Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Feedback: Wireshark User's Guide

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Wed, 13 Sep 2006 22:39:10 +0200
Brian Drab wrote:

I thought I would pass on some more info I found that you /may/ want to consider changing in the User Guide. I�m using 19086 for Wireshark 0.99.3.

   1. On the first page (the Title page) it has a comma after Ed
      Warnicke which I believe to be incorrect.

This is done by the conversion process from Docbook/XML to the various output formats (using XSL style sheets) and unfortunately can't easily be changed.

   1. Section 1.1.3 � It states �Despite its name, Wireshark can
      capture traffic�� I believe the �Despite its name� part can be
      taken out since the name is now Wireshark and not Ethereal.

changed

   1. Section 1.2.2 � Suse Linux is listed. You may want to uppercase
      SUSE.

changed

   1. Section 1.6.2 � It states �For example, there is an explanation
      how to capture�� I believe the word *on* is missing before the
      word how.

I'm not a native english speaker myself :-) but that's still looking ugly: "on how to capture on a switched network" -> unchanged

   1. Section 4.7 � It states ��so you will have a guide what to do:�.
      I believe the word *of *is missing before the word what.

changed

   1. Section 4.9 � It states �The selection which protocols are
      counted cannot be changed.� I believe the word *of* is missing
      after the word selection.

changed

   1. Section 5.2 � There is a word *behaviour* in there. I believe it
      should be spelled behavior.

British vs. American english, I like the British version :-)

   1. Section 5.2.1 � Screen shot still from Ethereal

Yes. There are currently three different file selectors existing: GTK1, GTK2 and native Windows. This section needs a complete rewrite mentioning this (maybe adding all three versions as a screenshot - I will leave it unchanged for now. This apply to the other file selector screen shots in this section as well.

   1. Section 5.3.1 � Screen shot still from Ethereal.
   2. Section 5.4.1 � Screen shot still from Ethereal.
   3. Section 5.5 � It states ��the captured data is spreaded over
      several�� I believe the word spreaded should be *spread*. This
      is like this a second time in the last paragraph of the shaded
      block of info.

changed - you could have give me a small hint that there's no such word as spreaded ;-)

   1. Section 5.6.1 � Screen shot still from Ethereal.
   2. Section 5.6.2 � Screen shot still from Ethereal.
   3. Section 5.6.4 � Screen shot still from Ethereal.
   4. Section 5.6.5 � Screen shot still from Ethereal.
   5. Section 5.6.6 � Screen shot still from Ethereal.
   6. Section 6.2.1 � It states �The following table gives an overview
      which functions��. I believe the word *of* is missing after the
      word overview.

changed

   1. Section 6.2.2 � It states �The following table gives an overview
      which functions��. I believe the word *of* is missing after the
      word overview.

changed

   1. Section 6.2.3 � It states �The following table gives an overview
      which functions��. I believe the word *of* is missing after the
      word overview.

changed

   1. Figure 6.6 � Screen shot doesn�t really match the paragraph that
      explains it. The paragraph says packets 1-10 are hidden and that
      it starts with 11 however the screen shot shows starting at 14.

I've exchanged the screenshot

   1. Section 6.3 � It states �A list of such fields is available in
      the Wireshark in the Add Expression�� Something needs changed
      here. Doesn�t sound correct.


I've changed it to: "available in Wireshark in the Add Expression"

   1. Section 6.5 � For the Cancel option it states �you can leave the
      Add Expression� dialog box without any effect by clicking the
      Cancel�. I believe the word button is missing from the end.

changed

   1. Section 7.5.2 � It states �The tooltip of the higher level
      protocol setting will note you if�� I believe the word note
      should be *notify*.

changed

   1. Section 7.6 � It states �There are two possible ways to do this
      conversations�� I believe the word this would be *these*.

changed

   1. Section 7.6.1 � It states �Name resolution can be invaluable
      while working with Wireshark and may save you even hours of
      work.� I believe this should be *may even save you hours of
      work*. Put the word even after may.

changed

   1. Section 7.6.1 � It states ��because you can�t connect a name
      server��. I believe the word *to* should be after the word connect.

changed

Again I thought I would do my very small part in contributing to this fantastic product. Thank you.

Thanks for taking the time to write it down and send it to the list.


Question:

I know that a general guide description how to analyze a capture file is currently missing (and potentially would be much larger than the current User's Guide itself).

Are there other things currently missing in the guide that have to be added? As a developer myself I'm maybe unaware of problems an "ordinary" user might have and missing topics that are just obvious to me.

Regards, ULFL