diff options
author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2009-12-02 19:33:28 +0000 |
---|---|---|
committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2009-12-02 19:33:28 +0000 |
commit | 85f4872301bfbe44b3247ebe0631170820873789 (patch) | |
tree | a1428de7de26904b47434f125f8b8d48d5153308 /docbook | |
parent | b3a836bc230429b3ed35ac81201192d3abf42e31 (diff) |
Update User Guide:
- New Capture Options dialog.
- Add Remote Capture section.
svn path=/trunk/; revision=31154
Diffstat (limited to 'docbook')
-rw-r--r-- | docbook/Makefile.common | 3 | ||||
-rw-r--r-- | docbook/user-guide.xml | 59 | ||||
-rw-r--r-- | docbook/wsug_graphics/ws-capture-options-remote-capture.png | bin | 0 -> 26463 bytes | |||
-rw-r--r-- | docbook/wsug_graphics/ws-capture-options-remote-interface.png | bin | 0 -> 28506 bytes | |||
-rw-r--r-- | docbook/wsug_graphics/ws-capture-options-remote-settings.png | bin | 0 -> 30294 bytes | |||
-rw-r--r-- | docbook/wsug_graphics/ws-capture-options.png | bin | 34034 -> 25415 bytes | |||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_capture.xml | 235 |
7 files changed, 250 insertions, 47 deletions
diff --git a/docbook/Makefile.common b/docbook/Makefile.common index 058f8f7f2a..519d6cfcd1 100644 --- a/docbook/Makefile.common +++ b/docbook/Makefile.common @@ -31,6 +31,9 @@ WSUG_GRAPHICS = \ wsug_graphics/ws-capture-interfaces-win32.png \ wsug_graphics/ws-capture-menu.png \ wsug_graphics/ws-capture-options.png \ + wsug_graphics/ws-capture-options-remote-capture.png \ + wsug_graphics/ws-capture-options-remote-interface.png \ + wsug_graphics/ws-capture-options-remote-settings.png \ wsug_graphics/ws-capture-preferences.png \ wsug_graphics/ws-choose-color-rule.png \ wsug_graphics/ws-coloring-fields.png \ diff --git a/docbook/user-guide.xml b/docbook/user-guide.xml index d19114685c..8e6b457072 100644 --- a/docbook/user-guide.xml +++ b/docbook/user-guide.xml @@ -30,7 +30,6 @@ BIOGRAPHICAL SECTION <!ENTITY AuthorOtherName4 "Enrique"> <!ENTITY AuthorSurname4 "Garcia Ontanon"> - <!--Author's Affiliation --> <!ENTITY AuthorShortAffiliation ""> <!ENTITY AuthorJobTitle ""> @@ -56,10 +55,6 @@ BIOGRAPHICAL SECTION <!ENTITY AuthorOrgDiv4 ""> <!ENTITY AuthorEmail4 "luis [at] ontanon.org"> - - - - <!-- DOCUMENT SECTION -Use this section to encode all document information @@ -85,7 +80,7 @@ DOCUMENT SECTION <!-- Wireshark Info --> - <!ENTITY WiresharkCurrentVersion "1.2.0"> + <!ENTITY WiresharkCurrentVersion "1.2"> <!ENTITY WiresharkWebSite "http://www.wireshark.org"> <!ENTITY WiresharkUsersGuidePage "&WiresharkWebSite;/docs/"> <!ENTITY WiresharkDownloadPage "&WiresharkWebSite;/download.html"> @@ -100,11 +95,11 @@ Wireshark Info <!ENTITY WiresharkWikiDisplayFiltersPage "&WiresharkWikiPage;/DisplayFilters"> <!ENTITY WiresharkWikiColoringRulesPage "&WiresharkWikiPage;/ColoringRules"> <!ENTITY WiresharkWikiPreferencesPage "&WiresharkWikiPage;/Preferences"> + <!ENTITY WiresharkWikiPcapNgPage "&WiresharkWikiPage;/Development/PcapNg"> <!ENTITY WiresharkDevMailList "wireshark-dev[AT]wireshark.org"> <!ENTITY WiresharkUsersMailList "wireshark-users[AT]wireshark.org"> - <!-- Winpcap Info --> @@ -198,11 +193,6 @@ FILE SECTION <!ENTITY WiresharkBytesPanePopupMenu SYSTEM "./wsug_graphics/ws-bytes-pane-popup-menu.png" NDATA PNG> <!ENTITY WiresharkFilterAddExpression SYSTEM "./wsug_graphics/ws-filter-add-expression.png" NDATA PNG> <!ENTITY WiresharkFilters2 SYSTEM "./wsug_graphics/ws-filters-2.png" NDATA PNG> - <!ENTITY WiresharkCaptureInterfacesDialog SYSTEM "./wsug_graphics/ws-capture-interfaces.png" NDATA PNG> - <!ENTITY WiresharkCaptureInterfacesDialogWin32 SYSTEM "./wsug_graphics/ws-capture-interfaces-win32.png" NDATA PNG> - <!ENTITY WiresharkCaptureOptionsDialog SYSTEM "./wsug_graphics/ws-capture-options.png" NDATA PNG> - <!ENTITY WiresharkCaptureInterfaceDetailsDialog SYSTEM "./wsug_graphics/ws-capture-interface-details.png" NDATA