Manuals / Lucent Technologies / Computer Equipment / Network Card

Lucent Technologies Ethereal manual Control Protocol dissection, Enabled Protocols dialog box

Models: Ethereal

1 199

Download 199 pages 450 b

Page 163

Customizing Ethereal

9.4. Control Protocol dissection

The user can control how protocols are dissected.

Each protocol has its own dissector, so dissecting a complete packet will typically involve several dissectors. As Ethereal tries to find the right dissector for each packet (using static "routes" and heuristics "guessing"), it might choose the wrong dissector in your specific case. For example, Eth- ereal won't know if you use a common protocol on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of the standard port 80.

There are two ways to control the relations between protocol dissectors: disable a protocol dissector completely or temporarily divert the way Ethereal calls the dissectors.

9.4.1. The "Enabled Protocols" dialog box

The Enabled Protocols dialog box lets you enable or disable specific protocols, all protocols are en- abled by default. When a protocol is disabled, Ethereal stops processing a packet whenever that pro- tocol is encountered.

Note!

Disabling a protocol will prevent information about higher-layer protocols from being displayed. For example, suppose you disabled the IP protocol and selected a packet containing Ethernet, IP, TCP, and HTTP information. The Ethernet information would be displayed, but the IP, TCP and HTTP information would not - disabling IP would prevent it and the other protocols from being displayed.

Figure 9.5. The "Enabled Protocols" dialog box

149

Image 163

Lucent Technologies Ethereal manual Control Protocol dissection, Enabled Protocols dialog box

