diff options
| author | Gerald Combs <gerald@zing.org> | 2014-08-17 09:23:31 -0700 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2014-08-23 18:32:51 +0000 |
| commit | 02c5a12ee41c730211055b3252416e6e8c8f0748 (patch) | |
| tree | 9658a527e601cc00bb9d3d49c56f1aa77b7b3fb0 | |
| parent | 6854d8989ebfeef401544130e351552b238ec3f5 (diff) | |
| download | wireshark-02c5a12ee41c730211055b3252416e6e8c8f0748.tar.gz | |
WSUG: Convert the "User Interface" chapter to AsciiDoc.
Add the "asciidoc.conf" compatibility configuration file from
Asciidoctor. Although we don't use Asciidoctor it gives us macros that
keep us from losing some useful DocBook elements. Update various CMake
files to support multiple AsciiDoc configuration files.
Leave most of the content intact for now. Hopefully the other chapters
aren't as laden with markup.
Change-Id: Id69757342b86abb2b3130cb61e90f5695a26ea8a
Reviewed-on: https://code.wireshark.org/review/3680
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
| -rw-r--r-- | cmake/modules/FindASCIIDOC.cmake | 110 | ||||
| -rw-r--r-- | cmake/modules/FindXSLTPROC.cmake | 5 | ||||
| -rw-r--r-- | docbook/CMakeLists.txt | 52 | ||||
| -rw-r--r-- | docbook/Makefile.common | 6 | ||||
| -rw-r--r-- | docbook/Makefile.nmake | 5 | ||||
| -rw-r--r-- | docbook/asciidoctor-asciidoc.conf | 398 | ||||
| -rw-r--r-- | docbook/ws.css | 4 | ||||
| -rw-r--r-- | docbook/wsug_src/WSUG_chapter_use.asciidoc | 854 | ||||
| -rw-r--r-- | docbook/wsug_src/WSUG_chapter_use.xml | 2796 |
9 files changed, 1373 insertions, 2857 deletions
diff --git a/cmake/modules/FindASCIIDOC.cmake b/cmake/modules/FindASCIIDOC.cmake index 408f91e872..6850b43cf6 100644 --- a/cmake/modules/FindASCIIDOC.cmake +++ b/cmake/modules/FindASCIIDOC.cmake @@ -29,79 +29,113 @@ MARK_AS_ADVANCED(A2X_EXECUTABLE) MACRO( ASCIIDOC2HTML _output _asciidocsource _conffile ) GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE ) set( A2X_HTML_OPTS --stylesheet=ws.css ) + + SET( A2X_HTML_OPTS --stylesheet=ws.css ) + FOREACH( _conf_file ${_conf_files} ) + SET( _conf_opts_list ${_conf_opts_list} --conf_file=${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file} ) + ENDFOREACH() + STRING( REPLACE ";" " _conf_opts "${_conf_opts_list} ) + + FOREACH( _conf_file ${_conf_files} ) + SET( _conf_deps ${_conf_deps} ${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file} ) + ENDFOREACH() + ADD_CUSTOM_COMMAND( - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} OUTPUT ${_output} - COMMAND ${A2X_EXECUTABLE} - --format=xhtml - --destination-dir=${CMAKE_CURRENT_BINARY_DIR} - --asciidoc-opts="--conf-file=${CMAKE_CURRENT_SOURCE_DIR}/${_conffile}" - --fop - ${A2X_HTML_OPTS} - ${_asciidocsource} - # Replacing file with itself will fail - # COMMAND mv - # ${CMAKE_CURRENT_BINARY_DIR}/${_source_base_name}.html - # ${CMAKE_CURRENT_BINARY_DIR}/${_output} + COMMAND ${A2X_EXECUTABLE} + --format=xhtml + --destination-dir=${CMAKE_CURRENT_BINARY_DIR} + --asciidoc-opts=${_conf_opts} + --fop + ${A2X_HTML_OPTS} + ${_asciidocsource} + # Replacing file with itself will fail + # COMMAND mv + # ${CMAKE_CURRENT_BINARY_DIR}/${_source_base_name}.html + # ${CMAKE_CURRENT_BINARY_DIR}/${_output} DEPENDS ${_asciidocsources} + ${_conf_deps} ${_otherdependencies} ) ENDMACRO() -MACRO( ASCIIDOC2TXT _output _asciidocsource _conffile ) +MACRO( ASCIIDOC2TXT _output _asciidocsource _conf_files ) GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE ) if( LYNX_EXECUTABLE MATCHES lynx ) - set( A2X_TEXT_OPTS --lynx ) + set( A2X_TEXT_OPTS --lynx ) else() - set( A2X_TEXT_OPTS ) + set( A2X_TEXT_OPTS ) endif() + + SET( A2X_HTML_OPTS --stylesheet=ws.css ) + FOREACH( _conf_file ${_conf_files} ) + SET( _conf_opts_list ${_conf_opts_list} --conf_file=${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file} ) + ENDFOREACH() + STRING( REPLACE ";" " _conf_opts "${_conf_opts_list} ) + + FOREACH( _conf_file ${_conf_files} ) + SET( _conf_deps ${_conf_deps} ${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file} ) + ENDFOREACH() + ADD_CUSTOM_COMMAND( - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} OUTPUT ${_output} COMMAND ${A2X_EXECUTABLE} --format=text - --destination-dir=${CMAKE_CURRENT_BINARY_DIR} - --asciidoc-opts="--conf-file=${CMAKE_CURRENT_SOURCE_DIR}/${_conffile}" - --fop + --destination-dir=${CMAKE_CURRENT_BINARY_DIR} + --asciidoc-opts=${_conf_opts} + --fop ${A2X_TEXT_OPTS} --xsltproc-opts '--stringparam generate.toc "article nop"' ${_asciidocsource} - COMMAND mv - ${CMAKE_CURRENT_BINARY_DIR}/${_source_base_name}.text - ${CMAKE_CURRENT_BINARY_DIR}/${_output} + COMMAND mv + ${CMAKE_CURRENT_BINARY_DIR}/${_source_base_name}.text + ${CMAKE_CURRENT_BINARY_DIR}/${_output} DEPENDS ${_asciidocsource} - ${_conffile} + ${_conf_deps} ) ENDMACRO() # news: release-notes.txt # cp release-notes.txt ../NEWS -MACRO( ASCIIDOC2PDF _output _asciidocsource _conffile _paper ) +MACRO( ASCIIDOC2PDF _output _asciidocsource _conf_files _paper ) GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE ) - set( A2X_HTML_OPTS --stylesheet=ws.css ) + + SET( A2X_HTML_OPTS --stylesheet=ws.css ) + FOREACH( _conf_file ${_conf_files} ) + SET( _conf_opts_list ${_conf_opts_list} --conf_file=${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file} ) + ENDFOREACH() + STRING( REPLACE ";" " _conf_opts "${_conf_opts_list} ) + + FOREACH( _conf_file ${_conf_files} ) + SET( _conf_deps ${_conf_deps} ${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file} ) + ENDFOREACH() + ADD_CUSTOM_COMMAND( - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} OUTPUT ${_output} - COMMAND ${A2X_EXECUTABLE} - --format=pdf - --destination-dir=${CMAKE_CURRENT_BINARY_DIR} - --asciidoc-opts="--conf-file=${CMAKE_CURRENT_SOURCE_DIR}/${_conffile}" - --fop - ${A2X_HTML_OPTS} - --xsltproc-opts "--stringparam paper.type ${_paper} --nonet" - --xsl-file=custom_layer_pdf.xsl - ${_asciidocsource} - COMMAND mv - ${CMAKE_CURRENT_BINARY_DIR}/${_source_base_name}.pdf - ${CMAKE_CURRENT_BINARY_DIR}/${_output} + COMMAND ${A2X_EXECUTABLE} + --format=pdf + --destination-dir=${CMAKE_CURRENT_BINARY_DIR} + --asciidoc-opts=${_conf_opts} + --fop + ${A2X_HTML_OPTS} + --xsltproc-opts "--stringparam paper.type ${_paper} --nonet" + --xsl-file=custom_layer_pdf.xsl + ${_asciidocsource} + COMMAND mv + ${CMAKE_CURRENT_BINARY_DIR}/${_source_base_name}.pdf + ${CMAKE_CURRENT_BINARY_DIR}/${_output} DEPENDS ${_asciidocsources} + ${_conf_deps} ${_otherdependencies} ) ENDMACRO() diff --git a/cmake/modules/FindXSLTPROC.cmake b/cmake/modules/FindXSLTPROC.cmake index eef8d3693f..875809b6c0 100644 --- a/cmake/modules/FindXSLTPROC.cmake +++ b/cmake/modules/FindXSLTPROC.cmake @@ -69,7 +69,7 @@ MACRO(XML2HTML _validated _output _mode _xmlsources _gfxsources) -E copy ${CMAKE_CURRENT_SOURCE_DIR}/ws.css ${_OUTDIR} COMMAND ${XSLTPROC_EXECUTABLE} --path "${CMAKE_CURRENT_SOURCE_DIR}:${CMAKE_CURRENT_BINARY_DIR}:${CMAKE_CURRENT_BINARY_DIR}/wsluarm_src" - --stringparam img.src.path ${CMAKE_CURRENT_SOURCE_DIR} + --stringparam img.src.path ${CMAKE_CURRENT_SOURCE_DIR}/ --stringparam base.dir ${_OUTDIR}/ --stringparam use.id.as.filename 1 --stringparam admon.graphics 1 @@ -109,7 +109,7 @@ MACRO(XML2PDF _output _sources _stylesheet _paper) COMMAND ${XSLTPROC_EXECUTABLE} --path "${CMAKE_CURRENT_SOURCE_DIR}:${CMAKE_CURRENT_BINARY_DIR}:${CMAKE_CURRENT_BINARY_DIR}/wsluarm_src" --stringparam paper.type ${_paper} - --stringparam img.src.path ${CMAKE_CURRENT_SOURCE_DIR} + --stringparam img.src.path ${CMAKE_CURRENT_SOURCE_DIR}/ --stringparam base.dir ${_OUTDIR}/ --stringparam use.id.as.filename 1 --stringparam admon.graphics 1 @@ -126,4 +126,3 @@ MACRO(XML2PDF _output _sources _stylesheet _paper) ${_stylesheet} ) ENDMACRO(XML2PDF) - diff --git a/docbook/CMakeLists.txt b/docbook/CMakeLists.txt index 021bd88bb8..cf021de6e0 100644 --- a/docbook/CMakeLists.txt +++ b/docbook/CMakeLists.txt @@ -40,7 +40,7 @@ set(WSUG_FILES WSUG_chapter_statistics.xml wsug_src/WSUG_chapter_telephony.xml wsug_src/WSUG_chapter_troubleshoot.xml - wsug_src/WSUG_chapter_use.xml + WSUG_chapter_use.xml wsug_src/WSUG_chapter_work.xml wsug_src/WSUG_meta_info.xml WSUG_preface.xml @@ -52,6 +52,7 @@ set(WSDG_ASCIIDOC_FILES wsug_src/WSUG_chapter_build_install.asciidoc wsug_src/WSUG_chapter_introduction.asciidoc wsug_src/WSUG_chapter_statistics.asciidoc + wsug_src/WSUG_chapter_use.asciidoc wsug_src/WSUG_preface.asciidoc ) @@ -223,11 +224,23 @@ set(WSUG_SOURCE ${WSUG_GRAPHICS} ) -MACRO( ASCIIDOC2DOCBOOK _asciidocsource _conffile ) +set( ASCIIDOC_CONF_FILES asciidoc.conf asciidoctor-asciidoc.conf ) + +MACRO( ASCIIDOC2DOCBOOK _asciidocsource _conf_files ) GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE ) set( A2X_HTML_OPTS --stylesheet=ws.css ) set( _output_xml ${_source_base_name}.xml ) set( _output_dbk ${_source_base_name}.dbk ) + + foreach(_conf_file ${_conf_files}) + set( _conf_opts_list ${_conf_opts_list} --conf_file=${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file}) + endforeach() + string(REPLACE ";" " _conf_opts "${_conf_opts_list}) + + foreach(_conf_file ${_conf_files}) + set( _conf_deps ${_conf_deps} ${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file}) + endforeach() + ADD_CUSTOM_COMMAND( OUTPUT ${_output_xml} @@ -237,7 +250,7 @@ MACRO( ASCIIDOC2DOCBOOK _asciidocsource _conffile ) --verbose --attribute=docinfo --destination-dir=${CMAKE_CURRENT_BINARY_DIR} - --asciidoc-opts="--conf-file=${CMAKE_CURRENT_SOURCE_DIR}/${_conffile}" + --asciidoc-opts=${_conf_opts} --no-xmllint --format=docbook --fop @@ -245,23 +258,33 @@ MACRO( ASCIIDOC2DOCBOOK _asciidocsource _conffile ) ${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource} DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource} - ${CMAKE_CURRENT_SOURCE_DIR}/${_conffile} + ${_conf_deps} ${WSDG_GENERATED_FILES} ) ENDMACRO() -ASCIIDOC2DOCBOOK( developer-guide.asciidoc asciidoc.conf ) +ASCIIDOC2DOCBOOK( developer-guide.asciidoc "${ASCIIDOC_CONF_FILES}" ) SET( WSDG_GENERATED_FILES ) # Convert an AsciiDoc document to a DocBook chapter # Used for chapter-by-chapter conversion from DocBook to AsciiDoc. # Can be removed after the User's Guide is converted. # .asciidoc -> whole book (.dbk) -> chapter (.xml) -MACRO( ASCIIDOC2CHAPTER _asciidocsource _conffile ) +MACRO( ASCIIDOC2CHAPTER _asciidocsource _conf_files ) GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE ) set( A2X_HTML_OPTS --stylesheet=ws.css ) set( _output_xml ${_source_base_name}.xml ) set( _output_dbk ${_source_base_name}.dbk ) + + foreach(_conf_file ${_conf_files}) + set( _conf_opts_list ${_conf_opts_list} --conf_file=${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file}) + endforeach() + string(REPLACE ";" " _conf_opts "${_conf_opts_list}) + + foreach(_conf_file ${_conf_files}) + set( _conf_deps ${_conf_deps} ${CMAKE_CURRENT_SOURCE_DIR}/${_conf_file}) + endforeach() + ADD_CUSTOM_COMMAND( OUTPUT ${_output_xml} ${_output_dbk} @@ -270,7 +293,7 @@ MACRO( ASCIIDOC2CHAPTER _asciidocsource _conffile ) COMMAND ${A2X_EXECUTABLE} --verbose --destination-dir=${CMAKE_CURRENT_BINARY_DIR} - --asciidoc-opts="--conf-file=${CMAKE_CURRENT_SOURCE_DIR}/${_conffile}" + --asciidoc-opts=${_conf_opts} --no-xmllint --fop --format=docbook --doctype=book @@ -285,8 +308,8 @@ MACRO( ASCIIDOC2CHAPTER _asciidocsource _conffile ) > ${_output_xml} DEPENDS ${_outptudir} - ${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource} - ${CMAKE_CURRENT_SOURCE_DIR}/${_conffile} + ${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource} + ${_conf_deps} ) LIST( APPEND WSDG_GENERATED_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_output_xml} ) ENDMACRO() @@ -294,7 +317,7 @@ ENDMACRO() FOREACH(ASCIIDOCFILE ${WSDG_ASCIIDOC_FILES}) ASCIIDOC2CHAPTER( ${ASCIIDOCFILE} - asciidoc.conf + "${ASCIIDOC_CONF_FILES}" ) ENDFOREACH() @@ -452,26 +475,26 @@ ADD_CUSTOM_COMMAND( ASCIIDOC2HTML( release-notes.html release-notes.asciidoc - asciidoc.conf + "${ASCIIDOC_CONF_FILES}" ) ASCIIDOC2TXT( release-notes.txt release-notes.asciidoc - asciidoc.conf + "${ASCIIDOC_CONF_FILES}" ) ASCIIDOC2PDF( release-notes-a4.pdf release-notes.asciidoc - asciidoc.conf + "${ASCIIDOC_CONF_FILES}" A4 ) ASCIIDOC2PDF( release-notes-us.pdf release-notes.asciidoc - asciidoc.conf + "${ASCIIDOC_CONF_FILES}" letter ) @@ -489,4 +512,3 @@ ADD_CUSTOM_COMMAND( ${CMAKE_CURRENT_SOURCE_DIR}/make-wsluarm.pl ${WSLUA_MODULES} ) - diff --git a/docbook/Makefile.common b/docbook/Makefile.common index be2994716f..da34e9f5a7 100644 --- a/docbook/Makefile.common +++ b/docbook/Makefile.common @@ -14,7 +14,7 @@ WSUG_FILES = \ wsug_src/WSUG_chapter_statistics.asciidoc \ wsug_src/WSUG_chapter_telephony.xml \ wsug_src/WSUG_chapter_troubleshoot.xml \ - wsug_src/WSUG_chapter_use.xml \ + wsug_src/WSUG_chapter_use.asciidoc \ wsug_src/WSUG_chapter_work.xml \ wsug_src/WSUG_meta_info.xml \ wsug_src/WSUG_preface.asciidoc \ @@ -25,6 +25,7 @@ WSUG_GENERATED_SOURCE = \ wsug_src/WSUG_chapter_build_install.xml \ wsug_src/WSUG_chapter_introduction.xml \ wsug_src/WSUG_chapter_statistics.xml \ + wsug_src/WSUG_chapter_use.xml \ wsug_src/WSUG_preface.xml WSUG_GRAPHICS = \ @@ -226,7 +227,8 @@ WSDG_SOURCE = $(WSDG_GENERATED_SOURCE) $(WSDG_DIST) RELEASE_NOTES_SOURCE = \ release-notes.asciidoc \ Makefile.common \ - asciidoc.conf + asciidoc.conf \ + asciidoctor-asciidoc.conf CLEANFILES = \ *.chm \ diff --git a/docbook/Makefile.nmake b/docbook/Makefile.nmake index 3b72aeedb7..eb3e9c32ff 100644 --- a/docbook/Makefile.nmake +++ b/docbook/Makefile.nmake @@ -39,7 +39,7 @@ A2X_TEXT_OPTS=$(A2X_TEXT_OPTS) --lynx $(SH) << PATH=/usr/bin $(A2X) --verbose \ - --asciidoc-opts="--conf-file=asciidoc.conf" \ + --asciidoc-opts="--conf-file=asciidoc.conf --conf-file=asciidoctor-asciidoc.conf" \ --no-xmllint \ --format=docbook --doctype=book \ $< @@ -164,7 +164,7 @@ developer-guide.xml: developer-guide.asciidoc $(WSDG_FILES) PATH=/usr/bin $(A2X) --verbose \ --attribute=docinfo \ - --asciidoc-opts=\"--conf-file=asciidoc.conf\" \ + --asciidoc-opts="--conf-file=asciidoc.conf --conf-file=asciidoctor-asciidoc.conf" \ --no-xmllint \ --format=docbook \ developer-guide.asciidoc @@ -284,4 +284,3 @@ release-notes-a4.pdf: $(RELEASE_NOTES_SOURCE) custom_layer_pdf.xsl mv release-notes.pdf $@ _FORCE_: ## Assumption: no file named _FORCE_ exists in the current directory - diff --git a/docbook/asciidoctor-asciidoc.conf b/docbook/asciidoctor-asciidoc.conf new file mode 100644 index 0000000000..ad3409aa53 --- /dev/null +++ b/docbook/asciidoctor-asciidoc.conf @@ -0,0 +1,398 @@ +# This file is an AsciiDoc configuration file that makes +# AsciiDoc conform with Asciidoctor's fixes and customizations. +# +# Place this file in the same directory as your AsciiDoc document and the +# AsciiDoc processor (asciidoc) will automatically use it. + +# Copied from from https://raw.githubusercontent.com/asciidoctor/asciidoctor/master/compat/asciidoc.conf +# AsciiDoctor is available under the MIT license. + +[miscellaneous] +newline=\n + +[attributes] +# make html5 the default html backend +backend-alias-html=html5 +apostrophe=' +asterisk=* +backtick=` +brvbar=¦ +caret=^ +# plus introduced in AsciiDoc 8.6.9 +plus=+ +space=" " +tilde=~ +user-home={eval:os.path.expanduser('~')} +vbar=| +# NOTE use -a no-inline-literal to set compat-mode to default when using AsciiDoc Python +ifndef::no-inline-literal[] +compat-mode=legacy +endif::[] + +[replacements] +# right single quote +(?<!\\)`'=’ +# escaped right single quote +\\`'=`' + +[quotes] +# disable single quotes as constrained formatting marks for emphasis +# this change can also be made in the document using the attribute entry :quotes.': +ifdef::compat-mode[] +'= ++= +++= +`= +``=#monospaced +`|`=monospaced +\##=#mark +\#=mark +endif::[] + +# enables markdown-style headings +[titles] +sect0=^(=|#) +(?P<title>[\S].*?)(?: +\1)?$ +sect1=^(==|##) +(?P<title>[\S].*?)(?: +\1)?$ +sect2=^(===|###) +(?P<title>[\S].*?)(?: +\1)?$ +sect3=^(====|####) +(?P<title>[\S].*?)(?: +\1)?$ +sect4=^(=====|#####) +(?P<title>[\S].*?)(?: +\1)?$ +sect5=^(======|######) +(?P<title>[\S].*?)(?: +\1)?$ + +# Disable subs on pass block by default +[blockdef-pass] +subs=none + +# enables fenced code blocks +# FIXME I haven't sorted out yet how to do syntax highlighting +[blockdef-fenced-code] +delimiter=^```(?:\w+(?:,numbered)?)?$ +ifdef::language[] +style=source +template::[source-filter-style] +endif::language[] +ifndef::language[] +template=listingblock +subs=verbatim +posattrs=style +endif::language[] + +# enables blockquotes to be defined using two double quotes +[blockdef-air-quote] +template::[blockdef-quote] +delimiter=^""$ + +# markdown-style blockquote (paragraph only) +# FIXME does not strip leading > on subsequent lines +[paradef-markdown-quote] +delimiter=(?s)>\s*(?P<text>\S.*) +style=quote +quote-style=template="quoteparagraph",posattrs=("style","attribution","citetitle") + +# fix regex for callout list to require number; also makes markdown-style blockquote work +[listdef-callout] +posattrs=style +delimiter=^<?(?P<index>\d+>) +(?P<text>.+)$ +type=callout +tags=callout +style=arabic + +# enables literal block to be used as source block +[blockdef-literal] +template::[source-filter-style] + +# enables source block when source-highlighter is not defined +ifndef::source-highlighter[] +[source-filter-style] +source-style=template="listingblock",subs=("specialcharacters","callouts"),posattrs=("style","language","src_numbered","src_tab") + +[paradef-default] +template::[source-filter-style] + +[paradef-literal] +template::[source-filter-style] + +[blockdef-open] +template::[source-filter-style] + +[blockdef-listing] +template::[source-filter-style] +endif::source-highlighter[] + +[tabledef-csv] +template::[tabledef-default] +delimiter=^,={3,}$ +format=csv + +[tabledef-dsv] +template::[tabledef-default] +delimiter=^:={3,}$ +format=dsv + +[macros] +ifdef::no-inline-literal[] +(?su)\\?\+\+(?P<passtext>.*?)\+\+=pass[specialcharacters] +(?su)(?<![+\w])(\\?\+(?P<passtext>\S|\S.*?\S)\+)(?![+\w])=pass[specialcharacters] +endif::no-inline-literal[] + +# additional callout match behind line comments +#(?://|#|;;) ?\((?P<index>\d+)\)=callout +# additional callout match for XML +[\\]?<!--(?P<index>\d+)-->=callout + +# --- or *** or ___ or - - - or * * * or _ _ _ (in addition to the built-in ''') +^ {0,3}([-\*_])( *)\1\2\1$=#ruler + +# button:[Save] +(?su)(?<!\w)\\?button:\[(?P<attrlist>(?:\\\]|[^\]])+?)\]=button + +# kbd:[F11] or kbd:[Ctrl+T] or kbd:[Ctrl,T] +(?su)(?<!\w)\\?kbd:\[(?P<attrlist>(?:\\\]|[^\]])+?)\]=keyboard + +# menu:Search[] or menu:File[New...] or menu:View[Page Style, No Style] +# TODO implement menu:View[Page Style > No Style] syntax +(?su)(?<!\w)[\\]?(?P<name>menu):(?P<target>\w|\w.*?\S)?\[(?P<attrlist>.*?)\]= + +ifdef::basebackend-html[] + +[sect5] +<div class="sect5{style? {style}}{role? {role}}"> +<h6{id? id="{id}"}>{title}</h6> +| +</div> + +[button-inlinemacro] +<b class="button">{1}</b> + +[keyboard-inlinemacro] +{set2:keys:{eval:re.split(r'(?<!\+ |.\+)\+', '{1}')}} +{2%}{eval:len({keys}) == 1}<kbd>{1}</kbd> +{2%}{eval:len({keys}) == 2}<kbd class="combo"><kbd>{eval:{keys}[0].strip()}</kbd>+<kbd>{eval:{keys}[1].strip()}</kbd></kbd> +{2%}{eval:len({keys}) == 3}<kbd class="combo"><kbd>{eval:{keys}[0].strip()}</kbd>+<kbd>{eval:{keys}[1].strip()}</kbd>+<kbd>{eval:{keys}[2].strip()}</kbd></kbd> +{2#}{3%}<kbd class="combo"><kbd>{1}</kbd>+<kbd>{2}</kbd></kbd> +{3#}<kbd class="combo"><kbd>{1}</kbd>+<kbd>{2}</kbd>+<kbd>{3}</kbd></kbd> + +[menu-inlinemacro] +{1%}<span class="menu">{target}</span> +{1#}{2%}<span class="menuseq"><span class="menu">{target}</span> ▸ <span class="menuitem">{1}</span></span> +{2#}{3%}<span class="menuseq"><span class="menu">{target}</span> ▸ <span class="submenu">{1}</span> ▸ <span class="menuitem">{2}</span></span> +{3#}<span class="menuseq"><span class="menu">{target}</span> ▸ <span class="submenu">{1}</span> ▸ <span class="submenu">{2}</span> ▸ <span class="menuitem">{3}</span></span> + +[literal-inlinemacro] +<code>{passtext}</code> + +[tags] +emphasis=<em{1? class="{1}"}>|</em> +strong=<strong{1? class="{1}"}>|</strong> +monospaced=<code{1? class="{1}"}>|</code> +superscript=<sup{1? class="{1}"}>|</sup> +subscript=<sub{1? class="{1}"}>|</sub> +mark={1=<mark>}{1?