BetriebsanweisungInhaltsverzeichnisWireshark User's Guide3Table of Contents4Preface91. Foreword92. Who should read this document?103. Acknowledgements114. About this document125. Where to get the latest copy of this document?136. Providing feedback about this document14Chapter 1. Introduction161.1. What is Wireshark?161.1.1. Some intended purposes161.1.2. Features161.1.3. Live capture from many different network media171.1.4. Import files from many other capture programs171.1.5. Export files for many other capture programs171.1.6. Many protocol decoders171.1.7. Open Source Software171.1.8. What Wireshark is not181.2. System Requirements191.2.1. General Remarks191.2.2. Microsoft Windows191.2.3. Unix / Linux201.3. Where to get Wireshark?211.4. A brief history of Wireshark221.5. Development and maintenance of Wireshark231.6. Reporting problems and getting help241.6.1. Website241.6.2. Wiki241.6.3. FAQ241.6.4. Mailing Lists241.6.5. Reporting Problems251.6.6. Reporting Crashes on UNIX/Linux platforms251.6.7. Reporting Crashes on Windows platforms26Chapter 2. Building and Installing Wireshark282.1. Introduction282.2. Obtaining the source and binary distributions292.3. Before you build Wireshark under UNIX302.4. Building Wireshark from source under UNIX322.5. Installing the binaries under UNIX332.5.1. Installing from rpm's under Red Hat and alike332.5.2. Installing from deb's under Debian332.5.3. Installing from portage under Gentoo Linux332.5.4. Installing from packages under FreeBSD332.6. Troubleshooting during the install on Unix342.7. Building from source under Windows352.8. Installing Wireshark under Windows362.8.1. Install Wireshark362.8.1.1. "Choose Components" page362.8.1.2. "Additional Tasks" page372.8.1.3. "Install WinPcap?" page372.8.1.4. Command line options372.8.2. Manual WinPcap Installation382.8.3. Update Wireshark382.8.4. Update WinPcap382.8.5. Uninstall Wireshark382.8.6. Uninstall WinPcap39Chapter 3. User Interface413.1. Introduction413.2. Start Wireshark423.3. The Main window433.3.1. Main Window Navigation443.4. The Menu453.5. The "File" menu463.6. The "Edit" menu493.7. The "View" menu513.8. The "Go" menu553.9. The "Capture" menu573.10. The "Analyze" menu593.11. The "Statistics" menu613.12. The "Tools" menu643.13. The "Help" menu653.14. The "Main" toolbar673.15. The "Filter" toolbar703.16. The "Packet List" pane713.17. The "Packet Details" pane723.18. The "Packet Bytes" pane733.19. The Statusbar74Chapter 4. Capturing Live Network Data774.1. Introduction774.2. Prerequisites784.3. Start Capturing794.4. The "Capture Interfaces" dialog box804.5. The "Capture Options" dialog box824.5.1. Capture frame824.5.2. Capture File(s) frame844.5.3. Stop Capture... frame844.5.4. Display Options frame854.5.5. Name Resolution frame854.5.6. Buttons854.6. The "Interface Details" dialog box864.7. Capture files and file