diff options
| author | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2007-05-03 00:21:22 +0000 |
|---|---|---|
| committer | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2007-05-03 00:21:22 +0000 |
| commit | 7e7ae46a72031b38ba546930d70ae98a7a1a7618 (patch) | |
| tree | 240ff36f2a8c7bc03274d1fb1b245569571f3a60 | |
| parent | 6dbf61a3e9f542104e5ffc2a62fc0fca95ac5d23 (diff) | |
Fix a couple of typos and fixup whitespace.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@21657 f5534014-38df-0310-8fa8-9805f1628bb7
| -rw-r--r-- | docbook/wsug_src/WSUG_chapter_customize.xml | 402 |
1 files changed, 201 insertions, 201 deletions
diff --git a/docbook/wsug_src/WSUG_chapter_customize.xml b/docbook/wsug_src/WSUG_chapter_customize.xml index 8fc958ddd7..24f26a1b1f 100644 --- a/docbook/wsug_src/WSUG_chapter_customize.xml +++ b/docbook/wsug_src/WSUG_chapter_customize.xml @@ -3,11 +3,11 @@ <chapter id="ChapterCustomize"> <title>Customizing Wireshark</title> - + <section id="ChCustIntroduction"><title>Introduction</title> <para> Wireshark's default behaviour will usually suit your needs pretty well. - However, as you become more familiar with Wireshark, it can be customized + However, as you become more familiar with Wireshark, it can be customized in various ways to suit your needs even better. In this chapter we explore: <itemizedlist> <listitem> @@ -30,22 +30,22 @@ How to use the various preference settings </para> </listitem> - </itemizedlist> + </itemizedlist> </para> </section> - + <section id="ChCustCommandLine"><title>Start Wireshark from the command line</title> <para> - You can start <application>Wireshark</application> from the command - line, but it can also be started from most Window managers - as well. In this section we will look at starting it from the command + You can start <application>Wireshark</application> from the command + line, but it can also be started from most Window managers + as well. In this section we will look at starting it from the command line. </para> <para> - <application>Wireshark</application> supports a large number of - command line parameters. To see what they are, simply enter the - command <command>wireshark -h</command> and the help information - shown in <xref linkend="ChCustEx1"/> (or something similar) should be + <application>Wireshark</application> supports a large number of + command line parameters. To see what they are, simply enter the + command <command>wireshark -h</command> and the help information + shown in <xref linkend="ChCustEx1"/> (or something similar) should be printed. <example id="ChCustEx1"> <title>Help information available from Wireshark</title> @@ -56,7 +56,7 @@ Copyright 1998-2006 Gerald Combs <gerald@wireshark.org> and contributors. Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown), with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.2.2, with ADNS, with Lua 5.1. -Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on +Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x] on Windows XP Service Pack 2, build 2600. wireshark [ -vh ] [ -DklLnpQS ] [ -a <capture autostop condition> ] ... @@ -73,37 +73,37 @@ wireshark [ -vh ] [ -DklLnpQS ] [ -a <capture autostop condition> ] ... We will examine each of the command line options in turn. </para> <para> - The first thing to notice is that issuing the command - <command>wireshark</command> by itself will bring up + The first thing to notice is that issuing the command + <command>wireshark</command> by itself will bring up <application>Wireshark</application>. - However, you can include as many of the command line parameters as + However, you can include as many of the command line parameters as you like. Their meanings are as follows ( in alphabetical order ): XXX - is the alphabetical order a good choice? Maybe better task based? <variablelist> <varlistentry><term><command>-a <capture autostop condition></command></term> <listitem> <para> - Specify a criterion that specifies when Wireshark is to stop writing - to a capture file. The criterion is of the form test:value, where test - is one of: + Specify a criterion that specifies when Wireshark is to stop writing + to a capture file. The criterion is of the form test:value, where test + is one of: <variablelist> <varlistentry><term><command>duration</command>:value</term> <listitem><para> - Stop writing to a capture file after value of seconds have elapsed. + Stop writing to a capture file after value of seconds have elapsed. </para></listitem> </varlistentry> <varlistentry><term><command>filesize</command>:value</term> <listitem><para> - Stop writing to a capture file after it reaches a size of value - kilobytes (where a kilobyte is 1000 bytes, not 1024 bytes). If - this option is used together with the -b option, Wireshark will - stop writing to the current capture file and switch to the next + Stop writing to a capture