diff options
author | Gerald Combs <gerald@wireshark.org> | 2019-02-14 15:23:05 -0800 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2019-02-15 05:17:26 +0000 |
commit | b658de2fa798cdf4046608b183137905df636d7b (patch) | |
tree | 723b95a0f522385fd93764f87c9c87cea9a6802e /docbook/wsug_src/WSUG_app_files.asciidoc | |
parent | 4bcad12279aab875bb9f871e7dd984a43bebe86e (diff) |
Rename our .asciidoc files to .adoc
As noted in "AsciiDoc Recommended Practices" at
https://asciidoctor.org/docs/asciidoc-recommended-practices/, the
AsciiDoc/Asciidoctor community seems to have settled on ".adoc" as a
file extension and that's the one preferred by the Asciidoctor project.
Update our filenames to match.
Change-Id: I2d352623d42d65d950b64310c3655b0fd177ee8c
Reviewed-on: https://code.wireshark.org/review/32037
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'docbook/wsug_src/WSUG_app_files.asciidoc')
-rw-r--r-- | docbook/wsug_src/WSUG_app_files.asciidoc | 587 |
1 files changed, 0 insertions, 587 deletions
diff --git a/docbook/wsug_src/WSUG_app_files.asciidoc b/docbook/wsug_src/WSUG_app_files.asciidoc deleted file mode 100644 index a19a641008..0000000000 --- a/docbook/wsug_src/WSUG_app_files.asciidoc +++ /dev/null @@ -1,587 +0,0 @@ -// WSUG Appendix Files - -[[AppFiles]] - -[appendix] -== Files and Folders - -[[ChAppFilesCaptureFilesSection]] - -=== Capture Files - -To understand which information will remain available after the captured packets -are saved to a capture file, it’s helpful to know a bit about the capture file -contents. - -Wireshark uses the -link:https://github.com/pcapng/pcapng[pcapng] file -format as the default format to save captured packets. It is very flexible -but other tools may not support it. - -Wireshark also supports the -link:https://wiki.wireshark.org/Development/LibpcapFileFormat[libpcap] file -format. This is a much simpler format and is well established. However, it has -some drawbacks: it’s not extensible and lacks some information that would be -really helpful (e.g. being able to add a comment to a packet such as “the -problems start here” would be really nice). - -In addition to the libpcap format, Wireshark supports several different capture -file formats. However, the problems described above also applies for these -formats. - -[[ChIOFileContentSection]] - -==== Libpcap File Contents - -At the start of each libpcap capture file some basic information is stored like -a magic number to identify the libpcap file format. The most interesting -information of this file start is the link layer type (Ethernet, 802.11, -MPLS, etc). - -The following data is saved for each packet: - -* The timestamp with millisecond resolution - -* The packet length as it was “on the wire” - -* The packet length as it’s saved in the file - -* The packet’s raw bytes - -A detailed description of the libpcap file format can be found at: -link:$$https://wiki.wireshark.org/Development/LibpcapFileFormat$$[] - -[[ChIOFileNotContentSection]] - -==== Not Saved in the Capture File - -You should also know the things that are _not saved_ in capture files: - -* Current selections (selected packet, ...) - -* Name resolution information. See <<ChAdvNameResolutionSection>> for details -+ --- -Pcapng files can optionally save name resolution information. Libpcap files -can’t. Other file formats have varying levels of support. --- - -* The number of packets dropped while capturing - -* Packet marks set with “Edit/Mark Packet” - -* Time references set with “Edit/Time Reference” - -* The current display filter - -[[ChConfigurationPluginFolders]] - -=== Configuration File and Plugin Folders - -To match the different policies for Unix-like systems and Windows, and -different policies used on different Unix-like systems, the folders -containing configuration files and plugins are different on different -platforms. We indicate the location of the top-level folders under -which configuration files and plugins are stored here, giving them -placeholder names independent of their actual location, and use those -names later when giving the location of the folders for configuration -files and plugins. - -[TIP] -==== -A list of the folders Wireshark actually uses can be found under the _Folders_ -tab in the dialog box shown