modes874.8. Link-layer header type894.9. Filtering while capturing904.9.1. Automatic Remote Traffic Filtering914.10. While a Capture is running ...934.10.1. Stop the running capture934.10.2. Restart a running capture94Chapter 5. File Input / Output and Printing965.1. Introduction965.2. Open capture files975.2.1. The "Open Capture File" dialog box975.2.2. Input File Formats995.3. Saving captured packets1015.3.1. The "Save Capture File As" dialog box1015.3.2. Output File Formats1035.4. Merging capture files1055.4.1. The "Merge with Capture File" dialog box1055.5. File Sets1075.5.1. The "List Files" dialog box1075.6. Exporting data1095.6.1. The "Export as Plain Text File" dialog box1095.6.2. The "Export as PostScript File" dialog box1095.6.3. The "Export as CSV (Comma Separated Values) File" dialog box1105.6.4. The "Export as C Arrays (packet bytes) file" dialog box1115.6.5. The "Export as PSML File" dialog box1115.6.6. The "Export as PDML File" dialog box1115.6.7. The "Export selected packet bytes" dialog box1125.6.8. The "Export Objects" dialog box1135.7. Printing packets1155.7.1. The "Print" dialog box1155.8. The Packet Range frame1175.9. The Packet Format frame118Chapter 6. Working with captured packets1206.1. Viewing packets you have captured1206.2. Pop-up menus1226.2.1. Pop-up menu of the "Packet List" pane1226.2.2. Pop-up menu of the "Packet Details" pane1246.3. Filtering packets while viewing1276.4. Building display filter expressions1296.4.1. Display filter fields1296.4.2. Comparing values1296.4.3. Combining expressions1316.4.4. A common mistake1326.5. The "Filter Expression" dialog box1336.6. Defining and saving filters1356.7. Defining and saving filter macros1376.8. Finding packets1386.8.1. The "Find Packet" dialog box1386.8.2. The "Find Next" command1396.8.3. The "Find Previous" command1396.9. Go to a specific packet1406.9.1. The "Go Back" command1406.9.2. The "Go Forward" command1406.9.3. The "Go to Packet" dialog box1406.9.4. The "Go to Corresponding Packet" command1406.9.5. The "Go to First Packet" command1406.9.6. The "Go to Last Packet" command1406.10. Marking packets1416.11. Time display formats and time references1426.11.1. Packet time referencing142Chapter 7. Advanced Topics1457.1. Introduction1457.2. Following TCP streams1467.2.1. The "Follow TCP Stream" dialog box1467.3. Expert Infos1487.3.1. Expert Info Entries1487.3.1.1. Severity1487.3.1.2. Group1487.3.1.3. Protocol1497.3.1.4. Summary1497.3.2. "Expert Info Composite" dialog1497.3.2.1. Errors / Warnings / Notes / Chats tabs1497.3.2.2. Details tab1507.3.3. "Colorized" Protocol Details Tree1507.3.4. "Expert" Packet List Column (optional)1507.4. Time Stamps1517.4.1. Wireshark internals1517.4.2. Capture file formats1517.4.3. Accuracy1517.5. Time Zones1537.5.1. Set your computer's time correctly!1547.5.2. Wireshark and Time Zones1547.6. Packet Reassembling1567.6.1. What