From 6428c5d2084ace309a0a672515f1ab04d3da7f1d Mon Sep 17 00:00:00 2001 From: Ulf Lamping Date: Fri, 17 Jun 2005 01:27:52 +0000 Subject: updated to latest Ethereal GUI svn path=/trunk/; revision=14675 --- docbook/eug_src/EUG_chapter_customize.xml | 162 ++++++++++++++++++------------ 1 file changed, 97 insertions(+), 65 deletions(-) (limited to 'docbook') diff --git a/docbook/eug_src/EUG_chapter_customize.xml b/docbook/eug_src/EUG_chapter_customize.xml index 8fb4534623..42e842ea65 100644 --- a/docbook/eug_src/EUG_chapter_customize.xml +++ b/docbook/eug_src/EUG_chapter_customize.xml @@ -17,7 +17,12 @@ - How to colorize the Ethereal display + How to colorize the packet list + + + + + How to control protocol dissection @@ -45,22 +50,24 @@ Help information available from Ethereal -This is GNU ethereal 0.10.5 -Compiled with GTK+ 2.4.3, with GLib 2.4.2, with WinPcap (version unknown), -with libz 1.2.1, with libpcre 4.4, with Net-SNMP 5.1, with ADNS. +This is GNU ethereal 0.10.11 + (C) 1998-2005 Gerald Combs <gerald@ethereal.com> +Compiled with GTK+ 2.4.14, with GLib 2.4.7, with WinPcap (version unknown), +with libz 1.2.2, with libpcre 4.4, with Net-SNMP 5.1.2, with ADNS. -Running with WinPcap version 3.0 (packet.dll version 3, 1, 0, 20), based -on libpcap version 0.8 on Windows XP Service Pack 1, build 2600. +Running with WinPcap version 3.1 beta4 (packet.dll version 3, 1, 0, 24), based o +n libpcap version 0.8.3 on Windows XP Service Pack 1, build 2600. ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - [ -b <number of ringbuffer files>[:<duration>] ] - [ -B <byte view height> ] [ -c <count> ] [ -f <capture filter> ] - [ -i <interface> ] [ -m <medium font> ] [ -N <resolving> ] - [ -o <preference setting> ] ... [ -P <packet list height> ] - [ -r <infile> ] [ -R <read filter> ] [ -s <snaplen> ] - [ -t <time stamp format> ] [ -T <tree view height> ] - [ -w <savefile> ] [ -y <link type> ] [ -z <statistics string> ] - [ <infile> ] + [ -b <capture ring buffer option> ] ...] [ -B capture buffer size (Win32 only) ] + [ -c <capture packet count> ] [ -f <capture filter> ] + [ -g <packet number> ] + [ -i <capture interface> ] [ -m <font> ] [ -N <name resolving flags> ] + [ -o <preference/recent setting> ] ... + [ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ] + [ -t <time stamp format> ] + [ -w <savefile> ] [ -y <capture link type> ] [ -z <statistics> ] + [ <infile> ] @@ -81,22 +88,31 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... to a capture file. The criterion is of the form test:value, where test is one of: - duration + duration:value Stop writing to a capture file after value of seconds have elapsed. - filesize + filesize:value Stop writing to a capture file after it reaches a size of value - kilobytes (where a kilobyte is 1000 bytes, not 1024 bytes). + kilobytes (where a kilobyte is 1000 bytes, not 1024 bytes). If + this option is used together with the -b option, Ethereal will + stop writing to the current capture file and switch to the next + one if filesize is reached. + + + files:value + + Stop writing to capture files after value number of files were + written. - -b <number of ringbuffer files> + -b <capture ring buffer option> If a maximum capture file size was specified, cause Ethereal to run @@ -117,17 +133,41 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... the next file when the specified number of seconds has elapsed even if the current file is not completely fills up. + + + duration:value + + Switch to the next file after value seconds have elapsed, even + if the current file is not completely filled up. + + + filesize:value + + Switch to the next file after it reaches a size of value kilobytes + (where a kilobyte is 1000 bytes, not 1024 bytes). + + + files:value + + Begin again with the first file after value number of files were + written (form a ring buffer). + + + + - -B <byte view height> + -B <capture buffer size (Win32 only)> - This option sets the initial height of the "Packet Bytes" pane. - This pane is usually the bottom pane in the Ethereal display. + Win32 only: set capture buffer size (in MB, default is 1MB). This + is used by the the capture driver to buffer packet data until that + data can be written to disk. If you encounter packet drops while + capturing, try to increase this size. - -c <count> + -c <capture packet count> This option specifies the maximum number of packets to capture @@ -144,6 +184,14 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... + -g <packet number> + + + After reading in a capture file using the -r flag, go to the given + packet number. + + + -h @@ -152,7 +200,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - -i <interface> + -i <capture interface> The -i option allows you to specify, @@ -198,7 +246,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - -m <medium