User ManualTable of ContentsEthereal User's Guide3Table of Contents4Preface81. Foreword82. Who should read this document?93. Acknowledgements104. About this document115. Where to get the latest copy of this document?126. Providing feedback about this document13Chapter 1. Introduction151.1. What is Ethereal?151.1.1. Some intended purposes151.1.2. Features151.1.3. Live capture from many different network media161.1.4. Import files from many other capture programs161.1.5. Export files for many other capture programs161.1.6. Many protocol decoders161.1.7. Open Source Software161.1.8. What Ethereal is not171.2. Platforms Ethereal runs on181.2.1. Unix181.2.2. Linux181.2.3. Microsoft Windows191.3. Where to get Ethereal?201.4. A rose by any other name211.5. A brief history of Ethereal221.6. Development and maintenance of Ethereal231.7. Reporting problems and getting help241.7.1. Website241.7.2. Wiki241.7.3. FAQ241.7.4. Mailing Lists241.7.5. Reporting Problems251.7.6. Reporting Crashes on UNIX/Linux platforms251.7.7. Reporting Crashes on Windows platforms26Chapter 2. Building and Installing Ethereal282.1. Introduction282.2. Obtaining the source and binary distributions292.3. Before you build Ethereal under UNIX302.4. Building Ethereal from source under UNIX332.5. Installing the binaries under UNIX352.5.1. Installing from rpm's under RedHat and alike352.5.2. Installing from deb's under Debian352.6. Troubleshooting during the install on Unix362.7. Building from source under Windows372.8. Installing Ethereal under Windows382.8.1. Install Ethereal382.8.1.1. Command line options382.8.1.2. Components382.8.2. Install WinPcap392.8.2.1. Manual WinPcap Installation402.8.3. Update Ethereal402.8.4. Update WinPcap402.8.5. Uninstall Ethereal402.8.6. Uninstall WinPcap41Chapter 3. User Interface433.1. Introduction433.2. Start Ethereal443.3. The Main window453.4. The Menu473.5. The "File" menu483.6. The "Edit" menu513.7. The "View" menu533.8. The "Go" menu563.9. The "Capture" menu583.10. The "Analyze" menu603.11. The "Statistics" menu623.12. The "Help" menu643.13. The "Main" toolbar663.14. The "Filter" toolbar693.15. The "Packet List" pane703.16. The "Packet Details" pane713.17. The "Packet Bytes" pane723.18. The Statusbar73Chapter 4. Capturing Live Network Data754.1. Introduction754.2. Prerequisites764.3. Start Capturing774.4. The "Capture Interfaces" dialog box784.5. The "Capture Options" dialog box794.5.1. Capture frame794.5.2. Capture File(s) frame814.5.3. Stop Capture... frame814.5.4. Display Options frame824.5.5. Name Resolution frame824.5.6. Buttons824.6. Capture files and file modes834.7. Link-layer header type854.8. Filtering while capturing864.9. While a Capture is running ...884.9.1. Stop the running capture884.9.2. Restart a running capture89Chapter 5. File Input / Output and Printing915.1. Introduction915.2. Open capture files925.2.1. The "Open Capture File" dialog box925.2.2. Input File Formats935.3. Saving captured packets955.3.1. The "Save Capture File As" dialog box955.3.2. Output File Formats975.4. Merging capture files985.4.1. The "Merge with Capture File" dialog box985.5. File Sets1005.5.1. The "List Files" dialog box1005.6. Exporting data1015.6.1. The "Export as Plain Text File" dialog box1015.6.2. The "Export as PostScript File" dialog box1015.6.3. The "Export as CSV (Comma Seperated Values) File" dialog box1025.6.4. The "Export as PSML File" dialog box1025.6.5. The "Export as PDML File" dialog box1035.6.6. The "Export selected packet bytes" dialog box1045.7. Printing packets1065.7.1. The "Print" dialog box1065.8. The Packet Range frame1085.9. The Packet Format frame109Chapter 6. Working with captured packets1116.1. Viewing packets you have captured1116.2. Filtering packets while viewing1176.3. Building display filter expressions1196.3.1. Display filter fields1196.3.2. Comparing values1196.3.3. Combining expressions1206.3.4. A common mistake1226.4. The "Filter Expression" dialog box1236.5. Defining and saving filters1256.6. Finding packets1276.6.1. The "Find Packet" dialog box1276.6.2. The "Find Next" command1286.6.3. The "Find Previous" command1286.7. Go to a specific packet1296.7.1. The "Go Back" command1296.7.2. The "Go Forward" command1296.7.3. The "Go to Packet" dialog box1296.7.4. The "Go to Corresponding Packet" command1296.7.5. The "Go to First Packet" command1296.7.6. The "Go to Last Packet" command1296.8. Marking packets1306.9. Time display formats and time references1316.9.1. Packet time referencing131Chapter 7. Advanced Features1347.1. Introduction1347.2. Following TCP streams1357.2.1. The "Follow TCP stream" dialog box1357.3. Packet Reassembling1377.3.1. What is it?1377.3.2. How Ethereal handles it1377.3.3. Reassembling is disabled by default!1377.4. Name Resolution1387.4.1. Ethernet name resolution (MAC layer)1387.4.2. IP name resolution (network layer)1387.4.3. IPX name resolution (network layer)1397.4.4. TCP/UDP port name resolution (transport layer)139Chapter 8. Statistics1418.1. Introduction1418.2. The "Summary" window1428.3. The "Protocol Hierarchy" window1448.4. Endpoints1468.4.1. What is an Endpoint?1468.4.2. The "Endpoints" window1468.4.3. The protocol specific "Endpoint List" windows1478.5. Conversations1488.5.1. What is a Conversation?1488.5.2. The "Conversations" window1488.5.3. The protocol specific "Conversation List" windows1488.6. The "IO Graphs" window1498.7. Service Response Time1518.7.1. The "Service Response Time DCE-RPC" window1518.8. The protocol specific statistics windows153Chapter 9. Customizing Ethereal1559.1. Introduction1559.2. Start Ethereal from the command line1569.3. Packet colorization1609.4. Control Protocol dissection1639.4.1. The "Enabled Protocols" dialog box1639.4.2. User Specified Decodes1659.4.3. Show User Specified Decodes1669.5. Preferences167Appendix A. Configuration (and other) Files and Folders170A.1. Windows folders173A.1.1. Windows profiles173A.1.2. Windows NT/2000/XP roaming profiles174A.1.3. Windows temporary folder174Appendix B. Protocols and Protocol Fields176Appendix C. Related command line tools177C.1. Introduction177C.2. tcpdump: Capturing with tcpdump for viewing with Ethereal178C.3. tethereal: Terminal-based Ethereal179C.4. capinfos: Print information about capture files180C.5. editcap: Edit capture files181C.6. mergecap: Merging multiple capture files into one184C.7. text2pcap: Converting ASCII hexdumps to network captures187C.8. idl2eth: Creating dissectors from Corba IDL files190C.8.1. What is it?190C.8.2. Why do this?190C.8.3. How to use idl2eth190C.8.4. TODO191C.8.5. Limitations192C.8.6. Notes192Appendix D. This Document's License (GPL)194Size: 2.38 MBPages: 199Language: EnglishOpen manual