diff options
-rw-r--r-- | FAQ | 140 | ||||
-rw-r--r-- | help/faq.txt | 140 | ||||
-rw-r--r-- | manuf | 96 |
3 files changed, 328 insertions, 48 deletions
@@ -216,11 +216,13 @@ Using Ethereal: 5.44 How can I capture entire frames, including the FCS? - 5.45 Ethereal hangs after I stop a capture. + 5.45 Why does Ethereal hang after I stop a capture? 5.46 How can I search for, or filter, packets that have a particular string anywhere in them? + 5.47 How do I filter a capture to see traffic for virus XXX? + General Questions Q 1.1: Where can I get help? @@ -269,13 +271,14 @@ General Questions Q 1.5: What protocols are currently supported? - A: There are currently 530 supported protocols and media, listed + A: There are currently 602 supported protocols and media, listed below. Descriptions can be found in the ethereal(1) man page. 3GPP2 A11 802.1q Virtual LAN 802.1x Authentication AAL type 2 signalling protocol - Capability set 1 (Q.2630.1) + ACN AFS (4.0) Replication Server call declarations AIM Administrative AIM Advertisements @@ -283,6 +286,7 @@ General Questions AIM Chat Navigation AIM Chat Service AIM Directory Search + AIM E-mail AIM Generic Service AIM ICQ AIM Invitation Service @@ -292,6 +296,7 @@ General Questions AIM Popup AIM Privacy Management Service AIM Server Side Info + AIM Server Side Themes AIM Signon AIM Statistics AIM Translate @@ -305,6 +310,7 @@ General Questions ANSI Mobile Application Part AOL Instant Messenger ARCNET + ASN.1 decoding ATM ATM AAL1 ATM AAL3/4 @@ -325,6 +331,7 @@ General Questions AppleTalk Transaction Protocol packet Appletalk Address Resolution Protocol Application Configuration Access Protocol + Art-Net Async data over ISDN (V.120) Authentication Header BACnet Virtual Link Control @@ -365,12 +372,17 @@ General Questions Cisco Interior Gateway Routing Protocol Cisco NetFlow Cisco SLARP + Cisco Session Management Clearcase NFS CoSine IPNOS L2 debug output + Common Industrial Protocol Common Open Policy Service Common Unix Printing System (CUPS) Browsing Protocol Compuserve GIF + Configuration Test Protocol (loopback) Connectionless Lightweight Directory Access Protocol + Coseventcomm Dissector Using GIOP API + Cosnaming Dissector Using GIOP API Cross Point Frame Injector Cryptographic Message Syntax DCE Distributed Time Service Local Server @@ -413,26 +425,57 @@ cies DCOM Remote Activation DEC Spanning Tree Protocol DFS Calls + DG Gryphon Protocol DHCP Failover DHCPv6 DICOM DNS Control Program Server + DOCSIS 1.1 + DOCSIS Appendix C TLV's + DOCSIS Baseline Privacy Key Management Attributes + DOCSIS Baseline Privacy Key Management Request + DOCSIS Baseline Privacy Key Management Response + DOCSIS Dynamic Service Addition Acknowledge + DOCSIS Dynamic Service Addition Request + DOCSIS Dynamic Service Addition Response + DOCSIS Dynamic Service Change Acknowledgement + DOCSIS Dynamic Service Change Request + DOCSIS Dynamic Service Change Response + DOCSIS Dynamic Service Delete Request + DOCSIS Dynamic Service Delete Response + DOCSIS Initial Ranging Message + DOCSIS Mac Management + DOCSIS Range Request Message + DOCSIS Ranging Response + DOCSIS Registration Acknowledge + DOCSIS Registration Requests + DOCSIS Registration Responses + DOCSIS Upstream Bandwidth Allocation + DOCSIS Upstream Channel Change Request + DOCSIS Upstream Channel Change Response + DOCSIS Upstream Channel Descriptor + DOCSIS Upstream Channel Descriptor Type 29 + DOCSIS Vendor Specific Endodings Data Data Link SWitching Data Stream Interface Datagram Delivery Protocol + Decompressed SigComp message as raw text Diameter Protocol + Digital Audio Access Protocol Distance Vector Multicast Routing Protocol Distcc Distributed Compiler Distributed Checksum Clearinghouse Protocol Distributed Network Protocol 3.0 Domain Name Service Dynamic DNS Tools Protocol + ENTTEC Echo Encapsulating Security Payload Endpoint Name Resolution Protocol Enhanced Interior Gateway Routing Protocol EtherNet/IP (Industrial Protocol) + Etheric Ethernet Ethernet over IP Extensible Authentication Protocol @@ -468,6 +511,7 @@ cies Generic Routing Encapsulation Generic Security Service