is it?1567.6.2. How Wireshark handles it1567.7. Name Resolution1587.7.1. Name Resolution drawbacks1587.7.2. Ethernet name resolution (MAC layer)1587.7.3. IP name resolution (network layer)1597.7.4. IPX name resolution (network layer)1597.7.5. TCP/UDP port name resolution (transport layer)1597.8. Checksums1607.8.1. Wireshark checksum validation1607.8.2. Checksum offloading161Chapter 8. Statistics1638.1. Introduction1638.2. The "Summary" window1648.3. The "Protocol Hierarchy" window1668.4. Conversations1688.4.1. What is a Conversation?1688.4.2. The "Conversations" window1688.4.3. The protocol specific "Conversation List" windows1698.5. Endpoints1708.5.1. What is an Endpoint?1708.5.2. The "Endpoints" window1708.5.3. The protocol specific "Endpoint List" windows1718.6. The "IO Graphs" window1728.7. WLAN Traffic Statistics1748.8. Service Response Time1758.8.1. The "Service Response Time DCE-RPC" window1758.9. The protocol specific statistics windows177Chapter 9. Customizing Wireshark1799.1. Introduction1799.2. Start Wireshark from the command line1809.3. Packet colorization1869.4. Control Protocol dissection1899.4.1. The "Enabled Protocols" dialog box1899.4.2. User Specified Decodes1919.4.3. Show User Specified Decodes1929.5. Preferences1939.5.1. Interface Options1949.6. Configuration Profiles1959.7. User Table1989.8. Display Filter Macros1999.9. GeoIP Database Paths2009.10. Tektronix K12xx/15 RF5 protocols Table2019.11. SCCP users Table2029.12. SMI (MIB and PIB) Modules2039.13. SMI (MIB and PIB) Paths2049.14. SNMP users Table2059.15. User DLTs protocol table206Chapter 10. Lua Support in Wireshark20810.1. Introduction20810.2. Example of Dissector written in Lua20910.3. Example of Listener written in Lua21010.4. Wireshark's Lua API Reference Manual21110.4.1. Saving capture files21110.4.1.1. Dumper21110.4.1.1.1. Dumper.new(filename, [filetype], [encap])21110.4.1.1.1.1. Arguments21110.4.1.1.1.2. Returns21110.4.1.1.1.3. Errors21110.4.1.1.2. dumper:close()21110.4.1.1.2.1. Errors21110.4.1.1.3. dumper:flush()21110.4.1.1.4. dumper:dump(timestamp, pseudoheader, bytearray)21110.4.1.1.4.1. Arguments21110.4.1.1.5. dumper:new_for_current([filetype])21110.4.1.1.5.1. Arguments21210.4.1.1.5.2. Returns21210.4.1.1.5.3. Errors21210.4.1.1.6. dumper:dump_current()21210.4.1.1.6.1. Errors21210.4.1.2. PseudoHeader21210.4.1.2.1. PseudoHeader.none()21210.4.1.2.1.1. Returns21210.4.1.2.2. PseudoHeader.eth([fcslen])21210.4.1.2.2.1. Arguments21210.4.1.2.2.2. Returns21210.4.1.2.3. PseudoHeader.atm([aal], [vpi], [vci], [channel], [cells], [aal5u2u], [aal5len])21210.4.1.2.3.1. Arguments21210.4.1.2.3.2. Returns21310.4.1.2.4. PseudoHeader.mtp2()21310.4.1.2.4.1. Returns21310.4.2. Obtaining dissection