when you select _About Wireshark_ from the _Help_ -menu. -==== - -==== Folders on Windows - -_%APPDATA%_ is the personal application data folder, e.g.: -_C:\Users{backslash}**username**\AppData\Roaming\Wireshark_ (details can be -found at: <<ChWindowsProfiles>>). - -_WIRESHARK_ is the Wireshark program folder, e.g.: _C:\Program -Files\Wireshark_. - -==== Folders on Unix-like systems - -_$XDG_CONFIG_HOME_ is the folder for user-specific configuration files. -It’s usually _$HOME/.config_, where _$HOME_ is the user’s home folder, which -is usually something such as _$HOME/**username**_, or -_/Users/**username**_ on macOS. - -If you are using macOS and you are running a copy of Wireshark -installed as an application bundle, _APPDIR_ is the top-level directory -of the Wireshark application bundle, which will typically be -_/Applications/Wireshark.app_. Otherwise, _INSTALLDIR_ is the top-level -directory under which reside the subdirectories in which components of -Wireshark are installed. This will typically be `/usr` if Wireshark is -bundled with the system (for example, provided as a package with a Linux -distribution) and _/usr/local_ if, for example, you’ve build Wireshark -from source and installed it. - -[[ChAppFilesConfigurationSection]] - -=== Configuration Files - -Wireshark uses a number of configuration files while it is running. Some of these -reside in the personal configuration folder and are used to maintain information -between runs of Wireshark, while some of them are maintained in system areas. - -The content format of the configuration files is the same on all platforms. - -On Windows: - -* The personal configuration folder for Wireshark is the -_Wireshark_ sub-folder of that folder, i.e. _%APPDATA%\Wireshark_. - -* The global configuration folder for Wireshark is the Wireshark program -folder and is also used as the system configuration folder. - -On Unix-like systems: - -* The personal configuration folder is -_$XDG_CONFIG_HOME/wireshark_. For backwards compatibility with -Wireshark before 2.2, if _$XDG_CONFIG_HOME/wireshark_ does not -exist and _$HOME/.wireshark_ is present, then the latter will be used. - -* If you are using macOS and you are running a copy of Wireshark -installed as an application bundle, the global configuration folder is -_APPDIR/Contents/Resources/share/wireshark_. Otherwise, the -global configuration folder is _INSTALLDIR/share/wireshark_. - -* The _/etc_ folder is the system configuration folder. The folder -actually used on your system may vary, maybe something like: -_/usr/local/etc_. - -[[AppFilesTabFolders]] -.Configuration files overview -[options="header"] -|=============== -|File/Folder|Description -|_preferences_|Settings from the Preferences dialog box. -|_recent_|Recent GUI settings (e.g. recent files lists). -|_cfilters_|Capture filters. -|_dfilters_|Display filters. -|_colorfilters_|Coloring rules. -|_+++disabled_protos+++_|Disabled protocols. -|_ethers_|Ethernet name resolution. -|_manuf_|Ethernet name resolution. -|_hosts_|IPv4 and IPv6 name resolution. -|_services_|Network services. -|_subnets_|IPv4 subnet name resolution. -|_ipxnets_|IPX name resolution. -|_vlans_|VLAN ID name resolution. -|_ss7pcs_|SS7 point code resolution. -|=============== - -[float] -===== File contents - -_preferences_:: -This file contains your Wireshark preferences, including defaults for capturing -and displaying packets. It is a simple text file containing statements of the -form: -+ --- ----- -variable: value ----- - -At program start, if there is a _preferences_ file in the global -configuration folder, it is read first. Then, if there is a -_preferences_ file in the personal configuration folder, that is read; -if there is a preference set in both files, the setting in the personal -preferences file overrides the setting in the global preference file. - -If you press the Save button in the “Preferences” dialog box, all the -current settings are written to the personal preferences file. --- - -_recent_:: -This file contains various GUI related settings like the main window position -and size, the recent files list and such. It is a simple text file containing -statements of the form: -+ --- ----- -variable: value ----- - -It is read at program start and written