry>
|
|
<entry>Ctrl+Alt+D</entry>
|
|
<entry><para>
|
|
This menu item unmarks all ignored packets.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Set Time Reference (toggle)</command></entry>
|
|
<entry>Ctrl+T</entry>
|
|
<entry><para>
|
|
This menu item set a time reference on the currently selected
|
|
packet. See <xref linkend="ChWorkTimeReferencePacketSection"/> for more information
|
|
about the time referenced packets.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Un-Time Reference All Packets</command></entry>
|
|
<entry>Ctrl+Alt+T</entry>
|
|
<entry><para>
|
|
This menu item removes all time references on the packets.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Find Next Time Reference</command></entry>
|
|
<entry>Ctrl+Alt+N</entry>
|
|
<entry><para>
|
|
This menu item tries to find the next time referenced packet.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Find Previous Time Reference</command></entry>
|
|
<entry>Ctrl+Alt+B</entry>
|
|
<entry><para>
|
|
This menu item tries to find the previous time referenced packet.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Configuration Profiles...</command></entry>
|
|
<entry>Shift+Ctrl+A</entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box for handling configuration
|
|
profiles. More detail is provided in
|
|
<xref linkend="ChCustConfigProfilesSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Preferences...</command></entry>
|
|
<entry>Shift+Ctrl+P</entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box that allows
|
|
you to set preferences for many parameters that control
|
|
Wireshark. You can also save your preferences so Wireshark
|
|
will use them the next time you start it. More detail
|
|
is provided in <xref linkend="ChCustPreferencesSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseViewMenuSection"><title>The "View" menu</title>
|
|
<para>
|
|
The Wireshark View menu contains the fields shown in
|
|
<xref linkend="ChUseTabView"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkViewMenu">
|
|
<title>The "View" Menu</title>
|
|
<graphic entityref="WiresharkViewMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseTabView" frame="none">
|
|
<title>View menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Main Toolbar</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item hides or shows the main toolbar, see
|
|
<xref linkend="ChUseMainToolbarSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Filter Toolbar</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item hides or shows the filter toolbar, see
|
|
<xref linkend="ChUseFilterToolbarSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Wireless Toolbar (Windows only)</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item hides or shows the wireless toolbar. See
|
|
the AirPcap documentation for more information.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Statusbar</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item hides or shows the statusbar, see
|
|
<xref linkend="ChUseStatusbarSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Packet List</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item hides or shows the packet list pane, see
|
|
<xref linkend="ChUsePacketListPaneSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Packet Details</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item hides or shows the packet details pane, see
|
|
<xref linkend="ChUsePacketDetailsPaneSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Packet Bytes</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item hides or shows the packet bytes pane, see
|
|
<xref linkend="ChUsePacketBytesPaneSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Date and Time of Day: 1970-01-01 01:02:03.123456</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display the
|
|
time stamps in date and time of day format, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
<note><title>Note!</title>
|
|
<para>
|
|
The fields "Time of Day", "Date and Time of
|
|
Day", "Seconds Since Beginning of Capture", "Seconds Since
|
|
Previous Captured Packet" and "Seconds Since Previous
|
|
Displayed Packet" are mutually exclusive.
|
|
</para>
|
|
</note>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Time of Day: 01:02:03.123456</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time
|
|
stamps in time of day format, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Seconds Since Epoch (1970-01-01): 1234567890.123456</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time stamps in
|
|
seconds since 1970-01-01 00:00:00, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Seconds Since Beginning of Capture: 123.123456</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time
|
|
stamps in seconds since beginning of capture format, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Seconds Since Previous Captured Packet: 1.123456</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time stamps in
|
|
seconds since previous captured packet format, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Seconds Since Previous Displayed Packet: 1.123456</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time stamps in
|
|
seconds since previous displayed packet format, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > ------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Automatic (File Format Precision)</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time stamps with the
|
|
precision given by the capture file format used, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
<note><title>Note!</title>
|
|
<para>
|
|
The fields "Automatic", "Seconds" and "...seconds" are mutually exclusive.
|
|
</para>
|
|
</note>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Seconds: 0</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time stamps with a precision of one second, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > ...seconds: 0....</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time stamps with a precision of one second,
|
|
decisecond, centisecond, millisecond, microsecond or nanosecond, see
|
|
<xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Time Display Format > Display Seconds with hours and minutes</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Selecting this tells Wireshark to display time stamps in seconds,
|
|
with hours and minutes.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Name Resolution > Resolve Name</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This item allows you to trigger a name resolve of the current packet
|
|
only, see <xref linkend="ChAdvNameResolutionSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Name Resolution > Enable for MAC Layer</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This item allows you to control whether or not
|
|
Wireshark translates MAC addresses into names, see
|
|
<xref linkend="ChAdvNameResolutionSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Name Resolution > Enable for Network Layer</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This item allows you to control whether or not
|
|
Wireshark translates network addresses into names, see
|
|
<xref linkend="ChAdvNameResolutionSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Name Resolution > Enable for Transport Layer</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This item allows you to control whether or not
|
|
Wireshark translates transport addresses into names, see
|
|
<xref linkend="ChAdvNameResolutionSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Colorize Packet List</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This item allows you to control whether or not Wireshark should colorize
|
|
the packet list.</para>
|
|
<note><title>Note!</title><para>
|
|
Enabling colorization will slow down the display
|
|
of new packets while capturing / loading capture files.
