Mode D'EmploiTable des matièresWireshark User's Guide1Table of Contents3Preface91. Foreword92. Who should read this document?93. Acknowledgements94. About this document105. Where to get the latest copy of this document?106. Providing feedback about this document10Chapter 1. Introduction111.1. What is Wireshark?111.1.1. Some intended purposes111.1.2. Features111.1.3. Live capture from many different network media121.1.4. Import files from many other capture programs121.1.5. Export files for many other capture programs121.1.6. Many protocol decoders121.1.7. Open Source Software131.1.8. What Wireshark is not131.2. System Requirements131.2.1. General Remarks131.2.2. Microsoft Windows131.2.3. Unix / Linux141.3. Where to get Wireshark?151.4. A brief history of Wireshark151.5. Development and maintenance of Wireshark161.6. Reporting problems and getting help161.6.1. Website161.6.2. Wiki161.6.3. Q&A Forum171.6.4. FAQ171.6.5. Mailing Lists171.6.6. Reporting Problems171.6.7. Reporting Crashes on UNIX/Linux platforms181.6.8. Reporting Crashes on Windows platforms19Chapter 2. Building and Installing Wireshark202.1. Introduction202.2. Obtaining the source and binary distributions202.3. Before you build Wireshark under UNIX212.4. Building Wireshark from source under UNIX232.5. Installing the binaries under UNIX242.5.1. Installing from rpm's under Red Hat and alike242.5.2. Installing from deb's under Debian, Ubuntu and other Debian derivatives242.5.3. Installing from portage under Gentoo Linux242.5.4. Installing from packages under FreeBSD242.6. Troubleshooting during the install on Unix252.7. Building from source under Windows252.8. Installing Wireshark under Windows252.8.1. Install Wireshark252.8.1.1. "Choose Components" page262.8.1.2. "Additional Tasks" page262.8.1.3. "Install WinPcap?" page262.8.1.4. Command line options272.8.2. Manual WinPcap Installation272.8.3. Update Wireshark282.8.4. Update WinPcap282.8.5. Uninstall Wireshark282.8.6. Uninstall WinPcap28Chapter 3. User Interface293.1. Introduction293.2. Start Wireshark293.3. The Main window293.3.1. Main Window Navigation313.4. The Menu313.5. The "File" menu323.6. The "Edit" menu353.7. The "View" menu373.8. The "Go" menu413.9. The "Capture" menu423.10. The "Analyze" menu433.11. The "Statistics" menu453.12. The "Telephony" menu473.13. The "Tools" menu493.14. The "Internals" menu493.15. The "Help" menu503.16. The "Main" toolbar523.17. The "Filter" toolbar543.18. The "Packet List" pane553.19. The "Packet Details" pane563.20. The "Packet Bytes" pane563.21. The Statusbar57Chapter 4. Capturing Live Network Data594.1. Introduction594.2. Prerequisites594.3. Start Capturing604.4. The "Capture Interfaces" dialog box604.5. The "Capture Options" dialog box624.5.1. Capture frame644.5.2. Capture File(s) frame644.5.3. Stop Capture... frame654.5.4. Display Options frame654.5.5. Name Resolution frame664.5.6. Buttons664.6. The "Edit Interface Settings" dialog box664.7. The "Add New Interfaces" dialog box694.7.1. Add or remove pipes704.7.2. Add or hide local interfaces714.7.3. Add or hide remote interfaces724.8. The "Remote Capture Interfaces" dialog box724.8.1. Remote Capture Interfaces734.8.2. Remote Capture Settings744.9. The "Interface Details" dialog box754.10. Capture files and file modes754.11. Link-layer header type774.12. Filtering while capturing774.12.1. Automatic Remote Traffic Filtering794.13. While a Capture is running ...794.13.1. Stop the running capture804.13.2. Restart a running capture80Chapter 5. File Input / Output and Printing815.1. Introduction815.2. Open capture files815.2.1. The "Open Capture File" dialog box815.2.2. Input File Formats835.3. Saving captured packets845.3.1. The "Save Capture File As" dialog box855.3.2. Output File Formats865.4. Merging capture files875.4.1. The "Merge with Capture File" dialog box885.5. Import text file895.5.1. The "File import" dialog box905.6. File Sets915.6.1. The "List Files" dialog box925.7. Exporting data925.7.1. The "Export as Plain Text File" dialog box935.7.2. The "Export as PostScript File" dialog box955.7.3. The "Export as CSV (Comma Separated Values) File" dialog box975.7.4. The "Export as C Arrays (packet bytes) file" dialog box975.7.5. The "Export as PSML File" dialog box975.7.6. The "Export as PDML File" dialog box995.7.7. The "Export selected packet bytes" dialog box1015.7.8. The "Export Objects" dialog box1035.8. Printing packets1045.8.1. The "Print" dialog box1045.9. The Packet Range frame1055.10. The Packet Format frame105Chapter 6. Working with captured packets1076.1. Viewing packets you have captured1076.2. Pop-up menus1086.2.1. Pop-up menu of the "Packet List" column header1086.2.2. Pop-up menu of the "Packet List" pane1106.2.3. Pop-up menu of the "Packet Details" pane1126.3. Filtering packets while viewing1146.4. Building display filter expressions1156.4.1. Display filter fields1166.4.2. Comparing values1166.4.3. Combining expressions1176.4.4. A common mistake1186.5. The "Filter Expression" dialog box1196.6. Defining and saving filters1206.7. Defining and saving filter macros1226.8. Finding packets1226.8.1. The "Find Packet" dialog box1226.8.2. The "Find Next" command1236.8.3. The "Find Previous" command1236.9. Go to a specific packet1236.9.1. The "Go Back" command1236.9.2. The "Go Forward" command1236.9.3. The "Go to Packet" dialog box1236.9.4. The "Go to Corresponding Packet" command1236.9.5. The "Go to First Packet" command1246.9.6. The "Go to Last Packet" command1246.10. Marking packets1246.11. Ignoring packets1246.12. Time display formats and time references1256.12.1. Packet time referencing125Chapter 7. Advanced Topics1277.1. Introduction1277.2. Following TCP streams1277.2.1. The "Follow TCP Stream" dialog box1277.3. Expert Infos1287.3.1. Expert Info Entries1297.3.1.1. Severity1297.3.1.2. Group1297.3.1.3. Protocol1307.3.1.4. Summary1307.3.2. "Expert Info" dialog1307.3.2.1. Errors / Warnings / Notes / Chats tabs1307.3.2.2. Details tab1307.3.3. "Colorized" Protocol Details Tree1307.3.4. "Expert" Packet List Column (optional)1317.4. Time Stamps1317.4.1. Wireshark internals1317.4.2. Capture file formats1327.4.3. Accuracy1327.5. Time Zones1327.5.1. Set your computer's time correctly!1337.5.2. Wireshark and Time Zones1347.6. Packet Reassembling1357.6.1. What is it?1357.6.2. How Wireshark handles it1357.7. Name Resolution1367.7.1. Name Resolution drawbacks1367.7.2. Ethernet name resolution (MAC layer)1377.7.3. IP