Add support for generating firewall ACL rules. MAC, IPv4, port, and

IPv4+port rules are supported along with several syntaxes: IOS standard,
IOS extended, ipfilter, ipfw, pf, and netsh.  IPv6 is currently not
supported, but shouldn't be too difficult to add.

All of the rules were created using the documentation for each product.
None of them have been tested.  For the time being, use them with
caution.

svn path=/trunk/; revision=18737

2 files changed, 606 insertions, 593 deletions

diff --git a/docbook/wsug_src/WSUG_chapter_advanced.xml b/docbook/wsug_src/WSUG_chapter_advanced.xml
index b310fe3131..2ba9a028ff 100644
--- a/docbook/wsug_src/WSUG_chapter_advanced.xml
+++ b/docbook/wsug_src/WSUG_chapter_advanced.xml
@@ -4,37 +4,37 @@
 
 <chapter id="ChapterAdvanced">
   <title>Advanced Topics</title>
-  
+
   <section id="ChAdvIntroduction"><title>Introduction</title>
   <para>
   In this chapter some of the advanced features of Wireshark will be described.
   </para>
   </section>
-  
+
   <section id="ChAdvFollowTCPSection"><title>Following TCP streams</title>
     <para>
 	  If you are working with TCP based protocols it can be very helpful
-      to see the data from a TCP stream in the way that the application 
-	  layer sees it. 
-	  Perhaps you are looking for passwords in a Telnet stream, or you 
+    to see the data from a TCP stream in the way that the application
+	  layer sees it.
+	  Perhaps you are looking for passwords in a Telnet stream, or you
 	  are trying to make sense of a data stream.
-	  Maybe you just need a display filter to show only the packets of that 
+	  Maybe you just need a display filter to show only the packets of that
 	  TCP stream.
-	  If so, Wireshark's ability to follow a TCP stream will be useful to you. 
+	  If so, Wireshark's ability to follow a TCP stream will be useful to you.
     </para>
     <para>
-      Simply select a TCP packet in the packet list of the stream/connection 
-	  you are interested in and then select the Follow TCP Stream menu item 
-	  from the Wireshark Tools menu (or use the context menu in the packet 
+      Simply select a TCP packet in the packet list of the stream/connection
+	  you are interested in and then select the Follow TCP Stream menu item
+	  from the Wireshark Tools menu (or use the context menu in the packet
 	  list).
 	  Wireshark will set an appropriate display filter and pop up a dialog
-	  box with all the data from the TCP stream laid out in order, 
+	  box with all the data from the TCP stream laid out in order,
 	  as shown in <xref linkend="ChAdvFollowStream"/>.
     </para>
     <note>
       <title>Note!</title>
       <para>
-	It is worthwhile noting that Follow TCP Stream installs a display filter 
+	It is worthwhile noting that Follow TCP Stream installs a display filter
 	to select all the packets in the TCP stream you have selected.
       </para>
     </note>
@@ -44,11 +44,11 @@
       <graphic entityref="WiresharkFollowStream" format="PNG"/>
     </figure>
     <para>
-	The stream content is displayed in the same sequence as it appeared on 
-	the network. 
-	Traffic from A to B is marked in red, while traffic from B to A is 
-	marked in blue. 
-	If you like, you can change these colors in the Edit/Preferences 
+	The stream content is displayed in the same sequence as it appeared on
+	the network.
+	Traffic from A to B is marked in red, while traffic from B to A is
+	marked in blue.
+	If you like, you can change these colors in the Edit/Preferences
 	"Colors" page.
     </para>
     <para>
@@ -56,7 +56,7 @@
 	XXX - What about line wrapping (maximum line length) and CRNL conversions?
     </para>
     <para>
-	The stream content won't be updated while doing a live capture. 
+	The stream content won't be updated while doing a live capture.
 	To get the latest content you'll have to reopen the dialog.
     </para>
     <para>
@@ -76,20 +76,20 @@
 	</listitem>
 	<listitem>
 	  <para>
-	    <command>Direction</command> Choose the stream direction to be 
-		displayed ("Entire conversation", "data from A to B only" or "data 
+	    <command>Direction</command> Choose the stream direction to be
+		displayed ("Entire conversation", "data from A to B only" or "data
 		from B to A only").
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    <command>Filter out this stream</command> Apply a display filter 
+	    <command>Filter out this stream</command> Apply a display filter
 		removing the current TCP stream data from the display.
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    <command>Close</command> Close this dialog box, leaving the current 
+	    <command>Close</command> Close this dialog box, leaving the current
 		display filter in effect.
 	  </para>
 	</listitem>
@@ -100,8 +100,8 @@
       <orderedlist>
 	<listitem>
 	  <para>
-	    <command>ASCII</command>. In this view you see the data from 
-	    each direction in ASCII. Obviously best for ASCII based protocols, 
+	    <command>ASCII</command>. In this view you see the data from
+	    each direction in ASCII. Obviously best for ASCII based protocols,
 		e.g. HTTP.
 	  </para>
 	</listitem>
@@ -112,9 +112,9 @@
 	</listitem>
 	<listitem>
 	  <para>
-	    <command>HEX Dump</command>. This allows you to see all the 
-	    data. 
-		This will require a lot of screen space and is best used with 
+	    <command>HEX Dump</command>. This allows you to see all the
+	    data.
+		This will require a lot of screen space and is best used with
 		binary protocols.
 	  </para>
 	</listitem>
@@ -126,9 +126,9 @@
 	</listitem>
 	<listitem>
 	  <para>
-	    <command>Raw</command>. This allows you to load the unaltered stream 
-		data into a different program for further examination. 
-		The display will look the same as the ASCII setting, but "Save As" 
+	    <command>Raw</command>. This allows you to load the unaltered stream
+		data into a different program for further examination.
+		The display will look the same as the ASCII setting, but "Save As"
 		will result in a binary file.
 	  </para>
 	</listitem>
@@ -139,61 +139,61 @@
 
