diff options
author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2010-06-03 21:39:38 +0000 |
---|---|---|
committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2010-06-03 21:39:38 +0000 |
commit | 578638c7ac1fcc02cfdfecb1eb23c712359980e8 (patch) | |
tree | 2e3f1339664bc988e1d6e70f1696e75aa7182478 /docbook | |
parent | 5a307bb6d1c6c09c20e34f381db9425517f335c8 (diff) |
Bring more texts and examples up to date.
svn path=/trunk/; revision=33078
Diffstat (limited to 'docbook')
-rw-r--r-- | docbook/wsug_src/WSUG_app_tools.xml | 80 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_build_install.xml | 16 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_capture.xml | 6 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_introduction.xml | 19 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_io.xml | 13 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_work.xml | 2 |
6 files changed, 104 insertions, 32 deletions
diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml index 6abf09b4c8..b67ecb8e37 100644 --- a/docbook/wsug_src/WSUG_app_tools.xml +++ b/docbook/wsug_src/WSUG_app_tools.xml @@ -84,7 +84,7 @@ tcpdump -i <interface> -s 65535 -w <some-file> <title>Help information available from dumpcap</title> <programlisting> dumpcap -h -Dumpcap 1.1.4 +Dumpcap 1.4.0 Capture network packets and dump them into a libpcap file. See http://www.wireshark.org for more information. @@ -114,6 +114,7 @@ Output (files): files:NUM - ringbuffer: replace after NUM files -n use pcapng format instead of pcap Miscellaneous: + -q don't report packet capture counts -v print version information and exit -h display this help and exit @@ -139,7 +140,7 @@ Use Ctrl-C to stop capturing at any time. <title>Help information available from capinfos</title> <programlisting> capinfos -h -Capinfos 1.3.5 +Capinfos 1.4.0 Prints various information (infos) about capture files. See http://www.wireshark.org for more information. @@ -160,6 +161,7 @@ Time infos: -u display the capture duration (in seconds) -a display the capture start time -e display the capture end time + -o display the capture file chronological (True/False) -S display start and end times as seconds Statistic infos: @@ -199,6 +201,52 @@ output format. </para> </section> + <section id="AppToolsrawshark" > + <title><command>rawshark</command>: Dump and analyze network traffic. + </title> + <para> + Rawshark reads a stream of packets from a file or pipe, and prints + a line describing its output, followed by a set of matching fields + for each packet on stdout. + </para> + <example id="AppToolsrawsharkEx"> + <title>Help information available from rawshark</title> + <programlisting> +$ rawshark -h +Rawshark 1.4.0 +Dump and analyze network traffic. +See http://www.wireshark.org for more information. + +Copyright 1998-2010 Gerald Combs <gerald@wireshark.org> and contributors. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Usage: rawshark [options] ... + +Input file: + -r <infile> set the pipe or file name to read from + +Processing: + -R <read filter> packet filter in Wireshark display filter syntax + -F <field> field to display + -s skip PCAP header on input + -n disable all name resolution (def: all enabled) + -N <name resolve flags> enable specific name resolution(s): "mntC" + -d <encap:dlt>|<proto:protoname> + packet encapsulation or protocol +Output: + -S format string for fields (%D - name, %S - stringval, %N numval) + -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first) + -l flush output after each packet + +Miscellaneous: + -h display this help and exit + -v display version info and exit + -o <name>:<value> ... override preference setting + </programlisting> + </example> + </section> + <section id="AppToolseditcap"> <title><command>editcap</command>: Edit capture files</title> <para> @@ -216,7 +264,7 @@ output format. <para> <programlisting> $ editcap -h -Editcap 1.1.4 +Editcap 1.4.0 Edit and/or translate the format of capture files. See http://www.wireshark.org for more information. @@ -253,6 +301,14 @@ Packet manipulation: -C <choplen> chop each packet at the end by <choplen> bytes. -t <time adjustment> adjust the timestamp of each packet; <time adjustment> is in relative seconds (e.g. -0.5). + -S <strict adjustment> adjust timestamp of packets if necessary to insure + strict