Advanced Features 126 | Lucent Technologies Ethereal manual

Advanced Features

126

Image 140

Lucent Technologies Ethereal manual Advanced Features 126

Contents

Ethereal Users Guide V2.0.2 16376 for Ethereal Ethereal Users Guide V2.0.2 16376 for Ethereal Page Table of Contents Page Page Page Preface Foreword Who should read this document? Acknowledgements About this document Where to get the latest copy of this document? Providing feedback about this document Preface Xiv What is Ethereal? FeaturesIntroduction Some intended purposes Open Source Software Export files for many other capture programsMany protocol decoders What Ethereal is not Linux Platforms Ethereal runs onUnix Microsoft Windows Where to get Ethereal? Rose by any other name Brief history of Ethereal Development and maintenance of Ethereal Reporting problems and getting help FAQWebsite Wiki Mailing Lists Reporting Problems Reporting Crashes on UNIX/Linux platforms Reporting Crashes on Windows platforms Introduction Building and Installing Ethereal Introduction Obtaining the source and binary distributions Download all required files Before you build Ethereal under Unix Example 2.1. Building GTK+ from source Example 2.2. Building and installing libpcap Example 2.5. Installing debs under Debian Building Ethereal from source under UnixPage Installing from debs under Debian Installing the binaries under UnixInstalling from rpms under RedHat and alike Troubleshooting during the install on Unix Building from source under Windows Installing Ethereal under Windows Install Ethereal Install WinPcap Uninstall Ethereal Update EtherealUpdate WinPcap Uninstall WinPcap Building and Installing Ethereal User Interface Start Ethereal Main window Main window User Interface Current program state and the captured data Menu File menu Menu Item Accelerator Description OpenOpen Recent Merge Menu Item Accelerator Description Save Save AsFile Set List Files Menu Item Accelerator Description Export Pdml fileExport Selec Ted Packet Bytes Edit menu User Interface Marking packets for details View menu View Menu View menu items Fields Time of Day, Date and Time of Day Seconds Since Beginning of Capture and Seconds SincePrevious Packet are mutually exclusive Beginning Menu Item Accelerator Description Zoom Zoom OutNormal Size Resize All Go menu Menu Item Accelerator Description Last Packet Capture menu Saving filters Analyze menu Analyze Menu Analyze menu items Follow TCP Statistics menu Statistics menu items 225 MessageTypes VoIP Calls Help menu 10. The Help Menu Help menu itemsPage Main toolbar 11. The Main toolbar Main toolbar items Go Back Go ForwardFirst Packet Go To Last Pack Tion 9.3, Packet colorization Filter toolbar 12. The Filter toolbar Packet List pane 13. The Packet List pane Packet Details pane 14. The Packet Details pane Packet Bytes pane 15. The Packet Bytes pane Statusbar 17. The initial Statusbar User Interface Capturing Live Network Data Prerequisites Start Capturing Capture Options dialog box Prepare Capture Interfaces dialog boxPackets/s Interface Capture Options dialog boxCapture frame IP address Link-layer header typeBuffer size n megabytes Capture packets in promiscuous Capture Files frame Stop Capture... frame Buttons Name Resolution frameDisplay Options frame Capture file mode selected by capture options Capture files and file modes Multiple files, continuous Multiple files, ring buffer Link-layer header type Filtering while capturing Example 4.2. Capturing all telnet traffic not fromSrcdst host host Ether srcdst host ehost Gateway host host Srcdst net net maskMasklen len Tcpudp srcdst port port While a Capture is running Stop the running capture Using the toolbar item Restart a running capture Capturing Live Network Data File Input / Output and Printing Open capture files Open Capture File dialog box Input File Formats Page Saving captured packets Save Capture File As dialog box Tip Output File Formats Merging capture files Merge with Capture File dialog boxPage File Sets List Files dialog box Export as PostScript File dialog box Exporting dataExport as Plain Text File dialog box Export as CSV Comma Seperated Values File dialog box Export as Psml File dialog box Export as Pdml File dialog box