WSUG: Update the capture chapter.

Update the capture interface and options portions of the capture
chapter.

Change-Id: Ie50731264dacba2663e1de8ae5fdda7f5fbae1e9
Reviewed-on: https://code.wireshark.org/review/35281
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

22 files changed, 284 insertions, 491 deletions

diff --git a/docbook/CMakeLists.txt b/docbook/CMakeLists.txt
index 9fb88ce7f5..9db2b5fcb7 100644
--- a/docbook/CMakeLists.txt
+++ b/docbook/CMakeLists.txt
@@ -105,6 +105,7 @@ set(WSUG_FILES
 	${COMMON_FILES}
 )
 
+# Note: Images should be minimized using tools/compress-pngs.sh.
 set(WSUG_GRAPHICS
 	wsug_graphics/related-ack.png
 	wsug_graphics/related-current.png
@@ -120,23 +121,14 @@ set(WSUG_GRAPHICS
 	wsug_graphics/ws-bytes-pane-tabs.png
 	wsug_graphics/ws-bytes-pane.png
 	wsug_graphics/ws-capture-info.png
-	wsug_graphics/ws-capture-interface-details.png
-	wsug_graphics/ws-capture-interfaces.png
-	wsug_graphics/ws-capture-interfaces-win32.png
+	wsug_graphics/ws-capture-interfaces-main-macos.png
+	wsug_graphics/ws-capture-interfaces-main-win32.png
 	wsug_graphics/ws-capture-menu.png
 	wsug_graphics/ws-capture-options.png
+	wsug_graphics/ws-capture-options-output.png
+	wsug_graphics/ws-capture-options-options.png
 	wsug_graphics/ws-capture-options-compile-selected-bpfs.png
-	wsug_graphics/ws-capture-options-manage-interfaces-local.png
-	wsug_graphics/ws-capture-options-manage-interfaces-pipes.png
-	wsug_graphics/ws-capture-options-manage-interfaces-remote-plus.png
-	wsug_graphics/ws-capture-options-manage-interfaces-remote.png
-	wsug_graphics/ws-capture-options-manage-interfaces.png
 	wsug_graphics/ws-capture-options-output.png
-	wsug_graphics/ws-capture-options-remote-capture.png
-	wsug_graphics/ws-capture-options-remote-interface.png
-	wsug_graphics/ws-capture-options-remote-settings.png
-	wsug_graphics/ws-capture-options-settings.png
-	wsug_graphics/ws-capture-preferences.png
 	wsug_graphics/ws-choose-color-rule.png
 	wsug_graphics/ws-coloring-fields.png
 	wsug_graphics/ws-coloring-rules-dialog.png
@@ -172,6 +164,7 @@ set(WSUG_GRAPHICS
 	wsug_graphics/ws-list-pane.png
 	wsug_graphics/ws-main-toolbar.png
 	wsug_graphics/ws-main.png
+	wsug_graphics/ws-manage-interfaces.png
 	wsug_graphics/ws-mate-analysis.png
 	wsug_graphics/ws-mate-dns_pane.png
 	wsug_graphics/ws-mate-dns_pdu.png
diff --git a/docbook/wsug_graphics/ws-capture-interface-details.png b/docbook/wsug_graphics/ws-capture-interface-details.png
deleted file mode 100644
index f313b9639e..0000000000
--- a/docbook/wsug_graphics/ws-capture-interface-details.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-interfaces-main-macos.png b/docbook/wsug_graphics/ws-capture-interfaces-main-macos.png
new file mode 100644
index 0000000000..38698864cf
--- /dev/null
+++ b/docbook/wsug_graphics/ws-capture-interfaces-main-macos.png
diff --git a/docbook/wsug_graphics/ws-capture-interfaces-main-win32.png b/docbook/wsug_graphics/ws-capture-interfaces-main-win32.png
new file mode 100755
index 0000000000..a50b64e836
--- /dev/null
+++ b/docbook/wsug_graphics/ws-capture-interfaces-main-win32.png
diff --git a/docbook/wsug_graphics/ws-capture-interfaces-win32.png b/docbook/wsug_graphics/ws-capture-interfaces-win32.png
deleted file mode 100644
index c665108960..0000000000
--- a/docbook/wsug_graphics/ws-capture-interfaces-win32.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-interfaces.png b/docbook/wsug_graphics/ws-capture-interfaces.png
deleted file mode 100644
index 433f6858c3..0000000000
--- a/docbook/wsug_graphics/ws-capture-interfaces.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-compile-selected-bpfs.png b/docbook/wsug_graphics/ws-capture-options-compile-selected-bpfs.png
index 9b6390127f..14501e0e3f 100644
--- a/docbook/wsug_graphics/ws-capture-options-compile-selected-bpfs.png
+++ b/docbook/wsug_graphics/ws-capture-options-compile-selected-bpfs.png
diff --git a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-local.png b/docbook/wsug_graphics/ws-capture-options-manage-interfaces-local.png
deleted file mode 100644
index c446a8183f..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-local.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-pipes.png b/docbook/wsug_graphics/ws-capture-options-manage-interfaces-pipes.png
deleted file mode 100644
index 8f62c26d9c..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-pipes.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-remote-plus.png b/docbook/wsug_graphics/ws-capture-options-manage-interfaces-remote-plus.png
deleted file mode 100644
index 90540df578..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-remote-plus.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-remote.png b/docbook/wsug_graphics/ws-capture-options-manage-interfaces-remote.png
deleted file mode 100644
index fd4d148ac5..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-manage-interfaces-remote.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-manage-interfaces.png b/docbook/wsug_graphics/ws-capture-options-manage-interfaces.png
deleted file mode 100644
index cfd1137d92..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-manage-interfaces.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-options.png b/docbook/wsug_graphics/ws-capture-options-options.png
new file mode 100755
index 0000000000..3bcc664d4d
--- /dev/null
+++ b/docbook/wsug_graphics/ws-capture-options-options.png
diff --git a/docbook/wsug_graphics/ws-capture-options-output.png b/docbook/wsug_graphics/ws-capture-options-output.png
index 9cc6b82266..aadc83eb85 100644
--- a/docbook/wsug_graphics/ws-capture-options-output.png
+++ b/docbook/wsug_graphics/ws-capture-options-output.png
diff --git a/docbook/wsug_graphics/ws-capture-options-remote-capture.png b/docbook/wsug_graphics/ws-capture-options-remote-capture.png
deleted file mode 100644
index f81c50a2fc..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-remote-capture.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-remote-interface.png b/docbook/wsug_graphics/ws-capture-options-remote-interface.png
deleted file mode 100644
index 718e1031ff..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-remote-interface.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-remote-settings.png b/docbook/wsug_graphics/ws-capture-options-remote-settings.png
deleted file mode 100644
index 77c30b452a..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-remote-settings.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options-settings.png b/docbook/wsug_graphics/ws-capture-options-settings.png
deleted file mode 100644
index 1bbb0ff909..0000000000
--- a/docbook/wsug_graphics/ws-capture-options-settings.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-capture-options.png b/docbook/wsug_graphics/ws-capture-options.png
index 714c6318f2..a775ced77b 100644
--- a/docbook/wsug_graphics/ws-capture-options.png
+++ b/docbook/wsug_graphics/ws-capture-options.png
diff --git a/docbook/wsug_graphics/ws-capture-preferences.png b/docbook/wsug_graphics/ws-capture-preferences.png
deleted file mode 100644
index 238c203a38..0000000000
--- a/docbook/wsug_graphics/ws-capture-preferences.png
+++ /dev/null
diff --git a/docbook/wsug_graphics/ws-manage-interfaces.png b/docbook/wsug_graphics/ws-manage-interfaces.png
new file mode 100755
index 0000000000..ff37aa28d1
--- /dev/null
+++ b/docbook/wsug_graphics/ws-manage-interfaces.png
diff --git a/docbook/wsug_src/WSUG_chapter_capture.adoc b/docbook/wsug_src/WSUG_chapter_capture.adoc
index ea27d1fd0f..3eba2ea634 100644
--- a/docbook/wsug_src/WSUG_chapter_capture.adoc
+++ b/docbook/wsug_src/WSUG_chapter_capture.adoc
@@ -14,6 +14,8 @@ The Wireshark capture engine provides the following features:
 