Contents

V2.0.2 16376 for Ethereal Ethereal Users GuideEthereal Users Guide V2.0.2 16376 for Ethereal Page Table of Contents Page Page Page Foreword PrefaceWho should read this document? Acknowledgements About this document Where to get the latest copy of this document? Providing feedback about this document Preface Xiv Some intended purposes What is Ethereal?Features IntroductionMany protocol decoders Export files for many other capture programsOpen Source Software What Ethereal is not Unix Platforms Ethereal runs onLinux Microsoft Windows Where to get Ethereal? Rose by any other name Brief history of Ethereal Development and maintenance of Ethereal Mailing Lists Reporting problems and getting helpFAQ Website WikiReporting Crashes on UNIX/Linux platforms Reporting ProblemsReporting Crashes on Windows platforms Introduction Introduction Building and Installing EtherealDownload all required files Obtaining the source and binary distributionsExample 2.1. Building GTK+ from source Before you build Ethereal under UnixExample 2.2. Building and installing libpcap Example 2.5. Installing debs under Debian Unix Building Ethereal from source underPage Installing from rpms under RedHat and alike Installing the binaries under UnixInstalling from debs under Debian Troubleshooting during the install on Unix Building from source under Windows Install Ethereal Installing Ethereal under WindowsInstall WinPcap Update WinPcap Update EtherealUninstall Ethereal Uninstall WinPcap Building and Installing Ethereal User Interface Start Ethereal Main window Main windowUser Interface Current program state and the captured data Menu Merge File menuMenu Item Accelerator Description Open Open RecentFiles Menu Item Accelerator Description SaveSave As File Set ListTed Packet Bytes Menu Item Accelerator Description ExportPdml file Export SelecEdit menu Marking packets for details User InterfaceView Menu View menu items View menuBeginning Fields Time of Day, Date and Time of DaySeconds Since Beginning of Capture and Seconds Since Previous Packet are mutually exclusiveResize All Menu Item Accelerator Description ZoomZoom Out Normal SizeGo menu Menu Item Accelerator Description Last Packet Capture menu Saving filters Analyze Menu Analyze menu items Analyze menuTCP FollowStatistics menu items Statistics menuVoIP Calls 225Message Types10. The Help Menu Help menu items Help menuPage 11. The Main toolbar Main toolbar items Main toolbarPacket Go To Last Pack Go BackGo Forward FirstTion 9.3, Packet colorization 12. The Filter toolbar Filter toolbar13. The Packet List pane Packet List pane14. The Packet Details pane Packet Details pane15. The Packet Bytes pane Packet Bytes pane17. The initial Statusbar StatusbarUser Interface Capturing Live Network Data Prerequisites Capture Options dialog box Start CapturingPackets/s Capture Interfaces dialog boxPrepare Capture frame Capture Options dialog boxInterface Capture packets in promiscuous IP addressLink-layer header type Buffer size n megabytesStop Capture... frame Capture Files frameDisplay Options frame Name Resolution frameButtons Capture files and file modes Capture file mode selected by capture optionsMultiple files, ring buffer Multiple files, continuousLink-layer header type Ether srcdst host ehost Filtering while capturingExample 4.2. Capturing all telnet traffic not from Srcdst host hostTcpudp srcdst port port Gateway host hostSrcdst net net mask Masklen lenStop the running capture While a Capture is runningRestart a running capture Using the toolbar itemCapturing Live Network Data File Input / Output and Printing Open Capture File dialog box Open capture filesInput File Formats Page Save Capture File As dialog box Saving captured packetsTip Output File Formats Merge with Capture File dialog box Merging capture filesPage List Files dialog box File SetsExport as Plain Text File dialog box Exporting dataExport as PostScript File dialog box Export as Psml File dialog box Export as CSV Comma Seperated Values File dialog boxExport as Psml File dialog box Export as Pdml File dialog boxExport Selected Packet Bytes dialog box Export selected packet bytes dialog boxPage Print dialog box Printing packetsPrinter Lpr -Pmypostscript 10. The Packet Range frame Packet Range frame11. The Packet Format frame Packet Format frameFile Input / Output and Printing Viewing packets you have captured Working with captured packetsFunction overview of the pop-up menus Copy Lis Byt Menu Description TailDecode As New Window Resolve nameFollow TCP Stream Mark Packet toggleProtocol Properties Filter Field ReferenceGo to Corresponding Packet Export Selected Packet Bytes Filtering on the TCP protocol Filtering packets while viewingPage Display Filter comparison operators Building display filter expressionsDisplay filter fields Comparing valuesDisplay Filter Field Types Combining expressionsDisplay Filter Logical Operations Common mistake Filter Expression dialog box Filter Expression dialog boxRange CancelValue Predefined valuesCapture Filters and Display Filters dialog boxes Defining and saving filtersFilter name NewDelete FilterHex Value Finding packetsFind Packet dialog box Display filterFind Previous command Find Next commandDown Go to a specific packet Marking packets Packet time referencing Time display formats and time referencesPage Working with captured packets 119 Advanced Features Follow TCP stream dialog box Following TCP streamsPage How Ethereal handles it What is it?Reassembling is disabled by default Packet ReassemblingEthernet name resolution MAC layer Name ResolutionIP name resolution network layer TCP/UDP port name resolution transport layer IPX name resolution network layerAdvanced Features 126 Statistics Summary window Summary windowPage Protocol Hierarchy window Protocol Hierarchy windowPage Endpoints What is an Endpoint?Endpoints window Protocol specific Endpoint List windows Protocol specific Conversation List windows What is a Conversation?Conversations Conversations windowGraphs IO Graphs windowAxis Page Service Response Time DCE-RPC window Service Response TimeFibre Channel 225 RAS DCE-RPC Statistic for ... window Protocol specific statistics windows Statistics 140 Customizing Ethereal Filesize ue Start Ethereal from the command lineExample 9.1. Help information available from Ethereal Duration ueOnly DurationueFilesizeue Capture buffer size Win32Ethereal -o mgcp.displaydissecttreeTRUE Preference/recent settingsFont Name resolving flagsStatistics-string Time stamp formatSavefile Capture link typeColoring Rules dialog box Packet colorizationChoose color dialog box Using color filters with Ethereal Control Protocol dissection Enabled Protocols dialog boxPage Decode As dialog box User Specified DecodesDecode As Show dialog box Show User Specified DecodesPreferences dialog box PreferencesCustomizing Ethereal 154 Customizing Ethereal 155 Table A.1. Configuration files and folders overview Appendix A. Configuration and other Files and FoldersPreferences/ethereal.conf Windows foldersConfiguration files and folders overview. If an address is DisabledprotosWindows profiles Windows foldersPlugins folder 95/98/ME 98/ME with enabled user proWindows NT/2000/XP roaming profiles Windows temporary folderConfiguration and other Files Folders 161 Appendix B. Protocols and Protocol Fields Appendix C. Related command line tools Tcpdump Capturing with tcpdump for viewing with Ethereal Tethereal Terminal-based Ethereal Example C.1. Help information available from capinfos Capinfos Print information about capture filesExample C.2. Help information available from editcap Editcap Edit capture filesRelated command line tools Snaplen Time adjustmentEncap type Capture typeExample C.3. Help information available from mergecap Mergecap Merging multiple capture files into one171 Example C.4. Simple example of using mergecap Example C.5. Help information available for text2pcap Text2pcap Converting Ascii hexdumps to network capturesHexoct FilenameSrcport destport L3pidIdl2eth Creating dissectors from Corba IDL files Why do this?How to use idl2eth Prerequisites to using idl2ethTodo Limitations Related command line tools 179 GNU General Public License Appendix D. This Documents License GPL181 182 183 184 185