Table of Contents
Ethereal uses a number of files and folders while it is running. Some of these reside in the personal configuration folder and are used to maintain information between runs of Ethereal, while some of them are maintained in system areas.
![[Tip]](graphics/tip.png) | Tip |
|---|---|
A list of the folders Ethereal actually uses can be found under the Folders tab in the dialog box coming up, when you select About Ethereal from the Help menu. |
The content format of the configuration files is the same on all platforms. However, to match the different policies for unix and windows platforms, different folders for these files are used.
Table A.1. Configuration files and folders overview
| File/Folder | Description | Unix/Linux folders | Windows folders |
|---|---|---|---|
| preferences | Settings from the Preferences dialog box. | /etc/ethereal.conf, $HOME/.ethereal/preferences | %ETHEREAL%\ethereal.conf, %APPDATA%\Ethereal\preferences |
| recent | Recent GUI settings (e.g. recent files lists). | $HOME/.ethereal/recent | %APPDATA%\Ethereal\recent |
| cfilters | Capture filters. | $HOME/.ethereal/cfilters | %ETHEREAL%\cfilters, %APPDATA%\Ethereal\cfilters |
| dfilters | Display filters. | $HOME/.ethereal/dfilters | %ETHEREAL%\dfilters, %APPDATA%\Ethereal\dfilters |
| colorfilters | Coloring rules. | $HOME/.ethereal/colorfilters | %ETHEREAL%\colorfilters, %APPDATA%\Ethereal\colorfilters |
| disabled_protos | Disabled protocols. | $HOME/.ethereal/disabled_protos | %ETHEREAL%\disabled_protos, %APPDATA%\Ethereal\disabled_protos |
| ethers | Ethernet name resolution. | /etc/ethers, $HOME/.ethereal/ethers | %ETHEREAL%\ethers, %APPDATA%\Ethereal\ethers |
| manuf | Ethernet name resolution. | /etc/manuf | %ETHEREAL%\manuf |
| hosts | IPv4 and IPv6 name resolution. | $HOME/.ethereal/hosts | %APPDATA%\hosts |
| ipxnets | IPX name resolution. | $HOME/.ethereal/ipxnets | %ETHEREAL%\ipxnets |
| plugins | Plugin directories. | /usr/share/ethereal/plugins, /usr/local/share/ethereal/plugins, $HOME/.ethereal/plugins | %ETHEREAL%\plugins\<version>, %APPDATA%\Ethereal\plugins |
| temp | Temporary files. | Environment: TMPDIR | Environment: TMPDIR or TEMP |
![[Note]](graphics/note.png) | Windows folders |
|---|---|
%APPDATA% points to the personal configuration folder, typically
|
| Unix/Linux folders |
|---|---|
The |
- preferences/ethereal.conf
This file contains your Ethereal preferences, including defaults for capturing and displaying packets. It is a simple text file containing statements of the form:
variable: value
The settings from this file are read in at program start and written to disk when you press the Save button in the "Preferences" dialog box.
- recent
This file contains various GUI related settings like the main window position and size, the recent files list and such. It is a simple text file containing statements of the form:
variable: value
It is read at program start and written at program exit.
- cfilters
This file contains all the capture filters that you have defined and saved. It consists of one or more lines, where each line has the following format:
"<filter name>" <filter string>
The settings from this file are read in at program start and written to disk when you press the Save button in the "Capture Filters" dialog box.
- dfilters
This file contains all the display filters that you have defined and saved. It consists of one or more lines, where each line has the following format:
"<filter name>" <filter string>
The settings from this file are read in at program start and written to disk when you press the Save button in the "Display Filters" dialog box.
- colorfilters
This file contains all the color filters that you have defined and saved. It consists of one or more lines, where each line has the following format:
@<filter name>@<filter string> @[<bg RGB(16-bit)>][<fg RGB(16-bit)>]
The settings from this file are read in at program start and written to disk when you press the Save button in the "Coloring Rules" dialog box.