|
|
</para></note></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Auto Scroll in Live Capture</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This item allows you to specify that Wireshark
|
|
should scroll the packet list pane as new packets come
|
|
in, so you are always looking at the last packet. If you
|
|
do not specify this, Wireshark simply adds new packets onto
|
|
the end of the list, but does not scroll the packet list
|
|
pane.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Zoom In</command></entry>
|
|
<entry>Ctrl++</entry>
|
|
<entry><para>
|
|
Zoom into the packet data (increase the font size).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Zoom Out</command></entry>
|
|
<entry>Ctrl+-</entry>
|
|
<entry><para>
|
|
Zoom out of the packet data (decrease the font size).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Normal Size</command></entry>
|
|
<entry>Ctrl+=</entry>
|
|
<entry><para>
|
|
Set zoom level back to 100% (set font size back to normal).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Resize All Columns</command></entry>
|
|
<entry>Shift+Ctrl+R</entry>
|
|
<entry><para>
|
|
Resize all column widths so the content will fit into it.
|
|
</para>
|
|
<note><title>Note!</title><para>
|
|
Resizing may take a significant amount of time, especially if a
|
|
large capture file is loaded.
|
|
</para></note>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Displayed Columns</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu items folds out with a list of all configured columns.
|
|
These columns can now be shown or hidden in the packet list.
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Expand Subtrees</command></entry>
|
|
<entry>Shift+Right</entry>
|
|
<entry><para>
|
|
This menu item expands the currently selected subtree in the
|
|
packet details tree.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Expand All</command></entry>
|
|
<entry>Ctrl+Right</entry>
|
|
<entry><para>
|
|
Wireshark keeps a list of all the protocol subtrees
|
|
that are expanded, and uses it to ensure that the
|
|
correct subtrees are expanded when you display a packet.
|
|
This menu item expands all subtrees in all packets in
|
|
the capture.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Collapse All</command></entry>
|
|
<entry>Ctrl+Left</entry>
|
|
<entry><para>
|
|
This menu item collapses the tree view of all packets
|
|
in the capture list.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Colorize Conversation</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a submenu that allows you
|
|
to color packets in the packet list pane based
|
|
on the addresses of the currently selected packet.
|
|
This makes it easy to distinguish packets
|
|
belonging to different conversations.
|
|
<xref linkend="ChCustColorizationSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Colorize Conversation > Color 1-10</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
These menu items enable one of the ten temporary color
|
|
filters based on the currently selected conversation.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Colorize Conversation > Reset coloring</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item clears all temporary coloring rules.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Colorize Conversation > New Coloring Rule...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item opens a dialog window in which a new
|
|
permanent coloring rule can be created based on the
|
|
currently selected conversation.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Coloring Rules...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box that allows you
|
|
to color packets in the packet list pane according to
|
|
filter expressions you choose. It can be very useful
|
|
for spotting certain types of packets, see
|
|
<xref linkend="ChCustColorizationSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Show Packet in New Window</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up the selected packet in a
|
|
separate window. The separate window shows only the
|
|
tree view and byte view panes.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Reload</command></entry>
|
|
<entry>Ctrl+R</entry>
|
|
<entry><para>
|
|
This menu item allows you to reload the current
|
|
capture file.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseGoMenuSection"><title>The "Go" menu</title>
|
|
<para>
|
|
The Wireshark Go menu contains the fields shown in
|
|
<xref linkend="ChUseTabGo"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkGoMenu">
|
|
<title>The "Go" Menu</title>
|
|
<graphic entityref="WiresharkGoMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseTabGo" frame="none">
|
|
<title>Go menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Back</command></entry>
|
|
<entry>Alt+Left</entry>
|
|
<entry><para>
|
|
Jump to the recently visited packet in the packet
|
|
history, much like the page history in a web browser.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Forward</command></entry>
|
|
<entry>Alt+Right</entry>
|
|
<entry><para>
|
|
Jump to the next visited packet in the packet
|
|
history, much like the page history in a web browser.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Go to Packet...</command></entry>
|
|
<entry>Ctrl+G</entry>
|
|
<entry><para>
|
|
Bring up a dialog box that allows you
|
|
to specify a packet number, and then goes to that packet. See
|
|
<xref linkend="ChWorkGoToPacketSection"/> for details.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Go to Corresponding Packet</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Go to the corresponding packet of the currently
|
|
selected protocol field. If the selected field doesn't correspond
|
|
to a packet, this item is greyed out.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Previous Packet</command></entry>
|
|
<entry>Ctrl+Up</entry>
|
|
<entry><para>
|
|
Move to the previous packet in the list. This can be
|
|
used to move to the previous packet even if the packet
|
|
list doesn't have keyboard focus.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Next Packet</command></entry>
|
|
<entry>Ctrl+Down</entry>
|
|
<entry><para>
|
|
Move to the next packet in the list. This can be
|
|
used to move to the previous packet even if the packet
|
|
list doesn't have keyboard focus.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>First Packet</command></entry>
|
|
<entry>Ctrl+Home</entry>
|
|
<entry><para>
|
|
Jump to the first packet of the capture file.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Last Packet</command></entry>
|
|
<entry>Ctrl+End</entry>
|
|
<entry><para>
|
|
Jump to the last packet of the capture file.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Previous Packet In Conversation</command></entry>
|
|
<entry>Ctrl+,</entry>
|
|
<entry><para>
|
|
Move to the previous packet in the current conversation. This can be
|
|
used to move to the previous packet even if the packet
|
|
list doesn't have keyboard focus.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Next Packet In Conversation</command></entry>
|
|
<entry>Ctrl+.</entry>
|
|
<entry><para>
|
|
Move to the next packet in the current conversation. This can be
|
|
used to move to the previous packet even if the packet
|
|
list doesn't have keyboard focus.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseCaptureMenuSection"><title>The "Capture" menu</title>
|
|
<para>
|
|
The Wireshark Capture menu contains the fields shown in
|
|
<xref linkend="ChUseTabCap"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkCaptureMenu">
|
|
<title>The "Capture" Menu</title>
|
|
<graphic entityref="WiresharkCaptureMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseTabCap" frame="none">
|
|
<title>Capture menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Interfaces...</command></entry>
|
|
<entry>Ctrl+I</entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box that shows what's going on
|
|
at the network interfaces Wireshark knows of, see
|
|
<xref linkend="ChCapInterfaceSection"/>) .
