7 files changed, 250 insertions, 47 deletions

diff --git a/docbook/Makefile.common b/docbook/Makefile.common
index 058f8f7f2a..519d6cfcd1 100644
--- a/docbook/Makefile.common
+++ b/docbook/Makefile.common
@@ -31,6 +31,9 @@ WSUG_GRAPHICS =	\
 	wsug_graphics/ws-capture-interfaces-win32.png	\
 	wsug_graphics/ws-capture-menu.png		\
 	wsug_graphics/ws-capture-options.png		\
+	wsug_graphics/ws-capture-options-remote-capture.png	\
+	wsug_graphics/ws-capture-options-remote-interface.png	\
+	wsug_graphics/ws-capture-options-remote-settings.png	\
 	wsug_graphics/ws-capture-preferences.png	\
 	wsug_graphics/ws-choose-color-rule.png		\
 	wsug_graphics/ws-coloring-fields.png		\
diff --git a/docbook/user-guide.xml b/docbook/user-guide.xml
index d19114685c..8e6b457072 100644
--- a/docbook/user-guide.xml
+++ b/docbook/user-guide.xml
@@ -30,7 +30,6 @@ BIOGRAPHICAL SECTION
   <!ENTITY AuthorOtherName4 "Enrique">
   <!ENTITY AuthorSurname4 "Garcia Ontanon">
 
-
 <!--Author's Affiliation -->
   <!ENTITY AuthorShortAffiliation "">
   <!ENTITY AuthorJobTitle "">
@@ -56,10 +55,6 @@ BIOGRAPHICAL SECTION
   <!ENTITY AuthorOrgDiv4 "">
   <!ENTITY AuthorEmail4 "luis [at] ontanon.org">
 
-
-
-  
-
 <!--
 DOCUMENT SECTION
 -Use this section to encode all document information
@@ -85,7 +80,7 @@ DOCUMENT SECTION
 <!--
 Wireshark Info
 -->
-  <!ENTITY WiresharkCurrentVersion "1.2.0">
+  <!ENTITY WiresharkCurrentVersion "1.2">
   <!ENTITY WiresharkWebSite "http://www.wireshark.org">
   <!ENTITY WiresharkUsersGuidePage "&WiresharkWebSite;/docs/">
   <!ENTITY WiresharkDownloadPage "&WiresharkWebSite;/download.html">
@@ -100,11 +95,11 @@ Wireshark Info
   <!ENTITY WiresharkWikiDisplayFiltersPage "&WiresharkWikiPage;/DisplayFilters">
   <!ENTITY WiresharkWikiColoringRulesPage "&WiresharkWikiPage;/ColoringRules">
   <!ENTITY WiresharkWikiPreferencesPage "&WiresharkWikiPage;/Preferences">
+  <!ENTITY WiresharkWikiPcapNgPage "&WiresharkWikiPage;/Development/PcapNg">
 
   <!ENTITY WiresharkDevMailList "wireshark-dev[AT]wireshark.org">
   <!ENTITY WiresharkUsersMailList "wireshark-users[AT]wireshark.org">
 
-  
 <!--
 Winpcap Info
 -->
@@ -198,11 +193,6 @@ FILE SECTION
   <!ENTITY WiresharkBytesPanePopupMenu SYSTEM "./wsug_graphics/ws-bytes-pane-popup-menu.png" NDATA PNG>
   <!ENTITY WiresharkFilterAddExpression SYSTEM "./wsug_graphics/ws-filter-add-expression.png" NDATA PNG>
   <!ENTITY WiresharkFilters2 SYSTEM "./wsug_graphics/ws-filters-2.png" NDATA PNG>
-  <!ENTITY WiresharkCaptureInterfacesDialog SYSTEM "./wsug_graphics/ws-capture-interfaces.png" NDATA PNG>
-  <!ENTITY WiresharkCaptureInterfacesDialogWin32 SYSTEM "./wsug_graphics/ws-capture-interfaces-win32.png" NDATA PNG>
-  <!ENTITY WiresharkCaptureOptionsDialog SYSTEM "./wsug_graphics/ws-capture-options.png" NDATA PNG>
-  <!ENTITY WiresharkCaptureInterfaceDetailsDialog SYSTEM "./wsug_graphics/ws-capture-interface-details.png" NDATA PNG>
-  <!ENTITY WiresharkCaptureInfoDialog SYSTEM "./wsug_graphics/ws-capture-info.png" NDATA PNG>
   <!ENTITY WiresharkTimeReference SYSTEM "./wsug_graphics/ws-time-reference.png" NDATA PNG>
   <!ENTITY WiresharkEnabledProtocols SYSTEM "./wsug_graphics/ws-enabled-protocols.png" NDATA PNG>
   <!ENTITY WiresharkDecodeAs SYSTEM "./wsug_graphics/ws-decode-as.png" NDATA PNG>
@@ -254,6 +244,16 @@ FILE SECTION
   <!ENTITY WiresharkStatsSrtDcerpcFilter SYSTEM "./wsug_graphics/ws-stats-srt-dcerpc-filter.png" NDATA PNG>
   <!ENTITY WiresharkStatsSrtDcerpc SYSTEM "./wsug_graphics/ws-stats-srt-dcerpc.png" NDATA PNG>
 