<span class="{1}">}|{1?</span>}{1=</mark>} + +[monospacedwords] +<code>{words}</code> + +ifdef::linkattrs[] +[http-inlinemacro] +<a href="{name}:{target}"{id? id="{id}"}{role? class="{role}"}{window? target="{window}"}>{1={name}:{target}}</a> +[https-inlinemacro] +<a href="{name}:{target}"{id? id="{id}"}{role? class="{role}"}{window? target="{window}"}>{1={name}:{target}}</a> +[ftp-inlinemacro] +<a href="{name}:{target}"{id? id="{id}"}{role? class="{role}"}{window? target="{window}"}>{1={name}:{target}}</a> +[file-inlinemacro] +<a href="{name}:{target}"{id? id="{id}"}{role? class="{role}"}{window? target="{window}"}>{1={name}:{target}}</a> +[irc-inlinemacro] +<a href="{name}:{target}"{id? id="{id}"}{role? class="{role}"}{window? target="{window}"}>{1={name}:{target}}</a> +[mailto-inlinemacro] +<a href="mailto:{target}"{id? id="{id}"}{role? class="{role}"}{window? target="{window}"}>{1={target}}</a> +[link-inlinemacro] +<a href="{target}"{id? id="{id}"}{role? class="{role}"}{window? target="{window}"}>{1={target}}</a> +endif::linkattrs[] + +[listtags-numbered] +list=<div class="olist{style? {style}}{compact-option? compact}{role? {role}}"{id? id="{id}"}>{title?<div class="title">{title}</div>}<ol class="{style}"{style@loweralpha: type="a"}{style@lowerroman: type="i"}{style@upperalpha: type="A"}{style@upperroman: type="I"}{start? start="{start}"}>|</ol></div> + +[tabletags-monospaced] +paragraph=<p class="tableblock"><code>|</code></p> + +[sect0] +<h1{id? id="{id}"} class="sect0">{title}</h1> +| + +# support for document title in embedded documents +ifeval::[not config.header_footer] +[preamble] +<h1>{title={doctitle}}</h1>{set:title-rendered:} +<div id="preamble"> +<div class="sectionbody"> +| +</div> +{toc,toc2#}{toc-placement$preamble:}{template:toc} +</div> + +[sect1] +{title-rendered%}<h1>{doctitle}</h1> +<div class="sect1{style? {style}}{role? {role}}"> +<h2{id? id="{id}"}>{numbered?{sectnum} }{title}</h2> +<div class="sectionbody"> +| +</div> +</div> +endif::[] + +# override to add the admonition name to the class attribute of the outer element +[admonitionblock] +<div class="admonitionblock {name}{role? {role}}{unbreakable-option? unbreakable}"{id? id="{id}"}> +<table><tr> +<td class="icon"> +{data-uri%}{icons#}<img src="{icon={iconsdir}/{name}.png}" alt="{caption}"> +{data-uri#}{icons#}<img alt="{caption}" src="data:image/png;base64, +{data-uri#}{icons#}{sys:"{python}" -u -c "import base64,sys; base64.encode(sys.stdin,sys.stdout)" < "{eval:os.path.join(r"{indir={outdir}}",r"{icon={iconsdir}/{name}.png}")}"}"> +{icons%}<div class="title">{caption}</div> +</td> +<td class="content"> +<div class="title">{title}</div> +| +</td> +</tr></table> +</div> + +# modified so that: +# a. imagesdir is only prepended if target is not a uri or absolute path (relative path only) +# b. automatic alt text is calculated from basename of target without extension +# note that the escaped_target attribute must be set in order to use a uri in the conditional attribute reference +[image-inlinemacro] +<span class="image{role? {role}}"{float? style="float: {float}"}>{set2:escaped_target:{eval:'{target}'.replace(':','\:')}} +<a class="image" href="{link}"> +{data-uri%}<img src="{target@^(/|https?\://).*:{escaped_target}:{imagesdir?{imagesdir}}{imagesdir?/}{escaped_target}}" alt="{alt={eval:os.path.splitext(os.path.basename('{target}'))[0]}}"{width? width="{width}"}{height? height="{height}"}{title? title="{title}"}> +{data-uri#}<img alt="{alt={target}}"{width? width="{width}"}{height? height="{height}"}{title? title="{title}"} +{data-uri#}{sys:"{python}" -u -c "import mimetypes,base64,sys; print 'src=\"data:'+mimetypes.guess_type(r'{target}')[0]+';base64,'; base64.encode(sys.stdin,sys.stdout)" < "{eval:os.path.join(r"{indir={outdir}}",r"{imagesdir=}",r"{target}")}"}"> +{link#}</a> +</span> + +# modified so that: +# a. imagesdir is only prepended if target is not a uri or absolute path (relative path only) +# b. automatic alt text is calculated from basename of target without extension +# note that the escaped_target attribute must be set in order to use a uri in the conditional attribute reference +[image-blockmacro] +<div class="imageblock{style? {style}}{role? {role}}{unbreakable-option? unbreakable}"{id? id="{id}"}{align? style="text-align:{align};"}{float? style="float: {float}"}> +<div class="content">{set2:escaped_target:{eval:'{target}'.replace(':','\:')}} +<a class="image" href="{link}"> +{data-uri%}<img src="{target@^(/|https?\://).*:{escaped_target}:{imagesdir?{imagesdir}}{imagesdir?/}{escaped_target}}" alt="{alt={eval:os.path.splitext(os.path.basename('{target}'))[0]}}"{width? width="{width}"}{height? height="{height}"}> +{data-uri#}<img alt="{alt={target}}"{width? width="{width}"}{height? height="{height}"} +{data-uri#}{sys:"{python}" -u -c "import mimetypes,base64,sys; print 'src=\"data:'+mimetypes.guess_type(r'{target}')[0]+';base64,'; base64.encode(sys.stdin,sys.stdout)" < "{eval:os.path.join(r"{indir={outdir}}",r"{imagesdir=}",r"{target}")}"}"> +{link#}</a> +</div> +<div class="title">{caption={figure-caption} {counter:figure-number}. }{title}</div> +</div> + +# a common template for emitting the attribute for a quote or verse block +# don't output attribution div if attribution or citetitle are both empty +[attribution] +{attribution,citetitle#}<div class="attribution"> +— {attribution}{citetitle?<br>} +<cite>{citetitle}</cite> +{attribution,citetitle#}</div> + +# override to use blockquote element for content and cite element for cite title +[quoteblock] +<div class="quoteblock{role? {role}}{unbreakable-option? unbreakable}"{id? id="{id}"}> +<div class="title">{title}</div> +<blockquote> +| +</blockquote> +template::[attribution] +</div> + +# override to use cite element for cite title +[verseblock] +<div class="verseblock{role? {role}}{unbreakable-option? unbreakable}"{id? id="{id}"}> +<div class="title">{title}</div> +<pre class="content"> +| +</pre> +template::[attribution] +</div> + +# override tabletags to support cellbgcolor +[tabletags-default] +headdata=<th class="tableblock halign-{halign=left} valign-{valign=top}"{colspan@1:: colspan="{colspan}"}{rowspan@1:: rowspan="{rowspan}"}{cellbgcolor? style="background-color:{cellbgcolor};"}>|</th> +bodydata=<td class="tableblock halign-{halign=left} valign-{valign=top}"{colspan@1:: colspan="{colspan}"}{rowspan@1:: rowspan="{rowspan}"}{cellbgcolor? style="background-color:{cellbgcolor};"}>|</td> + +# override header cells to use th +[tabletags-header] +bodydata=<th class="tableblock halign-{halign=left} valign-{valign=top}" {colspan@1::colspan="{colspan}" }{rowspan@1::rowspan="{rowspan}" }>|</th> +paragraph=<p class="tableblock">|</p> + +[toc] +<div id="toc"> +<div id="toctitle">{toc-title}</div> +ifdef::toc2[] +<script type="text/javascript"> +document.body.className += ' toc2'; +document.getElementById('toc').className = 'toc2'; +</script> +endif::toc2[] +<noscript><p><b>JavaScript must be enabled in your browser to display the table of contents.</b></p></noscript> +</div> + +endif::basebackend-html[] + +# Override docinfo to support subtitle +ifdef::basebackend-docbook[] + +[sect5] +<section{id? id="{id}"}{role? role="{role}"}{reftext? xreflabel="{reftext}"}> +<title>{title}</title> +| +</section> + +[tags] +monospaced=<literal{1? role="{1}"}>|</literal> +subscript=<subscript{1? role="{1}"}>|</subscript> +superscript=<superscript{1? role="{1}"}>|</superscript> + +[button-inlinemacro] +<guibutton>{1}</guibutton> + +[keyboard-inlinemacro] +{set2:keys:{eval:re.split(r'(?<!\+ |.\+)\+', '{1}')}} +{2%}{eval:len({keys}) == 1}<keycap>{1}</keycap> +{2%}{eval:len({keys}) == 2}<keycombo><keycap>{eval:{keys}[0].strip()}</keycap><keycap>{eval:{keys}[1].strip()}</keycap></keycombo> +{2%}{eval:len({keys}) == 3}<keycombo><keycap>{eval:{keys}[0].strip()}</keycap><keycap>{eval:{keys}[1].strip()}</keycap><keycap>{eval:{keys}[2].strip()}</keycap></keycombo> +{2#}{3%}<keycombo><keycap>{1}</keycap><keycap>{2}</keycap></keycombo> +{3#}<keycombo><keycap>{1}</keycap><keycap>{2}</keycap><keycap>{3}</keycap></keycombo> + +[menu-inlinemacro] +{1%}<guimenu>{target}</guimenu> +{1#}{2%}<menuchoice><guimenu>{target}</guimenu> <guimenuitem>{1}</guimenuitem></menuchoice> +{2#}{3%}<menuchoice><guimenu>{target}</guimenu> <guisubmenu>{1}</guisubmenu> <guimenuitem>{2}</guimenuitem></menuchoice> +{3#}<menuchoice><guimenu>{target}</guimenu> <guisubmenu>{1}</guisubmenu> <guisubmenu>{2}</guisubmenu> <guimenuitem>{3}</guimenuitem></menuchoice> + +# override tabletags to support cellbgcolor +[tabletags-default] +headdata=<entry align="{halign}" valign="{valign}"{colspan@1:: namest="col_{colstart}" nameend="col_{colend}"}{morerows@0:: morerows="{morerows}"}>{cellbgcolor?<?dbfo bgcolor="{cellbgcolor}"?>}|</entry> +bodydata=<entry align="{halign}" valign="{valign}"{colspan@1:: namest="col_{colstart}" nameend="col_{colend}"}{morerows@0:: morerows="{morerows}"}>{cellbgcolor?<?dbfo bgcolor="{cellbgcolor}"?>}|</entry> + +[docinfo] +ifndef::notitle[] +{set2:subtitle_offset:{eval:'{doctitle}'.rfind(': ')}} +{eval:{subtitle_offset} != -1}<title>{eval:'{doctitle}'[0:{subtitle_offset}]}</title> +{eval:{subtitle_offset} != -1}<subtitle>{eval:'{doctitle}'[{subtitle_offset} + 2:]}</subtitle> +{eval:{subtitle_offset} < 0}<title>{doctitle}</title> +endif::notitle[] +<date>{revdate}</date> +# To ensure valid articleinfo/bookinfo when there is no AsciiDoc header. +{doctitle%}{revdate%}<date>{docdate}</date> +{authored#}<author> +<firstname>{firstname}</firstname> +<othername>{middlename}</othername> +<surname>{lastname}</surname> +<email>{email}</email> +{authored#}</author> +<authorinitials>{authorinitials}</authorinitials> +<revhistory><revision>{revnumber?<revnumber>{revnumber}</revnumber>}<date>{revdate}</date>{authorinitials?<authorinitials>{authorinitials}</authorinitials>}{revremark?<revremark>{revremark}</revremark>}</revision></revhistory> +{docinfo1,docinfo2#}{include:{docdir}/docinfo.xml} +{docinfo,docinfo2#}{include:{docdir}/{docname}-docinfo.xml} +<orgname>{orgname}</orgname> + +endif::basebackend-docbook[] diff --git a/docbook/ws.css b/docbook/ws.css index 7d55b3ff1e..19a93d248a 100644 --- a/docbook/ws.css +++ b/docbook/ws.css @@ -123,6 +123,10 @@ tt.literal, code.literal { padding: 0.5em 1em; } +.guibutton, .guimenu, .guimenuitem { + font-weight: bold; +} + div.sidebar { background: #ffffee; margin: 1.0em 10% 0.5em 0; diff --git a/docbook/wsug_src/WSUG_chapter_use.asciidoc b/docbook/wsug_src/WSUG_chapter_use.asciidoc new file mode 100644 index 0000000000..5243efbd91 --- /dev/null +++ b/docbook/wsug_src/WSUG_chapter_use.asciidoc @@ -0,0 +1,854 @@ +++++++++++++++++++++++++++++++++++++++ +<!-- WSUG User Interface Chapter --> +++++++++++++++++++++++++++++++++++++++ + +[[ChapterUsing]] + +== User Interface + +[[ChUseIntroductionSection]] + +=== Introduction + +By now you have installed Wireshark and are most likely keen to get started +capturing your first packets. In the next chapters we will explore: + +* How the Wireshark user interface works +* How to capture packets in Wireshark +* How to view packets in Wireshark +* How to filter packets in Wireshark +* ... and many other things! + +[[ChUseStartSection]] + +=== Start Wireshark + +You can start Wireshark from your shell or window manager. + +[TIP] +.Power user tip +==== +When starting Wireshark it's possible to specify optional settings using the +command line. See <<ChCustCommandLine>> for details. +==== + +In the following chapters a lot of screenshots from Wireshark will be shown. As +Wireshark runs on many different platforms with many different window managers, +different styles applied and there are different versions of the underlying GUI +toolkit used, your screen might look different from the provided screenshots. +But as there are no real differences in functionality these screenshots should +still be well understandable. + +[[ChUseMainWindowSection]] + +=== The Main window + +Let's look at Wireshark's user interface. <<ChUseFig01>> shows Wireshark as you +would usually see it after some packets are captured or loaded (how to do this +will be described later). + +[[ChUseFig01]] +.The Main window +image::wsug_graphics/ws-main.png[] + +Wireshark's main window consists of parts that are commonly known from many +other GUI programs. + +. The _menu_ (see <<ChUseMenuSection>>) is used to start actions. +. The _main toolbar_ (see <<ChUseMainToolbarSection>>) provides quick access to + frequently used items from the menu. +. The _filter toolbar_ (see <<ChUseFilterToolbarSection>>) provides a way to + directly manipulate the currently used display filter (see + <<ChWorkDisplayFilterSection>>). +. The _packet list pane_ (see <<ChUsePacketListPaneSection>>) displays a summary + of each packet captured. By clicking on packets in this pane you control what is + displayed in the other two panes. +. The _packet details pane_ (see <<ChUsePacketDetailsPaneSection>>) displays the + packet selected in the packet list pane in more detail. +. The _packet bytes pane_ (see <<ChUsePacketBytesPaneSection>>) displays the + data from the packet selected in the packet list pane, and highlights the field + selected in the packet details pane. +. The _statusbar_ (see <<ChUseStatusbarSection>>) shows some detailed + information about the current program state and the captured data. + +[TIP] +==== +The layout of the main window can be customized by changing preference settings. +See <<ChCustPreferencesSection>> for details! +==== + +[[ChUseMainWindowNavSection]] + +==== Main Window Navigation + +Packet list and detail navigation can be done entirely from the keyboard. +<<ChUseTabNav>> shows a list of keystrokes that will let you quickly move around +a capture file. See <<ChUseTabGo>> for additional navigation keystrokes. + +[[ChUseTabNav]] +.Keyboard Navigation +[options="header"] +|=============== +|Accelerator |Description +|kbd:[Tab], kbd:[Shift+Tab]| Move between screen elements, e.g. from the toolbars to the packet list to the packet detail. +|kbd:[Down] | Move to the next packet or detail item. +|kbd:[Up] |Move to the previous packet or detail item. +|kbd:[Ctrl+Down], kbd:[F8] |Move to the next packet, even if the packet list isn't focused. +|kbd:[Ctrl+Up], kbd:[F7] |Move to the previous packet, even if the packet list isn't focused. +|kbd:[Ctrl+.] |Move to the next packet of the conversation (TCP, UDP or IP) +|kbd:[Ctrl+,] |Move to the previous packet of the conversation (TCP, UDP or IP) +|kbd:[Left] |In the packet detail, closes the selected tree item. If it's already closed, jumps to the parent node. +|kbd:[Right] |In the packet detail, opens the selected tree item. +|kbd:[Shift+Right] |In the packet detail, opens the selected tree item and all of its subtrees. +|kbd:[Ctrl+Right] |In the packet detail, opens all tree items. +|kbd:[Ctrl+Left] |In the packet detail, closes all tree items. +|kbd:[Backspace] |In the packet detail, jumps to the parent node. +|kbd:[Return], kbd:[Enter] |In the packet detail, toggles the selected tree item. +|=============== + +Additionally, typing anywhere in the main window will start filling in a display filter. + +[[ChUseMenuSection]] + +=== The Menu + +Wireshark's main menu is located either at the top of the main window (Windows, +Linux) or at the top of your main screen (OS X). An example is shown in +<<ChUseWiresharkMenu>>. + +[NOTE] +==== +Some menu items will be disabled (greyed out( if the corresponding feature isn't +available. For example, you cannot save a capture file if you haven't captured +or loaded any packets. +==== + +[[ChUseWiresharkMenu]] +.The Menu +image::wsug_graphics/ws-menu.png[] + +The main menu contains the following items: + +menu:File[]:: +This menu contains items to open and merge capture files, save / print / export +capture files in whole or in part, and to quit from Wireshark. See +<<ChUseFileMenuSection>>. + +menu:Edit[]:: +This menu contains items to find a packet, time reference or mark one or more +packets, handle configuration profiles, and set your preferences; (cut, copy, +and paste are not presently implemented). See <<ChUseEditMenuSection>>. + +menu:View[]:: +This menu controls the display of the captured data, including colorization of +packets, zooming the font, showing a packet in a separate window, expanding and +collapsing trees in packet details, .... See <<ChUseViewMenuSection>>. + +menu:Go[]:: +This menu contains items to go to a specific packet. See <<ChUseGoMenuSection>>. + +menu:Capture[]:: +This menu allows you to start and stop captures and to edit capture filters. See +<<ChUseCaptureMenuSection>>. + +menu:Analyze[]:: +This menu contains items to manipulate display filters, enable or disable the +dissection of protocols, configure user specified decodes and follow a TCP +stream. See <<ChUseAnalyzeMenuSection>>. + +menu:Statistics[]:: +This menu contains items to display various statistic windows, including a +summary of the packets that have been captured, display protocol hierarchy +statistics and much more. See <<ChUseStatisticsMenuSection>>. + +menu:Telephony[]:: +This menu contains items to display various telephony related statistic windows, +including a media analysis, flow diagrams, display protocol hierarchy statistics +and much more. See <<ChUseTelephonyMenuSection>>. + +menu:Tools[]:: +This menu contains various tools available in Wireshark, such as creating +Firewall ACL Rules. See <<ChUseToolsMenuSection>>. + +menu:Internals[]:: +This menu contains items that show information about the internals of Wireshark. +See <<ChUseInternalsMenuSection>>. + +menu:Help[]:: +This menu contains items to help the user, e.g. access to some basic help, +manual pages of the various command line tools, online access to some of the +webpages, and the usual about dialog. See <<ChUseHelpMenuSection>>. + +Each of these menu items is described in more detail in the sections that follow. + +[TIP] +.Power user tip +==== +Most commonl menu items have keyboard shortcuts. For example, you can +press the Control (or Strg in German) and the K keys together to open the +capture dialog. +==== + +[[ChUseFileMenuSection]] + +=== The ``File'' menu + +The Wireshark file menu contains the fields shown in <<ChUseTabFile>>. + +[[ChUseWiresharkFileMenu]] +.The ``File'' Menu +image::wsug_graphics/ws-file-menu.png[] + +[[ChUseTabFile]] +.File menu items +[options="header"] +|=============== +|Menu Item |Accelerator |Description +|menu:Open...[] |kbd:[Ctrl+O]|This menu item brings up the file open dialog box that allows you to load a capture file for viewing. It is discussed in more detail in <<ChIOOpen>>. +|menu:Open Recent[] | |This menu item shows a submenu containing the recently opened capture files. Clicking on one of the submenu items will open the corresponding capture file directly. +|menu:Merge...