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Options...</command></entry>
|
|
<entry>Ctrl+K</entry>
|
|
<entry><para>
|
|
This menu item brings up the Capture Options
|
|
dialog box (discussed further in
|
|
<xref linkend="ChCapCaptureOptions"/>) and allows you to
|
|
start capturing packets.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Start</command></entry>
|
|
<entry>Ctrl+E</entry>
|
|
<entry><para>
|
|
Immediately start capturing packets with the same settings than
|
|
the last time.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Stop</command></entry>
|
|
<entry>Ctrl+E</entry>
|
|
<entry><para>
|
|
This menu item stops the currently running capture, see
|
|
<xref linkend="ChCapStopSection"/>) .
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Restart</command></entry>
|
|
<entry>Ctrl+R</entry>
|
|
<entry><para>
|
|
This menu item stops the currently running capture and starts
|
|
again with the same options, this is just for convenience.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Capture Filters...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box that allows you to
|
|
create and edit capture filters. You can name filters,
|
|
and you can save them for future use. More detail on
|
|
this subject is provided in
|
|
<xref linkend="ChWorkDefineFilterSection"/>
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseAnalyzeMenuSection"><title>The "Analyze" menu</title>
|
|
<para>
|
|
The Wireshark Analyze menu contains the fields shown in
|
|
<xref linkend="ChUseAnalyze"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkAnalyzeMenu">
|
|
<title>The "Analyze" Menu</title>
|
|
<graphic entityref="WiresharkAnalyzeMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseAnalyze" frame="none"><title>Analyze menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Display Filters...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box that allows you
|
|
to create and edit display filters. You can name
|
|
filters, and you can save them for future use. More
|
|
detail on this subject is provided in
|
|
<xref linkend="ChWorkDefineFilterSection"/>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Display Filter Macros...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box that allows you
|
|
to create and edit display filter macros. You can name
|
|
filter macros, and you can save them for future use. More
|
|
detail on this subject is provided in
|
|
<xref linkend="ChWorkDefineFilterMacrosSection"/>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Apply as Column</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item adds the selected protocol item in the packet details
|
|
pane as a column to the packet list.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Apply as Filter > ...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
These menu items will change the current display filter and apply
|
|
the changed filter immediately. Depending on the chosen menu item,
|
|
the current display filter string will be replaced or appended to
|
|
by the selected protocol field in the packet details pane.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Prepare a Filter > ...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
These menu items will change the current display filter but won't
|
|
apply the changed filter. Depending on the chosen menu item,
|
|
the current display filter string will be replaced or appended to
|
|
by the selected protocol field in the packet details pane.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Enabled Protocols...</command></entry>
|
|
<entry>Shift+Ctrl+E</entry>
|
|
<entry><para>
|
|
This menu item allows the user to enable/disable protocol
|
|
dissectors, see <xref linkend="ChAdvEnabledProtocols"/>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Decode As...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item allows the user to force Wireshark to
|
|
decode certain packets as a particular protocol, see
|
|
<xref linkend="ChAdvDecodeAs"/>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>User Specified Decodes...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item allows the user to force Wireshark to
|
|
decode certain packets as a particular protocol, see
|
|
<xref linkend="ChAdvDecodeAsShow"/>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Follow TCP Stream</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a separate window and displays
|
|
all the TCP segments captured that are on the same TCP
|
|
connection as a selected packet, see
|
|
<xref linkend="ChAdvFollowTCPSection"/>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Follow UDP Stream</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Same functionality as "Follow TCP Stream" but
|
|
for UDP streams.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Follow SSL Stream</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Same functionality as "Follow TCP Stream" but for SSL streams.
|
|
XXX - how to provide the SSL keys?
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Expert Info</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Open a dialog showing some expert information about the captured
|
|
packets in a log style display.
|
|
The amount of information will depend on the protocol and varies
|
|
from very detailed to none existing. This is currently a work in
|
|
progress. XXX - add a new section about this and link from here
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Expert Info Composite</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Same information as in "Expert Info" but trying to group items
|
|
together for faster analysis.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Conversation Filter > ...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
In this menu you will find conversation filter for various
|
|
protocols.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseStatisticsMenuSection"><title>The "Statistics" menu</title>
|
|
<para>
|
|
The Wireshark Statistics menu contains the fields shown in
|
|
<xref linkend="ChUseStatistics"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkStatisticsMenu">
|
|
<title>The "Statistics" Menu</title>
|
|
<graphic entityref="WiresharkStatisticsMenu" format="PNG"/>
|
|
</figure>
|
|
<para>
|
|
All menu items will bring up a new window showing specific statistical
|
|
information.