+  <!-- Fourth Chapter -->
+  <!ENTITY WiresharkCaptureInterfacesDialog SYSTEM "./wsug_graphics/ws-capture-interfaces.png" NDATA PNG>
+  <!ENTITY WiresharkCaptureInterfacesDialogWin32 SYSTEM "./wsug_graphics/ws-capture-interfaces-win32.png" NDATA PNG>
+  <!ENTITY WiresharkCaptureOptionsDialog SYSTEM "./wsug_graphics/ws-capture-options.png" NDATA PNG>
+  <!ENTITY WiresharkCaptureInterfaceDetailsDialog SYSTEM "./wsug_graphics/ws-capture-interface-details.png" NDATA PNG>
+  <!ENTITY WiresharkCaptureInfoDialog SYSTEM "./wsug_graphics/ws-capture-info.png" NDATA PNG>
+  <!ENTITY WiresharkCaptureOptionsRemoteInterfacesDialog SYSTEM "./wsug_graphics/ws-capture-options-remote-interface.png" NDATA PNG>
+  <!ENTITY WiresharkCaptureOptionsRemoteCaptureDialog SYSTEM "./wsug_graphics/ws-capture-options-remote-capture.png" NDATA PNG>
+  <!ENTITY WiresharkCaptureOptionsRemoteSettingsDialog SYSTEM "./wsug_graphics/ws-capture-options-remote-settings.png" NDATA PNG>
+
   <!-- Fifth Chapter -->
   <!ENTITY WiresharkOpenDialog20 SYSTEM "./wsug_graphics/ws-open-gtk20.png" NDATA PNG> 
   <!ENTITY WiresharkSaveAsDialog20 SYSTEM "./wsug_graphics/ws-save-as-gtk20.png" NDATA PNG>
@@ -274,6 +274,7 @@ FILE SECTION
   <!ENTITY WiresharkPrint SYSTEM "./wsug_graphics/ws-print.png" NDATA PNG>
   <!ENTITY WiresharkPacketRangeFrame SYSTEM "./wsug_graphics/ws-packet-range.png" NDATA PNG>
   <!ENTITY WiresharkPacketFormatFrame SYSTEM "./wsug_graphics/ws-packet-format.png" NDATA PNG>
+
   <!-- Sixth Chapter -->
 
   <!-- Appendices etc -->
@@ -300,31 +301,27 @@ FILE SECTION
   <!ENTITY AppProtocols SYSTEM   "wsug_src/WSUG_app_protocols.xml">
   <!ENTITY AppHowItWorks SYSTEM "wsug_src/WSUG_app_howitworks.xml">
   <!ENTITY AppTools SYSTEM "wsug_src/WSUG_app_tools.xml">
-  <!ENTITY AppGPL SYSTEM    "GPL_appendix.xml">
-
+  <!ENTITY AppGPL SYSTEM "GPL_appendix.xml">
 
