path: root/docbook/eug_src/EUG_chapter_customize.xml

<!-- EUG Chapter Customizing -->
<!-- $Id$ -->

<chapter id="ChapterCustomize">
  <title>Customizing Ethereal</title>
  
  <section id="ChCustIntroduction"><title>Introduction</title>
    <para>
	Ethereal's default behaviour will usually suit your needs pretty well.
	However, as you become more familiar with Ethereal, it can be customized 
	in various ways to suit your needs even better. In this chapter we explore:
	<itemizedlist>
	<listitem>
	  <para>
	    How to start Ethereal with command line parameters
	  </para>
	</listitem>
	<listitem>
	  <para>
	    How to colorize the packet list
	  </para>
	</listitem>
	<listitem>
	  <para>
	    How to control protocol dissection
	  </para>
	</listitem>
	<listitem>
	  <para>
	    How to use the various preference settings
	  </para>
	</listitem>
	</itemizedlist>    
	</para>
  </section>
	
  <section id="ChCustCommandLine"><title>Start Ethereal from the command line</title>
    <para>
      You can start <application>Ethereal</application> from the command 
      line, but it can also be started from most Window managers 
      as well. In this section we will look at starting it from the command 
      line.
    </para>
    <para>
      <application>Ethereal</application> supports a large number of 
      command line parameters. To see what they are, simply enter the 
      command <command> ethereal -h</command> and the help information 
      shown in <xref linkend="ChCustEx1"/> (or something similar) should be 
	  printed.
	<example id="ChCustEx1">
	  <title>Help information available from Ethereal</title>
	  <programlisting>
This is ethereal 0.10.13
 (C) 1998-2005 Gerald Combs &lt;gerald@wireshark.org>

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.3, with Net-SNMP 5.2.1.2, with ADNS.

Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libp
cap version 0.9[.x] on Windows XP Service Pack 2, build 2600.

ethereal [ -vh ] [ -DklLnpQS ] [ -a &lt;capture autostop condition> ] ...
        [ -b &lt;capture ring buffer option> ] ...
        [ -B &lt;capture buffer size> ]
        [ -c &lt;capture packet count> ] [ -f &lt;capture filter> ]
        [ -g &lt;packet number> ] [ -i &lt;capture interface> ] [ -m &lt;font> ]
        [ -N &lt;name resolving flags> ] [ -o &lt;preference/recent setting> ] ...
        [ -r &lt;infile> ] [ -R &lt;read (display) filter> ] [ -s &lt;capture snaplen> ]
        [ -t &lt;time stamp format> ] [ -w &lt;savefile> ] [ -y &lt;capture link type> ]
        [ -X &lt;eXtension option> ] [ -z &lt;statistics> ] [ &lt;infile> ]	  </programlisting>
	</example>