[] | |This menu item brings up the merge file dialog box that allows you to merge a capture file into the currently loaded one. It is discussed in more detail in <<ChIOMergeSection>>. +|menu:Import from Hex Dump...[] | |This menu item brings up the import file dialog box that allows you to import a text file containing a hex dump into a new temporary capture. It is discussed in more detail in <<ChIOImportSection>>. +|menu:Close[] |kbd:[Ctrl+W]|This menu item closes the current capture. If you haven't saved the capture, you will be asked to do so first (this can be disabled by a preference setting). +|menu:Save[] |kbd:[Ctrl+S]| This menu item saves the current capture. If you have not set a default capture file name (perhaps with the -w <capfile> option), Wireshark pops up the Save Capture File As dialog box (which is discussed further in <<ChIOSaveAs>>). + +If you have already saved the current capture, this menu item will be greyed +out. + +You cannot save a live capture while the capture is in progress. You must +stop the capture in order to save. + +|menu:Save As...[] |kbd:[Shift+Ctrl+S]| This menu item allows you to save the current capture file to whatever file you would like. It pops up the Save Capture File As dialog box (which is discussed further in <<ChIOSaveAs>>). +|menu:File Set[List Files] || This menu item allows you to show a list of files in a file set. It pops up the Wireshark List File Set dialog box (which is discussed further in <<ChIOFileSetSection>>). +|menu:File Set[Next File] || If the currently loaded file is part of a file set, jump to the next file in the set. If it isn't part of a file set or just the last file in that set, this item is greyed out. +|menu:File Set[Previous File] || If the currently loaded file is part of a file set, jump to the previous file in the set. If it isn't part of a file set or just the first file in that set, this item is greyed out. +|menu:Export[File...] || This menu item allows you to export all (or some) of the packets in the capture file to file. It pops up the Wireshark Export dialog box (which is discussed further in <<ChIOExportSection>>). +|menu:Export[Selected Packet Bytes...]|kbd:[Ctrl+H]| This menu item allows you to export the currently selected bytes in the packet bytes pane to a binary file. It pops up the Wireshark Export dialog box (which is discussed further in <<ChIOExportSelectedDialog>>) +|menu:Export[Objects,HTTP] || This menu item allows you to export all or some of the captured HTTP objects into local files. It pops up the Wireshark HTTP object list (which is discussed further in <<ChIOExportObjectsDialog>>) +|menu:Export[Objects,DICOM] || This menu item allows you to export all or some of the captured DICOM objects into local files. It pops up the Wireshark DICOM object list (which is discussed further in <<ChIOExportObjectsDialog>>) +|menu:Export[Objects,SMB] || This menu item allows you to export all or some of the captured SMB objects into local files. It pops up the Wireshark SMB object list (which is discussed further in <<ChIOExportObjectsDialog>>) +|menu:Print...[] |kbd:[Ctrl+P]| This menu item allows you to print all (or some) of the packets in the capture file. It pops up the Wireshark Print dialog box (which is discussed further in <<ChIOPrintSection>>). +|menu:Quit[] |kbd:[Ctrl+Q]| This menu item allows you to quit from Wireshark. Wireshark will ask to save your capture file if you haven't previously saved it (this can be disabled by a preference setting). +|=============== + +[[ChUseEditMenuSection]] + +=== The ``Edit'' menu + +The Wireshark Edit menu contains the fields shown in <<ChUseTabEdit>>. + +[[ChUseWiresharkEditMenu]] +.The ``Edit'' Menu +image::wsug_graphics/ws-edit-menu.png[] + +[[ChUseTabEdit]] +.Edit menu items +[options="header"] +|=============== +|Menu Item |Accelerator |Description +|menu:Copy[Description] |kbd:[Shift+Ctrl+D]|This menu item will copy the description of the selected item in the detail view to the clipboard. +|menu:Copy[Fieldname] |kbd:[Shift+Ctrl+F]|This menu item will copy the fieldname of the selected item in the detail view to the clipboard. +|menu:Copy[Value] |kbd:[Shift+Ctrl+V]|This menu item will copy the value of the selected item in the detail view to the clipboard. +|menu:Copy[As Filter] |kbd:[Shift+Ctrl+C]|This menu item will use the selected item in the detail view to create a display filter. This display filter is then copied to the clipboard. +|menu:Find Packet...[] |kbd:[Ctrl+F] |This menu item brings up a dialog box that allows you to find a packet by many criteria. There is further information on finding packets in <<ChWorkFindPacketSection>>. +|menu:Find Next[] |kbd:[Ctrl+N] |This menu item tries to find the next packet matching the settings from ``Find Packet...''. +|menu:Find Previous[] |kbd:[Ctrl+B] |This menu item tries to find the previous packet matching the settings from ``Find Packet...''. +|menu:Mark/Unmark Packet[] |kbd:[Ctrl+M] |This menu item marks the currently selected packet. See <<ChWorkMarkPacketSection>> for details. +|menu:Mark All Displayed Packets[] |kbd:[Shift+Ctrl+M]|This menu item marks all displayed packets. +|menu:Unmark All Displayed Packets[] |kbd:[Ctrl+Alt+M] |This menu item unmarks all displayed packets. +|menu:Next Mark[] |kbd:[Shift+Alt+N] |Find the next marked packet. +|menu:Previous Mark[] |kbd:[Shift+Alt+B] |Find the previous marked packet. +|menu:Ignore/Unignore Packet[] |kbd:[Ctrl+D] |This menu item marks the currently selected packet as ignored. See <<ChWorkIgnorePacketSection>> for details. +|menu:Ignore All Displayed[] |kbd:[Shift+Ctrl+D]|This menu item marks all displayed packets as ignored. +|menu:Unignore All Displayed[] |kbd:[Ctrl+Alt+D] |This menu item unmarks all ignored packets. +|menu:Set/Unset Time Reference[] |kbd:[Ctrl+T] |This menu item set a time reference on the currently selected packet. See <<ChWorkTimeReferencePacketSection>> for more information about the time referenced packets. +|menu:Unset All Time References[] |kbd:[Ctrl+Alt+T] |This menu item removes all time references on the packets. +|menu:Next Time Reference[] |kbd:[Ctrl+Alt+N] |This menu item tries to find the next time referenced packet. +|menu:Previous Time Reference[] |kbd:[Ctrl+Alt+B] |This menu item tries to find the previous time referenced packet. +|menu:Configuration Profiles...[] |kbd:[Shift+Ctrl+A]|This menu item brings up a dialog box for handling configuration profiles. More detail is provided in <<ChCustConfigProfilesSection>>. +|menu:Preferences...[] |kbd:[Shift+Ctrl+P]|This menu item brings up a dialog box that allows you to set preferences for many parameters that control Wireshark. You can also save your preferences so Wireshark will use them the next time you start it. More detail is provided in <<ChCustPreferencesSection>>. +|=============== + +[[ChUseViewMenuSection]] + +=== The ``View'' menu + +The Wireshark View menu contains the fields shown in <<ChUseTabView>>. + +[[ChUseWiresharkViewMenu]] +.The ``View'' Menu +image::wsug_graphics/ws-view-menu.png[] + +[[ChUseTabView]] +.View menu items +[options="header"] +|=============== +|Menu Item |Accelerator|Description +|menu:Main Toolbar[] ||This menu item hides or shows the main toolbar, see <<ChUseMainToolbarSection>>. +|menu:Filter Toolbar[] ||This menu item hides or shows the filter toolbar, see <<ChUseFilterToolbarSection>>. +|menu:Wireless Toolbar[]||This menu item hides or shows the wireless toolbar. May not be present on some platforms. +|menu:Statusbar[] ||This menu item hides or shows the statusbar, see <<ChUseStatusbarSection>>. +|menu:Packet List[] ||This menu item hides or shows the packet list pane, see <<ChUsePacketListPaneSection>>. +|menu:Packet Details[] ||This menu item hides or shows the packet details pane, see <<ChUsePacketDetailsPaneSection>>. +|menu:Packet Bytes[] ||This menu item hides or shows the packet bytes pane, see <<ChUsePacketBytesPaneSection>>. +|menu:Time Display Format[Date and Time of Day: 1970-01-01 01:02:03.123456]|| Selecting this tells Wireshark to display the time stamps in date and time of day format, see <<ChWorkTimeFormatsSection>>. + +The fields "Time of Day", "Date and Time of Day", "Seconds Since Beginning of +Capture", "Seconds Since Previous Captured Packet" and "Seconds Since Previous +Displayed Packet" are mutually exclusive. + +|menu:Time Display Format[Time of Day: 01:02:03.123456]||Selecting this tells Wireshark to display time stamps in time of day format, see <<ChWorkTimeFormatsSection>>. +|menu:Time Display Format[Seconds Since Epoch (1970-01-01): 1234567890.123456]||Selecting this tells Wireshark to display time stamps in seconds since 1970-01-01 00:00:00, see <<ChWorkTimeFormatsSection>>. +|menu:Time Display Format[Seconds Since Beginning of Capture: 123.123456]||Selecting this tells Wireshark to display time stamps in seconds since beginning of capture format, see <<ChWorkTimeFormatsSection>>. +|menu:Time Display Format[Seconds Since Previous Captured Packet: 1.123456]||Selecting this tells Wireshark to display time stamps in seconds since previous captured packet format, see <<ChWorkTimeFormatsSection>>. +|menu:Time Display Format[Seconds Since Previous Displayed Packet: 1.123456]||Selecting this tells Wireshark to display time stamps in seconds since previous displayed packet format, see <<ChWorkTimeFormatsSection>>. +|menu:Time Display Format[Automatic (File Format Precision)]||Selecting this tells Wireshark to display time stamps with the precision given by the capture file format used, see <<ChWorkTimeFormatsSection>>. + +The fields "Automatic", "Seconds" and "...seconds" are mutually exclusive. + +|menu:Time Display Format[Seconds: 0]||Selecting this tells Wireshark to display time stamps with a precision of one second, see <<ChWorkTimeFormatsSection>>. +|menu:Time Display Format[...seconds: 0....]||Selecting this tells Wireshark to display time stamps with a precision of one second, decisecond, centisecond, millisecond, microsecond or nanosecond, see <<ChWorkTimeFormatsSection>>. +|menu:Time Display Format[Display Seconds with hours and minutes]||Selecting this tells Wireshark to display time stamps in seconds, with hours and minutes. +|menu:Name Resolution[Resolve Name]||This item allows you to trigger a name resolve of the current packet only, see <<ChAdvNameResolutionSection>>. +|menu:Name Resolution[Enable for MAC Layer]||This item allows you to control whether or not Wireshark translates MAC addresses into names, see <<ChAdvNameResolutionSection>>. +|menu:Name Resolution[Enable for Network Layer]||This item allows you to control whether or not Wireshark translates network addresses into names, see <<ChAdvNameResolutionSection>>. +|menu:Name Resolution[Enable for Transport Layer]||This item allows you to control whether or not Wireshark translates transport addresses into names, see <<ChAdvNameResolutionSection>>. +|menu:Colorize Packet List[]||This item allows you to control whether or not Wireshark should colorize the packet list. + +Enabling colorization will slow down the display of new packets while capturing / loading capture files. + +|menu:Auto Scroll in Live Capture[] | |This item allows you to specify that Wireshark should scroll the packet list pane as new packets come in, so you are always looking at the last packet. If you do not specify this, Wireshark simply adds new packets onto the end of the list, but does not scroll the packet list pane. +|menu:Zoom In[] |kbd:[Ctrl++] | Zoom into the packet data (increase the font size). +|menu:Zoom Out[] |kbd:[Ctrl+-] | Zoom out of the packet data (decrease the font size). +|menu:Normal Size[] |kbd:[Ctrl+=] | Set zoom level back to 100% (set font size back to normal). +|menu:Resize All Columns[] |kbd:[Shift+Ctrl+R] | Resize all column widths so the content will fit into it. + +Resizing may take a significant amount of time, especially if a large capture file is loaded. + +|menu:Displayed Columns[] | |This menu items folds out with a list of all configured columns. These columns can now be shown or hidden in the packet list. +|menu:Expand Subtrees[] |kbd:[Shift+࢐]|This menu item expands the currently selected subtree in the packet details tree. +|menu:Collapse Subtrees[] |kbd:[Shift+ࢎ]|This menu item collapses the currently selected subtree in the packet details tree. +|menu:Expand All[] |kbd:[Ctrl+࢐] |Wireshark keeps a list of all the protocol subtrees that are expanded, and uses it to ensure that the correct subtrees are expanded when you display a packet. This menu item expands all subtrees in all packets in the capture. +|menu:Collapse All[] |kbd:[Ctrl+ࢎ] |This menu item collapses the tree view of all packets in the capture list. +|menu:Colorize Conversation[] | |This menu item brings up a submenu that allows you to color packets in the packet list pane based on the addresses of the currently selected packet. This makes it easy to distinguish packets belonging to different conversations. <<ChCustColorizationSection>>. +|menu:Colorize Conversation[Color 1-10] | |These menu items enable one of the ten temporary color filters based on the currently selected conversation. +|menu:Colorize Conversation[Reset coloring] | |This menu item clears all temporary coloring rules. +|menu:Colorize Conversation[New Coloring Rule...] | |This menu item opens a dialog window in which a new permanent coloring rule can be created based on the currently selected conversation. +|menu:Coloring Rules...[] | |This menu item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets, see <<ChCustColorizationSection>>. +|menu:Show Packet in New Window[] | |This menu item brings up the selected packet in a separate window. The separate window shows only the tree view and byte view panes. +|menu:Reload[] |kbd:[Ctrl+R] |This menu item allows you to reload the current capture file. +|=============== + +[[ChUseGoMenuSection]] + +=== The ``Go'' menu + +The Wireshark Go menu contains the fields shown in <<ChUseTabGo>>. + +[[ChUseWiresharkGoMenu]] +.The ``Go'' Menu +image::wsug_graphics/ws-go-menu.png[] + +[[ChUseTabGo]] +.Go menu items +[options="header"] +|=============== +|Menu Item |Accelerator |Description +|menu:Back[] |kbd:[Alt+←] |Jump to the recently visited packet in the packet history, much like the page history in a web browser. +|menu:Forward[] |kbd:[Alt+→] |Jump to the next visited packet in the packet history, much like the page history in a web browser. +|menu:Go to Packet...[] |kbd:[Ctrl+G] |Bring up a window frame that allows you to specify a packet number, and then goes to that packet. See <<ChWorkGoToPacketSection>> for details. +|menu:Go to Corresponding Packet[] | |Go to the corresponding packet of the currently selected protocol field. If the selected field doesn't correspond to a packet, this item is greyed out. +|menu:Previous Packet[] |kbd:[Ctrl+↑]|Move to the previous packet in the list. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. +|menu:Next Packet[] |kbd:[Ctrl+↓]|Move to the next packet in the list. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. +|menu:First Packet[] |kbd:[Ctrl+Home] |Jump to the first packet of the capture file. +|menu:Last Packet[] |kbd:[Ctrl+End] |Jump to the last packet of the capture file. +|menu:Previous Packet In Conversation[] |kbd:[Ctrl+,] |Move to the previous packet in the current conversation. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. +|menu:Next Packet In Conversation[] |kbd:[Ctrl+.] |Move to the next packet in the current conversation. This can be used to move to the previous packet even if the packet list doesn't have keyboard focus. +|=============== + +[[ChUseCaptureMenuSection]] + +=== The ``Capture'' menu + +The Wireshark Capture menu contains the fields shown in <<ChUseTabCap>>. + +[[ChUseWiresharkCaptureMenu]] +.The ``Capture'' Menu +image::wsug_graphics/ws-capture-menu.png[] + +[[ChUseTabCap]] +.Capture menu items +[options="header"] +|=============== +|Menu Item |Accelerator |Description +|menu:Interfaces...[] |kbd:[Ctrl+I] |This menu item brings up a dialog box that shows what's going on at the network interfaces Wireshark knows of, see <<ChCapInterfaceSection>>) . +|menu:Options...[] |kbd:[Ctrl+K] |This menu item brings up the Capture Options dialog box (discussed further in <<ChCapCaptureOptions>>) and allows you to start capturing packets. +|menu:Start[] |kbd:[Ctrl+E] |Immediately start capturing packets with the same settings than the last time. +|menu:Stop[] |kbd:[Ctrl+E] |This menu item stops the currently running capture, see <<ChCapStopSection>>) . +|menu:Restart[] |kbd:[Ctrl+R] |This menu item stops the currently running capture and starts again with the same options, this is just for convenience. +|menu:Capture Filters...[] | |This menu item brings up a dialog box that allows you to create and edit capture filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>> +|=============== + +[[ChUseAnalyzeMenuSection]] + +=== The ``Analyze'' menu + +The Wireshark Analyze menu contains the fields shown in <<ChUseAnalyze>>. + +[[ChUseWiresharkAnalyzeMenu]] +.The ``Analyze'' Menu +image::wsug_graphics/ws-analyze-menu.png[] + +[[ChUseAnalyze]] +.Analyze menu items +[options="header"] +|=============== +|Menu Item|Accelerator|Description +|menu:Display Filters...[] ||This menu item brings up a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>> +|menu:Display Filter Macros...[] ||This menu item brings up a dialog box that allows you to create and edit display filter macros. You can name filter macros, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterMacrosSection>> +|menu:Apply as Column[] ||This menu item adds the selected protocol item in the packet details pane as a column to the packet list. +|menu:Apply as Filter[...] ||These menu items will change the current display filter and apply the changed filter immediately. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane. +|menu:Prepare a Filter[...] ||These menu items will change the current display filter but won't apply the changed filter. Depending on the chosen menu item, the current display filter string will be replaced or appended to by the selected protocol field in the packet details pane. +|menu:Enabled Protocols...[] |kbd:[Shift+Ctrl+E]|This menu item allows the user to enable/disable protocol dissectors, see <<ChAdvEnabledProtocols>> +|menu:Decode As...[] ||This menu item allows the user to force Wireshark to decode certain packets as a particular protocol, see <<ChAdvDecodeAs>> +|menu:User Specified Decodes...[] ||This menu item allows the user to force Wireshark to decode certain packets as a particular protocol, see <<ChAdvDecodeAsShow>> +|menu:Follow TCP Stream[] ||This menu item brings up a separate window and displays all the TCP segments captured that are on the same TCP connection as a selected packet, see <<ChAdvFollowTCPSection>> +|menu:Follow UDP Stream[] ||Same functionality as ``Follow TCP Stream'' but for UDP streams. +|menu:Follow SSL Stream[] ||Same functionality as ``Follow TCP Stream'' but for SSL streams. XXX - how to provide the SSL keys? +|menu:Expert Info[] ||Open a dialog showing some expert information about the captured packets. The amount of information will depend on the protocol and varies from very detailed to non-existent. XXX - add a new section about this and link from here +|menu:Conversation Filter[...] ||In this menu you will find conversation filter for various protocols. +|=============== + +[[ChUseStatisticsMenuSection]] + +=== The ``Statistics'' menu + +The Wireshark Statistics menu contains the fields shown in <<ChUseStatistics>>. + +[[ChUseWiresharkStatisticsMenu]] +.The ``Statistics'' Menu +image::wsug_graphics/ws-statistics-menu.png[] + +All menu items will bring up a new window showing specific statistical information. + +[[ChUseStatistics]] +.Statistics menu items +[options="header"] +|=============== +|Menu Item|Accelerator|Description +|menu:Summary[]|| Show information about the data captured, see <<ChStatSummary>>. +|menu:Protocol Hierarchy[]|| Display a hierarchical tree of protocol statistics, see <<ChStatHierarchy>>. +|menu:Conversations[]|| Display a list of conversations (traffic between two endpoints), see <<ChStatConversationsWindow>>. +|menu:Endpoints[]|| Display a list of endpoints (traffic to/from an address), see <<ChStatEndpointsWindow>>. +|menu:Packet Lengths...