Bring more texts and examples up to date.

svn path=/trunk/; revision=33078

6 files changed, 104 insertions, 32 deletions

diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml
index 6abf09b4c8..b67ecb8e37 100644
--- a/docbook/wsug_src/WSUG_app_tools.xml
+++ b/docbook/wsug_src/WSUG_app_tools.xml
@@ -84,7 +84,7 @@ tcpdump -i <interface> -s 65535 -w <some-file>
       <title>Help information available from dumpcap</title>
       <programlisting>
 dumpcap -h
-Dumpcap 1.1.4
+Dumpcap 1.4.0
 Capture network packets and dump them into a libpcap file.
 See http://www.wireshark.org for more information.
 
@@ -114,6 +114,7 @@ Output (files):
                               files:NUM - ringbuffer: replace after NUM files
   -n                       use pcapng format instead of pcap
 Miscellaneous:
+  -q                       don't report packet capture counts
   -v                       print version information and exit
   -h                       display this help and exit
 
@@ -139,7 +140,7 @@ Use Ctrl-C to stop capturing at any time.
       <title>Help information available from capinfos</title>
       <programlisting>
 capinfos -h
-Capinfos 1.3.5
+Capinfos 1.4.0
 Prints various information (infos) about capture files.
 See http://www.wireshark.org for more information.
 
@@ -160,6 +161,7 @@ Time infos:
   -u display the capture duration (in seconds)
   -a display the capture start time
   -e display the capture end time
+  -o display the capture file chronological (True/False)
   -S display start and end times as seconds
 
 Statistic infos:
@@ -199,6 +201,52 @@ output format.
     </para>
   </section>
 
+  <section id="AppToolsrawshark" >
+    <title><command>rawshark</command>: Dump and analyze network traffic.
+    </title>
+    <para>
+      Rawshark reads a stream of packets from a file or pipe, and prints
+      a line describing its output, followed by a set of matching fields
+      for each packet on stdout.
+    </para>
+    <example id="AppToolsrawsharkEx">
+      <title>Help information available from rawshark</title>
+      <programlisting>
+$ rawshark -h
+Rawshark 1.4.0
+Dump and analyze network traffic.
+See http://www.wireshark.org for more information.
+
+Copyright 1998-2010 Gerald Combs &lt;gerald@wireshark.org&gt; and contributors.
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+Usage: rawshark [options] ...
+
+Input file:
+  -r &lt;infile&gt;              set the pipe or file name to read from
+
+Processing:
+  -R &lt;read filter&gt;         packet filter in Wireshark display filter syntax
+  -F &lt;field&gt;               field to display
+  -s                       skip PCAP header on input
+  -n                       disable all name resolution (def: all enabled)
+  -N &lt;name resolve flags&gt;  enable specific name resolution(s): "mntC"
+  -d &lt;encap:dlt&gt;|&lt;proto:protoname&gt;
+                           packet encapsulation or protocol
+Output:
+  -S                       format string for fields (%D - name, %S - stringval, %N numval)
+  -t ad|a|r|d|dd|e         output format of time stamps (def: r: rel. to first)
+  -l                       flush output after each packet
+
+Miscellaneous:
+  -h                       display this help and exit
+  -v                       display version info and exit
+  -o &lt;name&gt;:&lt;value&gt; ...    override preference setting
+      </programlisting>
+    </example>
+  </section>
+
   <section id="AppToolseditcap">
     <title><command>editcap</command>: Edit capture files</title>
     <para>
@@ -216,7 +264,7 @@ output format.
       <para>
       <programlisting>
 $ editcap -h
-Editcap 1.1.4
+Editcap 1.4.0
 Edit and/or translate the format of capture files.
 See http://www.wireshark.org for more information.
 
@@ -253,6 +301,14 @@ Packet manipulation:
   -C &lt;choplen&gt;           chop each packet at the end by &lt;choplen&gt; bytes.
   -t &lt;time adjustment&gt;   adjust the timestamp of each packet;
                          &lt;time adjustment&gt; is in relative seconds (e.g. -0.5).
+  -S &lt;strict adjustment&gt; adjust timestamp of packets if necessary to insure
+                         strict chronological increasing order. The &lt;strict
+                         adjustment&gt; is specified in relative seconds with
+                         values of 0 or 0.000001 being the most reasonable.
+                         A negative adjustment value will modify timestamps so
+                         that each packet's delta time is the absolute value
+                         of the adjustment specified. A value of -0 will set
+                         all packets to the timestamp of the first packet.
   -E &lt;error probability&gt; set the probability (between 0.0 and 1.0 incl.)
                          that a particular packet byte will be randomly changed.
 
