1 <!-- EUG Chapter Three -->
4 <chapter id="ChapterUsing">
5 <title>User Interface</title>
6 <section id="ChUseIntroductionSection"><title>Introduction</title>
8 By now you have installed <application>Ethereal</application> and
9 are most likely keen to get started capturing your first packets. In
10 the next chapters we will explore:
14 How the Ethereal user interface works
19 How to capture packets in <application>Ethereal</application>
24 How to view packets in <application>Ethereal</application>
29 How to filter packets in <application>Ethereal</application>
34 ... and many other things!
41 <section id="ChUseStartSection"><title>Start Ethereal</title>
43 You can start Ethereal from your shell or window manager.
44 <tip><title>Tip!</title>
46 When starting Ethereal it's possible to specify optional settings using
47 the command line. See <xref linkend="ChCustCommandLine"/> for details.
50 <note><title>Note!</title>
52 In the following chapters, a lot of screenshots from Ethereal will be shown.
53 As Ethereal runs on many different platforms and there are different
54 versions of the underlying GUI toolkit (GTK 1.x / 2.x) used, your
55 screen might look different from the provided screenshots. But as there
56 are no real differences in functionality, these screenshots should still
63 <section id="ChUseMainWindowSection"><title>The Main window</title>
65 Lets look at Ethereal's user interface. <xref linkend="ChUseFig01"/> shows
66 Ethereal as you would usually see it after some packets captured or loaded
67 (how to do this will be described later).
68 <figure id="ChUseFig01">
69 <title>The Main window</title>
70 <graphic scale="100" entityref="EtherealThreePane1" format="PNG"/>
74 Ethereal's main window consist of parts that are commonly known from many
79 The <emphasis>menu</emphasis> (see <xref linkend="ChUseMenuSection"/>)
80 is used to start actions.
85 The <emphasis>main toolbar</emphasis> (see <xref linkend="ChUseMainToolbarSection"/>)
86 provides quick access to frequently used items from the menu.
91 The <emphasis>filter toolbar</emphasis> (see <xref linkend="ChUseFilterToolbarSection"/>)
92 provides a way to directly manipulate the currently used display filter
93 (see <xref linkend="ChWorkDisplayFilterSection"/>).
98 The <emphasis>packet list pane</emphasis> (see <xref linkend="ChUsePacketListPaneSection"/>)
99 displays a summary of each packet captured. By clicking on packets
100 in this pane you control what is displayed in the other two panes.
105 The <emphasis>packet details pane</emphasis> (see <xref linkend="ChUsePacketDetailsPaneSection"/>)
106 displays the packet selected in the packet list pane in more detail.
111 The <emphasis>packet bytes pane</emphasis> (see <xref linkend="ChUsePacketBytesPaneSection"/>)
112 displays the data from the packet selected in the packet list pane, and
113 highlights the field selected in the packet details pane.
118 The <emphasis>statusbar</emphasis> (see <xref linkend="ChUseStatusbarSection"/>)
119 shows some detailed information about the current program state and
124 <tip><title>Tip!</title>
126 The layout of the main window can be customized by changing preference settings.
127 See <xref linkend="ChCustGUILayoutPrefPage"/> for details!
133 <section id="ChUseMenuSection"><title>The Menu</title>
135 The Ethereal menu sits on top of the Ethereal window.
136 An example is shown in <xref linkend="ChUseEtherealMenu"/>.
138 <note><title>Note!</title>
140 Menu items will be greyed out if the corresponding feature isn't
141 available. For example, you cannot save a capture file if you didn't
142 capture or load any data before.
146 <figure id="ChUseEtherealMenu"><title>The Menu</title>
147 <graphic entityref="EtherealMenuOnly" format="PNG"/>
151 It contains the following items:
153 <varlistentry><term><command>File</command></term>
156 This menu contains tems to open and merge capture files,
157 save / print / export capture files in whole or in part,
158 and to quit from Ethereal. See <xref linkend="ChUseFileMenuSection"/>.
162 <varlistentry><term><command>Edit</command></term>
165 This menu contains items to find a packet, time reference or mark one
166 or more packets, set your preferences,
167 (cut, copy, and paste are not presently implemented).
168 See <xref linkend="ChUseEditMenuSection"/>.
172 <varlistentry><term><command>View</command></term>
174 <para>This menu controls the display of the captured data,
175 including the colorization of packets, zooming the font,
176 show a packet in a separate window, expand and collapse trees in packet details, ....
177 See <xref linkend="ChUseViewMenuSection"/>.
181 <varlistentry><term><command>Go</command></term>
183 <para>This menu contains items to go to a specific packet.
184 See <xref linkend="ChUseGoMenuSection"/>.
188 <varlistentry><term><command>Capture</command></term>
190 <para>This menu allows you to start and stop captures and to edit capture filters.
191 See <xref linkend="ChUseCaptureMenuSection"/>.
195 <varlistentry><term><command>Analyze</command></term>
198 This menu contains items to manipulate display filters, enable or
199 disable the dissection of protocols, configure user specified decodes
200 and follow a TCP stream.
201 See <xref linkend="ChUseAnalyzeMenuSection"/>.
205 <varlistentry><term><command>Statistics</command></term>
208 This menu contains menu-items to display various statistic windows,
209 including a summary of the packets that have been captured,
210 display protocol hierarchy statistics and much more.
211 See <xref linkend="ChUseStatisticsMenuSection"/>.
215 <varlistentry><term><command>Help</command></term>
218 This menu contains items to help the user, like access to some basic
219 help, a list of the supported protocols, manual pages, online access
220 to some of the webpages, and the usual about dialog.
221 See <xref linkend="ChUseHelpMenuSection"/>.
226 Each of these menu items is described in more detail in the sections
229 <tip><title>Tip!</title>
231 You can access menu items directly or by pressing the corresponding
232 accelerator keys, which are shown at the right side of the
233 menu. For example, you can press the Control (or Strg in german) and the K
234 keys together to open the capture dialog.
