User GuideTable of ContentsWireshark User's Guide1Table of Contents3Preface91. Foreword92. Who should read this document?93. Acknowledgements94. About this document105. Where to get the latest copy of this document?106. Providing feedback about this document10Chapter 1. Introduction111.1. What is Wireshark?111.1.1. Some intended purposes111.1.2. Features111.1.3. Live capture from many different network media121.1.4. Import files from many other capture programs121.1.5. Export files for many other capture programs121.1.6. Many protocol decoders121.1.7. Open Source Software131.1.8. What Wireshark is not131.2. System Requirements131.2.1. General Remarks131.2.2. Microsoft Windows131.2.3. Unix / Linux141.3. Where to get Wireshark?151.4. A brief history of Wireshark151.5. Development and maintenance of Wireshark151.6. Reporting problems and getting help161.6.1. Website161.6.2. Wiki161.6.3. Q&A Forum161.6.4. FAQ161.6.5. Mailing Lists171.6.6. Reporting Problems171.6.7. Reporting Crashes on UNIX/Linux platforms181.6.8. Reporting Crashes on Windows platforms18Chapter 2. Building and Installing Wireshark192.1. Introduction192.2. Obtaining the source and binary distributions192.3. Before you build Wireshark under UNIX202.4. Building Wireshark from source under UNIX212.5. Installing the binaries under UNIX222.5.1. Installing from rpm's under Red Hat and alike222.5.2. Installing from deb's under Debian232.5.3. Installing from portage under Gentoo Linux232.5.4. Installing from packages under FreeBSD232.6. Troubleshooting during the install on Unix232.7. Building from source under Windows242.8. Installing Wireshark under Windows242.8.1. Install Wireshark242.8.1.1. "Choose Components" page242.8.1.2. "Additional Tasks" page252.8.1.3. "Install WinPcap?" page252.8.1.4. Command line options252.8.2. Manual WinPcap Installation262.8.3. Update Wireshark262.8.4. Update WinPcap262.8.5. Uninstall Wireshark272.8.6. Uninstall WinPcap27Chapter 3. User Interface283.1. Introduction283.2. Start Wireshark283.3. The Main window283.3.1. Main Window Navigation303.4. The Menu303.5. The "File" menu313.6. The "Edit" menu343.7. The "View" menu363.8. The "Go" menu403.9. The "Capture" menu413.10. The "Analyze" menu423.11. The "Statistics" menu443.12. The "Telephony" menu463.13. The "Tools" menu483.14. The "Internals" menu483.15. The "Help" menu493.16. The "Main" toolbar513.17. The "Filter" toolbar533.18. The "Packet List" pane543.19. The "Packet Details" pane553.20. The "Packet Bytes" pane553.21. The Statusbar56Chapter 4. Capturing Live Network Data584.1. Introduction584.2. Prerequisites584.3. Start Capturing594.4. The "Capture Interfaces" dialog box594.5. The "Capture Options" dialog box604.5.1. Capture frame614.5.2. Capture File(s) frame634.5.3. Stop Capture... frame644.5.4. Display Options frame644.5.5. Name Resolution frame644.5.6. Buttons654.6. The "Remote Capture Interfaces" dialog box654.6.1. Remote Capture Interfaces664.6.2. Remote Capture674.6.3. Remote Capture