User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.9

Wireshark User's Guide

viii

11.10.7. Non Method Functions ......................................................................... 198

11.11. Adding information to the dissection tree ........................................................... 198

11.11.1. TreeItem ............................................................................................ 198

11.12. Functions for handling packet data .................................................................... 200

11.12.1. ByteArray .......................................................................................... 200

11.12.2. Int .................................................................................................... 202

11.12.3. Tvb ................................................................................................... 202

11.12.4. TvbRange .......................................................................................... 203

11.12.5. UInt .................................................................................................. 208

11.13. Utility Functions ............................................................................................ 208

11.13.1. Dir .................................................................................................... 208

11.13.2. Non Method Functions ......................................................................... 208

A. Files and Folders ........................................................................................................ 212

A.1. Capture Files ................................................................................................... 212

A.1.1. Libpcap File Contents ............................................................................. 212

A.1.2. Not Saved in the Capture File .................................................................. 212

A.2. Configuration Files and Folders .......................................................................... 213

A.2.1. Protocol help configuration ...................................................................... 217

A.3. Windows folders .............................................................................................. 219

A.3.1. Windows profiles ................................................................................... 219

A.3.2. Windows 7, Vista, XP, 2000, and NT roaming profiles .................................. 220

A.3.3. Windows temporary folder ...................................................................... 220

B. Protocols and Protocol Fields ........................................................................................ 221

C. Wireshark Messages .................................................................................................... 222

C.1. Packet List Messages ........................................................................................ 222

C.1.1. [Malformed Packet] ................................................................................ 222

C.1.2. [Packet size limited during capture] ........................................................... 222

C.2. Packet Details Messages .................................................................................... 222

C.2.1. [Response in frame: 123] ......................................................................... 222

C.2.2. [Request in frame: 123] ........................................................................... 222

C.2.3. [Time from request: 0.123 seconds] ........................................................... 223

C.2.4. [Stream setup by PROTOCOL (frame 123)] ................................................ 223

D. Related command line tools .......................................................................................... 224

D.1. Introduction ..................................................................................................... 224

D.2. tshark: Terminal-based Wireshark ...................................................................... 224

D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark ................................ 226

D.4. dumpcap: Capturing with dumpcap for viewing with Wireshark ............................... 226

D.5. capinfos: Print information about capture files ....................................................... 227

D.6. rawshark: Dump and analyze network traffic. ....................................................... 229

D.7. editcap: Edit capture files .................................................................................. 229

D.8. mergecap: Merging multiple capture files into one ................................................. 233

D.9. text2pcap: Converting ASCII hexdumps to network captures ................................... 235

D.10. idl2wrs: Creating dissectors from CORBA IDL files ............................................. 237

D.10.1. What is it? .......................................................................................... 237

D.10.2. Why do this? ....................................................................................... 237

D.10.3. How to use idl2wrs .............................................................................. 237

D.10.4. TODO ................................................................................................ 239

D.10.5. Limitations .......................................................................................... 239

D.10.6. Notes ................................................................................................. 239

E. This Document's License (GPL) .................................................................................... 240