239 <section id="ChUseFileMenuSection"><title>The "File" menu</title>
241 The Ethereal file menu contains the fields shown in
242 <xref linkend="ChUseTabFile"/>.
244 <figure id="ChUseEtherealFileMenu">
245 <title>The "File" Menu</title>
246 <graphic entityref="EtherealFileMenu" format="PNG"/>
248 <table id="ChUseTabFile" frame="none"><title>File menu items</title>
250 <colspec colnum="1" colwidth="72pt"/>
251 <colspec colnum="2" colwidth="80pt"/>
254 <entry>Menu Item</entry>
255 <entry>Accelerator</entry>
256 <entry>Description</entry>
261 <entry><command>Open...</command></entry>
262 <entry>Ctrl+O</entry>
264 This menu item brings up the file open dialog box that
265 allows you to load a capture file for viewing. It is
266 discussed in more detail in <xref linkend="ChIOOpen"/>.
270 <entry><command>Open Recent</command></entry>
273 This menu item shows a submenu containing the recently opened
274 capture files. Clicking on one of the submenu items will open the
275 corresponding capture file directly.
279 <entry><command>Merge...</command></entry>
282 This menu item brings up the merge file dialog box that
283 allows you to merge a capture file into the currently loaded one.
284 It is discussed in more detail in <xref linkend="ChIOMergeSection"/>.
288 <entry><command>Close</command></entry>
289 <entry>Ctrl+W</entry>
291 This menu item closes the current capture. If you
292 haven't saved the capture, you will be asked to do so first
293 (this can be disabled by a preference setting).
297 <entry><command>------</command></entry>
302 <entry><command>Save</command></entry>
303 <entry>Ctrl+S</entry>
305 This menu item saves the current capture. If you
306 have not set a default capture file name (perhaps with
307 the -w <capfile> option), Ethereal pops up the
308 Save Capture File As dialog box (which is discussed
309 further in <xref linkend="ChIOSaveAs"/>).
313 If you have already saved the current capture, this
314 menu item will be greyed out.
319 You cannot save a live capture while it is in
320 progress. You must stop the capture in order to
326 <entry><command>Save As...</command></entry>
327 <entry>Shift+Ctrl+S</entry>
329 This menu item allows you to save the current capture
330 file to whatever file you would like. It pops up the
331 Save Capture File As dialog box (which is discussed
332 further in <xref linkend="ChIOSaveAs"/>).
336 <entry><command>------</command></entry>
341 <entry><command>Export > as "Plain Text" file...</command></entry>
344 This menu item allows you to export all, or some, of the packets in
345 the capture file to a plain ASCII text file.
346 It pops up the Ethereal Export dialog box (which is discussed further in
347 <xref linkend="ChIOExportPlainDialog"/>).
351 <entry><command>Export > as "PostScript" file...</command></entry>
354 This menu item allows you to export the (or some) of the packets in
355 the capture file to a PostScript file.
356 It pops up the Ethereal Export dialog box (which is discussed further in
357 <xref linkend="ChIOExportPSDialog"/>).
361 <entry><command>Export > as "PSML" file...</command></entry>
364 This menu item allows you to export the (or some) of the packets in
365 the capture file to a PSML (packet summary markup language) XML file.
366 It pops up the Ethereal Export dialog box (which is discussed further in
367 <xref linkend="ChIOExportPSMLDialog"/>).
371 <entry><command>Export > as "PDML" file...</command></entry>
374 This menu item allows you to export the (or some) of the packets in
375 the capture file to a PDML (packet details markup language) XML file.
376 It pops up the Ethereal Export dialog box (which is discussed further in
377 <xref linkend="ChIOExportPDMLDialog"/>).
381 <entry><command>Export > Selected Packet Bytes...</command></entry>
382 <entry>Ctrl+H</entry>
384 This menu item allows you to export the currently selected bytes
385 in the packet bytes pane to a binary file. It pops up the
386 Ethereal Export dialog box (which is discussed further in
387 <xref linkend="ChIOExportSelectedDialog"/>)
391 <entry><command>------</command></entry>
396 <entry><command>Print...</command></entry>
397 <entry>Ctrl+P</entry>
399 This menu item allows you to print all (or some of) the packets in
400 the capture file. It pops up the Ethereal Print dialog
401 box (which is discussed further in
402 <xref linkend="ChIOPrintSection"/>).
406 <entry><command>------</command></entry>
411 <entry><command>Quit</command></entry>
412 <entry>Ctrl+Q</entry>
414 This menu item allows you to quit from Ethereal.
415 Ethereal will ask to save your capture file if you haven't saved
416 it before (this can be disabled by a preference setting).
424 <section id="ChUseEditMenuSection"><title>The "Edit" menu</title>
426 The Ethereal Edit menu contains the fields shown in
427 <xref linkend="ChUseTabEdit"/>.
429 <figure id="ChUseEtherealEditMenu">
430 <title>The "Edit" Menu</title>
431 <graphic entityref="EtherealEditMenu" format="PNG"/>
433 <table id="ChUseTabEdit" frame="none">
434 <title>Edit menu items</title>
436 <colspec colnum="1" colwidth="72pt"/>
437 <colspec colnum="2" colwidth="80pt"/>
440 <entry>Menu Item</entry>
441 <entry>Accelerator</entry>
442 <entry>Description</entry>
447 <entry><command>Find Packet...</command></entry>
448 <entry>Ctrl+F</entry>
450 This menu item brings up a dialog box that allows you
451 to find a packet by many criteria.
452 There is further information on finding packets in
453 <xref linkend="ChWorkFindPacketSection"/>.
457 <entry><command>Find Next</command></entry>
458 <entry>Ctrl+N</entry>
460 This menu item tries to find the next packet matching the
461 settings from "Find Packet...".
