Mode D'EmploiTable des matièresWireshark User's Guide3Table of Contents4Preface81. Foreword82. Who should read this document?93. Acknowledgements104. About this document115. Where to get the latest copy of this document?126. Providing feedback about this document13Chapter 1. Introduction151.1. What is Wireshark?151.1.1. Some intended purposes151.1.2. Features151.1.3. Live capture from many different network media161.1.4. Import files from many other capture programs161.1.5. Export files for many other capture programs161.1.6. Many protocol decoders161.1.7. Open Source Software161.1.8. What Wireshark is not171.2. System Requirements181.2.1. General Remarks181.2.2. Microsoft Windows181.2.3. Unix / Linux191.3. Where to get Wireshark?201.4. A brief history of Wireshark211.5. Development and maintenance of Wireshark221.6. Reporting problems and getting help231.6.1. Website231.6.2. Wiki231.6.3. FAQ231.6.4. Mailing Lists231.6.5. Reporting Problems241.6.6. Reporting Crashes on UNIX/Linux platforms241.6.7. Reporting Crashes on Windows platforms25Chapter 2. Building and Installing Wireshark272.1. Introduction272.2. Obtaining the source and binary distributions282.3. Before you build Wireshark under UNIX292.4. Building Wireshark from source under UNIX312.5. Installing the binaries under UNIX322.5.1. Installing from rpm's under RedHat and alike322.5.2. Installing from deb's under Debian322.5.3. Installing from portage under Gentoo Linux322.5.4. Installing from packages under FreeBSD322.6. Troubleshooting during the install on Unix332.7. Building from source under Windows342.8. Installing Wireshark under Windows352.8.1. Install Wireshark352.8.1.1. "Choose Components" page352.8.1.2. "Additional Tasks" page362.8.1.3. "Install WinPcap?" page362.8.1.4. Command line options362.8.2. Manual WinPcap Installation372.8.3. Update Wireshark372.8.4. Update WinPcap372.8.5. Uninstall Wireshark372.8.6. Uninstall WinPcap38Chapter 3. User Interface403.1. Introduction403.2. Start Wireshark413.3. The Main window423.3.1. Main Window Navigation433.4. The Menu443.5. The "File" menu453.6. The "Edit" menu483.7. The "View" menu503.8. The "Go" menu543.9. The "Capture" menu563.10. The "Analyze" menu583.11. The "Statistics" menu603.12. The "Help" menu623.13. The "Main" toolbar643.14. The "Filter" toolbar673.15. The "Packet List" pane683.16. The "Packet Details" pane693.17. The "Packet Bytes" pane703.18. The Statusbar71Chapter 4. Capturing Live Network Data734.1. Introduction734.2. Prerequisites744.3. Start Capturing754.4. The "Capture Interfaces" dialog box764.5. The "Capture Options" dialog box784.5.1. Capture frame784.5.2. Capture File(s) frame804.5.3. Stop Capture... frame804.5.4. Display Options frame814.5.5. Name Resolution frame814.5.6. Buttons814.6. Capture files and file modes824.7. Link-layer header type844.8. Filtering while capturing854.8.1. Automatic Remote Traffic Filtering864.9. While a Capture is running ...884.9.1. Stop the running capture884.9.2. Restart a running capture89Chapter 5. File Input / Output and Printing915.1. Introduction915.2. Open capture files925.2.1. The "Open Capture File" dialog box925.2.2. Input File Formats945.3. Saving captured packets965.3.1. The "Save Capture File As" dialog box965.3.2. Output File Formats985.4. Merging capture files1005.4.1. The "Merge with Capture File" dialog box1005.5. File Sets1025.5.1. The "List Files" dialog box1025.6. Exporting data1045.6.1. The "Export as Plain Text File" dialog box1045.6.2. The "Export as PostScript File" dialog box1045.6.3. The "Export as CSV (Comma Separated Values) File" dialog box1055.6.4. The "Export as PSML File" dialog box1055.6.5. The "Export as PDML File" dialog box1065.6.6. The "Export selected packet bytes" dialog box1075.6.7. The "Export Objects" dialog box1085.7. Printing packets1105.7.1. The "Print" dialog box1105.8. The Packet Range frame1125.9. The Packet Format frame113Chapter 6. Working with captured packets1156.1. Viewing packets you