	We will examine each of the command line options in turn.
    </para>
    <para>
      The first thing to notice is that issuing the command 
      <command>ethereal</command> by itself will bring up 
      <application>Ethereal</application>.
      However, you can include as many of the command line parameters as 
      you like. Their meanings are as follows ( in alphabetical order ):
	  XXX - is the alphabetical order a good choice? Maybe better task based?
      <variablelist>
	  <varlistentry><term><command>-a &lt;capture autostop condition></command></term>
	  <listitem>
		<para>
    	Specify a criterion that specifies when Wireshark is to stop writing 
		to a capture file. The criterion is of the form test:value, where test 
		is one of: 
		<variablelist>
		<varlistentry><term><command>duration</command>:value</term>
			<listitem><para>
			Stop writing to a capture file after value of seconds have elapsed. 
			</para></listitem>
		</varlistentry>
		<varlistentry><term><command>filesize</command>:value</term>
			<listitem><para>
			Stop writing to a capture file after it reaches a size of value 
			kilobytes (where a kilobyte is 1000 bytes, not 1024 bytes). If 
			this option is used together with the -b option, Ethereal will 
			stop writing to the current capture file and switch to the next 
			one if filesize is reached.
			</para></listitem>
		</varlistentry>
		<varlistentry><term><command>files</command>:value</term>
			<listitem><para>
			Stop writing to capture files after value number of files were 
			written.
			</para></listitem>
		</varlistentry>
		</variablelist>
		</para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-b &lt;capture ring buffer option></command></term>
	  <listitem>
	    <para>
		If a maximum capture file size was specified, cause Ethereal to run 
		in "ring buffer" mode, with the specified number of files. In "ring 
		buffer" mode, Ethereal will write to several capture files. Their 
		name is based on the number of the file and on the creation date and 
		time. 
	    </para>
	    <para>
		When the first capture file fills up, Ethereal will switch to writing 
		to the next file, until it fills up the last file, at which point 
		it'll discard the data in the first file (unless 0 is specified, in 
		which case, the number of files is unlimited) and start writing to 
		that file and so on.
	    </para>
	    <para>
		If the optional duration is specified, Ethereal will switch also to 
		the next file when the specified number of seconds has elapsed even 
		if the current file is not completely fills up.
	    </para>
	    <para>
		<variablelist>
		<varlistentry><term><command>duration</command>:value</term>
			<listitem><para>
			Switch to the next file after value seconds have elapsed, even 
			if the current file is not completely filled up.
			</para></listitem>
		</varlistentry>
		<varlistentry><term><command>filesize</command>:value</term>
			<listitem><para>
			Switch to the next file after it reaches a size of value kilobytes 
			(where a kilobyte is 1000 bytes, not 1024 bytes).
			</para></listitem>
		</varlistentry>
		<varlistentry><term><command>files</command>:value</term>
			<listitem><para>
			Begin again with the first file after value number of files were 
			written (form a ring buffer).
			</para></listitem>
		</varlistentry>
		</variablelist>
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-B &lt;capture buffer size (Win32 only)></command></term>
	  <listitem>
	    <para>
	      Win32 only: set capture buffer size (in MB, default is 1MB). This 
		  is used by the the capture driver to buffer packet data until that 
		  data can be written to disk. If you encounter packet drops while 
		  capturing, try to increase this size.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-c &lt;capture packet count></command></term>
	  <listitem>
	    <para>
	      This option specifies the maximum number of packets to capture 
	      when capturing live data.  It would be used in conjunction 
	      with the <command>-k</command> option.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-D</command></term>
	  <listitem>
	    <para>
Print a list of the interfaces on which Ethereal can capture, and
exit.  For each network interface, a number and an
interface name, possibly followed by a text description of the
interface, is printed.  The interface name or the number can be supplied
to the <command>-i</command> flag to specify an interface on which to capture.
	    </para>
	    <para>
This can be useful on systems that don't have a command to list them  
(e.g., Windows systems, or UNIX systems lacking <command>ifconfig -a</command>);
the number can be useful on Windows 2000 and later systems, where the
interface name is a somewhat complex string.
	    </para>
	    <para>
Note that "can capture" means that Ethereal was able to open
that device to do a live capture; if, on your system, a program doing a
network capture must be run from an account with special privileges (for
example, as root), then, if Wireshark is run with the <command>-D</command> flag and
is not run from such an account, it will not list any interfaces.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-f &lt;capture filter></command></term>
	  <listitem>
	    <para>
	      This option sets the initial capture filter expression to 
	      be used when capturing packets.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-g &lt;packet number></command></term>
	  <listitem>
	    <para>
	      After reading in a capture file using the -r flag, go to the given 
		  packet number.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-h</command></term>
	  <listitem>
	    <para>
	      The <command>-h</command> option requests Ethereal to print 
	      its version and usage instructions (as shown above) and exit.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-i &lt;capture interface></command></term>
	  <listitem>
	    <para>
Set the name of the network interface or pipe to use for live packet
capture. 
	    </para>
	    <para>
Network interface names should match one of the names listed in
<command>ethereal -D</command> (described above); a number, as reported by
<command>ethereal -D</command>, can also be used.  If you're using UNIX, <command>netstat
-i</command> or <command>ifconfig -a</command> might also work to list interface names,
although not all versions of UNIX support the <command>-a</command> flag to <command>ifconfig</command>.
	    </para>
	    <para>
If no interface is specified, Ethereal searches the list of
interfaces, choosing the first non-loopback interface if there are any
non-loopback interfaces, and choosing the first loopback interface if
there are no non-loopback interfaces; if there are no interfaces,
Ethereal reports an error and doesn't start the capture.
	    </para>
	    <para>
Pipe names should be either the name of a FIFO (named pipe) or ``-'' to
read data from the standard input.  Data read from pipes must be in
standard libpcap format.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-k</command></term>
	  <listitem>
	    <para>
	      The <command>-k</command> option specifies that Ethereal 
	      should start capturing packets immediately.  This option 
	      requires the use of the <command>-i</command> parameter to 
	      specify the interface that packet capture will occur from.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-l</command></term>
	  <listitem>
	    <para>
	      This option turns on automatic scrolling if the packet 
	      list pane is being updated automatically as packets arrive 
	      during a capture ( as specified by the <command>-S</command> 
	      flag).
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-L</command></term>
	  <listitem>
	    <para>
		  List the data link types supported by the interface and exit.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-m &lt;font></command></term>
	  <listitem>
	    <para>
	      This option sets the name of the font used for most text 
	      displayed by Wireshark. XXX - add an example!
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-n</command></term>
	  <listitem>
	    <para>
		Disable network object name resolution (such as hostname, TCP and UDP 
		port names).
		</para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-N &lt;name resolving flags></command></term>
	  <listitem>
	    <para>
	      Turns on name resolving for particular types of addresses 
	      and port numbers; the argument is a string that may contain 
	      the letters <command>m</command> to enable MAC address 
	      resolution, <command>n</command> to enable network address 
	      resolution, and <command>t</command> to enable transport-layer 
	      port number resolution.  This overrides <command>-n</command> 
	      if both <command>-N</command> and <command>-n</command> are 
	      present. The letter C enables concurrent (asynchronous) DNS lookups.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><command>-o &lt;preference/recent settings&gt;</command></term>
	  <listitem>
	    <para>
	      Sets a preference or recent value, overriding the default value and 
	      any value read from a preference/recent file.  The argument to the 
	      flag is a string of the form prefname:value, where prefname 
	      is the name of the preference (which is the same name that 
	      would appear in the preference/recent file), and value is the value 
	      to which it should be set.  Multiple instances of 
	      <command>-o &lt;preference settings&gt; </command> can be 
	      given on a single command line.
	    </para>
	    <para>An example of setting a single preference would be: </para>
	    <para>
	      <command>
		ethereal -o mgcp.display_dissect_tree:TRUE
	      </command>
	    </para>
	    <para> 
	      An example of setting multiple preferences would be: 
	    </para>
	    <para>
	      <command>
		ethereal -o mgcp.display_dissect_tree:TRUE -o mgcp.udp.callagent_port:2627
	      </command>
	    </para>
		<tip><title>Tip!</title>
		<para>
		You can get a list of all available preference strings from the 
		preferences file, see <xref linkend="AppFiles"/>.
		</para>
		</tip>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-p</command></term>
	  <listitem>
	    <para>
	      Don't put the interface into promiscuous mode.  Note that 
	      the interface might be in promiscuous mode for some other 
	      reason; hence, -p cannot be used to ensure that the only 
	      traffic that is captured is traffic sent to or from the 
	      machine on which Wireshark is running, broadcast traffic, and 
	      multicast traffic to addresses received by that machine.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-Q</command></term>
	  <listitem>
	    <para>
	      This option forces Ethereal to exit when capturing is 
	      complete. It can be used with the <command>-c</command> option. 
	      It must be used in conjunction with the 
	      <command>-i</command> and <command>-w</command> options. 
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-r &lt;infile></command></term>
	  <listitem>
	    <para>
	      This option provides the name of a capture file for Wireshark 
	      to read and display. This capture file can be in one of the 
	      formats Ethereal understands.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-R &lt;read (display) filter></command></term>
	  <listitem>
	    <para>
	      This option specifies a display filter to be applied when 
	      reading packets from a capture file. The syntax of this 
	      filter is that of the display filters discussed in 
	      <xref linkend="ChWorkDisplayFilterSection"/>.  Packets not 
		  matching the filter are discarded.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-s &lt;capture snaplen></command></term>
	  <listitem>
	    <para>
	      This option specifies the snapshot length to use when 
	      capturing packets. Ethereal will only capture 
	      <command>&lt;snaplen></command> bytes of data for each packet.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-S</command></term>
	  <listitem>
	    <para>
	      This option specifies that Ethereal will display packets as 
	      it captures them. This is done by capturing in one process 
	      and displaying them in a separate process. This is the same
		  as "Update list of packets in real time" in the Capture Options
		  dialog box.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><command>-t &lt;time stamp format></command></term>
	  <listitem>
	    <para>
	      This option sets the format of packet timestamps that are 
	      displayed in the packet list window.  The format can be one of:
	      <itemizedlist>
		<listitem>
		  <para>
		    <command>r</command> relative, which specifies timestamps are 
		    displayed relative to the first packet captured.
		  </para>
		</listitem>
		<listitem>
		  <para>
		    <command>a</command> absolute, which specifies that actual times 
			be displayed for all packets.
		  </para>
		</listitem>
		<listitem>
		  <para>
		    <command>ad</command> absolute with date, which specifies that 
			actual dates and times be displayed for all packets.
		  </para>
		</listitem>
		<listitem>
		  <para>
		    <command>d</command> delta, which specifies that timestamps 
		    are relative to the previous packet.
		  </para>
		</listitem>
	      </itemizedlist>
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-v</command></term>
	  <listitem>
	    <para>
	      The <command>-v</command> option requests 
	      Ethereal to print out its version information and exit.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-w &lt;savefile></command></term>
	  <listitem>
	    <para>
	      This option sets the name of the <command>savefile</command> 
	      to be used when saving a capture file.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-y &lt;capture link type></command></term>
	  <listitem>
	    <para>
		If a capture is started from the command line with -k, set the data 
		link type to use while capturing packets. The values reported by -L 
		are the values that can be used.
		</para>
	  </listitem>
	</varlistentry>
	<varlistentry><term><command>-X &lt;eXtension option></command></term>
	  <listitem>
	    <para>
        Specify an option to be passed to a Tethereal module. The eXtension
        option is in the form extension_key:value, where extension_key can
        be:
        </para>
        <para>
        <command>lua_script</command>:lua_script_filename Tell Ethereal to load the given script in addition to the default Lua scripts. 
        </para>
	  </listitem>
	</varlistentry>    
	<varlistentry><term><command>-z &lt;statistics-string></command></term>
	  <listitem>
	    <para>
		Get Ethereal to collect various types of statistics and display the 
		result in a window that updates in semi-real time.
		XXX - add more details here!
		</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </section>
   