 * Capture from different kinds of network hardware such as Ethernet or 802.11.
 
+* Simultaneously capture from multiple network interfaces.
+
 * Stop the capture on different triggers such as the amount of captured data,
   elapsed time, or the number of packets.
 
@@ -26,8 +28,6 @@ The Wireshark capture engine provides the following features:
   rotating through a fixed number of files (a “ringbuffer”). See
   <<ChCapCaptureFiles>>.
 
-* Simultaneously capture from multiple network interfaces.
-
 The capture engine still lacks the following features:
 
 * Stop capturing (or perform some other action) depending on the captured data.
@@ -58,187 +58,113 @@ look at the guide mentioned above.
 
 The following methods can be used to start capturing packets with Wireshark:
 
-* You can double-click on an interface in the main window.
+* You can double-click on an interface in the <<ChCapInterfaceSection,welcome screen>>.
 
-* You can get an overview of the available interfaces using the “Capture
-  Interfaces” dialog box (menu:Capture[Options...]). See
-  <<ChCapCaptureInterfacesDialogWin32>> or <<ChCapCaptureInterfacesDialog>> for
-  more information. You can start a capture from this dialog box using the
-  btn:[Start] button.
+* You can select an interface in the <<ChCapInterfaceSection,welcome screen>>, then select menu:Capture[Start] or click the first toolbar button.
 
-* You can immediately start a capture using your current settings by selecting
-  menu:Capture[Start] or by clicking the first toolbar button.
+* You can get more detailed information about available interfaces using <<ChCapCaptureOptions>> (menu:Capture[Options...]).
 
-* If you already know the name of the capture interface you can start Wireshark
-  from the command line:
+* If you already know the name of the capture interface you can start Wireshark from the command line:
 --
 ----
 $ wireshark -i eth0 -k
 ----
 --
-This will start Wireshark capturing on interface eth0. More details can be found
-at <<ChCustCommandLine>>.
+This will start Wireshark capturing on interface `eth0`. More details can be found at <<ChCustCommandLine>>.
 
 [[ChCapInterfaceSection]]
 
-=== The “Capture Interfaces” dialog box
-
-When you select menu:Capture[Options...] from the main menu Wireshark pops up
-the “Capture Interfaces” dialog box as shown in
-<<ChCapCaptureInterfacesDialogWin32>> or <<ChCapCaptureInterfacesDialog>>.
-
-// XXX Not sure this is the case any more
-//[WARNING]
-//.This dialog consumes lots of system resources
-//====
-//As the “Capture Interfaces” dialog is showing live captured data, it is
-//consuming a lot of system resources. Close this dialog as soon as possible to
-//prevent excessive system load.
-//====
-
-[NOTE]
-.Both you and your OS can hide interfaces
-====
-This dialog box will only show the local interfaces Wireshark can access. It
-will also hide interfaces marked as hidden in <<ChCustInterfaceOptionsSection>>.
-As Wireshark might not be able to detect all local interfaces and it cannot
-detect the remote interfaces available there could be more capture interfaces
-available than listed.
-====
-
-It is possible to select more than one interface and capture from them
-simultaneously.
-
-[[ChCapCaptureInterfacesDialogWin32]]
-
-.The “Capture Interfaces” dialog box on Microsoft Windows
-image::wsug_graphics/ws-capture-interfaces-win32.png[{screenshot-attrs}]
-
-[[ChCapCaptureInterfacesDialog]]
-
-.The “Capture Interfaces” dialog box on Unix/Linux
-image::wsug_graphics/ws-capture-interfaces.png[{screenshot-attrs}]
-
-_Device (Unix/Linux only)_::
-The interface device name.
-
-_Description_::
-The interface description provided by the operating system, or the user defined
-comment added in <<ChCustInterfaceOptionsSection>>.
+=== The “Capture” Section Of The Welcome Screen
 
-_IP_::
-The first IP address Wireshark could find for this interface. You can click on
-the address to cycle through other addresses assigned to it, if available. If no
-address could be found “none” will be displayed.
+When you open Wireshark without starting a capture or opening a capture file it will display the “Welcome Screen,” which lists any recently opened capture files and available capture interfaces.
+Network activity for each interface will be shown in a sparkline next to the interface name.
+It is possible to select more than one interface and capture from them simultaneously.
 