Application Program Interface Gnutella Protocol + H.248 MEGACO H225 H235-SECURITY-MESSAGES H245 @@ -489,6 +533,8 @@ cies IPX Message IPX Routing Information Protocol IPX WAN + IRemUnknown IRemUnknown Resolver + IRemUnknown2 IRemUnknown2 Resolver ISDN ISDN Q.921-User Adaptation Layer ISDN User Part @@ -499,10 +545,12 @@ cies ISO 8602 CLTP ConnectionLess Transport Protocol ISO 8823 OSI Presentation Protocol ISO 9542 ESIS Routeing Information Exchange Protocol + ISystemActivator ISystemActivator Resolver ITU-T E.164 number ITU-T Recommendation H.261 ITU-T Recommendation H.263 RTP Payload header (RFC2190) InMon sFlow + Information Access Protocol Intel ANS probe Intelligent Platform Management Interface Inter-Access-Point Protocol @@ -510,6 +558,7 @@ cies InterSwitch Message Protocol Interbase Internet Cache Protocol + Internet Communications Engine Protocol Internet Content Adaptation Protocol Internet Control Message Protocol Internet Control Message Protocol v6 @@ -522,12 +571,16 @@ cies Internet Relay Chat Internet Security Association and Key Management Protocol Internetwork Packet eXchange + IrCOMM Protocol + IrDA Link Access Protocol + IrDA Link Management Protocol JPEG File Interchange Format Jabber XML Messaging Java RMI Java Serialization Kerberos Kerberos Administration + Kerberos v4 Kernel Lock Manager LWAP Control Message LWAPP Encapsulated Packet @@ -535,6 +588,7 @@ cies Label Distribution Protocol Laplink Layer 2 Tunneling Protocol + Light Weight DNS RESolver (BIND9) Lightweight Directory Access Protocol Line Printer Daemon Protocol Line-based text data @@ -546,10 +600,13 @@ cies Linux cooked-mode capture Local Management Interface LocalTalk Link Access Protocol + Log Message Logical Link Control GPRS Logical-Link Control Lucent/Ascend debug output + MAC Control MDS Header + MEGACO MIME Multipart Media Encapsulation MMS Message Encapsulation MS Kpasswd @@ -560,6 +617,7 @@ cies MTP 2 User Adaptation Layer MTP 3 User Adaptation Layer MTP2 Peer Adaptation Layer + Media Gateway Control Protocol Media Type Media Type: message/http Message Transfer Part Level 2 @@ -610,6 +668,7 @@ cies NetBIOS Name Service NetBIOS Session Service NetBIOS over IPX + NetScape Certificate Extensions NetWare Core Protocol NetWare Link Services Protocol NetWare Serialization Protocol @@ -626,6 +685,7 @@ cies Null/Loopback OSI ISO 8571 FTAM Protocol OSI ISO/IEC 10035-1 ACSE Protocol + Open Policy Service Interface Open Shortest Path First OpenBSD Encapsulating device OpenBSD Packet Filter log file @@ -633,6 +693,9 @@ cies Optimized Link State Routing Protocol PC NFS PKCS#1 + PKINIT + PKIX1Explitit + PKIX1Implitit POSTGRESQL PPP Bandwidth Allocation Control Protocol PPP Bandwidth Allocation Protocol @@ -654,9 +717,11 @@ cies PPP-over-Ethernet Session PPPMux Control Protocol Packed Encoding Rules (ASN.1 X.691) + Packet Cable Lawful Intercept PacketCable Point-to-Point Protocol Point-to-Point Tunnelling Protocol + Port Aggregation Protocol Portmap Post Office Protocol Pragmatic General Multicast @@ -672,6 +737,7 @@ cies Quake Network Protocol QuakeWorld Network Protocol Qualified Logical Link Control + RDM RFC 2250 MPEG1 RFC 2833 RTP Event RIPng @@ -679,6 +745,8 @@ cies RS Interface properties RSTAT RSYNC File Synchroniser + RTNET + RTcfg RX Protocol Radio Access Network Application Part Radius Protocol @@ -687,8 +755,10 @@ cies Real-Time Publish-Subscribe Wire Protocol Real-Time Transport Protocol Real-time Transport Control Protocol + Redundant Link Management Protocol Registry Server Attributes Manipulation Interface Registry server administration operations. + Reliable UDP Remote Management Control Protocol Remote Override interface Remote Procedure Call @@ -718,6 +788,7 @@ cies SSH Protocol Secure Socket Layer Sequenced Packet eXchange + Serial Infrared Service Advertisement Protocol Service Location Protocol Session Announcement Protocol @@ -750,22 +821,25 @@ cies TACACS TACACS+ TEI Management Procedure, Channel D (LAPD) - TEREDO Tunneling IPv6 over UDP through NATs TPKT Tabular Data Stream Tazmen Sniffer Protocol Telnet + Teredo IPv6 over UDP tunneling Time Protocol Time