Settings674.7. The "Interface Details" dialog box694.8. Capture files and file modes694.9. Link-layer header type714.10. Filtering while capturing714.10.1. Automatic Remote Traffic Filtering734.11. While a Capture is running ...734.11.1. Stop the running capture744.11.2. Restart a running capture74Chapter 5. File Input / Output and Printing755.1. Introduction755.2. Open capture files755.2.1. The "Open Capture File" dialog box755.2.2. Input File Formats775.3. Saving captured packets785.3.1. The "Save Capture File As" dialog box795.3.2. Output File Formats805.4. Merging capture files815.4.1. The "Merge with Capture File" dialog box825.5. Import text file835.5.1. The "File import" dialog box845.6. File Sets855.6.1. The "List Files" dialog box865.7. Exporting data865.7.1. The "Export as Plain Text File" dialog box875.7.2. The "Export as PostScript File" dialog box895.7.3. The "Export as CSV (Comma Separated Values) File" dialog box915.7.4. The "Export as C Arrays (packet bytes) file" dialog box915.7.5. The "Export as PSML File" dialog box915.7.6. The "Export as PDML File" dialog box935.7.7. The "Export selected packet bytes" dialog box955.7.8. The "Export Objects" dialog box975.8. Printing packets985.8.1. The "Print" dialog box985.9. The Packet Range frame995.10. The Packet Format frame99Chapter 6. Working with captured packets1016.1. Viewing packets you have captured1016.2. Pop-up menus1026.2.1. Pop-up menu of the "Packet List" column header1026.2.2. Pop-up menu of the "Packet List" pane1046.2.3. Pop-up menu of the "Packet Details" pane1066.3. Filtering packets while viewing1086.4. Building display filter expressions1096.4.1. Display filter fields1106.4.2. Comparing values1106.4.3. Combining expressions1116.4.4. A common mistake1126.5. The "Filter Expression" dialog box1136.6. Defining and saving filters1146.7. Defining and saving filter macros1166.8. Finding packets1166.8.1. The "Find Packet" dialog box1166.8.2. The "Find Next" command1176.8.3. The "Find Previous" command1176.9. Go to a specific packet1176.9.1. The "Go Back" command1176.9.2. The "Go Forward" command1176.9.3. The "Go to Packet" dialog box1176.9.4. The "Go to Corresponding Packet" command1176.9.5. The "Go to First Packet" command1186.9.6. The "Go to Last Packet" command1186.10. Marking packets1186.11. Ignoring packets1186.12. Time display formats and time references1196.12.1. Packet time referencing119Chapter 7. Advanced Topics1217.1. Introduction1217.2. Following TCP streams1217.2.1. The "Follow TCP Stream" dialog box1217.3. Expert Infos1227.3.1. Expert Info Entries1237.3.1.1. Severity1237.3.1.2. Group1237.3.1.3. Protocol1247.3.1.4. Summary1247.3.2. "Expert Info Composite" dialog1247.3.2.1. Errors / Warnings / Notes / Chats tabs1247.3.2.2. Details tab1247.3.3. "Colorized" Protocol Details Tree1247.3.4. "Expert" Packet List Column (optional)1257.4. Time Stamps1257.4.1. Wireshark internals1257.4.2. Capture file formats1267.4.3. Accuracy1267.5. Time Zones1267.5.1. Set your