|
|
</para>
|
|
<table id="ChUseStatistics" frame="none">
|
|
<title>Statistics menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Summary</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Show information about the data captured, see <xref
|
|
linkend="ChStatSummary"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Protocol Hierarchy</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Display a hierarchical tree of protocol statistics, see <xref
|
|
linkend="ChStatHierarchy"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Conversations</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Display a list of conversations (traffic between two endpoints),
|
|
see <xref linkend="ChStatConversationsWindow"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Endpoints</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Display a list of endpoints (traffic to/from an address), see
|
|
<xref linkend="ChStatEndpointsWindow"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Packet Lengths...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>IO Graphs</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Display user specified graphs (e.g. the number of packets in the
|
|
course of time), see <xref linkend="ChStatIOGraphs"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Conversation List</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Display a list of conversations, obsoleted by the combined window
|
|
of Conversations above, see
|
|
<xref linkend="ChStatConversationListWindow"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Endpoint List</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Display a list of endpoints, obsoleted by the combined window
|
|
of Endpoints above, see
|
|
<xref linkend="ChStatEndpointListWindow"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Service Response Time</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
Display the time between a request and the corresponding response, see
|
|
<xref linkend="ChStatSRT"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>ANCP...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>BOOTP-DHCP...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Colledtd...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Compare...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Flow Graph...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>HTTP</command></entry>
|
|
<entry></entry>
|
|
<entry><para>HTTP request/response statistics, see <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>IP Addresses...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>IP Destinations...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>IP Protocol Types...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>ONC-RPC Programs</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Sametime</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>TCP Stream Graph</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>UDP Multicast Streams</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>WLAN Traffic</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChStatWLANTraffic"/></para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseTelephonyMenuSection"><title>The "Telephony" menu</title>
|
|
<para>
|
|
The Wireshark Telephony menu contains the fields shown in
|
|
<xref linkend="ChUseTelephony"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkTelephonyMenu">
|
|
<title>The "Telephony" Menu</title>
|
|
<graphic entityref="WiresharkTelephonyMenu" format="PNG"/>
|
|
</figure>
|
|
<para>
|
|
All menu items will bring up a new window showing specific telephony
|
|
related statistical information.
|
|
</para>
|
|
<table id="ChUseTelephony" frame="none">
|
|
<title>Telephony menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>IAX2</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>SMPP Operations...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>SCTP</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>ANSI</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>GSM</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>H.225...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>ISUP Messages...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>LTE</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelLTEMACTraffic"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>MTP3</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>RTP</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelRTPAnalysis"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>SIP...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>UCP Messages...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>VoIP Calls...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelVoipCalls"/></para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>WAP-WSP...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>See <xref linkend="ChTelXXX"/></para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseToolsMenuSection"><title>The "Tools" menu</title>
|
|
<para>
|
|
The Wireshark Tools menu contains the fields shown in
|
|
<xref linkend="ChUseTools"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkToolsMenu">
|
|
<title>The "Tools" Menu</title>
|
|
<graphic entityref="WiresharkToolsMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseTools" frame="none">
|
|
<title>Tools menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Firewall ACL Rules</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This allows you to create command-line ACL rules for many different
|
|
firewall products, including Cisco IOS, Linux Netfilter (iptables),
|
|
OpenBSD pf and Windows Firewall (via netsh). Rules for MAC addresses,
|
|
IPv4 addresses, TCP and UDP ports, and IPv4+port combinations are
|
|
supported.
|
|
</para><para>
|
|
It is assumed that the rules will be applied to an outside interface.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Lua</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
These options allow you to work with the Lua interpreter optionally
|
|
build into Wireshark, see <xref linkend="wsluarm_intro"/>.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseInternalsMenuSection"><title>The "Internals" menu</title>
|
|
<para>
|
|
The Wireshark Internals menu contains the fields shown in
|
|
<xref linkend="ChUseInternals"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkInternalsMenu">
|
|
<title>The "Internals" Menu</title>
|
|
<graphic entityref="WiresharkInternalsMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseInternals" frame="none">
|
|
<title>Help menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Dissector tables</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box showing the tables
|
|
with subdissector relationships.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Supported Protocols (slow!)</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up a dialog box showing the supported
|
|
protocols and protocol fields.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseHelpMenuSection"><title>The "Help" menu</title>
|
|
<para>
|
|
The Wireshark Help menu contains the fields shown in
|
|
<xref linkend="ChUseHelp"/>.
|
|
</para>
|
|
<figure id="ChUseWiresharkHelpMenu">
|
|
<title>The "Help" Menu</title>
|
|
<graphic entityref="WiresharkHelpMenu" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseHelp" frame="none">
|
|
<title>Help menu items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="72pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Menu Item</entry>
|
|
<entry>Accelerator</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><command>Contents</command></entry>
|
|
<entry>F1</entry>
|
|
<entry><para>
|
|
This menu item brings up a basic help system.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Manual Pages > ...</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item starts a Web browser showing one of the locally
|
|
installed html manual pages.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Website</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item starts a Web browser showing the
|
|
webpage from:
|
|
<ulink url="&WiresharkWebSite;">&WiresharkWebSite;</ulink>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>FAQ's</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item starts a Web browser showing various FAQ's.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Downloads</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item starts a Web browser showing the
|
|
downloads from:
|
|
<ulink url="&WiresharkWebSite;">&WiresharkWebSite;</ulink>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Wiki</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item starts a Web browser showing the
|
|
front page from:
|
|
<ulink url="&WiresharkWikiPage;">&WiresharkWikiPage;</ulink>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>Sample Captures</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item starts a Web browser showing the
|
|
sample captures from:
|
|
<ulink url="&WiresharkWikiPage;">&WiresharkWikiPage;</ulink>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>About Wireshark</command></entry>
|
|
<entry></entry>
|
|
<entry><para>
|
|
This menu item brings up an information window that
|
|
provides various detailed information items on Wireshark,
|
|
such as how it's build, the plugins loaded, the used folders, ...