Synchronization Protocol + Tiny Transport Protocol Token-Ring Token-Ring Media Access Control Transaction Capabilities Application Part Transmission Control Protocol Transparent Network Substrate Protocol + Transport Adapter Layer Interface v1.0, RFC 3094 Trivial File Transfer Protocol UDP Encapsulation of IPsec Packets Universal Computer Protocol User Datagram Protocol + V5.2-User Adaptation Layer Virtual Router Redundancy Protocol Virtual Trunking Protocol WAP Binary XML @@ -2148,7 +2222,7 @@ Using Ethereal thinks there is, will display it as such, and will check whether it's the correct CRC-32 value or not. - Q 5.45: Ethereal hangs after I stop a capture. + Q 5.45: Why does Ethereal hang after I stop a capture? A: The most likely reason for this is that Ethereal is trying to look up an IP address in the capture to convert it to a name (so that, for @@ -2179,18 +2253,24 @@ Using Ethereal lookup to take a long time. If you disable network address-to-name translation - for example, by - turning off the "Enable network name resolution" option in the "Name - resolution" options in the dialog box you get by selecting - "Preferences" from the "Edit" menu - the lookups of the address won't - be done, which may speed up the process of reading the capture file - after the capture is stopped. You can make that setting the default by - using the "Save" button in that dialog box; note that this will save - all your current preference settings. + turning off the "Enable network name resolution" option in the + "Capture Options" dialog box for starting a network capture - the + lookups of the address won't be done, which may speed up the process + of reading the capture file after the capture is stopped. You can make + that setting the default by selecting "Preferences" from the "Edit" + menu, turning off the "Enable network name resolution" option in the + "Name resolution" options in the preferences disalog box, and using + the "Save" button in that dialog box; note that this will save all + your current preference settings. If Ethereal hangs when reading a capture even with network name resolution turned off, there might, for example, be a bug in one of - Ethereal's dissectors for a protocol causing it to loop infinitely. - The bug should be reported to the Ethereal developers' mailing list at + Ethereal's dissectors for a protocol causing it to loop infinitely. If + you're not running the most recent release of Ethereal, you should + first upgrade to that release, as, if there's a bug of that sort, it + might've been fixed in a release after the one you're running. If the + hang occurs in the most recent release of Ethereal, the bug should be + reported to the Ethereal developers' mailing list at ethereal-dev@ethereal.com. On UNIX-flavored OSes, please try to force Ethereal to dump core, by @@ -2206,17 +2286,21 @@ Using Ethereal $ The core dump file may be named "ethereal.core" rather than "core" on - some platforms (e.g., BSD systems) + some platforms (e.g., BSD systems). Also, if at all possible, please send a copy of the capture file that caused the problem; when capturing packets, Ethereal normally writes captured packets to a temporary file, which will probably be in /tmp - or /var/tmp on UNIX-flavored OSes and \TEMP on Windows, so the capture - file will probably be there. It will have a name beginning with ether, - with some mixture of letters and numbers after that. Please don't send - a trace file greater than 1 MB when compressed. If the trace file - contains sensitive information (e.g., passwords), then please do not - send it. + or /var/tmp on UNIX-flavored OSes, \TEMP on the main system disk + (normally C:) on Windows 9x/Me/NT 4.0, and \Documents and + Settings\your login name\Local Settings\Temp on the main system disk + on Windows 2000/XP/Server 2003, so the capture file will probably be + there. It will have a name beginning with ether, with some mixture of + letters and numbers after that. Please don't send a trace file greater + than 1 MB when compressed; instead, make it available via FTP or HTTP, + or say it's available but leave it up to a