computer's time correctly!1277.5.2. Wireshark and Time Zones1287.6. Packet Reassembling1297.6.1. What is it?1297.6.2. How Wireshark handles it1297.7. Name Resolution1307.7.1. Name Resolution drawbacks1307.7.2. Ethernet name resolution (MAC layer)1317.7.3. IP name resolution (network layer)1317.7.4. IPX name resolution (network layer)1327.7.5. TCP/UDP port name resolution (transport layer)1327.8. Checksums1327.8.1. Wireshark checksum validation1337.8.2. Checksum offloading133Chapter 8. Statistics1348.1. Introduction1348.2. The "Summary" window1348.3. The "Protocol Hierarchy" window1358.4. Conversations1378.4.1. What is a Conversation?1378.4.2. The "Conversations" window1378.4.3. The protocol specific "Conversation List" windows1388.5. Endpoints1388.5.1. What is an Endpoint?1388.5.2. The "Endpoints" window1398.5.3. The protocol specific "Endpoint List" windows1408.6. The "IO Graphs" window1408.7. Service Response Time1418.7.1. The "Service Response Time DCE-RPC" window1428.8. Compare two capture files1428.9. WLAN Traffic Statistics1448.10. The protocol specific statistics windows144Chapter 9. Telephony1459.1. Introduction1459.2. RTP Analysis1459.3. VoIP Calls1459.4. LTE MAC Traffic Statistics1469.5. LTE RLC Traffic Statistics1469.6. The protocol specific statistics windows147Chapter 10. Customizing Wireshark14810.1. Introduction14810.2. Start Wireshark from the command line14810.3. Packet colorization15410.4. Control Protocol dissection15710.4.1. The "Enabled Protocols" dialog box15710.4.2. User Specified Decodes15810.4.3. Show User Specified Decodes15910.5. Preferences16010.5.1. Interface Options16110.6. Configuration Profiles16210.7. User Table16410.8. Display Filter Macros16410.9. ESS Category Attributes16410.10. GeoIP Database Paths16510.11. IKEv2 decryption table16510.12. Object Identifiers16610.13. PRES Users Context List16610.14. SCCP users Table16610.15. SMI (MIB and PIB) Modules16710.16. SMI (MIB and PIB) Paths16710.17. SNMP Enterprise Specific Trap Types16710.18. SNMP users Table16710.19. Tektronix K12xx/15 RF5 protocols Table16810.20. User DLTs protocol table168Chapter 11. Lua Support in Wireshark16911.1. Introduction16911.2. Example of Dissector written in Lua16911.3. Example of Listener written in Lua17011.4. Wireshark's Lua API Reference Manual17111.5. Saving capture files17111.5.1. Dumper17111.5.1.1. Dumper.new(filename, [filetype], [encap])17111.5.1.1.1. Arguments17111.5.1.1.2. Returns17111.5.1.1.3. Errors17111.5.1.2. dumper:close()17111.5.1.2.1. Errors17211.5.1.3. dumper:flush()17211.5.1.4. dumper:dump(timestamp, pseudoheader, bytearray)17211.5.1.4.1. Arguments17211.5.1.5. dumper:new_for_current([filetype])17211.5.1.5.1. Arguments17211.5.1.5.2. Returns17211.5.1.5.3. Errors17211.5.1.6. dumper:dump_current()17211.5.1.6.1. Errors17211.5.2. PseudoHeader17211.5.2.1. PseudoHeader.none()17211.5.2.1.1. Returns17211.5.2.2. PseudoHeader.eth([fcslen])17311.5.2.2.1. Arguments17311.5.2.2.2. Returns17311.5.2.3. PseudoHeader.atm([aal], [vpi], [vci], [channel], [cells], [aal5u2u], [aal5len])17311.5.2.3.1. Arguments17311.5.2.3.2. Returns17311.5.2.4. PseudoHeader.mtp2()17311.5.2.4.1. Returns17311.6. Obtaining