465 <entry><command>Find Previous</command></entry>
466 <entry>Ctrl+B</entry>
468 This menu item tries to find the previous packet matching the
469 settings from "Find Packet...".
473 <entry><command>------</command></entry>
478 <entry><command>Time Reference > Set Time Reference</command></entry>
479 <entry>Ctrl+T</entry>
481 This menu item set a time reference on the currently selected
482 packet. See <xref linkend="ChWorkTimeReferencePacketSection"/> for more information
483 about the time referenced packets.
487 <entry><command>Time Reference > Find Next</command></entry>
490 This menu item tries to find the next time referenced packet.
494 <entry><command>Time Reference > Find Previous</command></entry>
497 This menu item tries to find the previous time referenced packet.
501 <entry><command>Mark Packet</command></entry>
502 <entry>Ctrl+M</entry>
504 This menu item "marks" the currently selected packet. See
505 <xref linkend="ChWorkMarkPacketSection"/> for details.
509 <entry><command>Mark All Packets</command></entry>
512 This menu item "marks" all packets.
516 <entry><command>Unmark All Packets</command></entry>
518 <entry><para>This menu item "unmarks" all marked packets.
522 <entry><command>------</command></entry>
527 <entry><command>Preferences...</command></entry>
528 <entry>Shift+Ctrl+P</entry>
530 This menu item brings up a dialog box that allows
531 you to set preferences for many parameters that control
532 Ethereal. You can also save your preferences so Ethereal
533 will use them the next time you start it. More detail
534 is provided in <xref linkend="ChCustPreferencesSection"/>.
542 <section id="ChUseViewMenuSection"><title>The "View" menu</title>
544 The Ethereal View menu contains the fields shown in
545 <xref linkend="ChUseTabView"/>.
547 <figure id="ChUseEtherealViewMenu">
548 <title>The "View" Menu</title>
549 <graphic entityref="EtherealViewMenu" format="PNG"/>
551 <table id="ChUseTabView" frame="none">
552 <title>View menu items</title>
554 <colspec colnum="1" colwidth="72pt"/>
555 <colspec colnum="2" colwidth="80pt"/>
558 <entry>Menu Item</entry>
559 <entry>Accelerator</entry>
560 <entry>Description</entry>
565 <entry><command>Main Toolbar</command></entry>
568 This menu item hides or shows the main toolbar, see
569 <xref linkend="ChUseMainToolbarSection"/>.
573 <entry><command>Filter Toolbar</command></entry>
576 This menu item hides or shows the filter toolbar, see
577 <xref linkend="ChUseFilterToolbarSection"/>.
581 <entry><command>Statusbar</command></entry>
584 This menu item hides or shows the statusbar, see
585 <xref linkend="ChUseStatusbarSection"/>.
589 <entry><command>------</command></entry>
594 <entry><command>Packet List</command></entry>
597 This menu item hides or shows the packet list pane, see
598 <xref linkend="ChUsePacketListPaneSection"/>.
602 <entry><command>Packet Details</command></entry>
605 This menu item hides or shows the packet details pane, see
606 <xref linkend="ChUsePacketDetailsPaneSection"/>.
610 <entry><command>Packet Bytes</command></entry>
613 This menu item hides or shows the packet bytes pane, see
614 <xref linkend="ChUsePacketBytesPaneSection"/>.
618 <entry><command>------</command></entry>
623 <entry><command>Time Display Format > Time of Day</command></entry>
626 Selecting this tells Ethereal to display time
627 stamps in time of day format, see
628 <xref linkend="ChWorkTimeFormatsSection"/>.
629 <note><title>Note!</title>
631 The fields "Time of Day", "Date and Time of
632 Day", "Seconds Since Beginning of Capture" and "Seconds Since
633 Previous Packet" are mutually exclusive.
639 <entry><command>Time Display Format > Date and Time of Day</command></entry>
642 Selecting this tells Ethereal to display the
643 time stamps in date and time of day format, see
644 <xref linkend="ChWorkTimeFormatsSection"/>.
648 <entry><command>Time Display Format > Seconds Since Beginning of Capture</command></entry>
651 Selecting this tells Ethereal to display time
652 stamps in seconds since beginning of capture format, see
653 <xref linkend="ChWorkTimeFormatsSection"/>.
657 <entry><command>Time Display Format > Seconds Since Previous Packet</command></entry>
660 Selecting this tells Ethereal to display time stamps in
661 seconds since previous packet format, see
662 <xref linkend="ChWorkTimeFormatsSection"/>.
666 <entry><command>Name Resolution > Resolve Name</command></entry>
669 This item allows you to trigger a name resolve of the current packet
670 only, see <xref linkend="ChAdvNameResolutionSection"/>.
674 <entry><command>Name Resolution > Enable for MAC Layer</command></entry>
677 This item allows you to control whether or not
678 Ethereal translates MAC addresses into names, see
679 <xref linkend="ChAdvNameResolutionSection"/>.
683 <entry><command>Name Resolution > Enable for Network Layer</command></entry>
686 This item allows you to control whether or not
687 Ethereal translates network addresses into names, see
688 <xref linkend="ChAdvNameResolutionSection"/>.
692 <entry><command>Name Resolution > Enable for Transport Layer</command></entry>
695 This item allows you to control whether or not
696 Ethereal translates transport addresses into names, see
697 <xref linkend="ChAdvNameResolutionSection"/>.
