4 Ethereal - Interactively browse network traffic
9 S<[ B<-B> byte view height ]>
10 S<[ B<-b> bold font ]>
13 S<[ B<-i> interface ]>
16 S<[ B<-P> packet list height ]>
19 S<[ B<-T> tree view height ]>
20 S<[ B<-t> time stamp format ]>
26 B<Ethereal> is a network protocol analyzer based on the B<GTK+> GUI toolkit. It lets
27 you interactively browse packet data from a live network or from a B<pcap>
28 / B<tcpdump()> formatted capture file.
36 Sets the initial height of the byte view (bottom) pane
40 The bold font name used for packet fied display.
44 The default number of packets to read when capturing live data.
48 Prints the version and options and exits.
52 The name of the interface to use for live packet capture. It should match
53 one of the names listed in "B<netstat -i>" or "B<ifconfig -a>".
57 The font name used by B<Ethereal>.
61 Disable network object name resolution (such as hostname, TCP and UDP port
66 Sets the initial height of the packet list (top) pane
70 Read packet data from I<file>. Currently, B<Ethereal> only understands
71 B<pcap> / B<tcpdump> formatted files.
75 The default snapshot length to use when capturing live data. No more than
76 I<snaplen> bytes of each network packet will be read into memory, or saved
81 Sets the initial height of the tree view (top) pane
85 Sets the format of the packet timestamp displayed in the packet list
86 window. The format can be one of 'r' (relative), 'a' (absolute), or 'd'
87 (delta). The relative time is the time elapsed between the first packet
88 and the current packet. The absolute time is the actual date and time the
89 packet was captured. The delta time is the time since the previous packet
90 was captured. The default is relative.
94 Prints the version and exits.
98 Sets the default capture file name.
108 =item File:Open, File:Close, File:Reload
110 Open, close, or reload a capture file.
112 =item File:Print Packet
114 Print a description of each protocol header found in the packet, followed
115 by the packet data itself. Printing options can be set with the
116 I<Edit:Preferences> menu item.
120 Exits the application.
122 =item Edit:Preferences
124 Sets the packet printing and filter options (see L<"Preferences"> below).
128 Initiates a live packet capture (see L<"Capture Preferences"> below).
129 A temporary file will be created to hold the capture. The location of the
130 file can be chosen by setting your TMPDIR environment variable before
131 starting ethereal. Otherwise, the default TMPDIR location is system-dependent,
132 but is likely either /var/tmp or /tmp.
134 =item Tools:Follow TCP Stream
136 If you have a TCP packet selected, it will display the contents of the TCP
137 data stream in a separate window.
147 The main window is split into three panes. You can resize each pane using
148 a "thumb" at the right end of each divider line. Below the panes is a
149 strip that shows the file load progress, current filter, and informational
152 The top pane contains the list of network packets that you can scroll
153 through and select. The packet number, packet timestamp, source and
154 destination addresses, protocol, and description are printed for each
155 packet. An effort is made to display information as high up the protocol
156 stack as possible, e.g. IP addresses are displayed for IP packets, but the
157 MAC layer address is displayed for unknown packet types.
159 The middle pane contains a I<protocol tree> for the currently-selected
160 packet. The tree displays each field and its value in each protocol header
163 The lowest pane contains a hex dump of the actual packet data.
164 Selecting a field in the I<protocol tree> highlights the corresponding
165 bytes in this section.
167 A display filter can be entered into the strip at the bottom. It must
168 have the same format as B<tcpdump> filter strings, since both programs use
169 the same underlying library. A filter for HTTP, HTTPS, and DNS traffic
170 might look like this:
172 tcp port 80 or tcp port 443 or port 53
174 Selecting the I<Filter:> button lets you choose from a list of named
175 filters that you can optionally save.
179 The I<Preferences> dialog lets you select the output format of packets
180 printed using the I<File:Print Packet> menu item and configure
181 commonly-used filters.
185 =item Printing Preferences
187 The radio buttons at the top of the I<Printing> page allow you choose
188 between printing the packets as text or PostScript, and sending the
189 output directly to a command or saving it to a file. The I<Command:> text
190 entry box is the command to send files to (usually B<lpr>), and the
191 I<File:> entry box lets you enter the name of the file you wish to save
192 to. Additinally, you can select the I<File:> button to browse the file
193 system for a particular save file.
195 =item Filter Preferences
197 The I<Filters> page lets you create and modify filters, and set the
198 default filter to use when capturing data or opening a capture file.
200 The I<Filter name> entry specifies a descriptive name for a filter, e.g.
201 B<Web and DNS traffic>. The I<Filter string> entry is the text that
202 actually describes the filtering action to take, as described above.The
203 dialog buttons perform the following actions:
209 If there is text in the two entry boxes, it creates a new associated list
214 Modifies the currently selected list item to match what's in the entry
219 Makes a copy of the currently selected list item.
223 Deletes the currently selected list item.
227 Sets the currently selected list item as the active filter. If nothing
228 is selected, turns filtering off.
232 Saves the current filter list in F<$HOME/.ethereal/filters>.
236 Closes the dialog without making any changes.
240 =item Column Preferences
242 The I<Columns> page lets you specify the number, title, and format
243 of each column in the packet list.
245 The I<Column title> entry is used to specify the title of the column
246 displayed at the top of the packet list. The type of data that the column
247 displays can be specified using the I<Column format> option menu. The row
248 of buttons on the left perform the following actions:
254 Adds a new column to the list.
258 Modifies the currently selected list item.
262 Deletes the currently selected list item.
266 Moves the selected list item up or down one position.
270 Currently has no effect.
274 Saves the current column format as the default.
278 Closes the dialog without making any changes.
284 =item Capture Preferences
286 The I<Capture Preferences> dialog lets you specify various parameters for
287 capturing live packet data.
289 The I<Interface:> entry box lets you specify the interface from which to
290 capture packet data. The I<Count:> entry specifies the number of packets
291 to capture. Entering 0 will capture packets indefinitely. The I<Filter:>
292 entry lets you specify the capture filter using a tcpdump-style filter
293 string as described above. The I<File:> entry specifies the file to save
294 to, as in the I<Printer Options> dialog above. You can choose to open the
295 file after capture, and you can also specify the maximum number of bytes
296 to capture per packet with the I<Capture length> entry.
302 L<tcpdump(1)>, L<pcap(3)>
306 The latest version of B<ethereal> can be found at
307 B<http://ethereal.zing.org>.
313 Gerald Combs <gerald@zing.org>
318 Gilbert Ramirez <gramirez@tivoli.com>
319 Hannes R. Boehm <hannes@boehm.org>
320 Mike Hall <mlh@io.com>
321 Bobo Rajec <bobo@bsp-consulting.sk>
322 Laurent Deniel <deniel@worldnet.fr>
323 Don Lafontaine <lafont02@cn.ca>
324 Guy Harris <guy@netapp.com>
325 Simon Wilkinson <sxw@dcs.ed.ac.uk>
326 Joerg Mayer <jmayer@telemation.de>
327 Martin Maciaszek <fastjack@i-s-o.net>
328 Didier Jorand <Didier.Jorand@alcatel.fr>
329 Jun-ichiro itojun Hagino <itojun@iijlab.net>
330 Richard Sharpe <sharpe@ns.aus.com>
332 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
333 permission to use his version of snprintf.c.
335 Dan Lasley <dlasley@promus.com> gave permission for his dumpit() hex-dump
git.samba.org / obnox / wireshark / wip.git / blob