# Configuration file for Wireshark 1.0.0. # # This file is regenerated each time preferences are saved within # Wireshark. Making manual changes should be safe, however. ######## User Interface ######## # Vertical scrollbars should be on right side? # TRUE or FALSE (case-insensitive). gui.scrollbar_on_right: TRUE # Packet-list selection bar can be used to browse w/o selecting? # TRUE or FALSE (case-insensitive). gui.packet_list_sel_browse: FALSE # Protocol-tree selection bar can be used to browse w/o selecting? # TRUE or FALSE (case-insensitive). gui.protocol_tree_sel_browse: FALSE # Alternating colors in TreeViews? # TRUE or FALSE (case-insensitive). gui.tree_view_altern_colors: FALSE # Place filter toolbar inside the statusbar? # TRUE or FALSE (case-insensitive). gui.filter_toolbar_show_in_statusbar: FALSE # Protocol-tree line style. # One of: NONE, SOLID, DOTTED, TABBED gui.protocol_tree_line_style: NONE # Protocol-tree expander style. # One of: NONE, SQUARE, TRIANGLE, CIRCULAR gui.protocol_tree_expander_style: SQUARE # Hex dump highlight style. # One of: BOLD, INVERSE gui.hex_dump_highlight_style: INVERSE # Main Toolbar style. # One of: ICONS, TEXT, BOTH gui.toolbar_main_style: ICONS # Save window position at exit? # TRUE or FALSE (case-insensitive). gui.geometry.save.position: FALSE # Save window size at exit? # TRUE or FALSE (case-insensitive). gui.geometry.save.size: TRUE # Save window maximized state at exit (GTK2 only)? # TRUE or FALSE (case-insensitive). gui.geometry.save.maximized: TRUE # Open a console window (WIN32 only)? # One of: NEVER, AUTOMATIC, ALWAYS gui.console_open: NEVER # The max. number of items in the open recent files list. # A decimal number. gui.recent_files_count.max: 10 # Where to start the File Open dialog box. # One of: LAST_OPENED, SPECIFIED gui.fileopen.style: LAST_OPENED # Directory to start in when opening File Open dialog. gui.fileopen.dir: # The preview timeout in the File Open dialog. # A decimal number (in seconds). gui.fileopen.preview: 3 # Ask to save unsaved capture files? # TRUE or FALSE (case-insensitive). gui.ask_unsaved: FALSE # Wrap to beginning/end of file during search? # TRUE or FALSE (case-insensitive). gui.find_wrap: TRUE # Settings dialogs use a save button? # TRUE or FALSE (case-insensitive). gui.use_pref_save: FALSE # The path to the webbrowser. # Ex: mozilla %s gui.webbrowser: xdg-open %s # Custom window title. (Prepended to existing titles.) gui.window_title: ######## User Interface: Layout ######## # Layout type (1-6). gui.layout_type: 1 # Layout content of the panes (1-3). # One of: NONE, PLIST, PDETAILS, PBYTES gui.layout_content_1: PLIST gui.layout_content_2: PDETAILS gui.layout_content_3: PBYTES ######## User Interface: Columns ######## # Packet list column format. # Each pair of strings consists of a column title and its format. column.format: "No.", "%m", "Time", "%t", "Source", "%s", "Destination", "%d", "Protocol", "%p", "Info", "%i" ######## User Interface: Font ######## # Font name for packet list, protocol tree, and hex dump panes (GTK version 1). gui.font_name: -misc-fixed-medium-r-semicondensed-*-*-100-*-*-*-*-iso8859-1 # Font name for packet list, protocol tree, and hex dump panes (GTK version 2). gui.gtk2.font_name: Monospace 10 ######## User Interface: Colors ######## # Color preferences for a marked frame. # Each value is a six digit hexadecimal color value in the form rrggbb. gui.marked_frame.fg: ffffff gui.marked_frame.bg: 000000 # TCP stream window color preferences. # Each value is a six digit hexadecimal color value in the form rrggbb. stream.client.fg: 7f0000 stream.client.bg: fbeded stream.server.fg: 00007f stream.server.bg: ededfb ######## Console: logging level ######## # (debugging only, not in the Preferences dialog) # A bitmask of glib log levels: # G_LOG_LEVEL_ERROR = 4 # G_LOG_LEVEL_CRITICAL = 8 # G_LOG_LEVEL_WARNING = 16 # G_LOG_LEVEL_MESSAGE = 32 # G_LOG_LEVEL_INFO = 64 # G_LOG_LEVEL_DEBUG = 128 console.log.level: 28 ####### Capture ######## # Default capture device capture.device: eth0 # Capture in promiscuous mode? # TRUE or FALSE (case-insensitive). capture.prom_mode: TRUE # Update packet list in real time during capture? # TRUE or FALSE (case-insensitive). capture.real_time_update: TRUE # Scroll packet list during capture? # TRUE or FALSE (case-insensitive). capture.auto_scroll: TRUE # Show capture info dialog while capturing? # TRUE or FALSE (case-insensitive). capture.show_info: FALSE ######## Printing ######## # Can be one of "text" or "postscript". print.format: text # Can be one of "command" or "file". print.destination: command # This is the file that gets written to when the destination is set to "file" print.file: wireshark.out # Output gets piped to this command when the destination is set to "command" print.command: lpr ####### Name Resolution ######## # Resolve addresses to names? # TRUE or FALSE (case-insensitive), or a list of address types to resolve. name_resolve: mt # Name resolution concurrency. # A decimal number. name_resolve_concurrency: 500 ####### RTP Player ######## # Maximum visible channels in RTP Player window. # An integer value greater than 0. rtp_player.max_visible: 4 ####### Protocols ######## # Enable this option to recognise all traffic on RTP dynamic payload type 96 (0x60) as FEC data corresponding to Pro-MPEG Code of Practice #3 release 2 # TRUE or FALSE (case-insensitive). 2dparityfec.enable: FALSE # Enable Architecture for Control Networks dissector (ANSI BSR E1.17) # TRUE or FALSE (case-insensitive). acn.heuristic_acn: FALSE # Enable Streaming DMX extension dissector (ANSI BSR E1.31) # TRUE or FALSE (case-insensitive). acn.dmx_enable: FALSE # Display format # One of: Hex , Decimal, Percent # (case-insensitive). acn.dmx_display_view: Hex # Display zeros instead of dots # TRUE or FALSE (case-insensitive). acn.dmx_display_zeros: FALSE # Display leading zeros on levels # TRUE or FALSE (case-insensitive). acn.dmx_display_leading_zeros: FALSE # Display line format # One of: 20 per line, 16 per line # (case-insensitive). acn.dmx_display_line_format: 20 per line # Set the UDP port for AudioCodes Trunk Traces.Use http://x.x.x.x/TrunkTraces to enable the traces in the Blade # A decimal number. actrace.udp_port: 2428 # Set the TCP port for AgentX(if other than the default of 705) # A decimal number. agentx.tcp.agentx_port: 705 # Whether the AH payload decode should be placed in a subtree # TRUE or FALSE (case-insensitive). ah.place_ah_payload_in_subtree: FALSE # Whether the AIM dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). aim.desegment: TRUE # Whether that payload of UDP packets with a specific destination port should be automatically dissected as ALC packets # TRUE or FALSE (case-insensitive). alc.default.udp_port.enabled: FALSE # Specifies the UDP destination port for automatic dissection of ALC packets # A decimal number. alc.default.udp_port: 4001 # Whether the LCT header Codepoint field should be considered the FEC Encoding ID of carried object # TRUE or FALSE (case-insensitive). alc.lct.codepoint_as_fec_id: TRUE # How to decode LCT header extention 192 # One of: Don't decode, Decode as FLUTE extension (EXT_FDT) # (case-insensitive). alc.lct.ext.192: Decode as FLUTE extension (EXT_FDT) # How to decode LCT header extention 193 # One of: Don't decode, Decode as FLUTE extension (EXT_CENC) # (case-insensitive). alc.lct.ext.193: Decode as FLUTE extension (EXT_CENC) # Whether persistent call leg information is to be kept # TRUE or FALSE (case-insensitive). alcap.leg_info: TRUE # The dynamic payload type which will be interpreted as AMR # A decimal number. amr.dynamic.payload.type: 0 # Type of AMR encoding of the payload # One of: RFC 3267 octet aligned, RFC 3267 BW-efficient, AMR IF1, AMR IF2 # (case-insensitive). amr.encoding.version: RFC 3267 octet aligned # The AMR mode # One of: Narrowband AMR, Wideband AMR # (case-insensitive). amr.mode: Narrowband AMR # (if other than the default of IOS 4.0.1) # One of: IS-634 rev. 0, TSB-80, IS-634-A, IOS 2.x, IOS 3.x, IOS 4.0.1, IOS 5.0.1 # (case-insensitive). ansi_a_bsmap.global_variant: IOS 4.0.1 # ANSI MAP SSNs to decode as ANSI MAP # A string denoting an positive integer range (e.g., "1-20,30-40"). ansi_map.map.ssn: 5-14 # Attempt to detect excessive rate of ARP requests # TRUE or FALSE (case-insensitive). arp.detect_request_storms: FALSE # Number of requests needed within period to indicate a storm # A decimal number. arp.detect_storm_number_of_packets: 30 # Period in milliseconds during which a packet storm may be detected # A decimal number. arp.detect_storm_period: 100 # Attempt to detect duplicate use of IP addresses # TRUE or FALSE (case-insensitive). arp.detect_duplicate_ips: TRUE # The UDP port on which Art-Net packets will be sent # A decimal number. artnet.udp_port: 6454 # The way DMX values are displayed # One of: Percent, Hexadecimal, Decimal # (case-insensitive). artnet.dmx_disp_chan_val_type: Percent # The way DMX channel numbers are displayed # One of: Hexadecimal, Decimal # (case-insensitive). artnet.dmx_disp_chan_nr_type: Hexadecimal # The number of columns for the DMX display # One of: 6, 10, 12, 16, 24 # (case-insensitive). artnet.dmx_disp_col_count: 16 # The TCP ports on which ASN.1 messages will be read # A string denoting an positive integer range (e.g., "1-20,30-40"). asn1.tcp_ports: 0 # The UDP ports on which ASN.1 messages will be read # A string denoting an positive integer range (e.g., "1-20,30-40"). asn1.udp_ports: 0 # The SCTP ports on which ASN.1 messages will be read # A string denoting an positive integer range (e.g., "1-20,30-40"). asn1.sctp_ports: 0 # Desegment ASN.1 messages that span