1WIRESHARK(1) The Wireshark Network Analyzer WIRESHARK(1)
2
6 wireshark - Interactively dump and analyze network traffic
7
9 wireshark [ -a <capture autostop condition> ] ...
10 [ -b <capture ring buffer option> ] ...
11 [ -B <capture buffer size (Win32 only)> ]
12 [ -c <capture packet count> ] [ -C <configuration profile> ] [ -D ]
13 [ --display=<X display to use> ] [ -f <capture filter> ]
14 [ -g <packet number> ] [ -h ] [ -H ] [ -i <capture interface>|- ]
15 [ -J <jump filter> ] [ -j ] [ -k ] [ -K <keytab> ] [ -l ] [ -L ]
16 [ -m <font> ] [ -n ] [ -N <name resolving flags> ]
17 [ -o <preference/recent setting> ] ... [ -p ] [ -P <path setting>]
18 [ -Q ] [ -r <infile> ] [ -R <read (display) filter> ] [ -S ]
19 [ -s <capture snaplen> ] [ -t ad|a|r|d|dd|e ] [ -v ] [ -w <outfile> ]
20 [ -y <capture link type> ] [ -X <eXtension option> ]
21 [ -z <statistics> ] [ <infile> ]
22
24 Wireshark is a GUI network protocol analyzer. It lets you
25 interactively browse packet data from a live network or from a
26 previously saved capture file. Wireshark's native capture file format
27 is libpcap format, which is also the format used by tcpdump and various
28 other tools.
29 Wireshark can read / import the following file formats:
31 · libpcap, tcpdump and various other tools using tcpdump's capture
33 format
34 · snoop and atmsnoop
36 · Shomiti/Finisar Surveyor captures
38 · Novell LANalyzer captures
40 · Microsoft Network Monitor captures
42 · AIX's iptrace captures
44 · Cinco Networks NetXRay captures
46 · Network Associates Windows-based Sniffer captures
48 · Network General/Network Associates DOS-based Sniffer (compressed or
50 uncompressed) captures
51 · AG Group/WildPackets
53 EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures
54 · RADCOM's WAN/LAN analyzer captures
56 · Network Instruments Observer version 9 captures
58 · Lucent/Ascend router debug output
60 · files from HP-UX's nettl
62 · Toshiba's ISDN routers dump output
64 · the output from i4btrace from the ISDN4BSD project
66 · traces from the EyeSDN USB S0.
68 · the output in IPLog format from the Cisco Secure Intrusion
70 Detection System
71 · pppd logs (pppdump format)
73 · the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities
75 · the text output from the DBS Etherwatch VMS utility
77 · Visual Networks' Visual UpTime traffic capture
79 · the output from CoSine L2 debug
81 · the output from Accellent's 5Views LAN agents
83 · Endace Measurement Systems' ERF format captures
85 · Linux Bluez Bluetooth stack hcidump -w traces
87 · Catapult DCT2000 .out files
89 · TamoSoft CommView files
91 · Apple PacketLogger files
93 There is no need to tell Wireshark what type of file you are reading;
95 it will determine the file type by itself. Wireshark is also capable
96 of reading any of these file formats if they are compressed using gzip.
97 Wireshark recognizes this directly from the file; the '.gz' extension
98 is not required for this purpose.
99 Like other protocol analyzers, Wireshark's main window shows 3 views of
101 a packet. It shows a summary line, briefly describing what the packet
102 is. A packet details display is shown, allowing you to drill down to
103 exact protocol or field that you interested in. Finally, a hex dump
104 shows you exactly what the packet looks like when it goes over the
105 wire.
106 In addition, Wireshark has some features that make it unique. It can
108 assemble all the packets in a TCP conversation and show you the ASCII
109 (or EBCDIC, or hex) data in that conversation. Display filters in
110 Wireshark are very powerful; more fields are filterable in Wireshark
111 than in other protocol analyzers, and the syntax you can use to create
112 your filters is richer. As Wireshark progresses, expect more and more
113 protocol fields to be allowed in display filters.
114 Packet capturing is performed with the pcap library. The capture
116 filter syntax follows the rules of the pcap library. This syntax is
117 different from the display filter syntax.
118 Compressed file support uses (and therefore requires) the zlib library.
120 If the zlib library is not present, Wireshark will compile, but will be
121 unable to read compressed files.
122 The pathname of a capture file to be read can be specified with the -r
124 option or can be specified as a command-line argument.
125
127 Most users will want to start Wireshark without options and configure
128 it from the menus instead. Those users may just skip this section.
129 -a <capture autostop condition>
131 Specify a criterion that specifies when Wireshark is to stop
132 writing to a capture file. The criterion is of the form
133 test:value, where test is one of:
134 duration:value Stop writing to a capture file after value seconds
136 have elapsed.
137 filesize:value Stop writing to a capture file after it reaches a
139 size of value kilobytes (where a kilobyte is 1024 bytes). If this
140 option is used together with the -b option, Wireshark will stop
141 writing to the current capture file and switch to the next one if
142 filesize is reached.
143 files:value Stop writing to capture files after value number of
145 files were written.
146 -b <capture ring buffer option>
148 Cause Wireshark to run in "multiple files" mode. In "multiple
149 files" mode, Wireshark will write to several capture files. When
150 the first capture file fills up, Wireshark will switch writing to
151 the next file and so on.
152 The created filenames are based on the filename given with the -w
154 flag, the number of the file and on the creation date and time,
155 e.g. outfile_00001_20050604120117.pcap,
156 outfile_00002_20050604120523.pcap, ...
157 With the files option it's also possible to form a "ring buffer".
159 This will fill up new files until the number of files specified, at
160 which point Wireshark will discard the data in the first file and
161 start writing to that file and so on. If the files option is not
162 set, new files filled up until one of the capture stop conditions
163 match (or until the disk is full).
164 The criterion is of the form key:value, where key is one of:
166 duration:value switch to the next file after value seconds have
168 elapsed, even if the current file is not completely filled up.
169 filesize:value switch to the next file after it reaches a size of
171 value kilobytes (where a kilobyte is 1024 bytes).
172 files:value begin again with the first file after value number of
174 files were written (form a ring buffer). This value must be less
175 than 100000. Caution should be used when using large numbers of
176 files: some filesystems do not handle many files in a single
177 directory well. The files criterion requires either duration or
178 filesize to be specified to control when to go to the next file.
179 It should be noted that each -b parameter takes exactly one
180 criterion; to specify two criterion, each must be preceded by the
181 -b option.
182 Example: -b filesize:1024 -b files:5 results in a ring buffer of
184 five files of size one megabyte.
185 -B <capture buffer size>
187 Set capture buffer size (in MB, default is 1MB). This is used by
188 the the capture driver to buffer packet data until that data can be
189 written to disk. If you encounter packet drops while capturing,
190 try to increase this size. Note that, while Tshark attempts to set
191 the buffer size to 1MB by default, and can be told to set it to a
192 larger value, the system or interface on which you're capturing
193 might silently limit the capture buffer size to a lower value or
194 raise it to a higher value.
195 This is available on on UNIX systems with libpcap 1.0.0 or later
197 and on Windows. It is not available on UNIX systems with earlier
198 versions of libpcap.
199 -c <capture packet count>
201 Set the maximum number of packets to read when capturing live data.
202 -C <configuration profile>
204 Start with the given configuration profile.
205 -D Print a list of the interfaces on which Wireshark can capture, and
207 exit. For each network interface, a number and an interface name,
208 possibly followed by a text description of the interface, is
209 printed. The interface name or the number can be supplied to the
210 -i flag to specify an interface on which to capture.
211 This can be useful on systems that don't have a command to list
213 them (e.g., Windows systems, or UNIX systems lacking ifconfig -a);
214 the number can be useful on Windows 2000 and later systems, where
215 the interface name is a somewhat complex string.
216 Note that "can capture" means that Wireshark was able to open that
218 device to do a live capture; if, on your system, a program doing a
219 network capture must be run from an account with special privileges
220 (for example, as root), then, if Wireshark is run with the -D flag
221 and is not run from such an account, it will not list any
222 interfaces.
223 --display=<X display to use>
225 Specifies the X display to use. A hostname and screen
226 (otherhost:0.0) or just a screen (:0.0) can be specified. This
227 option is not available under Windows.
228 -f <capture filter>
230 Set the capture filter expression.
231 -g <packet number>
233 After reading in a capture file using the -r flag, go to the given
234 packet number.
235 -h Print the version and options and exit.
237 -H Hide the capture info dialog during live packet capture.
239 -i <capture interface>|-
241 Set the name of the network interface or pipe to use for live
242 packet capture.
243 Network interface names should match one of the names listed in
245 "wireshark -D" (described above); a number, as reported by
246 "wireshark -D", can also be used. If you're using UNIX, "netstat
247 -i" or "ifconfig -a" might also work to list interface names,
248 although not all versions of UNIX support the -a flag to ifconfig.
249 If no interface is specified, Wireshark searches the list of
251 interfaces, choosing the first non-loopback interface if there are
252 any non-loopback interfaces, and choosing the first loopback
253 interface if there are no non-loopback interfaces. If there are no
254 interfaces at all, Wireshark reports an error and doesn't start the
255 capture.
256 Pipe names should be either the name of a FIFO (named pipe) or
258 ``-'' to read data from the standard input. On Windows systems,
259 pipe names must be of the form ``\\pipe\.\pipename''. Data read
260 from pipes must be in standard libpcap format.
261 -J <jump filter>
263 After reading in a capture file using the -r flag, jump to the
264 packet matching the filter (display filter syntax). If no exact
265 match is found the first packet after that is selected.
266 -j Use after -J to change the behaviour when no exact match is found
268 for the filter. With this option select the first packet before.
269 -k Start the capture session immediately. If the -i flag was
271 specified, the capture uses the specified interface. Otherwise,
272 Wireshark searches the list of interfaces, choosing the first non-
273 loopback interface if there are any non-loopback interfaces, and
274 choosing the first loopback interface if there are no non-loopback
275 interfaces; if there are no interfaces, Wireshark reports an error
276 and doesn't start the capture.
277 -K <keytab>
279 Load kerberos crypto keys from the specified keytab file. This
280 option can be used multiple times to load keys from several files.
281 Example: -K krb5.keytab
283 -l Turn on automatic scrolling if the packet display is being updated
285 automatically as packets arrive during a capture (as specified by
286 the -S flag).
287 -L List the data link types supported by the interface and exit.
289 -m <font>
291 Set the name of the font used by Wireshark for most text.
292 Wireshark will construct the name of the bold font used for the
293 data in the byte view pane that corresponds to the field selected
294 in the packet details pane from the name of the main text font.
295 -n Disable network object name resolution (such as hostname, TCP and
297 UDP port names), the -N flag might override this one.
298 -N <name resolving flags>
300 Turn on name resolving only for particular types of addresses and
301 port numbers, with name resolving for other types of addresses and
302 port numbers turned off. This flag overrides -n if both -N and -n
303 are present. If both -N and -n flags are not present, all name
304 resolutions are turned on.
305 The argument is a string that may contain the letters:
307 m to enable MAC address resolution
309 n to enable network address resolution
311 t to enable transport-layer port number resolution
313 C to enable concurrent (asynchronous) DNS lookups
315 -o <preference/recent setting>
317 Set a preference or recent value, overriding the default value and
318 any value read from a preference/recent file. The argument to the
319 flag is a string of the form prefname:value, where prefname is the
320 name of the preference/recent value (which is the same name that
321 would appear in the preference/recent file), and value is the value
322 to which it should be set. Since Ethereal 0.10.12, the recent
323 settings replaces the formerly used -B, -P and -T flags to
324 manipulate the GUI dimensions.
325 If prefname is "uat", you can override settings in various user
327 access tables using the form uat:uat filename:uat record. uat
328 filename must be the name of a UAT file, e.g. user_dlts. uat_record
329 must be in the form of a valid record for that file, including
330 quotes. For instance, to specify a user DLT from the command line,
331 you would use
332 -o "uat:user_dlts:\"User 0
334 (DLT=147)\",\"cops\",\"0\",\"\",\"0\",\"\""
335 -p Don't put the interface into promiscuous mode. Note that the
337 interface might be in promiscuous mode for some other reason;
338 hence, -p cannot be used to ensure that the only traffic that is
339 captured is traffic sent to or from the machine on which Wireshark
340 is running, broadcast traffic, and multicast traffic to addresses
341 received by that machine.
342 -P <path setting>
344 Special path settings usually detected automatically. This is used
345 for special cases, e.g. starting Wireshark from a known location on
346 an USB stick.
347 The criterion is of the form key:path, where key is one of:
349 persconf:path path of personal configuration files, like the
351 preferences files.
352 persdata:path path of personal data files, it's the folder
354 initially opened. After the very first initialization, the recent
355 file will keep the folder last used.
356 -Q Cause Wireshark to exit after the end of capture session (useful in
358 batch mode with -c option for instance); this option requires the
359 -i and -w parameters.
360 -r <infile>
362 Read packet data from infile, can be any supported capture file
363 format (including gzipped files). It's not possible to use named
364 pipes or stdin here!
365 -R <read (display) filter>
367 When reading a capture file specified with the -r flag, causes the
368 specified filter (which uses the syntax of display filters, rather
369 than that of capture filters) to be applied to all packets read
370 from the capture file; packets not matching the filter are
371 discarded.
372 -S Automatically update the packet display as packets are coming in.
374 -s <capture snaplen>
376 Set the default snapshot length to use when capturing live data.
377 No more than snaplen bytes of each network packet will be read into
378 memory, or saved to disk. A value of 0 specifies a snapshot length
379 of 65535, so that the full packet is captured; this is the default.
380 -t ad|a|r|d|dd|e
382 Set the format of the packet timestamp displayed in the packet list
383 window. The format can be one of:
384 ad absolute with date: The absolute date and time is the actual
386 time and date the packet was captured
387 a absolute: The absolute time is the actual time the packet was
389 captured, with no date displayed
390 r relative: The relative time is the time elapsed between the first
392 packet and the current packet
393 d delta: The delta time is the time since the previous packet was
395 captured
396 dd delta_displayed: The delta_displayed time is the time since the
398 previous displayed packet was captured
399 e epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
401 The default format is relative.
403 -v Print the version and exit.
405 -w <outfile>
407 Set the default capture file name.
408 -y <capture link type>
410 If a capture is started from the command line with -k, set the data
411 link type to use while capturing packets. The values reported by
412 -L are the values that can be used.
413 -X <eXtension options>
415 Specify an option to be passed to an Wireshark module. The
416 eXtension option is in the form extension_key:value, where
417 extension_key can be:
418 lua_script:lua_script_filename tells Wireshark to load the given
420 script in addition to the default Lua scripts.
421 stdin_descr:description tells Wireshark to use the given
423 description when capturing from standard input (-i -).
424 -z <statistics>
426 Get Wireshark to collect various types of statistics and display
427 the result in a window that updates in semi-real time.
428 Currently implemented statistics are:
430 -z dcerpc,srt,uuid,major.minor[,filter]
432 Collect call/reply SRT (Service Response Time) data for DCERPC
433 interface uuid, version major.minor. Data collected is the
434 number of calls for each procedure, MinSRT, MaxSRT and AvgSRT.
435 Example: -z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0
437 will collect data for the CIFS SAMR Interface.
438 This option can be used multiple times on the command line.
440 If the optional filter is provided, the stats will only be
442 calculated on those calls that match that filter.
443 Example:
445 -z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0,ip.addr==1.2.3.4
446 will collect SAMR SRT statistics for a specific host.
447 -z io,stat
449 Collect packet/bytes statistics for the capture in intervals of
450 1 second. This option will open a window with up to 5 color-
451 coded graphs where number-of-packets-per-second or number-of-
452 bytes-per-second statistics can be calculated and displayed.
453 This option can be used multiple times on the command line.
455 This graph window can also be opened from the
457 Analyze:Statistics:Traffic:IO-Stat menu item.
458 -z rpc,srt,program,version[,<filter>]
460 Collect call/reply SRT (Service Response Time) data for
461 program/version. Data collected is the number of calls for
462 each procedure, MinSRT, MaxSRT and AvgSRT.
463 Example: -z rpc,srt,100003,3 will collect data for NFS v3.
465 This option can be used multiple times on the command line.
467 If the optional filter is provided, the stats will only be
469 calculated on those calls that match that filter.
470 Example: -z rpc,srt,100003,3,nfs.fh.hash==0x12345678 will
472 collect NFS v3 SRT statistics for a specific file.
473 -z rpc,programs
475 Collect call/reply RTT data for all known ONC-RPC
476 programs/versions. Data collected is the number of calls for
477 each protocol/version, MinRTT, MaxRTT and AvgRTT.
478 -z scsi,srt,cmdset[,<filter>]
480 Collect call/reply SRT (Service Response Time) data for SCSI
481 commandset <cmdset>.