701 <entry><command>Auto Scroll in Live Capture</command></entry>
704 This item allows you to specify that Ethereal
705 should scroll the packet list pane as new packets come
706 in, so you are always looking at the last packet. If you
707 do not specify this, Ethereal simply adds new packets onto
708 the end of the list, but does not scroll the packet list
713 <entry><command>------</command></entry>
718 <entry><command>Zoom In</command></entry>
719 <entry>Ctrl++</entry>
721 Zoom into the packet data (increase the font size).
725 <entry><command>Zoom Out</command></entry>
726 <entry>Ctrl+-</entry>
728 Zoom out of the packet data (decrease the font size).
732 <entry><command>Normal Size</command></entry>
733 <entry>Ctrl+=</entry>
735 Set zoom level back to 100% (set font size back to normal).
739 <entry><command>------</command></entry>
744 <entry><command>Collapse All</command></entry>
747 Ethereal keeps a list of all the protocol subtrees
748 that are expanded, and uses it to ensure that the
749 correct subtrees are expanded when you display a packet.
750 This menu item collapses the tree view of all packets
755 <entry><command>Expand All</command></entry>
758 This menu item expands all subtrees in all packets in
763 <entry><command>Expand Tree</command></entry>
766 This menu item expands the currently selected subtree in the
771 <entry><command>------</command></entry>
776 <entry><command>Coloring Rules...</command></entry>
779 This menu item brings up a dialog box that allows you
780 to color packets in the packet list pane according to
781 filter expressions you choose. It can be very useful
782 for spotting certain types of packets, see
783 <xref linkend="ChCustColorizationSection"/>.
787 <entry><command>------</command></entry>
792 <entry><command>Show Packet in New Window</command></entry>
795 This menu item brings up the selected packet in a
796 separate window. The separate window shows only the
797 tree view and byte view panes.
801 <entry><command>Reload</command></entry>
802 <entry>Ctrl-R</entry>
804 This menu item allows you to reload the current
813 <section id="ChUseGoMenuSection"><title>The "Go" menu</title>
815 The Ethereal Go menu contains the fields shown in
816 <xref linkend="ChUseTabGo"/>.
818 <figure id="ChUseEtherealGoMenu">
819 <title>The "Go" Menu</title>
820 <graphic entityref="EtherealGoMenu" format="PNG"/>
822 <table id="ChUseTabGo" frame="none">
823 <title>Go menu items</title>
825 <colspec colnum="1" colwidth="72pt"/>
826 <colspec colnum="2" colwidth="80pt"/>
829 <entry>Menu Item</entry>
830 <entry>Accelerator</entry>
831 <entry>Description</entry>
836 <entry><command>Go to Packet...</command></entry>
837 <entry>Ctrl-G</entry>
839 This menu item brings up a dialog box that allows you
840 to specify a packet number, and then goes to that packet. See
841 <xref linkend="ChWorkGoToPacketSection"/> for details.
845 <entry><command>Go to Corresponding Packet</command></entry>
848 This menu item goes to the corresponding packet of the currently
849 selected protocol field. If the selected field doesn't correspond
850 to a packet, this item is greyed out.
854 <entry><command>------</command></entry>
859 <entry><command>First Packet</command></entry>
862 This menu item jumps to the first packet of the capture file.
866 <entry><command>Last Packet</command></entry>
869 This menu item jumps to the last packet of the capture file.
877 <section id="ChUseCaptureMenuSection"><title>The "Capture" menu</title>
879 The Ethereal Capture menu contains the fields shown in
880 <xref linkend="ChUseTabCap"/>.
882 <figure id="ChUseEtherealCaptureMenu">
883 <title>The "Capture" Menu</title>
884 <graphic entityref="EtherealCaptureMenu" format="PNG"/>
886 <table id="ChUseTabCap" frame="none">
887 <title>Capture menu items</title>
889 <colspec colnum="1" colwidth="72pt"/>
890 <colspec colnum="2" colwidth="80pt"/>
893 <entry>Menu Item</entry>
894 <entry>Accelerator</entry>
895 <entry>Description</entry>
900 <entry><command>Start...</command></entry>
901 <entry>Ctrl+K</entry>
903 This menu item brings up the Capture Options
904 dialog box (discussed further in
905 <xref linkend="ChCapCaptureOptions"/>) and allows you to
906 start capturing packets.
910 <entry><command>Stop</command></entry>
911 <entry>Ctrl+E</entry>
913 This menu item stops the currently running capture, see
914 <xref linkend="ChCapStopSection"/>) .
918 <entry><command>Interfaces ...</command></entry>
921 This menu item brings up a dialog box that shows what's going on
922 at the network interfaces Ethereal knows of, see
923 <xref linkend="ChCapInterfaceSection"/>) .
927 <entry><command>Capture Filters...</command></entry>
930 This menu item brings up a dialog box that allows you to
931 create and edit capture filters. You can name filters,
932 and you can save them for future use. More detail on
933 this subject is provided in
934 <xref linkend="ChWorkDefineFilterSection"/>
942 <section id="ChUseAnalyzeMenuSection"><title>The "Analyze" menu</title>
944 The Ethereal Analyze menu contains the fields shown in
945 <xref linkend="ChUseAnalyze"/>.
947 <figure id="ChUseEtherealAnalyzeMenu">
948 <title>The "Analyze" Menu</title>
949 <graphic entityref="EtherealAnalyzeMenu" format="PNG"/>
951 <table id="ChUseAnalyze" frame="none"><title>Analyze menu items</title>
953 <colspec colnum="1" colwidth="72pt"/>
954 <colspec colnum="2" colwidth="80pt"/>
957 <entry>Menu Item</entry>
958 <entry>Accelerator</entry>
959 <entry>Description</entry>
964 <entry><command>Display Filters...</command></entry>
967 This menu item brings up a dialog box that allows you
968 to create and edit display filters. You can name
969 filters, and you can save them for future use. More
970 detail on this subject is provided in
971 <xref linkend="ChWorkDefineFilterSection"/>
975 <entry><command>Apply as Filter > ...</command></entry>
978 These menu items will change the current display filter and apply
979 the changed filter immediately. Depending on the chosen menu item,
980 the current display filter string will be replaced or appended to
981 by the selected protocol field in the packet details pane.