developer to ask for it. If + the trace file contains sensitive information (e.g., passwords), then + please do not send it. Q 5.46: How can I search for, or filter, packets that have a particular string anywhere in them? @@ -2240,9 +2324,23 @@ Using Ethereal string or byte string fields in the packet; the "contains" operator can also be used in expressions used to filter the display. + Q 5.47: How do I filter a capture to see traffic for virus XXX? + + A: For some viruses/worms there might be a capture filter to recognize + the virus traffic. Check the CaptureFilters page on the Ethereal Wiki + to see if anybody's added such a filter. + + Note that Ethereal was not designed to be an intrusion detection + system; you might be able to use it as an IDS, but in most cases + software designed to be an IDS, such as Snort or Prelude, will + probably work better. + + The Bleeding Edge of Snort has a collection of signatures for Snort to + detect various viruses, worms, and the like. + Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list. For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com . - Last modified: Sat, September 25 2004. + Last modified: Thu, November 18 2004. diff --git a/help/faq.txt b/help/faq.txt index 851dbaf4ae..8c52fcea1b 100644 --- a/help/faq.txt +++ b/help/faq.txt @@ -216,11 +216,13 @@ Using Ethereal: 5.44 How can I capture entire frames, including the FCS? - 5.45 Ethereal hangs after I stop a capture. + 5.45 Why does Ethereal hang after I stop a capture? 5.46 How can I search for, or filter, packets that have a particular string anywhere in them? + 5.47 How do I filter a capture to see traffic for virus XXX? + General Questions Q 1.1: Where can I get help? @@ -269,13 +271,14 @@ General Questions Q 1.5: What protocols are currently supported? - A: There are currently 530 supported protocols and media, listed + A: There are currently 602 supported protocols and media, listed below. Descriptions can be found in the ethereal(1) man page. 3GPP2 A11 802.1q Virtual LAN 802.1x Authentication AAL type 2 signalling protocol - Capability set 1 (Q.2630.1) + ACN AFS (4.0) Replication Server call declarations AIM Administrative AIM Advertisements @@ -283,6 +286,7 @@ General Questions AIM Chat Navigation AIM Chat Service AIM Directory Search + AIM E-mail AIM Generic Service AIM ICQ AIM Invitation Service @@ -292,6 +296,7 @@ General Questions AIM Popup AIM Privacy Management Service AIM Server Side Info + AIM Server Side Themes AIM Signon AIM Statistics AIM Translate @@ -305,6 +310,7 @@ General Questions ANSI Mobile Application Part AOL Instant Messenger ARCNET + ASN.1 decoding ATM ATM AAL1 ATM AAL3/4 @@ -325,6 +331,7 @@ General Questions AppleTalk Transaction Protocol packet Appletalk Address Resolution Protocol Application Configuration Access Protocol + Art-Net Async data over ISDN (V.120) Authentication Header BACnet Virtual Link Control @@ -365,12 +372,17 @@ General Questions Cisco Interior Gateway Routing Protocol Cisco NetFlow Cisco SLARP + Cisco Session Management Clearcase NFS CoSine IPNOS L2 debug output + Common Industrial Protocol Common Open Policy Service Common Unix Printing System (CUPS) Browsing Protocol Compuserve GIF + Configuration Test Protocol (loopback) Connectionless Lightweight Directory Access Protocol + Coseventcomm Dissector Using GIOP API + Cosnaming Dissector Using GIOP API Cross Point Frame Injector Cryptographic Message Syntax DCE Distributed Time Service Local Server @@ -413,26 +425,57 @@ cies DCOM Remote Activation DEC Spanning Tree Protocol DFS Calls + DG Gryphon Protocol DHCP Failover DHCPv6 DICOM DNS Control Program Server + DOCSIS 1.1 + DOCSIS Appendix C TLV's + DOCSIS Baseline Privacy Key Management Attributes + DOCSIS Baseline Privacy Key Management Request + DOCSIS Baseline Privacy Key Management Response + DOCSIS Dynamic Service Addition Acknowledge + DOCSIS Dynamic Service Addition Request + DOCSIS Dynamic Service Addition Response + DOCSIS Dynamic Service Change Acknowledgement + DOCSIS Dynamic Service Change Request + DOCSIS Dynamic Service Change Response + DOCSIS Dynamic Service Delete Request + DOCSIS