TCP segments # TRUE or FALSE (case-insensitive). asn1.desegment_messages: TRUE # Compiled ASN.1 description of ASN.1 types # A string. asn1.file: # Name of top level PDU # A string. asn1.pdu_name: ASN1 # Offset for non-reassembled packets, wrong if this happens on other than the first packet! # A decimal number. asn1.first_pdu_offset: 0 # Show full names for all values # TRUE or FALSE (case-insensitive). asn1.flat: FALSE # Allow this recursion level for eliminated type references # One of: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 # (case-insensitive). asn1.type_recursion: 1 # Extra output useful for debuging # TRUE or FALSE (case-insensitive). asn1.debug: FALSE # log to file $TMP/wireshark.log # TRUE or FALSE (case-insensitive). asn1.verbose_log: FALSE # Autodection between LANE and SSCOP is hard. As default LANE is preferred # TRUE or FALSE (case-insensitive). atm.dissect_lane_as_sscop: FALSE # Whether the ATP dissector should reassemble messages spanning multiple DDP packets # TRUE or FALSE (case-insensitive). atp.desegment: TRUE # Set the port for BEEP messages (if other than the default of 10288) # A decimal number. beep.tcp.port: 10288 # Specifies that BEEP requires CRLF as a terminator, and not just CR or LF # TRUE or FALSE (case-insensitive). beep.strict_header_terminator: TRUE # Whether the dissector should also display internal ASN.1 BER details such as Identifier and Length fields # TRUE or FALSE (case-insensitive). ber.show_internals: FALSE # Whether the dissector should decode unexpected tags as ASN.1 BER encoded data # TRUE or FALSE (case-insensitive). ber.decode_unexpected: FALSE # Whether the dissector should try decoding OCTET STRINGs as constructed ASN.1 BER encoded data # TRUE or FALSE (case-insensitive). ber.decode_octetstring: FALSE # Whether the BGP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). bgp.desegment: TRUE # BGP dissector detect the length of the AS number in AS_PATH attributes automatically or manually (NOTE: Automatic detection is not 100% accurate) # One of: Auto-detect, 2 octet, 4 octet # (case-insensitive). bgp.asn_len: Auto-detect # Whether the BitTorrent dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). bittorrent.desegment: TRUE # Enabling this will tell which BitTorrent client that produced the handshake message # TRUE or FALSE (case-insensitive). bittorrent.decode_client: FALSE # Novell Servers option 85 can be configured as a string instead of address # TRUE or FALSE (case-insensitive). bootp.novellserverstring: FALSE # The PacketCable CCC protocol version # One of: PKT-SP-PROV-I05-021127, IETF Draft 5, RFC 3495 # (case-insensitive). bootp.pkt.ccc.protocol_version: RFC 3495 # Option Number for PacketCable CableLabs Client Configuration # A decimal number. bootp.pkt.ccc.option: 122 # For the sake of sub-dissectors registering to accept data from the BSSAP/BSAP dissector, this defines whether it is identified as BSSAP or BSAP. # One of: BSSAP, BSAP # (case-insensitive). bssap.bsap_or_bssap: BSSAP # Set Subsystem number used for BSSAP/BSSAP+ # A decimal number. bssap.ssn: 98 # Decode NRI (for use with SGSN in Pool) # TRUE or FALSE (case-insensitive). bssgp.decode_nri: FALSE # NRI length, in bits # A decimal number. bssgp.nri_length: 4 # Whether the ACL dissector should reassemble fragmented PDUs # TRUE or FALSE (case-insensitive). bthci_acl.btacl_reassembly: TRUE # Set an additional UDP port, besides the standard X'BAC0' (47808) port. # A decimal number. bvlc.additional_udp_port: 0 # The date format: (DD/MM) or (MM/DD) # One of: DD/MM/YYYY, MM/DD/YYYY # (case-insensitive). camel.date.format: DD/MM/YYYY # TCAP Subsystem numbers used for Camel # A string denoting an positive integer range (e.g., "1-20,30-40"). camel.tcap.ssn: 6-9 # Activate the analyse for Response Time # TRUE or FALSE (case-insensitive). camel.srt: FALSE # Statistics for Response Time # TRUE or FALSE (case-insensitive). camel.persistentsrt: FALSE # Whether the CAST dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). cast.reassembly: TRUE # Set the port(s) for NetFlow messages (default: 2055,9996) # A string denoting an positive integer range (e.g., "1-20,30-40"). cflow.netflow.ports: 2055,9996 # Set the port(s) for IPFIX messages (default: 4739) # A string denoting an positive integer range (e.g., "1-20,30-40"). cflow.ipfix.ports: 4739 # The type of CHDLC frame checksum (none, 16-bit, 32-bit) # One of: None, 16-Bit, 32-Bit # (case-insensitive). chdlc.fcs_type: None # The version of CIGI with which to dissect packets # One of: From Packet, CIGI 2, CIGI 3 # (case-insensitive). cigi.version: From Packet # The byte order with which to dissect CIGI packets (CIGI3) # One of: From Packet, Big-Endian, Little-Endian # (case-insensitive). cigi.byte_order: From Packet # IPv4 address or hostname of the host # A string. cigi.host: # IPv4 address or hostname of the image generator # A string. cigi.ig: # NSAP selector for Transport Protocol (last byte in hex) # A hexadecimal number. clnp.tp_nsap_selector: 0x21 # Always try to decode NSDU as transport PDUs # TRUE or FALSE (case-insensitive). clnp.always_decode_transport: FALSE # Whether segmented CLNP datagrams should be reassembled # TRUE or FALSE (case-insensitive). clnp.reassemble: TRUE # Whether the CMP-over-TCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). cmp.desegment: TRUE # Set the TCP port for COPS messages # A decimal number. cops.tcp.cops_port: 3288 # Whether the COPS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). cops.desegment: TRUE # Decode the COPS messages using PacketCable clients. (Select port 2126) # TRUE or FALSE (case-insensitive). cops.packetcable: TRUE # PIB settings can be changed in the Name Resolution preferences # Whether segmented COTP datagrams should be reassembled. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). cotp.reassemble: TRUE # How TSAPs should be displayed # One of: As strings if printable, As strings, As bytes # (case-insensitive). cotp.tsap_display: As strings if printable # Set the port for CPFI messages (if other than the default of 5000) # A decimal number. cpfi.udp.port: 5000 # Set the port for InstanceToInstance messages (if other than the default of 5001) # A decimal number. cpfi.udp.port2: 5001 # Control the way the '-->' is displayed. When enabled, keeps the 'lowest valued' endpoint of the src-dest pair on the left, and the arrow moves to distinguish source from dest. When disabled, keeps the arrow pointing right so the source of the frame is always on the left. # TRUE or FALSE (case-insensitive). cpfi.arrow_ctl: TRUE # Set the destination UDP port Cisco wireless IDS messages # A decimal number. cwids.udp.port: 0 # Set the port for DAP operations (if other than the default of 102) # A decimal number. dap.tcp.port: 102 # Whether the DCCP summary line should be shown in the protocol tree # TRUE or FALSE (case-insensitive). dccp.summary_in_tree: TRUE # Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port # TRUE or FALSE (case-insensitive). dccp.try_heuristic_first: FALSE # Whether to check the validity of the DCCP checksum # TRUE or FALSE (case-insensitive). dccp.check_checksum: TRUE # Whether the DCE/RPC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). dcerpc.desegment_dcerpc: TRUE # Whether the DCE/RPC dissector should reassemble fragmented DCE/RPC PDUs # TRUE or FALSE (case-insensitive). dcerpc.reassemble_dcerpc: TRUE # Display some DCOM unmarshalled fields usually hidden # TRUE or FALSE (case-insensitive). dcom.display_unmarshalling_details: FALSE # If a payload looks like its embedded in an IP primitive message, and there is a wireshark dissector matching the DCT2000 protocol name, try parsing the payload using that dissector # TRUE or FALSE (case-insensitive). dct2000.ipprim_heuristic: TRUE # If a payload looks like its embedded in an SCTP primitive message, and there is a wireshark dissector matching the DCT2000 protocol name, try parsing the payload using that dissector # TRUE or FALSE (case-insensitive). dct2000.sctpprim_heuristic: TRUE # Set the port for DHCP failover communications # A decimal number. dhcpfo.tcp_port: 519 # Whether the DHCP failover dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). dhcpfo.desegment: TRUE # TCP ports to be decoded as Diameter (default: 3868,3868) # A string denoting an positive integer range (e.g., "1-20,30-40"). diameter.tcp.ports: 3868,3868 # Set the SCTP port for Diameter messages # A decimal number. diameter.sctp.port: 3868 # Whether the Diameter dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). diameter.desegment: TRUE # Set the UDP port for DIS messages # A decimal number. dis.udp.port: 3000 # Set the port for DISP operations (if other than the default of 102) # A decimal number. disp.tcp.port: 102 # Set the TCP port for DISTCC messages # A decimal number. distcc.tcp.port: 3632 # Whether the DISTCC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). distcc.desegment_distcc_over_tcp: TRUE # Set the TCP port for Distributed Lock Manager # A decimal number. dlm3.tcp.port: 21064 # Set the SCTP port for Distributed Lock Manager # A decimal number. dlm3.sctp.port: 21064 # Port numbers used for DMP traffic # A string denoting an positive integer range (e.g., "1-20,30-40"). dmp.udp_ports: # Calculate sequence/acknowledgement analysis # TRUE or FALSE (case-insensitive). dmp.seq_ack_analysis: TRUE # Align identifiers in info list (does not align when retransmission or duplicate acknowledgement indication) # TRUE or FALSE (case-insensitive). dmp.align_ids: FALSE # Print subject as body id in free text messages with subject # TRUE or FALSE (case-insensitive). dmp.subject_as_id: FALSE # Format of the structured message id # One of: None, 1 Byte value, 2 Byte value, 4 Byte value, 8 Byte value, Fixed text string, Zero terminated text string # (case-insensitive). dmp.struct_print: None # Used to set where the structured message id starts in the User Data # A decimal number. dmp.struct_offset: 0 # Used to set length of fixed text string in the structured message id format (maximum 128 characters) # A decimal number. dmp.struct_length: 1 # Whether the DNP3 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). dnp3.desegment: TRUE # Whether the DNS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). dns.desegment_dns_messages: TRUE # Set the port for DOP operations (if other than the default of 102) # A decimal number. dop.tcp.port: 102 # Whether the DRDA dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). drda.desegment: TRUE # Whether the DSI dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). dsi.desegment: TRUE # Set the port for DSP operations (if other than the default of 102) # A decimal number. dsp.tcp.port: 102 # Set the TDP port for the DTPT Server # A decimal number. dtpt.tcp.port: 5721 # Allow only packets with Major=0x03//Minor=0xFF as DVMRP V3 packets # TRUE or FALSE (case-insensitive). dvmrp.strict_v3: FALSE # Whether the eDonkey dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). edonkey.desegment: TRUE # Whether the EtherNet/IP dissector should desegment all messages spanning multiple TCP segments # TRUE or FALSE (case-insensitive). enip.desegment: TRUE # The UDP port on which ENTTEC packets will be sent # A decimal number. enttec.udp_port: 3333 # The TCP port on which ENTTEC packets will be sent # A decimal number. enttec.tcp_port: 3333 # The way DMX values are displayed # One of: Percent, Hexadecimal, Decimal # (case-insensitive). enttec.dmx_disp_chan_val_type: Percent # The way DMX channel numbers are displayed # One of: Hexadecimal, Decimal # (case-insensitive). enttec.dmx_disp_chan_nr_type: Hexadecimal # The number of columns for the DMX display # One of: 6, 10, 12, 16, 24 # (case-insensitive). enttec.dmx_disp_col_count: 16 # If you are capturing in networks with multiplexed or slow nodes, this can be useful # TRUE or FALSE (case-insensitive). epl.show_soc_flags: FALSE # Protocol encapsulated in HDLC records # One of: Cisco HDLC, PPP serial, Frame Relay, SS7 MTP2, Raw data # (case-insensitive). erf.erfhdlc: SS7 MTP2 # Protocol encapsulated in ATM records # One of: ATM, LLC, Raw data # (case-insensitive). erf.erfatm: Raw data # Protocol encapsulated in Ethernet records # One of: Ethernet with FCS, Ethernet, Raw data # (case-insensitive). erf.erfeth: Raw data # This is done only if the Decoding is not SET or the packet does not belong to a SA. Assumes a 12 byte auth (HMAC-SHA1-96/HMAC-MD5-96/AES-XCBC-MAC-96) and attempts decode based on the ethertype 13 bytes from packet end # TRUE or FALSE (case-insensitive). esp.enable_null_encryption_decode_heuristic: FALSE # Whether packets should be interpreted as coming from CheckPoint FireWall-1 monitor file if they look as if they do # TRUE or FALSE (case-insensitive). eth.interpret_as_fw1_monitor: FALSE # Set TCP port 1 for etheric messages # A decimal number. etheric.tcp.port1: 1806 # Set TCP port 2 for etheric messages # A decimal number. etheric.tcp.port2: 10002 # Controls the display of the session's username in the info column. This is only displayed if the packet containing it was seen during this capture session. # TRUE or FALSE (case-insensitive). exec.info_show_username: TRUE # Controls the display of the command being run on the server by this session in the info column. This is only displayed if the packet containing it was seen during this capture session. # TRUE or FALSE (case-insensitive). exec.info_show_command: FALSE # If enabled, reassembly of multi-frame sequences is done # TRUE or FALSE (case-insensitive). fc.reassemble: TRUE # This is the size of non-last frames in a multi-frame sequence # A decimal number. fc.max_frame_size: 1024 # Whether the FCIP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). fcip.desegment: TRUE # Port number used for FCIP # A decimal number. fcip.target_port: 3225 # Whether the FDDI dissector should add 3-byte padding to all captured FDDI packets (useful with e.g. Tru64 UNIX tcpdump) # TRUE or FALSE (case-insensitive). fddi.padding: FALSE # With this option display filters for fmp fhandle a RPC call, even if the actual fhandle is only present in one of the packets # TRUE or FALSE (case-insensitive). fmp.fhandle_find_both_reqrep: FALSE # Encapsulation # One of: FRF 3.2/Cisco HDLC, GPRS Network Service, Raw Ethernet # (case-insensitive). fr.encap: FRF 3.2/Cisco HDLC # Show File Offset # TRUE or FALSE (case-insensitive). frame.show_file_off: FALSE # Treat all frames as DOCSIS Frames # TRUE or FALSE (case-insensitive). frame.force_docsis_encap: FALSE # Whether the FireWall-1 summary line should be shown in the protocol tree # TRUE or FALSE (case-insensitive). fw1.summary_in_tree: TRUE # Whether the Firewall-1 monitor file includes UUID information # TRUE or FALSE (case-insensitive). fw1.with_uuid: FALSE # Whether the interface list includes the chain position # TRUE or FALSE (case-insensitive). fw1.iflist_with_chain: FALSE # Whether the GIOP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). giop.desegment_giop_messages: TRUE # File containing stringified IORs, one per line. # A string. giop.ior_txt: IOR.txt # Whether the Gryphon dissector should desegment all messages spanning multiple TCP segments # TRUE or FALSE (case-insensitive). gryphon.desegment: TRUE # Always decode a GSM Short Message as Connectionless WSP if a Port Number Information Element is present in the SMS User Data Header. # TRUE or FALSE (case-insensitive). gsm-sms-ud.port_number_udh_means_wsp: FALSE # Always try subdissection of the 1st fragment of a fragmented GSM Short Message. If reassembly is possible, the Short Message may be dissected twice (once as a short frame, once in its entirety). # TRUE or FALSE (case-insensitive). gsm-sms-ud.try_dissect_1st_fragment: FALSE # Prevent sub-dissectors from replacing column data with their own. Eg. Prevent WSP dissector overwriting SMPP information. # TRUE or FALSE (case-insensitive). gsm-sms-ud.prevent_dissectors_chg_cols: FALSE # TCAP Subsystem numbers used for GSM MAP # A string denoting an positive integer range (e.g., "1-20,30-40"). gsm_map.tcap.ssn: 6-9 # Whether or not to try reassembling GSSAPI blobs spanning multiple (SMB/SessionSetup) PDUs # TRUE or FALSE (case-insensitive). gss-api.gssapi_reassembly: TRUE # GTPv0 port (default 3386) # A decimal number. gtp.v0_port: 3386 # GTPv1 control plane port (default 2123) # A decimal number. gtp.v1c_port: 2123 # GTPv1 user plane port (default 2152) # A decimal number. gtp.v1u_port: 2152 # Dissect T-PDU # TRUE or FALSE (case-insensitive). gtp.dissect_tpdu: TRUE # GTP ETSI order # TRUE or FALSE (case-insensitive). gtp.check_etsi: FALSE # Dissect GTP over TCP # TRUE or FALSE (case-insensitive). gtp.dissect_gtp_over_tcp: TRUE # H.225 Server TLS Port # A decimal number. h225.tls.port: 1300 # Whether the H.225 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). h225.reassembly: TRUE # ON - display tunnelled H.245 inside H.225.0 tree, OFF - display tunnelled H.245 in root tree after H.225.0 # TRUE or FALSE (case-insensitive). h225.h245_in_tree: TRUE # ON - display tunnelled protocols inside H.225.0 tree, OFF - display tunnelled protocols in root tree after H.225.0 # TRUE or FALSE (case-insensitive). h225.tp_in_tree: TRUE # Whether the H.245 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). h245.reassembly: TRUE # Whether the dissector should show short names or the long names from the standard # TRUE or FALSE (case-insensitive). h245.shorttypes: FALSE # Mantain relationships between transactions and contexts and display an extra tree showing context data # TRUE or FALSE (case-insensitive). h248.ctx_info: FALSE # Port to be decoded as h248 # A decimal number. h248.udp_port: 2945 # Port to be decoded as h248 # A decimal number. h248.tcp_port: 2945 # Desegment H.248 messages that span more TCP segments # TRUE or FALSE (case-insensitive). h248.desegment: TRUE # The dynamic payload type which will be interpreted as H264 # A decimal number. h263p.dynamic.payload.type: 0 # The dynamic payload type which will be interpreted as H264 # A decimal number. h264.dynamic.payload.type: 0 # Port to be decoded as h501 # A decimal number. h501.udp.port: 2099 # Port to be decoded as h501 # A decimal number. h501.tcp.port: 2099 # Desegment H.501 messages that span more TCP segments # TRUE or FALSE (case-insensitive). h501.desegment: TRUE # Enable this dissector (default is false) # TRUE or FALSE (case-insensitive). hilscher.enable: FALSE # Whether the HTTP dissector should reassemble headers of a request spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). http.desegment_headers: TRUE # Whether the HTTP dissector should use the "Content-length:" value, if present, to reassemble the body of a request spanning multiple TCP segments, and reassemble chunked data spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). http.desegment_body: TRUE # Whether to reassemble bodies of entities that are transfered using the "Transfer-Encoding: chunked" method # TRUE or FALSE (case-insensitive). http.dechunk_body: TRUE # Whether to uncompress entity bodies that are compressed using "Content-Encoding: " # TRUE or FALSE (case-insensitive). http.decompress_body: TRUE # TCP Ports range # A string denoting an positive integer range (e.g., "1-20,30-40"). http.tcp.port: 80,3128,3132,8080,8088,11371,3689,1900 # SSL/TLS Ports