985 <entry><command>Prepare a Filter > ...</command></entry>
988 These menu items will change the current display filter but won't
989 apply the changed filter. Depending on the chosen menu item,
990 the current display filter string will be replaced or appended to
991 by the selected protocol field in the packet details pane.
995 <entry><command>------</command></entry>
1000 <entry><command>Enabled Protocols...</command></entry>
1001 <entry>Shift+Ctrl+R</entry>
1003 This menu item allows the user to enable/disable protocol
1004 dissectors, see <xref linkend="ChAdvEnabledProtocols"/>
1008 <entry><command>Decode As...</command></entry>
1011 This menu item allows the user to force Ethereal to
1012 decode certain packets as a particular protocol, see
1013 <xref linkend="ChAdvDecodeAs"/>
1017 <entry><command>User Specified Decodes...</command></entry>
1020 This menu item allows the user to force Ethereal to
1021 decode certain packets as a particular protocol, see
1022 <xref linkend="ChAdvDecodeAsShow"/>
1026 <entry><command>------</command></entry>
1031 <entry><command>Follow TCP Stream</command></entry>
1034 This menu item brings up a separate window and displays
1035 all the TCP segments captured that are on the same TCP
1036 connection as a selected packet, see
1037 <xref linkend="ChAdvFollowTCPSection"/>
1045 <section id="ChUseStatisticsMenuSection"><title>The "Statistics" menu</title>
1047 The Ethereal Statistics menu contains the fields shown in
1048 <xref linkend="ChUseStatistics"/>.
1050 <figure id="ChUseEtherealStatisticsMenu">
1051 <title>The "Statistics" Menu</title>
1052 <graphic entityref="EtherealStatisticsMenu" format="PNG"/>
1055 All menu items will bring up a new window showing specific statistical
1058 <table id="ChUseStatistics" frame="none">
1059 <title>Statistics menu items</title>
1061 <colspec colnum="1" colwidth="72pt"/>
1062 <colspec colnum="2" colwidth="80pt"/>
1065 <entry>Menu Item</entry>
1066 <entry>Accelerator</entry>
1067 <entry>Description</entry>
1072 <entry><command>Summary</command></entry>
1075 Show information about the data captured, see <xref
1076 linkend="ChStatSummary"/>.
1080 <entry><command>Protocol Hierarchy</command></entry>
1083 Display a hierarchical tree of protocol statistics, see <xref
1084 linkend="ChStatHierarchy"/>.
1088 <entry><command>Conversations</command></entry>
1091 Display a list of conversations (traffic between two endpoints),
1092 see <xref linkend="ChStatConversationsWindow"/>.
1096 <entry><command>Endpoints</command></entry>
1099 Display a list of endpoints (traffic to/from an address), see
1100 <xref linkend="ChStatEndpointsWindow"/>.
1104 <entry><command>IO Graphs</command></entry>
1107 Display user specified graphs (e.g. the number of packets in the
1108 course of time), see <xref linkend="ChStatIOGraphs"/>.
1112 <entry><command>------</command></entry>
1117 <entry><command>Conversation List</command></entry>
1120 Display a list of conversations, obsoleted by the combined window
1121 of Conversations above, see
1122 <xref linkend="ChStatConversationListWindow"/>.
1126 <entry><command>Endpoint List</command></entry>
1129 Display a list of endpoints, obsoleted by the combined window
1130 of Endpoints above, see
1131 <xref linkend="ChStatEndpointListWindow"/>.
1135 <entry><command>Service Response Time</command></entry>
1138 Display the time between a request and the corresponding response, see
1139 <xref linkend="ChStatSRT"/>.
1143 <entry><command>------</command></entry>
1148 <entry><command>ANSI</command></entry>
1150 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1153 <entry><command>BOOTP-DHCP</command></entry>
1155 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1158 <entry><command>GSM</command></entry>
1160 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1163 <entry><command>HTTP</command></entry>
1165 <entry><para>HTTP request/response statistics, see <xref linkend="ChStatXXX"/></para></entry>
1168 <entry><command>ISUP Message Types</command></entry>
1170 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1173 <entry><command>ITU-T H.225</command></entry>
1175 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1178 <entry><command>MTP3</command></entry>
1180 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1183 <entry><command>ONC-RPC Programs</command></entry>
1185 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1188 <entry><command>RTP</command></entry>
1190 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1193 <entry><command>SIP</command></entry>
1195 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1198 <entry><command>TCP Stream Graph</command></entry>
1200 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1203 <entry><command>WAP-WSP</command></entry>
1205 <entry><para>See <xref linkend="ChStatXXX"/></para></entry>
1212 <section id="ChUseHelpMenuSection"><title>The "Help" menu</title>
1214 The Ethereal Help menu contains the fields shown in
1215 <xref linkend="ChUseHelp"/>.
1217 <figure id="ChUseEtherealHelpMenu">
1218 <title>The "Help" Menu</title>
1219 <graphic entityref="EtherealHelpMenu" format="PNG"/>
1221 <table id="ChUseHelp" frame="none">
1222 <title>Help menu items</title>
1224 <colspec colnum="1" colwidth="72pt"/>
1225 <colspec colnum="2" colwidth="80pt"/>
1228 <entry>Menu Item</entry>
1229 <entry>Accelerator</entry>
1230 <entry>Description</entry>
1235 <entry><command>Contents</command></entry>
1238 This menu item brings up a basic help system.
1242 <entry><command>Supported Protocols</command></entry>
1245 This menu item brings up a dialog box showing the supported
1246 protocols and protocol fields.
1250 <entry><command>Manual Pages > ...</command></entry>
1253 This menu item starts a Web browser showing one of the locally
1254 installed html manual pages.
1258 <entry><command>Ethereal Online > ...</command></entry>
1261 This menu item starts a Web browser showing the chosen
1263 <ulink url="&EtherealWebSite;">&EtherealWebSite;</ulink>.