name resolution (network layer)1377.7.4. IPX name resolution (network layer)1387.7.5. TCP/UDP port name resolution (transport layer)1387.8. Checksums1387.8.1. Wireshark checksum validation1397.8.2. Checksum offloading139Chapter 8. Statistics1408.1. Introduction1408.2. The "Summary" window1408.3. The "Protocol Hierarchy" window1418.4. Conversations1438.4.1. What is a Conversation?1438.4.2. The "Conversations" window1438.4.3. The protocol specific "Conversation List" windows1448.5. Endpoints1448.5.1. What is an Endpoint?1448.5.2. The "Endpoints" window1458.5.3. The protocol specific "Endpoint List" windows1468.6. The "IO Graphs" window1468.7. Service Response Time1478.7.1. The "Service Response Time DCE-RPC" window1488.8. Compare two capture files1488.9. WLAN Traffic Statistics1508.10. The protocol specific statistics windows150Chapter 9. Telephony1519.1. Introduction1519.2. RTP Analysis1519.3. VoIP Calls1519.4. LTE MAC Traffic Statistics1529.5. LTE RLC Traffic Statistics1529.6. The protocol specific statistics windows153Chapter 10. Customizing Wireshark15410.1. Introduction15410.2. Start Wireshark from the command line15410.3. Packet colorization16010.4. Control Protocol dissection16310.4.1. The "Enabled Protocols" dialog box16310.4.2. User Specified Decodes16410.4.3. Show User Specified Decodes16510.5. Preferences16610.5.1. Interface Options16710.6. Configuration Profiles16810.7. User Table17010.8. Display Filter Macros17010.9. ESS Category Attributes17010.10. GeoIP Database Paths17110.11. IKEv2 decryption table17110.12. Object Identifiers17210.13. PRES Users Context List17210.14. SCCP users Table17210.15. SMI (MIB and PIB) Modules17310.16. SMI (MIB and PIB) Paths17310.17. SNMP Enterprise Specific Trap Types17310.18. SNMP users Table17310.19. Tektronix K12xx/15 RF5 protocols Table17410.20. User DLTs protocol table174Chapter 11. Lua Support in Wireshark17511.1. Introduction17511.2. Example of Dissector written in Lua17511.3. Example of Listener written in Lua17611.4. Wireshark's Lua API Reference Manual17711.5. Saving capture files17711.5.1. Dumper17711.5.1.1. Dumper.new(filename, [filetype], [encap])17711.5.1.1.1. Arguments17711.5.1.1.2. Returns17711.5.1.1.3. Errors17711.5.1.2. dumper:close()17711.5.1.2.1. Errors17811.5.1.3. dumper:flush()17811.5.1.4. dumper:dump(timestamp, pseudoheader, bytearray)17811.5.1.4.1. Arguments17811.5.1.5. dumper:new_for_current([filetype])17811.5.1.5.1. Arguments17811.5.1.5.2. Returns17811.5.1.5.3. Errors17811.5.1.6. dumper:dump_current()17811.5.1.6.1. Errors17811.5.2. PseudoHeader17811.5.2.1. PseudoHeader.none()17811.5.2.1.1. Returns17811.5.2.2. PseudoHeader.eth([fcslen])17911.5.2.2.1. Arguments17911.5.2.2.2. Returns17911.5.2.3. PseudoHeader.atm([aal], [vpi], [vci], [channel], [cells], [aal5u2u], [aal5len])17911.5.2.3.1. Arguments17911.5.2.3.2. Returns17911.5.2.4. PseudoHeader.mtp2()17911.5.2.4.1. Returns17911.6. Obtaining dissection