diff options
author | Luis Ontanon <luis.ontanon@gmail.com> | 2007-03-04 01:55:02 +0000 |
---|---|---|
committer | Luis Ontanon <luis.ontanon@gmail.com> | 2007-03-04 01:55:02 +0000 |
commit | 3b8dd4e462524cb4c9fc2991b008041c181776cf (patch) | |
tree | 60c65895f87da11e6db36599423d7f756c4d80d5 /docbook | |
parent | 22ba8c3ad5518ba044699228debcaf7fdfc84637 (diff) |
add sections for the various user tables.
svn path=/trunk/; revision=20969
Diffstat (limited to 'docbook')
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_customize.xml | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/docbook/wsug_src/WSUG_chapter_customize.xml b/docbook/wsug_src/WSUG_chapter_customize.xml index ddcb702fec..6fbffc651f 100644 --- a/docbook/wsug_src/WSUG_chapter_customize.xml +++ b/docbook/wsug_src/WSUG_chapter_customize.xml @@ -832,6 +832,193 @@ standard libpcap format. <graphic entityref="WiresharkGUIPreferences" format="PNG"/> </figure> </section> + <section id="ChUserTable"><title>User Table</title> + <para> + The User Table editor is used for managing various tables in wireshark. It's main dialog works + very similarly to that of <xref linkend="ChCustColorizationSection"/>. + </para> + </section> + + + <section id="ChDisplayFilterMacrosSection"><title>Display Filter Macros</title> + <para> + Display Filter Macos are a mechanism to create shortcuts for complex filters. For example defining a + display filter macro named <command>tcp_conv</command> whose text is + <command> ( (ip.src == $1and ip.dst == $2 and tcp.srcpt == $3 and tcp.dstpt == $4) or + (ip.src == $2and ip.dst == $1 and tcp.srcpt == $4 and tcp.dstpt == $3) ) </command> + would allow to use a display filter like <command>${tcp_conv:10.1.1.2;10.1.1.3;1200;1400}</command> + instead of typing the whole filter. + </para> + <para> + Display Filter Macos can be managed with a <xref linkend="ChUserTable"/> selecting + the <command>Display Filter Macros</command> menu item from the <command>View</command> Menu. + The User Table has the following fields + </para> + <variablelist> + <varlistentry><term><command>name</command></term> + <listitem> + <para> + the name of the macro. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>text</command></term> + <listitem> + <para> + the replacement text for the macro it uses $1, $2, $3, ... as the input arguments. + </para> + </listitem> + </varlistentry> + </variablelist> + + </section> + + + <section id="ChK12ProtocolsSection"><title>Tektronics K12xx/15 RF5 protocols Table</title> + <para> + The Tektronix's K12xx/15 rf5 file format uses helper files (*.stk) to identify the various protocols that are + used by a certain interface. Wireshark doesn't read these stk files, it uses a table that helps it identify + which lowest layer protocol to use. + </para> + <para> + Stk file to protocol matching is handled by an <xref linkend="ChUserTable"/> with the following fields. + </para> + <variablelist> + <varlistentry><term><command>match</command></term> + <listitem> + <para> + a partial match for an stk filename, the first match wins, so if you have a specific case and a + general one the specific one must appear first in the list. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>protos</command></term> + <listitem> + <para> + This is the name of the encapsulating protocol (the lowest layer in the packet data) it can be either + just the name of the protocol (e.g. mtp2, eth_witoutfcs, sscf-nni ) or the name of the encapsulation + protocol and the "application" protocol over it separated by a colon (e.g sscop:sscf-nni, sscop:alcap, sscop:nbap, ...) + </para> + </listitem> + </varlistentry> + </variablelist> + </section> + + + <section id="ChUserDLTsSection"><title>User DLTs protocol table</title> + <para> + When a pcap file uses one of the user DLTs (147 to 162) wireshark uses this table to know which protocol(s) to use for each user DLT. + </para> + <para> + This table is handled by an <xref linkend="ChUserTable"/> with the following fields. + </para> + <variablelist> + <varlistentry><term><command>encap</command></term> + <listitem> + <para> + one of the user dlts. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>payload_proto</command></term> + <listitem> + <para> + This is the name of the payload protocol (the lowest layer in the packet data). + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>header_size</command></term> + <listitem> + <para> + if there is a header protocol (before the payload protocol) this tells which size this header is. A value of 0 disables the header protocol. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>header_proto</command></term> + <listitem> + <para> + The name of the header protocol to be used (uses "data" as default). + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>trailer_size</command></term> + <listitem> + <para> + if there is a trailer protocol (after the payload protocol) this tells which size this trailer is. A value of 0 disables the trailer protocol. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>trailer_proto</command></term> + <listitem> + <para> + The name of the trailer protocol to be used (uses "data" as default). + </para> + </listitem> + </varlistentry> + + </variablelist> + </section> + + + + <section id="ChSNMPUsersSection"><title>SNMP users Table</title> + <para> + Wireshark uses this table to verify auhentication and to decrypt encrypted SNMPv3 packets. + </para> + <para> + This table is handled by an <xref linkend="ChUserTable"/> with the following fields. + </para> + <variablelist> + <varlistentry><term><command>engine_id</command></term> + <listitem> + <para> + If given this entry will be used only for packets whose engine id is this. + This field takes an hexadecimal string in the form 0102030405. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>userName</command></term> + <listitem> + <para> + This is the userName. When a single user has more than one password + for different SNMP-engines the first entry to match both is taken, if you + need a catch all engine-id (empty) that entry should be the last one. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>auth_model</command></term> + <listitem> + <para> + Which auth model to use (either "MD5" or "SHA1"). + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>authPassword</command></term> + <listitem> + <para> + The authentication password. Use '\xDD' for unprintable charachters. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>priv_proto</command></term> + <listitem> + <para> + Which encryption algorithm to use (either "DES" or "AES"). + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>privPassword</command></term> + <listitem> + <para> + The privacy password. Use '\xDD' for unprintable charachters. + </para> + </listitem> + </varlistentry> + + </variablelist> + </section> + + </chapter> <!-- End of WSUG Chapter Customizing --> |