data21310.4.2.1. Field21310.4.2.1.1. Field.new(fieldname)21310.4.2.1.1.1. Arguments21310.4.2.1.1.2. Returns21310.4.2.1.1.3. Errors21310.4.2.1.2. field:__call()21310.4.2.1.2.1. Returns21310.4.2.1.2.2. Errors21310.4.2.2. FieldInfo21410.4.2.2.1. fieldinfo:__len()21410.4.2.2.2. fieldinfo:__unm()21410.4.2.2.3. fieldinfo:__call()21410.4.2.2.4. fieldinfo:__tostring()21410.4.2.2.5. fieldinfo:__eq()21410.4.2.2.5.1. Errors21410.4.2.2.6. fieldinfo:__le()21410.4.2.2.7. fieldinfo:__lt()21410.4.2.2.7.1. Errors21410.4.2.2.8. fieldinfo.name21410.4.2.2.9. fieldinfo.label21410.4.2.2.10. fieldinfo.value21410.4.2.2.11. fieldinfo.len21410.4.2.2.12. fieldinfo.offset21410.4.2.3. Non Method Functions21510.4.2.3.1. all_field_infos()21510.4.2.3.1.1. Errors21510.4.3. GUI support21510.4.3.1. ProgDlg21510.4.3.1.1. ProgDlg.new([title], [task])21510.4.3.1.1.1. Arguments21510.4.3.1.1.2. Returns21510.4.3.1.2. progdlg:update(progress, [task])21510.4.3.1.2.1. Arguments21510.4.3.1.2.2. Errors21510.4.3.1.3. progdlg:stopped()21510.4.3.1.3.1. Returns21510.4.3.1.3.2. Errors21610.4.3.1.4. progdlg:close()21610.4.3.1.4.1. Errors21610.4.3.2. TextWindow21610.4.3.2.1. TextWindow.new([title])21610.4.3.2.1.1. Arguments21610.4.3.2.1.2. Returns21610.4.3.2.2. textwindow:set_atclose(action)21610.4.3.2.2.1. Arguments21610.4.3.2.2.2. Returns21610.4.3.2.2.3. Errors21610.4.3.2.3. textwindow:set(text)21610.4.3.2.3.1. Arguments21610.4.3.2.3.2. Returns21710.4.3.2.3.3. Errors21710.4.3.2.4. textwindow:append(text)21710.4.3.2.4.1. Arguments21710.4.3.2.4.2. Returns21710.4.3.2.4.3. Errors21710.4.3.2.5. textwindow:prepend(text)21710.4.3.2.5.1. Arguments21710.4.3.2.5.2. Returns21710.4.3.2.5.3. Errors21710.4.3.2.6. textwindow:clear()21710.4.3.2.6.1. Returns21710.4.3.2.6.2. Errors21710.4.3.2.7. textwindow:get_text()21810.4.3.2.7.1. Returns21810.4.3.2.7.2. Errors21810.4.3.2.8. textwindow:set_editable([editable])21810.4.3.2.8.1. Arguments21810.4.3.2.8.2. Returns21810.4.3.2.8.3. Errors21810.4.3.2.9. textwindow:add_button(label, function)21810.4.3.2.9.1. Arguments21810.4.3.2.9.2. Returns21810.4.3.2.9.3. Errors21810.4.3.3. Non Method Functions21810.4.3.3.1. gui_enabled()21810.4.3.3.1.1. Returns21810.4.3.3.2. register_menu(name, action, [group])21910.4.3.3.2.1. Arguments21910.4.3.3.3. new_dialog(title, action, ...)21910.4.3.3.3.1. Arguments21910.4.3.3.3.2. Errors21910.4.3.3.4. retap_packets()21910.4.3.3.5. copy_to_clipboard(text)21910.4.3.3.5.1. Arguments21910.4.3.3.6. open_capture_file(filename, filter)21910.4.3.3.6.1. Arguments22010.4.3.3.7. set_filter(text)22010.4.3.3.7.1. Arguments22010.4.3.3.8. apply_filter()22010.4.3.3.9. reload()22010.4.3.3.10. browser_open_url(url)22010.4.3.3.10.1. Arguments22010.4.3.3.11. browser_open_data_file(filename)22010.4.3.3.11.1. Arguments22010.4.4. Post-dissection packet analysis22010.4.4.1. Listener22010.4.4.1.1. Listener.new([tap], [filter])22010.4.4.1.1.1. Arguments22010.4.4.1.1.2. Returns22110.4.4.1.1.3. Errors22110.4.4.1.2. listener:remove()22110.4.4.1.3. listener.packet22110.4.4.1.4. listener.draw22110.4.4.1.5. listener.reset22110.4.5. Obtaining