[]||See <<ChStatXXX>> +|menu:IO Graphs[]|| Display user specified graphs (e.g. the number of packets in the course of time), see <<ChStatIOGraphs>>. +|menu:Service Response Time[]|| Display the time between a request and the corresponding response, see <<ChStatSRT>>. +|menu:ANCP[]||See <<ChStatXXX>> +|menu:Colledtd...[]||See <<ChStatXXX>> +|menu:Compare...[]||See <<ChStatXXX>> +|menu:Flow Graph...[]||See <<ChStatXXX>> +|menu:HTTP[]||HTTP request/response statistics, see <<ChStatXXX>> +|menu:IP Addresses...[]||See <<ChStatXXX>> +|menu:IP Destinations...[]||See <<ChStatXXX>> +|menu:IP Protocol Types...[]||See <<ChStatXXX>> +|menu:ONC-RPC Programs[]||See <<ChStatXXX>> +|menu:Sametime[]||See <<ChStatXXX>> +|menu:TCP Stream Graph[]||See <<ChStatXXX>> +|menu:UDP Multicast Streams[]||See <<ChStatXXX>> +|menu:WLAN Traffic[]||See <<ChStatWLANTraffic>> +|menu:BOOTP-DHCP[]||See <<ChStatXXX>> + +|=============== + +[[ChUseTelephonyMenuSection]] + +=== The ``Telephony'' menu + +The Wireshark Telephony menu contains the fields shown in <<ChUseTelephony>>. + +[[ChUseWiresharkTelephonyMenu]] +.The ``Telephony'' Menu +image::wsug_graphics/ws-telephony-menu.png[] + +All menu items will bring up a new window showing specific telephony related statistical information. + +[[ChUseTelephony]] +.Telephony menu items +[options="header"] +|=============== +|Menu Item|Accelerator|Description +|menu:IAX2[]||See <<ChTelXXX>> +|menu:SMPP Operations...[]||See <<ChTelXXX>> +|menu:SCTP[]||See <<ChTelXXX>> +|menu:ANSI[]||See <<ChTelXXX>> +|menu:GSM[]||See <<ChTelXXX>> +|menu:H.225...[]||See <<ChTelXXX>> +|menu:ISUP Messages...[]||See <<ChTelXXX>> +|menu:LTE[]||See <<ChTelLTEMACTraffic>> +|menu:MTP3[]||See <<ChTelXXX>> +|menu:RTP[]||See <<ChTelRTPAnalysis>> +|menu:SIP...[]||See <<ChTelXXX>> +|menu:UCP Messages...[]||See <<ChTelXXX>> +|menu:VoIP Calls...[]||See <<ChTelVoipCalls>> +|menu:WAP-WSP...[]||See <<ChTelXXX>> + +|=============== + +[[ChUseToolsMenuSection]] + +=== The ``Tools'' menu + +The Wireshark Tools menu contains the fields shown in <<ChUseTools>>. + +[[ChUseWiresharkToolsMenu]] +.The ``Tools'' Menu +image::wsug_graphics/ws-tools-menu.png[] + +[[ChUseTools]] +.Tools menu items +[options="header"] +|=============== +|Menu Item|Accelerator|Description +|menu:Firewall ACL Rules[]|| This allows you to create command-line ACL rules for many different firewall products, including Cisco IOS, Linux Netfilter (iptables), OpenBSD pf and Windows Firewall (via netsh). Rules for MAC addresses, IPv4 addresses, TCP and UDP ports, and IPv4+port combinations are supported. + +It is assumed that the rules will be applied to an outside interface. + +|menu:Lua[]|| These options allow you to work with the Lua interpreter optionally build into Wireshark, see <<wsluarm_intro>>. +|=============== + +[[ChUseInternalsMenuSection]] + +=== The ``Internals'' menu + +The Wireshark Internals menu contains the fields shown in <<ChUseInternals>>. + +[[ChUseWiresharkInternalsMenu]] +.The ``Internals'' Menu +image::wsug_graphics/ws-internals-menu.png[] + +[[ChUseInternals]] +.Help menu items +[options="header"] +|=============== +|Menu Item|Accelerator|Description +|menu:Dissector tables[]|| This menu item brings up a dialog box showing the tables with subdissector relationships. +|menu:Supported Protocols (slow!)[]|| This menu item brings up a dialog box showing the supported protocols and protocol fields. +|=============== + +[[ChUseHelpMenuSection]] + +=== The ``Help'' menu + +The Wireshark Help menu contains the fields shown in <<ChUseHelp>>. + +[[ChUseWiresharkHelpMenu]] +.The ``Help'' Menu +image::wsug_graphics/ws-help-menu.png[] + +[[ChUseHelp]] +.Help menu items +[options="header"] +|=============== +|Menu Item|Accelerator|Description +|menu:Contents[]|F1| This menu item brings up a basic help system. +|menu:Manual Pages[...]|| This menu item starts a Web browser showing one of the locally installed html manual pages. +|menu:Website[]|| This menu item starts a Web browser showing the webpage from: link:$$wireshark-web-site:[]$$[wireshark-web-site:[]]. +|menu:FAQ's[]|| This menu item starts a Web browser showing various FAQ's. +|menu:Downloads[]|| This menu item starts a Web browser showing the downloads from: link:$$wireshark-web-site:[]$$[wireshark-web-site:[]]. +|menu:Wiki[]|| This menu item starts a Web browser showing the front page from: link:$$wireshark-wiki-site:[]$$[wireshark-wiki-site:[]]. +|menu:Sample Captures[]|| This menu item starts a Web browser showing the sample captures from: link:$$wireshark-wiki-site:[]$$[wireshark-wiki-site:[]]. +|menu:About Wireshark[]|| This menu item brings up an information window that provides various detailed information items on Wireshark, such as how it's build, the plugins loaded, the used folders, ... + +|=============== + +[NOTE] +==== +Opening a Web browser might be unsupported in your version of Wireshark. If this +is the case the corresponding menu items will be hidden. + +If calling a Web browser fails on your machine, nothing happens, or the browser +starts but no page is shown, have a look at the web browser setting in the +preferences dialog. +==== + +[[ChUseMainToolbarSection]] + +=== The ``Main'' toolbar + +The main toolbar provides quick access to frequently used items from the menu. +This toolbar cannot be customized by the user, but it can be hidden using the +View menu, if the space on the screen is needed to show even more packet data. + +As in the menu, only the items useful in the current program state will be +available. The others will be greyed out (e.g. you cannot save a capture file if +you haven't loaded one). + +[[ChUseWiresharkMainToolbar]] + +.The ``Main'' toolbar +image::wsug_graphics/ws-main-toolbar.png[] + +[[ChUseMainToolbar]] +.Main toolbar items +[options="header"] +|=============== +|Toolbar Icon|Toolbar Item|Corresponding Menu Item|Description +|image:wsug_graphics/toolbar/capture_interfaces_24.png[] |button:[Interfaces...]|menu:Capture[Interfaces...]| This item brings up the Capture Interfaces List dialog box (discussed further in <<ChCapCapturingSection>>). +|image:wsug_graphics/toolbar/capture_options_24.png[] |button:[Options...]|menu:Capture[Options...]| This item brings up the Capture Options dialog box (discussed further in <<ChCapCapturingSection>>) and allows you to start capturing packets. +|image:wsug_graphics/toolbar/capture_start_24.png[] |button:[Start]|menu:Capture[Start]| This item starts capturing packets with the options form the last time. +|image:wsug_graphics/toolbar/capture_stop_24.png[] |button:[Stop]|menu:Capture[Stop]| This item stops the currently running live capture process <<ChCapCapturingSection>>). +|image:wsug_graphics/toolbar/capture_restart_24.png[] |button:[Restart]|menu:Capture[Restart]| This item stops the currently running live capture process and restarts it again, for convenience. +|image:wsug_graphics/toolbar/stock_open_24.png[] |button:[Open...]|menu:File[Open...]| This item brings up the file open dialog box that allows you to load a capture file for viewing. It is discussed in more detail in <<ChIOOpen>>. +|image:wsug_graphics/toolbar/stock_save_as_24.png[] |button:[Save As...]|menu:File[Save As...]| This item allows you to save the current capture file to whatever file you would like. It pops up the Save Capture File As dialog box (which is discussed further in <<ChIOSaveAs>>). + +If you currently have a temporary capture file, the Save icon will be shown instead. + +|image:wsug_graphics/toolbar/stock_close_24.png[] |button:[Close]|menu:File[Close]|This item closes the current capture. If you have not saved the capture, you will be asked to save it first. +|image:wsug_graphics/toolbar/stock_refresh_24.png[] |button:[Reload]|menu:View[Reload]| This item allows you to reload the current capture file. +|image:wsug_graphics/toolbar/stock_print_24.png[] |button:[Print...]|menu:File[Print...]| This item allows you to print all (or some of) the packets in the capture file. It pops up the Wireshark Print dialog box (which is discussed further in <<ChIOPrintSection>>). +|image:wsug_graphics/toolbar/stock_search_24.png[] |button:[Find Packet...]|menu:Edit[Find Packet...]|This item brings up a dialog box that allows you to find a packet. There is further information on finding packets in <<ChWorkFindPacketSection>>. +|image:wsug_graphics/toolbar/stock_left_arrow_24.png[] |button:[Go Back]|menu:Go[Go Back]|This item jumps back in the packet history. +|image:wsug_graphics/toolbar/stock_right_arrow_24.png[] |button:[Go Forward]|menu:Go[Go Forward]|This item jumps forward in the packet history. +|image:wsug_graphics/toolbar/stock_jump_to_24.png[] |button:[Go to Packet...]|menu:Go[Go to Packet...]| This item brings up a dialog box that allows you to specify a packet number to go to that packet. +|image:wsug_graphics/toolbar/stock_top_24.png[] |button:[Go To First Packet]|menu:Go[First Packet]| This item jumps to the first packet of the capture file. +|image:wsug_graphics/toolbar/stock_bottom_24.png[] |button:[Go To Last Packet]|menu:Go[Last Packet]| This item jumps to the last packet of the capture file. +|image:wsug_graphics/toolbar/colorize_24.png[] |button:[Colorize]|menu:View[Colorize]| Colorize the packet list (or not). +|image:wsug_graphics/toolbar/autoscroll_24.png[] |button:[Auto Scroll in Live Capture]|menu:View[Auto Scroll in Live Capture]| Auto scroll packet list while doing a live capture (or not). +|image:wsug_graphics/toolbar/stock_zoom_in_24.png[] |button:[Zoom In]|menu:View[Zoom In]| Zoom into the packet data (increase the font size). +|image:wsug_graphics/toolbar/stock_zoom_in_24.png[] |button:[Zoom Out]|menu:View[Zoom Out]| Zoom out of the packet data (decrease the font size). +|image:wsug_graphics/toolbar/stock_zoom_1_24.png[] |button:[Normal Size]|menu:View[Normal Size]| Set zoom level back to 100%. +|image:wsug_graphics/toolbar/resize_columns_24.png[] |button:[Resize Columns]|menu:View[Resize Columns]| Resize columns, so the content fits into them. +|image:wsug_graphics/toolbar/capture_filter_24.png[] |button:[Capture Filters...]|menu:Capture[Capture Filters...]| This item brings up a dialog box that allows you to create and edit capture filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>>. +|image:wsug_graphics/toolbar/display_filter_24.png[] |button:[Display Filters...]|menu:Analyze[Display Filters...]| This item brings up a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. More detail on this subject is provided in <<ChWorkDefineFilterSection>>. +|image:wsug_graphics/toolbar/stock_colorselector_24.png[]|button:[Coloring Rules...]|menu:View[Coloring Rules...]| This item brings up a dialog box that allows you to color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets. More detail on this subject is provided in <<ChCustColorizationSection>>. +|image:wsug_graphics/toolbar/stock_preferences_24.png[] |button:[Preferences...]|menu:Edit[Preferences]| This item brings up a dialog box that allows you to set preferences for many parameters that control Wireshark. You can also save your preferences so Wireshark will use them the next time you start it. More detail is provided in <<ChCustPreferencesSection>> +|image:wsug_graphics/toolbar/stock_help_24.png[] |button:[Help]|menu:Help[Contents]| This item brings up help dialog box. +|=============== + +[[ChUseFilterToolbarSection]] + +=== The ``Filter'' toolbar + +The filter toolbar lets you quickly edit and apply display filters. More +information on display filters is available in <<ChWorkDisplayFilterSection>>. + +[[ChUseWiresharkFilterToolbar]] + +.The ``Filter'' toolbar +image::wsug_graphics/ws-filter-toolbar.png[] + +[[ChUseFilterToolbar]] +.Filter toolbar items +[options="header"] +|=============== +|Toolbar Icon|Toolbar Item|Description +|image:wsug_graphics/toolbar/display_filter_24.png[]|button:[Filter:]|Brings up the filter construction dialog, described in <<FiltersDialog>>. +||_Filter input_|The area to enter or edit a display filter string, see <<ChWorkBuildDisplayFilterSection>>. A syntax check of your filter string is done while you are typing. The background will turn red if you enter an incomplete or invalid string, and will become green when you enter a valid string. You can click on the pull down arrow to select a previously-entered filter string from a list. The entries in the pull down list will remain available even after a program restart. + +After you've changed something in this field, don't forget to press the Apply +button (or the Enter/Return key), to apply this filter string to the display. + +This field is also where the current filter in effect is displayed. + +|image:wsug_graphics/toolbar/stock_add_24.png[] |button:[Expression...]|The middle button labeled "Add Expression..." opens a dialog box that lets you edit a display filter from a list of protocol fields, described in <<ChWorkFilterAddExpressionSection>> +|image:wsug_graphics/toolbar/stock_clear_24.png[] |button:[Clear]|Reset the current display filter and clears the edit area. +|image:wsug_graphics/toolbar/stock_apply_20.png[] |button:[Apply]|Apply the current value in the edit area as the new display filter. + +Applying a display filter on large capture files might take quite a long time. + +|=============== + +[[ChUsePacketListPaneSection]] + +=== The ``Packet List'' pane + +The packet list pane displays all the packets in the current capture file. + +[[ChUseWiresharkListPane]] +.The ``Packet List'' pane +image::wsug_graphics/ws-list-pane.png[] + +Each line in the packet list corresponds to one packet in the capture file. If +you select a line in this pane, more details will be displayed in the ``Packet +Details'' and ``Packet Bytes'' panes. + +While dissecting a packet, Wireshark will place information from the protocol +dissectors into the columns. As higher level protocols might overwrite +information from lower levels, you will typically see the information from the +highest possible level only. + +For example, let's look at a packet containing TCP inside IP inside an Ethernet +packet. The Ethernet dissector will write its data (such as the Ethernet +addresses), the IP dissector will overwrite this by its own (such as the IP +addresses), the TCP dissector will overwrite the IP information, and so on. + +There are a lot of different columns available. Which columns are displayed can +be selected by preference settings, see <<ChCustPreferencesSection>>. + +The default columns will show: + +* button:[No.] The number of the packet in the capture file. This number won't + change, even if a display filter is used. + +* button:[Time] The timestamp of the packet. The presentation format of this + timestamp can be changed, see <<ChWorkTimeFormatsSection>>. + +* button:[Source] The address where this packet is coming from. + +* button:[Destination] The address where this packet is going to. + +* button:[Protocol] The protocol name in a short (perhaps abbreviated) version. + +* button:[Info] Additional information about the packet content. + +There is a context menu (right mouse click) available, see details in +<<ChWorkPacketListPanePopUpMenu>>. + +[[ChUsePacketDetailsPaneSection]] + +=== The ``Packet Details'' pane + +The packet details pane shows the current packet (selected in the ``Packet List'' +pane) in a more detailed form. + +[[ChUseWiresharkDetailsPane]] + +.The ``Packet Details'' pane +image::wsug_graphics/ws-details-pane.png[] + +This pane shows the protocols and protocol fields of the packet selected in the +``Packet List'' pane. The protocols and fields of the packet are displayed using a +tree, which can be expanded and collapsed. + +There is a context menu (right mouse click) available, see details in +<<ChWorkPacketDetailsPanePopUpMenu>>. + +Some protocol fields are specially displayed. + +* *Generated fields* Wireshark itself will generate additional protocol fields + which are surrounded by brackets. The information in these fields is derived + from the known context to other packets in the capture file. For example, + Wireshark is doing a sequence/acknowledge analysis of each TCP stream, which + is displayed in the [SEQ/ACK analysis] fields of the TCP protocol. + +* *Links* If Wireshark detected a relationship to another packet in the capture + file, it will generate a link to that packet. Links are underlined and + displayed in blue. If double-clicked, Wireshark jumps to the corresponding + packet. + +[[ChUsePacketBytesPaneSection]] + +=== The ``Packet Bytes'' pane + +The packet bytes pane shows the data of the current packet (selected in the +``Packet List'' pane) in a hexdump style. + +[[ChUseWiresharkBytesPane]] + +.The ``Packet Bytes'' pane +image::wsug_graphics/ws-bytes-pane.png[] + +As usual for a hexdump, the left side shows the offset in the packet data, in +the middle the packet data is shown in a hexadecimal representation and on the +right the corresponding ASCII characters (or . if not appropriate) are +displayed. + +Depending on the packet data, sometimes more than one page is available, e.g. +when Wireshark has reassembled some packets into a single chunk of data, see +<<ChAdvReassemblySection>>. In this case there are some additional tabs shown at +the bottom of the pane to let you select the page you want to see. + +[[ChUseWiresharkBytesPaneTabs]] +.The ``Packet Bytes'' pane with tabs +image::wsug_graphics/ws-bytes-pane-tabs.png[] + +[NOTE] +==== +The additional pages might contain data picked from multiple packets. +==== + + +The context menu (right mouse click) of the tab labels will show a list of all +available pages. This can be helpful if the size in the pane is too small for +all the tab labels. + +[[ChUseStatusbarSection]] + +=== The Statusbar + +The statusbar displays informational messages. + +In general, the left side will show context related information, the middle part +will show the current number of packets, and the right side will show the +selected configuration profile. Drag the handles between the text areas to +change the size. + +[[ChUseWiresharkStatusbarEmpty]] +.The initial Statusbar +image::wsug_graphics/ws-statusbar-empty.png[] + +This statusbar is shown while no capture file is loaded, e.g. when Wireshark is started. + +[[ChUseWiresharkStatusbarLoaded]] +.The Statusbar with a loaded capture file +image::wsug_graphics/ws-statusbar-loaded.png[] + +* *The colorized bullet* on the left shows the highest expert info level found + in the currently loaded capture file. Hovering the mouse over this icon will + show a textual description of the expert info level, and clicking the icon + will bring up the Expert Infos dialog box. For a detailed description of + expert info, see <<ChAdvExpert>>. + +* *The left side* shows information about the capture file, its name, its size + and the elapsed time while it was being captured. + +* *The middle part* shows the current number of packets in the capture file. The + following values are displayed: + + - _Packets:_ the number of captured packets + + - _Displayed:_ the number of packets currently being displayed + + - _Marked:_ the number of marked packets + + - _Dropped:_ the number of dropped packets (only displayed if Wireshark was + unable to capture all packets) + + - *Ignored:* the number of ignored packets (only displayed if packets are + ignored) + +* *The right side* shows the selected configuration profile. Clicking in this + part of the statusbar will bring up a menu with all available configuration + profiles, and selecting from this list will change the configuration profile. + +[[ChUseWiresharkStatusbarProfile]] +.The Statusbar with a configuration profile menu +image::wsug_graphics/ws-statusbar-profile.png[] + +For a detailed description of configuration profiles, see <<ChCustConfigProfilesSection>>. + +[[ChUseWiresharkStatusbarSelected]] +.The Statusbar with a selected protocol field +image::wsug_graphics/ws-statusbar-selected.png[] + +This is displayed if you have selected a protocol field from the ``Packet +Details'' pane. + + +[TIP] +==== +The value between the brackets (in this example `arp.opcode`) can be used as a +display filter string, representing the selected protocol field. +==== + +[[ChUseWiresharkStatusbarFilter]] + +.The Statusbar with a display filter message +image::wsug_graphics/ws-statusbar-filter.png[] + +This is displayed if you are trying to use a display filter which may have +unexpected results. For a detailed description, see +<<ChWorkBuildDisplayFilterMistake>>. + +++++++++++++++++++++++++++++++++++++++ +<!-- End of WSUG Chapter 3 --> +++++++++++++++++++++++++++++++++++++++