  <section id="ChCustColorizationSection"><title>Packet colorization</title>
    <para>
      A very useful mechanism available in Wireshark is packet colorization.  
      You can set-up Ethereal so that it will colorize packets according to a 
      filter. This allows you to emphasize the packets you are usually 
	  interested in.
    </para>
    <tip>
      <title>Tip!</title>
      <para>
	  You will find a lot of Coloring Rule examples at the <command>Ethereal 
	  Wiki Coloring Rules page</command> at <ulink 
	  url="&EtherealWikiColoringRulesPage;">&EtherealWikiColoringRulesPage;</ulink>.
      </para>
    </tip>
    <para>
      To colorize packets, select the Coloring Rules... menu item from 
      the View menu, Ethereal will pop up the "Coloring Rules" 
      dialog box as shown in <xref linkend="ChCustColoringRulesDialog"/>.
    </para>
    <figure id="ChCustColoringRulesDialog">
      <title>The "Coloring Rules" dialog box</title>
      <graphic entityref="EtherealColoringRulesDialog" format="PNG"/>
    </figure>
    <para>
      Once the Coloring Rules dialog box is up, there are a number 
      of buttons you can use, depending on whether or not you have any 
      color filters installed already.
    </para>
    <note><title>Note!</title>
	<para>
      You will need to carefully select the order the coloring rules are listed 
      (and thus applied) as they are applied in order from top to bottom. 
	  So, more specific rules need to be listed before more general rules. 
	  For example, if you have a color rule for UDP before the one for DNS, 
	  the color rule for DNS will never be applied (as DNS uses UDP, so the 
	  UDP rule will be matching first).
	</para>
    </note>
    <para>
	  If this is the first time you have used Coloring Rules, click on the New 
	  button which will bring up the Edit color filter dialog box as shown in 
      <xref linkend="ChCustEditColorDialog"/>.
    </para>
    <figure id="ChCustEditColorDialog">
      <title>The "Edit Color Filter" dialog box</title>
      <graphic entityref="EtherealEditColorDialog" format="PNG"/>
    </figure>
    <para>
      In the Edit Color dialog box, simply enter a name for the color filter,
      and enter a filter string in the Filter text field.  
      <xref linkend="ChCustEditColorDialog"/> shows the values 
	<command>arp</command> and <command>arp</command> which means that 
	the name of the color filter is <command>arp</command> and the filter 
	will select protocols of type <command>arp</command>.  Once you have 
	entered these values, you can choose a foreground and background 
	color for packets that match the filter expression.  Click on 
	<command>Foreground color...</command> or 
	<command>Background color...</command> to achieve this and 
	Ethereal will pop up the Choose foreground/background color for 
	protocol dialog box as shown in 
	<xref linkend="ChCustChooseColorDialog"/>.
    </para>
    <figure id="ChCustChooseColorDialog">
      <title>The "Choose color" dialog box</title>
      <graphic entityref="EtherealChooseColorDialog" format="PNG"/>
    </figure>
    <para>
      Select the color you desire for the selected packets and click on OK. 
    </para>
    <note>
      <title>Note!</title>
      <para>
	You must select a color in the colorbar next to the colorwheel to 
	load values into the RGB values. Alternatively, you can set the 
	values to select the color you want.
      </para>
    </note>
    <para>
      <xref linkend="ChCustColorFilterMany"/> shows an example of several color 
	filters being used in Wireshark. You may not like the color choices, 
	however, feel free to choose your own.
    </para>
    <figure id="ChCustColorFilterMany">
      <title>Using color filters with Ethereal</title>
      <graphic entityref="EtherealThreePane1" format="PNG"/>
    </figure>
  </section>
   
