A.2. Configuration Files and Folders

Wireshark

A.2. Configuration Files and Folders

[Tip] Tip
File/Folder Description Unix/Linux folders Windows folders
preferences Settings from the Preferences dialog box. /etc/wireshark.conf, $HOME/.wireshark/preferences %WIRESHARK%\wireshark.conf, %APPDATA%\Wireshark\preferences
recent Recent GUI settings (e.g. recent files lists). $HOME/.wireshark/recent %APPDATA%\Wireshark\recent
cfilters Capture filters. $HOME/.wireshark/cfilters %WIRESHARK%\cfilters, %APPDATA%\Wireshark\cfilters
dfilters Display filters. $HOME/.wireshark/dfilters %WIRESHARK%\dfilters, %APPDATA%\Wireshark\dfilters
colorfilters Coloring rules. $HOME/.wireshark/colorfilters %WIRESHARK%\colorfilters, %APPDATA%\Wireshark\colorfilters
disabled_protos Disabled protocols. $HOME/.wireshark/disabled_protos %WIRESHARK%\disabled_protos, %APPDATA%\Wireshark\disabled_protos
ethers Ethernet name resolution. /etc/ethers, $HOME/.wireshark/ethers %WIRESHARK%\ethers, %APPDATA%\Wireshark\ethers
manuf Ethernet name resolution. /etc/manuf, $HOME/.wireshark/manuf %WIRESHARK%\manuf, %APPDATA%\Wireshark\manuf
hosts IPv4 and IPv6 name resolution. /etc/hosts, $HOME/.wireshark/hosts %WIRESHARK%\hosts, %APPDATA%\Wireshark\hosts
services Network services. /etc/services, $HOME/.wireshark/services %WIRESHARK%\services, %APPDATA%\Wireshark\services
subnets IPv4 subnet name resolution. /etc/subnets, $HOME/.wireshark/subnets %WIRESHARK%\subnets, %APPDATA%\Wireshark\subnets
ipxnets IPX name resolution. /etc/ipxnets, $HOME/.wireshark/ipxnets %WIRESHARK%\ipxnets, %APPDATA%\Wireshark\ipxnets
plugins Plugin directories. /usr/share/wireshark/plugins, /usr/local/share/wireshark/plugins, $HOME/.wireshark/plugins %WIRESHARK%\plugins\<version>, %APPDATA%\Wireshark\plugins
temp Temporary files. Environment: TMPDIR Environment: TMPDIR or TEMP
[Note] Windows folders
[Note] Unix/Linux folders

A.2.1. Protocol help configuration

# Wikipedia (en) protocol help file.

# Help file initialization
# source: The source of the help information, e.g. "Inacon" or "Wikipedia"
# version: Currently unused. Must be "1".
# url_template: Template for generated URLs. See "URL Data" below.
[database]
source=Wikipedia
version=1
url_template=http://${language}.wikipedia.org/wiki/${PATH}

# Substitution data for the location template.
# Each occurence of the keys below in the location template will be
# substituted with their corresponding values. For example, "${license}"
# in the URL template above will be replaced with the value of "license"
# below.
#
# PATH is reserved for the help paths below; do not specify it here.
[location data]
language = en

# Maps Wireshark protocol names to section names below. Each key MUST match
# a valid protocol name. Each value MUST have a matching section below.
[map]
tcp=TCP

# Mapped protocol sections.
# Keys must match protocol detail items descriptions.
[TCP]
_OVERVIEW=Transmission_Control_Protocol
Destination port=Transmission_Control_Protocol#TCP_ports
Source port=Transmission_Control_Protocol#TCP_ports
      
[database]
source=Wikipedia
version=1
location=http://en.wikipedia.org/wiki/

[map]
tcp=TCP

[TCP]
_OVERVIEW=Transmission_Control_Protocol
Destination port=Transmission_Control_Protocol#TCP_ports
Source port=Transmission_Control_Protocol#TCP_ports