- disabled_protos
Each line in this file specifies a disabled protocol name. The following are some examples:
tcp udp
The settings from this file are read in at program start and written to disk when you press the Save button in the "Enabled Protocols" dialog box.
- ethers
When Ethereal is trying to translate Ethernet hardware addresses to names, it consults the files listed in Table A.1, “Configuration files and folders overview”. If an address is not found in /etc/ethers, Ethereal looks in $HOME/.ethereal/ethers
Each line in these files consists of one hardware address and name separated by whitespace. The digits of hardware addresses are separated by colons (:), dashes (-) or periods(.). The following are some examples:
ff-ff-ff-ff-ff-ff Broadcast c0-00-ff-ff-ff-ff TR_broadcast 00.2b.08.93.4b.a1 Freds_machine
The settings from this file are read in at program start and never written by Ethereal.
- manuf
Ethereal uses the files listed in Table A.1, “Configuration files and folders overview” to translate the first three bytes of an Ethernet address into a manufacturers name. This file has the same format as the ethers file, except addresses are three bytes long.
An example is:
00:00:01 Xerox # XEROX CORPORATION
The settings from this file are read in at program start and never written by Ethereal.
- hosts
Ethereal uses the files listed in Table A.1, “Configuration files and folders overview” to translate IPv4 and IPv6 addresses into names.
This file has the same format as the usual /etc/hosts file in unix systems.
An example is:
# Comments must be prepended by the # sign! 192.168.0.1 homeserver
The settings from this file are read in at program start and never written by Ethereal.
- ipxnets
Ethereal uses the files listed in Table A.1, “Configuration files and folders overview” to translate IPX network numbers into names.
An example is:
C0.A8.2C.00 HR c0-a8-1c-00 CEO 00:00:BE:EF IT_Server1 110f FileServer3
The settings from this file are read in at program start and never written by Ethereal.
- plugins folder
Ethereal searches for plugins in the directories listed in Table A.1, “Configuration files and folders overview”. They are searched in the order listed.
- temp folder
If you start a new capture and don't specify a filename for it, Ethereal uses this directory to place that file in, see Section 4.6, “Capture files and file modes”.
Here you will find some details about the folders used in Ethereal on different Windows versions.
As already mentioned, you can find the currently used folders in the About Ethereal dialog.
Windows uses some special directories to store user configuration files in, named the user profile. This can be confusing, as the default directory location changed from version to version and might also be different for english and internationalized versions of windows.
| Note! |
|---|---|
If you upgraded to a new windows version, your profile might be kept in the former location, so the defaults mentioned here might not apply. |
The following will try to guide you to the right place where to look for Ethereals profile data.
- 95/98/ME
The default in Windows 95/98/ME is: all users work with the same profile, which is located at:
C:\windows\Application Data\Ethereal- 98/ME (with enabled user profiles)
In Windows 98 and ME you can enable separate user profiles. In that case, something like:
C:\windows\Profiles\<username>\Application Data\Etherealis used.- NT 4
C:\WINNT\Profiles\<username>\Application Data\Ethereal- 2000/XP
C:\Documents and Settings\<username>\Application Data, "Documents and Settings" and "Application Data" might be internationalized.
The following will only be applicable if you are using roaming profiles. This might be the case, if you work in a Windows domain environment (used in huge company networks). The configurations of all programs you use won't be saved on the local harddrive of the computer you are currently working on, but on the domain server.
As Ethereal is using the correct places to store it's profile data, your settings will travel with you, if you logon to a different computer the next time.
There is an exception to this: The "Local Settings" folder in your profile
data (typically something like:
C:\Documents and Settings\<username>\Local Settings)
will not be transferred to the domain server. This is the default for
temporary capture files.
Ethereal uses the folder which is set by the TMPDIR or TEMP environment variable. This variable will be set by the windows installer.
The default location for temporary files on NT 4 is just
C:\TEMP, and in 2000 the default location
is some directory under your profile directory but it might have
"Temporary Files" in the path name.