file after it reaches a size of value + kilobytes (where a kilobyte is 1000 bytes, not 1024 bytes). If + this option is used together with the -b option, Wireshark will + stop writing to the current capture file and switch to the next one if filesize is reached. </para></listitem> </varlistentry> <varlistentry><term><command>files</command>:value</term> <listitem><para> - Stop writing to capture files after value number of files were + Stop writing to capture files after value number of files were written. </para></listitem> </varlistentry> @@ -114,41 +114,41 @@ wireshark [ -vh ] [ -DklLnpQS ] [ -a <capture autostop condition> ] ... <varlistentry><term><command>-b <capture ring buffer option></command></term> <listitem> <para> - If a maximum capture file size was specified, cause Wireshark to run - in "ring buffer" mode, with the specified number of files. In "ring - buffer" mode, Wireshark will write to several capture files. Their - name is based on the number of the file and on the creation date and - time. + If a maximum capture file size was specified, cause Wireshark to run + in "ring buffer" mode, with the specified number of files. In "ring + buffer" mode, Wireshark will write to several capture files. Their + name is based on the number of the file and on the creation date and + time. </para> <para> - When the first capture file fills up, Wireshark will switch to writing - to the next file, until it fills up the last file, at which point - it'll discard the data in the first file (unless 0 is specified, in - which case, the number of files is unlimited) and start writing to + When the first capture file fills up, Wireshark will switch to writing + to the next file, until it fills up the last file, at which point + it'll discard the data in the first file (unless 0 is specified, in + which case, the number of files is unlimited) and start writing to that file and so on. </para> <para> - If the optional duration is specified, Wireshark will switch also to - the next file when the specified number of seconds has elapsed even + If the optional duration is specified, Wireshark will switch also to + the next file when the specified number of seconds has elapsed even if the current file is not completely fills up. </para> <para> <variablelist> <varlistentry><term><command>duration</command>:value</term> <listitem><para> - Switch to the next file after value seconds have elapsed, even + Switch to the next file after value seconds have elapsed, even if the current file is not completely filled up. </para></listitem> </varlistentry> <varlistentry><term><command>filesize</command>:value</term> <listitem><para> - Switch to the next file after it reaches a size of value kilobytes + Switch to the next file after it reaches a size of value kilobytes (where a kilobyte is 1000 bytes, not 1024 bytes). </para></listitem> </varlistentry> <varlistentry><term><command>files</command>:value</term> <listitem><para> - Begin again with the first file after value number of files were + Begin again with the first file after value number of files were written (form a ring buffer). </para></listitem> </varlistentry> @@ -159,9 +159,9 @@ wireshark [ -vh ] [ -DklLnpQS ] [ -a <capture autostop condition> ] ... <varlistentry><term><command>-B <capture buffer size (Win32 only)></command></term> <listitem> <para> - Win32 only: set capture buffer size (in MB, default is 1MB). This - is used by the the capture driver to buffer packet data until that - data can be written to disk. If you encounter packet drops while + Win32 only: set capture buffer size (in MB, default is 1MB). This + is used by the the capture driver to buffer packet data until that + data can be written to disk. If you encounter packet drops while capturing, try to increase this size. </para> </listitem> @@ -169,8 +169,8 @@ wireshark [ -vh ] [ -DklLnpQS ] [ -a <capture autostop condition> ] ... <varlistentry><term><command>-c <capture packet count></command></term> <listitem> <para> - This option specifies the maximum number of packets to capture - when capturing live data. It would be used in conjunction + This option specifies the maximum number of packets to capture + when capturing live data. It would be used in conjunction with the <command>-k</command> option. </para> </listitem> @@ -185,7 +185,7 @@ interface, is printed. The interface name or the number can be supplied to the <command>-i</command> flag to specify an interface on which to capture. </para> <para> -This can be useful on systems that don't have a command to list them +This can be useful on systems that don't have a command to list them (e.g., Windows systems, or UNIX systems lacking <command>ifconfig -a</command>); the number can be useful on Windows 2000 and later systems, where the interface name is a somewhat complex string. @@ -202,7 +202,7 @@ is not run from such an account, it will not