 <!--
 WSLua Reference Manual
 -->
-
-  	<!ENTITY WsLuaRm SYSTEM "wsluarm.xml">
-  	<!ENTITY WsLuaDumper SYSTEM "wsluarm_src/wslua_dumper.xml">
-	<!ENTITY WsLuaField SYSTEM "wsluarm_src/wslua_field.xml">
-	<!ENTITY WsLuaGui SYSTEM "wsluarm_src/wslua_gui.xml">
-	<!ENTITY WsLuaListener SYSTEM "wsluarm_src/wslua_listener.xml">
-	<!ENTITY WsLuaPinfo SYSTEM "wsluarm_src/wslua_pinfo.xml">
-	<!ENTITY WsLuaProto SYSTEM "wsluarm_src/wslua_proto.xml">
-	<!ENTITY WsLuaTree SYSTEM "wsluarm_src/wslua_tree.xml">
-	<!ENTITY WsLuaTvb SYSTEM "wsluarm_src/wslua_tvb.xml">
-	<!ENTITY WsLuaUtility SYSTEM "wsluarm_src/wslua_util.xml">
+  <!ENTITY WsLuaRm SYSTEM "wsluarm.xml">
+  <!ENTITY WsLuaDumper SYSTEM "wsluarm_src/wslua_dumper.xml">
+  <!ENTITY WsLuaField SYSTEM "wsluarm_src/wslua_field.xml">
+  <!ENTITY WsLuaGui SYSTEM "wsluarm_src/wslua_gui.xml">
+  <!ENTITY WsLuaListener SYSTEM "wsluarm_src/wslua_listener.xml">
+  <!ENTITY WsLuaPinfo SYSTEM "wsluarm_src/wslua_pinfo.xml">
+  <!ENTITY WsLuaProto SYSTEM "wsluarm_src/wslua_proto.xml">
+  <!ENTITY WsLuaTree SYSTEM "wsluarm_src/wslua_tree.xml">
+  <!ENTITY WsLuaTvb SYSTEM "wsluarm_src/wslua_tvb.xml">
+  <!ENTITY WsLuaUtility SYSTEM "wsluarm_src/wslua_util.xml">
 
 ]>
 
 <book>
   <title>&DocumentTitle;</title>
   <subtitle>&DocumentSubTitle;</subtitle>
-  <!--
-  -->
   &BookMetaInformation;
   &Preface;
   &ChapterIntroduction;
@@ -345,15 +342,11 @@ WSLua Reference Manual
   &AppTools;
   