1267 <entry><command>------</command></entry>
1272 <entry><command>About Ethereal</command></entry>
1275 This menu item brings up an information window that
1276 provides some information on Ethereal, such as the plugins, the
1283 <note><title>Note!</title>
1285 Calling a Web browser might be unsupported in your version of Ethereal.
1286 If this is the case, the corresponding menu items will be hidden.
1289 <note><title>Note!</title>
1291 If calling a Web browser fails on your machine, maybe because just nothing
1292 happens or the browser is started but no page is shown, have a look at the
1293 webbrowser setting in the preferences dialog.
1298 <section id="ChUseMainToolbarSection"><title>The "Main" toolbar</title>
1300 The main toolbar provides quick access to frequently used items from the
1301 menu. This toolbar cannot be customized by the user, but it can be hidden
1302 using the View menu, if the space on the screen is needed to show even
1306 As in the menu, only the items useful in the current program state will
1307 be available. The others will be greyed out (e.g. you cannot save a capture
1308 file if you haven't loaded one).
1309 <figure id="ChUseEtherealMainToolbar">
1310 <title>The "Main" toolbar</title>
1311 <graphic entityref="EtherealMainToolbar" format="PNG"/>
1314 <table id="ChUseMainToolbar" frame="none">
1315 <title>Main toolbar items</title>
1317 <colspec colnum="1" colwidth="40pt"/>
1318 <colspec colnum="2" colwidth="80pt"/>
1319 <colspec colnum="3" colwidth="80pt"/>
1322 <entry>Toolbar Icon</entry>
1323 <entry>Toolbar Item</entry>
1324 <entry>Corresponding Menu Item</entry>
1325 <entry>Description</entry>
1330 <entry><graphic entityref="EtherealToolbarCapture" format="PNG"/></entry>
1331 <entry><command>Start Capture...</command></entry>
1332 <entry>Capture/Start...</entry>
1334 This item brings up the Capture Options
1335 dialog box (discussed further in
1336 <xref linkend="ChCapCapturingSection"/>) and allows you to
1337 start capturing packets.
1339 <note><title>Note!</title>
1341 If a live capture is in progress, and you are using "Update List
1342 of Packets in Realtime", this icon will be replaced by the Stop
1344 <inlinegraphic entityref="EtherealToolbarStop" format="PNG"/>.
1349 <entry><graphic entityref="EtherealToolbarStop" format="PNG"/></entry>
1350 <entry><command>Stop Capture</command></entry>
1351 <entry>Capture/Stop</entry>
1353 This item stops the currently running live capture process
1354 <xref linkend="ChCapCapturingSection"/>).
1356 <note><title>Note!</title>
1358 This icon is shown if a live capture is in progress, and you are
1359 using "Update List of Packets in Realtime", otherwise the Start
1361 <inlinegraphic entityref="EtherealToolbarCapture" format="PNG"/>
1367 <entry><command>------</command></entry>
1372 <entry><graphic entityref="EtherealToolbarOpen" format="PNG"/></entry>
1373 <entry><command>Open...</command></entry>
1374 <entry>File/Open...</entry>
1376 This item brings up the file open dialog box that
1377 allows you to load a capture file for viewing. It is
1378 discussed in more detail in <xref linkend="ChIOOpen"/>.
1382 <entry><graphic entityref="EtherealToolbarSaveAs" format="PNG"/></entry>
1383 <entry><command>Save As...</command></entry>
1384 <entry>File/Save As...</entry>
1386 This item allows you to save the current capture file to whatever
1387 file you would like. It pops up the Save Capture File As dialog
1388 box (which is discussed further in <xref linkend="ChIOSaveAs"/>).
1390 <note><title>Note!</title>
1392 If you currently have a temporary capture file, the Save icon
1393 <inlinegraphic entityref="EtherealToolbarSave" format="PNG"/> will be
1399 <entry><graphic entityref="EtherealToolbarClose" format="PNG"/></entry>
1400 <entry><command>Close</command></entry>
1401 <entry>File/Close</entry>
1403 This item closes the current capture. If you
1404 have not saved the capture, you will be asked to save it first.
1408 <entry><graphic entityref="EtherealToolbarReload" format="PNG"/></entry>
1409 <entry><command>Reload</command></entry>
1410 <entry>View/Reload</entry>
1412 This item allows you to reload the current capture file.
1416 <entry><graphic entityref="EtherealToolbarPrint" format="PNG"/></entry>
1417 <entry><command>Print...</command></entry>
1418 <entry>File/Print...</entry>
1420 This item allows you to print all (or some of) the packets in
1421 the capture file. It pops up the Ethereal Print dialog
1422 box (which is discussed further in
1423 <xref linkend="ChIOPrintSection"/>).
1427 <entry><command>------</command></entry>
1432 <entry><graphic entityref="EtherealToolbarFind" format="PNG"/></entry>
1433 <entry><command>Find Packet...</command></entry>
1434 <entry>Edit/Find Packet...</entry>
1436 This item brings up a dialog box that allows you
1437 to find a packet. There is further information on finding packets
1438 in <xref linkend="ChWorkFindPacketSection"/>.
1442 <entry><graphic entityref="EtherealToolbarFindPrevious" format="PNG"/></entry>
1443 <entry><command>Find Previous</command></entry>
1444 <entry>Edit/Find Previous</entry>
1446 This item tries to find the previous packet, matching the
1447 settings from "Find Packet...".
1451 <entry><graphic entityref="EtherealToolbarFindNext" format="PNG"/></entry>
1452 <entry><command>Find Next</command></entry>
1453 <entry>Edit/Find Next</entry>
1455 This item tries to find the next packet, matching the
1456 settings from "Find Packet...".
1460 <entry><command>------</command></entry>
1465 <entry><graphic entityref="EtherealToolbarGoTo" format="PNG"/></entry>
1466 <entry><command>Go to Packet...</command></entry>
1467 <entry>Go/Go to Packet...</entry>
1469 This item brings up a dialog box that allows you
1470 to specify a packet number to go to that packet.