list any interfaces. <varlistentry><term><command>-f <capture filter></command></term> <listitem> <para> - This option sets the initial capture filter expression to + This option sets the initial capture filter expression to be used when capturing packets. </para> </listitem> @@ -210,7 +210,7 @@ is not run from such an account, it will not list any interfaces. <varlistentry><term><command>-g <packet number></command></term> <listitem> <para> - After reading in a capture file using the -r flag, go to the given + After reading in a capture file using the -r flag, go to the given packet number. </para> </listitem> @@ -218,7 +218,7 @@ is not run from such an account, it will not list any interfaces. <varlistentry><term><command>-h</command></term> <listitem> <para> - The <command>-h</command> option requests Wireshark to print + The <command>-h</command> option requests Wireshark to print its version and usage instructions (as shown above) and exit. </para> </listitem> @@ -227,7 +227,7 @@ is not run from such an account, it will not list any interfaces. <listitem> <para> Set the name of the network interface or pipe to use for live packet -capture. +capture. </para> <para> Network interface names should match one of the names listed in @@ -253,9 +253,9 @@ standard libpcap format. <varlistentry><term><command>-k</command></term> <listitem> <para> - The <command>-k</command> option specifies that Wireshark - should start capturing packets immediately. This option - requires the use of the <command>-i</command> parameter to + The <command>-k</command> option specifies that Wireshark + should start capturing packets immediately. This option + requires the use of the <command>-i</command> parameter to specify the interface that packet capture will occur from. </para> </listitem> @@ -263,9 +263,9 @@ standard libpcap format. <varlistentry><term><command>-l</command></term> <listitem> <para> - This option turns on automatic scrolling if the packet - list pane is being updated automatically as packets arrive - during a capture ( as specified by the <command>-S</command> + This option turns on automatic scrolling if the packet + list pane is being updated automatically as packets arrive + during a capture ( as specified by the <command>-S</command> flag). </para> </listitem> @@ -280,7 +280,7 @@ standard libpcap format. <varlistentry><term><command>-m <font></command></term> <listitem> <para> - This option sets the name of the font used for most text + This option sets the name of the font used for most text displayed by Wireshark. XXX - add an example! </para> </listitem> @@ -288,7 +288,7 @@ standard libpcap format. <varlistentry><term><command>-n</command></term> <listitem> <para> - Disable network object name resolution (such as hostname, TCP and UDP + Disable network object name resolution (such as hostname, TCP and UDP port names). </para> </listitem> @@ -296,13 +296,13 @@ standard libpcap format. <varlistentry><term><command>-N <name resolving flags></command></term> <listitem> <para> - Turns on name resolving for particular types of addresses - and port numbers; the argument is a string that may contain - the letters <command>m</command> to enable MAC address - resolution, <command>n</command> to enable network address - resolution, and <command>t</command> to enable transport-layer - port number resolution. This overrides <command>-n</command> - if both <command>-N</command> and <command>-n</command> are + Turns on name resolving for particular types of addresses + and port numbers; the argument is a string that may contain + the letters <command>m</command> to enable MAC address + resolution, <command>n</command> to enable network address + resolution, and <command>t</command> to enable transport-layer + port number resolution. This overrides <command>-n</command> + if both <command>-N</command> and <command>-n</command> are present. The letter C enables concurrent (asynchronous) DNS lookups. </para> </listitem> @@ -311,13 +311,13 @@ standard libpcap format. <term><command>-o <preference/recent settings></command></term> <listitem> <para> - Sets a preference or recent value, overriding the default value and - any value read from a preference/recent file. The argument to the - flag is a string of the form prefname:value, where prefname - is the name of the preference (which is the same name that - would appear in the preference/recent file), and value is the value - to which it should be set. Multiple instances of - <command>-o <preference settings> </command> can be + Sets a preference or recent value, overriding the default value and + any value read from a preference/recent file. The argument to the + flag is a string of the form prefname:value, where prefname + is the name of the preference (which is the same name that + would appear in the preference/recent file), and value is the value + to which it should be set. Multiple instances of + <command>-o <preference settings> </command> can be given on a single command line. </para> <para>An example of setting a single preference would be: </para> @@ -326,8 +326,8 @@ standard libpcap format. wireshark -o mgcp.display_dissect_tree:TRUE </command> </para> - <para> - An example of setting multiple preferences would be: + <para> + An example of setting multiple preferences would be: </para> <para> <command> @@ -336,7 +336,7 @@ standard libpcap format. </para> <tip><title>Tip!