PNG> - <!ENTITY WiresharkCaptureInfoDialog SYSTEM "./wsug_graphics/ws-capture-info.png" NDATA PNG> <!ENTITY WiresharkTimeReference SYSTEM "./wsug_graphics/ws-time-reference.png" NDATA PNG> <!ENTITY WiresharkEnabledProtocols SYSTEM "./wsug_graphics/ws-enabled-protocols.png" NDATA PNG> <!ENTITY WiresharkDecodeAs SYSTEM "./wsug_graphics/ws-decode-as.png" NDATA PNG> @@ -254,6 +244,16 @@ FILE SECTION <!ENTITY WiresharkStatsSrtDcerpcFilter SYSTEM "./wsug_graphics/ws-stats-srt-dcerpc-filter.png" NDATA PNG> <!ENTITY WiresharkStatsSrtDcerpc SYSTEM "./wsug_graphics/ws-stats-srt-dcerpc.png" NDATA PNG> + <!-- Fourth Chapter --> + <!ENTITY WiresharkCaptureInterfacesDialog SYSTEM "./wsug_graphics/ws-capture-interfaces.png" NDATA PNG> + <!ENTITY WiresharkCaptureInterfacesDialogWin32 SYSTEM "./wsug_graphics/ws-capture-interfaces-win32.png" NDATA PNG> + <!ENTITY WiresharkCaptureOptionsDialog SYSTEM "./wsug_graphics/ws-capture-options.png" NDATA PNG> + <!ENTITY WiresharkCaptureInterfaceDetailsDialog SYSTEM "./wsug_graphics/ws-capture-interface-details.png" NDATA PNG> + <!ENTITY WiresharkCaptureInfoDialog SYSTEM "./wsug_graphics/ws-capture-info.png" NDATA PNG> + <!ENTITY WiresharkCaptureOptionsRemoteInterfacesDialog SYSTEM "./wsug_graphics/ws-capture-options-remote-interface.png" NDATA PNG> + <!ENTITY WiresharkCaptureOptionsRemoteCaptureDialog SYSTEM "./wsug_graphics/ws-capture-options-remote-capture.png" NDATA PNG> + <!ENTITY WiresharkCaptureOptionsRemoteSettingsDialog SYSTEM "./wsug_graphics/ws-capture-options-remote-settings.png" NDATA PNG> + <!-- Fifth Chapter --> <!ENTITY WiresharkOpenDialog20 SYSTEM "./wsug_graphics/ws-open-gtk20.png" NDATA PNG> <!ENTITY WiresharkSaveAsDialog20 SYSTEM "./wsug_graphics/ws-save-as-gtk20.png" NDATA PNG> @@ -274,6 +274,7 @@ FILE SECTION <!ENTITY WiresharkPrint SYSTEM "./wsug_graphics/ws-print.png" NDATA PNG> <!ENTITY WiresharkPacketRangeFrame SYSTEM "./wsug_graphics/ws-packet-range.png" NDATA PNG> <!ENTITY WiresharkPacketFormatFrame SYSTEM "./wsug_graphics/ws-packet-format.png" NDATA PNG> + <!-- Sixth Chapter --> <!-- Appendices etc --> @@ -300,31 +301,27 @@ FILE SECTION <!ENTITY AppProtocols SYSTEM "wsug_src/WSUG_app_protocols.xml"> <!ENTITY AppHowItWorks SYSTEM "wsug_src/WSUG_app_howitworks.xml"> <!ENTITY AppTools SYSTEM "wsug_src/WSUG_app_tools.xml"> - <!ENTITY AppGPL SYSTEM "GPL_appendix.xml"> - + <!ENTITY AppGPL SYSTEM "GPL_appendix.xml"> <!-- WSLua Reference Manual --> - - <!ENTITY WsLuaRm SYSTEM "wsluarm.xml"> - <!ENTITY WsLuaDumper SYSTEM "wsluarm_src/wslua_dumper.xml"> - <!ENTITY WsLuaField SYSTEM "wsluarm_src/wslua_field.xml"> - <!ENTITY WsLuaGui SYSTEM "wsluarm_src/wslua_gui.xml"> - <!ENTITY WsLuaListener SYSTEM "wsluarm_src/wslua_listener.xml"> - <!ENTITY WsLuaPinfo SYSTEM "wsluarm_src/wslua_pinfo.xml"> - <!ENTITY WsLuaProto SYSTEM "wsluarm_src/wslua_proto.xml"> - <!ENTITY WsLuaTree SYSTEM "wsluarm_src/wslua_tree.xml"> - <!ENTITY WsLuaTvb SYSTEM "wsluarm_src/wslua_tvb.xml"> - <!ENTITY WsLuaUtility SYSTEM "wsluarm_src/wslua_util.xml"> + <!ENTITY WsLuaRm SYSTEM "wsluarm.xml"> + <!ENTITY WsLuaDumper SYSTEM "wsluarm_src/wslua_dumper.xml"> + <!ENTITY WsLuaField SYSTEM "wsluarm_src/wslua_field.xml"> + <!ENTITY WsLuaGui SYSTEM "wsluarm_src/wslua_gui.xml"> + <!ENTITY WsLuaListener SYSTEM "wsluarm_src/wslua_listener.xml"> + <!ENTITY WsLuaPinfo SYSTEM "wsluarm_src/wslua_pinfo.xml"> + <!ENTITY WsLuaProto SYSTEM "wsluarm_src/wslua_proto.xml"> + <!ENTITY WsLuaTree SYSTEM "wsluarm_src/wslua_tree.xml"> + <!ENTITY WsLuaTvb SYSTEM "wsluarm_src/wslua_tvb.xml"> + <!ENTITY WsLuaUtility SYSTEM "wsluarm_src/wslua_util.xml"> ]> <book> <title>&DocumentTitle;</title> <subtitle>&DocumentSubTitle;</subtitle> - <!-- - --> &BookMetaInformation; &Preface; &ChapterIntroduction; @@ -345,15 +342,11 @@ WSLua Reference Manual &AppTools; &AppGPL; - <!-- - Removed, as these chapters must be reworked + + <!