   <section id="ChAdvTimestamps"><title>Time Stamps</title>
 	<para>
-	Time stamps, their precisions and all that can be quite 
-	confusing, this section will provide you with information what's going 
+	Time stamps, their precisions and all that can be quite
+	confusing, this section will provide you with information what's going
 	on while Wireshark processes time stamps.
 	</para>
     <para>
 	While packets are captured, each packet is time stamped as it comes in.
-	These time stamps will be saved to the capture file, so they also will be 
-	available for (later) analysis. 
+	These time stamps will be saved to the capture file, so they also will be
+	available for (later) analysis.
 	</para>
 	<para>
 	So where do these time stamps come from?
-	While capturing, Wireshark gets the time stamps from the libpcap (WinPcap) 
+	While capturing, Wireshark gets the time stamps from the libpcap (WinPcap)
 	library, which in turn get's them from the operating system kernel.
-	If the capture data is loaded from a capture file, Wireshark obviously gets 
+	If the capture data is loaded from a capture file, Wireshark obviously gets
 	the data from that file.
 	</para>
   <section><title>Wireshark internals</title>
 	<para>
-	The internal format that Wireshark uses to keep a packet time stamp consists 
-	of the date (in days since 1.1.1970) and the time of day (in nanoseconds 
-	since midnight). You can adjust the way Wireshark displays the time stamp data 
-	in the packet list, see the "Time Display Format" item in the 
+	The internal format that Wireshark uses to keep a packet time stamp consists
+	of the date (in days since 1.1.1970) and the time of day (in nanoseconds
+	since midnight). You can adjust the way Wireshark displays the time stamp data
+	in the packet list, see the "Time Display Format" item in the
 	<xref linkend="ChUseViewMenuSection"/> for details.
 	</para>
 	<para>
-	While reading or writing capture files, Wireshark converts the time stamp 
+	While reading or writing capture files, Wireshark converts the time stamp
 	data between the capture file format and the internal format as required.
 	</para>
 	<para>
-	While capturing, Wireshark uses the libpcap (WinPcap) capture library which 
-	supports microsecond resolution. Unless you are working with specialized 
+	While capturing, Wireshark uses the libpcap (WinPcap) capture library which
+	supports microsecond resolution. Unless you are working with specialized
 	capturing hardware, this resolution should be adequate.
 	</para>
   </section>
   <section><title>Capture file formats</title>
 	<para>
-	Every capture file format that Wireshark knows support time stamps. 
-	The time stamp precision 
-	supported by a specific capture file format differs widely and varies 
-	from one second "0" to one nanosecond "0.123456789". 
-	Most file formats store the time stamps with a fixed precision 
-	(e.g. microseconds), while some file formats are even capable to store the 
+	Every capture file format that Wireshark knows support time stamps.
+	The time stamp precision
+	supported by a specific capture file format differs widely and varies
+	from one second "0" to one nanosecond "0.123456789".
+	Most file formats store the time stamps with a fixed precision
+	(e.g. microseconds), while some file formats are even capable to store the
 	time stamp precision itself (whatever the benefit may be).
 	</para>
 	<para>
-	The common libpcap capture file format that is used by Wireshark (and a 
-	lot of other tools) supports a fixed microsecond resolution "0.123456" 
-	only. 
+	The common libpcap capture file format that is used by Wireshark (and a
+	lot of other tools) supports a fixed microsecond resolution "0.123456"
+	only.
 	</para>
     <note>
       <title>Note!</title>
       <para>
 	  Writing data into a capture file format that doesn't provide
 	  the capability to store the actual precision will lead to loss of information.
-	  Example: If you load a capture file with nanosecond resolution and 
+	  Example: If you load a capture file with nanosecond resolution and
 	  store the capture data to a libpcap file (with microsecond resolution)
 	  Wireshark obviously must reduce the precision from nanosecond to microsecond.
       </para>
@@ -201,52 +201,52 @@
   </section>
   <section><title>Accuracy</title>
 	<para>
-	It's often asked: "Which time stamp accuracy is provided by Wireshark?". 
+	It's often asked: "Which time stamp accuracy is provided by Wireshark?".
 	Well, Wireshark doesn't create any time stamps itself but simply get's them
-	from "somewhere else" and displays them. So accuracy will depend on the 
-	capture system (operating system, performance, ...) that you use. 
-	Because of this, the above question is difficult to answer in a 
+	from "somewhere else" and displays them. So accuracy will depend on the
+	capture system (operating system, performance, ...) that you use.
+	Because of this, the above question is difficult to answer in a
 	general way.
     <note>
       <title>Note!</title>
       <para>
-	  USB connected network adapters often provide a very bad time stamp 
-	  accuracy. The incoming packets have to take "a long and winding 
-	  road" to travel through the USB cable until they actually reach the 
-	  kernel. As the incoming packets are time stamped when they are processed 
+	  USB connected network adapters often provide a very bad time stamp
+	  accuracy. The incoming packets have to take "a long and winding
+	  road" to travel through the USB cable until they actually reach the
+	  kernel. As the incoming packets are time stamped when they are processed
 	  by the kernel, this time stamping mechanism becomes very inaccurate.
       </para>
       <para>
 	  Conclusion: don't use USB connected NIC's when you need precise
-	  time stamp accuracy! (XXX - are there any such NIC's that stamps already 
+	  time stamp accuracy! (XXX - are there any such NIC's that stamps already
 	  on the USB hardware?)
       </para>
     </note>
 	</para>
   </section>
   </section>
-  
+
   <section id="ChAdvTimezones"><title>Time Zones</title>
 	<para>
-	If you travel across the planet, time zones can be confusing. If you get a 
-	capture file from somewhere around the world time zones can even be a lot 
-	more confusing ;-) 
+	If you travel across the planet, time zones can be confusing. If you get a
+	capture file from somewhere around the world time zones can even be a lot
+	more confusing ;-)
 	</para>
 	<para>
-	First of all, there are two reasons why you may not need to think about 
+	First of all, there are two reasons why you may not need to think about
 	time zones at all:
 	<itemizedlist>
 	  <listitem>
 	  <para>
-		You are only interested in the time differences between the packet 
-		time stamps and don't need to know the exact date and time of the 
+		You are only interested in the time differences between the packet
+		time stamps and don't need to know the exact date and time of the
 		captured packets (which is often the case).
 	  </para>
 	  </listitem>
 	  <listitem>
 	  <para>
-	  	You don't get capture files from different time zones than your own, 
-		so there are simply no time zone problems. For example: everyone in 
+	  	You don't get capture files from different time zones than your own,
+		so there are simply no time zone problems. For example: everyone in
 		your team is working in the same time zone than yourself.
 	  </para>
 	  </listitem>
@@ -254,73 +254,73 @@
 	</para>
 	<sidebar><title>What are time zones?</title>
 	<para>
-	People expect that the time reflects the sunset. Dawn should be in the 
+	People expect that the time reflects the sunset. Dawn should be in the
 	morning maybe around 06:00 and dusk in the evening maybe at 20:00.
-	These times will obviously vary depending on the season. 
-	It would be very confusing if everyone on earth would use the same 
-	global time as this would correspond to the sunset only at a small part 
-	of the world. 
+	These times will obviously vary depending on the season.
+	It would be very confusing if everyone on earth would use the same
+	global time as this would correspond to the sunset only at a small part
+	of the world.
 	</para>
 	<para>
-	For that reason, the earth is split into several different time zones, 
+	For that reason, the earth is split into several different time zones,
 	each zone with a local time that corresponds to the local sunset.
 	</para>
 	<para>
-	The time zone's base time is UTC (Coordinated Universal Time) or Zulu 
-	Time (military and aviation). The older term GMT (Greenwich Mean Time) 
-	shouldn't be used as it is slightly incorrect (up to 0.9 seconds 
-	difference to UTC). 
-	The UTC base time equals to 0 (based at Greenwich, England) and all 
+	The time zone's base time is UTC (Coordinated Universal Time) or Zulu
+	Time (military and aviation). The older term GMT (Greenwich Mean Time)
+	shouldn't be used as it is slightly incorrect (up to 0.9 seconds
+	difference to UTC).
+	The UTC base time equals to 0 (based at Greenwich, England) and all
 	time zones have an offset to UTC between -12 to +14 hours!
 	</para>
 	<para>
-	For example: If you live in 
-	Berlin you are in a time zone one hour earlier than UTC, so you are in 
-	time zone "+1" (time difference in hours compared to UTC). If it's 
+	For example: If you live in
+	Berlin you are in a time zone one hour earlier than UTC, so you are in
+	time zone "+1" (time difference in hours compared to UTC). If it's
 	3 o'clock in Berlin it's 2 o'clock in UTC "at the same moment".
 	</para>
 	<para>
-	Be aware that at a few places on earth don't use time zones with even 
+	Be aware that at a few places on earth don't use time zones with even
 	hour offsets (e.g. New Delhi uses UTC+05:30)!
 	</para>
 	<para>
-	Further information can be found at: 
-	<ulink url="&WikipediaTimezone;">&WikipediaTimezone;</ulink> and 
+	Further information can be found at:
+	<ulink url="&WikipediaTimezone;">&WikipediaTimezone;</ulink> and
 	<ulink url="&WikipediaUTC;">&WikipediaUTC;</ulink>.
 	</para>
-	
+
 	</sidebar>
 	<sidebar><title>What is daylight saving time (DST)?</title>
 	<para>
-	Daylight Saving Time (DST), also known as Summer Time, is intended to 
-	"save" some daylight during the summer months. 
-	To do this, a lot of countries (but not all!) add an DST hour to the 
-	already existing UTC offset. 
-	So you may need to take another hour (or in very rare cases even two 
-	hours!) difference into your "time zone calculations". 
+	Daylight Saving Time (DST), also known as Summer Time, is intended to
+	"save" some daylight during the summer months.
+	To do this, a lot of countries (but not all!) add an DST hour to the
+	already existing UTC offset.
+	So you may need to take another hour (or in very rare cases even two
+	hours!) difference into your "time zone calculations".
 	</para>
 	<para>
-	Unfortunately, the date at which DST actually takes effect is different 
-	throughout the world. You may also note, that the northern and southern 
-	hemispheres have opposite DST's (e.g. while it's summer in Europe it's 
-	winter in Australia). 
+	Unfortunately, the date at which DST actually takes effect is different
+	throughout the world. You may also note, that the northern and southern
+	hemispheres have opposite DST's (e.g. while it's summer in Europe it's
+	winter in Australia).
 	</para>
 	<para>
 	Keep in mind: UTC remains the same all year around, regardless of DST!
 	</para>
 	<para>
-	Further information can be found at: 
+	Further information can be found at:
 	<ulink url="&WikipediaDaylightSaving;">&WikipediaDaylightSaving;</ulink>.
 	</para>
 	</sidebar>
-	<para>	
-	Further time zone and DST information can be found at: 
+	<para>
+	Further time zone and DST information can be found at:
 	<ulink url="&TimezoneGMTSite;">&TimezoneGMTSite;</ulink> and
 	<ulink url="&TimezoneWorldClockSite;">&TimezoneWorldClockSite;</ulink>.
 	</para>
   <section><title>Set your computer's time correct!</title>
 	<para>
-	If you work with people around the world, it's very helpful to set your 
+	If you work with people around the world, it's very helpful to set your
 	computer's time and time zone right.
 	</para>
 	<para>
@@ -337,22 +337,22 @@
 	  </para>
 	  </listitem>
 	</orderedlist>
-	This way you will tell your computer both the local time and also the time 
+	This way you will tell your computer both the local time and also the time
 	offset to UTC.
 	<tip><title>Tip!</title>
 	<para>
-	If you travel around the world, it's an often made mistake to adjust the 
-	hours of your computer clock to the local time. Don't adjust the 
-	hours but your time zone setting instead! For your computer, the time is 
-	essentially the same as before, you are simply in a different time zone 
+	If you travel around the world, it's an often made mistake to adjust the
+	hours of your computer clock to the local time. Don't adjust the
+	hours but your time zone setting instead! For your computer, the time is
+	essentially the same as before, you are simply in a different time zone
 	with a different local time!
 	</para>
 	</tip>
 	<tip><title>Tip!</title>
 	<para>
-	You can use the Network Time Protocol (NTP) to automatically adjust your 
-	computer to the correct time, by synchronizing it to internet NTP clock 
-	servers. NTP clients are available for all operating systems that 
+	You can use the Network Time Protocol (NTP) to automatically adjust your
+	computer to the correct time, by synchronizing it to internet NTP clock
+	servers. NTP clients are available for all operating systems that
 	Wireshark supports (and for a lot more), for examples see:
 	<ulink url="&NTPSite;">&NTPSite;</ulink>.
 	</para>
@@ -361,25 +361,25 @@
   </section>
   <section><title>Wireshark and Time Zones</title>
 	<para>
-	So what's the relationship between Wireshark and time zones anyway? 
+	So what's the relationship between Wireshark and time zones anyway?
 	</para>
 	<para>
 	Wireshark's native capture file format (libpcap format), and some
 	other capture file formats, such as the Windows Sniffer,
 	EtherPeek, AiroPeek, and Sun snoop formats, save the arrival
-	time of packets as UTC values.  
-	UN*X systems, and "Windows NT based" systems (Windows NT 4.0, 
-	Windows 2000, Windows XP, Windows Server 2003, Windows Vista) 
+	time of packets as UTC values.
+	UN*X systems, and "Windows NT based" systems (Windows NT 4.0,
+	Windows 2000, Windows XP, Windows Server 2003, Windows Vista)
 	represent time internally as UTC.
 	When Wireshark is capturing, no conversion is necessary.
 	However, if the system time zone is not set
 	correctly, the system's UTC time might not be correctly set even
-	if the system clock appears to display correct local time. 
+	if the system clock appears to display correct local time.
 	"Windows 9x based" systems (Windows 95, Windows 98, Windows Me)
-	represent time internally as local time. 
-	When capturing, WinPcap has to convert the time to UTC before 
-	supplying it to Wireshark. 
-	If the system's time zone is not set correctly, that conversion will 
+	represent time internally as local time.
+	When capturing, WinPcap has to convert the time to UTC before
+	supplying it to Wireshark.
+	If the system's time zone is not set correctly, that conversion will
 	not be done correctly.
 	</para>
 	<para>
@@ -468,21 +468,21 @@
 	o'clock on your Wireshark display.
 	</para>
 	<para>
-	Now you have a phone call, video conference or internet meeting with that 
-	one to talk about that capture file. 
-	As you are both looking at the displayed time on your local computers, 
-	the one in Los Angeles still sees 2 o'clock but you in Berlin will see 
-	11 o'clock. The time displays are different as both Wireshark displays 
+	Now you have a phone call, video conference or internet meeting with that
+	one to talk about that capture file.
+	As you are both looking at the displayed time on your local computers,
+	the one in Los Angeles still sees 2 o'clock but you in Berlin will see
+	11 o'clock. The time displays are different as both Wireshark displays
 	will show the (different) local times at the same point in time.
 	</para>
 	<para>
-	<command>Conclusion</command>: You may not bother about the date/time 
-	of the time stamp you currently look at, unless you must make sure that 
-	the date/time is as expected. 
+	<command>Conclusion</command>: You may not bother about the date/time
+	of the time stamp you currently look at, unless you must make sure that
+	the date/time is as expected.
 	So, if you get a capture file from a different time zone and/or DST, you'll
-	have to find out the time zone/DST difference between the two local times 
+	have to find out the time zone/DST difference between the two local times
 	and "mentally adjust" the time stamps accordingly.
-	In any case, make sure that every computer in question has the correct 
+	In any case, make sure that every computer in question has the correct
 	time and time zone setting.
 	</para>
   </section>
@@ -491,34 +491,34 @@
   <section id="ChAdvReassemblySection"><title>Packet Reassembling</title>
     <section><title>What is it?</title>
     <para>
-	Network protocols often need to transport large chunks of data, which are 
-	complete in itself, e.g. when transferring a file. The underlying 
-	protocol might not be able to handle that chunk size (e.g. limitation of 
-	the network packet size), or is stream-based like TCP, which doesn't know 
+	Network protocols often need to transport large chunks of data, which are
+	complete in itself, e.g. when transferring a file. The underlying
+	protocol might not be able to handle that chunk size (e.g. limitation of
+	the network packet size), or is stream-based like TCP, which doesn't know
 	data chunks at all.
     </para>
     <para>
-	In that case the network protocol has to handle that chunk boundaries 
-	itself and (if required) spreading the data over multiple packets. 
-	It obviously also needs a mechanism to find back the chunk boundaries on 
+	In that case the network protocol has to handle that chunk boundaries
+	itself and (if required) spreading the data over multiple packets.
+	It obviously also needs a mechanism to find back the chunk boundaries on
 	the receiving side.
     </para>
 	<tip><title>Tip!</title>
     <para>
-	Wireshark calls this mechanism reassembling, although a specific protocol  
-	specification might use a different term for this (e.g. desegmentation, 
+	Wireshark calls this mechanism reassembling, although a specific protocol
+	specification might use a different term for this (e.g. desegmentation,
 	defragmentation, ...).
 	</para>
 	</tip>
     </section>
     <section><title>How Wireshark handles it</title>
     <para>
-	For some of the network protocols Wireshark knows of, a mechanism is 
-	implemented to find, decode and display these chunks of data. 
-	Wireshark will try to find the corresponding packets of this chunk, 
-	and will show the combined data as additional pages in the 
+	For some of the network protocols Wireshark knows of, a mechanism is
+	implemented to find, decode and display these chunks of data.
+	Wireshark will try to find the corresponding packets of this chunk,
+	and will show the combined data as additional pages in the
 	"Packet Bytes" pane
-	(for information about this pane, see <xref 
+	(for information about this pane, see <xref
 	linkend="ChUsePacketBytesPaneSection"/>).
     </para>
     <para>
@@ -527,10 +527,10 @@
       <graphic entityref="WiresharkBytesPaneTabs" format="PNG"/>
     </figure>
     </para>
-	
+
     <note><title>Note!</title>
     <para>
-	Reassembling might take place at several protocol layers, so it's possible 
+	Reassembling might take place at several protocol layers, so it's possible
 	that multiple tabs in the "Packet Bytes" pane appear.
 	</para>
     </note>
@@ -541,25 +541,25 @@
     </note>
     <para>
 	An example:
-		In a <command>HTTP</command> GET response, the requested data (e.g. a 
-		HTML page) is returned. Wireshark will show the hex dump of the data in 
+		In a <command>HTTP</command> GET response, the requested data (e.g. a
+		HTML page) is returned. Wireshark will show the hex dump of the data in
 		a new tab "Uncompressed entity body" in the "Packet Bytes" pane.
     </para>
     <para>
-	Reassembling is enabled in the preferences by default. The defaults 
-	were changed from disabled to enabled in September 2005. If you created 
-	your preference settings before this date, you might look if reassembling 
-	is actually enabled, as it can be extremely helpful while analyzing 
+	Reassembling is enabled in the preferences by default. The defaults
+	were changed from disabled to enabled in September 2005. If you created
+	your preference settings before this date, you might look if reassembling
+	is actually enabled, as it can be extremely helpful while analyzing
 	network packets.
     </para>
     <para>
-	The enabling or disabling of the reassemble settings of a protocol typically 
+	The enabling or disabling of the reassemble settings of a protocol typically
 	requires two things:
 	<orderedlist>
 	<listitem>
     <para>
 	the lower level protocol (e.g., TCP) must support
-	reassembly. Often this reassembly can be enabled or disabled 
+	reassembly. Often this reassembly can be enabled or disabled
 	via the protocol preferences.
     </para>
 	</listitem>
@@ -573,7 +573,7 @@
 	</orderedlist>
     </para>
     <para>
-	The tooltip of the higher level protocol setting will note you if and 
+	The tooltip of the higher level protocol setting will note you if and
 	which lower level protocol setting has to be considered too.
     </para>
     </section>
@@ -581,41 +581,41 @@
 