482 Commandsets are 0:SBC 1:SSC 5:MMC
484 Data collected is the number of calls for each procedure,
486 MinSRT, MaxSRT and AvgSRT.
487 Example: -z scsi,srt,0 will collect data for SCSI BLOCK
489 COMMANDS (SBC).
490 This option can be used multiple times on the command line.
492 If the optional filter is provided, the stats will only be
494 calculated on those calls that match that filter.
495 Example: -z scsi,srt,0,ip.addr==1.2.3.4 will collect SCSI SBC
497 SRT statistics for a specific iscsi/ifcp/fcip host.
498 -z smb,srt[,filter]
500 Collect call/reply SRT (Service Response Time) data for SMB.
501 Data collected is the number of calls for each SMB command,
502 MinSRT, MaxSRT and AvgSRT.
503 Example: -z smb,srt
505 The data will be presented as separate tables for all normal
507 SMB commands, all Transaction2 commands and all NT Transaction
508 commands. Only those commands that are seen in the capture
509 will have their stats displayed. Only the first command in a
510 xAndX command chain will be used in the calculation. So for
511 common SessionSetupAndX + TreeConnectAndX chains, only the
512 SessionSetupAndX call will be used in the statistics. This is
513 a flaw that might be fixed in the future.
514 This option can be used multiple times on the command line.
516 If the optional filter is provided, the stats will only be
518 calculated on those calls that match that filter.
519 Example: -z "smb,srt,ip.addr==1.2.3.4" will collect stats only
521 for SMB packets echanged by the host at IP address 1.2.3.4 .
522 -z fc,srt[,filter]
524 Collect call/reply SRT (Service Response Time) data for FC.
525 Data collected is the number of calls for each Fibre Channel
526 command, MinSRT, MaxSRT and AvgSRT.
527 Example: -z fc,srt will calculate the Service Response Time as
529 the time delta between the First packet of the exchange and the
530 Last packet of the exchange.
531 The data will be presented as separate tables for all normal FC
533 commands, Only those commands that are seen in the capture will
534 have its stats displayed.
535 This option can be used multiple times on the command line.
537 If the optional filter is provided, the stats will only be
539 calculated on those calls that match that filter.
540 Example: -z "fc,srt,fc.id==01.02.03" will collect stats only
542 for FC packets exchanged by the host at FC address 01.02.03 .
543 -z ldap,srt[,filter]
545 Collect call/reply SRT (Service Response Time) data for LDAP.
546 Data collected is the number of calls for each implemented LDAP
547 command, MinSRT, MaxSRT and AvgSRT.
548 Example: -z ldap,srt will calculate the Service Response Time
550 as the time delta between the Request and the Response.
551 The data will be presented as separate tables for all
553 implemented LDAP commands, Only those commands that are seen in
554 the capture will have its stats displayed.
555 This option can be used multiple times on the command line.
557 If the optional filter is provided, the stats will only be
559 calculated on those calls that match that filter.
560 Example: use -z "ldap,srt,ip.addr==10.1.1.1" will collect stats
562 only for LDAP packets echanged by the host at IP address
563 10.1.1.1 .
564 The only LDAP commands that are currently implemented and for
566 which the stats will be available are: BIND SEARCH MODIFY ADD
567 DELETE MODRDN COMPARE EXTENDED
568 -z mgcp,srt[,filter]
570 Collect request/response SRT (Service Response Time) data for
571 MGCP. (This is similar to -z smb,srt). Data collected is the
572 number of calls for each known MGCP Type, Minimum SRT, Maximum
573 SRT and Average SRT.
574 Example: -z mgcp,srt
576 This option can be used multiple times on the command line.
578 If the optional filter is provided, the stats will only be
580 calculated on those calls that match that filter.
581 Example: -z "mgcp,srt,ip.addr==1.2.3.4" will collect stats only
583 for MGCP packets exchanged by the host at IP address 1.2.3.4 .
584 -z megaco,srt[,filter]
586 Collect request/response SRT (Service Response Time) data for
587 MEGACO. (This is similar to -z smb,srt). Data collected is the
588 number of calls for each known MEGACO Command, Minimum SRT,
589 Maximum SRT and Average SRT.
590 Example: -z megaco,srt
592 This option can be used multiple times on the command line.
594 If the optional filter is provided, the stats will only be
596 calculated on those calls that match that filter.
597 Example: -z "megaco,srt,ip.addr==1.2.3.4" will collect stats
599 only for MEGACO packets exchanged by the host at IP address
600 1.2.3.4 .
601 -z conv,type[,filter]
603 Create a table that lists all conversations that could be seen
604 in the capture. type specifies the conversation endpoint types
605 for which we want to generate the statistics; currently the
606 supported ones are:
607 "eth" Ethernet addresses
609 "fc" Fibre Channel addresses
610 "fddi" FDDI addresses
611 "ip" IPv4 addresses
612 "ipv6" IPv6 addresses
613 "ipx" IPX addresses
614 "tcp" TCP/IP socket pairs Both IPv4 and IPv6 are supported
615 "tr" Token Ring addresses
616 "udp" UDP/IP socket pairs Both IPv4 and IPv6 are supported
617 If the optional filter is specified, only those packets that
619 match the filter will be used in the calculations.
620 The table is presented with one line for each conversation and
622 displays the number of packets/bytes in each direction as well
623 as the total number of packets/bytes. By default, the table is
624 sorted according to the total number of packets.
625 These tables can also be generated at runtime by selecting the
627 appropriate conversation type from the menu
628 "Tools/Statistics/Conversation List/".
629 -z h225,counter[,filter]
631 Count ITU-T H.225 messages and their reasons. In the first
632 column you get a list of H.225 messages and H.225 message
633 reasons which occur in the current capture file. The number of
634 occurences of each message or reason is displayed in the second
635 column.
636 Example: -z h225,counter
638 This option can be used multiple times on the command line.
640 If the optional filter is provided, the stats will only be
642 calculated on those calls that match that filter.
643 Example: -z "h225,counter,ip.addr==1.2.3.4" will collect stats
645 only for H.225 packets exchanged by the host at IP address
646 1.2.3.4 .
647 -z h225,srt[,filter]
649 Collect request/response SRT (Service Response Time) data for
650 ITU-T H.225 RAS. Data collected is the number of calls of each
651 ITU-T H.225 RAS Message Type, Minimum SRT, Maximum SRT, Average
652 SRT, Minimum in Packet, and Maximum in Packet. You will also
653 get the number of Open Requests (Unresponded Requests),
654 Discarded Responses (Responses without matching request) and
655 Duplicate Messages.
656 Example: -z h225,srt
658 This option can be used multiple times on the command line.
660 If the optional filter is provided, the stats will only be
662 calculated on those calls that match that filter.
663 Example: -z "h225,srt,ip.addr==1.2.3.4" willcollect stats only
665 for ITU-T H.225 RAS packets exchanged by the host at IP address
666 1.2.3.4 .
667 -z sip,stat[,filter]
669 This option will activate a counter for SIP messages. You will
670 get the number of occurences of each SIP Method and of each SIP
671 Status-Code. Additionally you also get the number of resent SIP
672 Messages (only for SIP over UDP).
673 Example: -z sip,stat
675 This option can be used multiple times on the command line.
677 If the optional filter is provided, the stats will only be
679 calculated on those calls that match that filter.
680 Example: -z "sip,stat,ip.addr==1.2.3.4" will collect stats only
682 for SIP packets exchanged by the host at IP address 1.2.3.4 .
683 -z voip,calls
685 This option will show a window that shows VoIP calls found in
686 the capture file. This is the same window shown as when you go
687 to the Statistics Menu and choose VoIP Calls.
688 Example: -z voip,calls
690
692 MENU ITEMS
693 File:Open
694 File:Open Recent
695 File:Merge
696 Merge another capture file to the currently loaded one. The
697 File:Merge dialog box allows the merge "Prepended",
698 "Chronologically" or "Appended", relative to the already loaded
699 one.
700 File:Close
702 Open or close a capture file. The File:Open dialog box allows a
703 filter to be specified; when the capture file is read, the filter
704 is applied to all packets read from the file, and packets not
705 matching the filter are discarded. The File:Open Recent is a
706 submenu and will show a list of previously opened files.
707 File:Save
709 File:Save As
710 Save the current capture, or the packets currently displayed from
711 that capture, to a file. Check boxes let you select whether to
712 save all packets, or just those that have passed the current
713 display filter and/or those that are currently marked, and an
714 option menu lets you select (from a list of file formats in which
715 at particular capture, or the packets currently displayed from that
716 capture, can be saved), a file format in which to save it.
717 File:File Set:List Files
719 Show a dialog box that lists all files of the file set matching the
720 currently loaded file. A file set is a compound of files resulting
721 from a capture using the "multiple files" / "ringbuffer" mode,
722 recognizable by the filename pattern, e.g.:
723 Filename_00001_20050604101530.pcap.
724 File:File Set:Next File
726 File:File Set:Previous File
727 If the currently loaded file is part of a file set (see above),
728 open the next / previous file in that set.
729 File:Export
731 Export captured data into an external format. Note: the data cannot
732 be imported back into Wireshark, so be sure to keep the capture
733 file.
734 File:Print
736 Print packet data from the current capture. You can select the
737 range of packets to be printed (which packets are printed), and the
738 output format of each packet (how each packet is printed). The
739 output format will be similar to the displayed values, so a summary
740 line, the packet details view, and/or the hex dump of the packet
741 can be printed.
742 Printing options can be set with the Edit:Preferences menu item, or
744 in the dialog box popped up by this menu item.
745 File:Quit
747 Exit the application.
748 Edit:Copy:Description
750 Copies the description of the selected field in the protocol tree
751 to the clipboard.
752 Edit:Copy:Fieldname
754 Copies the fieldname of the selected field in the protocol tree to
755 the clipboard.
756 Edit:Copy:Value
758 Copies the value of the selected field in the protocol tree to the
759 clipboard.
760 Edit:Copy:As Filter
762 Create a display filter based on the data currently highlighted in
763 the packet details and copy that filter to the clipboard.
764 If that data is a field that can be tested in a display filter
766 expression, the display filter will test that field; otherwise, the
767 display filter will be based on the absolute offset within the
768 packet. Therefore it could be unreliable if the packet contains
769 protocols with variable-length headers, such as a source-routed
770 token-ring packet.
771 Edit:Find Packet
773 Search forward or backward, starting with the currently selected
774 packet (or the most recently selected packet, if no packet is
775 selected). Search criteria can be a display filter expression, a
776 string of hexadecimal digits, or a text string.
777 When searching for a text string, you can search the packet data,
779 or you can search the text in the Info column in the packet list
780 pane or in the packet details pane.
781 Hexadecimal digits can be separated by colons, periods, or dashes.
783 Text string searches can be ASCII or Unicode (or both), and may be
784 case insensitive.
785 Edit:Find Next
787 Edit:Find Previous
788 Search forward / backward for a packet matching the filter from the
789 previous search, starting with the currently selected packet (or
790 the most recently selected packet, if no packet is selected).
791 Edit:Mark Packet (toggle)
793 Mark (or unmark if currently marked) the selected packet. The
794 field "frame.marked" is set for packets that are marked, so that,
795 for example, a display filters can be used to display only marked
796 packets, and so that the Edit:Find Packet dialog can be used to
797 find the next or previous marked packet.
798 Edit:Find Next Mark
800 Edit:Find Previous Mark
801 Find next/previous marked packet.
802 Edit:Mark All Packets
804 Edit:Unmark All Packets
805 Mark / Unmark all packets that are currently displayed.
806 Edit:Time Reference:Set Time Reference (toggle)
808 Set (or unset if currently set) the selected packet as a Time
809 Reference packet. When a packet is set as a Time Reference packet,
810 the timestamps in the packet list pane will be replaced with the
811 string "*REF*". The relative time timestamp in later packets will
812 then be calculated relative to the timestamp of this Time Reference
813 packet and not the first packet in the capture.
814 Packets that have been selected as Time Reference packets will
816 always be displayed in the packet list pane. Display filters will
817 not affect or hide these packets.
818 If there is a column displayed for "Cumulative Bytes" this counter
820 will be reset at every Time Reference packet.
821 Edit:Time Reference:Find Next
823 Edit:Time Reference:Find Previous
824 Search forward / backward for a time referenced packet.
825 Edit:Configuration Profiles
827 Manage configuration profiles to be able to use more than one set
828 of preferences and configurations.
829 Edit:Preferences
831 Set the GUI, capture, printing and protocol options (see
832 Preferences dialog below).
833 View:Main Toolbar
835 View:Filter Toolbar
836 View:Statusbar
837 Show or hide the main window controls.
838 View:Packet List
840 View:Packet Details
841 View:Packet Bytes
842 Show or hide the main window panes.
843 View:Time Display Format
845 Set the format of the packet timestamp displayed in the packet list
846 window.
847 View:Name Resolution:Resolve Name
849 Try to resolve a name for the currently selected item.
850 View:Name Resolution:Enable for ... Layer
852 Enable or disable translation of addresses to names in the display.
853 View:Colorize Packet List
855 Enable or disable the coloring rules. Disabling will improve
856 performance.
857 View:Auto Scroll in Live Capture
859 Enable or disable the automatic scrolling of the packet list while
860 a live capture is in progress.
861 View:Zoom In
863 View:Zoom Out
864 Zoom into / out of the main window data (by changing the font
865 size).
866 View:Normal Size
868 Reset the zoom factor of zoom in / zoom out back to normal font
869 size.
870 View:Resize All Columns
872 Resize all columns to best fit the current packet display.
873 View:Expand Subtrees
875 Expands the currently selected item and it's subtrees in the packet
876 details.
877 View:Expand All
879 View:Collapse All
880 Expand / Collapse all branches of the packet details.
881 View:Colorize Conversation
883 Select color for a conversation.
884 View:Reset Coloring 1-10
886 Reset Color for a conversation.
887 View:Coloring Rules
889 Change the foreground and background colors of the packet
890 information in the list of packets, based upon display filters.
891 The list of display filters is applied to each packet sequentially.
892 After the first display filter matches a packet, any additional
893 display filters in the list are ignored. Therefore, if you are
894 filtering on the existence of protocols, you should list the
895 higher-level protocols first, and the lower-level protocols last.
896 How Colorization Works
898 Packets are colored according to a list of color filters. Each
899 filter consists of a name, a filter expression and a
900 coloration. A packet is colored according to the first filter
901 that it matches. Color filter expressions use exactly the same
902 syntax as display filter expressions.
903 When Wireshark starts, the color filters are loaded from:
905 1. The user's personal color filters file or, if that does
907 not exist,
908 2. The global color filters file.
910 If neither of these exist then the packets will not be colored.
912 View:Show Packet In New Window
914 Create a new window containing a packet details view and a hex dump
915 window of the currently selected packet; this window will continue
916 to display that packet's details and data even if another packet is
917 selected.
918 View:Reload
920 Reload a capture file. Same as File:Close and File:Open the same
921 file again.
922 Go:Back
924 Go back in previously visited packets history.
925 Go:Forward
927 Go forward in previously visited packets history.
928 Go:Go To Packet
930 Go to a particular numbered packet.
931 Go:Go To Corresponding Packet
933 If a field in the packet details pane containing a packet number is
934 selected, go to the packet number specified by that field. (This
935 works only if the dissector that put that entry into the packet
936 details put it into the details as a filterable field rather than
937 just as text.) This can be used, for example, to go to the packet
938 for the request corresponding to a reply, or the reply
939 corresponding to a request, if that packet number has been put into
940 the packet details.
941 Go:Previous Packet
943 Go:Next Packet
944 Go:First Packet
945 Go:Last Packet
946 Go to the previous / next / first / last packet in the capture.
947 Capture:Interfaces
949 Shows a dialog box with all currently known interfaces and
950 displaying the current network traffic amount. Capture sessions can
951 be started from here. Beware: keeping this box open results in
952 high system load!
953 Capture:Options
955 Initiate a live packet capture (see Capture Options dialog below).
956 If no filename is specified, a temporary file will be created to
957 hold the capture. The location of the file can be chosen by setting
958 your TMPDIR environment variable before starting Wireshark.
959 Otherwise, the default TMPDIR location is system-dependent, but is
960 likely either /var/tmp or /tmp.
961 Capture:Start
963 Start a live packet capture with the previously selected options.
964 This won't open the options dialog box, and can be convenient for
965 repeatingly capturing with the same options.
966 Capture:Stop
968 Stop a running live capture.
969 Capture:Restart
971 While a live capture is running, stop it and restart with the same
972 options again. This can be convenient to remove unrelevant packets,
973 if no valuable packets were captured so far.
974 Capture:Capture Filters
976 Edit the saved list of capture filters, allowing filters to be
977 added, changed, or deleted.
978 Analyze:Display Filters
980 Edit the saved list of display filters, allowing filters to be
981 added, changed, or deleted.
982 Analyze:Display Filter Macros
984 Create shortcuts for complex macros
985 Analyze:Apply as Filter
987 Create a display filter based on the data currently highlighted in
988 the packet details and apply the filter.