@@ -285,7 +341,7 @@ Miscellaneous:
       <programlisting>
 $ editcap -F
 editcap: option requires an argument -- F
-editcap: The available capture file types for "F":
+editcap: The available capture file types for the "-F" flag are:
     libpcap - Wireshark/tcpdump/... - libpcap
     nseclibpcap - Wireshark - nanosecond libpcap
     modlibpcap - Modified tcpdump - libpcap
@@ -308,6 +364,9 @@ editcap: The available capture file types for "F":
     k12text - K12 text file
     commview - TamoSoft CommView
     pcapng - Wireshark - pcapng (experimental)
+    btsnoop - Symbian OS btsnoop
+    nstrace10 - NetScaler Trace (Version 1.0)
+    nstrace20 - NetScaler Trace (Version 2.0)
       </programlisting>
       </para>
     </example>
@@ -321,7 +380,8 @@ editcap: The available capture file types for "F":
       <programlisting>
 $ editcap -T
 editcap: option requires an argument -- T
-editcap: The available encapsulation types for "T":
+editcap: The available encapsulation types for the "-T" flag are:
+    unknown - Unknown
     ether - Ethernet
     tr - Token Ring
     slip - SLIP
@@ -438,6 +498,14 @@ editcap: The available encapsulation types for "T":
     tnef - Transport-Neutral Encapsulation Format
     usb-linux-mmap - USB packets with Linux header and padding
     gsm_um - GSM Um Interface
+    dpnss_link - Digital Private Signalling System No 1 Link Layer
+    packetlogger - PacketLogger
+    nstrace10 - NetScaler Encapsulation 1.0 of Ethernet
+    nstrace20 - NetScaler Encapsulation 2.0 of Ethernet
+    fc2 - Fibre Channel FC-2
+    fc2sof - Fibre Channel FC-2 With Frame Delimiter
+    jfif - JPEG/JFIF
+    ipnet - Solaris IPNET
       </programlisting>
       </para>
     </informalexample>
@@ -510,7 +578,7 @@ editcap: The available encapsulation types for "T":
       <title>Help information available from mergecap</title>
       <programlisting>
 $ mergecap -h
-Mergecap 1.1.4
+Mergecap 1.4.0
 Merge two or more capture files into one.
 See http://www.wireshark.org for more information.
 
diff --git a/docbook/wsug_src/WSUG_chapter_build_install.xml b/docbook/wsug_src/WSUG_chapter_build_install.xml
index 3b9bbee576..5af592f524 100644
--- a/docbook/wsug_src/WSUG_chapter_build_install.xml
+++ b/docbook/wsug_src/WSUG_chapter_build_install.xml
@@ -130,9 +130,9 @@
 	<example id="Ch02Ex1">
 	  <title>Building GTK+ from source</title>
 	  <programlisting>
-gzip -dc gtk+-1.2.10.tar.gz | tar xvf -
+gzip -dc gtk+-2.21.1.tar.gz | tar xvf -
 &lt;much output removed>
-cd gtk+-1.2.10
+cd gtk+-2.21.1
 ./configure
 &lt;much output removed>
 make
@@ -144,7 +144,7 @@ make install
 	<note>
 	  <title>Note!</title>
 	  <para>
-	    You may need to change the version number of gtk+ in 
+	    You may need to change the version number of GTK+ in
 	    <xref linkend="Ch02Ex1"/> to match the version of GTK+ you have 
 	      downloaded. The directory you change to will change if the 
 	      version of GTK+ changes, and in all cases, 
@@ -156,7 +156,7 @@ make install
 	  <title>Note!</title>
 	  <para>
 	    If you use Linux, or have GNU <command>tar</command> installed, 
-	    you can use <command>tar zxvf gtk+-1.2.10.tar.gz</command>. It 
+	    you can use <command>tar zxvf gtk+-2.21.1.tar.gz</command>. It
 	    is also possible to use <command>gunzip -c</command> or 
 	    <command>gzcat</command> rather than <command>gzip -dc</command> 
 	    on many UNIX systems.
@@ -165,8 +165,8 @@ make install
 	<note>
 	  <title>Note!</title>
 	  <para>
-	    If you downloaded gtk+ or any other tar file using Windows, 
-	    you may find your file called gtk+-1_2_8_tar.gz.
+	    If you downloaded GTK+ or any other tar file using Windows,
+	    you may find your file called gtk+-2_21_1_tar.gz.
 	  </para>
 	</note>
     </para>
@@ -184,9 +184,9 @@ make install
 	<example id="Ch2Ex2">
 	  <title>Building and installing libpcap</title>
 	  <programlisting>
-gzip -dc libpcap-0.9.4.tar.Z | tar xvf -
+gzip -dc libpcap-1.0.0.tar.Z | tar xvf -
 &lt;much output removed>
-cd libpcap-0.9.4
+cd libpcap-1.0.0
 ./configure
 &lt;much output removed>
 make
diff --git a/docbook/wsug_src/WSUG_chapter_capture.xml b/docbook/wsug_src/WSUG_chapter_capture.xml
index eb769f7059..9917f72645 100644
--- a/docbook/wsug_src/WSUG_chapter_capture.xml
+++ b/docbook/wsug_src/WSUG_chapter_capture.xml
@@ -894,7 +894,7 @@ wireshark -i eth0 -k
 		<entry>-</entry>
 		<entry>-</entry>
 		<entry><command>Single temporary file</command></entry>
-		<entry>etherXXXXXX (where XXXXXX is a unique number)</entry>
+		<entry>wiresharkXXXXXX (where XXXXXX is a unique number)</entry>
 	      </row>
 	      <row>
 		<entry>foo.cap</entry>
@@ -908,14 +908,14 @@ wireshark -i eth0 -k
 		<entry>x</entry>
 		<entry>-</entry>
 		<entry><command>Multiple files, continuous</command></entry>
-		<entry>foo_00001_20040205110102.cap, foo_00002_20040205110102.cap, ...</entry>
+		<entry>foo_00001_20100205110102.cap, foo_00002_20100205110318.cap, ...</entry>
 	      </row>
 	      <row>
 		<entry>foo.cap</entry>
 		<entry>x</entry>
 		<entry>x</entry>
 		<entry><command>Multiple files, ring buffer</command></entry>
-		<entry>foo_00001_20040205110102.cap, foo_00002_20040205110102.cap, ...</entry>
+		<entry>foo_00001_20100205110102.cap, foo_00002_20100205110318.cap, ...</entry>
 	      </row>
 	    </tbody>
       </tgroup>
diff --git a/docbook/wsug_src/WSUG_chapter_introduction.xml b/docbook/wsug_src/WSUG_chapter_introduction.xml
index a16c9bdf52..f0d748fd54 100644
--- a/docbook/wsug_src/WSUG_chapter_introduction.xml
+++ b/docbook/wsug_src/WSUG_chapter_introduction.xml
@@ -276,7 +276,14 @@
 	  can get it from <ulink
 	  url="http://www.wireshark.org/download/win32/all-versions/wireshark-setup-0.99.4.exe"
 	  />.
-	  Microsoft retired support for Windows NT 4.0 in 2005.
+	  Microsoft retired support for Windows NT 4.0 in 2004.
+	</para></listitem>
+	<listitem><para>
+	  Windows 2000 no longer works with Wireshark. The last known version
+	  to work was Wireshark 1.2.x (which includes WinPcap 4.1.1). You still
+	  can get it from <ulink
+	  url="http://www.wireshark.org/download/win32/all-versions/" />.
+	  Microsoft retired support for Windows 2000 in 2010.
 	</para></listitem>
 	<listitem><para>
 	  Windows CE and the embedded versions of Windows are not currently supported.
@@ -383,6 +390,12 @@
     <para>
       In 2006 the project moved house and re-emerged under a new name: Wireshark.
     </para>
+    <para>
+      In 2008, after ten years of development, Wireshark finally arrived at
+      version 1.0. This release was the first deemed complete, with the minimum
+      features implemented. Its release coincided with the first Wireshark
+      Developer and User Conference, called SharkFest.
+    </para>
   </section>
 