packet information22110.4.5.1. Address22110.4.5.1.1. Address.ip(hostname)22110.4.5.1.1.1. Arguments22110.4.5.1.1.2. Returns22110.4.5.1.2. address:__tostring()22110.4.5.1.2.1. Returns22110.4.5.1.3. address:__eq()22110.4.5.1.4. address:__le()22210.4.5.1.5. address:__lt()22210.4.5.2. Column22210.4.5.2.1. column:__tostring()22210.4.5.2.1.1. Returns22210.4.5.2.2. column:clear()22210.4.5.2.3. column:set(text)22210.4.5.2.3.1. Arguments22210.4.5.2.4. column:append(text)22210.4.5.2.4.1. Arguments22210.4.5.2.5. column:preppend(text)22210.4.5.2.5.1. Arguments22210.4.5.3. Columns22210.4.5.3.1. columns:__tostring()22210.4.5.3.1.1. Returns22210.4.5.3.2. columns:__newindex(column, text)22310.4.5.3.2.1. Arguments22310.4.5.4. Pinfo22310.4.5.4.1. pinfo.number22310.4.5.4.2. pinfo.len22310.4.5.4.3. pinfo.caplen22310.4.5.4.4. pinfo.abs_ts22310.4.5.4.5. pinfo.rel_ts22310.4.5.4.6. pinfo.delta_ts22310.4.5.4.7. pinfo.delta_dis_ts22310.4.5.4.8. pinfo.visited22310.4.5.4.9. pinfo.src22310.4.5.4.10. pinfo.dst22310.4.5.4.11. pinfo.lo22310.4.5.4.12. pinfo.hi22310.4.5.4.13. pinfo.dl_src22410.4.5.4.14. pinfo.dl_dst22410.4.5.4.15. pinfo.net_src22410.4.5.4.16. pinfo.net_dst22410.4.5.4.17. pinfo.ptype22410.4.5.4.18. pinfo.src_port22410.4.5.4.19. pinfo.dst_port22410.4.5.4.20. pinfo.ipproto22410.4.5.4.21. pinfo.circuit_id22410.4.5.4.22. pinfo.match22410.4.5.4.23. pinfo.curr_proto22410.4.5.4.24. pinfo.columns22410.4.5.4.25. pinfo.cols22410.4.5.4.26. pinfo.desegment_len22410.4.5.4.27. pinfo.desegment_offset22410.4.5.4.28. pinfo.private_data22510.4.6. Functions for writing dissectors22510.4.6.1. Dissector22510.4.6.1.1. Dissector.get(name)22510.4.6.1.1.1. Arguments22510.4.6.1.1.2. Returns22510.4.6.1.2. dissector:call(tvb, pinfo, tree)22510.4.6.1.2.1. Arguments22510.4.6.2. DissectorTable22510.4.6.2.1. DissectorTable.new(tablename, [uiname], [type], [base])22510.4.6.2.1.1. Arguments22510.4.6.2.1.2. Returns22510.4.6.2.2. DissectorTable.get(tablename)22610.4.6.2.2.1. Arguments22610.4.6.2.2.2. Returns22610.4.6.2.3. dissectortable:add(pattern, dissector)22610.4.6.2.3.1. Arguments22610.4.6.2.4. dissectortable:remove(pattern, dissector)22610.4.6.2.4.1. Arguments22610.4.6.2.5. dissectortable:try(pattern, tvb, pinfo, tree)22610.4.6.2.5.1. Arguments22610.4.6.2.6. dissectortable:get_dissector(pattern)22610.4.6.2.6.1. Arguments22610.4.6.2.6.2. Returns22710.4.6.3. Pref22710.4.6.3.1. Pref.bool(label, default, descr)22710.4.6.3.1.1. Arguments22710.4.6.3.2. Pref.uint(label, default, descr)22710.4.6.3.2.1. Arguments22710.4.6.3.3. Pref.string(label, default, descr)22710.4.6.3.3.1. Arguments22710.4.6.3.4. Pref.enum(label, default, descr, enum, radio)22710.4.6.3.4.1. Arguments22710.4.6.3.5. Pref.range(label, default, descr, range, max)22810.4.6.3.5.1. Arguments22810.4.6.3.6. Pref.stext(label, text)22810.4.6.3.6.1. Arguments22