   <section id="ChAdvNameResolutionSection"><title>Name Resolution</title>
     <para>
-	Name resolution tries to resolve some of the numerical address values into 
-	a human readable format. There are two possible ways to do this 
-	conversations, depending on the resolution to be done: calling 
-	system/network services (like the gethostname function) and/or evaluate 
-	from Wireshark specific configuration files. 
-	For details about the configuration files Wireshark uses for name 
+	Name resolution tries to resolve some of the numerical address values into
+	a human readable format. There are two possible ways to do this
+	conversations, depending on the resolution to be done: calling
+	system/network services (like the gethostname function) and/or evaluate
+	from Wireshark specific configuration files.
+	For details about the configuration files Wireshark uses for name
 	resolution and alike, see <xref linkend="AppFiles"/>.
 	</para>
     <para>
-	The name resolution feature can be en-/disabled separately for the 
+	The name resolution feature can be en-/disabled separately for the
 	protocol layers of the following sections.
     </para>
-	
+
 	<section><title>Name Resolution drawbacks</title>
     <para>
-	Name resolution can be invaluable while working with Wireshark and may 
+	Name resolution can be invaluable while working with Wireshark and may
 	save you even hours of work. Unfortunately, it also has it's drawbacks.
     </para>
       <itemizedlist>
 	<listitem>
 	<para>
-	<command>Name resolution will often fail.</command> The name to be 
-	resolved might simply be unknown by the name servers asked or the servers 
-	are just not available and the name is also not found in Wireshark's 
+	<command>Name resolution will often fail.</command> The name to be
+	resolved might simply be unknown by the name servers asked or the servers
+	are just not available and the name is also not found in Wireshark's
 	configuration files.
     </para>
 	</listitem>
 	<listitem>
     <para>
-	<command>The resolved names are not stored in the capture file or 
+	<command>The resolved names are not stored in the capture file or
 	somewhere else.</command>
 	So the resolved names might not be available if you open the capture file
 	later or on a different machine.
-	Each time you open a capture file it may look "slightly different", 
-	maybe simply because you can't connect a name server (which you could 
+	Each time you open a capture file it may look "slightly different",
+	maybe simply because you can't connect a name server (which you could
 	connect before).
     </para>
 	</listitem>
@@ -623,8 +623,8 @@
     <para>
 	<command>DNS may add additional packets to your capture file.</command>
 	You may see packets to/from your machine in your capture file, which are
-	caused by name resolution network services of the machine Wireshark 
-	captures from. 
+	caused by name resolution network services of the machine Wireshark
+	captures from.
 	XXX - are there any other such packets than DNS ones?
     </para>
 	</listitem>
@@ -633,9 +633,9 @@
 	<command>Resolved DNS names are cached by Wireshark.</command>
 	This is required for acceptable performance.
 	However, if the name resolution information
-	should change while Wireshark is running, 
-	Wireshark won't notice a change to the name resolution information once 
-	it's get cached. If this information changes while Wireshark is running, 
+	should change while Wireshark is running,
+	Wireshark won't notice a change to the name resolution information once
+	it's get cached. If this information changes while Wireshark is running,
 	e.g. a new DHCP lease takes effect, Wireshark won't notice it.
 	XXX - is this true for all or only for DNS info?
     </para>
@@ -644,107 +644,107 @@
     <tip><title>Tip!</title>
     <para>
 	The name resolution in the packet list is done while the list is filled.
-	If a name could be resolved after a packet was added to the list, that 
-	former entry won't be changed. As the name resolution results are cached, 
-	you can use "View/Reload" to rebuild the packet list, this time with the 
+	If a name could be resolved after a packet was added to the list, that
+	former entry won't be changed. As the name resolution results are cached,
+	you can use "View/Reload" to rebuild the packet list, this time with the
 	correctly resolved names. However, this isn't possible while a capture is
 	in progress.
     </para>
     </tip>
 	</section>
-	
+
 	<section><title>Ethernet name resolution (MAC layer)</title>
 	<para>
-	Try to resolve an Ethernet MAC address (e.g. 00:09:5b:01:02:03) to 
+	Try to resolve an Ethernet MAC address (e.g. 00:09:5b:01:02:03) to
 	something more "human readable".
 	</para>
     <para><command>ARP name resolution (system service)</command>
-	Wireshark will ask the operating system to convert an ethernet address 
-	to the corresponding IP address (e.g. 00:09:5b:01:02:03 -> 192.168.0.1). 
+	Wireshark will ask the operating system to convert an ethernet address
+	to the corresponding IP address (e.g. 00:09:5b:01:02:03 -> 192.168.0.1).
     </para>
     <para><command>Ethernet codes (ethers file)</command>
-	If the ARP name resolution failed, Wireshark tries to convert the ethernet 
-	address to a known device name, which has been assigned by the user using 
+	If the ARP name resolution failed, Wireshark tries to convert the ethernet
+	address to a known device name, which has been assigned by the user using
 	an ethers file (e.g. 00:09:5b:01:02:03 -> homerouter).
     </para>
     <para><command>Ethernet manufacturer codes (manuf file)</command>
-	If both ARP and ethers didn't returned a result, Wireshark tries to convert 
-	the first 3 bytes of an ethernet address to an abbreviated manufacturer name, 
-	which has been assigned by the IEC 
+	If both ARP and ethers didn't returned a result, Wireshark tries to convert
+	the first 3 bytes of an ethernet address to an abbreviated manufacturer name,
+	which has been assigned by the IEC
 	(e.g. 00:09:5b:01:02:03 -> Netgear_01:02:03).
     </para>
 	</section>
-	
+
 	<section><title>IP name resolution (network layer)</title>
 	<para>
-	Try to resolve an IP address (e.g. 216.239.37.99) to 
+	Try to resolve an IP address (e.g. 216.239.37.99) to
 	something more "human readable".
 	</para>
     <para><command>DNS/ADNS name resolution (system/library service)</command>
-	Wireshark will ask the operating system (or the ADNS library), 
-	to convert an IP address to the hostname associated with it 
-	(e.g. 216.239.37.99 -> www.1.google.com). The DNS service is using 
-	synchronous calls to the DNS server. So Wireshark will stop responding 
-	until a response to a DNS request is returned. If possible, you might 
+	Wireshark will ask the operating system (or the ADNS library),
+	to convert an IP address to the hostname associated with it
+	(e.g. 216.239.37.99 -> www.1.google.com). The DNS service is using
+	synchronous calls to the DNS server. So Wireshark will stop responding
+	until a response to a DNS request is returned. If possible, you might
 	consider using the ADNS library (which won't wait for a network response).
     </para>
 	<warning>
 	  <title>Warning!</title>
 	  <para>
-		Enabling network name resolution when your name server is 
-		unavailable may significantly slow down Wireshark while it waits 
-		for all of the name server requests to time out. Use ADNS in that 
+		Enabling network name resolution when your name server is
+		unavailable may significantly slow down Wireshark while it waits
+		for all of the name server requests to time out. Use ADNS in that
 		case.
 	  </para>
-	</warning>	
+	</warning>
 	<para>
 	<command>DNS vs. ADNS</command>
-	here's a short comparison: Both mechanisms are 
-	used to convert an IP address to some human readable (domain) name. The 
-	usual DNS call gethostname() will try to convert the address to a name. 
-	To do this, it will first ask the systems hosts file (e.g. /etc/hosts) 
-	if it finds a matching entry. If that fails, it will ask the configured 
+	here's a short comparison: Both mechanisms are
+	used to convert an IP address to some human readable (domain) name. The
+	usual DNS call gethostname() will try to convert the address to a name.
+	To do this, it will first ask the systems hosts file (e.g. /etc/hosts)
+	if it finds a matching entry. If that fails, it will ask the configured
 	DNS server(s) about the name.
 	</para>
 	<para>
-	So the real difference between DNS and ADNS comes when the system has 
-	to wait for the DNS server about a name resolution. 
-	The system call gethostname() will wait until a name is resolved or an 
-	error occurs. 
-	If the DNS server is unavailable, this might take quite 
+	So the real difference between DNS and ADNS comes when the system has
+	to wait for the DNS server about a name resolution.
+	The system call gethostname() will wait until a name is resolved or an
+	error occurs.
+	If the DNS server is unavailable, this might take quite
 	a while (several seconds).
 	The ADNS service will work a bit differently.
-	It will also ask the DNS server, but it won't wait for the answer. 
-	It will	just return to Wireshark in a very short amount of time. 
-	The actual (and the following) address fields won't show the resolved 
-	name until the ADNS call returned. As mentioned above, the values get 
-	cached, so you can use View/Reload to "update" these fields to show the 
+	It will also ask the DNS server, but it won't wait for the answer.
+	It will	just return to Wireshark in a very short amount of time.
+	The actual (and the following) address fields won't show the resolved
+	name until the ADNS call returned. As mentioned above, the values get
+	cached, so you can use View/Reload to "update" these fields to show the
 	resolved values.
 	</para>
     <para><command>hosts name resolution (hosts file)</command>
-	If DNS name resolution failed, Wireshark will try to convert an IP address 
-	to the hostname associated with it, using a hosts file provided by the 
+	If DNS name resolution failed, Wireshark will try to convert an IP address
+	to the hostname associated with it, using a hosts file provided by the
 	user (e.g. 216.239.37.99 -> www.google.com).
     </para>
 	</section>
-	
+
 	<section><title>IPX name resolution (network layer)</title>
     <para><command>ipxnet name resolution (ipxnets file)</command>
 	XXX - add ipxnets name resolution explanation.
     </para>
 	</section>
-	
+
 	<section><title>TCP/UDP port name resolution (transport layer)</title>
 	<para>
-	Try to resolve a TCP/UDP port (e.g. 80) to 
+	Try to resolve a TCP/UDP port (e.g. 80) to
 	something more "human readable".
 	</para>
     <para><command>TCP/UDP port conversion (system service)</command>
-	Wireshark will ask the operating system to convert a TCP or UDP port to 
+	Wireshark will ask the operating system to convert a TCP or UDP port to
 	its well known name (e.g. 80 -> http).
     </para>
     <para>
-	XXX - mention the role of the /etc/services file 
+	XXX - mention the role of the /etc/services file
 	(but don't forget the files and folders section)!
     </para>
 	</section>
@@ -752,30 +752,30 @@
 
