<HTML> <HEAD> <TITLE>The KSnuffle Manual: Protocol Decoding</TITLE> </HEAD> <BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000"> <FONT FACE="Helvetica"> <A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A> <BR> <HR noshade> <DIV ALIGN=right> <A HREF="index-7.html">Next</A> <A HREF="index-5.html">Previous</A> <A HREF="index.html#toc6">Table of Contents</A> </DIV> <BR> <H3> <A NAME="s2"></A>6. Protocol Decoding </H3> <P> KSnuffle can be used to delve into packet innards, to view protocol and application data contained therein. These functions are accessed from the <A HREF="index-4.7.html">packet display</A> and the <A HREF="index-5.html#tcpip">TCP/IP stream plugin</A>; either double-click on a packet or stream to obtain the protocol details display, or right-click and select <B>Show Details</B> or, if the packet is a TCP/IP packet, <B>Show TCP Data</B>. </P> <P> Note that for these displays to be useful, the snap (packet capture) length should be increased, probably do the maximum datagram size. </P> <P> By default, each packet display will show at most one details window and one TCP/IP data stream window. This can be changed from the <A HREF="index-4.10.html">global setup</A></LI> page. </P> <P> <A NAME="details"></A><B>6.1 Packet Details Display</B> </P> <P> <A HREF="protocol.html" target="Protocol Detail">Click for full size image</A><IMG SRC="protocol_s.png"> </P> <P> This option brings up a separate window which is split horizontally. The upper window shows the protocol structure as an expandable tree, while the lower shows the packet contents byte-by-byte. Whenever an item of the protocol structure is highlighted, the range of bytes covered by this item is shown in red. Any bytes which are beyond the captured length are shown as <I>xx</I> in blue. </P> <P> The display toolbar includes icons to expand or collapse the entire details tree. In addition, if the packet is a TCP/IP packet, then icons are available to move the the first recorded packet for the TCP/IP stream, to the previous packet, to the next packet, and to the last recorded packet. Lastly, again for TCP/IP packets, the stream of which the packet is a part can be displayed. </P> <P> <A NAME="tcpip"></A><B>6.2 TCP/IP Data Stream Display</B> </P> <P> <A HREF="tcpdata.html" target="TCP/IP Data Stream">Click for full size image</A><IMG SRC="tcpdata_s.png"> </P> <P> This option also brings up a separate window. This shows all data associated with the TCP/IP connection of which the selected packet is a part, for all packets currently held by the packet display. The data direction is indicated by the color. Note that the number of packets held by the packet display can be changed from the <A HREF="index-4.10.html">global setup</A></LI> page. </P> <P> Lines are split at newline characters in the data, or every 256 characters in the absence of newlines. </P> <P> This display is not continuously updated, but can be resynchronised using the toolbar button. </P> <P> <A HREF="index-7.html">Next</A> <A HREF="index-5.html">Previous</A> <A HREF="index.html#toc6">Table of Contents</A> </P> <P> <HR size="3" noshade> </P> </BODY> </HTML>