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
Calling a Web browser might be unsupported in your version of Wireshark.
|
|
If this is the case, the corresponding menu items will be hidden.
|
|
</para>
|
|
</note>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
If calling a Web browser fails on your machine, maybe because just nothing
|
|
happens or the browser is started but no page is shown, have a look at the
|
|
web browser setting in the preferences dialog.
|
|
</para>
|
|
</note>
|
|
</section>
|
|
|
|
<section id="ChUseMainToolbarSection"><title>The "Main" toolbar</title>
|
|
<para>
|
|
The main toolbar provides quick access to frequently used items from the
|
|
menu. This toolbar cannot be customized by the user, but it can be hidden
|
|
using the View menu, if the space on the screen is needed to show even
|
|
more packet data.
|
|
</para>
|
|
<para>
|
|
As in the menu, only the items useful in the current program state will
|
|
be available. The others will be greyed out (e.g. you cannot save a capture
|
|
file if you haven't loaded one).
|
|
<figure id="ChUseWiresharkMainToolbar">
|
|
<title>The "Main" toolbar</title>
|
|
<graphic entityref="WiresharkMainToolbar" format="PNG"/>
|
|
</figure>
|
|
</para>
|
|
<table id="ChUseMainToolbar" frame="none">
|
|
<title>Main toolbar items</title>
|
|
<tgroup cols="4">
|
|
<colspec colnum="1" colwidth="40pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<colspec colnum="3" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Toolbar Icon</entry>
|
|
<entry>Toolbar Item</entry>
|
|
<entry>Corresponding Menu Item</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarCaptureInterfaces" format="PNG"/></entry>
|
|
<entry><command>Interfaces...</command></entry>
|
|
<entry>Capture/Interfaces...</entry>
|
|
<entry><para>
|
|
This item brings up the Capture Interfaces List
|
|
dialog box (discussed further in
|
|
<xref linkend="ChCapCapturingSection"/>).
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarCaptureOptions" format="PNG"/></entry>
|
|
<entry><command>Options...</command></entry>
|
|
<entry>Capture/Options...</entry>
|
|
<entry><para>
|
|
This item brings up the Capture Options
|
|
dialog box (discussed further in
|
|
<xref linkend="ChCapCapturingSection"/>) and allows you to
|
|
start capturing packets.
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarCaptureStart" format="PNG"/></entry>
|
|
<entry><command>Start</command></entry>
|
|
<entry>Capture/Start</entry>
|
|
<entry><para>
|
|
This item starts capturing packets with the options form
|
|
the last time.
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarCaptureStop" format="PNG"/></entry>
|
|
<entry><command>Stop</command></entry>
|
|
<entry>Capture/Stop</entry>
|
|
<entry><para>
|
|
This item stops the currently running live capture process
|
|
<xref linkend="ChCapCapturingSection"/>).
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarCaptureRestart" format="PNG"/></entry>
|
|
<entry><command>Restart</command></entry>
|
|
<entry>Capture/Restart</entry>
|
|
<entry><para>
|
|
This item stops the currently running live capture process
|
|
and restarts it again, for convenience.
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarOpen" format="PNG"/></entry>
|
|
<entry><command>Open...</command></entry>
|
|
<entry>File/Open...</entry>
|
|
<entry><para>
|
|
This item brings up the file open dialog box that
|
|
allows you to load a capture file for viewing. It is
|
|
discussed in more detail in <xref linkend="ChIOOpen"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarSaveAs" format="PNG"/></entry>
|
|
<entry><command>Save As...</command></entry>
|
|
<entry>File/Save As...</entry>
|
|
<entry><para>
|
|
This item allows you to save the current capture file to whatever
|
|
file you would like. It pops up the Save Capture File As dialog
|
|
box (which is discussed further in <xref linkend="ChIOSaveAs"/>).
|
|
</para>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
If you currently have a temporary capture file, the Save icon
|
|
<inlinegraphic entityref="WiresharkToolbarSave" format="PNG"/> will be
|
|
shown instead.
|
|
</para></note>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarClose" format="PNG"/></entry>
|
|
<entry><command>Close</command></entry>
|
|
<entry>File/Close</entry>
|
|
<entry><para>
|
|
This item closes the current capture. If you
|
|
have not saved the capture, you will be asked to save it first.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarReload" format="PNG"/></entry>
|
|
<entry><command>Reload</command></entry>
|
|
<entry>View/Reload</entry>
|
|
<entry><para>
|
|
This item allows you to reload the current capture file.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarPrint" format="PNG"/></entry>
|
|
<entry><command>Print...</command></entry>
|
|
<entry>File/Print...</entry>
|
|
<entry><para>
|
|
This item allows you to print all (or some of) the packets in
|
|
the capture file. It pops up the Wireshark Print dialog
|
|
box (which is discussed further in
|
|
<xref linkend="ChIOPrintSection"/>).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarFind" format="PNG"/></entry>
|
|
<entry><command>Find Packet...</command></entry>
|
|
<entry>Edit/Find Packet...</entry>
|
|
<entry><para>
|
|
This item brings up a dialog box that allows you
|
|
to find a packet. There is further information on finding packets
|
|
in <xref linkend="ChWorkFindPacketSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarGoBack" format="PNG"/></entry>
|
|
<entry><command>Go Back</command></entry>
|
|
<entry>Go/Go Back</entry>
|
|
<entry><para>
|
|
This item jumps back in the packet history.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarGoForward" format="PNG"/></entry>
|
|
<entry><command>Go Forward</command></entry>
|
|
<entry>Go/Go Forward</entry>
|
|
<entry><para>
|
|
This item jumps forward in the packet history.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarGoTo" format="PNG"/></entry>
|
|
<entry><command>Go to Packet...</command></entry>
|
|
<entry>Go/Go to Packet...</entry>
|
|
<entry><para>
|
|
This item brings up a dialog box that allows you
|
|
to specify a packet number to go to that packet.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarGoFirst" format="PNG"/></entry>
|
|
<entry><command>Go To First Packet</command></entry>
|
|
<entry>Go/First Packet</entry>
|
|
<entry><para>
|
|
This item jumps to the first packet of the capture file.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarGoLast" format="PNG"/></entry>
|
|
<entry><command>Go To Last Packet</command></entry>
|
|
<entry>Go/Last Packet</entry>
|
|
<entry><para>
|
|
This item jumps to the last packet of the capture file.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarColorize" format="PNG"/></entry>
|
|
<entry><command>Colorize</command></entry>
|
|
<entry>View/Colorize</entry>
|
|
<entry><para>
|
|
Colorize the packet list (or not).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarAutoScroll" format="PNG"/></entry>
|
|
<entry><command>Auto Scroll in Live Capture</command></entry>
|
|
<entry>View/Auto Scroll in Live Capture</entry>
|
|
<entry><para>
|
|
Auto scroll packet list while doing a live capture (or not).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarZoomIn" format="PNG"/></entry>
|
|
<entry><command>Zoom In</command></entry>
|
|
<entry>View/Zoom In</entry>
|
|
<entry><para>
|
|
Zoom into the packet data (increase the font size).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarZoomOut" format="PNG"/></entry>
|
|
<entry><command>Zoom Out</command></entry>
|
|
<entry>View/Zoom Out</entry>
|
|
<entry><para>
|
|
Zoom out of the packet data (decrease the font size).