+[[ChCapCaptureInterfacesMainWin32]]
 
-_Packets_::
-The number of packets captured from this interface, since this dialog was
-opened. Will be greyed out, if no packet was captured in the last second.
+.Capture interfaces on Microsoft Windows
+image::wsug_graphics/ws-capture-interfaces-main-win32.png[{screenshot-attrs}]
 
-_Packets/s_::
-Number of packets captured in the last second. Will be greyed out, if no packet
-was captured in the last second.
+[[ChCapCaptureInterfacesMainMacos]]
 
-_Stop_::
-Stop a currently running capture.
+.Capture interfaces on macOS
+image::wsug_graphics/ws-capture-interfaces-main-macos.png[{screenshot-attrs}]
 
-_Start_::
-Start a capture on all selected interfaces immediately, using the settings from
-the last capture or the default settings, if no options have been set.
+Some interfaces allow or require configuration prior to capture.
+This will be indicated by a configuration icon
+(image:wsug_graphics/toolbar/x-capture-options.png[height=16,width=16])
+to the left of the interface name.
+Clicking on the icon will show the configuration dialog for that interface.
 
-_Options_::
-Open the Capture Options dialog with the marked interfaces selected. See
-<<ChCapCaptureOptions>>.
+Hovering over an interface will show any associated IPv4 and IPv6 addresses and its capture filter.
 
-_Details (Microsoft Windows only)_::
-Open a dialog with detailed information about the interface. See
-<<ChCapInterfaceDetailsSection>>.
-
-_Help_::
-Show this help page.
-
-_Close_::
-Close this dialog box.
+Wireshark isn't limited to just network interfaces -- on most systems you can also capture USB, Bluetooth, and other types of packets.
+Note also that an interface might be hidden if it’s inaccessible to Wireshark or if it has been hidden as described in <<ChManageInterfacesSection>>.
 
 [[ChCapCaptureOptions]]
 
-=== The “Capture Options” dialog box
+=== The “Capture Options” Dialog Box
 
 When you select menu:Capture[Options...] (or use the corresponding item in the
 main toolbar), Wireshark pops up the “Capture Options” dialog box as shown in
 <<ChCapCaptureOptionsDialog>>.
+If you are unsure which options to choose in this dialog box, leaving the defaults settings as they are should work well in many cases.
 
 [[ChCapCaptureOptionsDialog]]
-.The “Capture Options” dialog box
+.The “Capture Options” input tab
 image::wsug_graphics/ws-capture-options.png[{screenshot-attrs}]
 
-[TIP]
-====
-If you are unsure which options to choose in this dialog box just try keeping
-the defaults as this should work well in many cases.
-====
+The “Input” tab contains the the “Interface” table, which shows the following columns:
 
-==== Capture frame
+Interface::
+The interface name.
 
-The table shows the settings for all available interfaces:
+Traffic::
+A sparkline showing network activity over time.
 
-* The name of the interface and its IP addresses. If no address could be
-  resolved from the system, “none” will be shown.
---
-[NOTE]
-====
-Loopback interfaces are not available on Windows platforms.
-====
---
+Link-layer Header::
+The type of packet captured by this interface.
+In some cases it is possible to change this.
+See <<ChCapLinkLayerHeader>> for more details.
 
-* The link-layer header type.
+Promiscuous::
+Lets you put this interface in promiscuous mode while capturing.
+Note that another application might override this setting.
 
-* The information whether promicuous mode is enabled or disabled.
+Snaplen::
+The snapshot length, or the number of bytes to capture for each packet.
+You can set an explicit length if needed, e.g. for performance or privacy reasons.
 
-* The maximum amount of data that will be captured for each packet. The default
-  value is set to the 262144 bytes.
+Buffer::
+The size of the kernel buffer that is reserved for capturing packets.
+You can increase or decrease this as needed, but the default is usually sufficient.
 
-* The size of the kernel buffer that is reserved to keep the captured packets.
+Monitor Mode::
+Lets you capture full, raw 802.11 headers.
+Support depends on the interface type, hardware, driver, and OS.
+Note that enabling this might disconnect you from your wireless network.
 
-* The information whether packets will be captured in monitor mode (Unix/Linux
-  only).
+Capture Filter::
+The capture filter applied to this interface.
+You can edit the filter by double-clicking on it.
+See <<ChCapCaptureFilterSection>> for more details about capture filters.
 
-* The chosen capture filter.
+Hovering over an interface or expanding it will show any associated IPv4 and IPv6 addresses.
 
-By marking the checkboxes in the first column the interfaces are selected to be
-captured from. By double-clicking on an interface the “Edit Interface Settings”
-dialog box as shown in <<ChCapEditInterfacesSettingsDialog>> will be opened.
+If “Enable promiscuous mode on all interfaces” is enabled, the individual promiscuous mode settings above will be overridden.
 
-_Capture on all interfaces_::
-As Wireshark can capture on multiple interfaces it is possible to choose to
-capture on all available interfaces.
+“Capture filter for selected interfaces” can be used to set a filter for more than one interface at the same time.
 
-_Capture all packets in promiscuous mode_::
-This checkbox allows you to specify that Wireshark should put all interfaces in
-promiscuous mode when capturing.
+btn:[Manage Interfaces] opens the <<ChCapManageInterfacesDialog>> where pipes can be defined, local interfaces scanned or hidden, or remote interfaces added.
 
-_Capture Filter_::
-This field allows you to specify a capture filter for all interfaces that are
-currently selected. Once a filter has been entered in this field, the newly
-selected interfaces will inherit the filter. Capture filters are discussed in
-more details in <<ChCapCaptureFilterSection>>. It defaults to empty, or no
-filter.
-+
-You can also click on the btn:[Capture Filter] button and Wireshark will
-bring up the Capture Filters dialog box and allow you to create and/or select a
-filter. Please see <<ChWorkDefineFilterSection>>
+btn:[Compile Selected BPFs] opens <<ChCapCompiledFilterOutputDialog>>, which shows you the compiled bytecode for your capture filter.
+This can help to better understand the capture filter you created.
 
-_Compile selected BPFs_::
-This button allows you to compile the capture filter into BPF code and pop up a
-window showing you the resulting pseudo code. This can help in understanding the
-working of the capture filter you created. The btn:[Compile Selected BPFs] button
-leads you to <<ChCapCompileSelectedBpfsDialog>>.
 