</title> <para> - You can get a list of all available preference strings from the + You can get a list of all available preference strings from the preferences file, see <xref linkend="AppFiles"/>. </para> </tip> @@ -345,11 +345,11 @@ standard libpcap format. <varlistentry><term><command>-p</command></term> <listitem> <para> - Don't put the interface into promiscuous mode. Note that - the interface might be in promiscuous mode for some other - reason; hence, -p cannot be used to ensure that the only - traffic that is captured is traffic sent to or from the - machine on which Wireshark is running, broadcast traffic, and + Don't put the interface into promiscuous mode. Note that + the interface might be in promiscuous mode for some other + reason; hence, -p cannot be used to ensure that the only + traffic that is captured is traffic sent to or from the + machine on which Wireshark is running, broadcast traffic, and multicast traffic to addresses received by that machine. </para> </listitem> @@ -357,18 +357,18 @@ standard libpcap format. <varlistentry><term><command>-Q</command></term> <listitem> <para> - This option forces Wireshark to exit when capturing is - complete. It can be used with the <command>-c</command> option. - It must be used in conjunction with the - <command>-i</command> and <command>-w</command> options. + This option forces Wireshark to exit when capturing is + complete. It can be used with the <command>-c</command> option. + It must be used in conjunction with the + <command>-i</command> and <command>-w</command> options. </para> </listitem> </varlistentry> <varlistentry><term><command>-r <infile></command></term> <listitem> <para> - This option provides the name of a capture file for Wireshark - to read and display. This capture file can be in one of the + This option provides the name of a capture file for Wireshark + to read and display. This capture file can be in one of the formats Wireshark understands. </para> </listitem> @@ -376,10 +376,10 @@ standard libpcap format. <varlistentry><term><command>-R <read (display) filter></command></term> <listitem> <para> - This option specifies a display filter to be applied when - reading packets from a capture file. The syntax of this - filter is that of the display filters discussed in - <xref linkend="ChWorkDisplayFilterSection"/>. Packets not + This option specifies a display filter to be applied when + reading packets from a capture file. The syntax of this + filter is that of the display filters discussed in + <xref linkend="ChWorkDisplayFilterSection"/>. Packets not matching the filter are discarded. </para> </listitem> @@ -387,8 +387,8 @@ standard libpcap format. <varlistentry><term><command>-s <capture snaplen></command></term> <listitem> <para> - This option specifies the snapshot length to use when - capturing packets. Wireshark will only capture + This option specifies the snapshot length to use when + capturing packets. Wireshark will only capture <command><snaplen></command> bytes of data for each packet. </para> </listitem> @@ -396,8 +396,8 @@ standard libpcap format. <varlistentry><term><command>-S</command></term> <listitem> <para> - This option specifies that Wireshark will display packets as - it captures them. This is done by capturing in one process + This option specifies that Wireshark will display packets as + it captures them. This is done by capturing in one process and displaying them in a separate process. This is the same as "Update list of packets in real time" in the Capture Options dialog box. @@ -408,36 +408,36 @@ standard libpcap format. <term><command>-t <time stamp format></command></term> <listitem> <para> - This option sets the format of packet timestamps that are + This option sets the format of packet timestamps that are displayed in the packet list window. The format can be one of: <itemizedlist> <listitem> <para> - <command>r</command> relative, which specifies timestamps are + <command>r</command> relative, which specifies timestamps are displayed relative to the first packet captured. </para> </listitem> <listitem> <para> - <command>a</command> absolute, which specifies that actual times + <command>a</command> absolute, which specifies that actual times be displayed for all packets. </para> </listitem> <listitem> <para> - <command>ad</command> absolute with date, which specifies that + <command>ad</command> absolute with date, which specifies that actual dates and times be displayed for all packets. </para> </listitem> <listitem> <para> - <command>d</command> delta, which specifies that timestamps + <command>d</command> delta, which specifies that timestamps are relative to the previous packet. </para> </listitem> <listitem> <para> - <command>e</command> epoch, which specifies that timestamps + <command>e</command> epoch, which specifies that timestamps are seconds since epoch (Jan 1, 1970 00:00:00) </para> </listitem> @@ -448,7 +448,7 @@ standard libpcap format. <varlistentry><term><command>-v</command></term> <listitem> <para> - The <command>-v</command> option requests + The <command>-v</command> option requests Wireshark to print out its version information and exit. </para> </listitem> @@ -456,7 +456,7 @@ standard libpcap format. <varlistentry><term><command>-w <savefile></command></term> <listitem> <para> - This option sets the name of the <command>savefile</command> + This option sets the name of the <command>savefile</command> to be used when saving a capture file. </para> </listitem> @@ -464,8 +464,8 @@ standard libpcap format. <varlistentry><term><command>-y <capture link type></command></term> <listitem> <para> - If a capture is started from the command line with -k, set the data - link type to use while capturing packets. The values reported by -L + If a capture is started from the command line with -k, set the data + link type to use while capturing packets. The values reported by -L are the values that can be used. </para> </listitem> @@ -478,14 +478,14 @@ standard libpcap format. be: </para> <para> - <command>lua_script</command>:lua_script_filename Tell Wireshark to load the given script in addition to the default Lua scripts. + <command>lua_script</command>:lua_script_filename Tell Wireshark to load the given script in addition to the default Lua scripts. </para> </listitem> - </varlistentry> + </varlistentry> <varlistentry><term><command>-z <statistics-string></command></term> <listitem> <para> - Get Wireshark to collect various types of statistics and display the + Get Wireshark to collect various types of statistics and display the result in a window that updates in semi-real time. XXX - add more details here! </para> @@ -494,25 +494,25 @@ standard libpcap format. </variablelist> </para> </section> - + <section id="ChCustColorizationSection"><title>Packet colorization</title> <para> - A very useful mechanism available in Wireshark is packet colorization. - You can set-up Wireshark so that it will colorize packets according to a - filter. This allows you to emphasize the packets you are usually + A very useful mechanism available in Wireshark is packet colorization. + You can set-up Wireshark so that it will colorize packets according to a + filter. This allows you to emphasize the packets you are usually interested in. </para> <tip> <title>Tip!</title> <para> - You will find a lot of Coloring Rule examples at the <command>Wireshark - Wiki Coloring Rules page</command> at <ulink + You will find a lot of Coloring Rule examples at the <command>Wireshark + Wiki Coloring Rules page</command> at <ulink url="&WiresharkWikiColoringRulesPage;">&WiresharkWikiColoringRulesPage;</ulink>. </para> </tip> <para> - To colorize packets, select the Coloring Rules... menu item from - the View menu, Wireshark will pop up the "Coloring Rules" + To colorize packets, select the Coloring Rules... menu item from + the View menu, Wireshark will pop up the "Coloring Rules" dialog box as shown in <xref linkend="ChCustColoringRulesDialog"/>. </para> <figure id="ChCustColoringRulesDialog"> @@ -520,23 +520,23 @@ standard libpcap format. <graphic entityref="WiresharkColoringRulesDialog" format="PNG"/> </figure> <para> - Once the Coloring Rules dialog box is up, there are a number - of buttons you can use, depending on whether or not you have any + Once the Coloring Rules dialog box is up, there are a number + of buttons you can use, depending on whether or not you have any color filters installed already. </para> <note><title>Note!</title> <para> - You will need to carefully select the order the coloring rules are listed - (and thus applied) as they are applied in order from top to bottom. - So, more specific rules need to be listed before more general rules. - For example, if you have a color rule for UDP before the one for DNS, - the color rule for DNS will never be applied (as DNS uses UDP, so the + You will need to carefully select the order the coloring rules are listed + (and thus applied) as they are applied in order from top to bottom. + So, more specific rules need to be listed before more general rules. + For example, if you have a color rule for UDP before the one for DNS, + the color rule for DNS will never be applied (as DNS uses UDP, so the UDP rule will be matching