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarZoom100" format="PNG"/></entry>
|
|
<entry><command>Normal Size</command></entry>
|
|
<entry>View/Normal Size</entry>
|
|
<entry><para>
|
|
Set zoom level back to 100%.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarResizeColumns" format="PNG"/></entry>
|
|
<entry><command>Resize Columns</command></entry>
|
|
<entry>View/Resize Columns</entry>
|
|
<entry><para>
|
|
Resize columns, so the content fits into them.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarCaptureFilters" format="PNG"/></entry>
|
|
<entry><command>Capture Filters...</command></entry>
|
|
<entry>Capture/Capture Filters...</entry>
|
|
<entry><para>
|
|
This item brings up a dialog box that allows you to
|
|
create and edit capture filters. You can name filters,
|
|
and you can save them for future use. More detail on
|
|
this subject is provided in
|
|
<xref linkend="ChWorkDefineFilterSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarDisplayFilters" format="PNG"/></entry>
|
|
<entry><command>Display Filters...</command></entry>
|
|
<entry>Analyze/Display Filters...</entry>
|
|
<entry><para>
|
|
This item brings up a dialog box that allows you
|
|
to create and edit display filters. You can name
|
|
filters, and you can save them for future use. More
|
|
detail on this subject is provided in
|
|
<xref linkend="ChWorkDefineFilterSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarColoringRules" format="PNG"/></entry>
|
|
<entry><command>Coloring Rules...</command></entry>
|
|
<entry>View/Coloring Rules...</entry>
|
|
<entry><para>
|
|
This item brings up a dialog box that allows you
|
|
color packets in the packet list pane according to
|
|
filter expressions you choose. It can be very useful
|
|
for spotting certain types of packets. More
|
|
detail on this subject is provided in
|
|
<xref linkend="ChCustColorizationSection"/>.
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarPreferences" format="PNG"/></entry>
|
|
<entry><command>Preferences...</command></entry>
|
|
<entry>Edit/Preferences</entry>
|
|
<entry><para>
|
|
This item brings up a dialog box that allows
|
|
you to set preferences for many parameters that control
|
|
Wireshark. You can also save your preferences so Wireshark
|
|
will use them the next time you start it. More detail
|
|
is provided in <xref linkend="ChCustPreferencesSection"/>
|
|
</para></entry>
|
|
</row>
|
|
<row>
|
|
<entry><command>------</command></entry>
|
|
<entry></entry>
|
|
<entry></entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarHelp" format="PNG"/></entry>
|
|
<entry><command>Help</command></entry>
|
|
<entry>Help/Contents</entry>
|
|
<entry><para>
|
|
This item brings up help dialog box.
|
|
</para></entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</section>
|
|
|
|
<section id="ChUseFilterToolbarSection"><title>The "Filter" toolbar</title>
|
|
<para>
|
|
The filter toolbar lets you quickly edit and apply display filters. More information on
|
|
display filters is available in <xref linkend="ChWorkDisplayFilterSection"/>.
|
|
<figure id="ChUseWiresharkFilterToolbar">
|
|
<title>The "Filter" toolbar</title>
|
|
<graphic entityref="WiresharkFilterToolbar" format="PNG"/>
|
|
</figure>
|
|
<table id="ChUseFilterToolbar" frame="none">
|
|
<title>Filter toolbar items</title>
|
|
<tgroup cols="3">
|
|
<colspec colnum="1" colwidth="40pt"/>
|
|
<colspec colnum="2" colwidth="80pt"/>
|
|
<thead>
|
|
<row>
|
|
<entry>Toolbar Icon</entry>
|
|
<entry>Toolbar Item</entry>
|
|
<entry>Description</entry>
|
|
</row>
|
|
</thead>
|
|
<tbody>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarDisplayFilters" format="PNG"/></entry>
|
|
<entry><command>Filter:</command></entry>
|
|
<entry><para>
|
|
Brings up the filter construction dialog, described in <xref linkend="FiltersDialog"/>.