at program exit. --- - -_cfilters_:: -This file contains all the capture filters that you have defined and saved. It -consists of one or more lines, where each line has the following format: -+ --- ----- -"<filter name>" <filter string> ----- - -At program start, if there is a _cfilters_ file in the personal -configuration folder, it is read. If there isn’t a _cfilters_ file in -the personal configuration folder, then, if there is a _cfilters_ file -in the global configuration folder, it is read. - -When you press the Save button in the “Capture Filters” dialog box, -all the current capture filters are written to the personal capture -filters file. --- - -_dfilters_:: -This file contains all the display filters that you have defined and saved. It -consists of one or more lines, where each line has the following format: -+ --- ----- -"<filter name>" <filter string> ----- - -At program start, if there is a _dfilters_ file in the personal -configuration folder, it is read. If there isn’t a _dfilters_ file in -the personal configuration folder, then, if there is a _dfilters_ file -in the global configuration folder, it is read. - -When you press the Save button in the “Display Filters” dialog box, -all the current capture filters are written to the personal display -filters file. --- - -_colorfilters_:: -This file contains all the color filters that you have defined and saved. It -consists of one or more lines, where each line has the following format: -+ --- ----- -@<filter name>@<filter string>@[<bg RGB(16-bit)>][<fg RGB(16-bit)>] ----- - -At program start, if there is a _colorfilters_ file in the personal -configuration folder, it is read. If there isn’t a _colorfilters_ file -in the personal configuration folder, then, if there is a _colorfilters_ -file in the global configuration folder, it is read. - -Wwhen you press the Save button in the “Coloring Rules” dialog box, -all the current color filters are written to the personal color filters -file. --- - -_+++disabled_protos+++_:: -Each line in this file specifies a disabled protocol name. The following are -some examples: -+ --- ----- -tcp -udp ----- - -At program start, if there is a _+++disabled_protos+++_ file in the global -configuration folder, it is read first. Then, if there is a -_+++disabled_protos+++_ file in the personal configuration folder, that is -read; if there is an entry for a protocol set in both files, the setting -in the personal disabled protocols file overrides the setting in the -global disabled protocols file. - -When you press the Save button in the “Enabled Protocols” dialog box, -the current set of disabled protocols is written to the personal -disabled protocols file. --- - -_ethers_:: -When Wireshark is trying to translate an hardware MAC address to -a name, it consults the _ethers_ file in the personal configuration -folder first. If the address is not found in that file, Wireshark -consults the _ethers_ file in the system configuration folder. -+ --- -Each line in these files consists of one hardware address and name separated by -whitespace. The digits of hardware addresses are separated by colons (:), dashes -(-) or periods(.). The following are some examples: - ----- -ff-ff-ff-ff-ff-ff Broadcast -c0-00-ff-ff-ff-ff TR_broadcast -00.2b.08.93.4b.a1 Freds_machine ----- - -The settings from this file are read in when a MAC address is to be -translated to a name, and never written by Wireshark. --- - -_manuf_:: -At program start, if there is a _manuf_ file in the global -configuration folder, it is read. -+ -The entries in this file are used to translate the first three bytes of -an Ethernet address into a manufacturers name. This file has the same -format as the ethers file, except addresses are three bytes long. -+ --- -An example is: - ----- -00:00:01 Xerox # XEROX CORPORATION ----- - -The settings from this file are read in at program start and never written by -Wireshark. --- - -_hosts_:: -Wireshark uses the entries in the _hosts_ files to translate IPv4 and -IPv6 addresses into names. -+ -At program start, if there is a _hosts_ file in the global configuration -folder, it is read first. Then, if there is a _hosts_ file in the -personal configuration folder, that is read; if there is an entry for a -given IP