chronological increasing order. The <strict + adjustment> is specified in relative seconds with + values of 0 or 0.000001 being the most reasonable. + A negative adjustment value will modify timestamps so + that each packet's delta time is the absolute value + of the adjustment specified. A value of -0 will set + all packets to the timestamp of the first packet. -E <error probability> set the probability (between 0.0 and 1.0 incl.) that a particular packet byte will be randomly changed. @@ -285,7 +341,7 @@ Miscellaneous: <programlisting> $ editcap -F editcap: option requires an argument -- F -editcap: The available capture file types for "F": +editcap: The available capture file types for the "-F" flag are: libpcap - Wireshark/tcpdump/... - libpcap nseclibpcap - Wireshark - nanosecond libpcap modlibpcap - Modified tcpdump - libpcap @@ -308,6 +364,9 @@ editcap: The available capture file types for "F": k12text - K12 text file commview - TamoSoft CommView pcapng - Wireshark - pcapng (experimental) + btsnoop - Symbian OS btsnoop + nstrace10 - NetScaler Trace (Version 1.0) + nstrace20 - NetScaler Trace (Version 2.0) </programlisting> </para> </example> @@ -321,7 +380,8 @@ editcap: The available capture file types for "F": <programlisting> $ editcap -T editcap: option requires an argument -- T -editcap: The available encapsulation types for "T": +editcap: The available encapsulation types for the "-T" flag are: + unknown - Unknown ether - Ethernet tr - Token Ring slip - SLIP @@ -438,6 +498,14 @@ editcap: The available encapsulation types for "T": tnef - Transport-Neutral Encapsulation Format usb-linux-mmap - USB packets with Linux header and padding gsm_um - GSM Um Interface + dpnss_link - Digital Private Signalling System No 1 Link Layer + packetlogger - PacketLogger + nstrace10 - NetScaler Encapsulation 1.0 of Ethernet + nstrace20 - NetScaler Encapsulation 2.0 of Ethernet + fc2 - Fibre Channel FC-2 + fc2sof - Fibre Channel FC-2 With Frame Delimiter + jfif - JPEG/JFIF + ipnet - Solaris IPNET </programlisting> </para> </informalexample> @@ -510,7 +578,7 @@ editcap: The available encapsulation types for "T": <title>Help information available from mergecap</title> <programlisting> $ mergecap -h -Mergecap 1.1.4 +Mergecap 1.4.0 Merge two or more capture files into one. See http://www.wireshark.org for more information. diff --git a/docbook/wsug_src/WSUG_chapter_build_install.xml b/docbook/wsug_src/WSUG_chapter_build_install.xml index 3b9bbee576..5af592f524 100644 --- a/docbook/wsug_src/WSUG_chapter_build_install.xml +++ b/docbook/wsug_src/WSUG_chapter_build_install.xml @@ -130,9 +130,9 @@ <example id="Ch02Ex1"> <title>Building GTK+ from source</title> <programlisting> -gzip -dc gtk+-1.2.10.tar.gz | tar xvf - +gzip -dc gtk+-2.21.1.tar.gz | tar xvf - <much output removed> -cd gtk+-1.2.10 +cd gtk+-2.21.1 ./configure <much output removed> make @@ -144,7 +144,7 @@ make install <note> <title>Note!</title> <para> - You may need to change the version number of gtk+ in + You may need to change the version number of GTK+ in <xref linkend="Ch02Ex1"/> to match the version of GTK+ you have downloaded. The directory you change to will change if the version of GTK+ changes, and in all cases, @@ -156,7 +156,7 @@ make install <title>Note!</title> <para> If you use Linux, or have GNU <command>tar</command> installed, - you can use <command>tar zxvf gtk+-1.2.10.tar.gz</command>. It + you can use <command>tar zxvf gtk+-2.21.1.tar.gz</command>. It is also possible to use <command>gunzip -c</command> or <command>gzcat</command> rather than <command>gzip -dc</command> on many UNIX systems. @@ -165,8 +165,8 @@ make install <note> <title>Note!