810.4.6.4. Prefs22810.4.6.4.1. prefs:__newindex(name, pref)22810.4.6.4.1.1. Arguments22810.4.6.4.1.2. Errors22810.4.6.4.2. prefs:__index(name)22810.4.6.4.2.1. Arguments22810.4.6.4.2.2. Returns22910.4.6.4.2.3. Errors22910.4.6.5. Proto22910.4.6.5.1. Proto.new(name, desc)22910.4.6.5.1.1. Arguments22910.4.6.5.1.2. Returns22910.4.6.5.2. proto.dissector22910.4.6.5.3. proto.fields22910.4.6.5.4. proto.get_prefs22910.4.6.5.5. proto.init22910.4.6.5.6. proto.name22910.4.6.6. ProtoField22910.4.6.6.1. ProtoField.new(name, abbr, type, [valuestring], [base], [mask], [descr])22910.4.6.6.1.1. Arguments22910.4.6.6.1.2. Returns23010.4.6.6.2. ProtoField.uint8(abbr, [name], [base], [valuestring], [mask], [desc])23010.4.6.6.2.1. Arguments23010.4.6.6.2.2. Returns23010.4.6.6.3. ProtoField.uint16(abbr, [name], [base], [valuestring], [mask], [desc])23010.4.6.6.3.1. Arguments23010.4.6.6.3.2. Returns23010.4.6.6.4. ProtoField.uint24(abbr, [name], [base], [valuestring], [mask], [desc])23010.4.6.6.4.1. Arguments23110.4.6.6.4.2. Returns23110.4.6.6.5. ProtoField.uint32(abbr, [name], [base], [valuestring], [mask], [desc])23110.4.6.6.5.1. Arguments23110.4.6.6.5.2. Returns23110.4.6.6.6. ProtoField.uint64(abbr, [name], [base], [valuestring], [mask], [desc])23110.4.6.6.6.1. Arguments23110.4.6.6.6.2. Returns23110.4.6.6.7. ProtoField.int8(abbr, [name], [base], [valuestring], [mask], [desc])23210.4.6.6.7.1. Arguments23210.4.6.6.7.2. Returns23210.4.6.6.8. ProtoField.int16(abbr, [name], [base], [valuestring], [mask], [desc])23210.4.6.6.8.1. Arguments23210.4.6.6.8.2. Returns23210.4.6.6.9. ProtoField.int24(abbr, [name], [base], [valuestring], [mask], [desc])23210.4.6.6.9.1. Arguments23210.4.6.6.9.2. Returns23210.4.6.6.10. ProtoField.int32(abbr, [name], [base], [valuestring], [mask], [desc])23310.4.6.6.10.1. Arguments23310.4.6.6.10.2. Returns23310.4.6.6.11. ProtoField.int64(abbr, [name], [base], [valuestring], [mask], [desc])23310.4.6.6.11.1. Arguments23310.4.6.6.11.2. Returns23310.4.6.6.12. ProtoField.framenum(abbr, [name], [base], [valuestring], [mask], [desc])23310.4.6.6.12.1. Arguments23310.4.6.6.12.2. Returns23410.4.6.6.13. ProtoField.ipv4(abbr, [name], [desc])23410.4.6.6.13.1. Arguments23410.4.6.6.13.2. Returns23410.4.6.6.14. ProtoField.ipv6(abbr, [name], [desc])23410.4.6.6.14.1. Arguments23410.4.6.6.14.2. Returns23410.4.6.6.15. ProtoField.ether(abbr, [name], [desc])23410.4.6.6.15.1. Arguments23410.4.6.6.15.2. Returns23410.4.6.6.16. ProtoField.float(abbr, [name], [desc])23410.4.6.6.16.1. Arguments23410.4.6.6.16.2. Returns23510.4.6.6.17. ProtoField.double(abbr, [name], [desc])23510.4.6.6.17.1. Arguments23510.4.6.6.17.2. Returns23510.4.6.6.18. ProtoField.string(abbr, [name], [desc])23510.4.6.6.18.1. Arguments23510.4.6.6.18.2. Returns23510.4.6.6.19. ProtoField.stringz(abbr, [name], [desc])23510.4.6.6.19.1. Arguments23510.4.6.6.19.2. Returns23510.4.6.6.20. ProtoField.bytes(abbr, [name], [desc])23510.4.6.6.20.1. Arguments23510.4.6.6.20.2. Returns23610.4.6.6.21. ProtoField.ubytes(abbr, [name], [desc])23610.4.6.6.21.1. Arguments23610.4.6.6.21.2. Returns23610.4.6.6.22. ProtoField.guid(abbr, [name], [desc])23610.4.6.6.22.1. Arguments23610.4.6.6.22.2. Returns23610.4.6.6.23. ProtoField.oid(abbr, [name], [desc])23610.4.6.6.23.1. Arguments23610.4.6.6.23.2. Returns23610.4.6.6.24. ProtoField.bool(abbr, [name], [desc])23610.4.6.6.24.1. Arguments23610.4.6.6.24.2. Returns23710.4.6.7. Non Method Functions23710.4.6.7.1. register_postdissector(proto)23710.4.6.7.1.1. Arguments23710.4.7. Adding information to the dissection tree23710.4.7.1. TreeItem23710.4.7.1.1. treeitem:add()23710.4.7.1.1.1. Returns23710.4.7.1.2. treeitem:add_le()23710.4.7.1.2.1. Returns23710.4.7.1.3. treeitem:set_text(text)23710.4.7.1.3.1. Arguments23710.4.7.1.4. treeitem:append_text(text)23710.4.7.1.4.1. Arguments23710.4.7.1.5. treeitem:set_expert_flags([group], [severity])23810.4.7.1.5.1. Arguments23810.4.7.1.6. treeitem:add_expert_info([group], [severity], [text])23810.4.7.1.6.1. Arguments23810.4.7.1.7. treeitem:set_generated()23810.4.7.1.8. treeitem:set_hidden()23810.4.8. Functions for handling packet data23810.4.8.1. ByteArray23810.4.8.1.1. ByteArray.new([hexbytes])23810.4.8.1.1.1. Arguments23810.4.8.1.1.2. Returns23810.4.8.1.2. bytearray:__concat(first, second)23810.4.8.1.2.1. Arguments23910.4.8.1.2.2. Returns23910.4.8.1.2.3. Errors23910.4.8.1.3. bytearray:prepend(prepended)23910.4.8.1.3.1. Arguments23910.4.8.1.3.2. Errors23910.4.8.1.4. bytearray:append(appended)23910.4.8.1.4.1. Arguments23910.4.8.1.4.2. Errors23910.4.8.1.5. bytearray:set_size(size)23910.4.8.1.5.1. Arguments23910.4.8.1.5.2. Errors23910.4.8.1.6. bytearray:set_index(index, value)24010.4.8.1.6.1. Arguments24010.4.8.1.7. bytearray:get_index(index)24010.4.8.1.7.1. Arguments24010.4.8.1.7.2. Returns24010.4.8.1.8. bytearray:len()24010.4.8.1.8.1. Returns24010.4.8.1.9. bytearray:subset(offset, length)24010.4.8.1.9.1. Arguments24010.4.8.1.9.2. Returns24010.4.8.2. Int24010.4.8.3. Tvb24010.4.8.3.1. Tvb.new_real(bytearray, name)24110.4.8.3.1.1. Arguments24110.4.8.3.1.2. Returns24110.4.8.3.2. Tvb.tvb(range)24110.4.8.3.2.1. Arguments24110.4.8.3.3. tvb:__tostring()24110.4.8.3.3.1. Returns24110.4.8.3.4. tvb:len()24110.4.8.3.4.1. Returns24110.4.8.3.5. tvb:offset()24110.4.8.3.5.1. Returns24110.4.8.3.6. tvb:__call()24110.4.8.4. TvbRange24110.4.8.4.1. tvb:range([offset], [length])24210.4.8.4.1.1. Arguments24210.4.8.4.1.2. Returns24210.4.8.4.2. tvbrange:uint()24210.4.8.4.2.1. Returns24210.4.8.4.3. tvbrange:le_uint()24210.4.8.4.3.1. Returns24210.4.8.4.4. tvbrange:uint64()24210.4.8.4.5. tvbrange:le_uint64()24210.4.8.4.6. tvbrange:float()24210.4.8.4.6.1. Returns24210.4.8.4.7. tvbrange:le_float()24210.4.8.4.7.1. Returns24210.4.8.4.8. tvbrange:ipv4()24310.4.8.4.8.1. Returns24310.4.8.4.9. tvbrange:le_ipv4()24310.4.8.4.9.1. Returns24310.4.8.4.10. tvbrange:ether()24310.4.8.4.10.1. Returns24310.4.8.4.10.2. Errors24310.4.8.4.11. tvbrange:string()24310.4.8.4.11.1. Returns24310.4.8.4.12. tvbrange:bytes()24310.4.8.4.12.1. Returns24310.4.8.4.13. tvbrange:len()24310.4.8.4.14. tvbrange:offset()24310.4.8.4.15. tvbrange:__tostring()24310.4.8.5. UInt24310.4.9. Utility