first). </para> </note> <para> - If this is the first time you have used Coloring Rules, click on the New - button which will bring up the Edit color filter dialog box as shown in + If this is the first time you have used Coloring Rules, click on the New + button which will bring up the Edit color filter dialog box as shown in <xref linkend="ChCustEditColorDialog"/>. </para> <figure id="ChCustEditColorDialog"> @@ -545,17 +545,17 @@ standard libpcap format. </figure> <para> In the Edit Color dialog box, simply enter a name for the color filter, - and enter a filter string in the Filter text field. - <xref linkend="ChCustEditColorDialog"/> shows the values - <command>arp</command> and <command>arp</command> which means that - the name of the color filter is <command>arp</command> and the filter - will select protocols of type <command>arp</command>. Once you have - entered these values, you can choose a foreground and background - color for packets that match the filter expression. Click on - <command>Foreground color...</command> or - <command>Background color...</command> to achieve this and - Wireshark will pop up the Choose foreground/background color for - protocol dialog box as shown in + and enter a filter string in the Filter text field. + <xref linkend="ChCustEditColorDialog"/> shows the values + <command>arp</command> and <command>arp</command> which means that + the name of the color filter is <command>arp</command> and the filter + will select protocols of type <command>arp</command>. Once you have + entered these values, you can choose a foreground and background + color for packets that match the filter expression. Click on + <command>Foreground color...</command> or + <command>Background color...</command> to achieve this and + Wireshark will pop up the Choose foreground/background color for + protocol dialog box as shown in <xref linkend="ChCustChooseColorDialog"/>. </para> <figure id="ChCustChooseColorDialog"> @@ -563,24 +563,24 @@ standard libpcap format. <graphic entityref="WiresharkChooseColorDialog" format="PNG"/> </figure> <para> - Select the color you desire for the selected packets and click on OK. + Select the color you desire for the selected packets and click on OK. </para> <note> <title>Note!</title> <para> - You must select a color in the colorbar next to the colorwheel to - load values into the RGB values. Alternatively, you can set the + You must select a color in the colorbar next to the colorwheel to + load values into the RGB values. Alternatively, you can set the values to select the color you want. </para> </note> <para> - <xref linkend="ChCustColorFilterMany"/> shows an example of several color - filters being used in Wireshark. You may not like the color choices, + <xref linkend="ChCustColorFilterMany"/> shows an example of several color + filters being used in Wireshark. You may not like the color choices, however, feel free to choose your own. </para> <para> - If you are uncertain which coloring rule actually took place for a - specific packet, have a look at the [Coloring Rule Name: ...] and + If you are uncertain which coloring rule actually took place for a + specific packet, have a look at the [Coloring Rule Name: ...] and [Coloring Rule String: ...] fields. </para> <figure id="ChCustColorFilterMany"> @@ -588,33 +588,33 @@ standard libpcap format. <graphic entityref="WiresharkColoringFields" format="PNG"/> </figure> </section> - + <section id="ChCustProtocolDissectionSection"> <title>Control Protocol dissection</title> <para> The user can control how protocols are dissected. </para> <para> - Each protocol has its own dissector, so dissecting a complete packet will - typically involve several dissectors. As Wireshark tries to find the - right dissector for each packet (using static "routes" and heuristics - "guessing"), it might choose the wrong dissector in your specific - case. For example, Wireshark won't know if you use a common protocol - on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of + Each protocol has its own dissector, so dissecting a complete packet will + typically involve several dissectors. As Wireshark tries to find the + right dissector for each packet (using static "routes" and heuristics + "guessing"), it might choose the wrong dissector in your specific + case. For example, Wireshark won't know if you use a common protocol + on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of the standard port 80. </para> <para> - There are two ways to control the relations between protocol - dissectors: disable a protocol dissector completely or temporarily + There are two ways to control the relations between protocol + dissectors: disable a protocol dissector completely or temporarily divert the way Wireshark calls the dissectors. </para> - <section id="ChAdvEnabledProtocols"><title>The "Enabled Protocols" dialog + <section id="ChAdvEnabledProtocols"><title>The "Enabled Protocols" dialog box</title> <para> The Enabled Protocols dialog box lets you enable or - disable specific protocols, all protocols are enabled by default. + disable specific protocols, all protocols are enabled by default. When a protocol is disabled, Wireshark stops processing a packet - whenever that protocol is encountered. + whenever that protocol is encountered. </para> <note><title>Note!