 [TIP]
-Linux power user tip
+.Linux power user tip
 ====
-The execution of BPFs can be sped up on Linux by turning on BPF JIT by executing
+The execution of BPFs can be sped up on Linux by turning on BPF Just In Time compilation by executing
 
 ----
 $ echo 1 >/proc/sys/net/core/bpf_jit_enable
@@ -248,393 +174,270 @@ if it is not enabled already. To make the change persistent you can use
 link:{sysfs-main-url}[sysfsutils].
 ====
 
-_Manage Interfaces_::
-The btn:[Manage Interfaces] button opens the <<ChCapManageInterfacesDialog>>
-where pipes can be defined, local interfaces scanned or hidden, or remote
-interfaces added (Windows only).
-
-==== Capture File(s) frame
-
-An explanation about capture file usage can be found in <<ChCapCaptureFiles>>.
-
-_File_::
-This field allows you to specify the file name that will be used for the capture
-file. This field is left blank by default. If the field is left blank, the
-capture data will be stored in a temporary file. See <<ChCapCaptureFiles>> for
-details.
-+
-You can also click on the button to the right of this field to browse through
-the filesystem.
-
-_Use multiple files_::
-Instead of using a single file Wireshark will automatically switch to a new
-one if a specific trigger condition is reached.
-
-_Use pcapng format_:: This checkbox allows you to specify that
-Wireshark saves the captured packets in pcapng format. This next
-generation capture file format is currently in development. If more than
-one interface is chosen for capturing, this checkbox is set by default.
-See {wireshark-wiki-url}Development/PcapNg for more details on
-pcapng.
-
-_Next file every n megabyte(s)_::
-Multiple files only. Switch to the next file after the given number of
-byte(s)/kilobyte(s)/megabyte(s)/gigabyte(s) have been captured.
-
-_Next file every n minute(s)_::
-Multiple files only: Switch to the next file after the given number of
-second(s)/minutes(s)/hours(s)/days(s) have elapsed.
-
-_Ring buffer with n files_::
-Multiple files only: Form a ring buffer of the capture files with the given
-number of files.
-
-_Stop capture after n file(s)_::
-Multiple files only: Stop capturing after switching to the next file the given
-number of times.
-
-==== Stop Capture... frame
-
-_... after n packet(s)_::
-Stop capturing after the given number of packets have been captured.
-
-_... after n megabytes(s)_::
-Stop capturing after the given number of
-byte(s)/kilobyte(s)/megabyte(s)/gigabyte(s) have been captured. This option is
-greyed out if “Use multiple files” is selected.
-
-_... after n minute(s)_::
-Stop capturing after the given number of second(s)/minutes(s)/hours(s)/days(s)
-have elapsed.
-
-==== Display Options frame
-
-_Update list of packets in real time_::
-This option allows you to specify that Wireshark should update the packet list
-pane in real time. If you do not specify this, Wireshark does not display any
-packets until you stop the capture. When you check this, Wireshark captures in a
-separate process and feeds the captures to the display process.
-
-_Automatic scrolling in live capture_::
-This option allows you to specify that Wireshark should scroll the packet list
-pane as new packets come in, so you are always looking at the last packet. If
-you do not specify this Wireshark simply adds new packets onto the end of the
-list but does not scroll the packet list pane. This option is greyed out if
-“Update list of packets in real time” is disabled.
-
-// XXX ChCapRunningSection currently disabled
-//_Hide capture info dialog_::
-//If this option is checked, the capture info dialog described in  <<ChCapRunningSection>> will be hidden.
-
-==== Name Resolution frame
+.The “Capture Options” output tab
+image::wsug_graphics/ws-capture-options-output.png[{screenshot-attrs}]
 
-_Enable MAC name resolution_::
-This option allows you to control whether or not Wireshark translates MAC
-addresses into names. See <<ChAdvNameResolutionSection>>.
+The “Output” tab shows the following information:
 
-_Enable network name resolution_::
-This option allows you to control whether or not Wireshark translates network
-addresses into names. See <<ChAdvNameResolutionSection>>.
+Capture to a permanent file::
 
-_Enable transport name resolution_::
-This option allows you to control whether or not Wireshark translates transport
-addresses into protocols. See <<ChAdvNameResolutionSection>>.
+File:::
+This field allows you to specify the file name that will be used for the capture file.
+It is left blank by default.
+If left blank, the capture data will be stored in a temporary file.
+See <<ChCapCaptureFiles>> for details.
+You can also click on the button to the right of this field to browse through the filesystem.
 
-==== Buttons
+Output format:::
+Allows you to set the format of the capture file.
+pcapng is the default and is more flexible than pcap.
+pcapng might be required, e.g. if more than one interface is chosen for capturing.
+See {wireshark-wiki-url}Development/PcapNg for more details on pcapng.
 
-Once you have set the values you desire and have selected the options you need,
-simply click on btn:[Start] to commence the capture or btn:[Cancel] to
-cancel the capture.
+Create a new file automatically...::
+Sets the conditions for switching a new capture file.
+A new capture file can be created based on the following conditions:
+  * The number of packets in the capture file.
+  * The size of the capture file.
+  * The duration of the capture file.
+  * The wall clock time.
 
-// XXX ChCapRunningSection currently disabled
-//If you start a capture, Wireshark allows you to stop capturing when you have
-//enough packets captured, for details see <<ChCapRunningSection>>.
+Use a ring buffer with::
+Multiple files only.
+Form a ring buffer of the capture files with the given number of files.
 
-[[ChCapEditInterfaceSettingsSection]]
+More details about capture files can be found in <<ChCapCaptureFiles>>.
 
-=== The “Edit Interface Settings” dialog box
+.The “Capture Options” options tab
+image::wsug_graphics/ws-capture-options-options.png[{screenshot-attrs}]
 
-If you double-click on an interface in <<ChCapCaptureOptionsDialog>> the following dialog box pops up.
+The “Options” tab shows the following information:
 
-[[ChCapEditInterfacesSettingsDialog]]
-.The “Edit Interface Settings” dialog box
-image::wsug_graphics/ws-capture-options-settings.png[{screenshot-attrs}]
+Display Options::
 
-You can set the following fields in this dialog box:
+Update list of packets in real-time:::
+Updates the packet list pane in real time during capture.
+If you do not enable this, Wireshark will not display any packets until you stop the capture.
+When you check this, Wireshark captures in a separate process and feeds the captures to the display process.
 