989 If that data is a field that can be tested in a display filter
991 expression, the display filter will test that field; otherwise, the
992 display filter will be based on the absolute offset within the
993 packet. Therefore it could be unreliable if the packet contains
994 protocols with variable-length headers, such as a source-routed
995 token-ring packet.
996 The Selected option creates a display filter that tests for a match
998 of the data; the Not Selected option creates a display filter that
999 tests for a non-match of the data. The And Selected, Or Selected,
1000 And Not Selected, and Or Not Selected options add to the end of the
1001 display filter in the strip at the top (or bottom) an AND or OR
1002 operator followed by the new display filter expression.
1003 Analyze:Prepare a Filter
1005 Create a display filter based on the data currently highlighted in
1006 the packet details. The filter strip at the top (or bottom) is
1007 updated but it is not yet applied.
1008 Analyze:Enabled Protocols
1010 Allow protocol dissection to be enabled or disabled for a specific
1011 protocol. Individual protocols can be enabled or disabled by
1012 clicking on them in the list or by highlighting them and pressing
1013 the space bar. The entire list can be enabled, disabled, or
1014 inverted using the buttons below the list.
1015 When a protocol is disabled, dissection in a particular packet
1017 stops when that protocol is reached, and Wireshark moves on to the
1018 next packet. Any higher-layer protocols that would otherwise have
1019 been processed will not be displayed. For example, disabling TCP
1020 will prevent the dissection and display of TCP, HTTP, SMTP, Telnet,
1021 and any other protocol exclusively dependent on TCP.
1022 The list of protocols can be saved, so that Wireshark will start up
1024 with the protocols in that list disabled.
1025 Analyze:Decode As
1027 If you have a packet selected, present a dialog allowing you to
1028 change which dissectors are used to decode this packet. The dialog
1029 has one panel each for the link layer, network layer and transport
1030 layer protocol/port numbers, and will allow each of these to be
1031 changed independently. For example, if the selected packet is a
1032 TCP packet to port 12345, using this dialog you can instruct
1033 Wireshark to decode all packets to or from that TCP port as HTTP
1034 packets.
1035 Analyze:User Specified Decodes
1037 Create a new window showing whether any protocol ID to dissector
1038 mappings have been changed by the user. This window also allows
1039 the user to reset all decodes to their default values.
1040 Analyze:Follow TCP Stream
1042 If you have a TCP packet selected, display the contents of the data
1043 stream for the TCP connection to which that packet belongs, as
1044 text, in a separate window, and leave the list of packets in a
1045 filtered state, with only those packets that are part of that TCP
1046 connection being displayed. You can revert to your old view by
1047 pressing ENTER in the display filter text box, thereby invoking
1048 your old display filter (or resetting it back to no display
1049 filter).
1050 The window in which the data stream is displayed lets you select:
1052 · whether to display the entire conversation, or one or the
1054 other side of it;
1055 · whether the data being displayed is to be treated as ASCII
1057 or EBCDIC text or as raw hex data;
1058 and lets you print what's currently being displayed, using the same
1060 print options that are used for the File:Print Packet menu item, or
1061 save it as text to a file.
1062 Analyze:Follow UDP Stream
1064 Analyze:Follow SSL Stream
1065 (Similar to Analyze:Follow TCP Stream)
1066 Analyze:Expert Info
1068 Analyze:Expert Info Composite
1069 (Kind of) a log of anomalies found by Wireshark in a capture file.
1070 Analyze:Conversation Filter
1072 Statistics:Summary
1073 Show summary information about the capture, including elapsed time,
1074 packet counts, byte counts, and the like. If a display filter is
1075 in effect, summary information will be shown about the capture and
1076 about the packets currently being displayed.
1077 Statistics:Protocol Hierarchy
1079 Show the number of packets, and the number of bytes in those
1080 packets, for each protocol in the trace. It organizes the
1081 protocols in the same hierarchy in which they were found in the
1082 trace. Besides counting the packets in which the protocol exists,
1083 a count is also made for packets in which the protocol is the last
1084 protocol in the stack. These last-protocol counts show you how
1085 many packets (and the byte count associated with those packets)
1086 ended in a particular protocol. In the table, they are listed
1087 under "End Packets" and "End Bytes".
1088 Statistics:Conversations
1090 Lists of conversations; selectable by protocol. See
1091 Statistics:Conversation List below.
1092 Statistics:End Points
1094 List of End Point Addresses by protocol with packets/bytes/....
1095 counts.
1096 Statistics:Packet Lengths
1098 Grouped counts of packet lengths (0-19 bytes, 20-39 bytes, ...)
1099 Statistics:IO Graphs
1101 Open a window where up to 5 graphs in different colors can be
1102 displayed to indicate number of packets or number of bytes per
1103 second for all packets matching the specified filter. By default
1104 only one graph will be displayed showing number of packets per
1105 second.
1106 The top part of the window contains the graphs and scales for the X
1108 and Y axis. If the graph is too long to fit inside the window
1109 there is a horizontal scrollbar below the drawing area that can
1110 scroll the graphs to the left or the right. The horizontal axis
1111 displays the time into the capture and the vertical axis will
1112 display the measured quantity at that time.
1113 Below the drawing area and the scrollbar are the controls. On the
1115 bottom left there will be five similar sets of controls to control
1116 each individual graph such as "Display:<button>" which button will
1117 toggle that individual graph on/off. If <button> is ticked, the
1118 graph will be displayed. "Color:<color>" which is just a button to
1119 show which color will be used to draw that graph (color is only
1120 available in Gtk2 version) and finally "Filter:<filter-text>" which
1121 can be used to specify a display filter for that particular graph.
1122 If filter-text is empty then all packets will be used to calculate
1124 the quantity for that graph. If filter-text is specified only
1125 those packets that match that display filter will be considered in
1126 the calculation of quantity.
1127 To the right of the 5 graph controls there are four menus to
1129 control global aspects of the draw area and graphs. The "Unit:"
1130 menu is used to control what to measure; "packets/tick",
1131 "bytes/tick" or "advanced..."
1132 packets/tick will measure the number of packets matching the (if
1134 specified) display filter for the graph in each measurement
1135 interval.
1136 bytes/tick will measure the total number of bytes in all packets
1138 matching the (if specified) display filter for the graph in each
1139 measurement interval.
1140 advanced... see below
1142 "Tick interval:" specifies what measurement intervals to use. The
1144 default is 1 second and means that the data will be counted over 1
1145 second intervals.
1146 "Pixels per tick:" specifies how many pixels wide each measurement
1148 interval will be in the drawing area. The default is 5 pixels per
1149 tick.
1150 "Y-scale:" controls the max value for the y-axis. Default value is
1152 "auto" which means that Wireshark will try to adjust the maxvalue
1153 automatically.
1154 "advanced..." If Unit:advanced... is selected the window will
1156 display two more controls for each of the five graphs. One control
1157 will be a menu where the type of calculation can be selected from
1158 SUM,COUNT,MAX,MIN,AVG and LOAD, and one control, textbox, where the
1159 name of a single display filter field can be specified.
1160 The following restrictions apply to type and field combinations:
1162 SUM: available for all types of integers and will calculate the SUM
1164 of all occurences of this field in the measurement interval. Note
1165 that some field can occur multiple times in the same packet and
1166 then all instances will be summed up. Example: 'tcp.len' which
1167 will count the amount of payload data transferred across TCP in
1168 each interval.
1169 COUNT: available for all field types. This will COUNT the number of
1171 times certain field occurs in each interval. Note that some fields
1172 may occur multiple times in each packet and if that is the case
1173 then each instance will be counted independently and COUNT will be
1174 greater than the number of packets.
1175 MAX: available for all integer and relative time fields. This will
1177 calculate the max seen integer/time value seen for the field during
1178 the interval. Example: 'smb.time' which will plot the maximum SMB
1179 response time.
1180 MIN: available for all integer and relative time fields. This will
1182 calculate the min seen integer/time value seen for the field during
1183 the interval. Example: 'smb.time' which will plot the minimum SMB
1184 response time.
1185 AVG: available for all integer and relative time fields.This will
1187 calculate the average seen integer/time value seen for the field
1188 during the interval. Example: 'smb.time' which will plot the
1189 average SMB response time.
1190 LOAD: available only for relative time fields (response times).
1192 Example of advanced: Display how NFS response time MAX/MIN/AVG
1194 changes over time:
1195 Set first graph to:
1197 filter:nfs&&rpc.time
1199 Calc:MAX rpc.time
1200 Set second graph to
1202 filter:nfs&&rpc.time
1204 Calc:AVG rpc.time
1205 Set third graph to
1207 filter:nfs&&rpc.time
1209 Calc:MIN rpc.time
1210 Example of advanced: Display how the average packet size from host
1212 a.b.c.d changes over time.
1213 Set first graph to
1215 filter:ip.addr==a.b.c.d&&frame.pkt_len
1217 Calc:AVG frame.pkt_len
1218 LOAD: The LOAD io-stat type is very different from anything you
1220 have ever seen before! While the response times themself as plotted
1221 by MIN,MAX,AVG are indications on the Server load (which affects
1222 the Server response time), the LOAD measurement measures the Client
1223 LOAD. What this measures is how much workload the client
1224 generates, i.e. how fast will the client issue new commands when
1225 the previous ones completed. i.e. the level of concurrency the
1226 client can maintain. The higher the number, the more and faster is
1227 the client issuing new commands. When the LOAD goes down, it may be
1228 due to client load making the client slower in issuing new commands
1229 (there may be other reasons as well, maybe the client just doesn't
1230 have any commands it wants to issue right then).
1231 Load is measured in concurrency/number of overlapping i/o and the
1233 value 1000 means there is a constant load of one i/o.
1234 In each tick interval the amount of overlap is measured. See the
1236 graph below containing three commands: Below the graph are the LOAD
1237 values for each interval that would be calculated.
1238 | | | | | | | | |
1240 | | | | | | | | |
1241 | | o=====* | | | | | |
1242 | | | | | | | | |
1243 | o========* | o============* | | |
1244 | | | | | | | | |
1245 --------------------------------------------------> Time
1246 500 1500 500 750 1000 500 0 0
1247 Statistics:Conversation List
1249 This option will open a new window that displays a list of all
1250 conversations between two endpoints. The list has one row for each
1251 unique conversation and displays total number of packets/bytes seen
1252 as well as number of packets/bytes in each direction.
1253 By default the list is sorted according to the number of packets
1255 but by clicking on the column header; it is possible to re-sort the
1256 list in ascending or descending order by any column.
1257 By first selecting a conversation by clicking on it and then using
1259 the right mouse button (on those platforms that have a right mouse
1260 button) wireshark will display a popup menu offering several
1261 different filter operations to apply to the capture.
1262 These statistics windows can also be invoked from the Wireshark
1264 command line using the -z conv argument.
1265 Statistics:Service Response Time
1267 · AFP
1268 · CAMEL
1270 · DCE-RPC
1272 Open a window to display Service Response Time statistics for
1274 an arbitrary DCE-RPC program interface and display Procedure,
1275 Number of Calls, Minimum SRT, Maximum SRT and Average SRT for
1276 all procedures for that program/version. These windows opened
1277 will update in semi-real time to reflect changes when doing
1278 live captures or when reading new capture files into Wireshark.
1279 This dialog will also allow an optional filter string to be
1281 used. If an optional filter string is used only such DCE-RPC
1282 request/response pairs that match that filter will be used to
1283 calculate the statistics. If no filter string is specified all
1284 request/response pairs will be used.
1285 · Diameter
1287 · Fibre Channel
1289 Open a window to display Service Response Time statistics for
1291 Fibre Channel and display FC Type, Number of Calls, Minimum
1292 SRT, Maximum SRT and Average SRT for all FC types. These
1293 windows opened will update in semi-real time to reflect changes
1294 when doing live captures or when reading new capture files into
1295 Wireshark. The Service Response Time is calculated as the time
1296 delta between the First packet of the exchange and the Last
1297 packet of the exchange.
1298 This dialog will also allow an optional filter string to be
1300 used. If an optional filter string is used only such FC
1301 first/last exchange pairs that match that filter will be used
1302 to calculate the statistics. If no filter string is specified
1303 all request/response pairs will be used.
1304 · GTP
1306 · H.225 RAS
1308 Collect requests/response SRT (Service Response Time) data for
1310 ITU-T H.225 RAS. Data collected is number of calls for each
1311 known ITU-T H.225 RAS Message Type, Minimum SRT, Maximum SRT,
1312 Average SRT, Minimum in Packet, and Maximum in Packet. You
1313 will also get the number of Open Requests (Unresponded
1314 Requests), Discarded Responses (Responses without matching
1315 request) and Duplicate Messages. These windows opened will
1316 update in semi-real time to reflect changes when doing live
1317 captures or when reading new capture files into Wireshark.
1318 You can apply an optional filter string in a dialog box, before
1320 starting the calculation. The statistics will only be
1321 calculated on those calls matching that filter.
1322 · LDAP
1324 · MEGACO
1326 · MGCP
1328 Collect requests/response SRT (Service Response Time) data for
1330 MGCP. Data collected is number of calls for each known MGCP
1331 Type, Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet,
1332 and Maximum in Packet. These windows opened will update in
1333 semi-real time to reflect changes when doing live captures or
1334 when reading new capture files into Wireshark.
1335 You can apply an optional filter string in a dialog box, before
1337 starting the calculation. The statistics will only be
1338 calculated on those calls matching that filter.
1339 · NCP
1341 · ONC-RPC
1343 Open a window to display statistics for an arbitrary ONC-RPC
1345 program interface and display Procedure, Number of Calls,
1346 Minimum SRT, Maximum SRT and Average SRT for all procedures for
1347 that program/version. These windows opened will update in
1348 semi-real time to reflect changes when doing live captures or
1349 when reading new capture files into Wireshark.
1350 This dialog will also allow an optional filter string to be
1352 used. If an optional filter string is used only such ONC-RPC
1353 request/response pairs that match that filter will be used to
1354 calculate the statistics. If no filter string is specified all
1355 request/response pairs will be used.
1356 By first selecting a conversation by clicking on it and then
1358 using the right mouse button (on those platforms that have a
1359 right mouse button) wireshark will display a popup menu
1360 offering several different filter operations to apply to the
1361 capture.
1362 · RADIUS
1364 · SCSI
1366 · SMB
1368 Collect call/reply SRT (Service Response Time) data for SMB.
1370 Data collected is the number of calls for each SMB command,
1371 MinSRT, MaxSRT and AvgSRT.
1372 The data will be presented as separate tables for all normal
1374 SMB commands, all Transaction2 commands and all NT Transaction
1375 commands. Only those commands that are seen in the capture
1376 will have its stats displayed. Only the first command in a
1377 xAndX command chain will be used in the calculation. So for
1378 common SessionSetupAndX + TreeConnectAndX chains, only the
1379 SessionSetupAndX call will be used in the statistics. This is
1380 a flaw that might be fixed in the future.
1381 You can apply an optional filter string in a dialog box, before
1383 starting the calculation. The stats will only be calculated on
1384 those calls matching that filter.
1385 By first selecting a conversation by clicking on it and then
1387 using the right mouse button (on those platforms that have a
1388 right mouse button) wireshark will display a popup menu
1389 offering several different filter operations to apply to the
1390 capture.
1391 · SMB2
1393 Statistics:BOOTP-DHCP
1395 Statistics:Compare
1396 Compare two Capture Files
1397 Statistics:Flow Graph
1399 Flow Graph: General/TCP
1400 Statistics:HTTP
1402 HTTP Load Distribution, Packet Counter & Requests
1403 Statistics:IP Addresses
1405 Count/Rate/Percent by IP Address
1406 Statistics:IP Destinations
1408 Count/Rate/Percent by IP Address/protocol/port
1409 Statistics:IP Protocol Types
1411 Count/Rate/Percent by IP Protocol Types
1412 Statistics:ONC-RPC Programs
1414 This dialog will open a window showing aggregated RTT statistics
1415 for all ONC-RPC Programs/versions that exist in the capture file.
1416 Statistics:TCP Stream Graph
1418 Graphs: Round Trip; Thoughput; Time-Sequence (Stevens); Time-
1419 Sequence (tcptrace)
1420 Statistics:UDP Multicast streams
1422 Multicast Streams Counts/Rates/... by Source/Destination
1423 Address/Port pairs
1424 Statistics:WLAN Traffic
1426 WLAn Traffic Statistics
1427 Telephony:ITU-T H.225
1429 Count ITU-T H.225 messages and their reasons. In the first column
1430 you get a list of H.225 messages and H.225 message reasons, which
1431 occur in the current capture file. The number of occurences of each
1432 message or reason will be displayed in the second column. This
1433 window opened will update in semi-real time to reflect changes when
1434 doing live captures or when reading new capture files into
1435 Wireshark.
1436 You can apply an optional filter string in a dialog box, before
1438 starting the counter. The statistics will only be calculated on
1439 those calls matching that filter.
1440 Telephony:SIP
1442 Activate a counter for SIP messages. You will get the number of
1443 occurences of each SIP Method and of each SIP Status-Code.
1444 Additionally you also get the number of resent SIP Messages (only
1445 for SIP over UDP).