data17911.6.1. Field17911.6.1.1. Field.new(fieldname)17911.6.1.1.1. Arguments18011.6.1.1.2. Returns18011.6.1.1.3. Errors18011.6.1.2. field:__call()18011.6.1.2.1. Returns18011.6.1.2.2. Errors18011.6.2. FieldInfo18011.6.2.1. fieldinfo:__len()18011.6.2.2. fieldinfo:__unm()18011.6.2.3. fieldinfo:__call()18011.6.2.4. fieldinfo:__tostring()18011.6.2.5. fieldinfo:__eq()18011.6.2.5.1. Errors18011.6.2.6. fieldinfo:__le()18011.6.2.7. fieldinfo:__lt()18111.6.2.7.1. Errors18111.6.2.8. fieldinfo.name18111.6.2.9. fieldinfo.label18111.6.2.10. fieldinfo.value18111.6.2.11. fieldinfo.len18111.6.2.12. fieldinfo.offset18111.6.3. Non Method Functions18111.6.3.1. all_field_infos()18111.6.3.1.1. Errors18111.7. GUI support18111.7.1. ProgDlg18111.7.1.1. ProgDlg.new([title], [task])18111.7.1.1.1. Arguments18111.7.1.1.2. Returns18211.7.1.2. progdlg:update(progress, [task])18211.7.1.2.1. Arguments18211.7.1.2.2. Errors18211.7.1.3. progdlg:stopped()18211.7.1.3.1. Returns18211.7.1.3.2. Errors18211.7.1.4. progdlg:close()18211.7.1.4.1. Errors18211.7.2. TextWindow18211.7.2.1. TextWindow.new([title])18211.7.2.1.1. Arguments18211.7.2.1.2. Returns18311.7.2.1.3. Errors18311.7.2.2. textwindow:set_atclose(action)18311.7.2.2.1. Arguments18311.7.2.2.2. Returns18311.7.2.2.3. Errors18311.7.2.3. textwindow:set(text)18311.7.2.3.1. Arguments18311.7.2.3.2. Returns18311.7.2.3.3. Errors18311.7.2.4. textwindow:append(text)18311.7.2.4.1. Arguments18311.7.2.4.2. Returns18311.7.2.4.3. Errors18411.7.2.5. textwindow:prepend(text)18411.7.2.5.1. Arguments18411.7.2.5.2. Returns18411.7.2.5.3. Errors18411.7.2.6. textwindow:clear()18411.7.2.6.1. Returns18411.7.2.6.2. Errors18411.7.2.7. textwindow:get_text()18411.7.2.7.1. Returns18411.7.2.7.2. Errors18411.7.2.8. textwindow:set_editable([editable])18511.7.2.8.1. Arguments18511.7.2.8.2. Returns18511.7.2.8.3. Errors18511.7.2.9. textwindow:add_button(label, function)18511.7.2.9.1. Arguments18511.7.2.9.2. Returns18511.7.2.9.3. Errors18511.7.3. Non Method Functions18511.7.3.1. gui_enabled()18511.7.3.1.1. Returns18511.7.3.2. register_menu(name, action, [group])18611.7.3.2.1. Arguments18611.7.3.3. new_dialog(title, action, ...)18611.7.3.3.1. Arguments18611.7.3.3.2. Errors18611.7.3.4. retap_packets()18611.7.3.5. copy_to_clipboard(text)18611.7.3.5.1. Arguments18611.7.3.6. open_capture_file(filename, filter)18611.7.3.6.1. Arguments18711.7.3.7. set_filter(text)18711.7.3.7.1. Arguments18711.7.3.8. set_color_filter_slot(row, text)18711.7.3.8.1. Arguments18711.7.3.9. apply_filter()18711.7.3.10. reload()18711.7.3.11. browser_open_url(url)18711.7.3.11.1. Arguments18711.7.3.12. browser_open_data_file(filename)18711.7.3.12.1. Arguments18711.8. Post-dissection packet analysis18711.8.1. Listener18711.8.1.1. Listener.new([tap], [filter])18811.8.1.1.1. Arguments18811.8.1.1.2. Returns18811.8.1.1.3. Errors18811.8.1.2. listener:remove()18811.8.1.3. listener.packet18811.8.1.4. listener.draw18811.8.1.5. listener.reset18811.9. Obtaining packet information18811.9.1. Address18811.9.1.1. Address.ip(hostname)18811.9.1.1.1. Arguments18811.9.1.1.2. Returns18811.9.1.2. address:__tostring()18911.9.1.2.1. Returns18911.9.1.3. address:__eq()18911.9.1.4. address:__le()18911.9.1.5. address:__lt()18911.9.2. Column18911.9.2.1. column:__tostring()18911.9.2.1.1. Returns18911.9.2.2. column:clear()18911.9.2.3. column:set(text)18911.9.2.3.1. Arguments18911.9.2.4. column:append(text)18911.9.2.4.1. Arguments18911.9.2.5. column:preppend(text)18911.9.2.5.1. Arguments19011.9.3. Columns19011.9.3.1. columns:__