dissection data17311.6.1. Field17311.6.1.1. Field.new(fieldname)17311.6.1.1.1. Arguments17411.6.1.1.2. Returns17411.6.1.1.3. Errors17411.6.1.2. field:__call()17411.6.1.2.1. Returns17411.6.1.2.2. Errors17411.6.2. FieldInfo17411.6.2.1. fieldinfo:__len()17411.6.2.2. fieldinfo:__unm()17411.6.2.3. fieldinfo:__call()17411.6.2.4. fieldinfo:__tostring()17411.6.2.5. fieldinfo:__eq()17411.6.2.5.1. Errors17411.6.2.6. fieldinfo:__le()17411.6.2.7. fieldinfo:__lt()17511.6.2.7.1. Errors17511.6.2.8. fieldinfo.name17511.6.2.9. fieldinfo.label17511.6.2.10. fieldinfo.value17511.6.2.11. fieldinfo.len17511.6.2.12. fieldinfo.offset17511.6.3. Non Method Functions17511.6.3.1. all_field_infos()17511.6.3.1.1. Errors17511.7. GUI support17511.7.1. ProgDlg17511.7.1.1. ProgDlg.new([title], [task])17511.7.1.1.1. Arguments17511.7.1.1.2. Returns17611.7.1.2. progdlg:update(progress, [task])17611.7.1.2.1. Arguments17611.7.1.2.2. Errors17611.7.1.3. progdlg:stopped()17611.7.1.3.1. Returns17611.7.1.3.2. Errors17611.7.1.4. progdlg:close()17611.7.1.4.1. Errors17611.7.2. TextWindow17611.7.2.1. TextWindow.new([title])17611.7.2.1.1. Arguments17611.7.2.1.2. Returns17611.7.2.2. textwindow:set_atclose(action)17711.7.2.2.1. Arguments17711.7.2.2.2. Returns17711.7.2.2.3. Errors17711.7.2.3. textwindow:set(text)17711.7.2.3.1. Arguments17711.7.2.3.2. Returns17711.7.2.3.3. Errors17711.7.2.4. textwindow:append(text)17711.7.2.4.1. Arguments17711.7.2.4.2. Returns17711.7.2.4.3. Errors17711.7.2.5. textwindow:prepend(text)17711.7.2.5.1. Arguments17711.7.2.5.2. Returns17811.7.2.5.3. Errors17811.7.2.6. textwindow:clear()17811.7.2.6.1. Returns17811.7.2.6.2. Errors17811.7.2.7. textwindow:get_text()17811.7.2.7.1. Returns17811.7.2.7.2. Errors17811.7.2.8. textwindow:set_editable([editable])17811.7.2.8.1. Arguments17811.7.2.8.2. Returns17811.7.2.8.3. Errors17811.7.2.9. textwindow:add_button(label, function)17811.7.2.9.1. Arguments17811.7.2.9.2. Returns17911.7.2.9.3. Errors17911.7.3. Non Method Functions17911.7.3.1. gui_enabled()17911.7.3.1.1. Returns17911.7.3.2. register_menu(name, action, [group])17911.7.3.2.1. Arguments17911.7.3.3. new_dialog(title, action, ...)17911.7.3.3.1. Arguments17911.7.3.3.2. Errors17911.7.3.4. retap_packets()18011.7.3.5. copy_to_clipboard(text)18011.7.3.5.1. Arguments18011.7.3.6. open_capture_file(filename, filter)18011.7.3.6.1. Arguments18011.7.3.7. set_filter(text)18011.7.3.7.1. Arguments18011.7.3.8. apply_filter()18011.7.3.9. reload()18011.7.3.10. browser_open_url(url)18011.7.3.10.1. Arguments18011.7.3.11. browser_open_data_file(filename)18011.7.3.11.1. Arguments18011.8. Post-dissection packet analysis18111.8.1. Listener18111.8.1.1. Listener.new([tap], [filter])18111.8.1.1.1. Arguments18111.8.1.1.2. Returns18111.8.1.1.3. Errors18111.8.1.2. listener:remove()18111.8.1.3. listener.packet18111.8.1.4. listener.draw18111.8.1.5. listener.reset18111.9. Obtaining