Ulf lamping wrote:
> I've checked in the sources of the "Ethereal User's Guide" about a week ago.
>
> I've got only two review comments (ok, I understand it's holiday time)!
>
> A pdf version of the document is still available at:
>
> http://lamping.net/ethereal/user-guide.pdf
>
> Will anyone else do a review on the document in the near future, or do
> we want to release it in it's current state?
I started to look through it and marked some things.
Most things I have marked are possible improvements in the future.
Below is some of the things I have marked (however just written down quickly, but I
hope you understand what I mean anyway).
Chapter 1.7.2 (page 10) Reporting problems:
------------------------------------------------
* Maybe we could give hints about reading the FAQ and searching the Ethereal web-site/news-groups
* Add a Note: Don't send capture files with sensitive/confidential information (passwords) to the mailing list
Chapter 1.7.4 (page 11) Reporting crashes on Windows platforms
--------------------------------------------------------------------
* Could be improved later on (maybe some comments about DrWatson logs or using Visual C++)
Chapter 3.15 (page 49) the "Packet list" pane
------------------------------------------------
* Maybe change "you will see the information from the highest possible level only"
to
"you will normally see information from the highest possible level only"
Chapter 5.2.2 (page 68) Input File Formats
---------------------------------------------
* Add a Note: It may not be possible to read some formats dependant on the packet types captured.
Ethernet captures are normally supported for most file formats, but other packet types may not be possible to read
for some file formats.
Chapter 5.3.2 (page 71) Output File Formats
---------------------------------------------
* Add a Note: Other protocol analyzers may require that the file has a certain suffix
in order to read the files you generate with Ethereal.
e.g.
".ENC" for Network Associates Sniffer DOS-format
".DMP" for Tcpdump/libpcap
".CAP" for Network Assosciates Sniffer Windows
The Syngress book about Ethereal has useful information about how you can transfer capturs
to/from other protocol analyzers. It may be good to add some similar things later on.
Chapter 6.3 (page 93 -94) Building display filter expressions
-------------------------------------------------------------
* Explain why the filter "ip.addr != 10.10.20.10" normally isn't as useful as "ip and !(ip.addr == 10.10.20.10)"
Chapter 7.3 (page 110) Packet Reassembling
------------------------------------------------
* Mention that you may have to change some preference settings for (IP/TCP,...) in order to get packet
reasembly to work
Chapter 8.8 (page 125) The protocol specific statistics
-------------------------------------------------------
* We should probably add some details about RTP Analysis later on, and other statistics ...
Chapter 9.4.2 (page 137-138) User Specified Decodes
----------------------------------------------------------
* We should maybe add some information that it will not always be possible to
force dissection with the Decode As functionality.
- dissector hasn't been register for udp.port
- there is a conversation that has higher priority
- the dissector rejects dissection of the packet
- ...
Things that could be good to add:
=======================
* Some things from the FAQ could be added at suitable places in the user guide (and/or we could refer to the FAQ on
certain places).
* Maybe add a table similar to the supported media table http://www.ethereal.com/media.html