1474 <entry><graphic entityref="EtherealToolbarGoFirst" format="PNG"/></entry>
1475 <entry><command>Go To First Packet</command></entry>
1476 <entry>Go/First Packet</entry>
1478 This item jumps to the first packet of the capture file.
1482 <entry><graphic entityref="EtherealToolbarGoLast" format="PNG"/></entry>
1483 <entry><command>Go To Last Packet</command></entry>
1484 <entry>Go/Last Packet</entry>
1486 This item jumps to the last packet of the capture file.
1490 <entry><command>------</command></entry>
1495 <entry><graphic entityref="EtherealToolbarZoomIn" format="PNG"/></entry>
1496 <entry><command>Zoom In</command></entry>
1497 <entry>View/Zoom In</entry>
1499 Zoom into the packet data (increase the font size).
1503 <entry><graphic entityref="EtherealToolbarZoomOut" format="PNG"/></entry>
1504 <entry><command>Zoom Out</command></entry>
1505 <entry>View/Zoom Out</entry>
1507 Zoom out of the packet data (decrease the font size).
1511 <entry><graphic entityref="EtherealToolbarZoom100" format="PNG"/></entry>
1512 <entry><command>Normal Size</command></entry>
1513 <entry>View/Normal Size</entry>
1515 Set zoom level back to 100%.
1519 <entry><command>------</command></entry>
1524 <entry><graphic entityref="EtherealToolbarCaptureFilters" format="PNG"/></entry>
1525 <entry><command>Capture Filters...</command></entry>
1526 <entry>Capture/Capture Filters...</entry>
1528 This item brings up a dialog box that allows you to
1529 create and edit capture filters. You can name filters,
1530 and you can save them for future use. More detail on
1531 this subject is provided in
1532 <xref linkend="ChWorkDefineFilterSection"/>.
1536 <entry><graphic entityref="EtherealToolbarDisplayFilters" format="PNG"/></entry>
1537 <entry><command>Display Filters...</command></entry>
1538 <entry>Analyze/Display Filters...</entry>
1540 This item brings up a dialog box that allows you
1541 to create and edit display filters. You can name
1542 filters, and you can save them for future use. More
1543 detail on this subject is provided in
1544 <xref linkend="ChWorkDefineFilterSection"/>.
1548 <entry><graphic entityref="EtherealToolbarColoringRules" format="PNG"/></entry>
1549 <entry><command>Coloring Rules...</command></entry>
1550 <entry>View/Coloring Rules...</entry>
1552 This item brings up a dialog box that allows you
1553 color packets in the packet list pane according to
1554 filter expressions you choose. It can be very useful
1555 for spotting certain types of packets. More
1556 detail on this subject is provided in
1557 <xref linkend="ChCustColorizationSection"/>.
1561 <entry><graphic entityref="EtherealToolbarPreferences" format="PNG"/></entry>
1562 <entry><command>Preferences...</command></entry>
1563 <entry>Edit/Preferences</entry>
1565 This item brings up a dialog box that allows
1566 you to set preferences for many parameters that control
1567 Ethereal. You can also save your preferences so Ethereal
1568 will use them the next time you start it. More detail
1569 is provided in <xref linkend="ChCustPreferencesSection"/>
1577 <section id="ChUseFilterToolbarSection"><title>The "Filter" toolbar</title>
1579 The filter toolbar lets you quickly edit and apply display filters. More information on
1580 display filters is available in <xref linkend="ChWorkDisplayFilterSection"/>.
1581 <figure id="ChUseEtherealFilterToolbar">
1582 <title>The "Filter" toolbar</title>
1583 <graphic entityref="EtherealFilterToolbar" format="PNG"/>
1588 The leftmost button labeled "Filter:" can be clicked to
1589 bring up the filter construction dialog, described in <xref linkend="FiltersDialog"/>.
1594 The left middle text box provides an area to enter or edit display
1595 filter strings, see <xref linkend="ChWorkBuildDisplayFilterSection"/>
1596 . A syntax check of your filter string is done while you are typing.
1597 The background will turn red if you enter an incomplete or invalid
1598 string, and will become green when you enter a valid string. You can
1599 click on the pull down arrow to select a previously-entered filter
1600 string from a list. The entries in the pull down list will remain
1601 available even after a program restart.
1603 <note><title>Note!</title>
1605 After you've changed something in this field, don't forget to press
1606 the Apply button (or the Enter/Return key), to apply this filter
1607 string to the display.
1610 <note><title>Note!</title>
1612 This field is also where the current filter in effect is displayed.
1618 The middle button labeled "Add Expression..." opens a dialog box that lets
1619 you edit a display filter from a list of protocol fields, described in
1620 <xref linkend="ChWorkFilterAddExpressionSection"/>
1625 The right middle button labeled "Clear" resets the current
1626 display filter and clears the edit area.
1631 The rightmost button labeled "Apply" applies the current
1632 value in the edit area as the new display filter.
1637 <note><title>Note!</title>
1639 Applying a display filter on large capture files might take quite a long time!
1644 <section id="ChUsePacketListPaneSection"><title>The "Packet List" pane</title>
1646 The packet list pane displays all the packets in the current capture
1648 <figure id="ChUseEtherealListPane">
1649 <title>The "Packet List" pane</title>
1650 <graphic entityref="EtherealListPane" format="PNG"/>
1652 Each line in the packet list corrresponds to one packet in the capture
1653 file. If you select a line in this pane, more details will be displayed in
1654 the "Packet Details" and "Packet Bytes" panes.
1657 While dissecting a packet, Ethereal will place information from the
1658 protocol dissectors into the columns. As higher level protocols might
1659 overwrite information from lower levels, you will typically see the
1660 information from the highest possible level only.