  <section id="ChCustProtocolDissectionSection">
	<title>Control Protocol dissection</title>
	<para>
		The user can control how protocols are dissected.
	</para>
	<para>
		Each protocol has its own dissector, so dissecting a complete packet will 
		typically involve several dissectors. As Ethereal tries to find the 
		right dissector for each packet (using static "routes" and heuristics 
		"guessing"), it might choose the wrong dissector in your specific 
		case. For example, Ethereal won't know if you use a common protocol 
		on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of 
		the standard port 80.
	</para>
	<para>
		There are two ways to control the relations between protocol 
		dissectors: disable a protocol dissector completely or temporarily 
		divert the way Ethereal calls the dissectors.
	</para>
	<section id="ChAdvEnabledProtocols"><title>The "Enabled Protocols" dialog 
	box</title>
	<para>
		The Enabled Protocols dialog box lets you enable or
		disable specific protocols, all protocols are enabled by default. 
		When a protocol is disabled, Ethereal stops processing a packet
		whenever that protocol is encountered.	
	</para>
	<note><title>Note!</title>
		<para>
		Disabling a protocol will prevent information about higher-layer
		protocols from being displayed.  For example,
		suppose you disabled the IP protocol and selected
		a packet containing Ethernet, IP, TCP, and HTTP
		information.  The Ethernet information would be
		displayed, but the IP, TCP and HTTP information
		would not - disabling IP would prevent it and
		the other protocols from being displayed.
		</para>
	</note>
    <figure id="ChAdvEnabledProtocolsFig">
      <title>The "Enabled Protocols" dialog box</title>
      <graphic entityref="EtherealEnabledProtocols" format="PNG"/>
    </figure>
	<para>
		To disable or enable a protocol, simply click on it using the
		mouse or press the space bar when the protocol is highlighted.
	</para>
	<warning><title>Warning!</title>
		<para>
		You have to use the Save button to save your settings. The OK or Apply 
		buttons will not save your changes permanently, so they will be lost 
		when Wireshark is closed.
		</para>
	</warning>
    <para>
      You can choose from the following actions:
      <orderedlist>
	<listitem>
	  <para>
	    <command>Enable All</command> Enable all protocols in the list.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Disable All</command> Disable all protocols in the list.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Invert</command> Toggle the state of all protocols in the 
		list.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>OK</command> Apply the changes and close the dialog box.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Apply</command> Apply the changes and keep the dialog box 
		open.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Save</command> Save the settings to the disabled_protos, see 
		<xref linkend="AppFiles"/> for details.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Cancel</command> Cancel the changes and close the dialog box.
	  </para>
	</listitem>
      </orderedlist>
    </para>
	</section>
	
