diff options
| author | Moshe Kaplan <me@moshekaplan.com> | 2020-01-12 22:59:09 -0500 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2020-01-13 07:41:47 +0000 |
| commit | 3579779dd68f1a5a3f11fdf3d6e55baa90b74be2 (patch) | |
| tree | 8ae912b821af7ab9b3233f336e094c9f230ea6b5 /docbook | |
| parent | e60a56b0502b80044df64cd7f9dc0b088e5ae8e3 (diff) | |
WSUG: Clarify streams docs
Change-Id: I92847c29ad29f5657fa1b127e9f94a4d4cdc3b23
Reviewed-on: https://code.wireshark.org/review/35776
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'docbook')
| -rw-r--r-- | docbook/wsug_src/WSUG_chapter_advanced.adoc | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/docbook/wsug_src/WSUG_chapter_advanced.adoc b/docbook/wsug_src/WSUG_chapter_advanced.adoc index 9c6d8c500e..5829096bd8 100644 --- a/docbook/wsug_src/WSUG_chapter_advanced.adoc +++ b/docbook/wsug_src/WSUG_chapter_advanced.adoc @@ -21,11 +21,12 @@ or you are trying to make sense of a data stream. Maybe you just need a display filter to show only the packets in a TLS or SSL stream. If so, Wireshark’s ability to follow protocol streams will be useful to you. -Simply select a TCP, UDP, TLS, or HTTP packet in the packet list of the stream/connection you are -interested in and then select the Follow TCP Stream menu item from the Wireshark -Tools menu (or use the context menu in the packet list). Wireshark will set an -appropriate display filter and pop up a dialog box with all the data from the -TCP stream laid out in order, as shown in <<ChAdvFollowStream>>. +To filter to a particular stream, +select a TCP, UDP, TLS, or HTTP packet in the packet list of the stream/connection you are +interested in and then select the menu item menu:Analyze[Follow TCP Stream] +(or use the context menu in the packet list). Wireshark will set an +appropriate display filter and display a dialog box with the data from the +stream laid out, as shown in <<ChAdvFollowStream>>. [TIP] ==== @@ -42,11 +43,15 @@ the display filter if this behavior is not desired. image::wsug_graphics/ws-follow-stream.png[{screenshot-attrs}] The stream content is displayed in the same sequence as it appeared on the -network. Traffic from A to B is marked in red, while traffic from B to A is -marked in blue. If you like, you can change these colors in the -“Font and Colors” page in the “Preferences” dialog. +network. Non-printable characters are replaced by dots. +Traffic from the client to the server is colored red, while traffic +from the server to the client is +colored blue. These colors can be changed by opening menu:Edit[Preferences] and +under menu:Apperance[Font and Colors], selecting different colors for the +btn:[Sample "Follow Stream" client text] and btn:[Sample "Follow Stream" server text] +options. + -Non-printable characters will be replaced by dots. // XXX - What about line wrapping (maximum line length) and CRNL conversions? @@ -69,7 +74,7 @@ btn:[Back]:: Close this dialog box and restore the previous display filter. btn:[Close]:: Close this dialog box, leaving the current display filter in effect. -By default data from both directions is displayed. You can select the +By default, Wireshark displays both client and server data. You can select the menu:Entire conversation[] to switch between both, client to server, or server to client data. |