Dynamic Service Delete Response + DOCSIS Initial Ranging Message + DOCSIS Mac Management + DOCSIS Range Request Message + DOCSIS Ranging Response + DOCSIS Registration Acknowledge + DOCSIS Registration Requests + DOCSIS Registration Responses + DOCSIS Upstream Bandwidth Allocation + DOCSIS Upstream Channel Change Request + DOCSIS Upstream Channel Change Response + DOCSIS Upstream Channel Descriptor + DOCSIS Upstream Channel Descriptor Type 29 + DOCSIS Vendor Specific Endodings Data Data Link SWitching Data Stream Interface Datagram Delivery Protocol + Decompressed SigComp message as raw text Diameter Protocol + Digital Audio Access Protocol Distance Vector Multicast Routing Protocol Distcc Distributed Compiler Distributed Checksum Clearinghouse Protocol Distributed Network Protocol 3.0 Domain Name Service Dynamic DNS Tools Protocol + ENTTEC Echo Encapsulating Security Payload Endpoint Name Resolution Protocol Enhanced Interior Gateway Routing Protocol EtherNet/IP (Industrial Protocol) + Etheric Ethernet Ethernet over IP Extensible Authentication Protocol @@ -468,6 +511,7 @@ cies Generic Routing Encapsulation Generic Security Service Application Program Interface Gnutella Protocol + H.248 MEGACO H225 H235-SECURITY-MESSAGES H245 @@ -489,6 +533,8 @@ cies IPX Message IPX Routing Information Protocol IPX WAN + IRemUnknown IRemUnknown Resolver + IRemUnknown2 IRemUnknown2 Resolver ISDN ISDN Q.921-User Adaptation Layer ISDN User Part @@ -499,10 +545,12 @@ cies ISO 8602 CLTP ConnectionLess Transport Protocol ISO 8823 OSI Presentation Protocol ISO 9542 ESIS Routeing Information Exchange Protocol + ISystemActivator ISystemActivator Resolver ITU-T E.164 number ITU-T Recommendation H.261 ITU-T Recommendation H.263 RTP Payload header (RFC2190) InMon sFlow + Information Access Protocol Intel ANS probe Intelligent Platform Management Interface Inter-Access-Point Protocol @@ -510,6 +558,7 @@ cies InterSwitch Message Protocol Interbase Internet Cache Protocol + Internet Communications Engine Protocol Internet Content Adaptation Protocol Internet Control Message Protocol Internet Control Message Protocol v6 @@ -522,12 +571,16 @@ cies Internet Relay Chat Internet Security Association and Key Management Protocol Internetwork Packet eXchange + IrCOMM Protocol + IrDA Link Access Protocol + IrDA Link Management Protocol JPEG File Interchange Format Jabber XML Messaging Java RMI Java Serialization Kerberos Kerberos Administration + Kerberos v4 Kernel Lock Manager LWAP Control Message LWAPP Encapsulated Packet @@ -535,6 +588,7 @@ cies Label Distribution Protocol Laplink Layer 2 Tunneling Protocol + Light Weight DNS RESolver (BIND9) Lightweight Directory Access Protocol Line Printer Daemon Protocol Line-based text data @@ -546,10 +600,13 @@ cies Linux cooked-mode capture Local Management Interface LocalTalk Link Access Protocol + Log Message Logical Link Control GPRS Logical-Link Control Lucent/Ascend debug output + MAC Control MDS Header + MEGACO MIME Multipart Media Encapsulation MMS Message Encapsulation MS Kpasswd @@ -560,6 +617,7 @@ cies MTP 2 User Adaptation Layer MTP 3 User Adaptation Layer MTP2 Peer Adaptation Layer + Media Gateway Control Protocol Media Type Media Type: message/http Message Transfer Part Level 2 @@ -610,6 +668,7 @@ cies NetBIOS Name Service NetBIOS Session Service NetBIOS over IPX + NetScape Certificate Extensions NetWare Core Protocol NetWare Link Services Protocol NetWare Serialization Protocol @@ -626,6 +685,7 @@ cies Null/Loopback OSI ISO 8571 FTAM Protocol OSI ISO/IEC 10035-1 ACSE Protocol + Open Policy Service Interface Open Shortest Path First OpenBSD Encapsulating device OpenBSD Packet Filter log file @@ -633,6 +693,9 @@ cies Optimized Link State Routing Protocol PC NFS PKCS#1 + PKINIT + PKIX1Explitit + PKIX1Implitit POSTGRESQL PPP Bandwidth Allocation Control Protocol PPP Bandwidth Allocation Protocol @@ -654,9 +717,11 @@ cies PPP-over-Ethernet Session PPPMux Control Protocol Packed Encoding Rules (ASN.1 X.691) + Packet Cable Lawful Intercept PacketCable Point-to-Point Protocol Point-to-Point Tunnelling Protocol + Port Aggregation Protocol Portmap