    <section id="ChAdvDecodeAs"><title>User Specified Decodes</title>
	<para>
		The "Decode As" functionality let you temporarily divert specific 
		protocol dissections. This might be useful for example, if you do some 
		uncommon experiments on your network.
	</para>
    <para>
    <figure id="ChAdvDecodeAsFig">
      <title>The "Decode As" dialog box</title>
      <graphic scale="100" entityref="EtherealDecodeAs" format="PNG"/>
    </figure>
	The content of this dialog box depends on the selected packet when it 
	was opened.
	<warning><title>Warning!</title>
		<para>
		The user specified decodes can not be saved. If you quit Ethereal, 
		these settings will be lost.
		</para>
	</warning>
      <orderedlist>
	<listitem>
	  <para>
	    <command>Decode</command> Decode packets the selected way.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Do not decode</command> Do not decode packets the selected 
		way.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Link/Network/Transport</command> Specify the network layer 
		at which "Decode As" should take place. Which of these pages are 
		available, depends on the content of the selected packet when this 
		dialog box was opened.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Show Current</command> Open a dialog box showing the 
		current list of user specified decodes.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>OK</command> Apply the currently selected decode and close 
		the dialog box.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Apply</command> Apply the currently selected decode and keep 
		the dialog box open.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Cancel</command> Cancel the changes and close the dialog box.
	  </para>
	</listitem>
      </orderedlist>
	</para>
	</section>
	