   <section id="ChAdvChecksums"><title>Checksums</title>
     <para>
-	Several network protocols use checksums to ensure data integrity. 
+	Several network protocols use checksums to ensure data integrity.
     </para>
 	<tip><title>Tip!</title>
 	<para>
-	Applying checksums as described here is also known as 
+	Applying checksums as described here is also known as
 	<command>redundancy check</command>.
 	</para>
 	</tip>
 	<sidebar><title>What are checksums for?</title>
 	<para>
-	Checksums are used to ensure the integrity of data portions for data 
+	Checksums are used to ensure the integrity of data portions for data
 	transmission or storage.
-	A checksum is basically a calculated summary of such a data portion. 
+	A checksum is basically a calculated summary of such a data portion.
 	</para>
 	<para>
-	Network data transmissions often produce errors, such as toggled, missing 
-	or duplicated bits. 
-	As a result, the data received might not be identical to the data 
+	Network data transmissions often produce errors, such as toggled, missing
+	or duplicated bits.
+	As a result, the data received might not be identical to the data
 	transmitted, which is obviously a bad thing.
 	</para>
 	<para>
-	Because of these transmission errors, network protocols very often use 
+	Because of these transmission errors, network protocols very often use
 	checksums to detect such errors.
-	The transmitter will calculate a checksum of the data and transmits the 
+	The transmitter will calculate a checksum of the data and transmits the
 	data together with the checksum.
 	The receiver will calculate the checksum of the received data with the same
 	algorithm as the transmitter.
@@ -783,27 +783,27 @@
 	has occured.
 	</para>
 	<para>
-	Some checksum algorithms are able to recover (simple) errors by 
-	calculating where the expected error must be and repairing it. 
+	Some checksum algorithms are able to recover (simple) errors by
+	calculating where the expected error must be and repairing it.
 	</para>
 	<para>
-	If there are errors that cannot be recovered, the receiving side throws 
-	away the packet. Depending on the network protocol, this data loss is 
-	simply ignored or the sending side needs to detect this loss somehow and 
+	If there are errors that cannot be recovered, the receiving side throws
+	away the packet. Depending on the network protocol, this data loss is
+	simply ignored or the sending side needs to detect this loss somehow and
 	retransmits the required packet(s).
 	</para>
 	<para>
-	Using a checksum drastically reduces the number of undetected transmission 
-	errors. However, the usual checksum algorithms cannot guarantee an error 
-	detection of 100%, so a very small number of transmission errors may 
+	Using a checksum drastically reduces the number of undetected transmission
+	errors. However, the usual checksum algorithms cannot guarantee an error
+	detection of 100%, so a very small number of transmission errors may
 	remain undetected.
 	</para>
 	<para>
-	There are several different kinds of checksum algorithms, an example of 
-	an often used checksum algorithm is CRC32. 
-	The checksum algorithm actually chosen for a specific network protocol 
-	will depend on the expected error rate of the network medium, the 
-	importance of error detection, the processor load to perform the 
+	There are several different kinds of checksum algorithms, an example of
+	an often used checksum algorithm is CRC32.
+	The checksum algorithm actually chosen for a specific network protocol
+	will depend on the expected error rate of the network medium, the
+	importance of error detection, the processor load to perform the
 	calculation, the performance needed and many other things.
 	</para>
 	<para>
@@ -816,58 +816,58 @@
 	Wireshark will validate the checksums of several potocols, e.g.: IP, TCP, ...
 	</para>
 	<para>
-	It will do the same calculation as a "normal receiver" would do, 
+	It will do the same calculation as a "normal receiver" would do,
 	and shows the checksum fields in the packet details with a comment, e.g.:
 	[correct], [invalid, must be 0x12345678] or alike.
 	</para>
 	<para>
-	Checksum validation can be switched off for various protocols in the 
-	Wireshark protocol preferences, e.g. to (very slightly) increase 
+	Checksum validation can be switched off for various protocols in the
+	Wireshark protocol preferences, e.g. to (very slightly) increase
 	performance.
 	</para>
 	<para>
 	If the checksum validation is enabled and it detected an invalid checksum,
-	features like packet reassembling won't be processed. 
-	This is avoided as incorrect connection data could "confuse" the internal 
+	features like packet reassembling won't be processed.
+	This is avoided as incorrect connection data could "confuse" the internal
 	database.
 	</para>
   </section>
-  
+
   <section><title>Checksum offloading</title>
 	<para>
-	The checksum calculation might be done by the network driver, protocol 
+	The checksum calculation might be done by the network driver, protocol
 	driver or even in hardware.
 	</para>
 	<para>
-	For example: The Ethernet transmitting hardware calculates the 
-	Ethernet CRC32 checksum and the receiving hardware validates this 
-	checksum. 
-	If the received checksum is wrong Wireshark won't even see the packet, 
+	For example: The Ethernet transmitting hardware calculates the
+	Ethernet CRC32 checksum and the receiving hardware validates this
+	checksum.
+	If the received checksum is wrong Wireshark won't even see the packet,
 	as the Ethernet hardware internally throws away the packet.
 	</para>
 	<para>
-	Higher level checksums are "traditionally" calculated by the protocol 
-	implementation and the completed packet is then handed over to the 
+	Higher level checksums are "traditionally" calculated by the protocol
+	implementation and the completed packet is then handed over to the
 	hardware.
 	</para>
 	<para>
-	Recent network hardware can perform advanced features such as IP checksum 
+	Recent network hardware can perform advanced features such as IP checksum
 	calculation, also known as checksum offloading.
-	The network driver won't calculate the checksum itself but simply hand 
+	The network driver won't calculate the checksum itself but simply hand
 	over an empty (zero or garbage filled) checksum field to the hardware.
 	</para>
 	<note><title>Note!</title>
 	<para>
-	Checksum offloading often causes confusion as the network packets to be 
-	transmitted are handed over to Wireshark before the checksums are actually 
+	Checksum offloading often causes confusion as the network packets to be
+	transmitted are handed over to Wireshark before the checksums are actually
 	calculated.
-	Wireshark gets these "empty" checksums and displays them as 
-	invalid, even though the packets will contain valid checksums when they 
+	Wireshark gets these "empty" checksums and displays them as
+	invalid, even though the packets will contain valid checksums when they
 	leave the network hardware later.
 	</para>
 	</note>
 	<para>
-	Checksum offloading can be confusing and having a lot of [invalid] 
+	Checksum offloading can be confusing and having a lot of [invalid]
 	messages on the screen can be quite annoying.
 	As mentioned above, invalid checksums may lead to unreassembled packets,
 	making the analysis of the packet data much harder.
@@ -877,13 +877,13 @@
       <itemizedlist>
 	<listitem>
 	<para>
-	Turn off the checksum offloading in the network driver, if this option is 
+	Turn off the checksum offloading in the network driver, if this option is
 	available.
 	</para>
 	</listitem>
 	<listitem>
 	<para>
-	Turn off checksum validation of the specific protocol in the Wireshark 
+	Turn off checksum validation of the specific protocol in the Wireshark
 	preferences.
 	</para>
 	</listitem>
diff --git a/docbook/wsug_src/WSUG_chapter_use.xml b/docbook/wsug_src/WSUG_chapter_use.xml
index 4f10c28987..8573bbe402 100644
--- a/docbook/wsug_src/WSUG_chapter_use.xml
+++ b/docbook/wsug_src/WSUG_chapter_use.xml
@@ -5,8 +5,8 @@
   <title>User Interface</title>
   <section id="ChUseIntroductionSection"><title>Introduction</title>
     <para>
-      By now you have installed <application>Wireshark</application> and 
-      are most likely keen to get started capturing your first packets.  In 
+      By now you have installed <application>Wireshark</application> and
+      are most likely keen to get started capturing your first packets.  In
       the next chapters we will explore:
       <itemizedlist>
 	<listitem>
@@ -37,33 +37,33 @@
       </itemizedlist>
     </para>
   </section>
-  
+
   <section id="ChUseStartSection"><title>Start Wireshark</title>
     <para>
 	You can start Wireshark from your shell or window manager.
 	<tip><title>Tip!</title>
 	<para>
-	When starting Wireshark it's possible to specify optional settings using 
+	When starting Wireshark it's possible to specify optional settings using
 	the	command line. See <xref linkend="ChCustCommandLine"/> for details.
 	</para>
 	</tip>
 	<note><title>Note!</title>
 	<para>
-	In the following chapters, a lot of screenshots from Wireshark will be shown. 
-	As Wireshark runs on many different platforms and there are different 
-	versions of the underlying GUI toolkit (GTK 1.x / 2.x) used, your 
-	screen might look different from the provided screenshots. But as there 
-	are no real differences in functionality, these screenshots should still 
+	In the following chapters, a lot of screenshots from Wireshark will be shown.
+	As Wireshark runs on many different platforms and there are different
+	versions of the underlying GUI toolkit (GTK 1.x / 2.x) used, your
+	screen might look different from the provided screenshots. But as there
+	are no real differences in functionality, these screenshots should still
 	be well understandable.
 	</para>
 	</note>
 	</para>
   </section>
-  
+
   <section id="ChUseMainWindowSection"><title>The Main window</title>
 	<para>
-      Lets look at Wireshark's user interface. <xref linkend="ChUseFig01"/> shows 
-	Wireshark as you would usually see it after some packets captured or loaded 
+      Lets look at Wireshark's user interface. <xref linkend="ChUseFig01"/> shows
+	Wireshark as you would usually see it after some packets captured or loaded
 	(how to do this will be described later).
 	<figure id="ChUseFig01">
 	  <title>The Main window</title>
@@ -71,7 +71,7 @@
 	</figure>
     </para>
     <para>
-      Wireshark's main window consist of parts that are commonly known from many 
+      Wireshark's main window consist of parts that are commonly known from many
 	  other GUI programs.
       <orderedlist>
 	<listitem>
@@ -82,63 +82,63 @@
 	</listitem>
 	<listitem>
 	  <para>
-	    The <emphasis>main toolbar</emphasis> (see <xref linkend="ChUseMainToolbarSection"/>) 
+	    The <emphasis>main toolbar</emphasis> (see <xref linkend="ChUseMainToolbarSection"/>)
 		provides quick access to frequently used items from the menu.
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    The <emphasis>filter toolbar</emphasis> (see <xref linkend="ChUseFilterToolbarSection"/>) 
-		provides a way to directly manipulate the currently used display filter 
-		(see <xref linkend="ChWorkDisplayFilterSection"/>). 
+	    The <emphasis>filter toolbar</emphasis> (see <xref linkend="ChUseFilterToolbarSection"/>)
+		provides a way to directly manipulate the currently used display filter
+		(see <xref linkend="ChWorkDisplayFilterSection"/>).
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    The <emphasis>packet list pane</emphasis> (see <xref linkend="ChUsePacketListPaneSection"/>) 
-		displays a summary of each packet captured.  By clicking on packets 
+	    The <emphasis>packet list pane</emphasis> (see <xref linkend="ChUsePacketListPaneSection"/>)
+		displays a summary of each packet captured.  By clicking on packets
 		in this pane you control what is displayed in the other two panes.
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    The <emphasis>packet details pane</emphasis> (see <xref linkend="ChUsePacketDetailsPaneSection"/>) 
+	    The <emphasis>packet details pane</emphasis> (see <xref linkend="ChUsePacketDetailsPaneSection"/>)
 		displays the packet selected in the packet list pane in more detail.
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    The <emphasis>packet bytes pane</emphasis> (see <xref linkend="ChUsePacketBytesPaneSection"/>) 
-		displays the data from the packet selected in the packet list pane, and 
+	    The <emphasis>packet bytes pane</emphasis> (see <xref linkend="ChUsePacketBytesPaneSection"/>)
+		displays the data from the packet selected in the packet list pane, and
 		highlights the field selected in the packet details pane.
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    The <emphasis>statusbar</emphasis> (see <xref linkend="ChUseStatusbarSection"/>) 
-		shows some detailed information about the current program state and 
+	    The <emphasis>statusbar</emphasis> (see <xref linkend="ChUseStatusbarSection"/>)
+		shows some detailed information about the current program state and
 		the captured data.
 	  </para>
 	</listitem>
       </orderedlist>
 	  <tip><title>Tip!</title>
 	  <para>
-	  The layout of the main window can be customized by changing preference settings. 
+	  The layout of the main window can be customized by changing preference settings.
 	  See <xref linkend="ChCustPreferencesSection"/> for details!
 	  </para>
 	  </tip>
     </para>
 	</section>
-	
+
   <section id="ChUseMenuSection"><title>The Menu</title>
     <para>
-      The Wireshark menu sits on top of the Wireshark window. 
+      The Wireshark menu sits on top of the Wireshark window.
       An example is shown in <xref linkend="ChUseWiresharkMenu"/>.
     </para>
 	<note><title>Note!</title>
 	<para>
-	Menu items will be greyed out if the corresponding feature isn't 
-	available. For example, you cannot save a capture file if you didn't 
+	Menu items will be greyed out if the corresponding feature isn't
+	available. For example, you cannot save a capture file if you didn't
 	capture or load any data before.
 	</para>
 	</note>
@@ -153,8 +153,8 @@
 	<varlistentry><term><command>File</command></term>
 	  <listitem>
 	    <para>
-	      This menu contains items to open and merge capture files, 
-		  save / print / export capture files in whole or in part, 
+	      This menu contains items to open and merge capture files,
+		  save / print / export capture files in whole or in part,
 		  and to quit from Wireshark. See <xref linkend="ChUseFileMenuSection"/>.
 	    </para>
 	  </listitem>
@@ -162,8 +162,8 @@
 	<varlistentry><term><command>Edit</command></term>
 	  <listitem>
 	    <para>
-	      This menu contains items to find a packet, time reference or mark one 
-		  or more packets, set your preferences, 
+	      This menu contains items to find a packet, time reference or mark one
+		  or more packets, set your preferences,
 	      (cut, copy, and paste are not presently implemented).
 		  See <xref linkend="ChUseEditMenuSection"/>.
 	    </para>
@@ -171,8 +171,8 @@
 	</varlistentry>
 	<varlistentry><term><command>View</command></term>
 	  <listitem>
-	    <para>This menu controls the display of the captured data, 
-		including the colorization of packets, zooming the font, 
+	    <para>This menu controls the display of the captured data,
+		including the colorization of packets, zooming the font,
 		show a packet in a separate window, expand and collapse trees in packet details, ....
 		See <xref linkend="ChUseViewMenuSection"/>.
 		</para>
@@ -195,7 +195,7 @@
 	<varlistentry><term><command>Analyze</command></term>
 	  <listitem>
 	    <para>
-		  This menu contains items to manipulate display filters, enable or 
+		  This menu contains items to manipulate display filters, enable or
 		  disable the dissection of protocols, configure user specified decodes
 		  and follow a TCP stream.
 		  See <xref linkend="ChUseAnalyzeMenuSection"/>.
@@ -206,7 +206,7 @@
 	  <listitem>
 	    <para>
 	      This menu contains menu-items to display various statistic windows,
-		  including a summary of the packets that have been captured, 
+		  including a summary of the packets that have been captured,
 		  display protocol hierarchy statistics and much more.
 		  See <xref linkend="ChUseStatisticsMenuSection"/>.
 	    </para>
@@ -215,7 +215,7 @@
 	<varlistentry><term><command>Help</command></term>
 	  <listitem>
 	    <para>
-	      This menu contains items to help the user, like access to some basic 
+	      This menu contains items to help the user, like access to some basic
 		  help, a list of the supported protocols, manual pages, online access
 		  to some of the webpages, and the usual about dialog.
 		  See <xref linkend="ChUseHelpMenuSection"/>.
@@ -223,22 +223,22 @@
 	  </listitem>
 	  </varlistentry>
 	</variablelist>
-      Each of these menu items is described in more detail in the sections 
-	  that follow. 
+      Each of these menu items is described in more detail in the sections
+	  that follow.
     </para>
 	<tip><title>Tip!</title>
 	<para>
-	You can access menu items directly or by pressing the corresponding 
-	accelerator keys, which are shown at the right side of the 
-	menu. For example, you can press the Control (or Strg in German) and the K 
-	keys together to open the capture dialog. 
+	You can access menu items directly or by pressing the corresponding
+	accelerator keys, which are shown at the right side of the
+	menu. For example, you can press the Control (or Strg in German) and the K
+	keys together to open the capture dialog.
 	</para>
 	</tip>
   </section>
 