Post Office Protocol Pragmatic General Multicast @@ -672,6 +737,7 @@ cies Quake Network Protocol QuakeWorld Network Protocol Qualified Logical Link Control + RDM RFC 2250 MPEG1 RFC 2833 RTP Event RIPng @@ -679,6 +745,8 @@ cies RS Interface properties RSTAT RSYNC File Synchroniser + RTNET + RTcfg RX Protocol Radio Access Network Application Part Radius Protocol @@ -687,8 +755,10 @@ cies Real-Time Publish-Subscribe Wire Protocol Real-Time Transport Protocol Real-time Transport Control Protocol + Redundant Link Management Protocol Registry Server Attributes Manipulation Interface Registry server administration operations. + Reliable UDP Remote Management Control Protocol Remote Override interface Remote Procedure Call @@ -718,6 +788,7 @@ cies SSH Protocol Secure Socket Layer Sequenced Packet eXchange + Serial Infrared Service Advertisement Protocol Service Location Protocol Session Announcement Protocol @@ -750,22 +821,25 @@ cies TACACS TACACS+ TEI Management Procedure, Channel D (LAPD) - TEREDO Tunneling IPv6 over UDP through NATs TPKT Tabular Data Stream Tazmen Sniffer Protocol Telnet + Teredo IPv6 over UDP tunneling Time Protocol Time Synchronization Protocol + Tiny Transport Protocol Token-Ring Token-Ring Media Access Control Transaction Capabilities Application Part Transmission Control Protocol Transparent Network Substrate Protocol + Transport Adapter Layer Interface v1.0, RFC 3094 Trivial File Transfer Protocol UDP Encapsulation of IPsec Packets Universal Computer Protocol User Datagram Protocol + V5.2-User Adaptation Layer Virtual Router Redundancy Protocol Virtual Trunking Protocol WAP Binary XML @@ -2148,7 +2222,7 @@ Using Ethereal thinks there is, will display it as such, and will check whether it's the correct CRC-32 value or not. - Q 5.45: Ethereal hangs after I stop a capture. + Q 5.45: Why does Ethereal hang after I stop a capture? A: The most likely reason for this is that Ethereal is trying to look up an IP address in the capture to convert it to a name (so that, for @@ -2179,18 +2253,24 @@ Using Ethereal lookup to take a long time. If you disable network address-to-name translation - for example, by - turning off the "Enable network name resolution" option in the "Name - resolution" options in the dialog box you get by selecting - "Preferences" from the "Edit" menu - the lookups of the address won't - be done, which may speed up the process of reading the capture file - after the capture is stopped. You can make that setting the default by - using the "Save" button in that dialog box; note that this will save - all your current preference settings. + turning off the "Enable network name resolution" option in the + "Capture Options" dialog box for starting a network capture - the + lookups of the address won't be done, which may speed up the process + of reading the capture file after the capture is stopped. You can make + that setting the default by selecting "Preferences" from the "Edit" + menu, turning off the "Enable network name resolution" option in the + "Name resolution" options in the preferences disalog box, and using + the "Save" button in that dialog box; note that this will save all + your current preference settings. If Ethereal hangs when reading a capture even with network name resolution turned off, there might, for example, be a bug in one of - Ethereal's dissectors for a protocol causing it to loop infinitely. - The bug should be reported to the Ethereal developers' mailing list at + Ethereal's dissectors for a protocol causing it to loop infinitely. If + you're not running the most recent release of Ethereal, you should + first upgrade to that release, as, if there's a bug of that sort, it + might've been fixed in a release after the one you're running. If the + hang occurs in the most recent release of Ethereal, the bug should be + reported to the Ethereal developers' mailing list at ethereal-dev@ethereal.com. On UNIX-flavored OSes, please try to force Ethereal to dump core, by @@ -2206,17 +2286,21 @@ Using Ethereal $ The core dump file may be named "ethereal.core" rather than "core" on - some platforms (e.g., BSD