packet information18111.9.1. Address18111.9.1.1. Address.ip(hostname)18111.9.1.1.1. Arguments18211.9.1.1.2. Returns18211.9.1.2. address:__tostring()18211.9.1.2.1. Returns18211.9.1.3. address:__eq()18211.9.1.4. address:__le()18211.9.1.5. address:__lt()18211.9.2. Column18211.9.2.1. column:__tostring()18211.9.2.1.1. Returns18211.9.2.2. column:clear()18211.9.2.3. column:set(text)18211.9.2.3.1. Arguments18211.9.2.4. column:append(text)18211.9.2.4.1. Arguments18311.9.2.5. column:preppend(text)18311.9.2.5.1. Arguments18311.9.3. Columns18311.9.3.1. columns:__tostring()18311.9.3.1.1. Returns18311.9.3.2. columns:__newindex(column, text)18311.9.3.2.1. Arguments18311.9.4. Pinfo18311.9.4.1. pinfo.number18311.9.4.2. pinfo.len18311.9.4.3. pinfo.caplen18311.9.4.4. pinfo.abs_ts18311.9.4.5. pinfo.rel_ts18411.9.4.6. pinfo.delta_ts18411.9.4.7. pinfo.delta_dis_ts18411.9.4.8. pinfo.visited18411.9.4.9. pinfo.src18411.9.4.10. pinfo.dst18411.9.4.11. pinfo.lo18411.9.4.12. pinfo.hi18411.9.4.13. pinfo.dl_src18411.9.4.14. pinfo.dl_dst18411.9.4.15. pinfo.net_src18411.9.4.16. pinfo.net_dst18411.9.4.17. pinfo.ptype18411.9.4.18. pinfo.src_port18511.9.4.19. pinfo.dst_port18511.9.4.20. pinfo.ipproto18511.9.4.21. pinfo.circuit_id18511.9.4.22. pinfo.match18511.9.4.23. pinfo.curr_proto18511.9.4.24. pinfo.columns18511.9.4.25. pinfo.cols18511.9.4.26. pinfo.desegment_len18511.9.4.27. pinfo.desegment_offset18511.9.4.28. pinfo.private_data18511.10. Functions for writing dissectors18511.10.1. Dissector18511.10.1.1. Dissector.get(name)18611.10.1.1.1. Arguments18611.10.1.1.2. Returns18611.10.1.2. dissector:call(tvb, pinfo, tree)18611.10.1.2.1. Arguments18611.10.2. DissectorTable18611.10.2.1. DissectorTable.new(tablename, [uiname], [type], [base])18611.10.2.1.1. Arguments18611.10.2.1.2. Returns18611.10.2.2. DissectorTable.get(tablename)18611.10.2.2.1. Arguments18611.10.2.2.2. Returns18711.10.2.3. dissectortable:add(pattern, dissector)18711.10.2.3.1. Arguments18711.10.2.4. dissectortable:remove(pattern, dissector)18711.10.2.4.1. Arguments18711.10.2.5. dissectortable:try(pattern, tvb, pinfo, tree)18711.10.2.5.1. Arguments18711.10.2.6. dissectortable:get_dissector(pattern)18711.10.2.6.1. Arguments18711.10.2.6.2. Returns18711.10.3. Pref18711.10.3.1. Pref.bool(label, default, descr)18811.10.3.1.1. Arguments18811.10.3.2. Pref.uint(label, default, descr)18811.10.3.2.1. Arguments18811.10.3.3. Pref.string(label, default, descr)18811.10.3.3.1. Arguments18811.10.3.4. Pref.enum(label, default, descr, enum, radio)18811.10.3.4.1. Arguments18811.10.3.5. Pref.range(label, default, descr, range, max)18811.10.3.5.1. Arguments18911.10.3.6. Pref.statictext(label, descr)18911.10.3.6.1. Arguments18911.10.4. Prefs18911.10.4.1. prefs:__newindex(name, pref)18911.10.4.1.1. Arguments18911.10.4.1.2. Errors18911.10.4.2. prefs:__index(name)18911.10.4.2.1. Arguments18911.10.4.2.2. Returns18911.10.4.2.3. Errors18911.10.5. Proto19011.10.5.1. Proto.new(name, desc)19011.10.5.1.1. Arguments19011.10.5.1.2. Returns19011.10.5.2. proto.dissector19011.10.5.3. proto.fields19011.10.5.4. proto.prefs19011.10.5.5. proto.init19011.10.5.6. proto.name19011.10.6. ProtoField19011.10.6.1. ProtoField.new(name, abbr, type, [voidstring], [base], [mask], [descr])19011.10.6.1.1. Arguments19011.10.6.1.2. Returns19111.10.6.2. ProtoField.uint8(abbr, [name], [base], [valuestring], [mask], [desc])19111.10.6.2.1. Arguments19111.10.6.2.2. Returns19111.10.6.3. ProtoField.uint16(abbr, [name], [base], [valuestring], [mask], [desc])19111.10.6.3.1. Arguments19111.10.6.3.2. Returns19111.10.6.4. ProtoField.uint24(abbr, [name], [base], [valuestring], [mask], [desc])19211.10.6.4.1. Arguments19211.10.6.4.2. Returns19211.10.6.5. ProtoField.uint32(abbr, [name], [base], [valuestring], [mask], [desc])19211.10.6.5.1. Arguments19211.10.6.5.2. Returns19211.10.6.6. ProtoField.uint64(abbr, [name], [base], [valuestring], [mask], [desc])19211.10.6.6.1. Arguments19211.10.6.6.2. Returns19311.10.6.7. ProtoField.int8(abbr, [name], [base], [valuestring], [mask], [desc])19311.10.6.7.1. Arguments19311.10.6.7.2. Returns19311.10.6.8. ProtoField.int16(abbr, [name], [base], [valuestring], [mask], [desc])19311.10.6.8.1. Arguments19311.10.6.8.2. Returns19311.10.6.9. ProtoField.int24(abbr, [name], [base], [valuestring], [mask], [desc])19311.10.6.9.1. Arguments19311.10.6.9.2. Returns19411.10.6.10. ProtoField.int32(abbr, [name], [base], [valuestring], [mask], [desc])19411.10.6.10.1. Arguments19411.10.6.10.2. Returns19411.10.6.11. ProtoField.int64(abbr, [name], [base], [valuestring], [mask], [desc])19411.10.6.11.1. Arguments19411.10.6.11.2. Returns19411.10.6.12. ProtoField.framenum(abbr, [name], [base], [valuestring], [mask], [desc])19511.10.6.12.1. Arguments19511.10.6.12.2. Returns19511.10.6.13. ProtoField.bool(abbr, [name], [display], [string], [mask], [desc])19511.10.6.13.1. Arguments19511.10.6.13.2. Returns19511.10.6.14. ProtoField.ipv4(abbr, [name], [desc])19511.10.6.14.1. Arguments19511.10.6.14.2. Returns19511.10.6.15. ProtoField.ipv6(abbr, [name], [desc])19611.10.6.15.1. Arguments19611.10.6.15.2. Returns19611.10.6.16. ProtoField.ether(abbr, [name], [desc])19611.10.6.16.1. Arguments19611.10.6.16.2. Returns19611.10.6.17. ProtoField.float(abbr, [name], [desc])19611.10.6.17.1. Arguments19611.10.6.17.2. Returns19611.10.6.18. ProtoField.double(abbr, [name], [desc])19611.10.6.18.1. Arguments19611.10.6.18.2. Returns19611.10.6.19. ProtoField.string(abbr, [name], [desc])19711.10.6.19.1. Arguments19711.10.6.19.2. Returns19711.10.6.20. ProtoField.stringz(abbr, [name], [desc])19711.10.6.20.1. Arguments19711.10.6.20.2. Returns19711.10.6.21. ProtoField.bytes(abbr, [name], [desc])19711.10.6.21.1. Arguments19711.10.6.21.2. Returns19711.10.6.22. ProtoField.ubytes(abbr, [name], [desc])19711.10.6.22.1. Arguments19711.10.6.22.2. Returns19711.10.6.23. ProtoField.guid(abbr, [name], [desc])19811.10.6.23.1. Arguments19811.10.6.23.2. Returns19811.10.6.24. ProtoField.oid(abbr, [name], [desc])19811.10.6.24.1. Arguments19811.10.6.24.2. Returns19811.10.6.25. ProtoField.bool(abbr, [name], [desc])19811.10.6.25.1. Arguments19811.10.6.25.2. Returns19811.10.6.26. protofield:__tostring()19811.10.7. Non