tostring()19011.9.3.1.1. Returns19011.9.3.2. columns:__newindex(column, text)19011.9.3.2.1. Arguments19011.9.4. NSTime19011.9.4.1. NSTime.new([seconds], [nseconds])19011.9.4.1.1. Arguments19011.9.4.1.2. Returns19011.9.4.2. nstime:__tostring()19011.9.4.2.1. Returns19011.9.4.3. nstime:__add()19011.9.4.4. nstime:__sub()19011.9.4.5. nstime:__unm()19111.9.4.6. nstime:__eq()19111.9.4.6.1. Errors19111.9.4.7. nstime:__le()19111.9.4.7.1. Errors19111.9.4.8. nstime:__lt()19111.9.4.8.1. Errors19111.9.4.9. nstime.secs19111.9.4.10. nstime.nsecs19111.9.5. Pinfo19111.9.5.1. pinfo.number19111.9.5.2. pinfo.len19111.9.5.3. pinfo.caplen19111.9.5.4. pinfo.abs_ts19211.9.5.5. pinfo.rel_ts19211.9.5.6. pinfo.delta_ts19211.9.5.7. pinfo.delta_dis_ts19211.9.5.8. pinfo.visited19211.9.5.9. pinfo.src19211.9.5.10. pinfo.dst19211.9.5.11. pinfo.lo19211.9.5.12. pinfo.hi19211.9.5.13. pinfo.dl_src19211.9.5.14. pinfo.dl_dst19211.9.5.15. pinfo.net_src19211.9.5.16. pinfo.net_dst19211.9.5.17. pinfo.ptype19311.9.5.18. pinfo.src_port19311.9.5.19. pinfo.dst_port19311.9.5.20. pinfo.ipproto19311.9.5.21. pinfo.circuit_id19311.9.5.22. pinfo.match19311.9.5.23. pinfo.curr_proto19311.9.5.24. pinfo.columns19311.9.5.25. pinfo.cols19311.9.5.26. pinfo.desegment_len19311.9.5.27. pinfo.desegment_offset19311.9.5.28. pinfo.private_data19311.9.5.29. pinfo.private19311.9.5.30. pinfo.ethertype19411.9.5.31. pinfo.fragmented19411.9.5.32. pinfo.in_error_pkt19411.9.5.33. pinfo.match_uint19411.9.5.34. pinfo.match_string19411.9.6. PrivateTable19411.9.6.1. privatetable:__tostring()19411.9.6.1.1. Returns19411.10. Functions for writing dissectors19411.10.1. Dissector19411.10.1.1. Dissector.get(name)19411.10.1.1.1. Arguments19411.10.1.1.2. Returns19411.10.1.2. dissector:call(tvb, pinfo, tree)19411.10.1.2.1. Arguments19511.10.2. DissectorTable19511.10.2.1. DissectorTable.new(tablename, [uiname], [type], [base])19511.10.2.1.1. Arguments19511.10.2.1.2. Returns19511.10.2.2. DissectorTable.get(tablename)19511.10.2.2.1. Arguments19511.10.2.2.2. Returns19511.10.2.3. dissectortable:add(pattern, dissector)19511.10.2.3.1. Arguments19511.10.2.4. dissectortable:remove(pattern, dissector)19611.10.2.4.1. Arguments19611.10.2.5. dissectortable:try(pattern, tvb, pinfo, tree)19611.10.2.5.1. Arguments19611.10.2.6. dissectortable:get_dissector(pattern)19611.10.2.6.1. Arguments19611.10.2.6.2. Returns19611.10.3. Pref19611.10.3.1. Pref.bool(label, default, descr)19611.10.3.1.1. Arguments19611.10.3.2. Pref.uint(label, default, descr)19711.10.3.2.1. Arguments19711.10.3.3. Pref.string(label, default, descr)19711.10.3.3.1. Arguments19711.10.3.4. Pref.enum(label, default, descr, enum, radio)19711.10.3.4.1. Arguments19711.10.3.5. Pref.range(label, default, descr, max)19711.10.3.5.1. Arguments19711.10.3.6. Pref.statictext(label, descr)19711.10.3.6.1. Arguments19811.10.4. Prefs19811.10.4.1. prefs:__newindex(name, pref)19811.10.4.1.1. Arguments19811.10.4.1.2. Errors19811.10.4.2. prefs:__index(name)19811.10.4.2.1. Arguments19811.10.4.2.2. Returns19811.10.4.2.3. Errors19811.10.5. Proto19811.10.5.1. Proto.new(name, desc)19811.10.5.1.1. Arguments19811.10.5.1.2. Returns19811.10.5.2. proto.dissector19911.10.5.3. proto.fields19911.10.5.4. proto.prefs19911.10.5.5. proto.init19911.10.5.6. proto.name19911.10.5.7. proto.description19911.10.6. ProtoField19911.10.6.1. ProtoField.new(name, abbr, type, [voidstring], [base], [mask], [descr])19911.10.6.1.1. Arguments19911.10.6.1.2. Returns20011.10.6.2. ProtoField.uint8(abbr, [name], [base], [valuestring], [mask], [desc])20011.10.6.2.1. Arguments20011.10.6.2.2. Returns20011.10.6.3. ProtoField.uint16(abbr, [name], [base], [valuestring], [mask], [desc])20011.10.6.3.1. Arguments20011.10.6.3.2. Returns20011.10.6.4. ProtoField.uint24(abbr, [name], [base], [valuestring], [mask], [desc])20011.10.6.4.1. Arguments20011.10.6.4.2. Returns20111.10.6.5. ProtoField.uint32(abbr, [name], [base], [valuestring], [mask], [desc])20111.10.6.5.1. Arguments20111.10.6.5.2. Returns20111.10.6.6. ProtoField.uint64(abbr, [name], [base], [valuestring], [mask], [desc])20111.10.6.6.1. Arguments20111.10.6.6.2. Returns20111.10.6.7. ProtoField.int8(abbr, [name], [base], [valuestring], [mask], [desc])20211.10.6.7.1. Arguments20211.10.6.7.2. Returns20211.10.6.8. ProtoField.int16(abbr, [name], [base], [valuestring], [mask], [desc])20211.10.6.8.1. Arguments20211.10.6.8.2. Returns20211.10.6.9. ProtoField.int24(abbr, [name], [base], [valuestring], [mask], [desc])20211.10.6.9.1. Arguments20211.10.6.9.2. Returns20311.10.6.10. ProtoField.int32(abbr, [name], [base], [valuestring], [mask], [desc])20311.10.6.10.1. Arguments20311.10.6.10.2. Returns20311.10.6.11. ProtoField.int64(abbr, [name], [base], [valuestring], [mask], [desc])20311.10.6.11.1. Arguments20311.10.6.11.2. Returns20311.10.6.12. ProtoField.framenum(abbr, [name], [base], [valuestring], [mask], [desc])20311.10.6.12.1. Arguments20411.10.6.12.2. Returns20411.10.6.13. ProtoField.bool(abbr, [name], [display], [string], [mask], [desc])20411.10.6.13.1. Arguments20411.10.6.13.2. Returns20411.10.6.14. ProtoField.absolute_time(abbr, [name], [base], [desc])20411.10.6.14.1. Arguments20411.10.6.14.2. Returns20411.10.6.15. ProtoField.relative_time(abbr, [name], [desc])20511.10.6.15.1. Arguments20511.10.6.15.2. Returns20511.10.6.16. ProtoField.ipv4(abbr, [name], [desc])20511.10.6.16.1. Arguments20511.10.6.16.2. Returns20511.10.6.17. ProtoField.ipv6(abbr, [name], [desc])20511.10.6.17.1. Arguments20511.10.6.17.2. Returns20511.10.6.18. ProtoField.ether(abbr, [name], [desc])20511.10.6.18.1. Arguments20511.10.6.18.2. Returns20511.10.6.19. ProtoField.float(abbr, [name], [desc])20611.10.6.19.1. Arguments20611.10.6.19.2. Returns20611.10.6.20. ProtoField.double(abbr, [name], [desc])20611.10.6.20.1. Arguments20611.10.6.20.2. Returns20611.10.6.21. ProtoField.string(abbr, [name], [desc])20611.10.6.21.1. Arguments20611.10.6.21.2. Returns20611.10.6.22. ProtoField.stringz(abbr, [name], [desc])20611.10.6.22.1. Arguments20611.10.6.22.2. Returns20611.10.6.23. ProtoField.bytes(abbr, [name], [desc])20711.10.6.23.1. Arguments20711.10.6.23.2. Returns20711.10.6.24. ProtoField.ubytes(abbr, [name], [desc])20711.10.6.24.1. Arguments20711.10.6.24.2. Returns20711.10.6.25. ProtoField.guid(abbr, [name], [desc])20711.10.6.25.1. Arguments20711.10.6.25.2. Returns20711.10.6.26. ProtoField.oid(abbr, [name], [desc])20711.10.6.26.1. Arguments20711.10.6.26.2. Returns20711.10.6.27. ProtoField.bool(abbr, [name], [desc])20811.10.6.27.1. Arguments20811.10.6.27.2. Returns20811.10.6.28. protofield:__tostring()20811.10.7. Non