address in both files, the setting in the personal hosts file -overrides the entry in the global hosts file. -+ --- -This file has the same format as the usual _/etc/hosts_ file on Unix systems. - -An example is: - ----- -# Comments must be prepended by the # sign! -192.168.0.1 homeserver ----- - -The settings from this file are read in at program start and never written by -Wireshark. --- - -_services_:: -Wireshark uses the _services_ files to translate port numbers into names. -+ -At program start, if there is a _services_ file in the global -configuration folder, it is read first. Then, if there is a _services_ -file in the personal configuration folder, that is read; if there is an -entry for a given port number in both files, the setting in the personal -hosts file overrides the entry in the global hosts file. -+ --- -An example is: - ----- -mydns 5045/udp # My own Domain Name Server -mydns 5045/tcp # My own Domain Name Server ----- - -The settings from these files are read in at program start and never -written by Wireshark. --- - -_subnets_:: -Wireshark uses the __subnets__ files to translate an IPv4 address into a -subnet name. If no exact match from a __hosts__ file or from DNS is -found, Wireshark will attempt a partial match for the subnet of the -address. -+ -At program start, if there is a _subnets_ file in the personal -configuration folder, it is read first. Then, if there is a _subnets_ -file in the global configuration folder, that is read; if there is a -preference set in both files, the setting in the global preferences file -overrides the setting in the personal preference file. -+ --- -Each line in one of these files consists of an IPv4 address, a subnet -mask length separated only by a “/” and a name separated by whitespace. -While the address must be a full IPv4 address, any values beyond the -mask length are subsequently ignored. - -An example is: ----- -# Comments must be prepended by the # sign! -192.168.0.0/24 ws_test_network ----- - -A partially matched name will be printed as “subnet-name.remaining-address”. -For example, “192.168.0.1” under the subnet above would be printed as -“ws_test_network.1”; if the mask length above had been 16 rather than 24, the -printed address would be “ws_test_network.0.1”. - -The settings from these files are read in at program start and never -written by Wireshark. --- - -_ipxnets_:: -When Wireshark is trying to translate an IPX network number to -a name, it consults the _ipxnets_ file in the personal configuration -folder first. If the address is not found in that file, Wireshark -consults the _ipxnets_ file in the system configuration folder. -+ --- - -An example is: ----- -C0.A8.2C.00 HR -c0-a8-1c-00 CEO -00:00:BE:EF IT_Server1 -110f FileServer3 ----- - -The settings from this file are read in when an IPX network number is to -be translated to a name, and never written by Wireshark. --- - -_vlans_:: -Wireshark uses the _vlans_ file to translate VLAN tag IDs into names. -+ -At program start, if there is a _vlans_ file in the personal -configuration folder, it is read. -+ --- -Each line in this file consists of one VLAN tag ID and a describing name separated by whitespace or tab. - -An example is: ----- -123 Server-LAN -2049 HR-Client-LAN ----- - -The settings from this file are read in at program start and never written by -Wireshark. --- - -_ss7pcs_:: -Wireshark uses the _ss7pcs_ file to translate SS7 point codes to node names. -+ -At program start, if there is a _ss7pcs_ file in the personal -configuration folder, it is read. -+ --- -Each line in this file consists of one network indicator followed by a dash followed by a point code in decimal and a node name separated by whitespace or tab. - -An example is: ----- -2-1234 MyPointCode1 ----- - -The settings from this file are read in at program start and never written by -Wireshark. --- - -[[ChPluginFolders]] - -=== Plugin folders - -Wireshark supports plugins for various purposes. Plugins can either be -scripts written in Lua or code written in C or {cpp} and compiled to -machine code. - -Wireshark looks for plugins in both a personal plugin folder and a -global plugin folder. Lua plugins are stored in the plugin folders; -compiled plugins are stored in subfolders of the plugin