1446 This window opened will update in semi-real time to reflect changes
1448 when doing live captures or when reading new capture files into
1449 Wireshark.
1450 You can apply an optional filter string in a dialog box, before
1452 starting the counter. The statistics will only be calculated on
1453 those calls matching that filter.
1454 Tools:Firewall ACL Rules
1456 Help:Contents
1457 Some help texts.
1458 Help:Supported Protocols
1460 List of supported protocols and display filter protocol fields.
1461 Help:Manual Pages
1463 Display locally installed HTML versions of these manual pages in a
1464 web browser.
1465 Help:Wireshark Online
1467 Various links to online resources to be open in a web browser, like
1468 <http://www.wireshark.org>.
1469 Help:About Wireshark
1471 See various information about Wireshark (see About dialog below),
1472 like the version, the folders used, the available plugins, ...
1473 WINDOWS
1475 Main Window
1476 The main window contains the usual things like the menu, some
1477 toolbars, the main area and a statusbar. The main area is split
1478 into three panes, you can resize each pane using a "thumb" at the
1479 right end of each divider line.
1480 The main window is much more flexible than before. The layout of
1482 the main window can be customized by the Layout page in the dialog
1483 box popped up by Edit:Preferences, the following will describe the
1484 layout with the default settings.
1485 Main Toolbar
1487 Some menu items are available for quick access here. There is
1488 no way to customize the items in the toolbar, however the
1489 toolbar can be hidden by View:Main Toolbar.
1490 Filter Toolbar
1492 A display filter can be entered into the filter toolbar. A
1493 filter for HTTP, HTTPS, and DNS traffic might look like this:
1494 tcp.port == 80 || tcp.port == 443 || tcp.port == 53
1496 Selecting the Filter: button lets you choose from a list of
1498 named filters that you can optionally save. Pressing the
1499 Return or Enter keys, or selecting the Apply button, will
1500 cause the filter to be applied to the current list of
1501 packets. Selecting the Reset button clears the display
1502 filter so that all packets are displayed (again).
1503 There is no way to customize the items in the toolbar,
1505 however the toolbar can be hidden by View:Filter Toolbar.
1506 Packet List Pane
1508 The top pane contains the list of network packets that you
1509 can scroll through and select. By default, the packet
1510 number, packet timestamp, source and destination addresses,
1511 protocol, and description are displayed for each packet; the
1512 Columns page in the dialog box popped up by Edit:Preferences
1513 lets you change this (although, unfortunately, you currently
1514 have to save the preferences, and exit and restart Wireshark,
1515 for those changes to take effect).
1516 If you click on the heading for a column, the display will be
1518 sorted by that column; clicking on the heading again will
1519 reverse the sort order for that column.
1520 An effort is made to display information as high up the
1522 protocol stack as possible, e.g. IP addresses are displayed
1523 for IP packets, but the MAC layer address is displayed for
1524 unknown packet types.
1525 The right mouse button can be used to pop up a menu of
1527 operations.
1528 The middle mouse button can be used to mark a packet.
1530 Packet Details Pane
1532 The middle pane contains a display of the details of the
1533 currently-selected packet. The display shows each field and
1534 its value in each protocol header in the stack. The right
1535 mouse button can be used to pop up a menu of operations.
1536 Packet Bytes Pane
1538 The lowest pane contains a hex and ASCII dump of the actual
1539 packet data. Selecting a field in the packet details
1540 highlights the corresponding bytes in this section.
1541 The right mouse button can be used to pop up a menu of
1543 operations.
1544 Statusbar
1546 The statusbar is divided into three parts, on the left some
1547 context dependent things are shown, like information about
1548 the loaded file, in the center the number of packets are
1549 displayed, and on the right the current configuration
1550 profile.
1551 The statusbar can be hidden by View:Statusbar.
1553 Preferences
1555 The Preferences dialog lets you control various personal
1556 preferences for the behavior of Wireshark.
1557 User Interface Preferences
1559 The User Interface page is used to modify small aspects of
1560 the GUI to your own personal taste:
1561 Selection Bars
1563 The selection bar in the packet list and packet details
1564 can have either a "browse" or "select" behavior. If
1565 the selection bar has a "browse" behavior, the arrow
1566 keys will move an outline of the selection bar,
1567 allowing you to browse the rest of the list or details
1568 without changing the selection until you press the
1569 space bar. If the selection bar has a "select"
1570 behavior, the arrow keys will move the selection bar
1571 and change the selection to the new item in the packet
1572 list or packet details.
1573 Save Window Position
1575 If this item is selected, the position of the main
1576 Wireshark window will be saved when Wireshark exits,
1577 and used when Wireshark is started again.
1578 Save Window Size
1580 If this item is selected, the size of the main
1581 Wireshark window will be saved when Wireshark exits,
1582 and used when Wireshark is started again.
1583 Save Window Maximized state
1585 If this item is selected the maximize state of the main
1586 Wireshark window will be saved when Wireshark exists,
1587 and used when Wireshark is started again.
1588 File Open Dialog Behavior
1590 This item allows the user to select how Wireshark
1591 handles the listing of the "File Open" Dialog when
1592 opening trace files. "Remember Last Directory" causes
1593 Wireshark to automatically position the dialog in the
1594 directory of the most recently opened file, even
1595 between launches of Wireshark. "Always Open in
1596 Directory" allows the user to define a persistent
1597 directory that the dialog will always default to.
1598 Directory
1600 Allows the user to specify a persistent File Open
1601 directory. Trailing slashes or backslashes will
1602 automatically be added.
1603 File Open Preview timeout
1605 This items allows the user to define how much time is
1606 spend reading the capture file to present preview data
1607 in the File Open dialog.
1608 Open Recent maximum list entries
1610 The File menu supports a recent file list. This items
1611 allows the user to specify how many files are kept
1612 track of in this list.
1613 Ask for unsaved capture files
1615 When closing a capture file or Wireshark itself if the
1616 file isn't saved yet the user is presented the option
1617 to save the file when this item is set.
1618 Wrap during find
1620 This items determines the behaviour when reaching the
1621 beginning or the end of a capture file. When set the
1622 search wraps around and continues, otherwise it stops.
1623 Settings dialogs show a save button
1625 This item determines if the various dialogs sport an
1626 explicit Save button or that save is implicit in Ok /
1627 Apply.
1628 Web browser command
1630 This entry specifies the command line to launch a web
1631 browser. It is used to access online content, like the
1632 Wiki and user guide. Use '%s' to place the request URL
1633 in the command line.
1634 Layout Preferences
1636 The Layout page lets you specify the general layout of the
1637 main window. You can choose from six different layouts and
1638 fill the three panes with the contents you like.
1639 Scrollbars
1641 The vertical scrollbars in the three panes can be set
1642 to be either on the left or the right.
1643 Alternating row colors
1645 Hex Display
1646 The highlight method in the hex dump display for the
1647 selected protocol item can be set to use either inverse
1648 video, or bold characters.
1649 Toolbar style
1651 Filter toolbar placement
1652 Custom window title
1653 Column Preferences
1654 The Columns page lets you specify the number, title, and
1655 format of each column in the packet list.
1656 The Column title entry is used to specify the title of the
1658 column displayed at the top of the packet list. The type of
1659 data that the column displays can be specified using the
1660 Column format option menu. The row of buttons on the left
1661 perform the following actions:
1662 New Adds a new column to the list.
1664 Delete
1666 Deletes the currently selected list item.
1667 Up / Down
1669 Moves the selected list item up or down one position.
1670 Font Preferences
1672 The Font page lets you select the font to be used for most
1673 text.
1674 Color Preferences
1676 The Colors page can be used to change the color of the text
1677 displayed in the TCP stream window and for marked packets. To
1678 change a color, simply select an attribute from the "Set:"
1679 menu and use the color selector to get the desired color.
1680 The new text colors are displayed as a sample text.
1681 Capture Preferences
1683 The Capture page lets you specify various parameters for
1684 capturing live packet data; these are used the first time a
1685 capture is started.
1686 The Interface: combo box lets you specify the interface from
1688 which to capture packet data, or the name of a FIFO from
1689 which to get the packet data.
1690 The Data link type: option menu lets you, for some
1692 interfaces, select the data link header you want to see on
1693 the packets you capture. For example, in some OSes and with
1694 some versions of libpcap, you can choose, on an 802.11
1695 interface, whether the packets should appear as Ethernet
1696 packets (with a fake Ethernet header) or as 802.11 packets.
1697 The Limit each packet to ... bytes check box lets you set the
1699 snapshot length to use when capturing live data; turn on the
1700 check box, and then set the number of bytes to use as the
1701 snapshot length.
1702 The Filter: text entry lets you set a capture filter
1704 expression to be used when capturing.
1705 If any of the environment variables SSH_CONNECTION,
1707 SSH_CLIENT, REMOTEHOST, DISPLAY, or SESSIONNAME are set,
1708 Wireshark will create a default capture filter that excludes
1709 traffic from the hosts and ports defined in those variables.
1710 The Capture packets in promiscuous mode check box lets you
1712 specify whether to put the interface in promiscuous mode when
1713 capturing.
1714 The Update list of packets in real time check box lets you
1716 specify that the display should be updated as packets are
1717 seen.
1718 The Automatic scrolling in live capture check box lets you
1720 specify whether, in an "Update list of packets in real time"
1721 capture, the packet list pane should automatically scroll to
1722 show the most recently captured packets.
1723 Printing Preferences
1725 The radio buttons at the top of the Printing page allow you
1726 choose between printing packets with the File:Print Packet
1727 menu item as text or PostScript, and sending the output
1728 directly to a command or saving it to a file. The Command:
1729 text entry box, on UNIX-compatible systems, is the command to
1730 send files to (usually lpr), and the File: entry box lets you
1731 enter the name of the file you wish to save to.
1732 Additionally, you can select the File: button to browse the
1733 file system for a particular save file.
1734 Name Resolution Preferences
1736 The Enable MAC name resolution, Enable network name
1737 resolution and Enable transport name resolution check boxes
1738 let you specify whether MAC addresses, network addresses, and
1739 transport-layer port numbers should be translated to names.
1740 The Enable concurrent DNS name resolution allows Wireshark to
1742 send out multiple name resolution requests and not wait for
1743 the result before continuing dissection. This speeds up
1744 dissection with network name resolution but initially may
1745 miss resolutions. The number of concurrent requests can be
1746 set here as well.
1747 SMI paths
1749 SMI modules
1751 RTP Player Preferences
1753 This page allows you to select the number of channels visible
1754 in the RTP player window. It determines the height of the
1755 window, more channels are possible and visible by means of a
1756 scroll bar.
1757 Protocol Preferences
1759 There are also pages for various protocols that Wireshark
1760 dissects, controlling the way Wireshark handles those
1761 protocols.
1762 Edit Capture Filter List
1764 Edit Display Filter List
1765 Capture Filter
1766 Display Filter
1767 Read Filter
1768 Search Filter
1769 The Edit Capture Filter List dialog lets you create, modify, and
1770 delete capture filters, and the Edit Display Filter List dialog
1771 lets you create, modify, and delete display filters.
1772 The Capture Filter dialog lets you do all of the editing operations
1774 listed, and also lets you choose or construct a filter to be used
1775 when capturing packets.
1776 The Display Filter dialog lets you do all of the editing operations
1778 listed, and also lets you choose or construct a filter to be used
1779 to filter the current capture being viewed.
1780 The Read Filter dialog lets you do all of the editing operations
1782 listed, and also lets you choose or construct a filter to be used
1783 to as a read filter for a capture file you open.
1784 The Search Filter dialog lets you do all of the editing operations
1786 listed, and also lets you choose or construct a filter expression
1787 to be used in a find operation.
1788 In all of those dialogs, the Filter name entry specifies a
1790 descriptive name for a filter, e.g. Web and DNS traffic. The
1791 Filter string entry is the text that actually describes the
1792 filtering action to take, as described above.The dialog buttons
1793 perform the following actions:
1794 New If there is text in the two entry boxes, creates a new
1796 associated list item.
1797 Edit Modifies the currently selected list item to match what's in
1799 the entry boxes.
1800 Delete
1802 Deletes the currently selected list item.
1803 Add Expression...
1805 For display filter expressions, pops up a dialog box to allow
1806 you to construct a filter expression to test a particular
1807 field; it offers lists of field names, and, when appropriate,
1808 lists from which to select tests to perform on the field and
1809 values with which to compare it. In that dialog box, the OK
1810 button will cause the filter expression you constructed to be
1811 entered into the Filter string entry at the current cursor
1812 position.
1813 OK In the Capture Filter dialog, closes the dialog box and makes
1815 the filter in the Filter string entry the filter in the
1816 Capture Preferences dialog. In the Display Filter dialog,
1817 closes the dialog box and makes the filter in the Filter
1818 string entry the current display filter, and applies it to
1819 the current capture. In the Read Filter dialog, closes the
1820 dialog box and makes the filter in the Filter string entry
1821 the filter in the Open Capture File dialog. In the Search
1822 Filter dialog, closes the dialog box and makes the filter in
1823 the Filter string entry the filter in the Find Packet dialog.
1824 Apply Makes the filter in the Filter string entry the current
1826 display filter, and applies it to the current capture.
1827 Save If the list of filters being edited is the list of capture
1829 filters, saves the current filter list to the personal
1830 capture filters file, and if the list of filters being edited
1831 is the list of display filters, saves the current filter list
1832 to the personal display filters file.
1833 Close Closes the dialog without doing anything with the filter in
1835 the Filter string entry.
1836 The Color Filters Dialog
1838 This dialog displays a list of color filters and allows it to be
1839 modified.
1840 THE FILTER LIST
1842 Single rows may be selected by clicking. Multiple rows may be
1843 selected by using the ctrl and shift keys in combination with
1844 the mouse button.
1845 NEW Adds a new filter at the bottom of the list and opens the Edit
1847 Color Filter dialog box. You will have to alter the filter
1848 expression at least before the filter will be accepted. The
1849 format of color filter expressions is identical to that of
1850 display filters. The new filter is selected, so it may
1851 immediately be moved up and down, deleted or edited. To avoid
1852 confusion all filters are unselected before the new filter is
1853 created.
1854 EDIT
1856 Opens the Edit Color Filter dialog box for the selected filter.
1857 (If this button is disabled you may have more than one filter
1858 selected, making it ambiguous which is to be edited.)
1859 ENABLE
1861 Enables the selected color filter(s).
1862 DISABLE
1864 Disables the selected color filter(s).
1865 DELETE
1867 Deletes the selected color filter(s).
1868 EXPORT
1870 Allows you to choose a file in which to save the current list
1871 of color filters. You may also choose to save only the selected
1872 filters. A button is provided to save the filters in the global
1873 color filters file (you must have sufficient permissions to
1874 write this file, of course).
1875 IMPORT
1877 Allows you to choose a file containing color filters which are
1878 then added to the bottom of the current list. All the added
1879 filters are selected, so they may be moved to the correct
1880 position in the list as a group. To avoid confusion, all
1881 filters are unselected before the new filters are imported. A
1882 button is provided to load the filters from the global color
1883 filters file.
1884 CLEAR
1886 Deletes your personal color filters file, reloads the global
1887 color filters file, if any, and closes the dialog.
1888 UP Moves the selected filter(s) up the list, making it more likely
1890 that they will be used to color packets.
1891 DOWN
1893 Moves the selected filter(s) down the list, making it less
1894 likely that they will be used to color packets.
1895 OK Closes the dialog and uses the color filters as they stand.
1897 APPLY
1899 Colors the packets according to the current list of color
1900 filters, but does not close the dialog.
1901 SAVE
1903 Saves the current list of color filters in your personal color
1904 filters file. Unless you do this they will not be used the next
1905 time you start Wireshark.
1906 CLOSE
1908 Closes the dialog without changing the coloration of the
1909 packets. Note that changes you have made to the current list of
1910 color filters are not undone.
1911 Capture Options
1913 The Capture Options dialog lets you specify various parameters for
1914 capturing live packet data.
1915 The Interface: field lets you specify the interface from which to
1917 capture packet data or a command from which to get the packet data
1918 via a pipe.
1919 The Link layer header type: field lets you specify the interfaces
1921 link layer header type. This field is usually disabled, as most
1922 interface have only one header type.
1923 The Capture packets in promiscuous mode check box lets you specify
1925 whether the interface should be put into promiscuous mode when
1926 capturing.
1927 The Limit each packet to ... bytes check box and field lets you
1929 specify a maximum number of bytes per packet to capture and save;
1930 if the check box is not checked, the limit will be 65535 bytes.
1931 The Capture Filter: entry lets you specify the capture filter using
1933 a tcpdump-style filter string as described above.
1934 The File: entry lets you specify the file into which captured
1936 packets should be saved, as in the Printer Options dialog above.
1937 If not specified, the captured packets will be saved in a temporary
1938 file; you can save those packets to a file with the File:Save As
1939 menu item.
1940 The Use multiple files check box lets you specify that the capture
1942 should be done in "multiple files" mode. This option is disabled,
1943 if the Update list of packets in real time option is checked.