-- Removed, as these chapters must be reworked &Glossary; &Index; - Removed, as this chapter is not finished &AppHowItWorks; - Removed, as this chapter has to be reworked &ChapterTroubleshoot; --> - - </book> diff --git a/docbook/wsug_graphics/ws-capture-options-remote-capture.png b/docbook/wsug_graphics/ws-capture-options-remote-capture.png Binary files differnew file mode 100644 index 0000000000..d51b10f563 --- /dev/null +++ b/docbook/wsug_graphics/ws-capture-options-remote-capture.png diff --git a/docbook/wsug_graphics/ws-capture-options-remote-interface.png b/docbook/wsug_graphics/ws-capture-options-remote-interface.png Binary files differnew file mode 100644 index 0000000000..b95fbbf268 --- /dev/null +++ b/docbook/wsug_graphics/ws-capture-options-remote-interface.png diff --git a/docbook/wsug_graphics/ws-capture-options-remote-settings.png b/docbook/wsug_graphics/ws-capture-options-remote-settings.png Binary files differnew file mode 100644 index 0000000000..d222352348 --- /dev/null +++ b/docbook/wsug_graphics/ws-capture-options-remote-settings.png diff --git a/docbook/wsug_graphics/ws-capture-options.png b/docbook/wsug_graphics/ws-capture-options.png Binary files differindex 2c3453301b..7b5d5b6dc4 100644 --- a/docbook/wsug_graphics/ws-capture-options.png +++ b/docbook/wsug_graphics/ws-capture-options.png diff --git a/docbook/wsug_src/WSUG_chapter_capture.xml b/docbook/wsug_src/WSUG_chapter_capture.xml index de9b4c91a1..eb769f7059 100644 --- a/docbook/wsug_src/WSUG_chapter_capture.xml +++ b/docbook/wsug_src/WSUG_chapter_capture.xml @@ -273,7 +273,7 @@ wireshark -i eth0 -k </para> <figure id="ChCapCaptureOptionsDialog"> <title>The "Capture Options" dialog box</title> - <graphic entityref="WiresharkCaptureOptionsDialog" format="JPG"/> + <graphic entityref="WiresharkCaptureOptionsDialog"/> </figure> <tip><title>Tip!</title> <para> @@ -286,20 +286,32 @@ wireshark -i eth0 -k </para> <section><title>Capture frame</title> <variablelist> + <varlistentry><term><command>Interface (Windows only)</command></term> + <listitem> + <para> + The drop down list allows you to select the group of interfaces you + want look at. Normally that would be the local interfaces, but here you + can also select a remote interface. Any previously opened remote + interfaces will be added to this list also. + </para> + </listitem> + </varlistentry> <varlistentry><term><command>Interface</command></term> <listitem> <para> - This field specifies the interface you want to capture on. - You can only capture on one interface, and you can only - capture on interfaces that Wireshark has found on the - system. It is a drop-down list, so simply click on the - button on the right hand side and select the interface you - want. It defaults to the first non-loopback interface that - supports capturing, and if there are none, the first - loopback interface. On some systems, loopback interfaces - cannot be used for capturing (loopback interfaces are not available - on Windows platforms). + This field specifies the interface you want to capture on. You can + only capture on one interface, and you can only capture on interfaces + that Wireshark has found on the system, either local or remote. It is + a drop-down list, so simply click on the button on the right hand side + and select the interface you want. It defaults to the first + non-loopback interface that supports capturing, and if there are none, + the first loopback interface. On some systems, loopback interfaces + cannot be used for capturing </para> + <note> + <title>Note</title> + <para>loopback interfaces are not available on Windows platforms.