\ No newline at end of file diff --git a/docbook/wsug_src/WSUG_chapter_use.xml b/docbook/wsug_src/WSUG_chapter_use.xml deleted file mode 100644 index ac34aa1109..0000000000 --- a/docbook/wsug_src/WSUG_chapter_use.xml +++ /dev/null @@ -1,2796 +0,0 @@ -<!-- WSUG Chapter Three --> - -<chapter id="ChapterUsing"> - <title>User Interface</title> - <section id="ChUseIntroductionSection"><title>Introduction</title> - <para> - By now you have installed <application>Wireshark</application> and - are most likely keen to get started capturing your first packets. In - the next chapters we will explore: - <itemizedlist> - <listitem> - <para> - How the Wireshark user interface works - </para> - </listitem> - <listitem> - <para> - How to capture packets in <application>Wireshark</application> - </para> - </listitem> - <listitem> - <para> - How to view packets in <application>Wireshark</application> - </para> - </listitem> - <listitem> - <para> - How to filter packets in <application>Wireshark</application> - </para> - </listitem> - <listitem> - <para> - ... and many other things! - </para> - </listitem> - </itemizedlist> - </para> - </section> - - <section id="ChUseStartSection"><title>Start Wireshark</title> - <para> - You can start Wireshark from your shell or window manager. - <tip><title>Tip!</title> - <para> - When starting Wireshark it's possible to specify optional settings using - the command line. See <xref linkend="ChCustCommandLine"/> for details. - </para> - </tip> - <note><title>Note!</title> - <para> - In the following chapters, a lot of screenshots from Wireshark will be shown. - As Wireshark runs on many different platforms with many different window - managers, different styles applied and there are different versions of the - underlying GUI toolkit used, your screen might look different from the provided - screenshots. But as there are no real differences in functionality, these - screenshots should still be well understandable. - </para> - </note> - </para> - </section> - - <section id="ChUseMainWindowSection"><title>The Main window</title> - <para> - Let's look at Wireshark's user interface. <xref linkend="ChUseFig01"/> shows - Wireshark as you would usually see it after some packets are captured or loaded - (how to do this will be described later). - <figure id="ChUseFig01"> - <title>The Main window</title> - <graphic scale="100" entityref="WiresharkThreePane1" format="PNG"/> - </figure> - </para> - <para> - Wireshark's main window consists of parts that are commonly known from many - other GUI programs. - <orderedlist> - <listitem> - <para> - The <emphasis>menu</emphasis> (see <xref linkend="ChUseMenuSection"/>) - is used to start actions. - </para> - </listitem> - <listitem> - <para> - The <emphasis>main toolbar</emphasis> (see <xref linkend="ChUseMainToolbarSection"/>) - provides quick access to frequently used items from the menu. - </para> - </listitem> - <listitem> - <para> - The <emphasis>filter toolbar</emphasis> (see <xref linkend="ChUseFilterToolbarSection"/>) - provides a way to directly manipulate the currently used display filter - (see <xref linkend="ChWorkDisplayFilterSection"/>). - </para> - </listitem> - <listitem> - <para> - The <emphasis>packet list pane</emphasis> (see <xref linkend="ChUsePacketListPaneSection"/>) - displays a summary of each packet captured. By clicking on packets - in this pane you control what is displayed in the other two panes. - </para> - </listitem> - <listitem> - <para> - The <emphasis>packet details pane</emphasis> (see <xref linkend="ChUsePacketDetailsPaneSection"/>) - displays the packet selected in the packet list pane in more detail. - </para> - </listitem> - <listitem> - <para> - The <emphasis>packet bytes pane</emphasis> (see <xref linkend="ChUsePacketBytesPaneSection"/>) - displays the data from the packet selected in the packet list pane, and - highlights the field selected in the packet details pane. - </para> - </listitem> - <listitem> - <para> - The <emphasis>statusbar</emphasis> (see <xref linkend="ChUseStatusbarSection"/>) - shows some detailed information about the current program state and - the captured data. - </para> - </listitem> - </orderedlist> - <tip><title>Tip!</title> - <para> - The layout of the main window can be customized by changing preference settings. - See <xref linkend="ChCustPreferencesSection"/> for details! - </para> - </tip> - </para> - - - <section id="ChUseMainWindowNavSection"><title>Main Window Navigation</title> - <para> - Packet list and detail navigation can be done entirely from the - keyboard. <xref linkend="ChUseTabNav"/> shows a list of keystrokes - that will let you quickly move around a capture file. See - <xref linkend="ChUseTabGo"/> for additional navigation keystrokes. - </para> - <table id="ChUseTabNav" frame="none"> - - <title>Keyboard Navigation</title> - <tgroup cols="2"> - <colspec colnum="1" colwidth="72pt"/> - <thead> - <row> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry>Tab, Shift+Tab</entry> - <entry><para> - Move between screen elements, e.g. from the toolbars - to the packet list to the packet detail. - </para></entry> - </row> - <row> - <entry>Down</entry> - <entry><para> - Move to the next packet or detail item. - </para></entry> - </row> - <row> - <entry>Up</entry> - <entry><para> - Move to the previous packet or detail item. - </para></entry> - </row> - <row> - <entry>Ctrl+Down, F8</entry> - <entry><para> - Move to the next packet, even if the packet - list isn't focused. - </para></entry> - </row> - <row> - <entry>Ctrl+Up, F7</entry> - <entry><para> - Move to the previous packet, even if the packet - list isn't focused. - </para></entry> - </row> - <row> - <entry>Ctrl+.</entry> - <entry><para> - Move to the next packet of the conversation - (TCP, UDP or IP) - </para></entry> - </row> - <row> - <entry>Ctrl+,</entry> - <entry><para> - Move to the previous packet of the conversation - (TCP, UDP or IP) - </para></entry> - </row> - <row> - <entry>Left</entry> - <entry><para> - In the packet detail, closes the selected tree item. - If it's already closed, jumps to the parent node. - </para></entry> - </row> - <row> - <entry>Right</entry> - <entry><para> - In the packet detail, opens the selected tree item. - </para></entry> - </row> - <row> - <entry>Shift+Right</entry> - <entry><para> - In the packet detail, opens the selected tree item - and all of its subtrees. - </para></entry> - </row> - <row> - <entry>Ctrl+Right</entry> - <entry><para> - In the packet detail, opens all tree items. - </para></entry> - </row> - <row> - <entry>Ctrl+Left</entry> - <entry><para> - In the packet detail, closes all tree items. - </para></entry> - </row> - <row> - <entry>Backspace</entry> - <entry><para> - In the packet detail, jumps to the parent node. - </para></entry> - </row> - <row> - <entry>Return, Enter</entry> - <entry><para> - In the packet detail, toggles the selected - tree item. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - <para> - Additionally, typing anywhere in the main window will start filling - in a display filter. - </para> - </section> - </section> - - <section id="ChUseMenuSection"><title>The Menu</title> - <para> - The Wireshark menu sits on top of the Wireshark window. - An example is shown in <xref linkend="ChUseWiresharkMenu"/>. - </para> - <note><title>Note!</title> - <para> - Menu items will be greyed out if the corresponding feature isn't - available. For example, you cannot save a capture file if you didn't - capture or load any data before. - </para> - </note> - <para> - <figure id="ChUseWiresharkMenu"><title>The Menu</title> - <graphic entityref="WiresharkMenuOnly" format="PNG"/> - </figure> - </para> - <para> - It contains the following items: - <variablelist> - <varlistentry><term><command>File</command></term> - <listitem> - <para> - This menu contains items to open and merge capture files, - save / print / export capture files in whole or in part, - and to quit from Wireshark. See <xref linkend="ChUseFileMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Edit</command></term> - <listitem> - <para> - This menu contains items to find a packet, time reference or mark one - or more packets, handle configuration profiles, and set your preferences; - (cut, copy, and paste are not presently implemented). - See <xref linkend="ChUseEditMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>View</command></term> - <listitem> - <para>This menu controls the display of the captured data, - including colorization of packets, zooming the font, - showing a packet in a separate window, expanding and collapsing trees in packet details, .... - See <xref linkend="ChUseViewMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Go</command></term> - <listitem> - <para>This menu contains items to go to a specific packet. - See <xref linkend="ChUseGoMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Capture</command></term> - <listitem> - <para>This menu allows you to start and stop captures and to edit capture filters. - See <xref linkend="ChUseCaptureMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Analyze</command></term> - <listitem> - <para> - This menu contains items to manipulate display filters, enable or - disable the dissection of protocols, configure user specified decodes - and follow a TCP stream. - See <xref linkend="ChUseAnalyzeMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Statistics</command></term> - <listitem> - <para> - This menu contains items to display various statistic windows, - including a summary of the packets that have been captured, - display protocol hierarchy statistics and much more. - See <xref linkend="ChUseStatisticsMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Telephony</command></term> - <listitem> - <para> - This menu contains items to display various telephony related - statistic windows, including a media analysis, flow diagrams, - display protocol hierarchy statistics and much more. - See <xref linkend="ChUseTelephonyMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Tools</command></term> - <listitem> - <para> - This menu contains various tools available in Wireshark, such as - creating Firewall ACL Rules. - See <xref linkend="ChUseToolsMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Internals</command></term> - <listitem> - <para> - This menu contains items that show information about the internals - of Wireshark. - See <xref linkend="ChUseInternalsMenuSection"/>. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>Help</command></term> - <listitem> - <para> - This menu contains items to help the user, e.g. access to some basic - help, manual pages of the various command line tools, online access - to some of the webpages, and the usual about dialog. - See <xref linkend="ChUseHelpMenuSection"/>. - </para> - </listitem> - </varlistentry> - </variablelist> - Each of these menu items is described in more detail in the sections - that follow. - </para> - <tip><title>Tip!</title> - <para> - You can access menu items directly or by pressing the corresponding - accelerator keys which are shown at the right side of the - menu. For example, you can press the Control (or Strg in German) and the K - keys together to open the capture dialog. - </para> - </tip> - </section> - - <section id="ChUseFileMenuSection"><title>The "File" menu</title> - <para> - The Wireshark file menu contains the fields shown in - <xref linkend="ChUseTabFile"/>. - </para> - <figure id="ChUseWiresharkFileMenu"> - <title>The "File" Menu</title> - <graphic entityref="WiresharkFileMenu" format="PNG"/> - </figure> - <table id="ChUseTabFile" frame="none"><title>File menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Open...</command></entry> - <entry>Ctrl+O</entry> - <entry><para> - This menu item brings up the file open dialog box that - allows you to load a capture file for viewing. It is - discussed in more detail in <xref linkend="ChIOOpen"/>. - </para></entry> - </row> - <row> - <entry><command>Open Recent</command></entry> - <entry></entry> - <entry><para> - This menu item shows a submenu containing the recently opened - capture files. Clicking on one of the submenu items will open the - corresponding capture file directly. - </para></entry> - </row> - <row> - <entry><command>Merge...</command></entry> - <entry></entry> - <entry><para> - This menu item brings up the merge file dialog box that - allows you to merge a capture file into the currently loaded one. - It is discussed in more detail in <xref linkend="ChIOMergeSection"/>. - </para></entry> - </row> - <row> - <entry><command>Import from Hex Dump...</command></entry> - <entry></entry> - <entry><para> - This menu item brings up the import file dialog box that - allows you to import a text file containing a hex dump - into a new temporary capture. - It is discussed in more detail in <xref linkend="ChIOImportSection"/>. - </para></entry> - </row> - <row> - <entry><command>Close</command></entry> - <entry>Ctrl+W</entry> - <entry><para> - This menu item closes the current capture. If you - haven't saved the capture, you will be asked to do so first - (this can be disabled by a preference setting). - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Save</command></entry> - <entry>Ctrl+S</entry> - <entry><para> - This menu item saves the current capture. If you - have not set a default capture file name (perhaps with - the -w <capfile> option), Wireshark pops up the - Save Capture File As dialog box (which is discussed - further in <xref linkend="ChIOSaveAs"/>). - </para><note> - <title>Note!</title> - <para> - If you have already saved the current capture, this - menu item will be greyed out. - </para> - </note><note> - <title>Note!</title> - <para> - You cannot save a live capture while the capture is in - progress. You must stop the capture in order to - save. - </para> - </note></entry> - </row> - <row> - <entry><command>Save As...</command></entry> - <entry>Shift+Ctrl+S</entry> - <entry><para> - This menu item allows you to save the current capture - file to whatever file you would like. It pops up the - Save Capture File As dialog box (which is discussed - further in <xref linkend="ChIOSaveAs"/>). - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>File Set > List Files</command></entry> - <entry></entry> - <entry><para> - This menu item allows you to show a list of files in a file set. - It pops up the Wireshark List File Set dialog box (which is - discussed further in <xref linkend="ChIOFileSetSection"/>). - </para></entry> - </row> - <row> - <entry><command>File Set > Next File</command></entry> - <entry></entry> - <entry><para> - If the currently loaded file is part of a file set, jump to the - next file in the set. If it isn't part of a file set or just the - last file in that set, this item is greyed out. - </para></entry> - </row> - <row> - <entry><command>File Set > Previous File</command></entry> - <entry></entry> - <entry><para> - If the currently loaded file is part of a file set, jump to the - previous file in the set. If it isn't part of a file set or just - the first file in that set, this item is greyed out. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Export > File...</command></entry> - <entry></entry> - <entry><para> - This menu item allows you to export all (or some) of the packets in - the capture file to file. - It pops up the Wireshark Export dialog box (which is discussed further in - <xref linkend="ChIOExportSection"/>). - </para></entry> - </row> - <row> - <entry><command>Export > Selected Packet Bytes...</command></entry> - <entry>Ctrl+H</entry> - <entry><para> - This menu item allows you to export the currently selected bytes - in the packet bytes pane to a binary file. It pops up the - Wireshark Export dialog box (which is discussed further in - <xref linkend="ChIOExportSelectedDialog"/>) - </para></entry> - </row> - <row> - <entry><command>Export > Objects > HTTP</command></entry> - <entry></entry> - <entry><para> - This menu item allows you to export all or some of the captured HTTP objects - into local files. It pops up the Wireshark HTTP object list (which is discussed - further in <xref linkend="ChIOExportObjectsDialog"/>) - </para></entry> - </row> - <row> - <entry><command>Export > Objects > DICOM</command></entry> - <entry></entry> - <entry><para> - This menu item allows you to export all or some of the captured DICOM objects - into local files. It pops up the Wireshark DICOM object list (which is discussed - further in <xref linkend="ChIOExportObjectsDialog"/>) - </para></entry> - </row> - <row> - <entry><command>Export > Objects > SMB</command></entry> - <entry></entry> - <entry><para> - This menu item allows you to export all or some of the captured SMB objects - into local files. It pops up the Wireshark SMB object list (which is discussed - further in <xref linkend="ChIOExportObjectsDialog"/>) - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Print...