Functions24410.4.9.1. Dir24410.4.9.1.1. Dir.open(pathname, [extension])24410.4.9.1.1.1. Arguments24410.4.9.1.1.2. Returns24410.4.9.1.2. dir:__call()24410.4.9.1.3. dir:close()24410.4.9.2. Non Method Functions24410.4.9.2.1. format_date(timestamp)24410.4.9.2.1.1. Arguments24410.4.9.2.1.2. Returns24410.4.9.2.2. format_time(timestamp)24410.4.9.2.2.1. Arguments24410.4.9.2.2.2. Returns24410.4.9.2.3. report_failure(text)24410.4.9.2.3.1. Arguments24510.4.9.2.4. critical(...)24510.4.9.2.4.1. Arguments24510.4.9.2.5. warn(...)24510.4.9.2.5.1. Arguments24510.4.9.2.6. message(...)24510.4.9.2.6.1. Arguments24510.4.9.2.7. info(...)24510.4.9.2.7.1. Arguments24510.4.9.2.8. debug(...)24510.4.9.2.8.1. Arguments24510.4.9.2.9. loadfile(filename)24510.4.9.2.9.1. Arguments24510.4.9.2.10. dofile(filename)24610.4.9.2.10.1. Arguments24610.4.9.2.11. persconffile_path([filename])24610.4.9.2.11.1. Arguments24610.4.9.2.11.2. Returns24610.4.9.2.12. datafile_path([filename])24610.4.9.2.12.1. Arguments24610.4.9.2.12.2. Returns24610.4.9.2.13. register_stat_cmd_arg(argument, [action])24610.4.9.2.13.1. Arguments246Appendix A. Files and Folders248A.1. Capture Files248A.1.1. Libpcap File Contents248A.1.2. Not Saved in the Capture File248A.2. Configuration Files and Folders250A.3. Windows folders255A.3.1. Windows profiles255A.3.2. Windows Vista/XP/2000/NT roaming profiles255A.3.3. Windows temporary folder255Appendix B. Protocols and Protocol Fields258Appendix C. Wireshark Messages259C.1. Packet List Messages259C.1.1. [Malformed Packet]259C.1.2. [Packet size limited during capture]259C.2. Packet Details Messages260C.2.1. [Response in frame: 123]260C.2.2. [Request in frame: 123]260C.2.3. [Time from request: 0.123 seconds]260C.2.4. [Stream setup by PROTOCOL (frame 123)]260Appendix D. Related command line tools262D.1. Introduction262D.2. tshark: Terminal-based Wireshark263D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark264D.4. dumpcap: Capturing with dumpcap for viewing with Wireshark265D.5. capinfos: Print information about capture files266D.6. editcap: Edit capture files267D.7. mergecap: Merging multiple capture files into one270D.8. text2pcap: Converting ASCII hexdumps to network captures273D.9. idl2wrs: Creating dissectors from CORBA IDL files276D.9.1. What is it?276D.9.2. Why do this?276D.9.3. How to use idl2wrs276D.9.4. TODO278D.9.5. Limitations278D.9.6. Notes278Appendix E. This Document's License (GPL)280Größe: 3,66 MBSeiten: 284Language: EnglishHandbuch öffnen