Method Functions19811.10.7.1. register_postdissector(proto)19811.10.7.1.1. Arguments19811.11. Adding information to the dissection tree19911.11.1. TreeItem19911.11.1.1. treeitem:add()19911.11.1.1.1. Returns19911.11.1.2. treeitem:add_le()19911.11.1.2.1. Returns19911.11.1.3. treeitem:set_text(text)19911.11.1.3.1. Arguments19911.11.1.4. treeitem:append_text(text)19911.11.1.4.1. Arguments19911.11.1.5. treeitem:set_expert_flags([group], [severity])19911.11.1.5.1. Arguments19911.11.1.6. treeitem:add_expert_info([group], [severity], [text])20011.11.1.6.1. Arguments20011.11.1.7. treeitem:set_generated()20011.11.1.8. treeitem:set_hidden()20011.11.1.9. treeitem:set_len(len)20011.11.1.9.1. Arguments20011.12. Functions for handling packet data20011.12.1. ByteArray20011.12.1.1. ByteArray.new([hexbytes])20011.12.1.1.1. Arguments20011.12.1.1.2. Returns20011.12.1.2. bytearray:__concat(first, second)20011.12.1.2.1. Arguments20111.12.1.2.2. Returns20111.12.1.2.3. Errors20111.12.1.3. bytearray:prepend(prepended)20111.12.1.3.1. Arguments20111.12.1.3.2. Errors20111.12.1.4. bytearray:append(appended)20111.12.1.4.1. Arguments20111.12.1.4.2. Errors20111.12.1.5. bytearray:set_size(size)20111.12.1.5.1. Arguments20111.12.1.5.2. Errors20111.12.1.6. bytearray:set_index(index, value)20111.12.1.6.1. Arguments20211.12.1.7. bytearray:get_index(index)20211.12.1.7.1. Arguments20211.12.1.7.2. Returns20211.12.1.8. bytearray:len()20211.12.1.8.1. Returns20211.12.1.9. bytearray:subset(offset, length)20211.12.1.9.1. Arguments20211.12.1.9.2. Returns20211.12.2. Int20211.12.3. Tvb20211.12.3.1. Tvb.new_real(bytearray, name)20311.12.3.1.1. Arguments20311.12.3.1.2. Returns20311.12.3.2. Tvb.tvb(range)20311.12.3.2.1. Arguments20311.12.3.3. tvb:__tostring()20311.12.3.3.1. Returns20311.12.3.4. tvb:len()20311.12.3.4.1. Returns20311.12.3.5. tvb:offset()20311.12.3.5.1. Returns20311.12.3.6. tvb:__call()20311.12.3.7. wslua:__concat()20411.12.4. TvbRange20411.12.4.1. tvb:range([offset], [length])20411.12.4.1.1. Arguments20411.12.4.1.2. Returns20411.12.4.2. tvbrange:uint()20411.12.4.2.1. Returns20411.12.4.3. tvbrange:le_uint()20411.12.4.3.1. Returns20411.12.4.4. tvbrange:uint64()20411.12.4.5. tvbrange:le_uint64()20411.12.4.6. tvbrange:int()20411.12.4.6.1. Returns20511.12.4.7. tvbrange:le_int()20511.12.4.7.1. Returns20511.12.4.8. tvbrange:int64()20511.12.4.9. tvbrange:le_int64()20511.12.4.10. tvbrange:float()20511.12.4.10.1. Returns20511.12.4.11. tvbrange:le_float()20511.12.4.11.1. Returns20511.12.4.12. tvbrange:ipv4()20511.12.4.12.1. Returns20511.12.4.13. tvbrange:le_ipv4()20511.12.4.13.1. Returns20511.12.4.14. tvbrange:ether()20611.12.4.14.1. Returns20611.12.4.14.2. Errors20611.12.4.15. tvbrange:string()20611.12.4.15.1. Returns20611.12.4.16. tvbrange:stringz()20611.12.4.16.1. Returns20611.12.4.17. tvbrange:bytes()20611.12.4.17.1. Returns20611.12.4.18. tvbrange:bitfield([position], [length])20611.12.4.18.1. Arguments20611.12.4.18.2. Returns20611.12.4.19. tvbrange:range([offset], [length])20611.12.4.19.1. Arguments20711.12.4.19.2. Returns20711.12.4.20. tvbrange:len()20711.12.4.21. tvbrange:offset()20711.12.4.22. tvbrange:__tostring()20711.12.5. UInt20711.13. Utility