The Ethereal menus
The Ethereal menu sits across the top of the Ethereal window. An example is shown in Figure 2.
It contains the following items:
- File
This menu contains menu-items to open and reread capture files, save capture files, print capture files, print packets, and to quit from Ethereal.
- Edit
This menu contains menu-items to find a frame and goto a frame,mark one or more frames, set your preferences, create filters, and enable or disable the dissection of protocols (cut, copy, and paste are not presently implemented).
- Capture
This menu allows you to start and stop captures.
- Display
This menu contains menu-items to modify display options, match selected frames, colorize frames, expand all frames, collapse all frames, show a packet in a separate window, and configure user specified decodes.
- Tools
This menu contains menu-items to display loaded plugins, follow a TCP stream, obtain a summary of the packets that have been captured, and display protocol hierarchy statistics.
- Help
This menu contains the About Ethereal... menu item and access to some basic Help.
The Ethereal File menu
The Ethereal file menu contains the fields shown in Table 1.
Table 1. File menu
| Menu Item | Accelerator | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Open... | Ctrl-O | This menu item brings up the file open dialog box that allows you to load a capture file for viewing. It is discussed in more detail in the Section called The File Open dialog box. | ||||||||
| Close | Ctrl-W | This menu item closes the current capture. If you have not saved the capture, it is lost. | ||||||||
| Save | Ctrl-S | This menu item saves the current capture. If you have not set a default capture file name (perhaps with the -w <capfile> option), Ethereal pops up the Save Capture File As dialog box (which is discussed further in the Section called The Save Capture File As dialog box).
| ||||||||
| Save As... | This menu item allows you to save the current capture file to whatever file you would like. It pops up the Save Capture File As dialog box (which is discussed further in the Section called The Save Capture File As dialog box). | |||||||||
| Reload | Ctrl-R | This menu item allows you to reload the current capture file. This menu item is no longer needed, and may be removed in future releases of Ethereal | ||||||||
| Print... | This menu item allows you to print all the packets in the capture file. It pops up the Ethereal Print dialog box (which is discussed further in the Section called Printing packets). | |||||||||
| Print Packet | Ctrl-P | This menu item allows you to print the current packet. | ||||||||
| Quit | Ctrl-Q | This menu item allows you to quit from Ethereal. In the current release of Ethereal (0.8.19), Ethereal silently exits even if you have not saved the current capture file. This may be changed in a future release of Ethereal. |
The Ethereal Edit menu
The Ethereal Edit menu contains the fields shown in Table 2.
Table 2. Edit menu
| Menu Item | Accelerator | Description |
|---|---|---|
| Find Frame... | Ctrl-F | This menu item brings up a dialog box that allows you to find a frame by entering an Ethereal display filter. There is further information on finding frames in the Section called Finding frames. |
| Go to Frame... | Ctrl-G | This menu item brings up a dialog box that allows you to specify a frame to goto by frame number. |
| Mark Frame | Ctrl-M | This menu item "marks" the currently selected frame. See the Section called The Save Capture File As dialog box for more information about saving marked frames. |
| Mark All Frames | This menu item "marks" all frames. See the Section called The Save Capture File As dialog box for more information about saving marked frames. | |
| Unmark All Frames | This menu item "unmarks" all marked frames. | |
| Preferences... | This menu item brings up a dialog box that allows you to set preferences for many parameters that control Ethereal. You can also save your preferences so Ethereal will use them the next time you start it. More detail is provided in the Section called Ethereal preferences | |
| Capture Filters... | This menu item brings up a dialog box that allows you to create and edit capture filters. You can name filters, and you can save them for future use. More detail on this subject is provided in the Section called Defining and saving filters | |
| Display Filters... | This menu item brings up a dialog box that allows you to create and edit display filters. You can name filters, and you can save them for future use. More detail on this subject is provided in the Section called Defining and saving filters | |
| Protocols... | This menu item brings up a dialog box that allows you to enable or disable the dissection of individual protocols edit. |
The Ethereal Capture menu
The Ethereal Capture menu contains the fields shown in Table 3.
Table 3. Capture menu
| Menu Item | Accelerator | Description |
|---|---|---|
| Start... | Ctrl-K | This menu item brings up the Capture Preferences dialog box (discussed further in the Section called Capturing packets with Ethereal) and allows you to start capturing packets. |
| Stop | Ctrl-E | This menu item stops the currently running capture. |
The Ethereal Display menu
The Ethereal Display menu contains the fields shown in Table 4.
Table 4. Display menu
| Menu Item | Accelerator | Description |
|---|---|---|
| Options... | This menu item brings up a dialog box that controls the way that Ethereal displays some information about packets. Examples include the way timestamps are handled, whether addresses and other numbers are translated, and so forth. This is further discussed in the Section called Display Options. | |
| Match Selected | This menu item allows you to select all packets that have a matching value in the field selected in the tree view pane (middle pane). | |
| Colorize Display | This menu item brings up a dialog box that allows you color packets in the packet list pane according to filter expressions you choose. It can be very useful for spotting certain types of packets. | |
| Collapse All | Ethereal keeps a list of all the protocol subtrees that are expanded, and uses it to ensure that the correct subtrees are expanded when you display a packet. This menu item collapses the tree view of all packets in the capture list. | |
| Expand All | This menu item expands all subtrees in all packets in the capture. | |
| Show Packet in New Window | This menu item brings up the selected packet in a separate window. The separate window shows only the tree view and byte view panes. | |
| User Specified Decodes... | This menu item allows the user to force ethereal to decode certain packets as a particular protocol. |
The Ethereal Tools menu
The Ethereal Tools menu contains the fields shown in Table 5.
Table 5. Tools menu
| Menu Item | Accelerator | Description |
|---|---|---|
| Plugins... | This menu item brings up a dialog box that allows you to manage Ethereal plugins. There are very few plugins todate. | |
| Follow TCP Stream | This menu item brings up a separate window and displays all the TCP segments captured that are on the same TCP connection as a selected packet. The data in the TCP stream is sorted into order, with duplicate segments removed, and it is then displayed in ascii. You can change the format is you desire. | |
| Decode As... | This menu item allows the user to force ethereal to decode certain packets as a particular protocol. | |
| Summary | This menu item brings up a statistics window that shows information about the packets captured. | |
| Protocol Hierarchy Statistics | This menu item displays a hierarchical tree of packet statistics. |
The Ethereal Help menu
The Ethereal Help menu contains the fields shown in Table 6.