1944 The Next file every ... megabyte(s) check box and fields lets you
1946 specify that a switch to a next file should be done if the
1947 specified filesize is reached. You can also select the appriate
1948 unit, but beware that the filesize has a maximum of 2 GB. The
1949 check box is forced to be checked, as "multiple files" mode
1950 requires a file size to be specified.
1951 The Next file every ... minute(s) check box and fields lets you
1953 specify that the switch to a next file should be done after the
1954 specified time has elapsed, even if the specified capture size is
1955 not reached.
1956 The Ring buffer with ... files field lets you specify the number of
1958 files of a ring buffer. This feature will capture into to the first
1959 file again, after the specified amount of files were used.
1960 The Stop capture after ... files field lets you specify the number
1962 of capture files used, until the capture is stopped.
1963 The Stop capture after ... packet(s) check box and field let you
1965 specify that Wireshark should stop capturing after having captured
1966 some number of packets; if the check box is not checked, Wireshark
1967 will not stop capturing at some fixed number of captured packets.
1968 The Stop capture after ... megabyte(s) check box and field lets you
1970 specify that Wireshark should stop capturing after the file to
1971 which captured packets are being saved grows as large as or larger
1972 than some specified number of megabytes. If the check box is not
1973 checked, Wireshark will not stop capturing at some capture file
1974 size (although the operating system on which Wireshark is running,
1975 or the available disk space, may still limit the maximum size of a
1976 capture file). This option is disabled, if "multiple files" mode is
1977 used,
1978 The Stop capture after ... second(s) check box and field let you
1980 specify that Wireshark should stop capturing after it has been
1981 capturing for some number of seconds; if the check box is not
1982 checked, Wireshark will not stop capturing after some fixed time
1983 has elapsed.
1984 The Update list of packets in real time check box lets you specify
1986 whether the display should be updated as packets are captured and,
1987 if you specify that, the Automatic scrolling in live capture check
1988 box lets you specify the packet list pane should automatically
1989 scroll to show the most recently captured packets as new packets
1990 arrive.
1991 The Enable MAC name resolution, Enable network name resolution and
1993 Enable transport name resolution check boxes let you specify
1994 whether MAC addresses, network addresses, and transport-layer port
1995 numbers should be translated to names.
1996 About
1998 The About dialog lets you view various information about Wireshark.
1999 About:Wireshark
2001 The Wireshark page lets you view general information about
2002 Wireshark, like the installed version, licensing information and
2003 such.
2004 About:Authors
2006 The Authors page shows the author and all contributors.
2007 About:Folders
2009 The Folders page lets you view the directory names where Wireshark
2010 is searching it's various configuration and other files.
2011 About:Plugins
2013 The Plugins page lets you view the dissector plugin modules
2014 available on your system.
2015 The Plugins List shows the name and version of each dissector
2017 plugin module found on your system.
2018 On Unix-compatible systems, the plugins are looked for in the
2020 following directories: the lib/wireshark/plugins/$VERSION directory
2021 under the main installation directory (for example,
2022 /usr/local/lib/wireshark/plugins/$VERSION), and then
2023 $HOME/.wireshark/plugins.
2024 On Windows systems, the plugins are looked for in the following
2026 directories: plugins\$VERSION directory under the main installation
2027 directory (for example, C:\Program
2028 Files\Wireshark\plugins\$VERSION), and then
2029 %APPDATA%\Wireshark\plugins\$VERSION (or, if %APPDATA% isn't
2030 defined, %USERPROFILE%\Application
2031 Data\Wireshark\plugins\$VERSION).
2032 $VERSION is the version number of the plugin interface, which is
2034 typically the version number of Wireshark. Note that a dissector
2035 plugin module may support more than one protocol; there is not
2036 necessarily a one-to-one correspondence between dissector plugin
2037 modules and protocols. Protocols supported by a dissector plugin
2038 module are enabled and disabled using the Edit:Protocols dialog
2039 box, just as protocols built into Wireshark are.
2040
2042 See the manual page of pcap-filter(4) or, if that doesn't exist,
2043 tcpdump(8), or, if that doesn't exist,
2044 <http://wiki.wireshark.org/CaptureFilters>.
2045
2047 For a complete table of protocol and protocol fields that are
2048 filterable in Wireshark see the wireshark-filter(4) manual page.
2049
2051 These files contains various Wireshark configuration settings.
2052 Preferences
2054 The preferences files contain global (system-wide) and personal
2055 preference settings. If the system-wide preference file exists, it
2056 is read first, overriding the default settings. If the personal
2057 preferences file exists, it is read next, overriding any previous
2058 values. Note: If the command line flag -o is used (possibly more
2059 than once), it will in turn override values from the preferences
2060 files.
2061 The preferences settings are in the form prefname:value, one per
2063 line, where prefname is the name of the preference and value is the
2064 value to which it should be set; white space is allowed between :
2065 and value. A preference setting can be continued on subsequent
2066 lines by indenting the continuation lines with white space. A #
2067 character starts a comment that runs to the end of the line:
2068 # Vertical scrollbars should be on right side?
2070 # TRUE or FALSE (case-insensitive).
2071 gui.scrollbar_on_right: TRUE
2072 The global preferences file is looked for in the wireshark
2074 directory under the share subdirectory of the main installation
2075 directory (for example, /usr/local/share/wireshark/preferences) on
2076 UNIX-compatible systems, and in the main installation directory
2077 (for example, C:\Program Files\Wireshark\preferences) on Windows
2078 systems.
2079 The personal preferences file is looked for in
2081 $HOME/.wireshark/preferences on UNIX-compatible systems and
2082 %APPDATA%\Wireshark\preferences (or, if %APPDATA% isn't defined,
2083 %USERPROFILE%\Application Data\Wireshark\preferences) on Windows
2084 systems.
2085 Note: Whenever the preferences are saved by using the Save button
2087 in the Edit:Preferences dialog box, your personal preferences file
2088 will be overwritten with the new settings, destroying any comments
2089 and unknown/obsolete settings that were in the file.
2090 Recent
2092 The recent file contains personal settings (mostly GUI related)
2093 such as the current Wireshark window size. The file is saved at
2094 program exit and read in at program start automatically. Note: The
2095 command line flag -o may be used to override settings from this
2096 file.
2097 The settings in this file have the same format as in the
2099 preferences files, and the same directory as for the personal
2100 preferences file is used.
2101 Note: Whenever Wireshark is closed, your recent file will be
2103 overwritten with the new settings, destroying any comments and
2104 unknown/obsolete settings that were in the file.
2105 Disabled (Enabled) Protocols
2107 The disabled_protos files contain system-wide and personal lists of
2108 protocols that have been disabled, so that their dissectors are
2109 never called. The files contain protocol names, one per line,
2110 where the protocol name is the same name that would be used in a
2111 display filter for the protocol:
2112 http
2114 tcp # a comment
2115 If a protocol is listed in the global disabled_protos file, it is
2117 not displayed in the Analyze:Enabled Protocols dialog box, and so
2118 cannot be enabled by the user.
2119 The global disabled_protos file uses the same directory as the
2121 global preferences file.
2122 The personal disabled_protos file uses the same directory as the
2124 personal preferences file.
2125 Note: Whenever the disabled protocols list is saved by using the
2127 Save button in the Analyze:Enabled Protocols dialog box, your
2128 personal disabled protocols file will be overwritten with the new
2129 settings, destroying any comments that were in the file.
2130 Name Resolution (hosts)
2132 If the personal hosts file exists, it is used to resolve IPv4 and
2133 IPv6 addresses before any other attempts are made to resolve them.
2134 The file has the standard hosts file syntax; each line contains one
2135 IP address and name, separated by whitespace. The same directory as
2136 for the personal preferences file is used.
2137 Capture filter name resolution is handled by libpcap on UNIX-
2139 compatible systems and WinPCAP on Windows. As such the Wireshark
2140 personal hosts file will not be consulted for capture filter name
2141 resolution.
2142 Name Resolution (ethers)
2144 The ethers files are consulted to correlate 6-byte hardware
2145 addresses to names. First the personal ethers file is tried and if
2146 an address is not found there the global ethers file is tried next.
2147 Each line contains one hardware address and name, separated by
2149 whitespace. The digits of the hardware address are separated by
2150 colons (:), dashes (-) or periods (.). The same separator
2151 character must be used consistently in an address. The following
2152 three lines are valid lines of an ethers file:
2153 ff:ff:ff:ff:ff:ff Broadcast
2155 c0-00-ff-ff-ff-ff TR_broadcast
2156 00.00.00.00.00.00 Zero_broadcast
2157 The global ethers file is looked for in the /etc directory on UNIX-
2159 compatible systems, and in the main installation directory (for
2160 example, C:\Program Files\Wireshark) on Windows systems.
2161 The personal ethers file is looked for in the same directory as the
2163 personal preferences file.
2164 Capture filter name resolution is handled by libpcap on UNIX-
2166 compatible systems and WinPCAP on Windows. As such the Wireshark
2167 personal ethers file will not be consulted for capture filter name
2168 resolution.
2169 Name Resolution (manuf)
2171 The manuf file is used to match the 3-byte vendor portion of a
2172 6-byte hardware address with the manufacturer's name; it can also
2173 contain well-known MAC addresses and address ranges specified with
2174 a netmask. The format of the file is the same as the ethers files,
2175 except that entries such as:
2176 00:00:0C Cisco
2178 can be provided, with the 3-byte OUI and the name for a vendor, and
2180 entries such as:
2181 00-00-0C-07-AC/40 All-HSRP-routers
2183 can be specified, with a MAC address and a mask indicating how many
2185 bits of the address must match. The above entry, for example, has
2186 40 significant bits, or 5 bytes, and would match addresses from
2187 00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF. The mask need not be a
2188 multiple of 8.
2189 The manuf file is looked for in the same directory as the global
2191 preferences file.
2192 Name Resolution (ipxnets)
2194 The ipxnets files are used to correlate 4-byte IPX network numbers
2195 to names. First the global ipxnets file is tried and if that
2196 address is not found there the personal one is tried next.
2197 The format is the same as the ethers file, except that each address
2199 is four bytes instead of six. Additionally, the address can be
2200 represented as a single hexadecimal number, as is more common in
2201 the IPX world, rather than four hex octets. For example, these
2202 four lines are valid lines of an ipxnets file:
2203 C0.A8.2C.00 HR
2205 c0-a8-1c-00 CEO
2206 00:00:BE:EF IT_Server1
2207 110f FileServer3
2208 The global ipxnets file is looked for in the /etc directory on
2210 UNIX-compatible systems, and in the main installation directory
2211 (for example, C:\Program Files\Wireshark) on Windows systems.
2212 The personal ipxnets file is looked for in the same directory as
2214 the personal preferences file.
2215 Capture Filters
2217 The cfilters files contain system-wide and personal capture
2218 filters. Each line contains one filter, starting with the string
2219 displayed in the dialog box in quotation marks, followed by the
2220 filter string itself:
2221 "HTTP" port 80
2223 "DCERPC" port 135
2224 The global cfilters file uses the same directory as the global
2226 preferences file.
2227 The personal cfilters file uses the same directory as the personal
2229 preferences file. It is written through the Capture:Capture Filters
2230 dialog.
2231 If the global cfilters file exists, it is used only if the personal
2233 cfilters file does not exist; global and personal capture filters
2234 are not merged.
2235 Display Filters
2237 The dfilters files contain system-wide and personal display
2238 filters. Each line contains one filter, starting with the string
2239 displayed in the dialog box in quotation marks, followed by the
2240 filter string itself:
2241 "HTTP" http
2243 "DCERPC" dcerpc
2244 The global dfilters file uses the same directory as the global
2246 preferences file.
2247 The personal dfilters file uses the same directory as the personal
2249 preferences file. It is written through the Analyze:Display Filters
2250 dialog.
2251 If the global dfilters file exists, it is used only if the personal
2253 dfilters file does not exist; global and personal display filters
2254 are not merged.
2255 Color Filters (Coloring Rules)
2257 The colorfilters files contain system-wide and personal color
2258 filters. Each line contains one filter, starting with the string
2259 displayed in the dialog box, followed by the corresponding display
2260 filter. Then the background and foreground colors are appended:
2261 # a comment
2263 @tcp@tcp@[59345,58980,65534][0,0,0]
2264 @udp@udp@[28834,57427,65533][0,0,0]
2265 The global colorfilters file uses the same directory as the global
2267 preferences file.
2268 The personal colorfilters file uses the same directory as the
2270 personal preferences file. It is written through the View:Coloring
2271 Rules dialog.
2272 If the global colorfilters file exists, it is used only if the
2274 personal colorfilters file does not exist; global and personal
2275 color filters are not merged.
2276 GTK rc files
2278 The gtkrc files contain system-wide and personal GTK theme
2279 settings.
2280 The global gtkrc file uses the same directory as the global
2282 preferences file.
2283 The personal gtkrc file uses the same directory as the personal
2285 preferences file.
2286 Plugins
2288 See above in the description of the About:Plugins page.
2289
2291 WIRESHARK_DEBUG_EP_NO_CHUNKS
2292 Normally per-packet memory is allocated in large "chunks." This
2293 behavior doesn't work well with debugging tools such as Valgrind or
2294 ElectricFence. Export this environment variable to force
2295 individual allocations. Note: disabling chunks also disables
2296 canaries (see below).
2297 WIRESHARK_DEBUG_SE_NO_CHUNKS
2299 Normally per-file memory is allocated in large "chunks." This
2300 behavior doesn't work well with debugging tools such as Valgrind or
2301 ElectricFence. Export this environment variable to force
2302 individual allocations. Note: disabling chunks also disables
2303 canaries (see below).
2304 WIRESHARK_DEBUG_EP_NO_CANARY
2306 Normally per-packet memory allocations are separated by "canaries"
2307 which allow detection of memory overruns. This comes at the
2308 expense of some extra memory usage. Exporting this environment
2309 variable disables these canaries.
2310 WIRESHARK_DEBUG_SE_USE_CANARY
2312 Exporting this environment variable causes per-file memory
2313 allocations to be protected with "canaries" which allow for
2314 detection of memory overruns. This comes at the expense of
2315 significant extra memory usage.
2316 WIRESHARK_DEBUG_SCRUB_MEMORY
2318 If this environment variable is exported, the contents of per-
2319 packet and per-file memory is initialized to 0xBADDCAFE when the
2320 memory is allocated and is reset to 0xDEADBEEF when the memory is
2321 freed. This functionality is useful mainly to developers looking
2322 for bugs in the way memory is handled.
2323 WIRESHARK_RUN_FROM_BUILD_DIRECTORY
2325 This environment variable causes the plugins and other data files
2326 to be loaded from the build directory (where the program was
2327 compiled) rather than from the standard locations. It has no
2328 effect when the program in question is running with root (or
2329 setuid) permissions on *NIX.
2330 WIRESHARK_DATA_DIR
2332 This environment variable causes the various data files to be
2333 loaded from a directory other than the standard locations. It has
2334 no effect when the program in question is running with root (or
2335 setuid) permissions on *NIX.
2336 WIRESHARK_PYTHON_DIR
2338 This environment variable points to an alternate location for
2339 Python. It has no effect when the program in question is running
2340 with root (or setuid) permissions on *NIX.
2341 ERF_RECORDS_TO_CHECK
2343 This environment variable controls the number of ERF records
2344 checked when deciding if a file really is in the ERF format.
2345 Setting this environment variable a number higher than the default
2346 (20) would make false positives less likely.
2347 WIRESHARK_ABORT_ON_DISSECTOR_BUG
2349 If this environment variable is set, Wireshark will call abort(3)
2350 when a dissector bug is encountered. abort(3) will cause the
2351 program to exit abnormally; if you are running Wireshark in a
2352 debugger, it should halt in the debugger and allow inspection of
2353 the process, and, if you are not running it in a debugger, it will,
2354 on some OSes, assuming your environment is configured correctly,
2355 generate a core dump file. This can be useful to developers
2356 attempting to troubleshoot a problem with a protocol dissector.
2357
2359 wireshark-filter(4), tshark(1), editcap(1), pcap-filter(4), tcpdump(8),
2360 pcap(3), dumpcap(1), mergecap(1), text2pcap(1)
2361
2363 The latest version of Wireshark can be found at
2364 <http://www.wireshark.org>.
2365 HTML versions of the Wireshark project man pages are available at:
2367 http://www.wireshark.org/docs/man-pages
2368 <http://www.wireshark.org/docs/man-pages>.