Functions20711.13.1. Dir20711.13.1.1. Dir.open(pathname, [extension])20711.13.1.1.1. Arguments20711.13.1.1.2. Returns20711.13.1.2. dir:__call()20711.13.1.3. dir:close()20711.13.2. Non Method Functions20811.13.2.1. get_version()20811.13.2.1.1. Returns20811.13.2.2. format_date(timestamp)20811.13.2.2.1. Arguments20811.13.2.2.2. Returns20811.13.2.3. format_time(timestamp)20811.13.2.3.1. Arguments20811.13.2.3.2. Returns20811.13.2.4. report_failure(text)20811.13.2.4.1. Arguments20811.13.2.5. critical(...)20811.13.2.5.1. Arguments20811.13.2.6. warn(...)20811.13.2.6.1. Arguments20911.13.2.7. message(...)20911.13.2.7.1. Arguments20911.13.2.8. info(...)20911.13.2.8.1. Arguments20911.13.2.9. debug(...)20911.13.2.9.1. Arguments20911.13.2.10. loadfile(filename)20911.13.2.10.1. Arguments20911.13.2.11. dofile(filename)20911.13.2.11.1. Arguments20911.13.2.12. persconffile_path([filename])20911.13.2.12.1. Arguments20911.13.2.12.2. Returns20911.13.2.13. datafile_path([filename])21011.13.2.13.1. Arguments21011.13.2.13.2. Returns21011.13.2.14. register_stat_cmd_arg(argument, [action])21011.13.2.14.1. Arguments210Appendix A. Files and Folders211A.1. Capture Files211A.1.1. Libpcap File Contents211A.1.2. Not Saved in the Capture File211A.2. Configuration Files and Folders212A.2.1. Protocol help configuration216A.3. Windows folders218A.3.1. Windows profiles218A.3.2. Windows 7/Vista/XP/2000/NT roaming profiles219A.3.3. Windows temporary folder219Appendix B. Protocols and Protocol Fields220Appendix C. Wireshark Messages221C.1. Packet List Messages221C.1.1. [Malformed Packet]221C.1.2. [Packet size limited during capture]221C.2. Packet Details Messages221C.2.1. [Response in frame: 123]221C.2.2. [Request in frame: 123]221C.2.3. [Time from request: 0.123 seconds]222C.2.4. [Stream setup by PROTOCOL (frame 123)]222Appendix D. Related command line tools223D.1. Introduction223D.2. tshark: Terminal-based Wireshark223D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark225D.4. dumpcap: Capturing with dumpcap for viewing with Wireshark225D.5. capinfos: Print information about capture files226D.6. rawshark: Dump and analyze network traffic.228D.7. editcap: Edit capture files228D.8. mergecap: Merging multiple capture files into one232D.9. text2pcap: Converting ASCII hexdumps to network captures233D.10. idl2wrs: Creating dissectors from CORBA IDL files236D.10.1. What is it?236D.10.2. Why do this?236D.10.3. How to use idl2wrs236D.10.4. TODO238D.10.5. Limitations238D.10.6. Notes238Appendix E. This Document's License (GPL)239Size: 3.89 MBPages: 244Language: EnglishOpen manual