</command></entry> - <entry>Ctrl+P</entry> - <entry><para> - This menu item allows you to print all (or some) of the packets in - the capture file. It pops up the Wireshark Print dialog - box (which is discussed further in - <xref linkend="ChIOPrintSection"/>). - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Quit</command></entry> - <entry>Ctrl+Q</entry> - <entry><para> - This menu item allows you to quit from Wireshark. - Wireshark will ask to save your capture file if you haven't previously saved - it (this can be disabled by a preference setting). - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseEditMenuSection"><title>The "Edit" menu</title> - <para> - The Wireshark Edit menu contains the fields shown in - <xref linkend="ChUseTabEdit"/>. - </para> - <figure id="ChUseWiresharkEditMenu"> - <title>The "Edit" Menu</title> - <graphic entityref="WiresharkEditMenu" format="PNG"/> - </figure> - <table id="ChUseTabEdit" frame="none"> - <title>Edit menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Copy > Description</command></entry> - <entry>Shift+Ctrl+D</entry> - <entry><para> - This menu item will copy the description of the selected item - in the detail view to the clipboard. - </para></entry> - </row> - <row> - <entry><command>Copy > Fieldname</command></entry> - <entry>Shift+Ctrl+F</entry> - <entry><para> - This menu item will copy the fieldname of the selected item - in the detail view to the clipboard. - </para></entry> - </row> - <row> - <entry><command>Copy > Value</command></entry> - <entry>Shift+Ctrl+V</entry> - <entry><para> - This menu item will copy the value of the selected item - in the detail view to the clipboard. - </para></entry> - </row> - <row> - <entry><command>Copy > As Filter</command></entry> - <entry>Shift+Ctrl+C</entry> - <entry><para> - This menu item will use the selected item in the detail view to - create a display filter. This display filter is then copied to - the clipboard. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Find Packet...</command></entry> - <entry>Ctrl+F</entry> - <entry><para> - This menu item brings up a dialog box that allows you - to find a packet by many criteria. - There is further information on finding packets in - <xref linkend="ChWorkFindPacketSection"/>. - </para></entry> - </row> - <row> - <entry><command>Find Next</command></entry> - <entry>Ctrl+N</entry> - <entry><para> - This menu item tries to find the next packet matching the - settings from "Find Packet...". - </para></entry> - </row> - <row> - <entry><command>Find Previous</command></entry> - <entry>Ctrl+B</entry> - <entry><para> - This menu item tries to find the previous packet matching the - settings from "Find Packet...". - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Mark Packet (toggle)</command></entry> - <entry>Ctrl+M</entry> - <entry><para> - This menu item "marks" the currently selected packet. See - <xref linkend="ChWorkMarkPacketSection"/> for details. - </para></entry> - </row> - <row> - <entry><command>Toggle Marking Of All Displayed Packets</command></entry> - <entry>Shift+Ctrl+Alt+M</entry> - <entry><para> - This menu item toggles the mark on all displayed packets. - </para></entry> - </row> - <row> - <entry><command>Mark All Displayed Packets</command></entry> - <entry>Shift+Ctrl+M</entry> - <entry><para> - This menu item "marks" all displayed packets. - </para></entry> - </row> - <row> - <entry><command>Unmark All Displayed Packets</command></entry> - <entry>Ctrl+Alt+M</entry> - <entry><para> - This menu item "unmarks" all displayed packets. - </para></entry> - </row> - <row> - <entry><command>Find Next Mark</command></entry> - <entry>Shift+Ctrl+N</entry> - <entry><para> - Find the next marked packet. - </para></entry> - </row> - <row> - <entry><command>Find Previous Mark</command></entry> - <entry>Shift+Ctrl+B</entry> - <entry><para> - Find the previous marked packet. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Ignore Packet (toggle)</command></entry> - <entry>Ctrl+D</entry> - <entry><para> - This menu item marks the currently selected packet as ignored. - See <xref linkend="ChWorkIgnorePacketSection"/> for details. - </para></entry> - </row> - <row> - <entry><command>Ignore All Displayed Packets (toggle)</command></entry> - <entry>Shift+Ctrl+D</entry> - <entry><para> - This menu item marks all displayed packets as ignored. - </para></entry> - </row> - <row> - <entry><command>Un-Ignore All Packets</command></entry> - <entry>Ctrl+Alt+D</entry> - <entry><para> - This menu item unmarks all ignored packets. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Set Time Reference (toggle)</command></entry> - <entry>Ctrl+T</entry> - <entry><para> - This menu item set a time reference on the currently selected - packet. See <xref linkend="ChWorkTimeReferencePacketSection"/> for more information - about the time referenced packets. - </para></entry> - </row> - <row> - <entry><command>Un-Time Reference All Packets</command></entry> - <entry>Ctrl+Alt+T</entry> - <entry><para> - This menu item removes all time references on the packets. - </para></entry> - </row> - <row> - <entry><command>Find Next Time Reference</command></entry> - <entry>Ctrl+Alt+N</entry> - <entry><para> - This menu item tries to find the next time referenced packet. - </para></entry> - </row> - <row> - <entry><command>Find Previous Time Reference</command></entry> - <entry>Ctrl+Alt+B</entry> - <entry><para> - This menu item tries to find the previous time referenced packet. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Configuration Profiles...</command></entry> - <entry>Shift+Ctrl+A</entry> - <entry><para> - This menu item brings up a dialog box for handling configuration - profiles. More detail is provided in - <xref linkend="ChCustConfigProfilesSection"/>. - </para></entry> - </row> - <row> - <entry><command>Preferences...</command></entry> - <entry>Shift+Ctrl+P</entry> - <entry><para> - This menu item brings up a dialog box that allows - you to set preferences for many parameters that control - Wireshark. You can also save your preferences so Wireshark - will use them the next time you start it. More detail - is provided in <xref linkend="ChCustPreferencesSection"/>. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseViewMenuSection"><title>The "View" menu</title> - <para> - The Wireshark View menu contains the fields shown in - <xref linkend="ChUseTabView"/>. - </para> - <figure id="ChUseWiresharkViewMenu"> - <title>The "View" Menu</title> - <graphic entityref="WiresharkViewMenu" format="PNG"/> - </figure> - <table id="ChUseTabView" frame="none"> - <title>View menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Main Toolbar</command></entry> - <entry></entry> - <entry><para> - This menu item hides or shows the main toolbar, see - <xref linkend="ChUseMainToolbarSection"/>. - </para></entry> - </row> - <row> - <entry><command>Filter Toolbar</command></entry> - <entry></entry> - <entry><para> - This menu item hides or shows the filter toolbar, see - <xref linkend="ChUseFilterToolbarSection"/>. - </para></entry> - </row> - <row> - <entry><command>Wireless Toolbar (Windows only)</command></entry> - <entry></entry> - <entry><para> - This menu item hides or shows the wireless toolbar. See - the AirPcap documentation for more information. - </para></entry> - </row> - <row> - <entry><command>Statusbar</command></entry> - <entry></entry> - <entry><para> - This menu item hides or shows the statusbar, see - <xref linkend="ChUseStatusbarSection"/>. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Packet List</command></entry> - <entry></entry> - <entry><para> - This menu item hides or shows the packet list pane, see - <xref linkend="ChUsePacketListPaneSection"/>. - </para></entry> - </row> - <row> - <entry><command>Packet Details</command></entry> - <entry></entry> - <entry><para> - This menu item hides or shows the packet details pane, see - <xref linkend="ChUsePacketDetailsPaneSection"/>. - </para></entry> - </row> - <row> - <entry><command>Packet Bytes</command></entry> - <entry></entry> - <entry><para> - This menu item hides or shows the packet bytes pane, see - <xref linkend="ChUsePacketBytesPaneSection"/>. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Time Display Format > Date and Time of Day: 1970-01-01 01:02:03.123456</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display the - time stamps in date and time of day format, see - <xref linkend="ChWorkTimeFormatsSection"/>. - <note><title>Note!</title> - <para> - The fields "Time of Day", "Date and Time of - Day", "Seconds Since Beginning of Capture", "Seconds Since - Previous Captured Packet" and "Seconds Since Previous - Displayed Packet" are mutually exclusive. - </para> - </note> - </para></entry> - </row> - <row> - <entry><command>Time Display Format > Time of Day: 01:02:03.123456</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time - stamps in time of day format, see - <xref linkend="ChWorkTimeFormatsSection"/>. - </para></entry> - </row> - <row> - <entry><command>Time Display Format > Seconds Since Epoch (1970-01-01): 1234567890.123456</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time stamps in - seconds since 1970-01-01 00:00:00, see - <xref linkend="ChWorkTimeFormatsSection"/>. - </para></entry> - </row> - <row> - <entry><command>Time Display Format > Seconds Since Beginning of Capture: 123.123456</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time - stamps in seconds since beginning of capture format, see - <xref linkend="ChWorkTimeFormatsSection"/>. - </para></entry> - </row> - <row> - <entry><command>Time Display Format > Seconds Since Previous Captured Packet: 1.123456</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time stamps in - seconds since previous captured packet format, see - <xref linkend="ChWorkTimeFormatsSection"/>. - </para></entry> - </row> - <row> - <entry><command>Time Display Format > Seconds Since Previous Displayed Packet: 1.123456</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time stamps in - seconds since previous displayed packet format, see - <xref linkend="ChWorkTimeFormatsSection"/>. - </para></entry> - </row> - <row> - <entry><command>Time Display Format > ------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Time Display Format > Automatic (File Format Precision)</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time stamps with the - precision given by the capture file format used, see - <xref linkend="ChWorkTimeFormatsSection"/>. - <note><title>Note!</title> - <para> - The fields "Automatic", "Seconds" and "...seconds" are mutually exclusive. - </para> - </note> - </para></entry> - </row> - <row> - <entry><command>Time Display Format > Seconds: 0</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time stamps with a precision of one second, see - <xref linkend="ChWorkTimeFormatsSection"/>. - </para></entry> - </row> - <row> - <entry><command>Time Display Format > ...seconds: 0....</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time stamps with a precision of one second, - decisecond, centisecond, millisecond, microsecond or nanosecond, see - <xref linkend="ChWorkTimeFormatsSection"/>. - </para></entry> - </row> - <row> - <entry><command>Time Display Format > Display Seconds with hours and minutes</command></entry> - <entry></entry> - <entry><para> - Selecting this tells Wireshark to display time stamps in seconds, - with hours and minutes. - </para></entry> - </row> - <row> - <entry><command>Name Resolution > Resolve Name</command></entry> - <entry></entry> - <entry><para> - This item allows you to trigger a name resolve of the current packet - only, see <xref linkend="ChAdvNameResolutionSection"/>. - </para></entry> - </row> - <row> - <entry><command>Name Resolution > Enable for MAC Layer</command></entry> - <entry></entry> - <entry><para> - This item allows you to control whether or not - Wireshark translates MAC addresses into names, see - <xref linkend="ChAdvNameResolutionSection"/>. - </para></entry> - </row> - <row> - <entry><command>Name Resolution > Enable for Network Layer</command></entry> - <entry></entry> - <entry><para> - This item allows you to control whether or not - Wireshark translates network addresses into names, see - <xref linkend="ChAdvNameResolutionSection"/>. - </para></entry> - </row> - <row> - <entry><command>Name Resolution > Enable for Transport Layer</command></entry> - <entry></entry> - <entry><para> - This item allows you to control whether or not - Wireshark translates transport addresses into names, see - <xref linkend="ChAdvNameResolutionSection"/>. - </para></entry> - </row> - <row> - <entry><command>Colorize Packet List</command></entry> - <entry></entry> - <entry><para> - This item allows you to control whether or not Wireshark should colorize - the packet list.</para> - <note><title>Note!</title><para> - Enabling colorization will slow down the display - of new packets while capturing / loading capture files. - </para></note></entry> - </row> - <row> - <entry><command>Auto Scroll in Live Capture</command></entry> - <entry></entry> - <entry><para> - This item allows you to specify that Wireshark - should scroll the packet list pane as new packets come - in, so you are always looking at the last packet. If you - do not specify this, Wireshark simply adds new packets onto - the end of the list, but does not scroll the packet list - pane. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Zoom In</command></entry> - <entry>Ctrl++</entry> - <entry><para> - Zoom into the packet data (increase the font size). - </para></entry> - </row> - <row> - <entry><command>Zoom Out</command></entry> - <entry>Ctrl+-</entry> - <entry><para> - Zoom out of the packet data (decrease the font size). - </para></entry> - </row> - <row> - <entry><command>Normal Size</command></entry> - <entry>Ctrl+=</entry> - <entry><para> - Set zoom level back to 100% (set font size back to normal). - </para></entry> - </row> - <row> - <entry><command>Resize All Columns</command></entry> - <entry>Shift+Ctrl+R</entry> - <entry><para> - Resize all column widths so the content will fit into it. - </para> - <note><title>Note!</title><para> - Resizing may take a significant amount of time, especially if a - large capture file is loaded. - </para></note> - </entry> - </row> - <row> - <entry><command>Displayed Columns</command></entry> - <entry></entry> - <entry><para> - This menu items folds out with a list of all configured columns. - These columns can now be shown or hidden in the packet list. - </para> - </entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Expand Subtrees</command></entry> - <entry>Shift+Right</entry> - <entry><para> - This menu item expands the currently selected subtree in the - packet details tree. - </para></entry> - </row> - <row> - <entry><command>Collapse Subtrees</command></entry> - <entry>Shift+Left</entry> - <entry><para> - This menu item collapses the currently selected subtree in the - packet details tree. - </para></entry> - </row> - <row> - <entry><command>Expand All</command></entry> - <entry>Ctrl+Right</entry> - <entry><para> - Wireshark keeps a list of all the protocol subtrees - that are expanded, and uses it to ensure that the - correct subtrees are expanded when you display a packet. - This menu item expands all subtrees in all packets in - the capture. - </para></entry> - </row> - <row> - <entry><command>Collapse All</command></entry> - <entry>Ctrl+Left</entry> - <entry><para> - This menu item collapses the tree view of all packets - in the capture list. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Colorize Conversation</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a submenu that allows you - to color packets in the packet list pane based - on the addresses of the currently selected packet. - This makes it easy to distinguish packets - belonging to different conversations. - <xref linkend="ChCustColorizationSection"/>. - </para></entry> - </row> - <row> - <entry><command>Colorize Conversation > Color 1-10</command></entry> - <entry></entry> - <entry><para> - These menu items enable one of the ten temporary color - filters based on the currently selected conversation. - </para></entry> - </row> - <row> - <entry><command>Colorize Conversation > Reset coloring</command></entry> - <entry></entry> - <entry><para> - This menu item clears all temporary coloring rules. - </para></entry> - </row> - <row> - <entry><command>Colorize Conversation > New Coloring Rule...</command></entry> - <entry></entry> - <entry><para> - This menu item opens a dialog window in which a new - permanent coloring rule can be created based on the - currently selected conversation. - </para></entry> - </row> - <row> - <entry><command>Coloring Rules...</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a dialog box that allows you - to color packets in the packet list pane according to - filter expressions you choose. It can be very useful - for spotting certain types of packets, see - <xref linkend="ChCustColorizationSection"/>. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Show Packet in New Window</command></entry> - <entry></entry> - <entry><para> - This menu item brings up the selected packet in a - separate window. The separate window shows only the - tree view and byte view panes. - </para></entry> - </row> - <row> - <entry><command>Reload</command></entry> - <entry>Ctrl+R</entry> - <entry><para> - This menu item allows you to reload the current - capture file. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseGoMenuSection"><title>The "Go" menu</title> - <para> - The Wireshark Go menu contains the fields shown in - <xref linkend="ChUseTabGo"/>. - </para> - <figure id="ChUseWiresharkGoMenu"> - <title>The "Go" Menu</title> - <graphic entityref="WiresharkGoMenu" format="PNG"/> - </figure> - <table id="ChUseTabGo" frame="none"> - <title>Go menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Back</command></entry> - <entry>Alt+Left</entry> - <entry><para> - Jump to the recently visited packet in the packet - history, much like the page history in a web browser. - </para></entry> - </row> - <row> - <entry><command>Forward</command></entry> - <entry>Alt+Right</entry> - <entry><para> - Jump to the next visited packet in the packet - history, much like the page history in a web browser. - </para></entry> - </row> - <row> - <entry><command>Go to Packet...</command></entry> - <entry>Ctrl+G</entry> - <entry><para> - Bring up a dialog box that allows you - to specify a packet number, and then goes to that packet. See - <xref linkend="ChWorkGoToPacketSection"/> for details. - </para></entry> - </row> - <row> - <entry><command>Go to Corresponding Packet</command></entry> - <entry></entry> - <entry><para> - Go to the corresponding packet of the currently - selected protocol field. If the selected field doesn't correspond - to a packet, this item is greyed out. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Previous Packet</command></entry> - <entry>Ctrl+Up</entry> - <entry><para> - Move to the previous packet in the list. This can be - used to move to the previous packet even if the packet - list doesn't have keyboard focus. - </para></entry> - </row> - <row> - <entry><command>Next Packet</command></entry> - <entry>Ctrl+Down</entry> - <entry><para> - Move to the next packet in the list. This can be - used to move to the previous packet even if the packet - list doesn't have keyboard focus. - </para></entry> - </row> - <row> - <entry><command>First Packet</command></entry> - <entry>Ctrl+Home</entry> - <entry><para> - Jump to the first packet of the capture file. - </para></entry> - </row> - <row> - <entry><command>Last Packet</command></entry> - <entry>Ctrl+End</entry> - <entry><para> - Jump to the last packet of the capture file. - </para></entry> - </row> - <row> - <entry><command>Previous Packet In Conversation</command></entry> - <entry>Ctrl+,</entry> - <entry><para> - Move to the previous packet in the current conversation. This can be - used to move to the previous packet even if the packet - list doesn't have keyboard focus. - </para></entry> - </row> - <row> - <entry><command>Next Packet In Conversation</command></entry> - <entry>Ctrl+.