-_IP address_::
-The IP address(es) of the selected interface. If no address could be resolved
-from the system “none” will be shown.
+Automatically scroll during live capture:::
+Scroll the packet list pane as new packets come in, so you are always looking at the most recent packet.
+If you do not specify this Wireshark adds new packets to the packet list but does not scroll the packet list pane.
+This option is greyed out if “Update list of packets in real-time” is disabled.
 
-_Link-layer header type_::
-Unless you are in the rare situation that requires this keep the default setting.
-For a detailed description. See <<ChCapLinkLayerHeader>>
+Show capture information during capture:::
+If this option is enabled, the capture information dialog described in  <<ChCapRunningSection>> will be shown while packets are captured.
 
-_Wireless settings (Windows only)_::
-Here you can set the settings for wireless capture using the AirPCap adapter.
-For a detailed description see the AirPCap Users Guide.
+Name Resolution::
 
-_Remote settings (Windows only)_::
-Here you can set the settings for remote capture. For a detailed description
-see <<ChCapInterfaceRemoteSection>>
+Resolve MAC addresses:::
+Translate MAC addresses into names.
 
-_Capture packets in promiscuous mode_::
-This checkbox allows you to specify that Wireshark should put the interface in
-promiscuous mode when capturing. If you do not specify this Wireshark will only
-capture the packets going to or from your computer (not all packets on your LAN
-segment).
+Resolve network names:::
+Translate network addresses into names.
 
-[NOTE]
-====
-If some other process has put the interface in promiscuous mode you may be
-capturing in promiscuous mode even if you turn off this option.
+Resolve transport names:::
+Translate transport names (port numbers).
 
-Even in promiscuous mode you still won’t necessarily see all packets on your LAN
-segment. See link:{wireshark-faq-url}#promiscsniff[the Wireshark FAQ] for more information.
-====
+See <<ChAdvNameResolutionSection>> for more details on each of these options.
 
-_Limit each packet to n bytes_::
-This field allows you to specify the maximum amount of data that will be
-captured for each packet, and is sometimes referred to as the _snaplen_. If
-disabled the value is set to the maximum 65535 which will be sufficient for
-most protocols. Some rules of thumb:
+Stop capture automatically after...::
 
-* If you are unsure, keep the default value.
+Capturing can be stopped based on the following conditions:
 
-* If you don’t need or don’t want all of the data in a packet - for example, if
-  you only need the link-layer, IP, and TCP headers - you might want to choose a
-  small snapshot length, as less CPU time is required for copying packets, less
-  buffer space is required for packets, and thus perhaps fewer packets will be
-  dropped if traffic is very heavy.
+* The number of packets in the capture file.
+* The number of capture files.
+* The capture file size.
+* The capture file duration.
 
-* If you don’t capture all of the data in a packet you might find that the
-  packet data you want is in the part that’s dropped or that reassembly isn’t
-  possible as the data required for reassembly is missing.
+You can click btn:[Start] from any tab to commence the capture or btn:[Cancel] to apply your changes and close the dialog.
 
-_Buffer size: n megabyte(s)_::
-Enter the buffer size to be used while capturing. This is the size of the kernel
-buffer which will keep the captured packets, until they are written to disk. If
-you encounter packet drops, try increasing this value.
+[[ChManageInterfacesSection]]
 
-_Capture packets in monitor mode (Unix/Linux only)_::
-This checkbox allows you to setup the Wireless interface to capture all traffic
-it can receive, not just the traffic on the BSS to which it is associated, which
-can happen even when you set promiscuous mode. Also it might be necessary to
-turn this option on in order to see IEEE 802.11 headers and/or radio information
-from the captured frames.
+=== The “Manage Interfaces” Dialog Box
 
-[NOTE]
-====
-In monitor mode the adapter might disassociate itself from the network it was
-associated to.
-====
+[[ChCapManageInterfacesDialog]]
+.The “Manage Interfaces” dialog box
+image::wsug_graphics/ws-manage-interfaces.png[{screenshot-attrs}]
 
-_Capture Filter_::
-This field allows you to specify a capture filter. Capture filters can be
-used to limit which packets are captured from the interface(s).
-Capture filters are discussed
-in more details in <<ChCapCaptureFilterSection>>. It defaults to empty, or no
-filter.
-+
-You can also click on the btn:[Capture Filter] button and Wireshark will
-bring up the “Capture Filters” dialog box and allow you to create and/or
-select a filter. Please see <<ChWorkDefineFilterSection>>
+The “Manage Interfaces” dialog box initially shows the “Local Interfaces” tab, which lets you manage the following:
 
-_Compile BPF_::
-This button allows you to compile the capture filter into BPF code and pop up a
-window showing you the resulting pseudo code. This can help in understanding the
-working of the capture filter you created.
+Show::
+Whether or not to show or hide this interface in the welcome screen and the “Capture Options” dialog.
 
-[[ChCapCompileSelectedBpfsSection]]
+Friendly Name::
+A name for the interface that is human readable.
 
-=== The “Compile Results” dialog box
+Interface Name::
+The device name of the interface.
 
-This figure shows the compile results of the selected interfaces.
+Comment::
+Can be used to add a descriptive comment for the interface.
 
-[[ChCapCompileSelectedBpfsDialog]]
-.The “Compile Results” dialog box
-image::wsug_graphics/ws-capture-options-compile-selected-bpfs.png[{screenshot-attrs}]
+// [[ChCapManageInterfacesPipesDialog]]
 
-In the left window the interface names are listed. The results of an individual
-interface are shown in the right window when it is selected.
+// .The “Pipes” tab
+// image::wsug_graphics/ws-capture-options-manage-interfaces-pipes.png[{screenshot-attrs}]
 
-[[ChCapManageInterfacesSection]]
+The “Pipes” tab lets you capture from a named pipe.
+To successfully add a pipe, its associated named pipe must have already been created.
+Click btn:[{plus}] and type the name of the pipe including its path.
+Alternatively, btn:[Browse] can be used to locate the pipe.
 
-=== The “Add New Interfaces” dialog box
+To remove a pipe from the list of interfaces, select it and press btn:[-].
 