Method Functions20811.10.7.1. register_postdissector(proto)20811.10.7.1.1. Arguments20811.11. Adding information to the dissection tree20811.11.1. TreeItem20811.11.1.1. treeitem:add_packet_field()20811.11.1.2. treeitem:add()20811.11.1.2.1. Returns20811.11.1.3. treeitem:add_le()20911.11.1.3.1. Returns20911.11.1.4. treeitem:set_text(text)20911.11.1.4.1. Arguments20911.11.1.5. treeitem:append_text(text)20911.11.1.5.1. Arguments20911.11.1.6. treeitem:set_expert_flags([group], [severity])20911.11.1.6.1. Arguments20911.11.1.7. treeitem:add_expert_info([group], [severity], [text])20911.11.1.7.1. Arguments20911.11.1.8. treeitem:set_generated()20911.11.1.9. treeitem:set_hidden()21011.11.1.10. treeitem:set_len(len)21011.11.1.10.1. Arguments21011.12. Functions for handling packet data21011.12.1. ByteArray21011.12.1.1. ByteArray.new([hexbytes])21011.12.1.1.1. Arguments21011.12.1.1.2. Returns21011.12.1.2. bytearray:__concat(first, second)21011.12.1.2.1. Arguments21011.12.1.2.2. Returns21011.12.1.2.3. Errors21011.12.1.3. bytearray:prepend(prepended)21011.12.1.3.1. Arguments21011.12.1.3.2. Errors21111.12.1.4. bytearray:append(appended)21111.12.1.4.1. Arguments21111.12.1.4.2. Errors21111.12.1.5. bytearray:set_size(size)21111.12.1.5.1. Arguments21111.12.1.5.2. Errors21111.12.1.6. bytearray:set_index(index, value)21111.12.1.6.1. Arguments21111.12.1.7. bytearray:get_index(index)21111.12.1.7.1. Arguments21111.12.1.7.2. Returns21111.12.1.8. bytearray:len()21111.12.1.8.1. Returns21211.12.1.9. bytearray:subset(offset, length)21211.12.1.9.1. Arguments21211.12.1.9.2. Returns21211.12.2. Int21211.12.3. Tvb21211.12.3.1. ByteArray.tvb(name)21211.12.3.1.1. Arguments21211.12.3.1.2. Returns21211.12.3.2. TvbRange.tvb(range)21211.12.3.2.1. Arguments21211.12.3.3. tvb:__tostring()21311.12.3.3.1. Returns21311.12.3.4. tvb:reported_len()21311.12.3.4.1. Returns21311.12.3.5. tvb:len()21311.12.3.5.1. Returns21311.12.3.6. tvb:reported_length_remaining()21311.12.3.6.1. Returns21311.12.3.7. tvb:offset()21311.12.3.7.1. Returns21311.12.3.8. tvb:__call()21311.12.3.9. wslua:__concat()21311.12.4. TvbRange21311.12.4.1. tvb:range([offset], [length])21411.12.4.1.1. Arguments21411.12.4.1.2. Returns21411.12.4.2. tvbrange:uint()21411.12.4.2.1. Returns21411.12.4.3. tvbrange:le_uint()21411.12.4.3.1. Returns21411.12.4.4. tvbrange:uint64()21411.12.4.5. tvbrange:le_uint64()21411.12.4.6. tvbrange:int()21411.12.4.6.1. Returns21411.12.4.7. tvbrange:le_int()21411.12.4.7.1. Returns21411.12.4.8. tvbrange:int64()21511.12.4.9. tvbrange:le_int64()21511.12.4.10. tvbrange:float()21511.12.4.10.1. Returns21511.12.4.11. tvbrange:le_float()21511.12.4.11.1. Returns21511.12.4.12. tvbrange:ipv4()21511.12.4.12.1. Returns21511.12.4.13. tvbrange:le_ipv4()21511.12.4.13.1. Returns21511.12.4.14. tvbrange:ether()21511.12.4.14.1. Returns21511.12.4.14.2. Errors21511.12.4.15. tvbrange:nstime()21611.12.4.15.1. Returns21611.12.4.15.2. Errors21611.12.4.16. tvbrange:le_nstime()21611.12.4.16.1. Returns21611.12.4.16.2. Errors21611.12.4.17. tvbrange:string()21611.12.4.17.1. Returns21611.12.4.18. tvbrange:ustring()21611.12.4.18.1. Returns21611.12