   <section id="ChUseFileMenuSection"><title>The "File" menu</title>
     <para>
-      The Wireshark file menu contains the fields shown in 
+      The Wireshark file menu contains the fields shown in
       <xref linkend="ChUseTabFile"/>.
     </para>
     <figure id="ChUseWiresharkFileMenu">
@@ -261,8 +261,8 @@
 		<entry><command>Open...</command></entry>
 		<entry>Ctrl+O</entry>
 		<entry><para>
-		    This menu item brings up the file open dialog box that 
-		    allows you to load a capture file for viewing. It is 
+		    This menu item brings up the file open dialog box that
+		    allows you to load a capture file for viewing. It is
 		    discussed in more detail in <xref linkend="ChIOOpen"/>.
 		  </para></entry>
 	      </row>
@@ -270,8 +270,8 @@
 		<entry><command>Open Recent</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item shows a submenu containing the recently opened 
-			capture files. Clicking on one of the submenu items will open the 
+		    This menu item shows a submenu containing the recently opened
+			capture files. Clicking on one of the submenu items will open the
 			corresponding capture file directly.
 		  </para></entry>
 	      </row>
@@ -279,8 +279,8 @@
 		<entry><command>Merge...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up the merge file dialog box that 
-		    allows you to merge a capture file into the currently loaded one. 
+		    This menu item brings up the merge file dialog box that
+		    allows you to merge a capture file into the currently loaded one.
 			It is discussed in more detail in <xref linkend="ChIOMergeSection"/>.
 		  </para></entry>
 	      </row>
@@ -288,7 +288,7 @@
 		<entry><command>Close</command></entry>
 		<entry>Ctrl+W</entry>
 		<entry><para>
-		    This menu item closes the current capture. If you 
+		    This menu item closes the current capture. If you
 		    haven't saved the capture, you will be asked to do so first
 			 (this can be disabled by a preference setting).
 		  </para></entry>
@@ -302,22 +302,22 @@
 		<entry><command>Save</command></entry>
 		<entry>Ctrl+S</entry>
 		<entry><para>
-		    This menu item saves the current capture. If you 
-		    have not set a default capture file name (perhaps with 
-		    the -w &lt;capfile&gt; option), Wireshark pops up the 
-		    Save Capture File As dialog box (which is discussed 
+		    This menu item saves the current capture. If you
+		    have not set a default capture file name (perhaps with
+		    the -w &lt;capfile&gt; option), Wireshark pops up the
+		    Save Capture File As dialog box (which is discussed
 		    further in <xref linkend="ChIOSaveAs"/>).
 		  </para><note>
 		    <title>Note!</title>
 		    <para>
-		      If you have already saved the current capture, this 
+		      If you have already saved the current capture, this
 		      menu item will be greyed out.
 		    </para>
 		  </note><note>
 		    <title>Note!</title>
 		    <para>
-		      You cannot save a live capture while it is in 
-		      progress.  You must stop the capture in order to 
+		      You cannot save a live capture while it is in
+		      progress.  You must stop the capture in order to
 		      save.
 		    </para>
 		  </note></entry>
@@ -326,9 +326,9 @@
 		<entry><command>Save As...</command></entry>
 		<entry>Shift+Ctrl+S</entry>
 		<entry><para>
-		    This menu item allows you to save the current capture 
-		    file to whatever file you would like. It pops up the 
-		    Save Capture File As dialog box (which is discussed 
+		    This menu item allows you to save the current capture
+		    file to whatever file you would like. It pops up the
+		    Save Capture File As dialog box (which is discussed
 		    further in <xref linkend="ChIOSaveAs"/>).
 		  </para></entry>
 	      </row>
@@ -341,8 +341,8 @@
 		<entry><command>File Set > List Files</command></entry>
 		<entry></entry>
 		<entry><para>
-			This menu item allows you to show a list of files in a file set. 
-			It pops up the Wireshark List File Set dialog box (which is 
+			This menu item allows you to show a list of files in a file set.
+			It pops up the Wireshark List File Set dialog box (which is
 			discussed further in <xref linkend="ChIOFileSetSection"/>).
 		  </para></entry>
 	      </row>
@@ -350,8 +350,8 @@
 		<entry><command>File Set > Next File</command></entry>
 		<entry></entry>
 		<entry><para>
-			If the currently loaded file is part of a file set, jump to the 
-			next file in the set. If it isn't part of a file set or just the 
+			If the currently loaded file is part of a file set, jump to the
+			next file in the set. If it isn't part of a file set or just the
 			last file in that set, this item is greyed out.
 		  </para></entry>
 	      </row>
@@ -359,8 +359,8 @@
 		<entry><command>File Set > Previous File</command></entry>
 		<entry></entry>
 		<entry><para>
-			If the currently loaded file is part of a file set, jump to the 
-			previous file in the set. If it isn't part of a file set or just 
+			If the currently loaded file is part of a file set, jump to the
+			previous file in the set. If it isn't part of a file set or just
 			the first file in that set, this item is greyed out.
 		  </para></entry>
 	      </row>
@@ -373,9 +373,9 @@
 		<entry><command>Export > as "Plain Text" file...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item allows you to export all, or some, of the packets in 
-		    the capture file to a plain ASCII text file. 
-			It pops up the Wireshark Export dialog box (which is discussed further in 
+		    This menu item allows you to export all, or some, of the packets in
+		    the capture file to a plain ASCII text file.
+			It pops up the Wireshark Export dialog box (which is discussed further in
 		    <xref linkend="ChIOExportPlainDialog"/>).
 		  </para></entry>
 	      </row>
@@ -383,9 +383,9 @@
 		<entry><command>Export > as "PostScript" file...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item allows you to export the (or some) of the packets in 
-		    the capture file to a PostScript file. 
-			It pops up the Wireshark Export dialog box (which is discussed further in 
+		    This menu item allows you to export the (or some) of the packets in
+		    the capture file to a PostScript file.
+			It pops up the Wireshark Export dialog box (which is discussed further in
 		    <xref linkend="ChIOExportPSDialog"/>).
 		  </para></entry>
 	      </row>
@@ -393,9 +393,9 @@
 		<entry><command>Export > as "CSV" (Comma Separated Values packet summary) file...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item allows you to export the (or some) of the packet summaries in 
-		    the capture file to a .csv file (e.g. used by spreadsheet programs). 
-			It pops up the Wireshark Export dialog box (which is discussed further in 
+		    This menu item allows you to export the (or some) of the packet summaries in
+		    the capture file to a .csv file (e.g. used by spreadsheet programs).
+			It pops up the Wireshark Export dialog box (which is discussed further in
 		    <xref linkend="ChIOExportCSVDialog"/>).
 		  </para></entry>
 	      </row>
@@ -403,9 +403,9 @@
 		<entry><command>Export > as "PSML" file...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item allows you to export the (or some) of the packets in 
-		    the capture file to a PSML (packet summary markup language) XML file. 
-			It pops up the Wireshark Export dialog box (which is discussed further in 
+		    This menu item allows you to export the (or some) of the packets in
+		    the capture file to a PSML (packet summary markup language) XML file.
+			It pops up the Wireshark Export dialog box (which is discussed further in
 		    <xref linkend="ChIOExportPSMLDialog"/>).
 		  </para></entry>
 	      </row>
@@ -413,9 +413,9 @@
 		<entry><command>Export > as "PDML" file...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item allows you to export the (or some) of the packets in 
-		    the capture file to a PDML (packet details markup language) XML file. 
-			It pops up the Wireshark Export dialog box (which is discussed further in 
+		    This menu item allows you to export the (or some) of the packets in
+		    the capture file to a PDML (packet details markup language) XML file.
+			It pops up the Wireshark Export dialog box (which is discussed further in
 		    <xref linkend="ChIOExportPDMLDialog"/>).
 		  </para></entry>
 	      </row>
@@ -423,9 +423,9 @@
 		<entry><command>Export > Selected Packet Bytes...</command></entry>
 		<entry>Ctrl+H</entry>
 		<entry><para>
-		    This menu item allows you to export the currently selected bytes 
-			in the packet bytes pane to a binary file. It pops up the 
-			Wireshark Export dialog box (which is discussed further in 
+		    This menu item allows you to export the currently selected bytes
+			in the packet bytes pane to a binary file. It pops up the
+			Wireshark Export dialog box (which is discussed further in
 		    <xref linkend="ChIOExportSelectedDialog"/>)
 		  </para></entry>
 	      </row>
@@ -438,9 +438,9 @@
 		<entry><command>Print...</command></entry>
 		<entry>Ctrl+P</entry>
 		<entry><para>
-		    This menu item allows you to print all (or some of) the packets in 
-		    the capture file. It pops up the Wireshark Print dialog 
-		    box (which is discussed further in 
+		    This menu item allows you to print all (or some of) the packets in
+		    the capture file. It pops up the Wireshark Print dialog
+		    box (which is discussed further in
 		    <xref linkend="ChIOPrintSection"/>).
 		  </para></entry>
 	      </row>
@@ -453,19 +453,19 @@
 		<entry><command>Quit</command></entry>
 		<entry>Ctrl+Q</entry>
 		<entry><para>
-		    This menu item allows you to quit from Wireshark.  
-			Wireshark will ask to save your capture file if you haven't saved 
-			it before (this can be disabled by a preference setting). 
+		    This menu item allows you to quit from Wireshark.
+			Wireshark will ask to save your capture file if you haven't saved
+			it before (this can be disabled by a preference setting).
 		  </para></entry>
 	      </row>
 	    </tbody>
       </tgroup>
     </table>
   </section>
-  
+
   <section id="ChUseEditMenuSection"><title>The "Edit" menu</title>
     <para>
-      The Wireshark Edit menu contains the fields shown in 
+      The Wireshark Edit menu contains the fields shown in
       <xref linkend="ChUseTabEdit"/>.
     </para>
     <figure id="ChUseWiresharkEditMenu">
@@ -489,9 +489,9 @@
 		<entry><command>Find Packet...</command></entry>
 		<entry>Ctrl+F</entry>
 		<entry><para>
-		    This menu item brings up a dialog box that allows you 
+		    This menu item brings up a dialog box that allows you
 		    to find a packet by many criteria.
-		    There is further information on finding packets in 
+		    There is further information on finding packets in
 		    <xref linkend="ChWorkFindPacketSection"/>.
 		  </para></entry>
 	      </row>
@@ -499,7 +499,7 @@
 		<entry><command>Find Next</command></entry>
 		<entry>Ctrl+N</entry>
 		<entry><para>
-		    This menu item tries to find the next packet matching the 
+		    This menu item tries to find the next packet matching the
 			settings from "Find Packet...".
 		  </para></entry>
 	      </row>
@@ -507,7 +507,7 @@
 		<entry><command>Find Previous</command></entry>
 		<entry>Ctrl+B</entry>
 		<entry><para>
-		    This menu item tries to find the previous packet matching the 
+		    This menu item tries to find the previous packet matching the
 			settings from "Find Packet...".
 		  </para></entry>
 	      </row>
@@ -520,8 +520,8 @@
 		<entry><command>Time Reference > Set Time Reference (toggle)</command></entry>
 		<entry>Ctrl+T</entry>
 		<entry><para>
-		    This menu item set a time reference on the currently selected 
-			packet. See <xref linkend="ChWorkTimeReferencePacketSection"/> for more information 
+		    This menu item set a time reference on the currently selected
+			packet. See <xref linkend="ChWorkTimeReferencePacketSection"/> for more information
 		      about the time referenced packets.
 		  </para></entry>
 	      </row>
@@ -569,10 +569,10 @@
 		<entry><command>Preferences...</command></entry>
 		<entry>Shift+Ctrl+P</entry>
 		<entry><para>
-		    This menu item brings up a dialog box that allows 
-		    you to set preferences for many parameters that control 
-		    Wireshark.  You can also save your preferences so Wireshark 
-		    will use them the next time you start it. More detail 
+		    This menu item brings up a dialog box that allows
+		    you to set preferences for many parameters that control
+		    Wireshark.  You can also save your preferences so Wireshark
+		    will use them the next time you start it. More detail
 		    is provided in <xref linkend="ChCustPreferencesSection"/>.
 		  </para></entry>
 	      </row>
@@ -583,7 +583,7 @@
 