font> + -m <font> This option sets the name of the font used for most text @@ -214,7 +262,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - -N <resolving> + -N <name resolving flags> Turns on name resolving for particular types of addresses @@ -229,14 +277,14 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - -o <preference settings> + -o <preference/recent settings> - Sets a preference value, overriding the default value and - any value read from a preference file. The argument to the + Sets a preference or recent value, overriding the default value and + any value read from a preference/recent file. The argument to the flag is a string of the form prefname:value, where prefname is the name of the preference (which is the same name that - would appear in the preference file), and value is the value + would appear in the preference/recent file), and value is the value to which it should be set. Multiple instances of -o <preference settings> can be given on a single command line. @@ -275,15 +323,6 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - - -P <packet list height> - - - This option sets the initial height of the "Packet List" pane, - ie, the top pane. - - - -Q @@ -303,7 +342,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - -R <read filter> + -R <read (display) filter> This option specifies a display filter to be applied when @@ -314,7 +353,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - -s <snaplen> + -s <capture snaplen> This option specifies the snapshot length to use when @@ -369,14 +408,6 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - - -T <tree view height> - - - This option sets the initial height of the "Packet Details" pane. - - - -v @@ -393,7 +424,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - -y <link type> + -y <capture link type> If a capture is started from the command line with -k, set the data @@ -418,20 +449,21 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ...
Packet colorization A very useful mechanism available in Ethereal is packet colorization. - You can set Ethereal up so that it colorizes packets according to a - filter. This allows you to emphasize the packets you are interested in. + You can set-up Ethereal so that it will colorize packets according to a + filter. This allows you to emphasize the packets you are usually + interested in. - - Note! + + Tip! You will find a lot of Coloring Rule examples at the Ethereal Wiki Coloring Rules page at &EtherealWikiColoringRulesPage;. - + To colorize packets, select the Coloring Rules... menu item from - the View menu, and Ethereal will pop up the "Coloring Rules" + the View menu, Ethereal will pop up the "Coloring Rules" dialog box as shown in .
@@ -445,7 +477,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... Note! - You will need to carefully select the order that rules are listed + You will need to carefully select the order the coloring rules are listed (and thus applied) as they are applied in order from top to bottom. So, more specific rules need to be listed before more general rules. For example, if you have a color rule for UDP before the one for DNS, @@ -506,11 +538,10 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ...
Control Protocol dissection - There are some ways, to let the user control how protocols are - dissected. + The user can control how protocols are dissected. - Each protocol has its own dissector, so dissecting a packet will + Each protocol has its own dissector, so dissecting a complete packet will typically involve several dissectors. As Ethereal tries to find the right dissector for each packet (using static "routes" and heuristics "guessing"), it might choose the wrong dissector in your specific @@ -554,8 +585,8 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... Warning! You have to use the Save button to save your settings. The OK or Apply - buttons will not save your changes, so they will be lost when Ethereal - is closed. + buttons will not save your changes permanently, so they will be lost + when Ethereal is closed. @@ -607,7 +638,7 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... The "Decode As" functionality let you temporarily divert specific protocol dissections. This might be useful for example, if you do some - uncommon things on your network. + uncommon experiments on your network.
@@ -636,9 +667,10 @@ ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ... - Link/Network/Transport Specify the way to decode - packets. Which of these pages are available, depends on the content - of the selected packet when this dialog box was opened. + Link/Network/Transport Specify the network layer + at which "Decode As" should take place. Which of these pages are + available, depends on the content of the selected packet when this + dialog box was opened. -- cgit v1.2.3