range # A string denoting an positive integer range (e.g., "1-20,30-40"). http.ssl.port: 443 # Whether the 128th and following bytes of the ICMP payload should be decoded as MPLS extensions or as a portion of the original packet # TRUE or FALSE (case-insensitive). icmp.favor_icmp_mpls: FALSE # Ethertype used to indicate IEEE 802.1ah tag. # A hexadecimal number. ieee8021ah.8021ah_ethertype: 0x88f0 # Whether the iFCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ifcp.desegment: TRUE # TCAP Subsystem numbers used for INAP # A string denoting an positive integer range (e.g., "1-20,30-40"). inap.ssn: 106,241 # Whether the IPv4 type-of-service field should be decoded as a Differentiated Services field (see RFC2474/RFC2475) # TRUE or FALSE (case-insensitive). ip.decode_tos_as_diffserv: TRUE # Whether fragmented IP datagrams should be reassembled # TRUE or FALSE (case-insensitive). ip.defragment: TRUE # Whether the IP summary line should be shown in the protocol tree # TRUE or FALSE (case-insensitive). ip.summary_in_tree: TRUE # Whether to validate the IP checksum # TRUE or FALSE (case-insensitive). ip.check_checksum: TRUE # Whether to correct for TSO-enabled hardware captures, such as spoofing the IP packet length # TRUE or FALSE (case-insensitive). ip.tso_support: FALSE # Whether the IPDC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ipdc.desegment_ipdc_messages: TRUE # Set the IPDC monitoring port # A decimal number. ipdc.tcp.port: 6668 # Whether fragmented IPv6 datagrams should be reassembled # TRUE or FALSE (case-insensitive). ipv6.defragment: TRUE # The iSCSI protocol version # One of: Draft 08, Draft 09, Draft 11, Draft 12, Draft 13 # (case-insensitive). iscsi.protocol_version: Draft 13 # Whether the iSCSI dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). iscsi.desegment_iscsi_messages: TRUE # When enabled, packets that appear bogus are ignored # TRUE or FALSE (case-insensitive). iscsi.bogus_pdu_filter: TRUE # Ignore packets that haven't set the F bit when they should have # TRUE or FALSE (case-insensitive). iscsi.demand_good_f_bit: FALSE # Treat packets whose data segment length is greater than this value as bogus # A decimal number. iscsi.bogus_pdu_max_data_len: 262144 # Port number of iSCSI target # A decimal number. iscsi.target_port: 3260 # When enabled, pdus are assumed to contain a data digest # TRUE or FALSE (case-insensitive). iscsi.enable_data_digests: FALSE # When enabled, data digests are assumed to be CRC32C # TRUE or FALSE (case-insensitive). iscsi.data_digest_is_crc32c: TRUE # The size of a data digest (bytes) # A decimal number. iscsi.data_digest_size: 4 # Whether the iSNS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). isns.desegment: TRUE # Show the CIC value (in addition to the message type) in the Info column # TRUE or FALSE (case-insensitive). isup.show_cic_in_info: TRUE # Whether APM messages datagrams should be reassembled # TRUE or FALSE (case-insensitive). isup.defragment_apm: TRUE # Set TCP port for ISUP Thin messages # A decimal number. isup_thin.tcp.port: 0 # Support Implementers Guide (version 01) # TRUE or FALSE (case-insensitive). iua.support_ig: FALSE # Whether IuUP Payload bits should be dissected # TRUE or FALSE (case-insensitive). iuup.dissect_payload: FALSE # The payload contains a two byte pseudoheader indicating direction and circuit_id # TRUE or FALSE (case-insensitive). iuup.two_byte_pseudoheader: FALSE # The dynamic payload type which will be interpreted as IuUP # A decimal number. iuup.dynamic.payload.type: 0 # Enable to have correctly typed MIME media dissected as JXTA Messages. # TRUE or FALSE (case-insensitive). jxta.msg.mediatype: TRUE # Whether the JXTA dissector should reassemble messages spanning multiple UDP/TCP/SCTP segments. To use this option you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings and enable "Reassemble fragmented IP datagrams" in the IP protocol settings. # TRUE or FALSE (case-insensitive). jxta.desegment: TRUE # Enable to inspect UDP datagrams for JXTA messages. # TRUE or FALSE (case-insensitive). jxta.udp.heuristic: TRUE # Enable to inspect TCP connections for JXTA conversations. # TRUE or FALSE (case-insensitive). jxta.tcp.heuristic: TRUE # Enable to inspect SCTP connections for JXTA conversations. # TRUE or FALSE (case-insensitive). jxta.sctp.heuristic: TRUE # A table of matches vs stack filenames and relative protocols # Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). kerberos.desegment: TRUE # Whether the dissector should try to decrypt encrypted Kerberos blobs. This requires that the proper keytab file is installed as well. # TRUE or FALSE (case-insensitive). kerberos.decrypt: FALSE # The keytab file containing all the secrets # A string. kerberos.file: insert filename here # Set the port for Kismet Client/Server messages (if other than the default of 2501) # A decimal number. kismet.tcp.port: 2501 # Whether the Kpasswd dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). kpasswd.desegment: TRUE # L2TPv3 Cookie Size # One of: None, 4 Byte Cookie, 8 Byte Cookie # (case-insensitive). l2tp.cookie_size: 4 Byte Cookie # L2TPv3 L2-Specific Sublayer # One of: None, Default L2-Specific, ATM-Specific, LAPD-Specific # (case-insensitive). l2tp.l2_specific: Default L2-Specific # Decode L2TPv3 packet contents as this protocol # One of: Ethernet, Cisco HDLC, Frame Relay, PPP, IP, MPLS, AAL5, LAPD # (case-insensitive). l2tp.protocol: Cisco HDLC # Use SAPI values as specified in TS 48 056 # TRUE or FALSE (case-insensitive). lapd.use_gsm_sapi_values: FALSE # Whether the Laplink dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). laplink.desegment_laplink_over_tcp: TRUE # Whether the LDAP dissector should reassemble messages spanning multiple TCP segments.To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ldap.desegment_ldap_messages: TRUE # Set the port for LDAP operations # A decimal number. ldap.tcp.port: 389 # Set the port for LDAP operations over SSL # A decimal number. ldap.ssl.port: 636 # Set the TCP port for messages (if other than the default of 646) # A decimal number. ldp.tcp.port: 646 # Set the UDP port for messages (if other than the default of 646) # A decimal number. ldp.udp.port: 646 # Whether the LDP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ldp.desegment_ldp_messages: TRUE # Set UDP port for LGE Monitor messages # A decimal number. lge_monitor.udp.port: 0 # Whether to autodetect the cipher bit (because it might be set on unciphered data) # TRUE or FALSE (case-insensitive). llcgprs.autodetect_cipher_bit: FALSE # Dissect this ethertype as LLT traffic in addition to the default, 0xCAFE. # A hexadecimal number. llt.alternate_ethertype: 0 # UDP port number to use for LMP # A decimal number. lmp.udp_port: 701 # Set the TCP or UDP port for Pegasus LSC messages # A decimal number. lsc.port: 0 # Swap frame control bytes (needed for some APs # TRUE or FALSE (case-insensitive). lwapp.swap_fc: FALSE # Set the UDP port for lwres daemon(if other than the default of 921) # A decimal number. lwres.udp.lwres_port: 921 # Version used by Wireshark # One of: Internet Draft version 2, Internet Draft version 8, Internet Draft version 12 # (case-insensitive). m2pa.version: Internet Draft version 12 # Set the port for M2PA messages (Default of 3565) # A decimal number. m2pa.port: 3565 # The value of the parameter tag for protocol data 1 # One of: 0x000e (Draft 7), 0x0300 (RFC3331) # (case-insensitive). m2ua.protocol_data_1_tag: 0x0300 (RFC3331) # Version used by Wireshark # One of: Internet Draft version 5, Internet Draft version 6, Internet Draft version 7, RFC 3332 # (case-insensitive). m3ua.version: RFC 3332 # Whether the dissector should decrypt MAPI PDUs # TRUE or FALSE (case-insensitive). mapi.decrypt: FALSE # The name of the file containing the mate module's configuration # A string. mate.config: # A frame is considered for decoding as MDSHDR if either ethertype is 0xFCFC or zero. Turn this flag off if you you don't want ethertype zero to be decoded as MDSHDR. This might be useful to avoid problems with test frames. # TRUE or FALSE (case-insensitive). mdshdr.decode_if_etype_zero: TRUE # Set the TCP port for MEGACO text messages # A decimal number. megaco.tcp.txt_port: 2944 # Set the UDP port for MEGACO text messages # A decimal number. megaco.udp.txt_port: 2944 # Specifies that the raw text of the MEGACO message should be displayed instead of (or in addition to) the dissection tree # TRUE or FALSE (case-insensitive). megaco.display_raw_text: TRUE # Specifies that the dissection tree of the MEGACO message should be displayed instead of (or in addition to) the raw text # TRUE or FALSE (case-insensitive). megaco.display_dissect_tree: TRUE # Mantain relationships between transactions and contexts and display an extra tree showing context data # TRUE or FALSE (case-insensitive). megaco.ctx_info: FALSE # Set the UDP port for gateway messages (if other than the default of 2427) # A decimal number. mgcp.tcp.gateway_port: 2427 # Set the TCP port for gateway messages (if other than the default of 2427) # A decimal number. mgcp.udp.gateway_port: 2427 # Set the TCP port for callagent messages (if other than the default of 2727) # A decimal number. mgcp.tcp.callagent_port: 2727 # Set the UDP port for callagent messages (if other than the default of 2727) # A decimal number. mgcp.udp.callagent_port: 2727 # Specifies that the raw text of the MGCP message should be displayed instead of (or in addition to) the dissection tree # TRUE or FALSE (case-insensitive). mgcp.display_raw_text: FALSE # Display the number of MGCP messages found in a packet in the protocol column. # TRUE or FALSE (case-insensitive). mgcp.display_mgcp_message_count: FALSE # Set the port for MIKEY messages (if other than the default of 2269) # A decimal number. mikey.udp.port: 2269 # Set the port for MIKEY messages (if other than the default of 2269) # A decimal number. mikey.tcp.port: 2269 # Display multipart bodies with no media type dissector as raw text (may cause problems with binary data). # TRUE or FALSE (case-insensitive). mime_multipart.display_unknown_body_as_text: FALSE # Remove any base64 content-transfer encoding from bodies. This supports export of the body and its further dissection. # TRUE or FALSE (case-insensitive). mime_multipart.remove_base64_encoding: FALSE # Set the UDP port for messages (if other than the default of 3503) # A decimal number. mpls-echo.udp.port: 3503 # Whether the MQ dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). mq.desegment: TRUE # Whether the MQ dissector should reassemble MQ messages spanning multiple TSH segments # TRUE or FALSE (case-insensitive). mq.reassembly: TRUE # Specifies that the raw text of the MSRP message should be displayed in addition to the dissection tree # TRUE or FALSE (case-insensitive). msrp.display_raw_text: TRUE # Where available, show which protocol and frame caused this MSRP stream to be created # TRUE or FALSE (case-insensitive). msrp.show_setup_info: TRUE # Whether the MTP2 dissector should use extended sequence numbers as described in Q.703, Annex A as a default. # TRUE or FALSE (case-insensitive). mtp2.use_extended_sequence_numbers: FALSE # The SS7 standard used in MTP3 packets # One of: ITU, ANSI, Chinese ITU, Japan # (case-insensitive). mtp3.standard: ITU # The structure of the pointcodes in ITU networks # One of: Unstructured, 3-8-3, 4-3-4-3 # (case-insensitive). mtp3.itu_pc_structure: Unstructured # The structure of the pointcodes in Japan networks # One of: Unstructured, 7-4-5, 3-4-4-5 # (case-insensitive). mtp3.japan_pc_structure: Unstructured # Use 5-bit (instead of 8-bit) SLS in ANSI MTP3 packets # TRUE or FALSE (case-insensitive). mtp3.ansi_5_bit_sls: FALSE # Use 5-bit (instead of 4-bit) SLS in Japan MTP3 packets # TRUE or FALSE (case-insensitive). mtp3.japan_5_bit_sls: FALSE # Format for point code in the address columns # One of: Decimal, Hexadecimal, NI-Decimal, NI-Hexadecimal, Dashed # (case-insensitive). mtp3.addr_format: Dashed # Decode the spare bits of the SIO as the MSU priority (a national option in ITU) # TRUE or FALSE (case-insensitive). mtp3.itu_priority: FALSE # Whether the MySQL dissector should reassemble MySQL buffers spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). mysql.desegment_buffers: TRUE # Whether the MySQL dissector should display the SQL query string in the INFO column. # TRUE or FALSE (case-insensitive). mysql.show_sql_query: FALSE # Whether the NBD dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings # TRUE or FALSE (case-insensitive). nbd.desegment_nbd_messages: TRUE # Whether the NBSS dissector should reassemble packets spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). nbss.desegment_nbss_commands: TRUE # Whether the NCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ncp.desegment: TRUE # Whether the NCP dissector should defragment NDS messages spanning multiple reply packets. # TRUE or FALSE (case-insensitive). ncp.defragment_nds: TRUE # Dissect the NetWare Information Structure as NetWare 5.x or higher or as older NetWare 3.x. # TRUE or FALSE (case-insensitive). ncp.newstyle: TRUE # Whether the NCP dissector should echo the NDS Entry ID to name resolves to the expert table. # TRUE or FALSE (case-insensitive). ncp.eid_2_expert: TRUE # Whether the NCP dissector should echo NCP connection information to the expert table. # TRUE or FALSE (case-insensitive). ncp.connection_2_expert: FALSE # Whether the NCP dissector should echo protocol errors to the expert table. # TRUE or FALSE (case-insensitive). ncp.error_2_expert: TRUE # Whether the NCP dissector should echo server information to the expert table. # TRUE or FALSE (case-insensitive). ncp.server_2_expert: TRUE # Whether the NCP dissector should echo file open/close/oplock information to the expert table. # TRUE or FALSE (case-insensitive). ncp.file_2_expert: FALSE # Version of the NDMP protocol to assume if the version can not be automatically detected from the capture # One of: Version 2, Version 3, Version 4, Version 5 # (case-insensitive). ndmp.default_protocol_version: Version 4 # Whether the NDMP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ndmp.desegment: TRUE # Whether the dissector should defragment NDMP messages spanning multiple packets. # TRUE or FALSE (case-insensitive). ndmp.defragment: TRUE # Whether the NDPS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ndps.desegment_tcp: TRUE # Whether the NDPS dissector should reassemble fragmented NDPS messages spanning multiple SPX packets # TRUE or FALSE (case-insensitive). ndps.desegment_spx: TRUE # Whether or not the NDPS dissector should show object id's and other details # TRUE or FALSE (case-insensitive). ndps.show_oid: FALSE # Whether the NetBIOS dissector should defragment messages spanning multiple frames # TRUE or FALSE (case-insensitive). netbios.defragment: TRUE # The TCP port on which Monotone Netsync packets will be sent # A decimal number. netsync.tcp_port: 5253 # Whether the Netsync dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). netsync.desegment_netsync_messages: TRUE # Always dissect this port's traffic as newmail notifications. Additional ports will be dynamically registered as they are seen in MAPI register push notification packets. # A decimal number. newmail.default_port: 0 # Whether the dissector should snoop the FH to filename mappings by looking inside certain packets # TRUE or FALSE (case-insensitive). nfs.file_name_snooping: FALSE # Whether the dissector should snoop the full pathname for files for matching FH's # TRUE or FALSE (case-insensitive). nfs.file_full_name_snooping: FALSE # With this option display filters for nfs fhandles (nfs.fh.{name|full_name|hash}) will find both the request and response packets for a RPC call, even if the actual fhandle is only present in one of the packets # TRUE or FALSE (case-insensitive). nfs.fhandle_find_both_reqrep: FALSE # Decode all NFS file handles as if they are of this type # One of: Unknown, SVR4, KNFSD_LE, NFSD_LE, KNFSD_NEW, ONTAP_V3, ONTAP_V4, ONTAP_GX_V3 # (case-insensitive). nfs.default_fhandle_type: Unknown # Whether the dissector will track and match MSG and RES calls for asynchronous NLM # TRUE or FALSE (case-insensitive). nlm.msg_res_matching: FALSE # Check this to decode NORM traffic between clients # TRUE or FALSE (case-insensitive). norm.heuristic_norm: FALSE # UDP ports to be decoded as NSIP (default: 2157,19999) # A string denoting an positive integer range (e.g., "1-20,30-40"). nsip.udp.ports: 2157,19999 # NT Password (used to decrypt payloads) # A string. ntlmssp.nt_password: # Whether the OPSI dissector should desegment all messages spanning multiple TCP segments # TRUE or FALSE (case-insensitive). opsi.desegment_opsi_messages: TRUE # TCP port for OSI over TPKT # A decimal number. osi.tpkt_port: 0 # Whether segmented TPKT datagrams should be reassembled # TRUE or FALSE (case-insensitive). osi.tpkt_reassemble: FALSE # Set the port for P7 operations (if other than the default of 102) # A decimal number. p7.tcp.port: 102 # Port numbers used for P_Mul traffic # A string denoting an positive integer range (e.g., "1-20,30-40"). p_mul.udp_ports: # Reassemble fragmented P_Mul packets # TRUE or FALSE (case-insensitive). p_mul.reassemble: TRUE # Make the P_Mul dissector use relative message id number instead of absolute ones # TRUE or FALSE (case-insensitive). p_mul.relative_msgid: TRUE # Calculate sequence/acknowledgement analysis # TRUE or FALSE (case-insensitive). p_mul.seq_ack_analysis: TRUE # Type of content in Data_PDU # One of: No decoding, Compressed Data Type # (case-insensitive). p_mul.decode: No decoding # SCCP (and SUA) SSNs to decode as PCAP # A string denoting an positive integer range (e.g., "1-20,30-40"). pcap.ssn: # The UDP port on which Packet Cable Lawful Intercept packets will be sent # A decimal number. pcli.udp_port: 9000 # Whether the dissector should put the internal PER data in the tree or if it should hide it # TRUE or FALSE (case-insensitive). per.display_internal_per_fields: FALSE # Whether to check the validity of the PGM checksum # TRUE or FALSE (case-insensitive). pgm.check_checksum: TRUE # PGM Encap is PGM packets encapsulated in UDP packets (Note: This option is off, i.e. port is 0, by default) # A decimal number. pgm.udp.encap_ucast_port: 0 # PGM Encap is PGM packets encapsulated in UDP packets (Note: This option is off, i.e. port is 0, by default) # A decimal number. pgm.udp.encap_mcast_port: 0 # Set the port for PGSQL messages (if different from the default of 5432) # A decimal number. pgsql.tcp.port: 5432 # The password to used to decrypt the encrypted elements within the PKCS#12 file # A string. pkcs12.password: # Whether to try and decrypt the encrypted data within the PKCS#12 with a NULL password # TRUE or FALSE (case-insensitive). pkcs12.try_null_password: FALSE # Decode packets on this UDP port as PacketCable CCC # A decimal number. pkt_ccc.udp_port: 0 # Whether the PN-RT summary line should be shown in the protocol tree # TRUE or FALSE (case-insensitive). pn_rt.summary_in_tree: TRUE # Whether fragmented 802.11 aggregated MPDUs should be reassembled # TRUE or FALSE (case-insensitive). ppi.reassemble: TRUE # The type of PPP frame checksum (none, 16-bit, 32-bit) # One of: None, 16-Bit, 32-Bit # (case-insensitive). ppp.fcs_type: None # Whether Van Jacobson-compressed PPP frames should be decompressed # TRUE or FALSE (case-insensitive). ppp.decompress_vj: TRUE # Default Protocol ID to be used for PPPMuxCP # A hexadecimal number. ppp.default_proto_id: 0 # Show values of tags and lengths of data fields # TRUE or FALSE (case-insensitive). pppoed.show_tags_and_lengths: FALSE # Enable this dissector (default is false) # TRUE or FALSE (case-insensitive). prp.enable: FALSE # Whether the PVFS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). pvfs.desegment: TRUE # Whether the Q.931 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). q931.desegment_h323_messages: TRUE # Reassemble segmented Q.931 messages (Q.931 - Annex H) # TRUE or FALSE (case-insensitive). q931.reassembly: TRUE # Set the UDP port for the Quake Server # A decimal number. quake.udp.port: 26000 # Set the UDP port for the Quake II Server # A decimal number. quake2.udp.port: 27910 # Set the UDP base port for the Quake III Arena Server # A decimal number. quake3.udp.arena_port: 27960 # Set the UDP base port for the Quake III Arena Master Server # A decimal number. quake3.udp.master_port: 27950 # Set the UDP port for the QuakeWorld Server # A decimal number. quakeworld.udp.port: 27500 # Shared secret used to decode User Passwords # A string. radius.shared_secret: # Whether to add or not to the tree the AVP's payload length # TRUE or FALSE (case-insensitive). radius.show_length: FALSE # An alternate UDP port to decode as RADIUS # A decimal number. radius.alternate_port: 0 # Where available, show which protocol and frame caused this RDT stream to be created # TRUE or FALSE (case-insensitive). rdt.show_setup_info: TRUE # Register a client UDP port for RDT traffic # TRUE or FALSE (case-insensitive). rdt.register_udp_port: FALSE # Set the UDP port for clients # A decimal number. rdt.default_udp_port: 6970 # Whether the RPC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). rpc.desegment_rpc_over_tcp: TRUE # Whether the RPC dissector should defragment RPC-over-TCP messages. # TRUE or FALSE (case-insensitive). rpc.defragment_rpc_over_tcp: TRUE # Set the maximum size of RPCoverTCP PDUs. If the size field of the record marker is larger than this value it will not be considered a valid RPC PDU. # A decimal number. rpc.max_tcp_pdu_size: 262144 # Whether the RPC dissector should attempt to dissect RPC PDUs containing programs that are not known to Wireshark. This will make the heuristics significantly weaker and elevate the risk for falsely identifying and misdissecting packets significantly. # TRUE or FALSE (case-insensitive). rpc.dissect_unknown_programs: FALSE # Whether the RPC dissector should attempt to locate RPC PDU boundaries when initial fragment alignment is not known. This may cause false positives, or slow operation. # TRUE or FALSE (case-insensitive). rpc.find_fragment_start: FALSE # Specifies whether Wireshark should decode and display sub-messages within BUNDLE messages # TRUE or FALSE (case-insensitive). rsvp.process_bundle: TRUE # Set the TCP port for RSYNC messages # A decimal number. rsync.tcp_port: 873 # Whether the RSYNC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). rsync.desegment: TRUE # Where available, show which protocol and frame caused this RTCP stream to be created # TRUE or FALSE (case-insensitive). rtcp.show_setup_info: TRUE # If call control SIP/H.323/RTSP/.. messages are missing in the trace, RTCP isn't decoded without this # TRUE or FALSE (case-insensitive). rtcp.heuristic_rtcp: FALSE # Try to work out network delay by comparing time between packets as captured and delays as seen by endpoint # TRUE or FALSE (case-insensitive). rtcp.show_roundtrip_calculation: FALSE # Minimum (absolute) calculated roundtrip delay time in milliseconds that should be reported # A decimal number. rtcp.roundtrip_min_threshhold: 10 # Whether the RTMPT dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). rtmpt.desegment: TRUE # Where available, show which protocol and frame caused this RTP stream to be created # TRUE or FALSE (case-insensitive). rtp.show_setup_info: TRUE # If call control SIP/H323/RTSP/.. messages are missing in the trace, RTP isn't decoded without this # TRUE or FALSE (case-insensitive). rtp.heuristic_rtp: FALSE # Whether subdissector can request RTP streams to be reassembled # TRUE or FALSE (case-insensitive). rtp.desegment_rtp_streams: TRUE # If an RTP version 0 packet is encountered, it can be treated as an invalid packet, a STUN packet, or a T.38 packet # One of: Invalid RTP packets, STUN packets, T.38 packets # (case-insensitive). rtp.version0_type: Invalid RTP packets # Payload Type for RFC2198 Redundant Audio Data # A decimal number. rtp.rfc2198_payload_type: 99 # This is the value of the Payload Type fieldthat specifies RTP Events # A decimal number. rtpevent.event_payload_type_value: 101 # Whether segmented RTSE datagrams should be reassembled. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). rtse.reassemble: TRUE # Set the TCP port for RTSP messages # A decimal number. rtsp.tcp.port: 554 # Set the alternate TCP port for RTSP messages # A decimal number. rtsp.tcp.alternate_port: 8554 # Whether the RTSP dissector should reassemble headers of a request spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). rtsp.desegment_headers: TRUE # Whether the RTSP dissector should use the "Content-length:" value to desegment the body of a request spanning multiple TCP segments # TRUE or FALSE (case-insensitive). rtsp.desegment_body: TRUE # Set the UDP port for Reliable UDP traffic # A decimal number. rudp.udp.port: 0 # Whether the S5066 dissector should reassemble PDUs spanning multiple TCP segments. The default is to use reassembly. # TRUE or FALSE (case-insensitive). s5066.desegment_pdus: TRUE # Whether the S5066 dissector should dissect editon 1 of the STANAG. This editon was never formally approved and is very rare. The common edition is editon 1.2. # TRUE or FALSE (case-insensitive). s5066.edition_one: FALSE # Set the port for STANAG 5066. (If other than the default 5066. This number is registered with IANA.) # A decimal number. s5066.tcp.port: 5066 # The source point code (usually MSC) (to determine whether message is uplink or downlink) # A hexadecimal number. sccp.source_pc: 0 # Show parameter length in the protocol tree # TRUE or FALSE (case-insensitive). sccp.show_length: FALSE # Whether XUDT messages should be reassembled # TRUE or FALSE (case-insensitive). sccp.defragment_xudt: TRUE # Whether to keep infomation about messages and their associations # TRUE or FALSE (case-insensitive). sccp.trace_sccp: FALSE # Show SLR, DLR, and CAUSE Parameters in the Information Column of the Summary # TRUE or FALSE (case-insensitive). sccp.show_more_info: FALSE # A table that enumerates user protocols to be used against specific PCs and SSNs # When Target Cannot Be Identified, Decode SCSI Messages As # One of: Block Device, Sequential Device, Object Based Storage Device, Medium Changer Device, Multimedia Device # (case-insensitive). scsi.decode_scsi_messages_as: Block Device # Whether fragmented SCSI DATA IN/OUT transfers should be reassembled # TRUE or FALSE (case-insensitive). scsi.defragment: FALSE # Show source and destination port numbers in the protocol tree # TRUE or FALSE (case-insensitive). sctp.show_port_numbers_in_tree: TRUE # The type of checksum used in SCTP packets # One of: None, Adler 32, CRC 32c, Automatic # (case-insensitive). sctp.checksum: CRC 32c # Show always SCTP control chunks in the Info column # TRUE or FALSE (case-insensitive). sctp.show_always_control_chunks: TRUE # Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port or PPI # TRUE or FALSE (case-insensitive). sctp.try_heuristic_first: FALSE # Whether fragmented SCTP user messages should be reassembled # TRUE or FALSE (case-insensitive). sctp.reassembly: FALSE # Match TSNs and their SACKs # TRUE or FALSE (case-insensitive). sctp.tsn_analysis: FALSE # Specifies that RTP/RTCP/T.38/MSRP/etc streams are decoded based upon port numbers found in SDP payload # TRUE or FALSE (case-insensitive). sdp.establish_conversation: TRUE # Set the port(s) for sFlow messages (default: 6343) # A string denoting an positive integer range (e.g., "1-20,30-40"). sflow.ports: 6343 # Enabling dissection makes it easy to view protocol details in each of the sampled headers. Disabling dissection may reduce noise caused when display filters match the contents of any sampled header(s). # TRUE or FALSE (case-insensitive). sflow.enable_dissection: TRUE # This option only makes sense if dissection of sampled headers is enabled and probably not even then. # TRUE or FALSE (case-insensitive). sflow.enable_analysis: FALSE # Set UDP port 1 for SigComp messages # A decimal number. sigcomp.udp.port: 5555 # Set UDP port 2 for SigComp messages # A decimal number. sigcomp.udp.port2: 6666 # Set TCP port 1 for SigComp messages # A decimal number. sigcomp.tcp.port: 5555 # Set TCP port 2 for SigComp messages # A decimal number. sigcomp.tcp.port2: 6666 # Preference whether to Dissect the UDVM code or not # TRUE or FALSE (case-insensitive). sigcomp.display.udvm.code: TRUE # preference whether to display the bytecode in UDVM operands or not # TRUE or FALSE (case-insensitive). sigcomp.display.bytecode: FALSE # preference whether to decompress message or not # TRUE or FALSE (case-insensitive). sigcomp.decomp.msg: TRUE # preference whether to display the decompressed message as raw text or not # TRUE or FALSE (case-insensitive). sigcomp.display.decomp.msg.as.txt: FALSE # 0 = UDVM executes silently, then increasing detail about execution of UDVM instructions, Warning! CPU intense at high