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry></entry>
|
|
<entry>Filter input</entry>
|
|
<entry>
|
|
<para>
|
|
The area to enter or edit a display filter string,
|
|
see <xref linkend="ChWorkBuildDisplayFilterSection"/>
|
|
. A syntax check of your filter string is done while you are typing.
|
|
The background will turn red if you enter an incomplete or invalid
|
|
string, and will become green when you enter a valid string. You can
|
|
click on the pull down arrow to select a previously-entered filter
|
|
string from a list. The entries in the pull down list will remain
|
|
available even after a program restart.
|
|
</para>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
After you've changed something in this field, don't forget to press
|
|
the Apply button (or the Enter/Return key), to apply this filter
|
|
string to the display.
|
|
</para>
|
|
</note>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
This field is also where the current filter in effect is displayed.
|
|
</para>
|
|
</note>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarAdd" format="PNG"/></entry>
|
|
<entry><command>Expression...</command></entry>
|
|
<entry><para>
|
|
The middle button labeled "Add Expression..." opens a dialog box that lets
|
|
you edit a display filter from a list of protocol fields, described in
|
|
<xref linkend="ChWorkFilterAddExpressionSection"/>
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarClear" format="PNG"/></entry>
|
|
<entry><command>Clear</command></entry>
|
|
<entry><para>
|
|
Reset the current display filter and clears the edit area.
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
<row>
|
|
<entry><graphic entityref="WiresharkToolbarApply" format="PNG"/></entry>
|
|
<entry><command>Apply</command></entry>
|
|
<entry><para>
|
|
Apply the current value in the edit area as the new display filter.
|
|
<note><title>Note!</title>
|
|
<para>
|
|
Applying a display filter on large capture files might take quite a long time!
|
|
</para>
|
|
</note>
|
|
</para>
|
|
</entry>
|
|
</row>
|
|
</tbody>
|
|
</tgroup>
|
|
</table>
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChUsePacketListPaneSection"><title>The "Packet List" pane</title>
|
|
<para>
|
|
The packet list pane displays all the packets in the current capture
|
|
file.
|
|
<figure id="ChUseWiresharkListPane">
|
|
<title>The "Packet List" pane</title>
|
|
<graphic entityref="WiresharkListPane" format="PNG"/>
|
|
</figure>
|
|
Each line in the packet list corresponds to one packet in the capture
|
|
file. If you select a line in this pane, more details will be displayed in
|
|
the "Packet Details" and "Packet Bytes" panes.
|
|
</para>
|
|
<para>
|
|
While dissecting a packet, Wireshark will place information from the
|
|
protocol dissectors into the columns. As higher level protocols might
|
|
overwrite information from lower levels, you will typically see the
|
|
information from the highest possible level only.
|
|
</para>
|
|
<para>
|
|
For example, let's look at a packet containing TCP inside IP inside
|
|
an Ethernet packet. The Ethernet dissector will write its data (such as
|
|
the Ethernet addresses), the IP dissector will overwrite this by its own
|
|
(such as the IP addresses), the TCP dissector will overwrite the IP
|
|
information, and so on.
|
|
</para>
|
|
<para>
|
|
There are a lot of different columns available. Which columns are
|
|
displayed can be selected by preference settings, see
|
|
<xref linkend="ChCustPreferencesSection"/>.
|
|
</para>
|
|
<para>
|
|
The default columns will show:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><command>No.</command>
|
|
The number of the packet in the capture file. This number won't change,
|
|
even if a display filter is used.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>Time</command>
|
|
The timestamp of the packet. The presentation format of this timestamp
|
|
can be changed, see <xref linkend="ChWorkTimeFormatsSection"/>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>Source</command>
|
|
The address where this packet is coming from.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>Destination</command>
|
|
The address where this packet is going to.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>Protocol</command>
|
|
The protocol name in a short (perhaps abbreviated) version.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><command>Info</command>
|
|
Additional information about the packet content.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
<para>
|
|
There is a context menu (right mouse click) available, see details in
|
|
<xref linkend="ChWorkPacketListPanePopUpMenu"/>.
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChUsePacketDetailsPaneSection"><title>The "Packet Details" pane</title>
|
|
<para>
|
|
The packet details pane shows the current packet (selected in the "Packet List"
|
|
pane) in a more detailed form.
|
|
<figure id="ChUseWiresharkDetailsPane">
|
|
<title>The "Packet Details" pane</title>
|
|
<graphic entityref="WiresharkDetailsPane" format="PNG"/>
|
|
</figure>
|
|
</para>
|
|
<para>
|
|
This pane shows the protocols and protocol fields of the packet selected
|
|
in the "Packet List" pane. The protocols and fields of the packet are
|
|
displayed using a tree, which can be expanded and collapsed.
|
|
</para>
|
|
<para>
|
|
There is a context menu (right mouse click) available, see details in
|
|
<xref linkend="ChWorkPacketDetailsPanePopUpMenu"/>.
|
|
</para>
|
|
<para>
|
|
Some protocol fields are specially displayed.