</entry> - <entry><para> - Move to the next packet in the current conversation. This can be - used to move to the previous packet even if the packet - list doesn't have keyboard focus. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseCaptureMenuSection"><title>The "Capture" menu</title> - <para> - The Wireshark Capture menu contains the fields shown in - <xref linkend="ChUseTabCap"/>. - </para> - <figure id="ChUseWiresharkCaptureMenu"> - <title>The "Capture" Menu</title> - <graphic entityref="WiresharkCaptureMenu" format="PNG"/> - </figure> - <table id="ChUseTabCap" frame="none"> - <title>Capture menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Interfaces...</command></entry> - <entry>Ctrl+I</entry> - <entry><para> - This menu item brings up a dialog box that shows what's going on - at the network interfaces Wireshark knows of, see - <xref linkend="ChCapInterfaceSection"/>) . - </para></entry> - </row> - <row> - <entry><command>Options...</command></entry> - <entry>Ctrl+K</entry> - <entry><para> - This menu item brings up the Capture Options - dialog box (discussed further in - <xref linkend="ChCapCaptureOptions"/>) and allows you to - start capturing packets. - </para></entry> - </row> - <row> - <entry><command>Start</command></entry> - <entry>Ctrl+E</entry> - <entry><para> - Immediately start capturing packets with the same settings than - the last time. - </para></entry> - </row> - <row> - <entry><command>Stop</command></entry> - <entry>Ctrl+E</entry> - <entry><para> - This menu item stops the currently running capture, see - <xref linkend="ChCapStopSection"/>) . - </para></entry> - </row> - <row> - <entry><command>Restart</command></entry> - <entry>Ctrl+R</entry> - <entry><para> - This menu item stops the currently running capture and starts - again with the same options, this is just for convenience. - </para></entry> - </row> - <row> - <entry><command>Capture Filters...</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a dialog box that allows you to - create and edit capture filters. You can name filters, - and you can save them for future use. More detail on - this subject is provided in - <xref linkend="ChWorkDefineFilterSection"/> - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseAnalyzeMenuSection"><title>The "Analyze" menu</title> - <para> - The Wireshark Analyze menu contains the fields shown in - <xref linkend="ChUseAnalyze"/>. - </para> - <figure id="ChUseWiresharkAnalyzeMenu"> - <title>The "Analyze" Menu</title> - <graphic entityref="WiresharkAnalyzeMenu" format="PNG"/> - </figure> - <table id="ChUseAnalyze" frame="none"><title>Analyze menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Display Filters...</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a dialog box that allows you - to create and edit display filters. You can name - filters, and you can save them for future use. More - detail on this subject is provided in - <xref linkend="ChWorkDefineFilterSection"/> - </para></entry> - </row> - <row> - <entry><command>Display Filter Macros...</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a dialog box that allows you - to create and edit display filter macros. You can name - filter macros, and you can save them for future use. More - detail on this subject is provided in - <xref linkend="ChWorkDefineFilterMacrosSection"/> - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Apply as Column</command></entry> - <entry></entry> - <entry><para> - This menu item adds the selected protocol item in the packet details - pane as a column to the packet list. - </para></entry> - </row> - <row> - <entry><command>Apply as Filter > ...</command></entry> - <entry></entry> - <entry><para> - These menu items will change the current display filter and apply - the changed filter immediately. Depending on the chosen menu item, - the current display filter string will be replaced or appended to - by the selected protocol field in the packet details pane. - </para></entry> - </row> - <row> - <entry><command>Prepare a Filter > ...</command></entry> - <entry></entry> - <entry><para> - These menu items will change the current display filter but won't - apply the changed filter. Depending on the chosen menu item, - the current display filter string will be replaced or appended to - by the selected protocol field in the packet details pane. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Enabled Protocols...</command></entry> - <entry>Shift+Ctrl+E</entry> - <entry><para> - This menu item allows the user to enable/disable protocol - dissectors, see <xref linkend="ChAdvEnabledProtocols"/> - </para></entry> - </row> - <row> - <entry><command>Decode As...</command></entry> - <entry></entry> - <entry><para> - This menu item allows the user to force Wireshark to - decode certain packets as a particular protocol, see - <xref linkend="ChAdvDecodeAs"/> - </para></entry> - </row> - <row> - <entry><command>User Specified Decodes...</command></entry> - <entry></entry> - <entry><para> - This menu item allows the user to force Wireshark to - decode certain packets as a particular protocol, see - <xref linkend="ChAdvDecodeAsShow"/> - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Follow TCP Stream</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a separate window and displays - all the TCP segments captured that are on the same TCP - connection as a selected packet, see - <xref linkend="ChAdvFollowTCPSection"/> - </para></entry> - </row> - <row> - <entry><command>Follow UDP Stream</command></entry> - <entry></entry> - <entry><para> - Same functionality as "Follow TCP Stream" but - for UDP streams. - </para></entry> - </row> - <row> - <entry><command>Follow SSL Stream</command></entry> - <entry></entry> - <entry><para> - Same functionality as "Follow TCP Stream" but for SSL streams. - XXX - how to provide the SSL keys? - </para></entry> - </row> - <row> - <entry><command>Expert Info</command></entry> - <entry></entry> - <entry><para> - Open a dialog showing some expert information about the captured - packets. The amount of information will depend on the protocol and varies - from very detailed to non-existent. XXX - add a new section about this and link from here - </para></entry> - </row> - <row> - <entry><command>Conversation Filter > ...</command></entry> - <entry></entry> - <entry><para> - In this menu you will find conversation filter for various - protocols. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseStatisticsMenuSection"><title>The "Statistics" menu</title> - <para> - The Wireshark Statistics menu contains the fields shown in - <xref linkend="ChUseStatistics"/>. - </para> - <figure id="ChUseWiresharkStatisticsMenu"> - <title>The "Statistics" Menu</title> - <graphic entityref="WiresharkStatisticsMenu" format="PNG"/> - </figure> - <para> - All menu items will bring up a new window showing specific statistical - information. - </para> - <table id="ChUseStatistics" frame="none"> - <title>Statistics menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Summary</command></entry> - <entry></entry> - <entry><para> - Show information about the data captured, see <xref - linkend="ChStatSummary"/>. - </para></entry> - </row> - <row> - <entry><command>Protocol Hierarchy</command></entry> - <entry></entry> - <entry><para> - Display a hierarchical tree of protocol statistics, see <xref - linkend="ChStatHierarchy"/>. - </para></entry> - </row> - <row> - <entry><command>Conversations</command></entry> - <entry></entry> - <entry><para> - Display a list of conversations (traffic between two endpoints), - see <xref linkend="ChStatConversationsWindow"/>. - </para></entry> - </row> - <row> - <entry><command>Endpoints</command></entry> - <entry></entry> - <entry><para> - Display a list of endpoints (traffic to/from an address), see - <xref linkend="ChStatEndpointsWindow"/>. - </para></entry> - </row> - <row> - <entry><command>Packet Lengths...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>IO Graphs</command></entry> - <entry></entry> - <entry><para> - Display user specified graphs (e.g. the number of packets in the - course of time), see <xref linkend="ChStatIOGraphs"/>. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Conversation List</command></entry> - <entry></entry> - <entry><para> - Display a list of conversations, obsoleted by the combined window - of Conversations above, see - <xref linkend="ChStatConversationListWindow"/>. - </para></entry> - </row> - <row> - <entry><command>Endpoint List</command></entry> - <entry></entry> - <entry><para> - Display a list of endpoints, obsoleted by the combined window - of Endpoints above, see - <xref linkend="ChStatEndpointListWindow"/>. - </para></entry> - </row> - <row> - <entry><command>Service Response Time</command></entry> - <entry></entry> - <entry><para> - Display the time between a request and the corresponding response, see - <xref linkend="ChStatSRT"/>. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>ANCP...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>BOOTP-DHCP...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>Colledtd...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>Compare...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>Flow Graph...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>HTTP</command></entry> - <entry></entry> - <entry><para>HTTP request/response statistics, see <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>IP Addresses...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>IP Destinations...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>IP Protocol Types...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>ONC-RPC Programs</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>Sametime</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>TCP Stream Graph</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>UDP Multicast Streams</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatXXX"/></para></entry> - </row> - <row> - <entry><command>WLAN Traffic</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChStatWLANTraffic"/></para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseTelephonyMenuSection"><title>The "Telephony" menu</title> - <para> - The Wireshark Telephony menu contains the fields shown in - <xref linkend="ChUseTelephony"/>. - </para> - <figure id="ChUseWiresharkTelephonyMenu"> - <title>The "Telephony" Menu</title> - <graphic entityref="WiresharkTelephonyMenu" format="PNG"/> - </figure> - <para> - All menu items will bring up a new window showing specific telephony - related statistical information. - </para> - <table id="ChUseTelephony" frame="none"> - <title>Telephony menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>IAX2</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>SMPP Operations...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>SCTP</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>ANSI</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>GSM</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>H.225...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>ISUP Messages...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>LTE</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelLTEMACTraffic"/></para></entry> - </row> - <row> - <entry><command>MTP3</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>RTP</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelRTPAnalysis"/></para></entry> - </row> - <row> - <entry><command>SIP...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>UCP Messages...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - <row> - <entry><command>VoIP Calls...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelVoipCalls"/></para></entry> - </row> - <row> - <entry><command>WAP-WSP...</command></entry> - <entry></entry> - <entry><para>See <xref linkend="ChTelXXX"/></para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseToolsMenuSection"><title>The "Tools" menu</title> - <para> - The Wireshark Tools menu contains the fields shown in - <xref linkend="ChUseTools"/>. - </para> - <figure id="ChUseWiresharkToolsMenu"> - <title>The "Tools" Menu</title> - <graphic entityref="WiresharkToolsMenu" format="PNG"/> - </figure> - <table id="ChUseTools" frame="none"> - <title>Tools menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Firewall ACL Rules</command></entry> - <entry></entry> - <entry><para> - This allows you to create command-line ACL rules for many different - firewall products, including Cisco IOS, Linux Netfilter (iptables), - OpenBSD pf and Windows Firewall (via netsh). Rules for MAC addresses, - IPv4 addresses, TCP and UDP ports, and IPv4+port combinations are - supported. - </para><para> - It is assumed that the rules will be applied to an outside interface. - </para></entry> - </row> - <row> - <entry><command>Lua</command></entry> - <entry></entry> - <entry><para> - These options allow you to work with the Lua interpreter optionally - build into Wireshark, see <xref linkend="wsluarm_intro"/>. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseInternalsMenuSection"><title>The "Internals" menu</title> - <para> - The Wireshark Internals menu contains the fields shown in - <xref linkend="ChUseInternals"/>. - </para> - <figure id="ChUseWiresharkInternalsMenu"> - <title>The "Internals" Menu</title> - <graphic entityref="WiresharkInternalsMenu" format="PNG"/> - </figure> - <table id="ChUseInternals" frame="none"> - <title>Help menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Dissector tables</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a dialog box showing the tables - with subdissector relationships. - </para></entry> - </row> - <row> - <entry><command>Supported Protocols (slow!)</command></entry> - <entry></entry> - <entry><para> - This menu item brings up a dialog box showing the supported - protocols and protocol fields. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseHelpMenuSection"><title>The "Help" menu</title> - <para> - The Wireshark Help menu contains the fields shown in - <xref linkend="ChUseHelp"/>. - </para> - <figure id="ChUseWiresharkHelpMenu"> - <title>The "Help" Menu</title> - <graphic entityref="WiresharkHelpMenu" format="PNG"/> - </figure> - <table id="ChUseHelp" frame="none"> - <title>Help menu items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="72pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Menu Item</entry> - <entry>Accelerator</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><command>Contents</command></entry> - <entry>F1</entry> - <entry><para> - This menu item brings up a basic help system. - </para></entry> - </row> - <row> - <entry><command>Manual Pages > ...</command></entry> - <entry></entry> - <entry><para> - This menu item starts a Web browser showing one of the locally - installed html manual pages. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Website</command></entry> - <entry></entry> - <entry><para> - This menu item starts a Web browser showing the - webpage from: - <ulink url="&WiresharkWebSite;">&WiresharkWebSite;</ulink>. - </para></entry> - </row> - <row> - <entry><command>FAQ's</command></entry> - <entry></entry> - <entry><para> - This menu item starts a Web browser showing various FAQ's. - </para></entry> - </row> - <row> - <entry><command>Downloads</command></entry> - <entry></entry> - <entry><para> - This menu item starts a Web browser showing the - downloads from: - <ulink url="&WiresharkWebSite;">&WiresharkWebSite;</ulink>. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>Wiki</command></entry> - <entry></entry> - <entry><para> - This menu item starts a Web browser showing the - front page from: - <ulink url="&WiresharkWikiPage;">&WiresharkWikiPage;</ulink>. - </para></entry> - </row> - <row> - <entry><command>Sample Captures</command></entry> - <entry></entry> - <entry><para> - This menu item starts a Web browser showing the - sample captures from: - <ulink url="&WiresharkWikiPage;">&WiresharkWikiPage;</ulink>. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><command>About Wireshark</command></entry> - <entry></entry> - <entry><para> - This menu item brings up an information window that - provides various detailed information items on Wireshark, - such as how it's build, the plugins loaded, the used folders, ... - </para></entry> - </row> - </tbody> - </tgroup> - </table> - <note><title>Note!</title> - <para> - Calling a Web browser might be unsupported in your version of Wireshark. - If this is the case, the corresponding menu items will be hidden. - </para> - </note> - <note><title>Note!</title> - <para> - If calling a Web browser fails on your machine, maybe because just nothing - happens or the browser is started but no page is shown, have a look at the - web browser setting in the preferences dialog. - </para> - </note> - </section> - - <section id="ChUseMainToolbarSection"><title>The "Main" toolbar</title> - <para> - The main toolbar provides quick access to frequently used items from the - menu. This toolbar cannot be customized by the user, but it can be hidden - using the View menu, if the space on the screen is needed to show even - more packet data. - </para> - <para> - As in the menu, only the items useful in the current program state will - be available. The others will be greyed out (e.g. you cannot save a capture - file if you haven't loaded one). - <figure id="ChUseWiresharkMainToolbar"> - <title>The "Main" toolbar</title> - <graphic entityref="WiresharkMainToolbar" format="PNG"/> - </figure> - </para> - <table id="ChUseMainToolbar" frame="none"> - <title>Main toolbar items</title> - <tgroup cols="4"> - <colspec colnum="1" colwidth="40pt"/> - <colspec colnum="2" colwidth="80pt"/> - <colspec colnum="3" colwidth="80pt"/> - <thead> - <row> - <entry>Toolbar Icon</entry> - <entry>Toolbar Item</entry> - <entry>Corresponding Menu Item</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><graphic entityref="WiresharkToolbarCaptureInterfaces" format="PNG"/></entry> - <entry><command>Interfaces...</command></entry> - <entry>Capture/Interfaces...</entry> - <entry><para> - This item brings up the Capture Interfaces List - dialog box (discussed further in - <xref linkend="ChCapCapturingSection"/>). - </para> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarCaptureOptions" format="PNG"/></entry> - <entry><command>Options...</command></entry> - <entry>Capture/Options...</entry> - <entry><para> - This item brings up the Capture Options - dialog box (discussed further in - <xref linkend="ChCapCapturingSection"/>) and allows you to - start capturing packets. - </para> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarCaptureStart" format="PNG"/></entry> - <entry><command>Start</command></entry> - <entry>Capture/Start</entry> - <entry><para> - This item starts capturing packets with the options form - the last time. - </para> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarCaptureStop" format="PNG"/></entry> - <entry><command>Stop</command></entry> - <entry>Capture/Stop</entry> - <entry><para> - This item stops the currently running live capture process - <xref linkend="ChCapCapturingSection"/>). - </para> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarCaptureRestart" format="PNG"/></entry> - <entry><command>Restart</command></entry> - <entry>Capture/Restart</entry> - <entry><para> - This item stops the currently running live capture process - and restarts it again, for convenience. - </para> - </entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarOpen" format="PNG"/></entry> - <entry><command>Open...