systems) + some platforms (e.g., BSD systems). Also, if at all possible, please send a copy of the capture file that caused the problem; when capturing packets, Ethereal normally writes captured packets to a temporary file, which will probably be in /tmp - or /var/tmp on UNIX-flavored OSes and \TEMP on Windows, so the capture - file will probably be there. It will have a name beginning with ether, - with some mixture of letters and numbers after that. Please don't send - a trace file greater than 1 MB when compressed. If the trace file - contains sensitive information (e.g., passwords), then please do not - send it. + or /var/tmp on UNIX-flavored OSes, \TEMP on the main system disk + (normally C:) on Windows 9x/Me/NT 4.0, and \Documents and + Settings\your login name\Local Settings\Temp on the main system disk + on Windows 2000/XP/Server 2003, so the capture file will probably be + there. It will have a name beginning with ether, with some mixture of + letters and numbers after that. Please don't send a trace file greater + than 1 MB when compressed; instead, make it available via FTP or HTTP, + or say it's available but leave it up to a developer to ask for it. If + the trace file contains sensitive information (e.g., passwords), then + please do not send it. Q 5.46: How can I search for, or filter, packets that have a particular string anywhere in them? @@ -2240,9 +2324,23 @@ Using Ethereal string or byte string fields in the packet; the "contains" operator can also be used in expressions used to filter the display. + Q 5.47: How do I filter a capture to see traffic for virus XXX? + + A: For some viruses/worms there might be a capture filter to recognize + the virus traffic. Check the CaptureFilters page on the Ethereal Wiki + to see if anybody's added such a filter. + + Note that Ethereal was not designed to be an intrusion detection + system; you might be able to use it as an IDS, but in most cases + software designed to be an IDS, such as Snort or Prelude, will + probably work better. + + The Bleeding Edge of Snort has a collection of signatures for Snort to + detect various viruses, worms, and the like. + Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list. For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com . - Last modified: Sat, September 25 2004. + Last modified: Thu, November 18 2004. @@ -691,7 +691,7 @@ 00:02:81 Madge # Madge Ltd. 00:02:82 Viaclix # ViaClix, Inc. 00:02:83 SpectrumCo # Spectrum Controls, Inc. -00:02:84 AlstomT&DP # Alstom T&D P&C +00:02:84 ArevaT&D # AREVA T&D 00:02:85 Riverstone # Riverstone Networks 00:02:86 OccamNetwo # Occam Networks 00:02:87 Adapcom @@ -1407,7 +1407,7 @@ 00:05:4D BransTechn # Brans Technologies, Inc. 00:05:4E PhilipsCom # Philips Components 00:05:4F Private -00:05:50 Digi-TechC # Digi-Tech Communications Limited +00:05:50 Vcomms # Vcomms Limited 00:05:51 FSElektron # F & S Elektronik Systeme GmbH 00:05:52 XycotecCom # Xycotec Computer GmbH 00:05:53 Dvc # DVC Company, Inc. @@ -1583,7 +1583,7 @@ 00:05:FD Packetligh # PacketLight Networks Ltd. 00:05:FE TraficonNV # Traficon N.V. 00:05:FF SnsSolutio # SNS Solutions, Inc. -00:06:00 TokyoElect # Tokyo Electronic Industry Co., Ltd. +00:06:00 ToshibaTel # Toshiba Teli Corporation 00:06:01 Otanikeiki # Otanikeiki Co., Ltd. 00:06:02 CirkitechE # Cirkitech Electronics Co. 00:06:03 BakerHughe # Baker Hughes Inc. @@ -3280,7 +3280,7 @@ 00:0C:C5 Nextlink # Nextlink Co., Ltd. 00:0C:C6 Ka-RoElect # Ka-Ro electronics GmbH 00:0C:C7 Intelligen # Intelligent Computer Solutions Inc. -00:0C:C8 Integrated # Integrated Digital Systems, Inc. +00:0C:C8 XytronixRe # Xytronix Research & Design, Inc. 00:0C:C9 IlwooDataT # ILWOO DATA & TECHNOLOGY CO.,LTD 00:0C:CA HitachiGlo # Hitachi Global Storage Technologies 00:0C:CB DesignComb # Design Combus Ltd @@ -4777,6 +4777,90 @@ 00:12:9F Rae # RAE Systems, Inc. 00:12:A0 Neomeridia # NeoMeridian Sdn Bhd 00:12:A1 Bluepacket # BluePacket Communications Co., Ltd. +00:12:A2 Vita +00:12:A3 TrustInter # Trust International B.V. +00:12:A4 Thingmagic # ThingMagic, LLC +00:12:A5 Stargen # Stargen, Inc. +00:12:A6 LakeTechno # Lake Technology Ltd +00:12:A7 IsrTechnol # ISR TECHNOLOGIES Inc +00:12:A8 Intec # intec GmbH +00:12:A9 3comEurope # 3COM EUROPE LTD +00:12:AA Iee # IEE, Inc. +00:12:AB Wilife # WiLife, Inc. +00:12:AC Ontimetek # ONTIMETEK INC. +00:12:AD Ids # IDS GmbH +00:12:AE HlsHard-Li # HLS HARD-LINE Solutions Inc. +00:12:AF ElproTechn # ELPRO Technologies +00:12:B0 EforeOyj # Efore Oyj (Plc) +00:12:B1 DaiNipponP # Dai Nippon Printing Co., Ltd +00:12:B2 Avolites # AVOLITES LTD. +00:12:B3 AdvanceWir # Advance Wireless Technology Corp. +00:12:B4 Work # Work GmbH +00:12:B5 Vialta # Vialta, Inc. +00:12:B6 SantaBarba # Santa Barbara Infrared, Inc. +00:12:B7 PtwFreibur # PTW Freiburg +00:12:B8 G2Microsys # G2 Microsystems +00:12:B9 FusionDigi # Fusion Digital Technology +00:12:BA Fsi # FSI Systems, Inc. +00:12:BB Telecommun # Telecommunications Industry Association TR-41 Committee +00:12:BC EcholabLlc # Echolab LLC +00:12:BD AvantecMan # Avantec Manufacturing Limited +00:12:BE Astek # Astek Corporation +00:12:BF ArcadyanTe # Arcadyan Technology Corporation +00:12:C0 Hotlava # HotLava Systems, Inc. +00:12:C1 CheckPoint # Check Point Software Technologies +00:12:C2 ApexElectr # Apex Electronics Factory +00:12:C3 WitSA # WIT S.A. +00:12:C4 Viseon # Viseon, Inc. +00:12:C5 V-ShowTech # V-Show Technology Co.Ltd +00:12:C6 TgcAmerica # TGC America, Inc +00:12:C7 SecurayTec # SECURAY Technologies Ltd.Co. +00:12:C8 PerfectTec # Perfect tech +00:12:C9 MotorolaBc # Motorola BCS +00:12:CA HansenTele # Hansen Telecom +00:12:CB Css # CSS Inc. +00:12:CC Bitatek # Bitatek CO., LTD +00:12:CD AsemSpa # ASEM SpA +00:12:CE AdvancedCy # Advanced Cybernetics Group +00:12:CF AcctonTech # Accton Technology Corporation +00:12:D0 Gossen-Met # Gossen-Metrawatt-GmbH +00:12:D1 TexasInstr # Texas Instruments Inc +00:12:D2 TexasInstr # Texas Instruments +00:12:D3 Zetta # Zetta Systems, Inc. +00:12:D4 PrincetonT # Princeton Technology, Ltd +00:12:D5 MotionReal # Motion Reality Inc. +00:12:D6 JiangsuYit # Jiangsu Yitong High-Tech Co.,Ltd +00:12:D7 InventoNet # Invento Networks, Inc. +00:12:D8 Internatio # International Games System Co., Ltd. +00:12:D9 Cisco # Cisco Systems +00:12:DA Cisco # Cisco Systems +00:12:DB Private +00:12:DC SuncorpInd # SunCorp Industrial Limited +00:12:DD ShengquInf # Shengqu Information Technology (Shanghai) Co., Ltd. +00:12:DE RadioCompo # Radio Components Sweden AB +00:12:DF Novomatic # Novomatic AG +00:12:E0 Codan # Codan Limited +00:12:E1 AlliantNet # Alliant Networks, Inc +00:12:E2 AlaxalaNet # ALAXALA Networks Corporation +00:12:E3 Agat-Rt # Agat-RT, Ltd. +00:12:E4 ZiehlIndus # ZIEHL industrie-electronik GmbH + Co KG +00:12:E5 TimeAmeric # Time America, Inc. +00:12:E6 SpectecCom # SPECTEC COMPUTER CO., LTD. +00:12:E7 ProjectekN # Projectek Networking Electronics Corp. +00:12:E8 Fraunhofer # Fraunhofer IMS +00:12:E9 Abbey # Abbey Systems Ltd +00:12:EA Trane +00:12:EB R2diLlc # R2DI, LLC +00:12:EC MovacolorB # Movacolor b.v. +00:12:ED AvgAdvance # AVG Advanced Technologies +00:12:EE SonyEricss # Sony Ericsson Mobile Communications AB +00:12:EF OneaccessS # OneAccess SA +00:12:F0 IntelCorpo # Intel Corporate +00:12:F1 Ifotec +00:12:F2 FoundryNet # Foundry Networks +00:12:F3 Connectblu # connectBlue AB +00:12:F4 BelcoInter # Belco International Co.,Ltd. +00:12:F5 Prolificx # Prolificx Ltd 00:17:00 Kabel 00:1C:7C Perq # PERQ SYSTEMS CORPORATION 00:20:00 LexmarkInt # LEXMARK INTERNATIONAL, INC. @@ -5110,7 +5194,7 @@ 00:30:47 NisseiElec # NISSEI ELECTRIC CO., LTD. 00:30:48 Supermicro # Supermicro Computer, Inc. 00:30:49 BryantTech # BRYANT TECHNOLOGY, LTD. -00:30:4A Fraunhofer # FRAUNHOFER INSTITUTE IMS +00:30:4A Fraunhofer # Fraunhofer IPMS 00:30:4B Orbacom # ORBACOM SYSTEMS, INC. 00:30:4C AppianComm # APPIAN COMMUNICATIONS, INC. 00:30:4D Esi @@ -6597,7 +6681,7 @@ 00:A0:1E Est # EST CORPORATION 00:A0:1F Tricord # TRICORD SYSTEMS, INC. 00:A0:20 Citicorp/T # CITICORP/TTI -00:A0:21 GeneralDyn # GENERAL DYNAMICS- +00:A0:21 GeneralDyn # General Dynamics 00:A0:22 CentreForD # CENTRE FOR DEVELOPMENT OF ADVANCED COMPUTING 00:A0:23 AppliedCre # APPLIED CREATIVE TECHNOLOGY, INC. 00:A0:24 3com # 3COM CORPORATION |