Export as Psml File dialog box Export selected packet bytes dialog box Export Selected Packet Bytes dialog boxPage Printer Printing packetsPrint dialog box Lpr -Pmypostscript Packet Range frame 10. The Packet Range frame Packet Format frame 11. The Packet Format frame File Input / Output and Printing Working with captured packets Viewing packets you have captured Function overview of the pop-up menus Lis Byt Menu Description Tail Decode AsNew Window Resolve name Copy Mark Packet toggle Follow TCP Stream Go to Corresponding Packet Filter Field ReferenceProtocol Properties Export Selected Packet Bytes Filtering packets while viewing Filtering on the TCP protocolPage Building display filter expressions Display filter fieldsComparing values Display Filter comparison operators Combining expressions Display Filter Field Types Display Filter Logical Operations Common mistake Filter Expression dialog box Filter Expression dialog box Cancel ValuePredefined values Range Defining and saving filters Capture Filters and Display Filters dialog boxes New DeleteFilter Filter name Finding packets Find Packet dialog boxDisplay filter Hex Value Down Find Next commandFind Previous command Go to a specific packet Marking packets Time display formats and time references Packet time referencingPage Working with captured packets 119 Advanced Features Following TCP streams Follow TCP stream dialog boxPage What is it? Reassembling is disabled by defaultPacket Reassembling How Ethereal handles it IP name resolution network layer Name ResolutionEthernet name resolution MAC layer IPX name resolution network layer TCP/UDP port name resolution transport layer Advanced Features 126 Statistics Summary window Summary windowPage Protocol Hierarchy window Protocol Hierarchy windowPage Endpoints window What is an Endpoint?Endpoints Protocol specific Endpoint List windows What is a Conversation? ConversationsConversations window Protocol specific Conversation List windows Axis IO Graphs windowGraphs Page Fibre Channel 225 RAS Service Response TimeService Response Time DCE-RPC window DCE-RPC Statistic for ... window Protocol specific statistics windows Statistics 140 Customizing Ethereal Start Ethereal from the command line Example 9.1. Help information available from EtherealDuration ue Filesize ue Durationue FilesizeueCapture buffer size Win32 Only Preference/recent settings FontName resolving flags Ethereal -o mgcp.displaydissecttreeTRUE Time stamp format SavefileCapture link type Statistics-string Packet colorization Coloring Rules dialog box Choose color dialog box Using color filters with Ethereal Enabled Protocols dialog box Control Protocol dissectionPage User Specified Decodes Decode As dialog box Show User Specified Decodes Decode As Show dialog box Preferences Preferences dialog box Customizing Ethereal 154 Customizing Ethereal 155 Appendix A. Configuration and other Files and Folders Table A.1. Configuration files and folders overview Windows folders Preferences/ethereal.conf Disabledprotos Configuration files and folders overview. If an address is Plugins folder Windows foldersWindows profiles 98/ME with enabled user pro Windows NT/2000/XP roaming profilesWindows temporary folder 95/98/ME Configuration and other Files Folders 161 Appendix B. Protocols and Protocol Fields Appendix C. Related command line tools Tcpdump Capturing with tcpdump for viewing with Ethereal Tethereal Terminal-based Ethereal Capinfos Print information about capture files Example C.1. Help information available from capinfos Editcap Edit capture files Example C.2. Help information available from editcap Related command line tools Time adjustment Encap typeCapture type Snaplen Mergecap Merging multiple capture files into one Example C.3. Help information available from mergecap 171 Example C.4. Simple example of using mergecap Text2pcap Converting Ascii hexdumps to network captures Example C.5. Help information available for text2pcap Filename Hexoct L3pid Srcport destport Why do this? How to use idl2ethPrerequisites to using idl2eth Idl2eth Creating dissectors from Corba IDL files Todo Limitations Related command line tools 179 Appendix D. This Documents License GPL GNU General Public License 181 182 183 184 185