Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.5
121122123124125126127128129130
Advanced Topics
112
The stream content is displayed in the same sequence as it appeared on the network. Traffic from A to B
is marked in red, while traffic from B to A is marked in blue. If you like, you can change these colors in
the Edit/Preferences "Colors" page.
Non-printable characters will be replaced by dots. XXX - What about line wrapping (maximum line length)
and CRNL conversions?
The stream content won't be updated while doing a live capture. To get the latest content you'll have to
reopen the dialog.
You can choose from the following actions:
1. Save As: Save the stream data in the currently selected format.
2. Print: Print the stream data in the currently selected format.
3. Direction: Choose the stream direction to be displayed ("Entire conversation", "data from A to B only"
or "data from B to A only").
4. Filter out this stream: Apply a display filter removing the current TCP stream data from the display.
5. Close: Close this dialog box, leaving the current display filter in effect.
You can choose to view the data in one of the following formats:
1. ASCII: In this view you see the data from each direction in ASCII. Obviously best for ASCII based
protocols, e.g. HTTP.
2. EBCDIC: For the big-iron freaks out there.
3. HEX Dump: This allows you to see all the data. This will require a lot of screen space and is best
used with binary protocols.
4. C Arrays: This allows you to import the stream data into your own C program.
5. Raw: This allows you to load the unaltered stream data into a different program for further examination.
The display will look the same as the ASCII setting, but "Save As" will result in a binary file.
7.3. Expert Infos
The expert infos is a kind of log of the anomalies found by Wireshark in a capture file.
The general idea behind the following "Expert Info" is to have a better display of "uncommon" or just
notable network behaviour. This way, both novice and expert users will hopefully find probable network
problems a lot faster, compared to scanning the packet list "manually" .
Expert infos are only a hint!
Take expert infos as a hint what's worth looking at, but not more. For example: The absence
of expert infos doesn't necessarily mean everything is ok!
The amount of expert infos largely depends on the protocol
being used!
While some common protocols like TCP/IP will show detailed expert infos, most other
protocols currently won't show any expert infos at all.