folders, with -the subfolder name being the Wireshark minor version number (X.Y). There is -another hierarchical level for each Wireshark library (libwireshark, libwscodecs -and libwiretap). So for example the location for a libwireshark plugin -_foo.so_ (_foo.dll_ on Windows) would be _PLUGINDIR/X.Y/epan_ -(libwireshark used to be called libepan; the other folder names are _codecs_ -and _wiretap_). - -On Windows: - -* The personal plugin folder is _%APPDATA%\Wireshark\plugins_. - -* The global plugin folder is _WIRESHARK\plugins_. - -On Unix-like systems: - -* The personal plugin folder is _~/.local/lib/wireshark/plugins_. - -[NOTE] -==== -To provide better support for binary plugins this folder changed in Wireshark 2.5. -It is recommended to use the new folder but *for lua scripts only* you may -continue to use _$XDG_CONFIG_HOME/wireshark/plugins_ for backward-compatibility. -This is useful to have older versions of Wireshark installed side-by-side. In case -of duplicate file names between old and new the new folder wins. -==== - -* If you are running on macOS and Wireshark is installed as an -application bundle, the global plugin folder is -_%APPDIR%/Contents/PlugIns/wireshark_, otherwise it’s -_INSTALLDIR/lib/wireshark/plugins_. - -[[ChWindowsFolder]] - -=== Windows folders - -Here you will find some details about the folders used in Wireshark on different -Windows versions. - -As already mentioned, you can find the currently used folders in the “About -Wireshark” dialog. - -[[ChWindowsProfiles]] - -==== Windows profiles - -Windows uses some special directories to store user configuration files which -define the “user profile”. This can be confusing, as the default directory -location changed from Windows version to version and might also be different for -English and internationalized versions of Windows. - -[NOTE] -==== -If you’ve upgraded to a new Windows version, your profile might be kept in the -former location. The defaults mentioned here might not apply. -==== - -The following guides you to the right place where to look for Wireshark’s -profile data. - -Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, and associated server editions:: -_C:\Users{backslash}**username**\AppData\Roaming\Wireshark_. - -Windows XP, Windows Server 2003, and Windows 2000 footnoteref:[historical,No longer supported by Wireshark. For historical reference only.]:: -_C:\Documents and Settings{backslash}**username**\Application Data_. “Documents and -Settings” and “Application Data” might be internationalized. - -Windows NT 4 footnoteref:[historical]:: -_C:\WINNT\Profiles{backslash}**username**\Application Data\Wireshark_ - -Windows ME, Windows 98 with user profiles footnoteref:[historical]:: -In Windows ME and 98 you could enable separate user profiles. In that case, -something like _C:\windows\Profiles{backslash}**username**\Application Data\Wireshark_ -is used. - -Windows ME, Windows 98 without user profiles footnoteref:[historical]:: -Without user profiles enabled the default location for all users was -_C:\windows\Application Data\Wireshark_. - -[[ChWindowsRoamingProfiles]] - -==== Windows roaming profiles - -Some larger Windows environments use roaming profiles. If this is the case the -configurations of all programs you use won’t be saved on your local hard drive. -They will be stored on the domain server instead. - -Your settings will travel with you from computer to computer with one exception. -The “Local Settings” folder in your profile data (typically something like: -_C:\Documents and Settings{backslash}**username**\Local Settings_) will not be -transferred to the domain server. This is the default for temporary capture -files. - -[[ChWindowsTempFolder]] - -==== Windows temporary folder - -Wireshark uses the folder which is set by the TMPDIR or TEMP environment -variable. This variable will be set by the Windows installer. - -Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, and associated server editions:: -_C:\Users{backslash}**username**\AppData\Local\Temp_ - -Windows XP, Windows Server 2003, Windows 2000 footnoteref:[historical]:: -_C:\Documents and Settings{backslash}**username**\Local Settings\Temp_ - -Windows NT footnoteref:[historical]:: -_C:\TEMP_ - -// End of WSUG Appendix Files |