.4.19. tvbrange:le_ustring()21611.12.4.19.1. Returns21611.12.4.20. tvbrange:stringz()21611.12.4.20.1. Returns21611.12.4.21. tvbrange:ustringz()21711.12.4.21.1. Returns21711.12.4.22. tvbrange:le_ustringz()21711.12.4.22.1. Returns21711.12.4.23. tvbrange:bytes()21711.12.4.23.1. Returns21711.12.4.24. tvbrange:bitfield([position], [length])21711.12.4.24.1. Arguments21711.12.4.24.2. Returns21711.12.4.25. tvbrange:range([offset], [length])21711.12.4.25.1. Arguments21711.12.4.25.2. Returns21711.12.4.26. tvbrange:len()21711.12.4.27. tvbrange:offset()21811.12.4.28. tvbrange:__tostring()21811.12.5. UInt21811.13. Utility Functions21811.13.1. Dir21811.13.1.1. Dir.open(pathname, [extension])21811.13.1.1.1. Arguments21811.13.1.1.2. Returns21811.13.1.2. dir:__call()21811.13.1.3. dir:close()21811.13.2. Non Method Functions21811.13.2.1. get_version()21811.13.2.1.1. Returns21811.13.2.2. format_date(timestamp)21911.13.2.2.1. Arguments21911.13.2.2.2. Returns21911.13.2.3. format_time(timestamp)21911.13.2.3.1. Arguments21911.13.2.3.2. Returns21911.13.2.4. report_failure(text)21911.13.2.4.1. Arguments21911.13.2.5. critical(...)21911.13.2.5.1. Arguments21911.13.2.6. warn(...)21911.13.2.6.1. Arguments21911.13.2.7. message(...)21911.13.2.7.1. Arguments21911.13.2.8. info(...)22011.13.2.8.1. Arguments22011.13.2.9. debug(...)22011.13.2.9.1. Arguments22011.13.2.10. loadfile(filename)22011.13.2.10.1. Arguments22011.13.2.11. dofile(filename)22011.13.2.11.1. Arguments22011.13.2.12. persconffile_path([filename])22011.13.2.12.1. Arguments22011.13.2.12.2. Returns22011.13.2.13. datafile_path([filename])22011.13.2.13.1. Arguments22011.13.2.13.2. Returns22011.13.2.14. register_stat_cmd_arg(argument, [action])22111.13.2.14.1. Arguments221Appendix A. Files and Folders222A.1. Capture Files222A.1.1. Libpcap File Contents222A.1.2. Not Saved in the Capture File222A.2. Configuration Files and Folders223A.2.1. Protocol help configuration227A.3. Windows folders229A.3.1. Windows profiles229A.3.2. Windows 7, Vista, XP, 2000, and NT roaming profiles230A.3.3. Windows temporary folder230Appendix B. Protocols and Protocol Fields231Appendix C. Wireshark Messages232C.1. Packet List Messages232C.1.1. [Malformed Packet]232C.1.2. [Packet size limited during capture]232C.2. Packet Details Messages232C.2.1. [Response in frame: 123]232C.2.2. [Request in frame: 123]232C.2.3. [Time from request: 0.123 seconds]233C.2.4. [Stream setup by PROTOCOL (frame 123)]233Appendix D. Related command line tools234D.1. Introduction234D.2. tshark: Terminal-based Wireshark234D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark236D.4. dumpcap: Capturing with dumpcap for viewing with Wireshark236D.5. capinfos: Print information about capture files237D.6. rawshark: Dump and analyze network traffic.239D.7. editcap: Edit capture files239D.8. mergecap: Merging multiple capture files into one243D.9. text2pcap: Converting ASCII hexdumps to network captures245D.10. idl2wrs: Creating dissectors from CORBA IDL files247D.10.1. What is it?247D.10.2. Why do this?247D.10.3. How to use idl2wrs247D.10.4. TODO249D.10.5. Limitations249D.10.6. Notes249Appendix E. This Document's License (GPL)250Taille: 4,1 MoPages: 255Language: EnglishOuvrir le manuel
