Reading through Practical Packet Analysis, I ran local captures to follow along until Chapter 5. Instead of trying to simulate an improperly-dissected packet, I downloaded the captures which accompany the book. In Ubuntu 11.10, I didn’t see any way to easily associate .pcap files with Wireshark. In previous versions of Ubuntu, the ‘add’ button was available in the ‘Open with…’ dialog, but in 11.10 it is grayed out. Clicking the option to choose another application or find an available application online didn’t work. Bummer.
To get wireshark to show up in the ‘Open With…’ dialog’s choice of applications, I followed the instructions on AskUbuntu.com. The instructions are for vim, so I’ve modified them for wireshark.
Save the following as ~/.local/share/applications/wireshark.desktop:
[Desktop Entry] Encoding=UTF-8 Name=Wireshark Comment=Wireshark packet capturing Exec=wireshark %u Terminal=false Type=Application Icon=/usr/share/pixmaps/hi48-app-wireshark.png Categories=Application;Utility; StartupNotify=true MimeType=application/octet-stream NoDisplay=false
For more information about .desktop files, check out the Desktop File Specification.