2369
2371 Original Author
2372 -------- ------
2373 Gerald Combs <gerald[AT]wireshark.org>
2374 Contributors
2376 ------------
2377 Gilbert Ramirez <gram[AT]alumni.rice.edu>
2378 Hannes R. Boehm <hannes[AT]boehm.org>
2379 Mike Hall <mike [AT] hallzone.net>
2380 Bobo Rajec <bobo[AT]bsp-consulting.sk>
2381 Laurent Deniel <laurent.deniel[AT]free.fr>
2382 Don Lafontaine <lafont02[AT]cn.ca>
2383 Guy Harris <guy[AT]alum.mit.edu>
2384 Simon Wilkinson <sxw[AT]dcs.ed.ac.uk>
2385 Joerg Mayer <jmayer[AT]loplof.de>
2386 Martin Maciaszek <fastjack[AT]i-s-o.net>
2387 Didier Jorand <Didier.Jorand[AT]alcatel.fr>
2388 Jun-ichiro itojun Hagino <itojun[AT]itojun.org>
2389 Richard Sharpe <sharpe[AT]ns.aus.com>
2390 John McDermott <jjm[AT]jkintl.com>
2391 Jeff Jahr <jjahr[AT]shastanets.com>
2392 Brad Robel-Forrest <bradr[AT]watchguard.com>
2393 Ashok Narayanan <ashokn[AT]cisco.com>
2394 Aaron Hillegass <aaron[AT]classmax.com>
2395 Jason Lango <jal[AT]netapp.com>
2396 Johan Feyaerts <Johan.Feyaerts[AT]siemens.com>
2397 Olivier Abad <oabad[AT]noos.fr>
2398 Thierry Andry <Thierry.Andry[AT]advalvas.be>
2399 Jeff Foster <jfoste[AT]woodward.com>
2400 Peter Torvals <petertv[AT]xoommail.com>
2401 Christophe Tronche <ch.tronche[AT]computer.org>
2402 Nathan Neulinger <nneul[AT]umr.edu>
2403 Tomislav Vujec <tvujec[AT]carnet.hr>
2404 Kojak <kojak[AT]bigwig.net>
2405 Uwe Girlich <Uwe.Girlich[AT]philosys.de>
2406 Warren Young <tangent[AT]mail.com>
2407 Heikki Vatiainen <hessu[AT]cs.tut.fi>
2408 Greg Hankins <gregh[AT]twoguys.org>
2409 Jerry Talkington <jtalkington[AT]users.sourceforge.net>
2410 Dave Chapeskie <dchapes[AT]ddm.on.ca>
2411 James Coe <jammer[AT]cin.net>
2412 Bert Driehuis <driehuis[AT]playbeing.org>
2413 Stuart Stanley <stuarts[AT]mxmail.net>
2414 John Thomes <john[AT]ensemblecom.com>
2415 Laurent Cazalet <laurent.cazalet[AT]mailclub.net>
2416 Thomas Parvais <thomas.parvais[AT]advalvas.be>
2417 Gerrit Gehnen <G.Gehnen[AT]atrie.de>
2418 Craig Newell <craign[AT]cheque.uq.edu.au>
2419 Ed Meaney <emeaney[AT]cisco.com>
2420 Dietmar Petras <DPetras[AT]ELSA.de>
2421 Fred Reimer <fwr[AT]ga.prestige.net>
2422 Florian Lohoff <flo[AT]rfc822.org>
2423 Jochen Friedrich <jochen+ethereal[AT]scram.de>
2424 Paul Welchinski <paul.welchinski[AT]telusplanet.net>
2425 Doug Nazar <nazard[AT]dragoninc.on.ca>
2426 Andreas Sikkema <h323 [AT] ramdyne.nl>
2427 Mark Muhlestein <mmm[AT]netapp.com>
2428 Graham Bloice <graham.bloice[AT]trihedral.com>
2429 Ralf Schneider <ralf.schneider[AT]alcatel.se>
2430 Yaniv Kaul <ykaul[AT]netvision.net.il>
2431 Paul Ionescu <paul[AT]acorp.ro>
2432 Mark Burton <markb[AT]ordern.com>
2433 Stefan Raab <sraab[AT]cisco.com>
2434 Mark Clayton <clayton[AT]shore.net>
2435 Michael Rozhavsky <mike[AT]tochna.technion.ac.il>
2436 Dug Song <dugsong[AT]monkey.org>
2437 Michael Tuexen <tuexen [AT] fh-muenster.de>
2438 Bruce Korb <bkorb[AT]sco.com>
2439 Jose Pedro Oliveira <jpo[AT]di.uminho.pt>
2440 David Frascone <dave[AT]frascone.com>
2441 Peter Kjellerstedt <pkj[AT]axis.com>
2442 Phil Techau <phil_t[AT]altavista.net>
2443 Wes Hardaker <hardaker[AT]users.sourceforge.net>
2444 Robert Tsai <rtsai[AT]netapp.com>
2445 Craig Metz <cmetz[AT]inner.net>
2446 Per Flock <per.flock[AT]axis.com>
2447 Jack Keane <jkeane[AT]OpenReach.com>
2448 Brian Wellington <bwelling[AT]xbill.org>
2449 Santeri Paavolainen <santtu[AT]ssh.com>
2450 Ulrich Kiermayr <uk[AT]ap.univie.ac.at>
2451 Neil Hunter <neil.hunter[AT]energis-squared.com>
2452 Ralf Holzer <ralf[AT]well.com>
2453 Craig Rodrigues <rodrigc [AT] attbi.com>
2454 Ed Warnicke <hagbard[AT]physics.rutgers.edu>
2455 Johan Jorgensen <johan.jorgensen[AT]axis.com>
2456 Frank Singleton <frank.singleton[AT]ericsson.com>
2457 Kevin Shi <techishi[AT]ms22.hinet.net>
2458 Mike Frisch <mfrisch[AT]isurfer.ca>
2459 Burke Lau <burke_lau[AT]agilent.com>
2460 Martti Kuparinen <martti.kuparinen[AT]iki.fi>
2461 David Hampton <dhampton[AT]mac.com>
2462 Kent Engstroem <kent[AT]unit.liu.se>
2463 Ronnie Sahlberg <ronnie_sahlberg[AT]ozemail.com.au>
2464 Borosa Tomislav <tomislav.borosa[AT]SIEMENS.HR>
2465 Alexandre P. Ferreira <alexandref[AT]tcoip.com.br>
2466 Simharajan Srishylam <Simharajan.Srishylam[AT]netapp.com>
2467 Greg Kilfoyle <gregk[AT]redback.com>
2468 James E. Flemer <jflemer[AT]acm.jhu.edu>
2469 Peter Lei <peterlei[AT]cisco.com>
2470 Thomas Gimpel <thomas.gimpel[AT]ferrari.de>
2471 Albert Chin <china[AT]thewrittenword.com>
2472 Charles Levert <charles[AT]comm.polymtl.ca>
2473 Todd Sabin <tas[AT]webspan.net>
2474 Eduardo Perez Ureta <eperez[AT]dei.inf.uc3m.es>
2475 Martin Thomas <martin_a_thomas[AT]yahoo.com>
2476 Hartmut Mueller <hartmut[AT]wendolene.ping.de>
2477 Michal Melerowicz <Michal.Melerowicz[AT]nokia.com>
2478 Hannes Gredler <hannes[AT]juniper.net>
2479 Inoue <inoue[AT]ainet.or.jp>
2480 Olivier Biot <obiot.ethereal[AT]gmail.com>
2481 Patrick Wolfe <pjw[AT]zocalo.cellular.ameritech.com>
2482 Martin Held <Martin.Held[AT]icn.siemens.de>
2483 Riaan Swart <rswart[AT]cs.sun.ac.za>
2484 Christian Lacunza <celacunza[AT]gmx.net>
2485 Scott Renfro <scott[AT]renfro.org>
2486 Juan Toledo <toledo[AT]users.sourceforge.net>
2487 Jean-Christian Pennetier <jeanchristian.pennetier[AT]rd.francetelecom.fr>
2488 Jian Yu <bgp4news[AT]yahoo.com>
2489 Eran Mann <emann[AT]opticalaccess.com>
2490 Andy Hood <ajhood [AT] fl.net.au>
2491 Randy McEoin <rmceoin[AT]ahbelo.com>
2492 Edgar Iglesias <edgar.iglesias[AT]axis.com>
2493 Martina Obermeier <Martina.Obermeier[AT]icn.siemens.de>
2494 Javier Achirica <achirica[AT]ttd.net>
2495 B. Johannessen <bob[AT]havoq.com>
2496 Thierry Pelle <thierry.pelle[AT]laposte.net>
2497 Francisco Javier Cabello <fjcabello[AT]vtools.es>
2498 Laurent Rabret <laurent.rabret[AT]rd.francetelecom.fr>
2499 nuf si <gnippiks[AT]yahoo.com>
2500 Jeff Morriss <jeff.morriss[AT]ulticom.com>
2501 Aamer Akhter <aakhter[AT]cisco.com>
2502 Pekka Savola <pekkas[AT]netcore.fi>
2503 David Eisner <cradle[AT]Glue.umd.edu>
2504 Steve Dickson <steved[AT]talarian.com>
2505 Markus Seehofer <Markus.Seehofer [AT] hirschmann.de>
2506 Lee Berger <lberger[AT]roy.org>
2507 Motonori Shindo <mshindo[AT]mshindo.net>
2508 Terje Krogdahl <tekr[AT]nextra.com>
2509 Jean-Francois Mule <jfm[AT]cablelabs.com>
2510 Thomas Wittwer <thomas.wittwer[AT]iclip.ch>
2511 Matthias Nyffenegger <matthias.nyffenegger[AT]iclip.ch>
2512 Palle Lyckegaard <Palle[AT]lyckegaard.dk>
2513 Nicolas Balkota <balkota[AT]mac.com>
2514 Tom Uijldert <Tom.Uijldert[AT]cmg.nl>
2515 Akira Endoh <endoh[AT]netmarks.co.jp>
2516 Graeme Hewson <graeme.hewson[AT]oracle.com>
2517 Pasi Eronen <pe[at]iki.fi>
2518 Georg von Zezschwitz <gvz[AT]2scale.net>
2519 Steffen Weinreich <steve[AT]weinreich.org>
2520 Marc Milgram <ethereal[AT]mmilgram.NOSPAMmail.net>
2521 Gordon McKinney <gordon[AT]night-ray.com>
2522 Pavel Novotny <Pavel.Novotny[AT]icn.siemens.de>
2523 Shinsuke Suzuki <suz[AT]kame.net>
2524 Andrew C. Feren <acferen[AT]yahoo.com>
2525 Tomas Kukosa <tomas.kukosa [AT] siemens.com>
2526 Andreas Stockmeier <a.stockmeier[AT]avm.de>
2527 Pekka Nikander <pekka.nikander[AT]nomadiclab.com>
2528 Hamish Moffatt <hamish[AT]cloud.net.au>
2529 Kazushi Sugyo <k-sugyou[AT]nwsl.mesh.ad.jp>
2530 Tim Potter <tpot[AT]samba.org>
2531 Raghu Angadi <rangadi[AT]inktomi.com>
2532 Taisuke Sasaki <sasaki[AT]soft.net.fujitsu.co.jp>
2533 Tim Newsham <newsham[AT]lava.net>
2534 Tom Nisbet <Tnisbet[AT]VisualNetworks.com>
2535 Darren New <dnew[AT]san.rr.com>
2536 Pavel Mores <pvl[AT]uh.cz>
2537 Bernd Becker <bb[AT]bernd-becker.de>
2538 Heinz Prantner <Heinz.Prantner[AT]radisys.com>
2539 Irfan Khan <ikhan[AT]qualcomm.com>
2540 Jayaram V.R <vjayar[AT]cisco.com>
2541 Dinesh Dutt <ddutt[AT]cisco.com>
2542 Nagarjuna Venna <nvenna[AT]Brixnet.com>
2543 Jirka Novak <j.novak[AT]netsystem.cz>
2544 Ricardo Barroetaven~a <rbarroetavena[AT]veufort.com>
2545 Alan Harrison <alanharrison[AT]mail.com>
2546 Mike Frantzen <frantzen[AT]w4g.org>
2547 Charlie Duke <cduke[AT]fvc.com>
2548 Alfred Arnold <Alfred.Arnold[AT]elsa.de>
2549 Dermot Bradley <dermot.bradley[AT]openwave.com>
2550 Adam Sulmicki <adam[AT]cfar.umd.edu>
2551 Kari Tiirikainen <kari.tiirikainen[AT]nokia.com>
2552 John Mackenzie <John.A.Mackenzie[AT]t-online.de>
2553 Peter Valchev <pvalchev[AT]openbsd.org>
2554 Alex Rozin <Arozin[AT]mrv.com>
2555 Jouni Malinen <jkmaline[AT]cc.hut.fi>
2556 Paul E. Erkkila <pee[AT]erkkila.org>
2557 Jakob Schlyter <jakob[AT]openbsd.org>
2558 Jim Sienicki <sienicki[AT]issanni.com>
2559 Steven French <sfrench[AT]us.ibm.com>
2560 Diana Eichert <deicher[AT]sandia.gov>
2561 Blair Cooper <blair[AT]teamon.com>
2562 Kikuchi Ayamura <ayamura[AT]ayamura.org>
2563 Didier Gautheron <dgautheron[AT]magic.fr>
2564 Phil Williams <csypbw[AT]comp.leeds.ac.uk>
2565 Kevin Humphries <khumphries[AT]networld.com>
2566 Erik Nordstroem <erik.nordstrom[AT]it.uu.se>
2567 Devin Heitmueller <dheitmueller[AT]netilla.com>
2568 Chenjiang Hu <chu[AT]chiaro.com>
2569 Kan Sasaki <sasaki[AT]fcc.ad.jp>
2570 Stefan Wenk <stefan.wenk[AT]gmx.at>
2571 Ruud Linders <ruud[AT]lucent.com>
2572 Andrew Esh <Andrew.Esh[AT]tricord.com>
2573 Greg Morris <GMORRIS[AT]novell.com>
2574 Dirk Steinberg <dws[AT]dirksteinberg.de>
2575 Kari Heikkila <kari.o.heikkila[AT]nokia.com>
2576 Olivier Dreux <Olivier.Dreux[AT]alcatel.fr>
2577 Michael Stiller <ms[AT]2scale.net>
2578 Antti Tuominen <ajtuomin[AT]tml.hut.fi>
2579 Martin Gignac <lmcgign[AT]mobilitylab.net>
2580 John Wells <wells[AT]ieee.org>
2581 Loic Tortay <tortay[AT]cc.in2p3.fr>
2582 Steve Housley <Steve_Housley[AT]eur.3com.com>
2583 Peter Hawkins <peter[AT]hawkins.emu.id.au>
2584 Bill Fumerola <billf[AT]FreeBSD.org>
2585 Chris Waters <chris[AT]waters.co.nz>
2586 Solomon Peachy <pizza[AT]shaftnet.org>
2587 Jaime Fournier <Jaime.Fournier [AT] hush.com>
2588 Markus Steinmann <ms[AT]seh.de>
2589 Tsutomu Mieno <iitom[AT]utouto.com>
2590 Yasuhiro Shirasaki <yasuhiro[AT]gnome.gr.jp>
2591 Anand V. Narwani <anand[AT]narwani.org>
2592 Christopher K. St. John <cks[AT]distributopia.com>
2593 Nix <nix[AT]esperi.demon.co.uk>
2594 Liviu Daia <Liviu.Daia[AT]imar.ro>
2595 Richard Urwin <richard[AT]soronlin.org.uk>
2596 Prabhakar Krishnan <Prabhakar.Krishnan[AT]netapp.com>
2597 Jim McDonough <jmcd[AT]us.ibm.com>
2598 Sergei Shokhor <sshokhor[AT]uroam.com>
2599 Hidetaka Ogawa <ogawa[AT]bs2.qnes.nec.co.jp>
2600 Jan Kratochvil <short[AT]ucw.cz>
2601 Alfred Koebler <ak[AT]icon-sult.de>
2602 Vassilii Khachaturov <Vassilii.Khachaturov[AT]comverse.com>
2603 Bill Studenmund <wrstuden[AT]wasabisystems.com>
2604 Brian Bruns <camber[AT]ais.org>
2605 Flavio Poletti <flavio[AT]polettix.it>
2606 Marcus Haebler <haeblerm[AT]yahoo.com>
2607 Ulf Lamping <ulf.lamping[AT]web.de>
2608 Matthew Smart <smart[AT]monkey.org>
2609 Luke Howard <lukeh[AT]au.padl.com>
2610 PC Drew <drewpc[AT]ibsncentral.com>
2611 Renzo Tomas <renzo.toma [AT] xs4all.nl>
2612 Clive A. Stubbings <eth [AT] vjet.demon.co.uk>
2613 Steve Langasek <vorlon [AT] netexpress.net>
2614 Brad Hards <bhards[AT]bigpond.net.au>
2615 cjs 2895 <cjs2895[AT]hotmail.com>
2616 Lutz Jaenicke <Lutz.Jaenicke [AT] aet.TU-Cottbus.DE>
2617 Senthil Kumar Nagappan <sknagappan [AT] yahoo.com>
2618 Jason House <jhouse [AT] mitre.org>
2619 Peter Fales <psfales [AT] lucent.com>
2620 Fritz Budiyanto <fritzb88 [AT] yahoo.com>
2621 Jean-Baptiste Marchand <Jean-Baptiste.Marchand [AT] hsc.fr>
2622 Andreas Trauer <andreas.trauer [AT] siemens.com>
2623 Ronald Henderson <Ronald.Henderson [AT] CognicaseUSA.com>
2624 Brian Ginsbach <ginsbach [AT] cray.com>
2625 Dave Richards <d_m_richards [AT] comcast.net>
2626 Martin Regner <martin.regner [AT] chello.se>