</para> + </note> <para> This field performs the same function as the <command>-i <interface></command> command line option. @@ -323,6 +335,14 @@ wireshark -i eth0 -k </para> </listitem> </varlistentry> + <varlistentry><term><command>Remote setting (Windows only)</command></term> + <listitem> + <para> + Here you can set the settings for remote capture. + For a detailed description, see <xref linkend="ChCapInterfaceRemoteSection"/> + </para> + </listitem> + </varlistentry> <varlistentry><term><command>Buffer size: n megabyte(s)</command></term> <listitem> <para> @@ -354,7 +374,7 @@ wireshark -i eth0 -k <para> If some other process has put the interface in promiscuous mode you may be capturing in promiscuous - mode even if you turn off this option + mode even if you turn off this option. </para> </note> <note> @@ -367,13 +387,33 @@ wireshark -i eth0 -k </note> </listitem> </varlistentry> + <varlistentry> + <term> + <command>Capture packets in pcap-ng format</command> + </term> + <listitem> + <para> + This checkbox allows you to specify that Wireshark saves the captured + packets in pcap-ng format. This next generation capture file format is + currently in development. + </para> + <warning> + <title>Warning</title> + <para> + This is an experimental feature. The resulting saved file may or may + not be valid. See <ulink url="&WiresharkWikiPcapNgPage;"/> for more + details on pcap-ng. + </para> + </warning> + </listitem> + </varlistentry> <varlistentry><term><command>Limit each packet to n bytes</command></term> <listitem> <para> This field allows you to specify the maximum amount of data that will be captured for each packet, and is sometimes referred to as the <command>snaplen</command>. If disabled, - the default is 65535, which will be sufficient for most + the value is set to the maximum 65535, which will be sufficient for most protocols. Some rules of thumb: </para> <itemizedlist> @@ -606,7 +646,174 @@ wireshark -i eth0 -k </para> </section> </section> - + + <section id="ChCapInterfaceRemoteSection"> + <title>The "Remote Capture Interfaces" dialog box</title> + <para> + Besides doing capture on local interfaces Wireshark is capable of + reaching out across the network to a so called capture daemon or service + processes to receive captured data from. + </para> + <note><title>Microsoft Windows only</title> + <para> + This dialog and capability is only available on Microsoft Windows. On + Linux/Unix you can achieve the same effect (securely) through an SSH + tunnel. + </para> + </note> + <para> + The Remote Packet Capture Protocol service must first be running on the + target platform before Wireshark can connect to it. The easiest way is + to install WinPcap from <ulink url="&WinPcapDownloadWebsite;"/> on the + target. Once installation is completed go to the Services control panel, + find the Remote Packet Capture Protocol service and start it. + </para> + <note><title>Note</title> + <para> + Make sure you have outside access to port 2002 on the target platform. + This is the port where the Remote Packet Capture Protocol service can + be reached, by default. + </para> + </note> + <para> + To access the Remote Capture Interfaces dialog use the Interfaces + dropdown list on the "Capture Options" dialog, see + <xref linkend="ChCapCaptureOptionsDialog"/>, and select "Remote...". + </para> + <section><title>Remote Capture Interfaces</title> + <figure id="ChCapInterfaceRemoteDialog"> + <title>The "Remote Capture Interfaces" dialog box</title> + <graphic entityref="WiresharkCaptureOptionsRemoteInterfacesDialog" format="PNG"/> + </figure> + <para> + You have to set the following parameter in this dialog: + </para> + + <variablelist> + <varlistentry><term><command>Host</command></term> + <listitem> + <para> + Enter the IP address or host name of the target platform where the + Remote Packet Capture Protocol service is listening. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Port</command></term> + <listitem> + <para> + Set the port number where the Remote Packet Capture Protocol service + is listening on. Leave open to use the default port (2002). + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Null authentication</command></term> + <listitem> + <para> + Select this if you don't need authentication to take place for a + remote capture to be started. This depends on the target platform. + Configuring the target platform like this makes it insecure. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Password authentication</command></term> + <listitem> + <para> + This is the normal way of connecting to a target platform. Set the + credentials needed to connect to the Remote Packet Capture Protocol + service. + </para> + </listitem> + </varlistentry> + </variablelist> + </section> + <section><title>Remote Capture</title> + <para> + When the connection to the Remote Packet Capture Protocol service is + successfully established the "Capture Options" dialog looks like this, + see <xref linkend="ChCapInterfaceRemoteCapDialog"/>. + </para> + <figure id="ChCapInterfaceRemoteCapDialog"> + <title>The "Remote Capture" dialog box</title> + <graphic entityref="WiresharkCaptureOptionsRemoteCaptureDialog" format="PNG"/> + </figure> + <para> + The Interface dropdown list now shows the IP address or host name of the + Remote Packet Capture Protocol service and the other field shows the + interfaces on the remote target. After selecting the desired interface + just click <command>Start</command> to start the remote capture. + </para> + </section> + <section><title>Remote Capture Settings</title> + <para> + The remote capture can be furhter fine tuned to match your situation. + The <command>Remote Settings</command> button gives you this option. + It pops up the dialog shown in + <xref linkend="ChCapInterfaceRemoteSettingsDialog"/>. + </para> + <figure id="ChCapInterfaceRemoteSettingsDialog"> + <title>The "Remote Capture Settings" dialog box</title> + <graphic entityref="WiresharkCaptureOptionsRemoteSettingsDialog" format="PNG"/> + </figure> + <para> + You can set the following parameters in this dialog: + </para> + <variablelist> + <varlistentry><term><command>Do not capture own RPCAP traffic</command></term> + <listitem> + <para> + This option sets a capture filter so that the traffic flowing back + from the Remote Packet Capture Protocol service to Wireshark isn't + captured as well and also send back. The recursion in this saturates + the link with duplicate traffic. + </para> + <para> + You only should switch this off when capturing on an interface other + then the interface connecting back to Wireshark. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Use UDP for data transfer</command></term> + <listitem> + <para> + Remote capture control and data flows over a TCP connection. This + option allows you to choose an UDP stream for data transfer. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Sampling option None</command></term> + <listitem> + <para> + This option instructs the Remote Packet Capture Protocol service to + send back all captured packets which have passed the capture filter. + This is usually not a problem on a remote capture session with + sufficient bandwidth. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Sampling option 1 of x packets</command></term> + <listitem> + <para> + This option limits the Remote Packet Capture Protocol service to send + only a sub sampling of the captured data, in terms of number of + packets. This allows capture over a narrow band remote capture + session of a higher bandwidth interface. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Sampling option 1 every x milliseconds</command></term> + <listitem> + <para> + This option limits the Remote Packet Capture Protocol service to send + only a sub sampling of the captured data, in terms of time. This + allows capture over a narrow band capture session of a higher + bandwidth interface. + </para> + </listitem> + </varlistentry> + </variablelist> + </section> + </section> + <section id="ChCapInterfaceDetailsSection"> <title>The "Interface Details" dialog box</title> <para> |