-As a central point to manage interfaces this dialog box consists of three tabs
-to add or remove interfaces.
+// [[ChCapManageInterfacesDialog]]
 
-[[ChCapManageInterfacesDialog]]
-.The “Add New Interfaces” dialog box
-image::wsug_graphics/ws-capture-options-manage-interfaces.png[{screenshot-attrs}]
+// === The “Add New Interfaces” dialog box
 
-==== Add or remove pipes
+// As a central point to manage interfaces this dialog box consists of three tabs
+// to add or remove interfaces.
 
-[[ChCapManageInterfacesPipesDialog]]
-.The “Add New Interfaces - Pipes” dialog box
-image::wsug_graphics/ws-capture-options-manage-interfaces-pipes.png[{screenshot-attrs}]
+// .The “Add New Interfaces” dialog box
+// image::wsug_graphics/ws-capture-options-manage-interfaces.png[{screenshot-attrs}]
 
-To successfully add a pipe, this pipe must have already been created. Click the
-btn:[New] button and type the name of the pipe including its path.
-Alternatively, the btn:[Browse] button can be used to locate the pipe. With
-the btn:[Save] button the pipe is added to the list of available interfaces.
-Afterwards, other pipes can be added.
+// ==== Add or hide local interfaces
 
-To remove a pipe from the list of interfaces it first has to be selected. Then
-click the btn:[Delete] button.
+// [[ChCapManageInterfacesLocalDialog]]
+// .The “Add New Interfaces - Local Interfaces” dialog box
+// image::wsug_graphics/ws-capture-options-manage-interfaces-local.png[{screenshot-attrs}]
 
-==== Add or hide local interfaces
+// The tab “Local Interfaces” contains a list of available local interfaces,
+// including the hidden ones, which are not shown in the other lists.
 
-[[ChCapManageInterfacesLocalDialog]]
-.The “Add New Interfaces - Local Interfaces” dialog box
-image::wsug_graphics/ws-capture-options-manage-interfaces-local.png[{screenshot-attrs}]
+// If a new local interface is added, for example, a wireless interface has been
+// activated, it is not automatically added to the list to prevent the constant
+// scanning for a change in the list of available interfaces. To renew the list a
+// rescan can be done.
 
-The tab “Local Interfaces” contains a list of available local interfaces,
-including the hidden ones, which are not shown in the other lists.
+// One way to hide an interface is to change the preferences. If the “Hide”
+// checkbox is activated and the btn:[Apply] button clicked, the interface will
+// not be seen in the lists of the “Capture Interfaces” dialog box any more. The
+// changes are also saved in the `preferences` file.
 
-If a new local interface is added, for example, a wireless interface has been
-activated, it is not automatically added to the list to prevent the constant
-scanning for a change in the list of available interfaces. To renew the list a
-rescan can be done.
+// ==== Add or hide remote interfaces
 
-One way to hide an interface is to change the preferences. If the “Hide”
-checkbox is activated and the btn:[Apply] button clicked, the interface will
-not be seen in the lists of the “Capture Interfaces” dialog box any more. The
-changes are also saved in the `preferences` file.
+// [[ChCapManageInterfacesRemoteDialog]]
+// .The “Add New Interfaces - Remote Interfaces” dialog box
+// image::wsug_graphics/ws-capture-options-manage-interfaces-remote.png[{screenshot-attrs}]
 
-==== Add or hide remote interfaces
+On Microsoft Windows, the “Remote Interfaces” tab lets you capture from an interface on a different machine.
+The Remote Packet Capture Protocol service must first be running on the target platform before Wireshark can connect to it.
+The easiest way is to install Npcap from {npcap-download-url} on the target.
+Once installation is completed go to the Services control panel, find the Remote Packet Capture Protocol service and start it.
 
-[[ChCapManageInterfacesRemoteDialog]]
-.The “Add New Interfaces - Remote Interfaces” dialog box
-image::wsug_graphics/ws-capture-options-manage-interfaces-remote.png[{screenshot-attrs}]
+On Linux or Unix you can capture (and do so more securely) through an SSH tunnel.
 
-In this tab interfaces on remote hosts can be added. One or more of these
-interfaces can be hidden. In contrast to the local interfaces they are not saved
-in the `preferences` file.
+To add a new remore capture interface, click btn:[{plus}] and specify the following:
 
-To remove a host including all its interfaces from the list, it has to be
-selected. Then click the btn:[Delete] button.
+Host::
+The IP address or host name of the target platform where the Remote Packet Capture Protocol service is listening.
+The drop down list contains the hosts that have previously been successfully contacted.
+The list can be emptied by choosing “Clear list” from the drop down list.
 
-For a detailed description see <<ChCapInterfaceRemoteSection>>
+Port::
+Set the port number where the Remote Packet Capture Protocol service is listening on.
+Leave blank to use the default port (2002).
 
-[[ChCapInterfaceRemoteSection]]
+Null authentication::
+Select this if you don’t need authentication to take place for a remote capture to be started.
+This depends on the target platform.
+This is exactly as secure as it appears, i.e. it is not secure at all.
 
-=== The “Remote Capture Interfaces” dialog box
+Password authentication::
+Lets you specify the username and password required to connect to the Remote Packet Capture Protocol service.
 
-Besides doing capture on local interfaces Wireshark is capable of reaching out
-across the network to a so called capture daemon or service processes to receive
-captured data from.
+Each interface can optionally be hidden.
+In contrast to the local interfaces they are not saved in the `preferences` file.
 
 [NOTE]
-.Microsoft Windows only
 ====
-This dialog and capability is only available on Microsoft Windows. On Linux/Unix
-you can achieve the same effect (securely) through an SSH tunnel.
+Make sure you have outside access to port 2002 on the target platform.
+This is the default port used by the Remote Packet Capture Protocol service.
 ====
 
-The Remote Packet Capture Protocol service must first be running on the
-target platform before Wireshark can connect to it. The easiest way is
-to install Npcap from {npcap-download-url} on the target. Once
-installation is completed go to the Services control panel, find the
-Remote Packet Capture Protocol service and start it.
+To remove a host including all its interfaces from the list, select it and click the btn:[-] button.
 
-[NOTE]
-====
-Make sure you have outside access to port 2002 on the target platform. This is
-the port where the Remote Packet Capture Protocol service can be reached by
-default.
-====
+// To access the Remote Capture Interfaces dialog use the “Remote Interfaces” tab of the “Manage Interfaces” dialog. See <<ChCapManageInterfacesRemoteDialog>> and select btn:[Add].
 