have captured1156.2. Pop-up menus1176.2.1. Pop-up menu of the "Packet List" pane1176.2.2. Pop-up menu of the "Packet Details" pane1196.3. Filtering packets while viewing1226.4. Building display filter expressions1246.4.1. Display filter fields1246.4.2. Comparing values1246.4.3. Combining expressions1256.4.4. A common mistake1276.5. The "Filter Expression" dialog box1286.6. Defining and saving filters1306.7. Finding packets1326.7.1. The "Find Packet" dialog box1326.7.2. The "Find Next" command1336.7.3. The "Find Previous" command1336.8. Go to a specific packet1346.8.1. The "Go Back" command1346.8.2. The "Go Forward" command1346.8.3. The "Go to Packet" dialog box1346.8.4. The "Go to Corresponding Packet" command1346.8.5. The "Go to First Packet" command1346.8.6. The "Go to Last Packet" command1346.9. Marking packets1356.10. Time display formats and time references1366.10.1. Packet time referencing136Chapter 7. Advanced Topics1397.1. Introduction1397.2. Following TCP streams1407.2.1. The "Follow TCP Stream" dialog box1407.3. Time Stamps1427.3.1. Wireshark internals1427.3.2. Capture file formats1427.3.3. Accuracy1427.4. Time Zones1447.4.1. Set your computer's time correct!1457.4.2. Wireshark and Time Zones1457.5. Packet Reassembling1477.5.1. What is it?1477.5.2. How Wireshark handles it1477.6. Name Resolution1497.6.1. Name Resolution drawbacks1497.6.2. Ethernet name resolution (MAC layer)1497.6.3. IP name resolution (network layer)1507.6.4. IPX name resolution (network layer)1507.6.5. TCP/UDP port name resolution (transport layer)1507.7. Checksums1517.7.1. Wireshark checksum validation1517.7.2. Checksum offloading152Chapter 8. Statistics1548.1. Introduction1548.2. The "Summary" window1558.3. The "Protocol Hierarchy" window1578.4. Endpoints1598.4.1. What is an Endpoint?1598.4.2. The "Endpoints" window1598.4.3. The protocol specific "Endpoint List" windows1608.5. Conversations1618.5.1. What is a Conversation?1618.5.2. The "Conversations" window1618.5.3. The protocol specific "Conversation List" windows1618.6. The "IO Graphs" window1628.7. Service Response Time1648.7.1. The "Service Response Time DCE-RPC" window1648.8. The protocol specific statistics windows166Chapter 9. Customizing Wireshark1689.1. Introduction1689.2. Start Wireshark from the command line1699.3. Packet colorization1749.4. Control Protocol dissection1779.4.1. The "Enabled Protocols" dialog box1779.4.2. User Specified Decodes1799.4.3. Show User Specified Decodes1809.5. Preferences1819.6. User Table1829.7. Display Filter Macros1839.8. Tektronics K12xx/15 RF5 protocols Table1849.9. User DLTs protocol table1859.10. SNMP users Table186Appendix A. Files and Folders188A.1. Capture Files188A.1.1. Libpcap File Contents188A.1.2. Not Saved in the Capture File188A.2. Configuration Files and Folders190A.3. Windows folders194A.3.1. Windows profiles194A.3.2. Windows Vista/XP/2000/NT roaming profiles194A.3.3. Windows temporary folder194Appendix B. Protocols and Protocol Fields197Appendix C. Wireshark Messages198C.1. Packet List Messages198C.1.1. [Malformed Packet]198C.1.2. [Packet size limited during capture]198C.2. Packet Details Messages199C.2.1. [Response in frame: 123]199C.2.2. [Request in frame: 123]199C.2.3. [Time from request: 0.123 seconds]199Appendix D. Related command line tools201D.1. Introduction201D.2. tshark: Terminal-based Wireshark202D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark203D.4. dumpcap: Capturing with dumpcap for viewing with Wireshark204D.5. capinfos: Print information about capture files205D.6. editcap: Edit capture files206D.7. mergecap: Merging multiple capture files into one209D.8. text2pcap: Converting ASCII hexdumps to network captures212D.9. idl2wrs: Creating dissectors from CORBA IDL files215D.9.1. What is it?215D.9.2. Why do this?215D.9.3. How to use idl2wrs215D.9.4. TODO216D.9.5. Limitations217D.9.6. Notes217Appendix E. This Document's License (GPL)219Taille: 2,9 MoPages: 223Language: EnglishOuvrir le manuel