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>Generated fields</command>
|
|
Wireshark itself will generate additional protocol fields which are
|
|
surrounded by brackets. The information in these fields is derived from the
|
|
known context to other packets in the capture file. For example, Wireshark
|
|
is doing a sequence/acknowledge analysis of each TCP stream,
|
|
which is displayed in the [SEQ/ACK analysis] fields of the TCP protocol.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>Links</command>
|
|
If Wireshark detected a relationship to another packet in the capture file,
|
|
it will generate a link to that packet. Links are underlined and displayed
|
|
in blue. If double-clicked, Wireshark jumps to the corresponding packet.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
|
|
<section id="ChUsePacketBytesPaneSection"><title>The "Packet Bytes" pane</title>
|
|
<para>
|
|
The packet bytes pane shows the data of the current packet (selected in the "Packet List"
|
|
pane) in a hexdump style.
|
|
<figure id="ChUseWiresharkBytesPane">
|
|
<title>The "Packet Bytes" pane</title>
|
|
<graphic entityref="WiresharkBytesPane" format="PNG"/>
|
|
</figure>
|
|
</para>
|
|
<para>
|
|
As usual for a hexdump, the left side shows the offset in the packet data,
|
|
in the middle the packet data is shown in a hexadecimal representation and
|
|
on the right the corresponding ASCII characters (or . if not appropriate)
|
|
are displayed.
|
|
</para>
|
|
<para>
|
|
Depending on the packet data, sometimes more than one page is available,
|
|
e.g. when Wireshark has reassembled some packets into a single chunk of
|
|
data, see <xref linkend="ChAdvReassemblySection"/>. In this case there are
|
|
some additional tabs shown at the bottom of the pane to let you select
|
|
the page you want to see.
|
|
<figure id="ChUseWiresharkBytesPaneTabs">
|
|
<title>The "Packet Bytes" pane with tabs</title>
|
|
<graphic entityref="WiresharkBytesPaneTabs" format="PNG"/>
|
|
</figure>
|
|
</para>
|
|
<note><title>Note!</title>
|
|
<para>
|
|
The additional pages might contain data picked from multiple packets.
|
|
</para>
|
|
</note>
|
|
<para>
|
|
The context menu (right mouse click) of the tab labels will show a list of
|
|
all available pages. This can be helpful if the size in the pane is too
|
|
small for all the tab labels.
|
|
</para>
|
|
</section>
|
|
|
|
<section id="ChUseStatusbarSection"><title>The Statusbar</title>
|
|
<para>
|
|
The statusbar displays informational messages.
|
|
</para>
|
|
<para>
|
|
In general, the left side will show context related information, the
|
|
middle part will show the current number of packets, and the right side will
|
|
show the selected configuration profile. Drag the handles between the text
|
|
areas to change the size.
|
|
</para>
|
|
<para>
|
|
<figure id="ChUseWiresharkStatusbarEmpty">
|
|
<title>The initial Statusbar</title>
|
|
<graphic entityref="WiresharkStatusbarEmpty" format="PNG"/>
|
|
</figure>
|
|
This statusbar is shown while no capture file is loaded, e.g. when
|
|
Wireshark is started.
|
|
</para>
|
|
<para>
|
|
<figure id="ChUseWiresharkStatusbarLoaded">
|
|
<title>The Statusbar with a loaded capture file</title>
|
|
<graphic entityref="WiresharkStatusbarLoaded" format="PNG"/>
|
|
</figure>
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<command>The colorized bullet</command> on the left shows the highest expert
|
|
info level found in the currently loaded capture file. Hovering the mouse
|
|
over this icon will show a textual description of the expert info level,
|
|
and clicking the icon will bring up the Expert Infos dialog box.
|
|
For a detailed description of expert info, see <xref linkend="ChAdvExpert"/>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>The left side</command> shows information about the capture file, its
|
|
name, its size and the elapsed time while it was being captured.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>The middle part</command> shows the current number of packets in the capture file.
|
|
The following values are displayed:
|
|
<itemizedlist mark="bullet">
|
|
<listitem>
|
|
<para><emphasis>Packets:</emphasis> the number of captured packets</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis>Displayed:</emphasis> the number of packets currently being
|
|
displayed</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis>Marked:</emphasis> the number of marked packets</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis>Dropped:</emphasis> the number of dropped packets (only displayed
|
|
if Wireshark was unable to capture all packets)</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis>Ignored:</emphasis> the number of ignored packets (only displayed
|
|
if packets are ignored)</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<command>The right side</command> shows the selected configuration profile.
|
|
Clicking in this part of the statusbar will bring up a menu with all available
|
|
configuration profiles, and selecting from this list will change the configuration profile.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
<figure id="ChUseWiresharkStatusbarProfile">
|
|
<title>The Statusbar with a configuration profile menu</title>
|
|
<graphic entityref="WiresharkStatusbarProfile" format="PNG"/>
|
|
</figure>
|
|
For a detailed description of configuration profiles, see
|
|
<xref linkend="ChCustConfigProfilesSection"/>.
|
|
</para>
|
|
<para>
|
|
<figure id="ChUseWiresharkStatusbarSelected">
|
|
<title>The Statusbar with a selected protocol field</title>
|
|
<graphic entityref="WiresharkStatusbarSelected" format="PNG"/>
|
|
</figure>
|
|
This is displayed if you have selected a protocol field from the
|
|
"Packet Details" pane.
|
|
</para>
|
|
<tip><title>Tip!</title>
|
|
<para>
|
|
The value between the brackets (in this example
|
|
<command>arp.opcode</command>) can be used as a display filter string,
|
|
representing the selected protocol field.
|
|
</para>
|
|
</tip>
|
|
<para>
|
|
<figure id="ChUseWiresharkStatusbarFilter">
|
|
<title>The Statusbar with a display filter message</title>
|
|
<graphic entityref="WiresharkStatusbarFilter" format="PNG"/>
|
|
</figure>
|
|
This is displayed if you are trying to use a display filter which
|
|
may have unexpected results. For a detailed description, see
|
|
<xref linkend="ChWorkBuildDisplayFilterMistake"/>.
|
|
</para>
|
|
|
|
</section>
|
|
|
|
</chapter>
|
|
<!-- End of WSUG Chapter 3 -->
|