2627 Jason Greene <jason [AT] inetgurus.net>
2628 Marco Molteni <mmolteni [AT] cisco.com>
2629 James Harris <jharris [AT] fourhorsemen.org>
2630 rmkml <rmkml [AT] wanadoo.fr>
2631 Anders Broman <anders.broman [AT] ericsson.com>
2632 Christian Falckenberg <christian.falckenberg [AT] nortelnetworks.com>
2633 Huagang Xie <xie [AT] lids.org>
2634 Pasi Kovanen <Pasi.Kovanen [AT] tahoenetworks.fi>
2635 Teemu Rinta-aho <teemu.rinta-aho [AT] nomadiclab.com>
2636 Martijn Schipper <mschipper [AT] globespanvirata.com>
2637 Wayne Parrott <wayne_p [AT] pacific.net.au>
2638 Laurent Meyer <laurent.meyer6 [AT] wanadoo.fr>
2639 Lars Roland <Lars.Roland [AT] gmx.net>
2640 Miha Jemec <m.jemec [AT] iskratel.si>
2641 Markus Friedl <markus [AT] openbsd.org>
2642 Todd Montgomery <tmontgom [AT] tibco.com>
2643 emre <emre [AT] flash.net>
2644 Stephen Shelley <steve.shelley [AT] attbi.com>
2645 Erwin Rol <erwin [AT] erwinrol.com>
2646 Duncan Laurie <duncan [AT] sun.com>
2647 Tony Schene <schene [AT] pcisys.net>
2648 Matthijs Melchior <mmelchior [AT] xs4all.nl>
2649 Garth Bushell <gbushell [AT] elipsan.com>
2650 Mark C. Brown <mbrown [AT] hp.com>
2651 Can Erkin Acar <canacar [AT] eee.metu.edu.tr>
2652 Martin Warnes <martin.warnes [AT] ntlworld.com>
2653 J Bruce Fields <bfields [AT] fieldses.org>
2654 tz <tz1 [AT] mac.com>
2655 Jeff Liu <jqliu [AT] broadcom.com>
2656 Niels Koot <Niels.Koot [AT] logicacmg.com>
2657 Lionel Ains <lains [AT] gmx.net>
2658 Joakim Wiberg <jow [AT] hms-networks.com>
2659 Jeff Rizzo <riz [AT] boogers.sf.ca.us>
2660 Christoph Wiest <ch.wiest [AT] tesionmail.de>
2661 Xuan Zhang <xz [AT] aemail4u.com>
2662 Thierry Martin <thierry.martin [AT] accellent-group.com>
2663 Oleg Terletsky <oleg.terletsky [AT] comverse.com>
2664 Michael Lum <mlum [AT] telostech.com>
2665 Shiang-Ming Huang <smhuang [AT] pcs.csie.nctu.edu.tw>
2666 Tony Lindstrom <tony.lindstrom [AT] ericsson.com>
2667 Niklas Ogren <niklas.ogren [AT] 71.se>
2668 Jesper Peterson <jesper [AT] endace.com>
2669 Giles Scott <gscott [AT] arubanetworks.com>
2670 Vincent Jardin <vincent.jardin [AT] 6wind.com>
2671 Jean-Michel Fayard <jean-michel.fayard [AT] moufrei.de>
2672 Josef Korelus <jkor [AT] quick.cz>
2673 Brian K. Teravskis <Brian_Teravskis [AT] Cargill.com>
2674 Nathan Jennings <njen [AT] triad.rr.com>
2675 Hans Viens <hviens [AT] mediatrix.com>
2676 Kevin A. Noll <kevin.noll [AT] versatile.com>
2677 Emanuele Caratti <wiz [AT] libero.it>
2678 Graeme Reid <graeme.reid [AT] norwoodsystems.com>
2679 Lars Ruoff <lars.ruoff [AT] sxb.bsf.alcatel.fr>
2680 Samuel Qu <samuel.qu [AT] utstar.com>
2681 Baktha Muralitharan <muralidb [AT] cisco.com>
2682 Loiec Minier <lool [AT] dooz.org>
2683 Marcel Holtmann <marcel [AT] holtmann.org>
2684 Scott Emberley <scotte [AT] netinst.com>
2685 Brian Fundakowski Feldman <bfeldman [AT] fla.fujitsu.com>
2686 Yuriy Sidelnikov <ysidelnikov [AT] hotmail.com>
2687 Matthias Drochner <M.Drochner [AT] fz-juelich.de>
2688 Dave Sclarsky <dave_sclarsky [AT] cnt.com>
2689 Scott Hovis <scott.hovis [AT] ums.msfc.nasa.gov>
2690 David Fort <david.fort [AT] irisa.fr>
2691 Felix Fei <felix.fei [AT] utstar.com>
2692 Christoph Neusch <christoph.neusch [AT] nortelnetworks.com>
2693 Jan Kiszka <jan.kiszka [AT] web.de>
2694 Joshua Craig Douglas <jdouglas [AT] enterasys.com>
2695 Dick Gooris <gooris [AT] alcatel-lucent.com>
2696 Michael Shuldman <michaels [AT] inet.no>
2697 Tadaaki Nagao <nagao [AT] iij.ad.jp>
2698 Aaron Woo <woo [AT] itd.nrl.navy.mil>
2699 Chris Wilson <chris [AT] mxtelecom.com>
2700 Rolf Fiedler <Rolf.Fiedler [AT] Innoventif.com>
2701 Alastair Maw <ethereal [AT] almaw.com>
2702 Sam Leffler <sam [AT] errno.com>
2703 Martin Mathieson <martin.r.mathieson [AT] googlemail.com>
2704 Christian Wagner <Christian.Wagner [AT] stud.uni-karlsruhe.de>
2705 Edwin Calo <calo [AT] fusemail.com>
2706 Ian Schorr <ischorr [AT] comcast.net>
2707 Rowan McFarland <rmcfarla[AT]cisco.com>
2708 John Engelhart <johne [AT] zang.com>
2709 Ryuji Somegawa <ryuji-so [AT] is.aist-nara.ac.jp>
2710 metatech <metatechbe [AT] gmail.com>
2711 Brian Wheeler <Brian.Wheeler [AT] arrisi.com>
2712 Josh Bailey <joshbailey [AT] lucent.com>
2713 Jelmer Vernooij <jelmer [AT] samba.org>
2714 Duncan Sargeant <dunc-ethereal-dev [AT] rcpt.to>
2715 Love Hoernquist Aastrand <lha [AT] it.su.se>
2716 Lukas Pokorny <maskis [AT] seznam.cz>
2717 Carlos Pignataro <cpignata [AT] cisco.com>
2718 Thomas Anders <thomas.anders [AT] blue-cable.de>
2719 Rich Coe <Richard.Coe [AT] med.ge.com>
2720 Dominic Bechaz <bdo [AT] zhwin.ch>
2721 Richard van der Hoff <richardv [AT] mxtelecom.com>
2722 Shaun Jackman <sjackman [AT] gmail.com>
2723 Jon Oberheide <jon [AT] oberheide.org>
2724 Henry Ptasinski <henryp [AT] broadcom.com>
2725 Roberto Morro <Roberto.Morro [AT] TILAB.COM>
2726 Chris Maynard <Christopher.Maynard [AT] GTECH.COM>
2727 SEKINE Hideki <sekineh [AT] gf7.so-net.ne.jp>
2728 Jeff Connelly <shellreef+mp2p [AT] gmail.com>
2729 Irene Ruengler <i.ruengeler [AT] fh-muenster.de
2730 M. Ortega y Strupp <moys [AT] loplof.de>
2731 Kelly Byrd <kbyrd-ethereal [AT] memcpy.com>
2732 Luis Ontanon <luis.ontanon[AT]gmail.com>
2733 Luca Deri <deri [AT] ntop.org>
2734 Viorel Suman <vsuman [AT] avmob.ro>
2735 Alejandro Vaquero <alejandro.vaquero [AT] verso.com>
2736 Francesco Fondelli <francesco.fondelli [AT] gmail.com>
2737 Artem Tamazov <artem.tamazov [AT] tellabs.com>
2738 Dmitry Trebich <dmitry.trebich [AT] gmail.com>
2739 Bill Meier <wmeier [AT] newsguy.com>
2740 Susanne Edlund <Susanne.Edlund [AT] ericsson.com>
2741 Victor Stratan <hidralisk [AT] yahoo.com>
2742 Peter Johansson <PeterJohansson73 [AT] gmail.com>
2743 Stefan Metzmacher <metze [AT] samba.org>
2744 Abhijit Menon-Sen <ams [AT] oryx.com>
2745 James Fields <jvfields [AT] tds.net>
2746 Kevin Johnson <kjohnson [AT] secureideas.net>
2747 Mike Duigou <bondolo [AT] dev.java.net>
2748 Deepak Jain <jain1971 [AT] yahoo.com>
2749 Stefano Pettini <spettini [AT] users.sourceforge.net>
2750 Jon Ringle <ml-ethereal [AT] ringle.org>
2751 Tim Endean <endeant [AT] hotmail.com>
2752 Charlie Lenahan <clenahan [AT] fortresstech.com>
2753 Takeshi Nakashima <T.Nakashima [AT] jp.yokogawa.com>
2754 Shoichi Sakane <sakane [AT] tanu.org>
2755 Michael Richardson <Michael.Richardson [AT] protiviti.com>
2756 Olivier Jacques <olivier.jacques [AT] hp.com>
2757 Francisco Alcoba <francisco.alcoba [AT] ericsson.com>
2758 Nils O. Selaasdal <noselasd [AT] asgaard.homelinux.org>
2759 Guillaume Chazarain <guichaz [AT] yahoo.fr>
2760 Angelo Bannack <angelo.bannack[AT]siemens.com>
2761 Paolo Frigo <paolofrigo [AT] gmail.com>
2762 Jeremy J Ouellette <jouellet [AT] scires.com>
2763 Aboo Valappil <valappil_aboo [AT] emc.com>
2764 Fred Hoekstra <fred.hoekstra [AT] philips.com>
2765 Ankur Aggarwal <ankur [AT] in.athenasemi.com>
2766 Lucian Piros <lpiros [AT] avmob.ro>
2767 Juan Gonzalez <juan.gonzalez [AT] pikatech.com>
2768 Brian Bogora <brian_bogora [AT] mitel.com>
2769 Jim Young <sysjhy [AT] langate.gsu.edu>
2770 Jeff Snyder <jeff [AT] mxtelecom.com>
2771 William Fiveash <William.Fiveash [AT] sun.com>
2772 Graeme Lunt <graeme.lunt [AT] smhs.co.uk>
2773 Menno Andriesse <s5066 [AT] nc3a.nato.int>
2774 Stig Bjorlykke <stig [AT] bjorlykke.org>
2775 Kyle J. Harms <kyle.j.harms [AT] boeing.com>
2776 Eric Wedel <ewedel [AT] bluearc.com>
2777 Secfire <secfire[AT]gmail.com>
2778 Eric Hultin <Eric.Hultin[AT]arrisi.com>
2779 Paolo Abeni <paolo.abeni [AT] email.it>
2780 W. Borgert <debacle [AT] debian.org>
2781 Frederic Roudaut <frederic.roudaut [AT] irisa.fr>
2782 Christoph Scholz <scholz_ch [AT] web.de>
2783 Wolfgang Hansmann <hansmann [AT] cs.uni-bonn.de>
2784 Kees Cook <kees [AT] outflux.net>
2785 Thomas Dreibholz <dreibh [AT] iem.uni-due.de>
2786 Authesserre Samuel <sauthess [AT] gmail.com>
2787 Balint Reczey <balint.reczey [AT] ericsson.com>
2788 Stephen Fisher <steve [AT] stephen-fisher.com>
2789 Krzysztof Burghardt <krzysztof [AT] burghardt.pl>
2790 Peter Racz <racz [AT] ifi.unizh.ch>
2791 Jakob Bratkovic <j.bratkovic [AT] iskratel.si>
2792 Mark Lewis <mlewis [AT] altera.com>
2793 Dominic Bechaz <bdo [AT] zhwin.ch>
2794 David Buechi <bhd [AT] zhwin.ch>
2795 Bill Florac <bill.florac [AT] etcconnect.com>
2796 Alex Burlyga <Alex.Burlyga [AT] netapp.com>
2797 Douglas Pratley <Douglas.pratley [AT] detica.com>
2798 Giorgio Tino <giorgio.tino [AT] cacetech.com>
2799 Davide Schiera <davide.schiera [AT] cacetech.com>
2800 Sebastien Tandel <sebastien [AT] tandel.be>
2801 Clay Jones <clay.jones [AT] email.com>
2802 Kriang Lerdsuwanakij <lerdsuwa [AT] users.sourceforge.net>
2803 Abhik Sarkar <sarkar.abhik [AT] gmail.com>
2804 Robin Seggelmann <seggelmann [AT] fh-muenster.de>
2805 Chris Bontje <cbontje [AT] gmail.com>
2806 Ryan Wamsley <wamslers [AT] sbcglobal.net>
2807 Dave Butt <davidbutt [AT] mxtelecom.com>
2808 Julian Cable <julian_cable [AT] yahoo.com>
2809 Joost Yervante Damad <joost [AT] teluna.org>
2810 Martin Sustrik <sustrik [AT] imatix.com>
2811 Jon Smirl <jonsmirl [AT] gmail.com>
2812 David Kennedy <sgsguy [AT] gmail.com>
2813 Matthijs Mekking <matthijs [AT] mlnetlabs.nl>
2814 Dustin Johnson <dustin [AT] dustinj.us>
2815 Victor Fajardo <vfajardo [AT] tari.toshiba.com>
2816 Tamas Regos <tamas.regos [AT] ericsson.com>
2817 Moshe van der Sterre <moshevds [AT] gmail.com>
2818 Rob Casey <rcasey [AT] gmail.com>
2819 Ted Percival <ted [AT] midg3t.net>
2820 Marc Petit-Huguenin <marc [AT] petit-huguenin.org>
2821 Florent Drouin <florent.drouin [AT] alcatel-lucent.fr>
2822 Karen Feng <kfeng [AT] fas.harvard.edu>
2823 Stephen Croll <croll [AT] mobilemetrics.net>
2824 Jens Braeuer <jensb [AT] cs.tu-berlin.de>
2825 Sake Blok <sake [AT] euronet.nl>
2826 Fulko Hew <fulko.hew [AT] gmail.com>
2827 Yukiyo Akisada <Yukiyo.Akisada [AT] jp.yokogawa.com>
2828 Andy Chu <chu.dev [AT] gmail.com>
2829 Shane Kearns <shane.kearns [AT] symbian.com>
2830 Loris Degioanni <loris.degioanni [AT] cacetech.com>
2831 Sven Meier <msv [AT] zhwin.ch>
2832 Holger Pfrommer <hpfrommer [AT] hilscher.com>
2833 Hariharan Ananthakrishnan <hariharan.a [AT] gmail.com>
2834 Hannes Kaelber <hannes.kaelber--wireshark [AT] x2e.de>
2835 Stephen Donnelly <stephen [AT] endace.com>
2836 Philip Frey <frey.philip [AT] gmail.com>
2837 Yves Geissbuehler <yves.geissbuehler [AT] gmail.com>
2838 Shigeo Nakamura <naka_shigeo [AT] yahoo.co.jp>
2839 Sven Eckelmann <sven.eckelmann [AT] gmx.de>
2840 Edward J. Paradise <pdice [AT] cisco.com>
2841 Brian Stormont <nospam [AT] stormyprods.com>
2842 Vincent Helfre <vincent.helfre [AT] ericsson.com>
2843 Brooss <brooss.teambb [AT] gmail.com>
2844 Joan Ramio <joan[AT]ramio.cat>
2845 David Castleford <david.castleford [AT] orange-ftgroup.com>
2846 Peter Harris <pharris[AT]opentext.com>
2847 Martin Lutz <MartinL [AT] copadata.at>
2848 Johnny Mitrevski <mitrevj [AT] hotmail.com>
2849 Neil Horman <nhorman [AT] tuxdriver.com>
2850 Andreas Schuler <krater [AT] badterrorist.com>
2851 Matthias Wenzel <dect [AT] mazzoo.de>
2852 Christian Durrer <christian.durrer [AT] sensemail.ch>
2853 Naoyoshi Ueda <piyomaru3141 [AT] gmail.com>
2854 Javier Cardona <javier [AT] cozybit.com>
2855 Jens Steinhauser <jens.steinhauser [AT] omicron.at>
2856 Julien Kerihuel <j.kerihuel [AT] openchange.org>
2857 Vincenzo Condoleo <vcondole [AT] hsr.ch>
2858 Mohammad Ebrahim Mohammadi Panah <mebrahim [AT] gmail.com>
2859 Greg Schwendimann <gregs [AT] iol.unh.edu>
2860 Nick Lewis <nick.lewis [AT] atltelecom.com>
2861 Fred Fierling <fff [AT] exegin.com>
2862 Samu Varjonen <samu.varjonen [AT] hiit.fi>
2863 Alexis La Goutte <alexis.lagoutte [AT] gmail.com>