   <section id="ChIntroMaintenance">
@@ -560,8 +573,8 @@
 	<listitem>
 	  <para>
 	    The version number of Wireshark and the dependent libraries linked with
-		it, e.g. GTK+, etc. You can obtain this with the command
-	    <command>wireshark -v</command>.
+	    it, e.g. GTK+, etc. You can obtain this from the about dialog box
+	    of Wireshark, or with the command <command>wireshark -v</command>.
 	  </para>
 	</listitem>
 	<listitem>
diff --git a/docbook/wsug_src/WSUG_chapter_io.xml b/docbook/wsug_src/WSUG_chapter_io.xml
index 9ae2915af6..0d24fbe85b 100644
--- a/docbook/wsug_src/WSUG_chapter_io.xml
+++ b/docbook/wsug_src/WSUG_chapter_io.xml
@@ -178,16 +178,9 @@
 	    </para>
 	</listitem>
 	<listitem>
-	    <para>
- 		  XXX -  the "Filter:" button currently doesn't work on Windows!
-	    </para>
-	</listitem>
-	<listitem>
-	    <para>
-		  XXX - missing feature:
-		  If Wireshark doesn't recognize the selected file as a capture file, 
-		  it should grey out the "Open" button.		  
-	    </para>
+	    <note><para>
+ 		  The "Filter:" button currently doesn't work on Windows!
+	    </para></note>
 	</listitem>
 	</itemizedlist>
 		</entry>
diff --git a/docbook/wsug_src/WSUG_chapter_work.xml b/docbook/wsug_src/WSUG_chapter_work.xml
index 4cfd0f8413..fd41c3c937 100644
--- a/docbook/wsug_src/WSUG_chapter_work.xml
+++ b/docbook/wsug_src/WSUG_chapter_work.xml
@@ -247,7 +247,6 @@
 		<para>
 		  Copy the packet bytes to the clipboard as raw binary. The data is stored in the
 		  clipboard as MIME-type "application/octet-stream".</para>
-		<para>This option is not available in versions of Wireshark built using GTK+ 1.x.</para>
 		</entry>
 		  </row>
 	      <row>
@@ -449,7 +448,6 @@
 		  command, but copies only the bytes relevant to the selected part of the tree (the bytes selected
 		  in the Packet Bytes Pane). The data is stored in the
 		  clipboard as MIME-type "application/octet-stream".</para>
-		<para>This option is not available in versions of Wireshark built using GTK+ 1.x.</para>
 		</entry>
 		  </row>
 	      <row>