</command></entry> - <entry>File/Open...</entry> - <entry><para> - This item brings up the file open dialog box that - allows you to load a capture file for viewing. It is - discussed in more detail in <xref linkend="ChIOOpen"/>. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarSaveAs" format="PNG"/></entry> - <entry><command>Save As...</command></entry> - <entry>File/Save As...</entry> - <entry><para> - This item allows you to save the current capture file to whatever - file you would like. It pops up the Save Capture File As dialog - box (which is discussed further in <xref linkend="ChIOSaveAs"/>). - </para> - <note><title>Note!</title> - <para> - If you currently have a temporary capture file, the Save icon - <inlinegraphic entityref="WiresharkToolbarSave" format="PNG"/> will be - shown instead. - </para></note> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarClose" format="PNG"/></entry> - <entry><command>Close</command></entry> - <entry>File/Close</entry> - <entry><para> - This item closes the current capture. If you - have not saved the capture, you will be asked to save it first. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarReload" format="PNG"/></entry> - <entry><command>Reload</command></entry> - <entry>View/Reload</entry> - <entry><para> - This item allows you to reload the current capture file. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarPrint" format="PNG"/></entry> - <entry><command>Print...</command></entry> - <entry>File/Print...</entry> - <entry><para> - This item allows you to print all (or some of) the packets in - the capture file. It pops up the Wireshark Print dialog - box (which is discussed further in - <xref linkend="ChIOPrintSection"/>). - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarFind" format="PNG"/></entry> - <entry><command>Find Packet...</command></entry> - <entry>Edit/Find Packet...</entry> - <entry><para> - This item brings up a dialog box that allows you - to find a packet. There is further information on finding packets - in <xref linkend="ChWorkFindPacketSection"/>. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarGoBack" format="PNG"/></entry> - <entry><command>Go Back</command></entry> - <entry>Go/Go Back</entry> - <entry><para> - This item jumps back in the packet history. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarGoForward" format="PNG"/></entry> - <entry><command>Go Forward</command></entry> - <entry>Go/Go Forward</entry> - <entry><para> - This item jumps forward in the packet history. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarGoTo" format="PNG"/></entry> - <entry><command>Go to Packet...</command></entry> - <entry>Go/Go to Packet...</entry> - <entry><para> - This item brings up a dialog box that allows you - to specify a packet number to go to that packet. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarGoFirst" format="PNG"/></entry> - <entry><command>Go To First Packet</command></entry> - <entry>Go/First Packet</entry> - <entry><para> - This item jumps to the first packet of the capture file. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarGoLast" format="PNG"/></entry> - <entry><command>Go To Last Packet</command></entry> - <entry>Go/Last Packet</entry> - <entry><para> - This item jumps to the last packet of the capture file. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarColorize" format="PNG"/></entry> - <entry><command>Colorize</command></entry> - <entry>View/Colorize</entry> - <entry><para> - Colorize the packet list (or not). - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarAutoScroll" format="PNG"/></entry> - <entry><command>Auto Scroll in Live Capture</command></entry> - <entry>View/Auto Scroll in Live Capture</entry> - <entry><para> - Auto scroll packet list while doing a live capture (or not). - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarZoomIn" format="PNG"/></entry> - <entry><command>Zoom In</command></entry> - <entry>View/Zoom In</entry> - <entry><para> - Zoom into the packet data (increase the font size). - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarZoomOut" format="PNG"/></entry> - <entry><command>Zoom Out</command></entry> - <entry>View/Zoom Out</entry> - <entry><para> - Zoom out of the packet data (decrease the font size). - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarZoom100" format="PNG"/></entry> - <entry><command>Normal Size</command></entry> - <entry>View/Normal Size</entry> - <entry><para> - Set zoom level back to 100%. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarResizeColumns" format="PNG"/></entry> - <entry><command>Resize Columns</command></entry> - <entry>View/Resize Columns</entry> - <entry><para> - Resize columns, so the content fits into them. - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarCaptureFilters" format="PNG"/></entry> - <entry><command>Capture Filters...</command></entry> - <entry>Capture/Capture Filters...</entry> - <entry><para> - This item brings up a dialog box that allows you to - create and edit capture filters. You can name filters, - and you can save them for future use. More detail on - this subject is provided in - <xref linkend="ChWorkDefineFilterSection"/>. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarDisplayFilters" format="PNG"/></entry> - <entry><command>Display Filters...</command></entry> - <entry>Analyze/Display Filters...</entry> - <entry><para> - This item brings up a dialog box that allows you - to create and edit display filters. You can name - filters, and you can save them for future use. More - detail on this subject is provided in - <xref linkend="ChWorkDefineFilterSection"/>. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarColoringRules" format="PNG"/></entry> - <entry><command>Coloring Rules...</command></entry> - <entry>View/Coloring Rules...</entry> - <entry><para> - This item brings up a dialog box that allows you to - color packets in the packet list pane according to - filter expressions you choose. It can be very useful - for spotting certain types of packets. More - detail on this subject is provided in - <xref linkend="ChCustColorizationSection"/>. - </para></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarPreferences" format="PNG"/></entry> - <entry><command>Preferences...</command></entry> - <entry>Edit/Preferences</entry> - <entry><para> - This item brings up a dialog box that allows - you to set preferences for many parameters that control - Wireshark. You can also save your preferences so Wireshark - will use them the next time you start it. More detail - is provided in <xref linkend="ChCustPreferencesSection"/> - </para></entry> - </row> - <row> - <entry><command>------</command></entry> - <entry></entry> - <entry></entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarHelp" format="PNG"/></entry> - <entry><command>Help</command></entry> - <entry>Help/Contents</entry> - <entry><para> - This item brings up help dialog box. - </para></entry> - </row> - </tbody> - </tgroup> - </table> - </section> - - <section id="ChUseFilterToolbarSection"><title>The "Filter" toolbar</title> - <para> - The filter toolbar lets you quickly edit and apply display filters. More information on - display filters is available in <xref linkend="ChWorkDisplayFilterSection"/>. - <figure id="ChUseWiresharkFilterToolbar"> - <title>The "Filter" toolbar</title> - <graphic entityref="WiresharkFilterToolbar" format="PNG"/> - </figure> - <table id="ChUseFilterToolbar" frame="none"> - <title>Filter toolbar items</title> - <tgroup cols="3"> - <colspec colnum="1" colwidth="40pt"/> - <colspec colnum="2" colwidth="80pt"/> - <thead> - <row> - <entry>Toolbar Icon</entry> - <entry>Toolbar Item</entry> - <entry>Description</entry> - </row> - </thead> - <tbody> - <row> - <entry><graphic entityref="WiresharkToolbarDisplayFilters" format="PNG"/></entry> - <entry><command>Filter:</command></entry> - <entry><para> - Brings up the filter construction dialog, described in <xref linkend="FiltersDialog"/>. - </para> - </entry> - </row> - <row> - <entry></entry> - <entry>Filter input</entry> - <entry> - <para> - The area to enter or edit a display filter string, - see <xref linkend="ChWorkBuildDisplayFilterSection"/> - . A syntax check of your filter string is done while you are typing. - The background will turn red if you enter an incomplete or invalid - string, and will become green when you enter a valid string. You can - click on the pull down arrow to select a previously-entered filter - string from a list. The entries in the pull down list will remain - available even after a program restart. - </para> - <note><title>Note!</title> - <para> - After you've changed something in this field, don't forget to press - the Apply button (or the Enter/Return key), to apply this filter - string to the display. - </para> - </note> - <note><title>Note!</title> - <para> - This field is also where the current filter in effect is displayed. - </para> - </note> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarAdd" format="PNG"/></entry> - <entry><command>Expression...</command></entry> - <entry><para> - The middle button labeled "Add Expression..." opens a dialog box that lets - you edit a display filter from a list of protocol fields, described in - <xref linkend="ChWorkFilterAddExpressionSection"/> - </para> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarClear" format="PNG"/></entry> - <entry><command>Clear</command></entry> - <entry><para> - Reset the current display filter and clears the edit area. - </para> - </entry> - </row> - <row> - <entry><graphic entityref="WiresharkToolbarApply" format="PNG"/></entry> - <entry><command>Apply</command></entry> - <entry><para> - Apply the current value in the edit area as the new display filter. - <note><title>Note!</title> - <para> - Applying a display filter on large capture files might take quite a long time! - </para> - </note> - </para> - </entry> - </row> - </tbody> - </tgroup> - </table> - </para> - </section> - - <section id="ChUsePacketListPaneSection"><title>The "Packet List" pane</title> - <para> - The packet list pane displays all the packets in the current capture - file. - <figure id="ChUseWiresharkListPane"> - <title>The "Packet List" pane</title> - <graphic entityref="WiresharkListPane" format="PNG"/> - </figure> - Each line in the packet list corresponds to one packet in the capture - file. If you select a line in this pane, more details will be displayed in - the "Packet Details" and "Packet Bytes" panes. - </para> - <para> - While dissecting a packet, Wireshark will place information from the - protocol dissectors into the columns. As higher level protocols might - overwrite information from lower levels, you will typically see the - information from the highest possible level only. - </para> - <para> - For example, let's look at a packet containing TCP inside IP inside - an Ethernet packet. The Ethernet dissector will write its data (such as - the Ethernet addresses), the IP dissector will overwrite this by its own - (such as the IP addresses), the TCP dissector will overwrite the IP - information, and so on. - </para> - <para> - There are a lot of different columns available. Which columns are - displayed can be selected by preference settings, see - <xref linkend="ChCustPreferencesSection"/>. - </para> - <para> - The default columns will show: - <itemizedlist> - <listitem> - <para><command>No.</command> - The number of the packet in the capture file. This number won't change, - even if a display filter is used. - </para> - </listitem> - <listitem> - <para><command>Time</command> - The timestamp of the packet. The presentation format of this timestamp - can be changed, see <xref linkend="ChWorkTimeFormatsSection"/>. - </para> - </listitem> - <listitem> - <para><command>Source</command> - The address where this packet is coming from. - </para> - </listitem> - <listitem> - <para><command>Destination</command> - The address where this packet is going to. - </para> - </listitem> - <listitem> - <para><command>Protocol</command> - The protocol name in a short (perhaps abbreviated) version. - </para> - </listitem> - <listitem> - <para><command>Info</command> - Additional information about the packet content. - </para> - </listitem> - </itemizedlist> - </para> - <para> - There is a context menu (right mouse click) available, see details in - <xref linkend="ChWorkPacketListPanePopUpMenu"/>. - </para> - </section> - - <section id="ChUsePacketDetailsPaneSection"><title>The "Packet Details" pane</title> - <para> - The packet details pane shows the current packet (selected in the "Packet List" - pane) in a more detailed form. - <figure id="ChUseWiresharkDetailsPane"> - <title>The "Packet Details" pane</title> - <graphic entityref="WiresharkDetailsPane" format="PNG"/> - </figure> - </para> - <para> - This pane shows the protocols and protocol fields of the packet selected - in the "Packet List" pane. The protocols and fields of the packet are - displayed using a tree, which can be expanded and collapsed. - </para> - <para> - There is a context menu (right mouse click) available, see details in - <xref linkend="ChWorkPacketDetailsPanePopUpMenu"/>. - </para> - <para> - Some protocol fields are specially displayed. - </para> - <itemizedlist> - <listitem> - <para> - <command>Generated fields</command> - Wireshark itself will generate additional protocol fields which are - surrounded by brackets. The information in these fields is derived from the - known context to other packets in the capture file. For example, Wireshark - is doing a sequence/acknowledge analysis of each TCP stream, - which is displayed in the [SEQ/ACK analysis] fields of the TCP protocol. - </para> - </listitem> - <listitem> - <para> - <command>Links</command> - If Wireshark detected a relationship to another packet in the capture file, - it will generate a link to that packet. Links are underlined and displayed - in blue. If double-clicked, Wireshark jumps to the corresponding packet. - </para> - </listitem> - </itemizedlist> - </section> - - <section id="ChUsePacketBytesPaneSection"><title>The "Packet Bytes" pane</title> - <para> - The packet bytes pane shows the data of the current packet (selected in the "Packet List" - pane) in a hexdump style. - <figure id="ChUseWiresharkBytesPane"> - <title>The "Packet Bytes" pane</title> - <graphic entityref="WiresharkBytesPane" format="PNG"/> - </figure> - </para> - <para> - As usual for a hexdump, the left side shows the offset in the packet data, - in the middle the packet data is shown in a hexadecimal representation and - on the right the corresponding ASCII characters (or . if not appropriate) - are displayed. - </para> - <para> - Depending on the packet data, sometimes more than one page is available, - e.g. when Wireshark has reassembled some packets into a single chunk of - data, see <xref linkend="ChAdvReassemblySection"/>. In this case there are - some additional tabs shown at the bottom of the pane to let you select - the page you want to see. - <figure id="ChUseWiresharkBytesPaneTabs"> - <title>The "Packet Bytes" pane with tabs</title> - <graphic entityref="WiresharkBytesPaneTabs" format="PNG"/> - </figure> - </para> - <note><title>Note!</title> - <para> - The additional pages might contain data picked from multiple packets. - </para> - </note> - <para> - The context menu (right mouse click) of the tab labels will show a list of - all available pages. This can be helpful if the size in the pane is too - small for all the tab labels. - </para> - </section> - - <section id="ChUseStatusbarSection"><title>The Statusbar</title> - <para> - The statusbar displays informational messages. - </para> - <para> - In general, the left side will show context related information, the - middle part will show the current number of packets, and the right side will - show the selected configuration profile. Drag the handles between the text - areas to change the size. - </para> - <para> - <figure id="ChUseWiresharkStatusbarEmpty"> - <title>The initial Statusbar</title> - <graphic entityref="WiresharkStatusbarEmpty" format="PNG"/> - </figure> - This statusbar is shown while no capture file is loaded, e.g. when - Wireshark is started. - </para> - <para> - <figure id="ChUseWiresharkStatusbarLoaded"> - <title>The Statusbar with a loaded capture file</title> - <graphic entityref="WiresharkStatusbarLoaded" format="PNG"/> - </figure> - </para> - <itemizedlist> - <listitem> - <para> - <command>The colorized bullet</command> on the left shows the highest expert - info level found in the currently loaded capture file. Hovering the mouse - over this icon will show a textual description of the expert info level, - and clicking the icon will bring up the Expert Infos dialog box. - For a detailed description of expert info, see <xref linkend="ChAdvExpert"/>. - </para> - </listitem> - <listitem> - <para> - <command>The left side</command> shows information about the capture file, its - name, its size and the elapsed time while it was being captured. - </para> - </listitem> - <listitem> - <para> - <command>The middle part</command> shows the current number of packets in the capture file. - The following values are displayed: - <itemizedlist mark="bullet"> - <listitem> - <para><emphasis>Packets:</emphasis> the number of captured packets</para> - </listitem> - <listitem> - <para><emphasis>Displayed:</emphasis> the number of packets currently being - displayed</para> - </listitem> - <listitem> - <para><emphasis>Marked:</emphasis> the number of marked packets</para> - </listitem> - <listitem> - <para><emphasis>Dropped:</emphasis> the number of dropped packets (only displayed - if Wireshark was unable to capture all packets)</para> - </listitem> - <listitem> - <para><emphasis>Ignored:</emphasis> the number of ignored packets (only displayed - if packets are ignored)</para> - </listitem> - </itemizedlist> - </para> - </listitem> - <listitem> - <para> - <command>The right side</command> shows the selected configuration profile. - Clicking in this part of the statusbar will bring up a menu with all available - configuration profiles, and selecting from this list will change the configuration profile. - </para> - </listitem> - </itemizedlist> - <para> - <figure id="ChUseWiresharkStatusbarProfile"> - <title>The Statusbar with a configuration profile menu</title> - <graphic entityref="WiresharkStatusbarProfile" format="PNG"/> - </figure> - For a detailed description of configuration profiles, see - <xref linkend="ChCustConfigProfilesSection"/>. - </para> - <para> - <figure id="ChUseWiresharkStatusbarSelected"> - <title>The Statusbar with a selected protocol field</title> - <graphic entityref="WiresharkStatusbarSelected" format="PNG"/> - </figure> - This is displayed if you have selected a protocol field from the - "Packet Details" pane. - </para> - <tip><title>Tip!</title> - <para> - The value between the brackets (in this example - <command>arp.opcode</command>) can be used as a display filter string, - representing the selected protocol field. - </para> - </tip> - <para> - <figure id="ChUseWiresharkStatusbarFilter"> - <title>The Statusbar with a display filter message</title> - <graphic entityref="WiresharkStatusbarFilter" format="PNG"/> - </figure> - This is displayed if you are trying to use a display filter which - may have unexpected results. For a detailed description, see - <xref linkend="ChWorkBuildDisplayFilterMistake"/>. - </para> - - </section> - -</chapter> -<!-- End of WSUG Chapter 3 --> |