    <section id="ChAdvDecodeAsShow"><title>Show User Specified Decodes</title>
    <para>
	This dialog box shows the currently active user specified decodes.
    <figure id="ChAdvDecodeAsShowFig">
      <title>The "Decode As: Show" dialog box</title>
      <graphic entityref="EtherealDecodeAsShow" format="PNG"/>
    </figure>
      <orderedlist>
	<listitem>
	  <para>
	    <command>OK</command> Close this dialog box.
	  </para>
	</listitem>
	<listitem>
	  <para>
	    <command>Clear</command> Removes all user specified decodes.
	  </para>
	</listitem>
      </orderedlist>
	</para>
  </section>
  </section>
  
  <section id="ChCustPreferencesSection"><title>Preferences</title>
    <para>
      There are a number of preferences you can set. Simply 
      select the Preferences... menu item from the Edit menu, and Ethereal 
      will pop up the Preferences dialog box as shown in 
      <xref linkend="ChCustGUIPrefPage"/>, with the "User Interface" page as 
	  default. On the left side is a tree where you can select the page to be 
	  shown.
	  <note><title>Note!</title>
	  <para>
	  Preference settings are added frequently. For a recent explanation of 
	  the preference pages and their settings have a look at the 
	  <command>Ethereal Wiki Preferences page</command> at <ulink 
	  url="&EtherealWikiPreferencesPage;">&EtherealWikiPreferencesPage;</ulink>.
      </para>
      </note>
	  <warning>
		<title>Warning!</title>
		<para>
		The OK or Apply button will not save the preference settings, 
		you'll have to save the settings by clicking the Save button.
		</para>
	  </warning>
	<itemizedlist>
		<listitem>
		  <para>
	  		The <command>OK</command> button will apply the preferences 
			settings and close the dialog.
		  </para>
		</listitem>
		<listitem>
		  <para>
	  		The <command>Apply</command> button will apply the preferences 
			settings and keep the dialog open.
		  </para>
		</listitem>
		<listitem>
		  <para>
	  		The <command>Save</command> button will apply the preferences 
			settings, save the settings on the harddisk and keep the dialog open.
		  </para>
		</listitem>
		<listitem>
		  <para>
	  		The <command>Cancel</command> button will restore all preferences 
			settings to the last saved state.
		  </para>
		</listitem>
	</itemizedlist>
    </para>
    <figure id="ChCustGUIPrefPage">
      <title>The preferences dialog box</title>
      <graphic entityref="EtherealGUIPreferences" format="PNG"/>
    </figure>
  </section>
  
</chapter>
<!-- End of EUG Chapter Customizing -->