detail # One of: No-Printout, Low-detail, Medium-detail, High-detail # (case-insensitive). sigcomp.show.udvm.execution: No-Printout # SIP Server TCP Port # A decimal number. sip.tcp.port: 5060 # SIP Server TLS Port # A decimal number. sip.tls.port: 5061 # Specifies that the raw text of the SIP message should be displayed in addition to the dissection tree # TRUE or FALSE (case-insensitive). sip.display_raw_text: FALSE # If enabled, only SIP/2.0 traffic will be dissected as SIP. Disable it to allow SIP traffic with a different version to be dissected as SIP. # TRUE or FALSE (case-insensitive). sip.strict_sip_version: TRUE # Whether the SIP dissector should reassemble headers of a request spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). sip.desegment_headers: TRUE # Whether the SIP dissector should use the "Content-length:" value, if present, to reassemble the body of a request spanning multiple TCP segments, and reassemble chunked data spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). sip.desegment_body: TRUE # Whether the SCCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). skinny.desegment: TRUE # Whether the SoulSeek dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). slsk.desegment: TRUE # Whether the SoulSeek dissector should decompress all zlib compressed packets inside messages # TRUE or FALSE (case-insensitive). slsk.decompress: TRUE # Whether the dissector should reassemble the payload of SMB Transaction commands spanning multiple SMB PDUs # TRUE or FALSE (case-insensitive). smb.trans_reassembly: TRUE # Whether the dissector should reassemble DCERPC over SMB commands # TRUE or FALSE (case-insensitive). smb.dcerpc_reassembly: TRUE # Whether the dissector should snoop SMB and related CIFS protocols to discover and display Names associated with SIDs # TRUE or FALSE (case-insensitive). smb.sid_name_snooping: FALSE # Whether the SMPP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). smpp.reassemble_smpp_over_tcp: TRUE # Whether the SMTP dissector should reassemble command and response lines spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). smtp.desegment_lines: TRUE # Whether the SMTP dissector should reassemble DATA command and lines spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). smtp.desegment_data: TRUE # Whether fragmented BIUs should be reassembled # TRUE or FALSE (case-insensitive). sna.defragment: TRUE # Whether the SNMP OID should be shown in the info column # TRUE or FALSE (case-insensitive). snmp.display_oid: TRUE # Whether the SNMP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). snmp.desegment: TRUE # ON - display dissected variables inside SNMP tree, OFF - display dissected variables in root tree after SNMP # TRUE or FALSE (case-insensitive). snmp.var_in_tree: TRUE # Table of engine-user associations used for authentication and decryption # MIB settings can be changed in the Name Resolution preferences # Whether the SRVLOC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). srvloc.desegment_tcp: TRUE # Set the UDP port for SSCOP messages encapsulated in UDP (0 to disable) # A string denoting an positive integer range (e.g., "1-20,30-40"). sscop.udp.ports: # SSCOP payload (dissector to call on SSCOP payload) # One of: Data (no further dissection), Q.2931, SSCF-NNI (MTP3-b), ALCAP, NBAP # (case-insensitive). sscop.payload: Q.2931 # Whether the SSH dissector should reassemble SSH buffers spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ssh.desegment_buffers: TRUE # Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ssl.desegment_ssl_records: TRUE # Whether the SSL dissector should reassemble SSL Application Data spanning multiple SSL records. # TRUE or FALSE (case-insensitive). ssl.desegment_ssl_application_data: TRUE # Whether the StarTeam dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). starteam.desegment: TRUE # Version used by Wireshark # One of: Internet Draft version 08, RFC 3868 # (case-insensitive). sua.version: RFC 3868 # Whether the T.38 dissector should decode using the Pre-Corrigendum T.38 ASN.1 specification (1998). # TRUE or FALSE (case-insensitive). t38.use_pre_corrigendum_asn1_specification: TRUE # Whether a UDP packet that looks like RTP version 2 packet will be dissected as RTP packet or T.38 packet. If enabled there is a risk that T.38 UDPTL packets with sequence number higher than 32767 may be dissected as RTP. # TRUE or FALSE (case-insensitive). t38.dissect_possible_rtpv2_packets_as_rtp: FALSE # Set the TCP port for T.38 messages # A decimal number. t38.tcp.port: 6004 # Set the UDP port for T.38 messages # A decimal number. t38.udp.port: 6004 # Whether the dissector should reassemble T.38 PDUs spanning multiple TCP segments when TPKT is used over TCP. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). t38.reassembly: TRUE # Whether T.38 is used with TPKT for TCP # One of: Never, Always, Maybe # (case-insensitive). t38.tpkt_usage: Maybe # Where available, show which protocol and frame caused this T.38 stream to be created # TRUE or FALSE (case-insensitive). t38.show_setup_info: TRUE # Whether the TACACS+ dissector should reasssemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). tacplus.desegment: TRUE # TACACS+ Encryption Key # A string. tacplus.key: # Whether the TALI dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). tali.reassemble: TRUE # SCCP (and SUA) SSNs to decode as TCAP # A string denoting an positive integer range (e.g., "1-20,30-40"). tcap.ssn: # Activate the analyse for Response Time # TRUE or FALSE (case-insensitive). tcap.srt: FALSE # Statistics for Response Time # TRUE or FALSE (case-insensitive). tcap.persistentsrt: FALSE # Maximal delay for message repetion # A decimal number. tcap.repetitiontimeout: 10 # Maximal delay for message lost # A decimal number. tcap.losttimeout: 30 # Whether the TCP summary line should be shown in the protocol tree # TRUE or FALSE (case-insensitive). tcp.summary_in_tree: TRUE # Whether to validate the TCP checksum # TRUE or FALSE (case-insensitive). tcp.check_checksum: TRUE # Whether subdissector can request TCP streams to be reassembled # TRUE or FALSE (case-insensitive). tcp.desegment_tcp_streams: TRUE # Make the TCP dissector analyze TCP sequence numbers to find and flag segment retransmissions, missing segments and RTT # TRUE or FALSE (case-insensitive). tcp.analyze_sequence_numbers: TRUE # Make the TCP dissector use relative sequence numbers instead of absolute ones. To use this option you must also enable "Analyze TCP sequence numbers". This option will also try to track and adjust the window field according to any TCP window scaling options seen. # TRUE or FALSE (case-insensitive). tcp.relative_sequence_numbers: TRUE # Calculate timestamps relative to the first frame and the previous frame in the tcp conversation # TRUE or FALSE (case-insensitive). tcp.calculate_timestamps: FALSE # Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port # TRUE or FALSE (case-insensitive). tcp.try_heuristic_first: FALSE # Set the port for IPSEC/ISAKMP messagesIf other than the default of 10000) # A decimal number. tcpencap.tcp.port: 10000 # Whether the TDS dissector should reassemble TDS buffers spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). tds.desegment_buffers: TRUE # Whether the TDS dissector should defragment messages spanning multiple Netlib buffers # TRUE or FALSE (case-insensitive). tds.defragment: TRUE # Hint as to version of TDS protocol being decoded # One of: Not Specified, TDS 4, TDS 5, TDS 7, TDS 8 # (case-insensitive). tds.protocol_type: Not Specified # Hint as to whether to decode TDS protocol as little-endian or big-endian. (TDS7/8 always decoded as little-endian) # One of: Little Endian, Big Endian # (case-insensitive). tds.endian_type: Little Endian # Additional TCP ports to decode as TDS # A string denoting an positive integer range (e.g., "1-20,30-40"). tds.tcp_ports: # Check this to decode IPv6 traffic between Teredo clients and relays # TRUE or FALSE (case-insensitive). teredo.heuristic_teredo: FALSE # Whether TIPCv1 SEGMENTATION_MANAGER datagrams should be reassembled # TRUE or FALSE (case-insensitive). tipc.defragment: TRUE # Whether to try to dissect TIPC data or not # TRUE or FALSE (case-insensitive). tipc.dissect_tipc_data: TRUE # Try to decode a TIPCv2 packet using an heuristic sub-dissector before using a registered sub-dissector # TRUE or FALSE (case-insensitive). tipc.try_heuristic_first: FALSE # TIPC 1.7 removes/adds fields (not) available in TIPC 1.5/1.6 while keeping the version number 2 in the packages. "ALL" shows all fields that were ever used in both versions. # One of: ALL, TIPC 1.5/1.6, TIPC 1.7 # (case-insensitive). tipc.handle_v2_as: ALL # Decode this TCP ports traffic as TIPC. Set to "0" to disable. # A decimal number. tipc.alternate_port: 0 # Whether the TIPC-over-TCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). tipc.desegment: TRUE # Whether the TNS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). tns.desegment_tns_messages: TRUE # Whether the TPKT dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). tpkt.desegment: TRUE # # A decimal number. tpncp.tcp.trunkpack_port: 2424 # # A decimal number. tpncp.udp.trunkpack_port: 2424 # Whether Linux mangling of the link-layer header should be checked for and worked around # TRUE or FALSE (case-insensitive). tr.fix_linux_botches: FALSE # Whether the UCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ucp.desegment_ucp_messages: TRUE # Whether the UDP summary line should be shown in the protocol tree # TRUE or FALSE (case-insensitive). udp.summary_in_tree: TRUE # Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port # TRUE or FALSE (case-insensitive). udp.try_heuristic_first: FALSE # Whether to validate the UDP checksum # TRUE or FALSE (case-insensitive). udp.check_checksum: TRUE # Ignore an invalid checksum coverage field and continue dissection # TRUE or FALSE (case-insensitive). udplite.ignore_checksum_coverage: TRUE # Whether to validate the UDPlite checksum # TRUE or FALSE (case-insensitive). udplite.check_checksum: TRUE # Whether the ULP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ulp.desegment_ulp_messages: TRUE # Set the TCP port for Ulp messages(IANA registerd port is 7275) # A decimal number. ulp.tcp.port: 7275 # Whether the UMA dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). uma.desegment_ucp_messages: TRUE # TCP ports to be decoded as UMA (default: 14001,14001) # A string denoting an positive integer range (e.g., "1-20,30-40"). uma.udp.ports: 14001,14001 # A table that enumerates the various protocols to be used against a cartain user DLT # Whether the vlan summary line should be shown in the protocol tree # TRUE or FALSE (case-insensitive). vlan.summary_in_tree: TRUE # The Ethertype used to indicate 802.1QinQ VLAN in VLAN tunneling. # A hexadecimal number. vlan.qinq_ethertype: 0x9100 # Whether the VNC dissector should reasss emble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). vnc.desegment: TRUE # Decode this port's traffic as VNC in addition to the default ports (5500, 5501, 5900, 5901) # A decimal number. vnc.alternate_port: 0 # Enable this preference if you want to view the WBXML tokens without the representation in a media type (e.g., WML). Tokens will show up as Tag_0x12, attrStart_0x08 or attrValue_0x0B for example. # TRUE or FALSE (case-insensitive). wbxml.skip_wbxml_token_mapping: FALSE # Enable this preference if you want to skip the parsing of the WBXML tokens that constitute the body of the WBXML document. Only the WBXML header will be dissected (and visualized) then. # TRUE or FALSE (case-insensitive). wbxml.disable_wbxml_token_parsing: FALSE # Show transaction ID direction bit separately from the rest of the transaction ID field. # TRUE or FALSE (case-insensitive). wimaxasncp.show_transaction_id_d_bit: FALSE # Print debug output to the console. # TRUE or FALSE (case-insensitive). wimaxasncp.debug_enabled: FALSE # Set UDP port for WiMAX ASN Control Plane Protocol # A decimal number. wimaxasncp.udp.wimax_port: 2231 # Whether the WINS-Replication dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). winsrepl.reassemble: TRUE # Whether fragmented 802.11 datagrams should be reassembled # TRUE or FALSE (case-insensitive). wlan.defragment: TRUE # Don't dissect 802.11n draft HT elements (which might contain duplicate information). # TRUE or FALSE (case-insensitive). wlan.ignore_draft_ht: FALSE # Whether retransmitted 802.11 frames should be subdissected # TRUE or FALSE (case-insensitive). wlan.retransmitted: TRUE # Some 802.11 cards include the FCS at the end of a packet, others do not. # TRUE or FALSE (case-insensitive). wlan.check_fcs: FALSE # Some 802.11 cards leave the Protection bit set even though the packet is decrypted, and some also leave the IV (initialization vector). # One of: No, Yes - without IV, Yes - with IV # (case-insensitive). wlan.ignore_wep: No # Enable WEP and WPA/WPA2 decryption # TRUE or FALSE (case-insensitive). wlan.enable_decryption: FALSE # Valid key formats # Key #1 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key1: # Key #2 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key2: # Key #3 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key3: # Key #4 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key4: # Key #5 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key5: # Key #6 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key6: # Key #7 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key7: # Key #8 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key8: # Key #9 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key9: # Key #10 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key10: # Key #11 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key11: # Key #12 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key12: # Key #13 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key13: # Key #14 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key14: # Key #15 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key15: # Key #16 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key16: # Key #17 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key17: # Key #18 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key18: # Key #19 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key19: # Key #20 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key20: # Key #21 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key21: # Key #22 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key22: # Key #23 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key23: # Key #24 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key24: # Key #25 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key25: # Key #26 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key26: # Key #27 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key27: # Key #28 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key28: # Key #29 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key29: # Key #30 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key30: # Key #31 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key31: # Key #32 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key32: # Key #33 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key33: # Key #34 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key34: # Key #35 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key35: # Key #36 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key36: # Key #37 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key37: # Key #38 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key38: # Key #39 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key39: # Key #40 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key40: # Key #41 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key41: # Key #42 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key42: # Key #43 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key43: # Key #44 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key44: # Key #45 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key45: # Key #46 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key46: # Key #47 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key47: # Key #48 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key48: # Key #49 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key49: # Key #50 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key50: # Key #51 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key51: # Key #52 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key52: # Key #53 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key53: # Key #54 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key54: # Key #55 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key55: # Key #56 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key56: # Key #57 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key57: # Key #58 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key58: # Key #59 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key59: # Key #60 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key60: # Key #61 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key61: # Key #62 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key62: # Key #63 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key63: # Key #64 string can be: ; wep:; wpa-pwd:[:]; wpa-psk: # A string. wlan.wep_key64: # Set the maximum Basic CID used in the Wimax decoder (if other than the default of 320). Note: The maximum Primary CID is double the maximum Basic CID. # A decimal number. wmx.basic_cid_max: 320 # Set to TRUE to use the Corrigendum 2 version of Wimax message decoding. Set to FALSE to use the 802.16e-2005 version. # TRUE or FALSE (case-insensitive). wmx.corrigendum_2_version: FALSE # If CALL REQUEST not seen or didn't specify protocol, dissect as QLLC/SNA # TRUE or FALSE (case-insensitive). x.25.payload_is_qllc_sna: FALSE # If CALL REQUEST has no data, assume the protocol handled is COTP # TRUE or FALSE (case-insensitive). x.25.call_request_nodata_is_cotp: FALSE # If CALL REQUEST not seen or didn't specify protocol, check user data before checking heuristic dissectors # TRUE or FALSE (case-insensitive). x.25.payload_check_data: FALSE # Reassemble fragmented X.25 packets # TRUE or FALSE (case-insensitive). x.25.reassemble: TRUE # Whether the X11 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). x11.desegment: TRUE # Set the port for P1 operations (if other than the default of 102) # A decimal number. x411.tcp.port: 102 # Try to recognize XML for unknown media types # TRUE or FALSE (case-insensitive). xml.heuristic: FALSE # Try to recognize XML for unknown TCP ports # TRUE or FALSE (case-insensitive). xml.heuristic_tcp: FALSE # TCP Ports range # A string denoting an positive integer range (e.g., "1-20,30-40"). xml.tcp.port: # Try to recognize XML for unknown UDP ports # TRUE or FALSE (case-insensitive). xml.heuristic_udp: FALSE # Whether the X.25-over-TCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). xot.desegment: TRUE # Whether the YMSG dissector should reasssemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings. # TRUE or FALSE (case-insensitive). ymsg.desegment: TRUE