<HTML>
<HEAD>
<TITLE>The KSnuffle Manual: Protocol Decoding</TITLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000">
<FONT FACE="Helvetica">
<A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A>
<BR>
<HR noshade>
<DIV ALIGN=right>
<A HREF="index-7.html">Next</A>
<A HREF="index-5.html">Previous</A>
<A HREF="index.html#toc6">Table of Contents</A>
</DIV>
<BR>
<H3>
<A NAME="s2"></A>6. Protocol Decoding
</H3>
<P>
KSnuffle can be used to delve into packet innards, to view protocol
and application data contained therein. These functions are accessed
from the <A HREF="index-4.7.html">packet display</A> and the
<A HREF="index-5.html#tcpip">TCP/IP stream plugin</A>; either
double-click on a packet or stream to obtain the protocol details display, or
right-click and select <B>Show Details</B> or, if the packet is
a TCP/IP packet, <B>Show TCP Data</B>.
</P>
<P>
Note that for these displays to be useful, the snap (packet capture)
length should be increased, probably do the maximum datagram size.
</P>
<P>
By default, each packet display will show at most one details
window and one TCP/IP data stream window. This can be changed from
the <A HREF="index-4.10.html">global setup</A></LI> page.
</P>
<P>
<A NAME="details"></A><B>6.1 Packet Details Display</B>
</P>
<P>
<A HREF="protocol.html" target="Protocol Detail">Click for full
size image</A><IMG SRC="protocol_s.png">
</P>
<P>
This option brings up a separate window which is split horizontally.
The upper window shows the protocol structure as an expandable
tree, while the lower shows the packet contents byte-by-byte.
Whenever an item of the protocol structure is highlighted, the
range of bytes covered by this item is shown in red. Any bytes
which are beyond the captured length are shown as <I>xx</I> in blue.
</P>
<P>
The display toolbar includes icons to expand or collapse the entire
details tree. In addition, if the packet is a TCP/IP packet, then
icons are available to move the the first recorded packet for the
TCP/IP stream, to the previous packet, to the next packet, and to
the last recorded packet. Lastly, again for TCP/IP packets,
the stream of which the packet is a part can be displayed.
</P>
<P>
<A NAME="tcpip"></A><B>6.2 TCP/IP Data Stream Display</B>
</P>
<P>
<A HREF="tcpdata.html" target="TCP/IP Data Stream">Click for full
size image</A><IMG SRC="tcpdata_s.png">
</P>
<P>
This option also brings up a separate window. This shows all data
associated with the TCP/IP connection of which the selected packet
is a part, for all packets currently held by the packet display.
The data direction is indicated by the color. Note that the number
of packets held by the packet display can be changed from the
<A HREF="index-4.10.html">global setup</A></LI> page.
</P>
<P>
Lines are split at newline characters in the data, or every 256
characters in the absence of newlines.
</P>
<P>
This display is not continuously updated, but can be resynchronised
using the toolbar button.
</P>
<P>
<A HREF="index-7.html">Next</A>
<A HREF="index-5.html">Previous</A>
<A HREF="index.html#toc6">Table of Contents</A>
</P>
<P>
<HR size="3" noshade>
</P>
</BODY>
</HTML>
distrib
>
Mandriva
>
8.2
>
i586
>
media
>
contrib
>
by-pkgid
>
07e50cafac9da67d9e9336db4030817a
>
files
>
89