-To access the Remote Capture Interfaces dialog use the “Add New Interfaces -
-Remote” dialog. See <<ChCapManageInterfacesRemoteDialog>> and select btn:[Add].
+// [[ChCapInterfaceRemoteDialog]]
+// .The “Remote Capture Interfaces” dialog box
+// image::wsug_graphics/ws-capture-options-manage-interfaces-remote-plus.png[{screenshot-attrs}]
 
-==== Remote Capture Interfaces
 
-[[ChCapInterfaceRemoteDialog]]
-.The “Remote Capture Interfaces” dialog box
-image::wsug_graphics/ws-capture-options-manage-interfaces-remote-plus.png[{screenshot-attrs}]
+// ==== Remote Capture Settings
 
-You have to set the following parameters in this dialog:
+// The remote capture can be further fine tuned to match your situation. The
+// btn:[Remote Interfaces] button in <<ChCapManageInterfacesDialog>> gives
+// you this option. It pops up the dialog shown in
+// <<ChCapInterfaceRemoteSettingsDialog>>.
 
-_Host_::
-Enter the IP address or host name of the target platform where the Remote Packet
-Capture Protocol service is listening. The drop down list contains the hosts
-that have previously been successfully contacted. The list can be emptied by
-choosing “Clear list” from the drop down list.
+// [[ChCapInterfaceRemoteSettingsDialog]]
+// .The “Remote Capture Settings” dialog box
+// image::wsug_graphics/ws-capture-options-remote-settings.png[{screenshot-attrs}]
 
-_Port_::
-Set the port number where the Remote Packet Capture Protocol service is
-listening on. Leave open to use the default port (2002).
+// You can set the following parameters in this dialog:
 
-_Null authentication_::
-Select this if you don’t need authentication to take place for a remote capture
-to be started. This depends on the target platform. Configuring the target
-platform like this makes it insecure.
+// _Do not capture own RPCAP traffic_::
+// This option sets a capture filter so that the traffic flowing back from the
+// Remote Packet Capture Protocol service to Wireshark isn’t captured as well and
+// also send back. The recursion in this saturates the link with duplicate traffic.
+// +
+// You only should switch this off when capturing on an interface other than the
+// interface connecting back to Wireshark.
 
-_Password authentication_::
-This is the normal way of connecting to a target platform. Set the credentials
-needed to connect to the Remote Packet Capture Protocol service.
+// _Use UDP for data transfer_::
+// Remote capture control and data flows over a TCP connection. This option allows
+// you to choose an UDP stream for data transfer.
 
-==== Remote Capture Settings
+// _Sampling option None_::
+// This option instructs the Remote Packet Capture Protocol service to send back
+// all captured packets which have passed the capture filter. This is usually not a
+// problem on a remote capture session with sufficient bandwidth.
 
-The remote capture can be further fine tuned to match your situation. The
-btn:[Remote Settings] button in <<ChCapEditInterfacesSettingsDialog>> gives
-you this option. It pops up the dialog shown in
-<<ChCapInterfaceRemoteSettingsDialog>>.
+// _Sampling option 1 of x packets_::
+// This option limits the Remote Packet Capture Protocol service to send only a sub
+// sampling of the captured data, in terms of number of packets. This allows
+// capture over a narrow band remote capture session of a higher bandwidth
+// interface.
 
-[[ChCapInterfaceRemoteSettingsDialog]]
-.The “Remote Capture Settings” dialog box
-image::wsug_graphics/ws-capture-options-remote-settings.png[{screenshot-attrs}]
 
-You can set the following parameters in this dialog:
+// _Sampling option 1 every x milliseconds_::
+// This option limits the Remote Packet Capture Protocol service to send only a sub
+// sampling of the captured data in terms of time. This allows capture over a
+// narrow band capture session of a higher bandwidth interface.
 
-_Do not capture own RPCAP traffic_::
-This option sets a capture filter so that the traffic flowing back from the
-Remote Packet Capture Protocol service to Wireshark isn’t captured as well and
-also send back. The recursion in this saturates the link with duplicate traffic.
-+
-You only should switch this off when capturing on an interface other than the
-interface connecting back to Wireshark.
+// [[ChCapInterfaceDetailsSection]]
 
-_Use UDP for data transfer_::
-Remote capture control and data flows over a TCP connection. This option allows
-you to choose an UDP stream for data transfer.
+// === The “Interface Details” dialog box
 
-_Sampling option None_::
-This option instructs the Remote Packet Capture Protocol service to send back
-all captured packets which have passed the capture filter. This is usually not a
-problem on a remote capture session with sufficient bandwidth.
+// When you select Details from the Capture Interface menu, Wireshark pops up the
+// “Interface Details” dialog box as shown in <<ChCapInterfaceDetailsDialog>>. This
+// dialog shows various characteristics and statistics for the selected interface.
 
-_Sampling option 1 of x packets_::
-This option limits the Remote Packet Capture Protocol service to send only a sub
-sampling of the captured data, in terms of number of packets. This allows
-capture over a narrow band remote capture session of a higher bandwidth
-interface.
+// [NOTE]
+// .Microsoft Windows only
+// ====
+// This dialog is only available on Microsoft Windows
+// ====
 
+// [[ChCapInterfaceDetailsDialog]]
+// .The “Interface Details” dialog box
+// image::wsug_graphics/ws-capture-interface-details.png[{screenshot-attrs}]
 
-_Sampling option 1 every x milliseconds_::
-This option limits the Remote Packet Capture Protocol service to send only a sub
-sampling of the captured data in terms of time. This allows capture over a
-narrow band capture session of a higher bandwidth interface.
+[[ChCapCompiledFilterOutputSection]]
 
-[[ChCapInterfaceDetailsSection]]
+=== The “Compiled Filter Output” Dialog Box
 
-=== The “Interface Details” dialog box
+This figure shows the results of compiling the BPF filter for the selected interfaces.
 