   <section id="ChUseViewMenuSection"><title>The "View" menu</title>
     <para>
-      The Wireshark View menu contains the fields shown in 
+      The Wireshark View menu contains the fields shown in
       <xref linkend="ChUseTabView"/>.
     </para>
     <figure id="ChUseWiresharkViewMenu">
@@ -607,7 +607,7 @@
 		<entry><command>Main Toolbar</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item hides or shows the main toolbar, see 
+		    This menu item hides or shows the main toolbar, see
 		  <xref linkend="ChUseMainToolbarSection"/>.
 		  </para></entry>
 	      </row>
@@ -615,7 +615,7 @@
 		<entry><command>Filter Toolbar</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item hides or shows the filter toolbar, see 
+		    This menu item hides or shows the filter toolbar, see
 		  <xref linkend="ChUseFilterToolbarSection"/>.
 		  </para></entry>
 	      </row>
@@ -623,7 +623,7 @@
 		<entry><command>Statusbar</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item hides or shows the statusbar, see 
+		    This menu item hides or shows the statusbar, see
 		  <xref linkend="ChUseStatusbarSection"/>.
 		  </para></entry>
 	      </row>
@@ -636,7 +636,7 @@
 		<entry><command>Packet List</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item hides or shows the packet list pane, see 
+		    This menu item hides or shows the packet list pane, see
 		  <xref linkend="ChUsePacketListPaneSection"/>.
 		  </para></entry>
 	      </row>
@@ -644,7 +644,7 @@
 		<entry><command>Packet Details</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item hides or shows the packet details pane, see 
+		    This menu item hides or shows the packet details pane, see
 		  <xref linkend="ChUsePacketDetailsPaneSection"/>.
 		  </para></entry>
 	      </row>
@@ -652,7 +652,7 @@
 		<entry><command>Packet Bytes</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item hides or shows the packet bytes pane, see 
+		    This menu item hides or shows the packet bytes pane, see
 		  <xref linkend="ChUsePacketBytesPaneSection"/>.
 		  </para></entry>
 	      </row>
@@ -665,13 +665,13 @@
 		<entry><command>Time Display Format > Date and Time of Day:  1970-01-01 01:02:03.123456</command></entry>
 		<entry></entry>
 		<entry><para>
-	      Selecting this tells Wireshark to display the 
-	      time stamps in date and time of day format, see 
+	      Selecting this tells Wireshark to display the
+	      time stamps in date and time of day format, see
 		  <xref linkend="ChWorkTimeFormatsSection"/>.
 		  <note><title>Note!</title>
 		  <para>
-		  The fields "Time of Day", "Date and Time of 
-	      Day", "Seconds Since Beginning of Capture" and "Seconds Since 
+		  The fields "Time of Day", "Date and Time of
+	      Day", "Seconds Since Beginning of Capture" and "Seconds Since
 	      Previous Packet" are mutually exclusive.
 		  </para>
 		  </note>
@@ -681,17 +681,17 @@
 		<entry><command>Time Display Format > Time of Day:  01:02:03.123456</command></entry>
 		<entry></entry>
 		<entry><para>
-	      Selecting this tells Wireshark to display time 
-	      stamps in time of day format, see 
-		  <xref linkend="ChWorkTimeFormatsSection"/>. 
+	      Selecting this tells Wireshark to display time
+	      stamps in time of day format, see
+		  <xref linkend="ChWorkTimeFormatsSection"/>.
 		  </para></entry>
 	      </row>
 	      <row>
 		<entry><command>Time Display Format > Seconds Since Beginning of Capture:  123.123456</command></entry>
 		<entry></entry>
 		<entry><para>
-	      Selecting this tells Wireshark to display time 
-	      stamps in seconds since beginning of capture format, see 
+	      Selecting this tells Wireshark to display time
+	      stamps in seconds since beginning of capture format, see
 		  <xref linkend="ChWorkTimeFormatsSection"/>.
 		  </para></entry>
 	      </row>
@@ -699,8 +699,8 @@
 		<entry><command>Time Display Format > Seconds Since Previous Packet:  1.123456</command></entry>
 		<entry></entry>
 		<entry><para>
-	      Selecting this tells Wireshark to display time stamps in 
-	      seconds since previous packet format, see 
+	      Selecting this tells Wireshark to display time stamps in
+	      seconds since previous packet format, see
 		  <xref linkend="ChWorkTimeFormatsSection"/>.
 		  </para></entry>
 	      </row>
@@ -713,8 +713,8 @@
 		<entry><command>Time Display Format > Automatic (File Format Precision)</command></entry>
 		<entry></entry>
 		<entry><para>
-	      Selecting this tells Wireshark to display time stamps with the 
-		  precision given by the capture file format used, see 
+	      Selecting this tells Wireshark to display time stamps with the
+		  precision given by the capture file format used, see
 		  <xref linkend="ChWorkTimeFormatsSection"/>.
 		  <note><title>Note!</title>
 		  <para>
@@ -727,7 +727,7 @@
 		<entry><command>Time Display Format > Seconds:  0</command></entry>
 		<entry></entry>
 		<entry><para>
-	      Selecting this tells Wireshark to display time stamps with a precision of one second, see 
+	      Selecting this tells Wireshark to display time stamps with a precision of one second, see
 		  <xref linkend="ChWorkTimeFormatsSection"/>.
 		  </para></entry>
 	      </row>
@@ -735,7 +735,7 @@
 		<entry><command>Time Display Format > ...seconds:  0....</command></entry>
 		<entry></entry>
 		<entry><para>
-	      Selecting this tells Wireshark to display time stamps with a precision of one second, decisecond, centisecond, millisecond, microsecond or nanosecond, see 
+	      Selecting this tells Wireshark to display time stamps with a precision of one second, decisecond, centisecond, millisecond, microsecond or nanosecond, see
 		  <xref linkend="ChWorkTimeFormatsSection"/>.
 		  </para></entry>
 	      </row>
@@ -743,7 +743,7 @@
 		<entry><command>Name Resolution > Resolve Name</command></entry>
 		<entry></entry>
 		<entry><para>
-		This item allows you to trigger a name resolve of the current packet 
+		This item allows you to trigger a name resolve of the current packet
 		only, see <xref linkend="ChAdvNameResolutionSection"/>.
 		  </para></entry>
 	      </row>
@@ -751,7 +751,7 @@
 		<entry><command>Name Resolution > Enable for MAC Layer</command></entry>
 		<entry></entry>
 		<entry><para>
-		This item allows you to control whether or not 
+		This item allows you to control whether or not
 		Wireshark translates MAC addresses into names, see
 		  <xref linkend="ChAdvNameResolutionSection"/>.
 		  </para></entry>
@@ -760,7 +760,7 @@
 		<entry><command>Name Resolution > Enable for Network Layer</command></entry>
 		<entry></entry>
 		<entry><para>
-		This item allows you to control whether or not 
+		This item allows you to control whether or not
 		Wireshark translates network addresses into names, see
 		  <xref linkend="ChAdvNameResolutionSection"/>.
 		  </para></entry>
@@ -769,7 +769,7 @@
 		<entry><command>Name Resolution > Enable for Transport Layer</command></entry>
 		<entry></entry>
 		<entry><para>
-		This item allows you to control whether or not 
+		This item allows you to control whether or not
 		Wireshark translates transport addresses into names, see
 		  <xref linkend="ChAdvNameResolutionSection"/>.
 		  </para></entry>
@@ -778,10 +778,10 @@
 		<entry><command>Colorize Packet List</command></entry>
 		<entry></entry>
 		<entry><para>
-		This item allows you to control wether or not Wireshark should colorize 
+		This item allows you to control wether or not Wireshark should colorize
 		the packet list.</para>
 		<note><title>Note!</title><para>
-		Enabling colorization will slow down the display 
+		Enabling colorization will slow down the display
 		of new packets while capturing / loading capture files.
 		  </para></note></entry>
 	      </row>
@@ -789,11 +789,11 @@
 		<entry><command>Auto Scroll in Live Capture</command></entry>
 		<entry></entry>
 		<entry><para>
-		This item allows you to specify that Wireshark 
-		should scroll the packet list pane as new packets come 
-		in, so you are always looking at the last packet.  If you 
-		do not specify this, Wireshark simply adds new packets onto 
-		the end of the list, but does not scroll the packet list 
+		This item allows you to specify that Wireshark
+		should scroll the packet list pane as new packets come
+		in, so you are always looking at the last packet.  If you
+		do not specify this, Wireshark simply adds new packets onto
+		the end of the list, but does not scroll the packet list
 		pane.
 		  </para></entry>
 	      </row>
@@ -830,7 +830,7 @@
 		  Resize all column widths so the content will fit into it.
 		  </para>
 		  <note><title>Note!</title><para>
-		  Resizing may take a significant amount of time, especially if a 
+		  Resizing may take a significant amount of time, especially if a
 		  large capture file is loaded.
 		  </para></note>
 		  </entry>
@@ -844,27 +844,27 @@
 		<entry><command>Expand Subtrees</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item expands the currently selected subtree in the 
-			packet details tree. 
+		    This menu item expands the currently selected subtree in the
+			packet details tree.
 		  </para></entry>
 	      </row>
 	      <row>
 		<entry><command>Expand All</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Wireshark keeps a list of all the protocol subtrees 
-		    that are expanded, and uses it to ensure that the 
-		    correct subtrees are expanded when you display a packet. 
-		    This menu item expands all subtrees in all packets in 
-		    the capture. 
+		    Wireshark keeps a list of all the protocol subtrees
+		    that are expanded, and uses it to ensure that the
+		    correct subtrees are expanded when you display a packet.
+		    This menu item expands all subtrees in all packets in
+		    the capture.
 		  </para></entry>
 	      </row>
 	      <row>
 		<entry><command>Collapse All</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item collapses the tree view of all packets 
-		    in the capture list.  
+		    This menu item collapses the tree view of all packets
+		    in the capture list.
 		  </para></entry>
 	      </row>
 	      <row>
@@ -876,9 +876,9 @@
 		<entry><command>Coloring Rules...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up a dialog box that allows you 
-		    to color packets in the packet list pane according to 
-		    filter expressions you choose. It can be very useful 
+		    This menu item brings up a dialog box that allows you
+		    to color packets in the packet list pane according to
+		    filter expressions you choose. It can be very useful
 		    for spotting certain types of packets, see
 		  <xref linkend="ChCustColorizationSection"/>.
 		  </para></entry>
@@ -892,16 +892,16 @@
 		<entry><command>Show Packet in New Window</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up the selected packet in a 
-		    separate window. The separate window shows only the 
-		    tree view and byte view panes. 
+		    This menu item brings up the selected packet in a
+		    separate window. The separate window shows only the
+		    tree view and byte view panes.
 		  </para></entry>
 	      </row>
 	      <row>
 		<entry><command>Reload</command></entry>
 		<entry>Ctrl-R</entry>
 		<entry><para>
-		    This menu item allows you to reload the current 
+		    This menu item allows you to reload the current
 		    capture file.
 		  </para></entry>
 	      </row>
@@ -912,7 +912,7 @@
 
   <section id="ChUseGoMenuSection"><title>The "Go" menu</title>
     <para>
-      The Wireshark Go menu contains the fields shown in 
+      The Wireshark Go menu contains the fields shown in
       <xref linkend="ChUseTabGo"/>.
     </para>
     <figure id="ChUseWiresharkGoMenu">
@@ -936,7 +936,7 @@
 		<entry><command>Back</command></entry>
 		<entry>Alt+Left</entry>
 		<entry><para>
-		    Jump to the recently visited packet in the packet 
+		    Jump to the recently visited packet in the packet
 			history, much like the page history in a web browser.
 		  </para></entry>
 	      </row>
@@ -944,7 +944,7 @@
 		<entry><command>Forward</command></entry>
 		<entry>Alt+Right</entry>
 		<entry><para>
-		    Jump to the next visited packet in the packet 
+		    Jump to the next visited packet in the packet
 			history, much like the page history in a web browser.
 		  </para></entry>
 	      </row>
@@ -952,7 +952,7 @@
 		<entry><command>Go to Packet...</command></entry>
 		<entry>Ctrl-G</entry>
 		<entry><para>
-		    Bring up a dialog box that allows you 
+		    Bring up a dialog box that allows you
 		    to specify a packet number, and then goes to that packet. See
 			<xref linkend="ChWorkGoToPacketSection"/> for details.
 		  </para></entry>
@@ -961,8 +961,8 @@
 		<entry><command>Go to Corresponding Packet</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Go to the corresponding packet of the currently 
-			selected protocol field. If the selected field doesn't correspond 
+		    Go to the corresponding packet of the currently
+			selected protocol field. If the selected field doesn't correspond
 			to a packet, this item is greyed out.
 		  </para></entry>
 	      </row>
@@ -992,7 +992,7 @@
 
   <section id="ChUseCaptureMenuSection"><title>The "Capture" menu</title>
     <para>
-      The Wireshark Capture menu contains the fields shown in 
+      The Wireshark Capture menu contains the fields shown in
       <xref linkend="ChUseTabCap"/>.
     </para>
     <figure id="ChUseWiresharkCaptureMenu">
@@ -1016,7 +1016,7 @@
 		<entry><command>Interfaces...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up a dialog box that shows what's going on 
+		    This menu item brings up a dialog box that shows what's going on
 			at the network interfaces Wireshark knows of, see
 			<xref linkend="ChCapInterfaceSection"/>) .
 		  </para></entry>
@@ -1025,9 +1025,9 @@
 		<entry><command>Options...</command></entry>
 		<entry>Ctrl+K</entry>
 		<entry><para>
-		    This menu item brings up the Capture Options 
-		    dialog box (discussed further in 
-		    <xref linkend="ChCapCaptureOptions"/>) and allows you to 
+		    This menu item brings up the Capture Options
+		    dialog box (discussed further in
+		    <xref linkend="ChCapCaptureOptions"/>) and allows you to
 		      start capturing packets.
 		  </para></entry>
 	      </row>
@@ -1035,7 +1035,7 @@
 		<entry><command>Start</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Immediately start capturing packets with the same settings than 
+		    Immediately start capturing packets with the same settings than
 			the last time.
 		  </para></entry>
 	      </row>
@@ -1051,7 +1051,7 @@
 		<entry><command>Restart</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item stops the currently running capture and starts 
+		    This menu item stops the currently running capture and starts
 			again with the same options, this is just for convenience.
 		  </para></entry>
 	      </row>
@@ -1059,10 +1059,10 @@
 		<entry><command>Capture Filters...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up a dialog box that allows you to 
-		    create and edit capture filters. You can name filters, 
-		    and you can save them for future use. More detail on 
-		    this subject is provided in 
+		    This menu item brings up a dialog box that allows you to
+		    create and edit capture filters. You can name filters,
+		    and you can save them for future use. More detail on
+		    this subject is provided in
 		    <xref linkend="ChWorkDefineFilterSection"/>
 		  </para></entry>
 	      </row>
@@ -1070,10 +1070,10 @@
       </tgroup>
     </table>
   </section>
-  
+
   <section id="ChUseAnalyzeMenuSection"><title>The "Analyze" menu</title>
     <para>
-      The Wireshark Analyze menu contains the fields shown in 
+      The Wireshark Analyze menu contains the fields shown in
       <xref linkend="ChUseAnalyze"/>.
     </para>
     <figure id="ChUseWiresharkAnalyzeMenu">
@@ -1096,10 +1096,10 @@
 		<entry><command>Display Filters...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up a dialog box that allows you 
-		    to create and edit display filters. You can name 
-		    filters, and you can save them for future use. More 
-		    detail on this subject is provided in 
+		    This menu item brings up a dialog box that allows you
+		    to create and edit display filters. You can name
+		    filters, and you can save them for future use. More
+		    detail on this subject is provided in
 		    <xref linkend="ChWorkDefineFilterSection"/>
 		  </para></entry>
 	      </row>
@@ -1107,9 +1107,9 @@
 		<entry><command>Apply as Filter > ...</command></entry>
 		<entry></entry>
 		<entry><para>
-			These menu items will change the current display filter and apply 
+			These menu items will change the current display filter and apply
 			the changed filter immediately. Depending on the chosen menu item,
-			the current display filter string will be replaced or appended to 
+			the current display filter string will be replaced or appended to
 			by the selected protocol field in the packet details pane.
 		  </para></entry>
 	      </row>
@@ -1117,13 +1117,26 @@
 		<entry><command>Prepare a Filter > ...</command></entry>
 		<entry></entry>
 		<entry><para>
-			These menu items will change the current display filter but won't 
+			These menu items will change the current display filter but won't
 			apply the changed filter. Depending on the chosen menu item,
 			the current display filter string will be replaced or appended to
 			by the selected protocol field in the packet details pane.
 		  </para></entry>
 	      </row>
 	      <row>
+		<entry><command>Firewall ACL Rules</command></entry>
+		<entry></entry>
+		<entry><para>
+		  This allows you to create command-line ACL rules for many different
+			firewall products, including Cisco IOS, Linux Netfilter (iptables),
+			OpenBSD pf and Windows Firewall (via netsh).  Rules for MAC addresses,
+			IPv4 addresses, TCP and UDP ports, and IPv4+port combinations are
+			supported.
+			</para><para>
+			It is assumed that the rules will be applied to an outside interface.
+		  </para></entry>
+	      </row>
+	      <row>
 		<entry><command>------</command></entry>
 		<entry></entry>
 		<entry></entry>
@@ -1132,7 +1145,7 @@
 		<entry><command>Enabled Protocols...</command></entry>
 		<entry>Shift+Ctrl+R</entry>
 		<entry><para>
-			This menu item allows the user to enable/disable protocol 
+			This menu item allows the user to enable/disable protocol
 			dissectors, see <xref linkend="ChAdvEnabledProtocols"/>
 		  </para></entry>
 	      </row>
@@ -1140,8 +1153,8 @@
 		<entry><command>Decode As...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item allows the user to force Wireshark to 
-		    decode certain packets as a particular protocol, see 
+		    This menu item allows the user to force Wireshark to
+		    decode certain packets as a particular protocol, see
 			<xref linkend="ChAdvDecodeAs"/>
 		  </para></entry>
 	      </row>
@@ -1149,8 +1162,8 @@
 		<entry><command>User Specified Decodes...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item allows the user to force Wireshark to 
-		    decode certain packets as a particular protocol, see 
+		    This menu item allows the user to force Wireshark to
+		    decode certain packets as a particular protocol, see
 			<xref linkend="ChAdvDecodeAsShow"/>
 		  </para></entry>
 	      </row>
@@ -1163,8 +1176,8 @@
 		<entry><command>Follow TCP Stream</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up a separate window and displays 
-		    all the TCP segments captured that are on the same TCP 
+		    This menu item brings up a separate window and displays
+		    all the TCP segments captured that are on the same TCP
 		    connection as a selected packet, see
 		    <xref linkend="ChAdvFollowTCPSection"/>
 		  </para></entry>
@@ -1176,7 +1189,7 @@
 