2864 Varun Notibala <nbvarun [AT] gmail.com>
2865 Nathan Hartwell <nhartwell [AT] gmail.com>
2866 Don Chirieleison <donc [AT] mitre.org>
2867 Harald Welte <laforge [AT] gnumonks.org>
2868 Chris Costa <chcosta75 [AT] hotmail.com>
2869 Bruno Premont <bonbons [AT] linux-vserver.org>
2870 Florian Forster <octo [AT] verplant.org>
2871 Ivan Sy Jr. <ivan_jr [AT] yahoo.com>
2872 Matthieu Patou <mat [AT] matws.net>
2873 Kovarththanan Rajaratnam <kovarththanan.rajaratnam [AT] gmail.com>
2874 Matt Watchinski <mwatchinski [AT] sourcefire.com>
2875 Ravi Kondamuru <Ravi.Kondamuru [AT] citrix.com>
2876 Jan Gerbecks <jan.gerbecks [AT] stud.uni-due.de>
2877 Vladimir Smrekar <vladimir.smrekar [AT] gmail.com>
2878 Tobias Erichsen <t.erichsen [AT] gmx.de>
2879 Erwin van Eijk <erwin.vaneijk [AT] gmail.com>
2880 Venkateshwaran Dorai <venkateshwaran.d [AT] gmail.com>
2881 Ben Greear <greearb [AT] candelatech.com>
2882 Richard Kuemmel <r.kuemmel [AT] beckhoff.de>
2883 Yi Yu <yiyu.inbox [AT] gmail.com>
2884 Aniruddha A <aniruddha.a [AT] gmail.com>
2885 David Aggeler <david_aggeler [AT] hispeed.ch>
2886 Jens Kilian <jjk [AT] acm.org>
2887 David Bond <mokon [AT] mokon.net>
2888 Paul J. Metzger <pjm [AT] ll.mit.edu>
2889 Robert Hogan <robert [AT] roberthogan.net>
2890 Torrey Atcitty <torrey.atcitty [AT] harman.com>
2891 Dave Olsen <dave.olsen [AT] harman.com>
2892 Craig Gunther <craig.gunther [AT] harman.com>
2893 Levi Pearson <levi.pearson [AT] harman.com>
2894 Allan M. Madsen <allan.m [AT] madsen.mail.dk>
2895 Slava <slavak [AT] gmail.com>
2896 H.sivank <hsivank [AT] gmail.com>
2897 Edgar Gladkich <edgar.gladkich [AT] inacon.de>
2898 Michael Bernhard <michael.bernhard [AT] bfh.ch>
2899 Holger Freyther <zecke [AT] selfish.org>
2900 Herbert Lischka <herbert [AT] lischka-berlin.de>
2901 Grzegorz Szczytowski <Grzegorz.Szczytowski [AT] gmail.com>
2902 and by:
2904 Pavel Roskin <proski [AT] gnu.org>
2906 Georgi Guninski <guninski [AT] guninski.com>
2907 Jason Copenhaver <jcopenha [AT] typedef.org>
2908 Eric Perie <eric.perie [AT] colubris.com>
2909 David Yon <yon [AT] tacticalsoftware.com>
2910 Marcio Franco <franco.marcio [AT] rd.francetelecom.fr>
2911 Kaloian Stoilov <kalkata [AT] yahoo.com>
2912 Steven Lass <stevenlass [AT] mail.com>
2913 Gregory Stark <gsstark [AT] mit.edu>
2914 Darren Steele <steeley [AT] steeley.co.uk>
2915 <smhuang [AT] pcs.csie.nctu.edu.tw>
2916 Michael Kopp <michael.kopp [AT] isarnet.de>
2917 Bernd Leibing <bernd.leibing [AT] kiz.uni-ulm.de>
2918 Chris Heath <chris [AT] heathens.co.nz>
2919 Gisle Vanem <giva [AT] bgnett.no>
2920 Ritchie <ritchie [AT] tipsybottle.com>
2921 Aki Immonen <aki.immonen [AT] golftalma.fi>
2922 David E. Weekly <david [AT] weekly.org>
2923 Steve Ford <sford [AT] geeky-boy.com>
2924 Masaki Chikama <masaki-c [AT] is.aist-nara.ac.jp>
2925 Mohammad Hanif <mhanif [AT] nexthop.com>
2926 Reinhard Speyerer <rspmn [AT] arcor.de>
2927 Patrick Kursawe <phosphan [AT] gentoo.org>
2928 Arsen Chaloyan <achaloyan [AT] yahoo.com>
2929 <melerski [AT] poczta.onet.pl>
2930 Arnaud Jacques <webmaster [AT] securiteinfo.com>
2931 D. Manzella <manzella [AT] lucent.com>
2932 Jari Mustajarvi <jari.mustajarvi [AT] nokia.com>
2933 Pierre Juhen <pierre.juhen [AT] wanadoo.fr>
2934 David Richards <drichards [AT] alum.mit.edu>
2935 Shusaku Ueda <ueda [AT] sra.co.jp>
2936 Jonathan Perkins <jonathan.perkins [AT] ipaccess.com>
2937 Holger Schurig <h.schurig [AT] mn-logistik.de>
2938 Peter J. Creath <peter-ethereal [AT] creath.net>
2939 Magnus Hansson <mah [AT] hms.se>
2940 Pavel Kankovsky <kan [AT] dcit.cz>
2941 Nick Black <dank [AT] reflexsecurity.com>
2942 Bill Guyton <guyton [AT] bguyton.com>
2943 Chernishov Yury <Chernishov [AT] iskrauraltel.ru>
2944 Thomas Palmer <Thomas.Palmer [AT] Gunter.AF.mil>
2945 Clinton Work <clinton [AT] scripty.com>
2946 Joe Marcus Clarke <marcus [AT] marcuscom.com>
2947 Kendy Kutzner <kutzner[AT]tm.uka.de>
2948 James H. Cloos Jr. <cloos [AT] jhcloos.com>
2949 Tim Farley <tfarley[AT]iss.net>
2950 Daniel Thompson <daniel.thompson[AT]st.com>
2951 Chris Jepeway <thai-dragon[AT]eleven29.com>
2952 Matthew Bradley <matthew.bradley [AT] cnsonline.net>
2953 Nathan Alger <nathan [AT] wasted.com>
2954 Stas Grabois <sagig [AT] radware.com>
2955 Ainsley Pereira <APereira [AT] Witness.com>
2956 Philippe Mazeau <philippe.mazeau [AT] swissvoice.net>
2957 Carles Kishimoto <ckishimo [AT] ac.upc.es>
2958 Dennis Lim <Dennis.Lim [AT] motorola.com>
2959 <postadal [AT] suse.cz>
2960 Martin van der Werff <martin [AT] vanderwerff.org>
2961 Marco van den Bovenkamp <marco [AT] linuxgoeroe.dhs.org>
2962 Ming Zhang <mingz [AT] ele.uri.edu>
2963 Neil Piercy <Neil.Piercy [AT] ipaccess.com>
2964 Remi Denis-Courmont <courmisch [AT] via.ecp.fr>
2965 Thomas Palmer <tpalmer [AT] elmore.rr.com>
2966 Maarten Svantesson <f95-msv [AT] f.kth.se>
2967 Thomas Boehne <TBoehne [AT] ADwin.de>
2968 Steve Sommars (e-mail address removed at contributor's request)
2969 Kestutis Kupciunas <kesha [AT] soften.ktu.lt>
2970 Rene Pilz <rene.pilz [AT] ftw.at>
2971 Laurent Constantin <laurent.constantin [AT] aql.fr>
2972 Martin Pichlmaier <martin.pichlmaier [AT] siemens.com>
2973 Mark Phillips <msp [AT] nortelnetworks.com>
2974 Nils Ohlmeier <lists [AT] ohlmeier.org>
2975 Ignacio Goyret <igoyret [AT] lucent.com>
2976 Bart Braem <bart.braem [AT] gmail.com>
2977 Shingo Horisawa <name4n5 [AT] hotmail.com>
2978 Lane Hu <lane.hu [AT] utstar.com>
2979 Marc Poulhies <marc.poulhies [AT] epfl.ch>
2980 Tomasz Mrugalski <thomson [AT] klub.com.pl>
2981 Brett Kuskie <mstrprgmmr [AT] chek.com>
2982 Brian Caswell <bmc [AT] sourcefire.com>
2983 Yann <yann_eads [AT] hotmail.com>
2984 Julien Leproust <julien [AT] via.ecp.fr>
2985 Mutsuya Irie <irie [AT] sakura-catv.ne.jp>
2986 Yoshihiro Oyama <y.oyama [AT] netagent.co.jp>
2987 Chris Eagle <cseagle [AT] nps.edu>
2988 Dominique Bastien <dbastien [AT] accedian.com>
2989 Nicolas Dichtel <nicolas.dichtel [AT] 6wind.com>
2990 Ricardo Muggli <ricardo.muggli [AT] mnsu.edu>
2991 Vladimir Kondratiev <vladimir.kondratiev [AT] gmail.com>
2992 Jaap Keuter <jaap.keuter [AT] xs4all.nl>
2993 Frederic Peters <fpeters [AT] debian.org>
2994 Anton Ivanov <anthony_johnson [AT] mail.ru>
2995 Ilya Konstantinov <future [AT] shiny.co.il>
2996 Neil Kettle <mu-b [AT] 65535.com>
2997 Steve Karg <skarg [AT] users.sourceforge.net>
2998 Javier Acuna <javier.acuna [AT] sixbell.cl>
2999 Miklos Szurdi <szurdimiklos [AT] yahoo.com>
3000 Cvetan Ivanov <zezo [AT] spnet.net>
3001 Vasanth Manickam <vasanth.manickam [AT] bt.com>
3002 Julian Onions <julian.onions [AT] gmail.com>
3003 Samuel Thibault <samuel.thibault [AT] ens-lyon.org>
3004 Peter KovaAaX <peter.kovar [AT] gmail.com>
3005 Paul Ollis <paul.ollis [AT] roke.co.uk>
3006 Dominik Kuhlen <dkuhlen [AT] gmx.net>
3007 Karl Knoebl <karl.knoebl [AT] siemens.com>
3008 Maria-Luiza Crivat <luizacri [AT] gmail.com>
3009 Brice Augustin <bricecotte [AT] gmail.com>
3010 Matt Thornton <MATT_THORNTON [AT] appsig.com>
3011 Markus Seehofer <Markus.Seehofer [AT] hirschmann.de>
3012 Timo Metsala <timo.metsala [AT] gmail.com>
3013 Manu Pathak <mapathak [AT] cisco.com>
3014 Kaul <mykaul [AT] gmail.com>
3015 John Sullivan <john [AT] kanargh.force9.co.uk>
3016 Martin Andre <andre [AT] clarinet.u-strasbg.fr>
3017 Andrei Emeltchenko <Andrei.Emeltchenko [AT] nokia.com>
3018 Kirby Files <kfiles [AT] masergy.com>
3019 Ravi Valmikam <rvalmikam [AT] airvananet.com>
3020 Diego Petteno <flameeyes [AT] gentoo.org>
3021 Daniel Black <dragonheart [AT] gentoo.org>
3022 Christoph Werle <Christoph.Werle [AT] ira.uka.de>
3023 Aaron Christensen <aaronmf [AT] gmail.com>
3024 Ian Abel <ianabel [AT] mxtelecom.com>
3025 Bryant Eastham <beastham [AT] slc.mew.com>
3026 Taner Kurtulus <taner.kurtulus [AT] tubitak.gov.tr>
3027 Joe Breher <linux [AT] q-music.com>
3028 Patrick vd Lageweg <patrick [AT] bitwizard.nl>
3029 Thomas Sillaber <Thomas.Sillaber [AT] gmx.de>
3030 Mike Davies <m.davies [AT] btinternet.com>
3031 Boris Misenov <Boris.Misenov [AT] oktelabs.ru>
3032 Joe McEachern <joe [AT] qacafe.com>
3033 Charles Lepple <clepple [AT] gmail.com>
3034 Tuomas Maattanen <maattanen [AT] iki.fi>
3035 Joe Eykholt <joe [AT] nuovasystems.com>
3036 Ian Brumby <ian.brumby [AT] baesystems.com>
3037 Todd J Martin <todd.martin [AT] acm.org>
3038 Scott Robinson <scott.robinson [AT] flukenetworks.com>
3039 Martin Peylo <wireshark [AT] izac.de>
3040 Stephane Loeuillet <leroutier [AT] gmail.com>
3041 Andrei Rubaniuk <rubaniuk [AT] mail.ru>
3042 Mikael Magnusson <mikma264 [AT] gmail.com>
3043 Timo Teraes <timo.teras [AT] iki.fi>
3044 Marton Nemeth <nm127 [AT] freemail.hu>
3045 Kai Blin <kai [AT] samba.org>
3046 Olivier Montanuy <olivier.montanuy [AT] orange-ftgroup.com>
3047 Thomas Morin <thomas.morin [AT] orange-ftgroup.com>
3048 Jesus Roman <jroman [AT] teldat.com>
3049 Giodi Giorgi <g.giorgi [AT] gmail.com>
3050 Peter Hertting <Peter.Hertting [AT] gmx.net>
3051 Jess Balint <jbalint [AT] gmail.com>
3052 Bahaa Naamneh <b.naamneh [AT] gmail.com>
3053 Magnus Soerman <magnus.sorman [AT] ericsson.com
3054 Pascal Quantin <pascal.quantin [AT] gmail.com>
3055 Roy Marples <roy [AT] marples.name>
3056 Ward van Wanrooij <ward [AT] ward.nu>
3057 Federico Mena Quintero <federico [AT] novell.com>
3058 Jakub Zawadzki <darkjames [AT] darkjames.ath.cx>
3059 Andreas Heise <andreas.heise [AT] nextiraone.de>
3060 Alex Lindberg <alindber [AT] yahoo.com>
3061 Rama Chitta <rama [AT] gear6.com>
3062 Roberto Mariani <jelot-wireshark [AT] jelot.it>
3063 Sandhya Gopinath <Sandhya.Gopinath [AT] citrix.com>
3064 Raghav SN <Raghav.SN [AT] citrix.com>
3065 Murali Raja <Murali.Raja [AT] citrix.com>
3066 Devesh Prakash <Devesh.Prakash [AT] citrix.com>
3067 Darryl Champagne <dchampagne [AT] sta.samsung.com>
3068 Michael Speck <Michael.Speck [AT] avl.com>
3069 Gerasimos Dimitriadis <dimeg [AT] intracom.gr>
3070 Robert Simac <rsimac [AT] cronsult.com>
3071 Johanna Sochos <johanna.sochos [AT] swissqual.com>
3072 Felix Obenhuber <felix [AT] obenhuber.de>
3073 Hilko Bengen <bengen--wireshark [AT] hilluzination.de>
3074 Hadar Shoham <hadar [AT] ti.com>
3075 Robert Bullen <robert [AT] bitcricket.com>
3076 Chuck Kristofek <chuck.kristofek [AT] ngc.com>
3077 Markus Renz <Markus.Renz [AT] hirschmann.de>
3078 Petr Lautrbach <plautrba [AT] redhat.com>
3079 Toshihiro Kataoka <kataoka.toshihiro [AT] gmail.com>
3080 Romain Fliedel <romain.fliedel+wireshark [AT] gmail.com>
3081 Paul Stath <pstath [AT] axxcelera.com>
3082 DeCount <aatrade [AT] libero.it>
3083 Dan Lasley <dlasley[AT]promus.com> gave permission for his
3085 dumpit() hex-dump routine to be used.
3086 Mattia Cazzola <mattiac[AT]alinet.it> provided a patch to the
3088 hex dump display routine.
3089 We use the exception module from Kazlib, a C library written by
3091 Kaz Kylheku <kaz[AT]ashi.footprints.net>. Thanks go to him for
3092 his well-written library. The Kazlib home page can be found at
3093 http://users.footprints.net/~kaz/kazlib.html
3094 We use Lua BitOp, written by Mike Pall, for bitwise operations
3096 on numbers in Lua. The Lua BitOp home page can be found at
3097 http://bitop.luajit.org/
3098 Henrik Brix Andersen <brix[AT]gimp.org> gave permission for his
3100 webbrowser calling routine to be used.
3101 Christophe Devine <c.devine[at]cr0.net> gave permission for his
3103 SHA1 routines to be used.
3104 snax <snax[AT]shmoo.com> gave permission to use his(?) weak key
3106 detection code from Airsnort.
3107 IANA gave permission for their port-numbers file to be used.
31091.4.10 2011-11-02 WIRESHARK(1)