-When you select Details from the Capture Interface menu, Wireshark pops up the
-“Interface Details” dialog box as shown in <<ChCapInterfaceDetailsDialog>>. This
-dialog shows various characteristics and statistics for the selected interface.
+[[ChCapCompiledFilterOutputDialog]]
 
-[NOTE]
-.Microsoft Windows only
-====
-This dialog is only available on Microsoft Windows
-====
+.The “Compiled Filter Output” dialog box
+image::wsug_graphics/ws-capture-options-compile-selected-bpfs.png[{medium-screenshot-attrs}]
 
-[[ChCapInterfaceDetailsDialog]]
-.The “Interface Details” dialog box
-image::wsug_graphics/ws-capture-interface-details.png[{screenshot-attrs}]
+In the list on the left the interface names are listed.
+The results of compiling a filter for the selected interface are shown on the right.
 
 [[ChCapCaptureFiles]]
 
@@ -679,34 +482,32 @@ Information about the folders used for capture files can be found in
 [options="header",cols="2,2,2,3,5"]
 |===
 |File Name|“Create a new file...”|“Use a ring buffer...”|Mode|Resulting filename(s) used
-|-|-|-|_Single temporary file_|wiresharkXXXXXX (where XXXXXX is a unique number)
-|foo.cap|-|-|_Single named file_|foo.cap
-|foo.cap|x|-|_Multiple files, continuous_|foo_00001_20190714110102.cap, foo_00002_20190714110318.cap, ...
-|foo.cap|x|x|_Multiple files, ring buffer_|foo_00001_20190714110102.cap, foo_00002_20190714110318.cap, ...
+|-|-|-|Single temporary file|wiresharkXXXXXX (where XXXXXX is a unique number)
+|foo.cap|-|-|Single named file|foo.cap
+|foo.cap|x|-|Multiple files, continuous|foo_00001_20190714110102.cap, foo_00002_20190714110318.cap, ...
+|foo.cap|x|x|Multiple files, ring buffer|foo_00001_20190714110102.cap, foo_00002_20190714110318.cap, ...
 |===
 
-_Single temporary file_::
-  A temporary file will be created and used (this is the default). After capturing
-  is stopped this file can be saved later under a user specified name.
-
-_Single named file_::
-  A single capture file will be used. If you want to place the new capture file in
-  a specific folder choose this mode.
-
-_Multiple files, continuous_::
-  Like the “Single named file” mode, but a new file is created and used after
-  reaching one of the multiple file switch conditions (one of the “Next file every
-  ...” values).
-
-_Multiple files, ring buffer_::
-  Much like “Multiple files continuous”, reaching one of the multiple files switch
-  conditions (one of the “Next file every ...” values) will switch to the next
-  file. This will be a newly created file if value of “Ring buffer with n files”
-  is not reached, otherwise it will replace the oldest of the formerly used files
-  (thus forming a “ring”).
-  +
-  This mode will limit the maximum disk usage, even for an unlimited amount of
-  capture input data, only keeping the latest captured data.
+Single temporary file::
+A temporary file will be created and used (this is the default).
+After capturing is stopped this file can be saved later under a user specified name.
+
+Single named file::
+A single capture file will be used.
+If you want to place the new capture file in a specific folder choose this mode.
+
+Multiple files, continuous::
+Like the “Single named file” mode, but a new file is created and used after reaching one of the multiple file switch conditions (one of the “Next file every...” values).
+
+Multiple files, ring buffer::
+Much like “Multiple files continuous”, reaching one of the multiple files switch
+conditions (one of the “Next file every ...” values) will switch to the next
+file. This will be a newly created file if value of “Ring buffer with n files”
+is not reached, otherwise it will replace the oldest of the formerly used files
+(thus forming a “ring”).
++
+This mode will limit the maximum disk usage, even for an unlimited amount of
+capture input data, only keeping the latest captured data.
 
 [[ChCapLinkLayerHeader]]
 
@@ -795,19 +596,19 @@ are only interested in source or destination addresses. If these are not
 present, packets where the specified address appears as either the source or the
 destination address will be selected.
 
-_ether [src|dst] host <ehost>_::
+ether [src|dst] host <ehost>::
 This primitive allows you to filter on Ethernet host addresses. You can
 optionally include the keyword _src|dst_ between the keywords _ether_ and _host_
 to specify that you are only interested in source or destination addresses. If
 these are not present, packets where the specified address appears in either the
 source or destination address will be selected.
 
-_gateway host <host>_::
+gateway host <host>::
 This primitive allows you to filter on packets that used _host_ as a gateway.
 That is, where the Ethernet source or destination was _host_ but neither the
 source nor destination IP address was _host_.
 
-_[src|dst] net <net> [{mask <mask>}|{len <len>}]_::
+[src|dst] net <net> [{mask <mask>}|{len <len>}]::
 This primitive allows you to filter on network numbers. You can optionally
 precede this primitive with the keyword _src|dst_ to specify that you are only
 interested in a source or destination network. If neither of these are present,
@@ -816,7 +617,7 @@ destination address. In addition, you can specify either the netmask or the CIDR
 prefix for the network if they are different from your own.
 
 
-_[tcp|udp] [src|dst] port <port>_::
+[tcp|udp] [src|dst] port <port>::
 This primitive allows you to filter on TCP and UDP port numbers. You can
 optionally precede this primitive with the keywords _src|dst_ and _tcp|udp_
 which allow you to specify that you are only interested in source or destination
@@ -827,23 +628,22 @@ If these are not specified, packets will be selected for both the TCP and UDP
 protocols and when the specified address appears in either the source or
 destination port field.
 
-_less|greater <length>_::
+less|greater <length>::
 This primitive allows you to filter on packets whose length was less than or
 equal to the specified length, or greater than or equal to the specified length,
 respectively.
 
-_ip|ether proto <protocol>_::
+ip|ether proto <protocol>::
 This primitive allows you to filter on the specified protocol at either the
 Ethernet layer or the IP layer.
 
-_ether|ip broadcast|multicast_::
+ether|ip broadcast|multicast::
 This primitive allows you to filter on either Ethernet or IP broadcasts or
 multicasts.
 
-_<expr> relop <expr>_:: This primitive allows you to create
-complex filter expressions that select bytes or ranges of bytes in
-packets. Please see the pcap-filter man page at
-{pcap-filter-man-page-url} for more details.
+<expr> relop <expr>::
+This primitive allows you to create complex filter expressions that select bytes or ranges of bytes in packets.
+Please see the pcap-filter man page at {pcap-filter-man-page-url} for more details.
 
 
 [[ChCapCaptureAutoFilterSection]]