   &AppGPL;
-  <!-- 
-  Removed, as these chapters must be reworked
+
+  <!--  Removed, as these chapters must be reworked
   &Glossary;
   &Index;
-  Removed, as this chapter is not finished 
   &AppHowItWorks;
-  Removed, as this chapter has to be reworked
   &ChapterTroubleshoot;   
   -->
-  
-
 </book>
diff --git a/docbook/wsug_graphics/ws-capture-options-remote-capture.png b/docbook/wsug_graphics/ws-capture-options-remote-capture.png
new file mode 100644
index 0000000000..d51b10f563
--- /dev/null
+++ b/docbook/wsug_graphics/ws-capture-options-remote-capture.png
diff --git a/docbook/wsug_graphics/ws-capture-options-remote-interface.png b/docbook/wsug_graphics/ws-capture-options-remote-interface.png
new file mode 100644
index 0000000000..b95fbbf268
--- /dev/null
+++ b/docbook/wsug_graphics/ws-capture-options-remote-interface.png
diff --git a/docbook/wsug_graphics/ws-capture-options-remote-settings.png b/docbook/wsug_graphics/ws-capture-options-remote-settings.png
new file mode 100644
index 0000000000..d222352348
--- /dev/null
+++ b/docbook/wsug_graphics/ws-capture-options-remote-settings.png
diff --git a/docbook/wsug_graphics/ws-capture-options.png b/docbook/wsug_graphics/ws-capture-options.png
index 2c3453301b..7b5d5b6dc4 100644
--- a/docbook/wsug_graphics/ws-capture-options.png
+++ b/docbook/wsug_graphics/ws-capture-options.png
diff --git a/docbook/wsug_src/WSUG_chapter_capture.xml b/docbook/wsug_src/WSUG_chapter_capture.xml
index de9b4c91a1..eb769f7059 100644
--- a/docbook/wsug_src/WSUG_chapter_capture.xml
+++ b/docbook/wsug_src/WSUG_chapter_capture.xml
@@ -273,7 +273,7 @@ wireshark -i eth0 -k
       </para>
       <figure id="ChCapCaptureOptionsDialog">
 	<title>The "Capture Options" dialog box</title>
-	<graphic entityref="WiresharkCaptureOptionsDialog" format="JPG"/>
+	<graphic entityref="WiresharkCaptureOptionsDialog"/>
       </figure>
 	<tip><title>Tip!</title>
 	<para>
@@ -286,20 +286,32 @@ wireshark -i eth0 -k
 	</para>
 	<section><title>Capture frame</title>
 	<variablelist>
+	  <varlistentry><term><command>Interface (Windows only)</command></term>
+	    <listitem>
+	      <para>
+		The drop down list allows you to select the group of interfaces you
+		want look at. Normally that would be the local interfaces, but here you
+		can also select a remote interface. Any previously opened remote
+		interfaces will be added to this list also.
+	      </para>
+	    </listitem>
+	  </varlistentry>
 	  <varlistentry><term><command>Interface</command></term>
 	    <listitem>
 	      <para>
-		This field specifies the interface you want to capture on. 
-		You can only capture on one interface, and you can only 
-		capture on interfaces that Wireshark has found on the 
-		system. It is a drop-down list, so simply click on the 
-		button on the right hand side and select the interface you 
-		want. It defaults to the first non-loopback interface that 
-		supports capturing, and if there are none, the first 
-		loopback interface. On some systems, loopback interfaces 
-		cannot be used for capturing (loopback interfaces are not available 
-		on Windows platforms).
+		This field specifies the interface you want to capture on. You can
+		only capture on one interface, and you can only capture on interfaces
+		that Wireshark has found on the system, either local or remote. It is
+		a drop-down list, so simply click on the button on the right hand side
+		and select the interface you want. It defaults to the first
+		non-loopback interface that supports capturing, and if there are none,
+		the first loopback interface. On some systems, loopback interfaces
+		cannot be used for capturing
 	      </para>
+		  <note>
+		  <title>Note</title>
+		  <para>loopback interfaces are not available on Windows platforms.</para>
+		  </note>
 	      <para>
 		This field performs the same function as the 
 		<command>-i &lt;interface></command> command line option.
@@ -323,6 +335,14 @@ wireshark -i eth0 -k
 	      </para>
 	    </listitem>
 	  </varlistentry>
+	  <varlistentry><term><command>Remote setting (Windows only)</command></term>
+	    <listitem>
+	      <para>
+		Here you can set the settings for remote capture.
+		For a detailed description, see  <xref linkend="ChCapInterfaceRemoteSection"/>
+	      </para>
+      </listitem>
+	  </varlistentry>
 	  <varlistentry><term><command>Buffer size: n megabyte(s)</command></term>
 	    <listitem>
 	      <para>
@@ -354,7 +374,7 @@ wireshark -i eth0 -k
 		<para>
 		  If some other process has put the interface in 
 		  promiscuous mode you may be capturing in promiscuous 
-		  mode even if you turn off this option
+		  mode even if you turn off this option.
 		</para>
 	      </note>
 	      <note>
@@ -367,13 +387,33 @@ wireshark -i eth0 -k
 	      </note>
 	    </listitem>
 	  </varlistentry>
+	  <varlistentry>
+	    <term>
+	      <command>Capture packets in pcap-ng format</command>
+	    </term>
+	    <listitem>
+	      <para>
+		This checkbox allows you to specify that Wireshark saves the captured
+		packets in pcap-ng format. This next generation capture file format is
+		currently in development.
+	      </para>
+	      <warning>
+		<title>Warning</title>
+		<para>
+		This is an experimental feature. The resulting saved file may or may
+		not be valid. See <ulink url="&WiresharkWikiPcapNgPage;"/> for more
+		details on pcap-ng.
+		</para>
+	      </warning>
+	    </listitem>
+	  </varlistentry>
 	  <varlistentry><term><command>Limit each packet to n bytes</command></term>
 	    <listitem>
 	      <para>
 		This field allows you to specify the maximum amount of 
 		data that will be captured for each packet, and is 
 		sometimes referred to as the <command>snaplen</command>. If disabled, 
-		the default is 65535, which will be sufficient for most 
+		the value is set to the maximum 65535, which will be sufficient for most
 		protocols. Some rules of thumb:
 	      </para>
 		<itemizedlist>
@@ -606,7 +646,174 @@ wireshark -i eth0 -k
       </para>
     </section>
     </section>
-	
+
+    <section id="ChCapInterfaceRemoteSection">
+      <title>The "Remote Capture Interfaces" dialog box</title>
+      <para>
+	  Besides doing capture on local interfaces Wireshark is capable of
+	  reaching out across the network to a so called capture daemon or service