</title> <para> @@ -638,8 +638,8 @@ standard libpcap format. </para> <warning><title>Warning!</title> <para> - You have to use the Save button to save your settings. The OK or Apply - buttons will not save your changes permanently, so they will be lost + You have to use the Save button to save your settings. The OK or Apply + buttons will not save your changes permanently, so they will be lost when Wireshark is closed. </para> </warning> @@ -658,7 +658,7 @@ standard libpcap format. </listitem> <listitem> <para> - <command>Invert</command> Toggle the state of all protocols in the + <command>Invert</command> Toggle the state of all protocols in the list. </para> </listitem> @@ -669,13 +669,13 @@ standard libpcap format. </listitem> <listitem> <para> - <command>Apply</command> Apply the changes and keep the dialog box + <command>Apply</command> Apply the changes and keep the dialog box open. </para> </listitem> <listitem> <para> - <command>Save</command> Save the settings to the disabled_protos, see + <command>Save</command> Save the settings to the disabled_protos, see <xref linkend="AppFiles"/> for details. </para> </listitem> @@ -687,11 +687,11 @@ standard libpcap format. </orderedlist> </para> </section> - + <section id="ChAdvDecodeAs"><title>User Specified Decodes</title> <para> - The "Decode As" functionality let you temporarily divert specific - protocol dissections. This might be useful for example, if you do some + The "Decode As" functionality let you temporarily divert specific + protocol dissections. This might be useful for example, if you do some uncommon experiments on your network. </para> <para> @@ -699,11 +699,11 @@ standard libpcap format. <title>The "Decode As" dialog box</title> <graphic scale="100" entityref="WiresharkDecodeAs" format="PNG"/> </figure> - The content of this dialog box depends on the selected packet when it + The content of this dialog box depends on the selected packet when it was opened. <warning><title>Warning!</title> <para> - The user specified decodes can not be saved. If you quit Wireshark, + The user specified decodes can not be saved. If you quit Wireshark, these settings will be lost. </para> </warning> @@ -715,33 +715,33 @@ standard libpcap format. </listitem> <listitem> <para> - <command>Do not decode</command> Do not decode packets the selected + <command>Do not decode</command> Do not decode packets the selected way. </para> </listitem> <listitem> <para> - <command>Link/Network/Transport</command> Specify the network layer - at which "Decode As" should take place. Which of these pages are - available, depends on the content of the selected packet when this + <command>Link/Network/Transport</command> Specify the network layer + at which "Decode As" should take place. Which of these pages are + available, depends on the content of the selected packet when this dialog box was opened. </para> </listitem> <listitem> <para> - <command>Show Current</command> Open a dialog box showing the + <command>Show Current</command> Open a dialog box showing the current list of user specified decodes. </para> </listitem> <listitem> <para> - <command>OK</command> Apply the currently selected decode and close + <command>OK</command> Apply the currently selected decode and close the dialog box. </para> </listitem> <listitem> <para> - <command>Apply</command> Apply the currently selected decode and keep + <command>Apply</command> Apply the currently selected decode and keep the dialog box open. </para> </listitem> @@ -753,7 +753,7 @@ standard libpcap format. </orderedlist> </para> </section> - + <section id="ChAdvDecodeAsShow"><title>Show User Specified Decodes</title> <para> This dialog box shows the currently active user specified decodes. @@ -776,52 +776,52 @@ standard libpcap format. </para> </section> </section> - + <section id="ChCustPreferencesSection"><title>Preferences</title> <para> - There are a number of preferences you can set. Simply - select the Preferences... menu item from the Edit menu, and Wireshark - will pop up the Preferences dialog box as shown in - <xref linkend="ChCustGUIPrefPage"/>, with the "User Interface" page as - default. On the left side is a tree where you can select the page to be + There are a number of preferences you can set. Simply + select the Preferences... menu item from the Edit menu, and Wireshark + will pop up the Preferences dialog box as shown in + <xref linkend="ChCustGUIPrefPage"/>, with the "User Interface" page as + default. On the left side is a tree where you can select the page to be shown. <note><title>Note!