   <section id="ChUseStatisticsMenuSection"><title>The "Statistics" menu</title>
     <para>
-      The Wireshark Statistics menu contains the fields shown in 
+      The Wireshark Statistics menu contains the fields shown in
       <xref linkend="ChUseStatistics"/>.
     </para>
     <figure id="ChUseWiresharkStatisticsMenu">
@@ -1184,7 +1197,7 @@
       <graphic entityref="WiresharkStatisticsMenu" format="PNG"/>
     </figure>
     <para>
-	All menu items will bring up a new window showing specific statistical 
+	All menu items will bring up a new window showing specific statistical
 	information.
     </para>
     <table id="ChUseStatistics" frame="none">
@@ -1204,15 +1217,15 @@
 		<entry><command>Summary</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Show information about the data captured, see <xref 
-			linkend="ChStatSummary"/>. 
+		    Show information about the data captured, see <xref
+			linkend="ChStatSummary"/>.
 		  </para></entry>
 	      </row>
 	      <row>
 		<entry><command>Protocol Hierarchy</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Display a hierarchical tree of protocol statistics, see <xref 
+		    Display a hierarchical tree of protocol statistics, see <xref
 			linkend="ChStatHierarchy"/>.
 		  </para></entry>
 	      </row>
@@ -1220,7 +1233,7 @@
 		<entry><command>Conversations</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Display a list of conversations (traffic between two endpoints), 
+		    Display a list of conversations (traffic between two endpoints),
 			see <xref linkend="ChStatConversationsWindow"/>.
 		  </para></entry>
 	      </row>
@@ -1228,7 +1241,7 @@
 		<entry><command>Endpoints</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Display a list of endpoints (traffic to/from an address), see 
+		    Display a list of endpoints (traffic to/from an address), see
 			<xref linkend="ChStatEndpointsWindow"/>.
 		  </para></entry>
 	      </row>
@@ -1236,7 +1249,7 @@
 		<entry><command>IO Graphs</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Display user specified graphs (e.g. the number of packets in the 
+		    Display user specified graphs (e.g. the number of packets in the
 			course of time), see <xref linkend="ChStatIOGraphs"/>.
 		  </para></entry>
 	      </row>
@@ -1249,8 +1262,8 @@
 		<entry><command>Conversation List</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Display a list of conversations, obsoleted by the combined window 
-			of Conversations above, see 
+		    Display a list of conversations, obsoleted by the combined window
+			of Conversations above, see
 			<xref linkend="ChStatConversationListWindow"/>.
 		  </para></entry>
 	      </row>
@@ -1258,8 +1271,8 @@
 		<entry><command>Endpoint List</command></entry>
 		<entry></entry>
 		<entry><para>
-		    Display a list of endpoints, obsoleted by the combined window 
-			of Endpoints above, see 
+		    Display a list of endpoints, obsoleted by the combined window
+			of Endpoints above, see
 			<xref linkend="ChStatEndpointListWindow"/>.
 		  </para></entry>
 	      </row>
@@ -1267,7 +1280,7 @@
 		<entry><command>Service Response Time</command></entry>
 		<entry></entry>
 		<entry><para>
-			Display the time between a request and the corresponding response, see 
+			Display the time between a request and the corresponding response, see
 			<xref linkend="ChStatSRT"/>.
 		  </para></entry>
 	      </row>
@@ -1360,10 +1373,10 @@
       </tgroup>
     </table>
   </section>
-  
+
   <section id="ChUseHelpMenuSection"><title>The "Help" menu</title>
     <para>
-      The Wireshark Help menu contains the fields shown in 
+      The Wireshark Help menu contains the fields shown in
       <xref linkend="ChUseHelp"/>.
     </para>
     <figure id="ChUseWiresharkHelpMenu">
@@ -1394,7 +1407,7 @@
 		<entry><command>Supported Protocols</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up a dialog box showing the supported 
+		    This menu item brings up a dialog box showing the supported
 			protocols and protocol fields.
 		  </para></entry>
 	      </row>
@@ -1402,7 +1415,7 @@
 		<entry><command>Manual Pages > ...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item starts a Web browser showing one of the locally 
+		    This menu item starts a Web browser showing one of the locally
 			installed html manual pages.
 		  </para></entry>
 	      </row>
@@ -1410,8 +1423,8 @@
 		<entry><command>Wireshark Online > ...</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item starts a Web browser showing the chosen 
-			webpage from: 
+		    This menu item starts a Web browser showing the chosen
+			webpage from:
 			<ulink url="&WiresharkWebSite;">&WiresharkWebSite;</ulink>.
 		  </para></entry>
 	      </row>
@@ -1424,8 +1437,8 @@
 		<entry><command>About Wireshark</command></entry>
 		<entry></entry>
 		<entry><para>
-		    This menu item brings up an information window that 
-		    provides some information on Wireshark, such as the plugins, the 
+		    This menu item brings up an information window that
+		    provides some information on Wireshark, such as the plugins, the
 			used folders, ...
 		  </para></entry>
 	      </row>
@@ -1440,22 +1453,22 @@
 	</note>
 	<note><title>Note!</title>
 	<para>
-	If calling a Web browser fails on your machine, maybe because just nothing 
-	happens or the browser is started but no page is shown, have a look at the 
+	If calling a Web browser fails on your machine, maybe because just nothing
+	happens or the browser is started but no page is shown, have a look at the
 	webbrowser setting in the preferences dialog.
 	</para>
 	</note>
-  </section> 
+  </section>
 
   <section id="ChUseMainToolbarSection"><title>The "Main" toolbar</title>
     <para>
-      The main toolbar provides quick access to frequently used items from the 
+      The main toolbar provides quick access to frequently used items from the
 	  menu. This toolbar cannot be customized by the user, but it can be hidden
-	  using the View menu, if the space on the screen is needed to show even 
+	  using the View menu, if the space on the screen is needed to show even
 	  more packet data.
     </para>
     <para>
-	As in the menu, only the items useful in the current program state will 
+	As in the menu, only the items useful in the current program state will
 	be available. The others will be greyed out (e.g. you cannot save a capture
 	file if you haven't loaded one).
     <figure id="ChUseWiresharkMainToolbar">
@@ -1483,8 +1496,8 @@
 		<entry><command>Interfaces...</command></entry>
 		<entry>Capture/Interfaces...</entry>
 		<entry><para>
-		    This item brings up the Capture Interfaces List 
-		    dialog box (discussed further in 
+		    This item brings up the Capture Interfaces List
+		    dialog box (discussed further in
 		    <xref linkend="ChCapCapturingSection"/>).
 		  </para>
 		  </entry>
@@ -1494,9 +1507,9 @@
 		<entry><command>Options...</command></entry>
 		<entry>Capture/Options...</entry>
 		<entry><para>
-		    This item brings up the Capture Options 
-		    dialog box (discussed further in 
-		    <xref linkend="ChCapCapturingSection"/>) and allows you to 
+		    This item brings up the Capture Options
+		    dialog box (discussed further in
+		    <xref linkend="ChCapCapturingSection"/>) and allows you to
 		      start capturing packets.
 		  </para>
 		  </entry>
@@ -1506,7 +1519,7 @@
 		<entry><command>Start</command></entry>
 		<entry>Capture/Start</entry>
 		<entry><para>
-		    This item starts capturing packets with the options form 
+		    This item starts capturing packets with the options form
 			the last time.
 		  </para>
 		  </entry>
@@ -1516,7 +1529,7 @@
 		<entry><command>Stop</command></entry>
 		<entry>Capture/Stop</entry>
 		<entry><para>
-		    This item stops the currently running live capture process 
+		    This item stops the currently running live capture process
 			<xref linkend="ChCapCapturingSection"/>).
 		  </para>
 		  </entry>
@@ -1526,7 +1539,7 @@
 		<entry><command>Restart</command></entry>
 		<entry>Capture/Restart</entry>
 		<entry><para>
-		    This item stops the currently running live capture process 
+		    This item stops the currently running live capture process
 			and restarts it again, for convenience.
 		  </para>
 		  </entry>
@@ -1541,8 +1554,8 @@
 		<entry><command>Open...</command></entry>
 		<entry>File/Open...</entry>
 		<entry><para>
-		    This item brings up the file open dialog box that 
-		    allows you to load a capture file for viewing. It is 
+		    This item brings up the file open dialog box that
+		    allows you to load a capture file for viewing. It is
 		    discussed in more detail in <xref linkend="ChIOOpen"/>.
 		  </para></entry>
 	      </row>
@@ -1551,14 +1564,14 @@
 		<entry><command>Save As...</command></entry>
 		<entry>File/Save As...</entry>
 		<entry><para>
-		    This item allows you to save the current capture file to whatever 
-			file you would like. It pops up the Save Capture File As dialog 
-			box (which is discussed further in <xref linkend="ChIOSaveAs"/>). 
+		    This item allows you to save the current capture file to whatever
+			file you would like. It pops up the Save Capture File As dialog
+			box (which is discussed further in <xref linkend="ChIOSaveAs"/>).
 			</para>
 			<note><title>Note!</title>
 			<para>
-			If you currently have a temporary capture file, the Save icon 
-			<inlinegraphic entityref="WiresharkToolbarSave" format="PNG"/> will be 
+			If you currently have a temporary capture file, the Save icon
+			<inlinegraphic entityref="WiresharkToolbarSave" format="PNG"/> will be
 			shown instead.
 		  </para></note>
 		  </entry>
@@ -1568,7 +1581,7 @@
 		<entry><command>Close</command></entry>
 		<entry>File/Close</entry>
 		<entry><para>
-		    This item closes the current capture. If you 
+		    This item closes the current capture. If you
 		    have not saved the capture, you will be asked to save it first.
 		  </para></entry>
 	      </row>
@@ -1585,9 +1598,9 @@
 		<entry><command>Print...</command></entry>
 		<entry>File/Print...</entry>
 		<entry><para>
-		    This item allows you to print all (or some of) the packets in 
-		    the capture file. It pops up the Wireshark Print dialog 
-		    box (which is discussed further in 
+		    This item allows you to print all (or some of) the packets in
+		    the capture file. It pops up the Wireshark Print dialog
+		    box (which is discussed further in
 		    <xref linkend="ChIOPrintSection"/>).
 		  </para></entry>
 	      </row>
@@ -1601,8 +1614,8 @@
 		<entry><command>Find Packet...</command></entry>
 		<entry>Edit/Find Packet...</entry>
 		<entry><para>
-		    This item brings up a dialog box that allows you 
-		    to find a packet. There is further information on finding packets 
+		    This item brings up a dialog box that allows you
+		    to find a packet. There is further information on finding packets
 			in <xref linkend="ChWorkFindPacketSection"/>.
 		  </para></entry>
 	      </row>
@@ -1627,7 +1640,7 @@
 		<entry><command>Go to Packet...</command></entry>
 		<entry>Go/Go to Packet...</entry>
 		<entry><para>
-		    This item brings up a dialog box that allows you 
+		    This item brings up a dialog box that allows you
 		    to specify a packet number to go to that packet.
 		  </para></entry>
 	      </row>
@@ -1646,7 +1659,7 @@
 		<entry><para>
 		    This item jumps to the last packet of the capture file.
 		  </para></entry>
-	      </row>		  
+	      </row>
 	      <row>
 		<entry><command>------</command></entry>
 		<entry></entry>
@@ -1715,10 +1728,10 @@
 		<entry><command>Capture Filters...</command></entry>
 		<entry>Capture/Capture Filters...</entry>
 		<entry><para>
-		    This item brings up a dialog box that allows you to 
-		    create and edit capture filters. You can name filters, 
-		    and you can save them for future use. More detail on 
-		    this subject is provided in 
+		    This item brings up a dialog box that allows you to
+		    create and edit capture filters. You can name filters,
+		    and you can save them for future use. More detail on
+		    this subject is provided in
 		    <xref linkend="ChWorkDefineFilterSection"/>.
 		  </para></entry>
 	      </row>
@@ -1727,10 +1740,10 @@
 		<entry><command>Display Filters...</command></entry>
 		<entry>Analyze/Display Filters...</entry>
 		<entry><para>
-		    This item brings up a dialog box that allows you 
-		    to create and edit display filters. You can name 
-		    filters, and you can save them for future use. More 
-		    detail on this subject is provided in 
+		    This item brings up a dialog box that allows you
+		    to create and edit display filters. You can name
+		    filters, and you can save them for future use. More
+		    detail on this subject is provided in
 		    <xref linkend="ChWorkDefineFilterSection"/>.
 		  </para></entry>
 	      </row>
@@ -1739,11 +1752,11 @@
 		<entry><command>Coloring Rules...</command></entry>
 		<entry>View/Coloring Rules...</entry>
 		<entry><para>
-		    This item brings up a dialog box that allows you 
-		    color packets in the packet list pane according to 
-		    filter expressions you choose. It can be very useful 
-		    for spotting certain types of packets. More 
-		    detail on this subject is provided in 
+		    This item brings up a dialog box that allows you
+		    color packets in the packet list pane according to
+		    filter expressions you choose. It can be very useful
+		    for spotting certain types of packets. More
+		    detail on this subject is provided in
 		    <xref linkend="ChCustColorizationSection"/>.
 		  </para></entry>
 	      </row>
@@ -1752,10 +1765,10 @@
 		<entry><command>Preferences...</command></entry>
 		<entry>Edit/Preferences</entry>
 		<entry><para>
-		    This item brings up a dialog box that allows 
-		    you to set preferences for many parameters that control 
-		    Wireshark.  You can also save your preferences so Wireshark 
-		    will use them the next time you start it. More detail 
+		    This item brings up a dialog box that allows
+		    you to set preferences for many parameters that control
+		    Wireshark.  You can also save your preferences so Wireshark
+		    will use them the next time you start it. More detail
 		    is provided in <xref linkend="ChCustPreferencesSection"/>
 		  </para></entry>
 	      </row>
@@ -1775,12 +1788,12 @@
 	    </tbody>
       </tgroup>
     </table>
-  </section> 
-	  
+  </section>
+
   <section id="ChUseFilterToolbarSection"><title>The "Filter" toolbar</title>
     <para>
-      The filter toolbar lets you quickly edit and apply display filters. More information on 
-	    display filters is available in <xref linkend="ChWorkDisplayFilterSection"/>. 
+      The filter toolbar lets you quickly edit and apply display filters. More information on
+	    display filters is available in <xref linkend="ChWorkDisplayFilterSection"/>.
     <figure id="ChUseWiresharkFilterToolbar">
       <title>The "Filter" toolbar</title>
       <graphic entityref="WiresharkFilterToolbar" format="PNG"/>
@@ -1788,25 +1801,25 @@
       <itemizedlist>
 	<listitem>
 	  <para>
-	    The leftmost button labeled "Filter:" can be clicked to 
+	    The leftmost button labeled "Filter:" can be clicked to
 	    bring up the filter construction dialog, described in <xref linkend="FiltersDialog"/>.
 	  </para>
 	</listitem>
-	<listitem> 
+	<listitem>
 	  <para>
 	    The left middle text box provides an area to enter or edit display
 	    filter strings, see <xref linkend="ChWorkBuildDisplayFilterSection"/>
-		. A syntax check of your filter string is done while you are typing. 
-		The background will turn red if you enter an incomplete or invalid 
-		string, and will become green when you enter a valid string. You can 
-		click on the pull down arrow to select a previously-entered filter 
-		string from a list. The entries in the pull down list will remain 
+		. A syntax check of your filter string is done while you are typing.
+		The background will turn red if you enter an incomplete or invalid
+		string, and will become green when you enter a valid string. You can
+		click on the pull down arrow to select a previously-entered filter
+		string from a list. The entries in the pull down list will remain
 		available even after a program restart.
 	  </para>
 	  <note><title>Note!</title>
 	  <para>
-	  	After you've changed something in this field, don't forget to press 
-		the Apply button (or the Enter/Return key), to apply this filter 
+	  	After you've changed something in this field, don't forget to press
+		the Apply button (or the Enter/Return key), to apply this filter
 		string to the display.
 	  </para>
 	  </note>
@@ -1819,19 +1832,19 @@
 	<listitem>
 	  <para>
 	    The middle button labeled "Add Expression..." opens a dialog box that lets
-		you edit a display filter from a list of protocol fields, described in 
+		you edit a display filter from a list of protocol fields, described in
 		 <xref linkend="ChWorkFilterAddExpressionSection"/>
 	  </para>
 	</listitem>
 	<listitem>
 	  <para>
-	    The right middle button labeled "Clear" resets the current 
+	    The right middle button labeled "Clear" resets the current
 	    display filter and clears the edit area.
 	  </para>
 	</listitem>
 	<listitem>
-	  <para> 
-	    The rightmost button labeled "Apply" applies the current 
+	  <para>
+	    The rightmost button labeled "Apply" applies the current
 	    value in the edit area as the new display filter.
 	  </para>
 	</listitem>
@@ -1842,36 +1855,36 @@
 		Applying a display filter on large capture files might take quite a long time!
 	  </para>
 	  </note>
-  </section> 
-	  
+  </section>
+
   <section id="ChUsePacketListPaneSection"><title>The "Packet List" pane</title>
     <para>
-      The packet list pane displays all the packets in the current capture 
+      The packet list pane displays all the packets in the current capture
 	  file.
     <figure id="ChUseWiresharkListPane">
       <title>The "Packet List" pane</title>
       <graphic entityref="WiresharkListPane" format="PNG"/>
     </figure>
-	Each line in the packet list corresponds to one packet in the capture 
-	file. If you select a line in this pane, more details will be displayed in 
+	Each line in the packet list corresponds to one packet in the capture
+	file. If you select a line in this pane, more details will be displayed in
 	the "Packet Details" and "Packet Bytes" panes.
     </para>
     <para>
-	While dissecting a packet, Wireshark will place information from the 
+	While dissecting a packet, Wireshark will place information from the
 	protocol dissectors into the columns. As higher level protocols might
-	overwrite information from lower levels, you will typically see the 
-	information from the highest possible level only. 
+	overwrite information from lower levels, you will typically see the
+	information from the highest possible level only.
     </para>
-    <para>	
+    <para>
 	For example, let's look at a packet containing TCP inside IP inside
-	an Ethernet packet. The Ethernet dissector will write its data (such as 
-	the Ethernet addresses), the IP dissector will overwrite this by its own 
-	(such as the IP addresses), the TCP dissector will overwrite the IP 
+	an Ethernet packet. The Ethernet dissector will write its data (such as
+	the Ethernet addresses), the IP dissector will overwrite this by its own
+	(such as the IP addresses), the TCP dissector will overwrite the IP
 	information, and so on.
     </para>
     <para>
-	There are a lot of different columns available. Which columns are 
-	displayed can be selected by preference settings, see 
+	There are a lot of different columns available. Which columns are
+	displayed can be selected by preference settings, see
 	<xref linkend="ChCustPreferencesSection"/>.
     </para>
     <para>
@@ -1879,19 +1892,19 @@
 	<itemizedlist>
 	<listitem>
 	  <para><command>No.</command>
-	  The number of the packet in the capture file. This number won't change, 
+	  The number of the packet in the capture file. This number won't change,
 	  even if a display filter is used.
 	  </para>
 	</listitem>
 	<listitem>
 	  <para><command>Time</command>
-	  The timestamp of the packet. The presentation format of this timestamp 
+	  The timestamp of the packet. The presentation format of this timestamp
 	  can be changed, see <xref linkend="ChWorkTimeFormatsSection"/>.
 	  </para>
 	</listitem>
 	<listitem>
 	  <para><command>Source</command>
-	  The address where this packet is coming from. 
+	  The address where this packet is coming from.
 	  </para>
 	</listitem>
 	<listitem>
@@ -1912,14 +1925,14 @@
 	</itemizedlist>
     </para>
     <para>
-	There is a context menu (right mouse click) available, see details in 
+	There is a context menu (right mouse click) available, see details in
 	<xref linkend="ChWorkPacketListPanePopUpMenu"/>.
     </para>
-  </section> 	  
+  </section>
 