+	  processes to receive captured data from.
+      </para>
+      <note><title>Microsoft Windows only</title>
+      <para>
+	  This dialog and capability is only available on Microsoft Windows. On
+	  Linux/Unix you can achieve the same effect (securely) through an SSH
+	  tunnel.
+      </para>
+      </note>
+      <para>
+	  The Remote Packet Capture Protocol service must first be running on the
+	  target platform before Wireshark can connect to it. The easiest way is
+	  to install WinPcap from <ulink url="&WinPcapDownloadWebsite;"/> on the
+	  target. Once installation is completed go to the Services control panel,
+	  find the Remote Packet Capture Protocol service and start it.
+      </para>
+      <note><title>Note</title>
+      <para>
+	  Make sure you have outside access to port 2002 on the target platform.
+	  This is the port where the Remote Packet Capture Protocol service can
+	  be reached, by default.
+      </para>
+      </note>
+      <para>
+	  To access the Remote Capture Interfaces dialog use the Interfaces
+	  dropdown list on the "Capture Options" dialog, see
+	  <xref linkend="ChCapCaptureOptionsDialog"/>, and select "Remote...".
+      </para>
+      <section><title>Remote Capture Interfaces</title>
+      <figure id="ChCapInterfaceRemoteDialog">
+	<title>The "Remote Capture Interfaces" dialog box</title>
+	<graphic entityref="WiresharkCaptureOptionsRemoteInterfacesDialog" format="PNG"/>
+      </figure>
+      <para>
+	  You have to set the following parameter in this dialog:
+      </para>
+
+	<variablelist>
+	  <varlistentry><term><command>Host</command></term>
+	    <listitem>
+	      <para>
+		  Enter the IP address or host name of the target platform where the
+		  Remote Packet Capture Protocol service is listening.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Port</command></term>
+	    <listitem>
+	      <para>
+		  Set the port number where the Remote Packet Capture Protocol service
+		  is listening on. Leave open to use the default port (2002).
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Null authentication</command></term>
+	    <listitem>
+	      <para>
+		  Select this if you don't need authentication to take place for a
+		  remote capture to be started. This depends on the target platform.
+		  Configuring the target platform like this makes it insecure.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Password authentication</command></term>
+	    <listitem>
+	      <para>
+		  This is the normal way of connecting to a target platform. Set the
+		  credentials needed to connect to the Remote Packet Capture Protocol
+		  service.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	</variablelist>
+      </section>
+      <section><title>Remote Capture</title>
+      <para>
+	  When the connection to the Remote Packet Capture Protocol service is
+	  successfully established the "Capture Options" dialog looks like this,
+	  see <xref linkend="ChCapInterfaceRemoteCapDialog"/>.
+      </para>
+      <figure id="ChCapInterfaceRemoteCapDialog">
+	<title>The "Remote Capture" dialog box</title>
+	<graphic entityref="WiresharkCaptureOptionsRemoteCaptureDialog" format="PNG"/>
+      </figure>
+      <para>
+	  The Interface dropdown list now shows the IP address or host name of the
+	  Remote Packet Capture Protocol service and the other field shows the
+	  interfaces on the remote target. After selecting the desired interface
+	  just click <command>Start</command> to start the remote capture.
+      </para>
+      </section>
+      <section><title>Remote Capture Settings</title>
+      <para>
+	  The remote capture can be furhter fine tuned to match your situation.
+	  The <command>Remote Settings</command> button gives you this option.
+	  It pops up the dialog shown in
+	  <xref linkend="ChCapInterfaceRemoteSettingsDialog"/>.
+      </para>
+      <figure id="ChCapInterfaceRemoteSettingsDialog">
+	<title>The "Remote Capture Settings" dialog box</title>
+	<graphic entityref="WiresharkCaptureOptionsRemoteSettingsDialog" format="PNG"/>
+      </figure>
+      <para>
+	  You can set the following parameters in this dialog:
+      </para>
+	<variablelist>
+	  <varlistentry><term><command>Do not capture own RPCAP traffic</command></term>
+	    <listitem>
+	      <para>
+		  This option sets a capture filter so that the traffic flowing back
+		  from the Remote Packet Capture Protocol service to Wireshark isn't
+		  captured as well and also send back. The recursion in this saturates
+		  the link with duplicate traffic.
+	      </para>
+	      <para>
+		  You only should switch this off when capturing on an interface other
+		  then the interface connecting back to Wireshark.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Use UDP for data transfer</command></term>
+	    <listitem>
+	      <para>
+		  Remote capture control and data flows over a TCP connection. This
+		  option allows you to choose an UDP stream for data transfer.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Sampling option None</command></term>
+	    <listitem>
+	      <para>
+		  This option instructs the Remote Packet Capture Protocol service to
+		  send back all captured packets which have passed the capture filter.
+		  This is usually not a problem on a remote capture session with
+		  sufficient bandwidth.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Sampling option 1 of x packets</command></term>
+	    <listitem>
+	      <para>
+		  This option limits the Remote Packet Capture Protocol service to send
+		  only a sub sampling of the captured data, in terms of number of
+		  packets. This allows capture over a narrow band remote capture
+		  session of a higher bandwidth interface.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Sampling option 1 every x milliseconds</command></term>
+	    <listitem>
+	      <para>
+		  This option limits the Remote Packet Capture Protocol service to send
+		  only a sub sampling of the captured data, in terms of time. This
+		  allows capture over a narrow band capture session of a higher
+		  bandwidth interface.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	</variablelist>
+      </section>
+    </section>
+
     <section id="ChCapInterfaceDetailsSection">
       <title>The "Interface Details" dialog box</title>
       <para>