</title> <para> - If you downloaded gtk+ or any other tar file using Windows, - you may find your file called gtk+-1_2_8_tar.gz. + If you downloaded GTK+ or any other tar file using Windows, + you may find your file called gtk+-2_21_1_tar.gz. </para> </note> </para> @@ -184,9 +184,9 @@ make install <example id="Ch2Ex2"> <title>Building and installing libpcap</title> <programlisting> -gzip -dc libpcap-0.9.4.tar.Z | tar xvf - +gzip -dc libpcap-1.0.0.tar.Z | tar xvf - <much output removed> -cd libpcap-0.9.4 +cd libpcap-1.0.0 ./configure <much output removed> make diff --git a/docbook/wsug_src/WSUG_chapter_capture.xml b/docbook/wsug_src/WSUG_chapter_capture.xml index eb769f7059..9917f72645 100644 --- a/docbook/wsug_src/WSUG_chapter_capture.xml +++ b/docbook/wsug_src/WSUG_chapter_capture.xml @@ -894,7 +894,7 @@ wireshark -i eth0 -k <entry>-</entry> <entry>-</entry> <entry><command>Single temporary file</command></entry> - <entry>etherXXXXXX (where XXXXXX is a unique number)</entry> + <entry>wiresharkXXXXXX (where XXXXXX is a unique number)</entry> </row> <row> <entry>foo.cap</entry> @@ -908,14 +908,14 @@ wireshark -i eth0 -k <entry>x</entry> <entry>-</entry> <entry><command>Multiple files, continuous</command></entry> - <entry>foo_00001_20040205110102.cap, foo_00002_20040205110102.cap, ...</entry> + <entry>foo_00001_20100205110102.cap, foo_00002_20100205110318.cap, ...</entry> </row> <row> <entry>foo.cap</entry> <entry>x</entry> <entry>x</entry> <entry><command>Multiple files, ring buffer</command></entry> - <entry>foo_00001_20040205110102.cap, foo_00002_20040205110102.cap, ...</entry> + <entry>foo_00001_20100205110102.cap, foo_00002_20100205110318.cap, ...</entry> </row> </tbody> </tgroup> diff --git a/docbook/wsug_src/WSUG_chapter_introduction.xml b/docbook/wsug_src/WSUG_chapter_introduction.xml index a16c9bdf52..f0d748fd54 100644 --- a/docbook/wsug_src/WSUG_chapter_introduction.xml +++ b/docbook/wsug_src/WSUG_chapter_introduction.xml @@ -276,7 +276,14 @@ can get it from <ulink url="http://www.wireshark.org/download/win32/all-versions/wireshark-setup-0.99.4.exe" />. - Microsoft retired support for Windows NT 4.0 in 2005. + Microsoft retired support for Windows NT 4.0 in 2004. + </para></listitem> + <listitem><para> + Windows 2000 no longer works with Wireshark. The last known version + to work was Wireshark 1.2.x (which includes WinPcap 4.1.1). You still + can get it from <ulink + url="http://www.wireshark.org/download/win32/all-versions/" />. + Microsoft retired support for Windows 2000 in 2010. </para></listitem> <listitem><para> Windows CE and the embedded versions of Windows are not currently supported. @@ -383,6 +390,12 @@ <para> In 2006 the project moved house and re-emerged under a new name: Wireshark. </para> + <para> + In 2008, after ten years of development, Wireshark finally arrived at + version 1.0. This release was the first deemed complete, with the minimum + features implemented. Its release coincided with the first Wireshark + Developer and User Conference, called SharkFest. + </para> </section> <section id="ChIntroMaintenance"> @@ -560,8 +573,8 @@ <listitem> <para> The version number of Wireshark and the dependent libraries linked with - it, e.g. GTK+, etc. You can obtain this with the command - <command>wireshark -v</command>. + it, e.g. GTK+, etc. You can obtain this from the about dialog box + of Wireshark, or with the command <command>wireshark -v</command>. </para> </listitem> <listitem> diff --git a/docbook/wsug_src/WSUG_chapter_io.xml b/docbook/wsug_src/WSUG_chapter_io.xml index 9ae2915af6..0d24fbe85b 100644 --- a/docbook/wsug_src/WSUG_chapter_io.xml +++ b/docbook/wsug_src/WSUG_chapter_io.xml @@ -178,16 +178,9 @@ </para> </listitem> <listitem> - <para> - XXX - the "Filter:" button currently doesn't work on Windows! - </para> - </listitem> - <listitem> - <para> - XXX - missing feature: - If Wireshark doesn't recognize the selected file as a capture file, - it should grey out the "Open" button. - </para> + <note><para> + The "Filter:" button currently doesn't work on Windows! + </para></note> </listitem> </itemizedlist> </entry> diff --git a/docbook/wsug_src/WSUG_chapter_work.xml b/docbook/wsug_src/WSUG_chapter_work.xml index 4cfd0f8413..fd41c3c937 100644 --- a/docbook/wsug_src/WSUG_chapter_work.xml +++ b/docbook/wsug_src/WSUG_chapter_work.xml @@ -247,7 +247,6 @@ <para> Copy the packet bytes to the clipboard as raw binary. The data is stored in the clipboard as MIME-type "application/octet-stream".</para> - <para>This option is not available in versions of Wireshark built using GTK+ 1.x.</para> </entry> </row> <row> @@ -449,7 +448,6 @@ command, but copies only the bytes relevant to the selected part of the tree (the bytes selected in the Packet Bytes Pane). The data is stored in the clipboard as MIME-type "application/octet-stream".</para> - <para>This option is not available in versions of Wireshark built using GTK+ 1.x.</para> </entry> </row> <row> |