   <section id="ChUsePacketDetailsPaneSection"><title>The "Packet Details" pane</title>
     <para>
-      The packet details pane shows the current packet (selected in the "Packet List" 
+      The packet details pane shows the current packet (selected in the "Packet List"
 	  pane) in a more detailed form.
     <figure id="ChUseWiresharkDetailsPane">
       <title>The "Packet Details" pane</title>
@@ -1927,42 +1940,42 @@
     </figure>
     </para>
     <para>
-	This pane shows the protocols and protocol fields of the packet selected 
-	in the "Packet List" pane. The protocols and fields of the packet are 
-	displayed using a tree, which can be expanded and collapsed. 
-    </para>	
+	This pane shows the protocols and protocol fields of the packet selected
+	in the "Packet List" pane. The protocols and fields of the packet are
+	displayed using a tree, which can be expanded and collapsed.
+    </para>
     <para>
-	There is a context menu (right mouse click) available, see details in 
+	There is a context menu (right mouse click) available, see details in
 	<xref linkend="ChWorkPacketDetailsPanePopUpMenu"/>.
     </para>
     <para>
-	Some protocol fields are specially displayed. 
-    </para>	
+	Some protocol fields are specially displayed.
+    </para>
 	<itemizedlist>
 	<listitem>
     <para>
 	<command>Generated fields</command>
-	Wireshark itself will generate additional protocol fields which are 
-	surrounded by brackets. The information in these fields is derived from the 
-	known context to other packets in the capture file. For example, Wireshark 
-	is doing a sequence/acknowledge analysis of each TCP stream, 
+	Wireshark itself will generate additional protocol fields which are
+	surrounded by brackets. The information in these fields is derived from the
+	known context to other packets in the capture file. For example, Wireshark
+	is doing a sequence/acknowledge analysis of each TCP stream,
 	which is displayed in the [SEQ/ACK analysis] fields of the TCP protocol.
-    </para>	
+    </para>
 	</listitem>
 	<listitem>
-    <para>	
+    <para>
 	<command>Links</command>
-	If Wireshark detected a relationship to another packet in the capture file, 
-	it will generate a link to that packet. Links are underlined and displayed 
-	in blue. If double-clicked, Wireshark jumps to the corresponding packet. 
-    </para>	
+	If Wireshark detected a relationship to another packet in the capture file,
+	it will generate a link to that packet. Links are underlined and displayed
+	in blue. If double-clicked, Wireshark jumps to the corresponding packet.
+    </para>
 	</listitem>
 	</itemizedlist>
-  </section> 	  
+  </section>
 
   <section id="ChUsePacketBytesPaneSection"><title>The "Packet Bytes" pane</title>
     <para>
-      The packet bytes pane shows the data of the current packet (selected in the "Packet List" 
+      The packet bytes pane shows the data of the current packet (selected in the "Packet List"
 	  pane) in a hexdump style.
     <figure id="ChUseWiresharkBytesPane">
       <title>The "Packet Bytes" pane</title>
@@ -1970,20 +1983,20 @@
     </figure>
     </para>
     <para>
-	As usual for a hexdump, the left side shows the offset in the packet data, 
-	in the middle the packet data is shown in a hexadecimal representation and 
-	on the right the corresponding ASCII characters (or . if not appropriate) 
+	As usual for a hexdump, the left side shows the offset in the packet data,
+	in the middle the packet data is shown in a hexadecimal representation and
+	on the right the corresponding ASCII characters (or . if not appropriate)
 	are displayed.
     </para>
     <para>
-	There is a context menu (right mouse click) available, see details in 
+	There is a context menu (right mouse click) available, see details in
 	<xref linkend="ChWorkPacketBytesPanePopUpMenu"/>.
     </para>
     <para>
 	Depending on the packet data, sometimes more than one page is available,
-	e.g. when Wireshark has reassembled some packets into a single chunk of 
-	data, see <xref linkend="ChAdvReassemblySection"/>. In this case there are 
-	some additional tabs shown at the bottom of the pane to let you select 
+	e.g. when Wireshark has reassembled some packets into a single chunk of
+	data, see <xref linkend="ChAdvReassemblySection"/>. In this case there are
+	some additional tabs shown at the bottom of the pane to let you select
 	the page you want to see.
     <figure id="ChUseWiresharkBytesPaneTabs">
       <title>The "Packet Bytes" pane with tabs</title>
@@ -1996,18 +2009,18 @@
 	</para>
 	</note>
     <para>
-	The context menu (right mouse click) of the tab labels will show a list of 
-	all available pages. This can be helpful if the size in the pane is too 
+	The context menu (right mouse click) of the tab labels will show a list of
+	all available pages. This can be helpful if the size in the pane is too
 	small for all the tab labels.
     </para>
-  </section> 	  
+  </section>
 
   <section id="ChUseStatusbarSection"><title>The Statusbar</title>
     <para>
       The statusbar displays informational messages.
     </para>
     <para>
-	In general, the left side will show context related information, while the 
+	In general, the left side will show context related information, while the
 	right side will show the current number of packets.
     </para>
     <para>
@@ -2015,7 +2028,7 @@
       <title>The initial Statusbar</title>
       <graphic entityref="WiresharkStatusbarEmpty" format="PNG"/>
     </figure>
-	This statusbar is shown while no capture file is loaded, e.g. when 
+	This statusbar is shown while no capture file is loaded, e.g. when
 	Wireshark is started.
 	</para>
 	<para>
@@ -2023,18 +2036,18 @@
 		  <title>The Statusbar with a loaded capture file</title>
 		  <graphic entityref="WiresharkStatusbarLoaded" format="PNG"/>
 		</figure>
-		The left side shows information about the capture file, its 
+		The left side shows information about the capture file, its
 		name, its size and the elapsed time while it was being captured.
 	</para>
 	<para>
-		The right side shows the current number of packets in the 
+		The right side shows the current number of packets in the
 		capture file. The following values are displayed:
 	    <itemizedlist mark="bullet">
 	    <listitem>
 		<para><emphasis>P:</emphasis> the number of captured packets</para>
 	    </listitem>
 	    <listitem>
-		<para><emphasis>D:</emphasis> the number of packets currently being 
+		<para><emphasis>D:</emphasis> the number of packets currently being
 		displayed</para>
 	    </listitem>
 	    <listitem>
@@ -2047,17 +2060,17 @@
       <title>The Statusbar with a selected protocol field</title>
       <graphic entityref="WiresharkStatusbarSelected" format="PNG"/>
     </figure>
-		This is displayed if you have selected a protocol field from the 
-		"Packet Details" pane. 
+		This is displayed if you have selected a protocol field from the
+		"Packet Details" pane.
     </para>
     <tip><title>Tip!</title>
 	<para>
 		The value between the brackets (in this example
-		<command>arp.opcode</command>) can be used as a display filter string, 
+		<command>arp.opcode</command>) can be used as a display filter string,
 		representing the selected protocol field.
 	</para>
     </tip>
-  </section> 	  
+  </section>
 
 </chapter>
 <!-- End of WSUG Chapter 3 -->