</title> <para> - Preference settings are added frequently. For a recent explanation of - the preference pages and their settings have a look at the - <command>Wireshark Wiki Preferences page</command> at <ulink + Preference settings are added frequently. For a recent explanation of + the preference pages and their settings have a look at the + <command>Wireshark Wiki Preferences page</command> at <ulink url="&WiresharkWikiPreferencesPage;">&WiresharkWikiPreferencesPage;</ulink>. </para> </note> <warning> <title>Warning!</title> <para> - The OK or Apply button will not save the preference settings, + The OK or Apply button will not save the preference settings, you'll have to save the settings by clicking the Save button. </para> </warning> <itemizedlist> <listitem> <para> - The <command>OK</command> button will apply the preferences + The <command>OK</command> button will apply the preferences settings and close the dialog. </para> </listitem> <listitem> <para> - The <command>Apply</command> button will apply the preferences + The <command>Apply</command> button will apply the preferences settings and keep the dialog open. </para> </listitem> <listitem> <para> - The <command>Save</command> button will apply the preferences + The <command>Save</command> button will apply the preferences settings, save the settings on the hard disk and keep the dialog open. </para> </listitem> <listitem> <para> - The <command>Cancel</command> button will restore all preferences + The <command>Cancel</command> button will restore all preferences settings to the last saved state. </para> </listitem> @@ -835,17 +835,17 @@ standard libpcap format. <section id="ChUserTable"><title>User Table</title> <para> The User Table editor is used for managing various tables in wireshark. It's main dialog works - very similarly to that of <xref linkend="ChCustColorizationSection"/>. + very similarly to that of <xref linkend="ChCustColorizationSection"/>. </para> </section> - - + + <section id="ChDisplayFilterMacrosSection"><title>Display Filter Macros</title> <para> Display Filter Macos are a mechanism to create shortcuts for complex filters. For example defining a display filter macro named <command>tcp_conv</command> whose text is <command> ( (ip.src == $1and ip.dst == $2 and tcp.srcpt == $3 and tcp.dstpt == $4) or - (ip.src == $2and ip.dst == $1 and tcp.srcpt == $4 and tcp.dstpt == $3) ) </command> + (ip.src == $2and ip.dst == $1 and tcp.srcpt == $4 and tcp.dstpt == $3) ) </command> would allow to use a display filter like <command>${tcp_conv:10.1.1.2;10.1.1.3;1200;1400}</command> instead of typing the whole filter. </para> @@ -872,16 +872,16 @@ standard libpcap format. </variablelist> </section> - - - <section id="ChK12ProtocolsSection"><title>Tektronics K12xx/15 RF5 protocols Table</title> + + + <section id="ChK12ProtocolsSection"><title>Tektronix K12xx/15 RF5 protocols Table</title> <para> - The Tektronix's K12xx/15 rf5 file format uses helper files (*.stk) to identify the various protocols that are + The Tektronix K12xx/15 rf5 file format uses helper files (*.stk) to identify the various protocols that are used by a certain interface. Wireshark doesn't read these stk files, it uses a table that helps it identify which lowest layer protocol to use. </para> <para> - Stk file to protocol matching is handled by an <xref linkend="ChUserTable"/> with the following fields. + Stk file to protocol matching is handled by an <xref linkend="ChUserTable"/> with the following fields. </para> <variablelist> <varlistentry><term><command>match</command></term> @@ -903,14 +903,14 @@ standard libpcap format. </varlistentry> </variablelist> </section> - - + + <section id="ChUserDLTsSection"><title>User DLTs protocol table</title> <para> When a pcap file uses one of the user DLTs (147 to 162) wireshark uses this table to know which protocol(s) to use for each user DLT. </para> <para> - This table is handled by an <xref linkend="ChUserTable"/> with the following fields. + This table is handled by an <xref linkend="ChUserTable"/> with the following fields. </para> <variablelist> <varlistentry><term><command>encap</command></term> @@ -958,15 +958,15 @@ standard libpcap format. </variablelist> </section> - - + + <section id="ChSNMPUsersSection"><title>SNMP users Table</title> <para> Wireshark uses this table to verify auhentication and to decrypt encrypted SNMPv3 packets. </para> <para> - This table is handled by an <xref linkend="ChUserTable"/> with the following fields. + This table is handled by an <xref linkend="ChUserTable"/> with the following fields. </para> <variablelist> <varlistentry><term><command>engine_id</command></term> @@ -1022,8 +1022,8 @@ standard libpcap format. </variablelist> </section> - - + + </chapter> <!-- End of WSUG Chapter Customizing --> |