1663 For example, let's look at a packet containing TCP inside IP inside
1664 an Ethernet packet. The Ethernet dissector will write its data (such as
1665 the Ethernet addresses), the IP dissector will overwrite this by its own
1666 (such as the IP addresses), the TCP dissector will overwrite the IP
1667 information, and so on.
1670 There are a lot of different columns available. Which columns are
1671 displayed can be selected by preference settings, see
1672 <xref linkend="ChCustGUIColumnsPrefPage"/>.
1675 The default columns will show:
1678 <para><command>No.</command>
1679 The number of the packet in the capture file. This number won't change,
1680 even if a display filter is used.
1684 <para><command>Time</command>
1685 The timestamp of the packet. The presentation format of this timestamp
1686 can be changed, see <xref linkend="ChWorkTimeFormatsSection"/>.
1690 <para><command>Source</command>
1691 The address where this packet is coming from.
1695 <para><command>Destination</command>
1696 The address where this packet is going to.
1700 <para><command>Protocol</command>
1701 The protocol name in a short (perhaps abbreviated) version.
1705 <para><command>Info</command>
1706 Additional information about the packet content.
1712 There is a context menu (right mouse click) available, see details in
1713 <xref linkend="ChWorkPacketListPanePopUpMenu"/>.
1717 <section id="ChUsePacketDetailsPaneSection"><title>The "Packet Details" pane</title>
1719 The packet details pane shows the current packet (selected in the "Packet List"
1720 pane) in a more detailed form.
1721 <figure id="ChUseEtherealDetailsPane">
1722 <title>The "Packet Details" pane</title>
1723 <graphic entityref="EtherealDetailsPane" format="PNG"/>
1727 This pane shows the protocols and protocol fields of the packet selected
1728 in the "Packet List" pane. The protocols and fields of the packet are
1729 displayed using a tree, which can be expanded and collapsed.
1732 There is a context menu (right mouse click) available, see details in
1733 <xref linkend="ChWorkPacketDetailsPanePopUpMenu"/>.
1736 Some protocol fields are specially displayed.
1741 <command>Generated fields</command>
1742 Ethereal itself will generate additional protocol fields which are
1743 surrounded by brackets. The information in these fields is derived from the
1744 known context to other packets in the capture file. For example, Ethereal
1745 is doing a sequence/acknowledge analysis of each TCP stream,
1746 which is displayed in the [SEQ/ACK analysis] fields of the TCP protocol.
1751 <command>Links</command>
1752 If Ethereal detected a relationship to another packet in the capture file,
1753 it will generate a link to that packet. Links are underlined and displayed
1754 in blue. If double-clicked, Ethereal jumps to the corresponding packet.
1760 <section id="ChUsePacketBytesPaneSection"><title>The "Packet Bytes" pane</title>
1762 The packet bytes pane shows the data of the current packet (selected in the "Packet List"
1763 pane) in a hexdump style.
1764 <figure id="ChUseEtherealBytesPane">
1765 <title>The "Packet Bytes" pane</title>
1766 <graphic entityref="EtherealBytesPane" format="PNG"/>
1770 As usual for a hexdump, the left side shows the offset in the packet data,
1771 in the middle the packet data is shown in a hexadecimal representation and
1772 on the right the corresponding ASCII characters (or . if not appropriate)
1776 There is a context menu (right mouse click) available, see details in
1777 <xref linkend="ChWorkPacketBytesPanePopUpMenu"/>.
1780 Depending on the packet data, sometimes more than one page is available,
1781 e.g. when Ethereal has reassembled some packets into a single chunk of
1782 data, see <xref linkend="ChAdvReassemblySection"/>. In this case there are
1783 some additional tabs shown at the bottom of the pane to let you select
1784 the page you want to see.
1785 <figure id="ChUseEtherealBytesPaneTabs">
1786 <title>The "Packet Bytes" pane with tabs</title>
1787 <graphic entityref="EtherealBytesPaneTabs" format="PNG"/>
1790 <note><title>Note!</title>
1792 The additional pages might contain data picked from multiple packets.
1796 The context menu (right mouse click) of the tab labels will show a list of
1797 all available pages. This can be helpful if the size in the pane is too
1798 small for all the tab labels.
1802 <section id="ChUseStatusbarSection"><title>The Statusbar</title>
1804 The statusbar displays informational messages.
1807 In general, the left side will show context related information, while the
1808 right side will show the current number of packets.
1811 <figure id="ChUseEtherealStatusbarEmpty">
1812 <title>The initial Statusbar</title>
1813 <graphic entityref="EtherealStatusbarEmpty" format="PNG"/>
1815 This statusbar is shown while no capture file is loaded, e.g. when
1816 Ethereal is started.
1819 <figure id="ChUseEtherealStatusbarLoaded">
1820 <title>The Statusbar with a loaded capture file</title>
1821 <graphic entityref="EtherealStatusbarLoaded" format="PNG"/>
1823 The left side shows information about the capture file, its
1824 name, its size and the elapsed time while it was being captured.
1827 The right side shows the current number of packets in the
1828 capture file. The following values are displayed:
1829 <itemizedlist mark="bullet">
1831 <para><emphasis>P:</emphasis> the number of captured packets</para>
1834 <para><emphasis>D:</emphasis> the number of packets currently being
1838 <para><emphasis>M:</emphasis> the number of marked packets</para>
1843 <figure id="ChUseEtherealStatusbarSelected">
1844 <title>The Statusbar with a selected protocol field</title>
1845 <graphic entityref="EtherealStatusbarSelected" format="PNG"/>
1847 This is displayed if you have selected a protocol field from the
1848 "Packet Details" pane.
1850 <tip><title>Tip!</title>
1852 The value between the brackets (in this example
1853 <command>arp.opcode</command>) can be used as a display filter string,
1854 representing the selected protocol field.
1860 <!-- End of EUG Chapter 3 -->
git.samba.org / obnox / wireshark / wip.git / blob