# Configuration file for Wireshark 0.99.4.
#
# This file is regenerated each time preferences are saved within
# Wireshark.  Making manual changes should be safe, however.

######## User Interface ########

# Vertical scrollbars should be on right side?
# TRUE or FALSE (case-insensitive).
gui.scrollbar_on_right: TRUE

# Packet-list selection bar can be used to browse w/o selecting?
# TRUE or FALSE (case-insensitive).
gui.packet_list_sel_browse: FALSE

# Protocol-tree selection bar can be used to browse w/o selecting?
# TRUE or FALSE (case-insensitive).
gui.protocol_tree_sel_browse: FALSE

# Alternating colors in TreeViews?
# TRUE or FALSE (case-insensitive).
gui.tree_view_altern_colors: FALSE

# Place filter toolbar inside the statusbar?
# TRUE or FALSE (case-insensitive).
gui.filter_toolbar_show_in_statusbar: FALSE

# Protocol-tree line style.
# One of: NONE, SOLID, DOTTED, TABBED
gui.protocol_tree_line_style: NONE

# Protocol-tree expander style.
# One of: NONE, SQUARE, TRIANGLE, CIRCULAR
gui.protocol_tree_expander_style: SQUARE

# Hex dump highlight style.
# One of: BOLD, INVERSE
gui.hex_dump_highlight_style: INVERSE

# Main Toolbar style.
# One of: ICONS, TEXT, BOTH
gui.toolbar_main_style: ICONS

# Save window position at exit?
# TRUE or FALSE (case-insensitive).
gui.geometry.save.position: FALSE

# Save window size at exit?
# TRUE or FALSE (case-insensitive).
gui.geometry.save.size: TRUE

# Save window maximized state at exit (GTK2 only)?
# TRUE or FALSE (case-insensitive).
gui.geometry.save.maximized: TRUE

# Open a console window (WIN32 only)?
# One of: NEVER, AUTOMATIC, ALWAYS
gui.console_open: NEVER

# The max. number of items in the open recent files list.
# A decimal number.
gui.recent_files_count.max: 10

# Where to start the File Open dialog box.
# One of: LAST_OPENED, SPECIFIED
gui.fileopen.style: LAST_OPENED

# Directory to start in when opening File Open dialog.
gui.fileopen.dir: 

# The preview timeout in the File Open dialog.
# A decimal number (in seconds).
gui.fileopen.preview: 3

# Ask to save unsaved capture files?
# TRUE or FALSE (case-insensitive).
gui.ask_unsaved: TRUE

# Wrap to beginning/end of file during search?
# TRUE or FALSE (case-insensitive).
gui.find_wrap: TRUE

# The path to the webbrowser.
# Ex: mozilla %s
gui.webbrowser: mozilla %s

# Custom window title. (Prepended to existing titles.)
gui.window_title: 

######## User Interface: Layout ########

# Layout type (1-6).
gui.layout_type: 1

# Layout content of the panes (1-3).
# One of: NONE, PLIST, PDETAILS, PBYTES
gui.layout_content_1: PLIST
gui.layout_content_2: PDETAILS
gui.layout_content_3: PBYTES

######## User Interface: Columns ########

# Packet list column format.
# Each pair of strings consists of a column title and its format.
column.format: "No.", "%m", "Time", "%t", "Source", "%s", "Destination",
	"%d", "Protocol", "%p", "Info", "%i"

######## User Interface: Font ########

# Font name for packet list, protocol tree, and hex dump panes (GTK version 1).
gui.font_name: -misc-fixed-medium-r-semicondensed-*-*-100-*-*-*-*-iso8859-1

# Font name for packet list, protocol tree, and hex dump panes (GTK version 2).
gui.gtk2.font_name: Monospace 10

######## User Interface: Colors ########

# Color preferences for a marked frame.
# Each value is a six digit hexadecimal color value in the form rrggbb.
gui.marked_frame.fg: ffffff
gui.marked_frame.bg: 000000

# TCP stream window color preferences.
# Each value is a six digit hexadecimal color value in the form rrggbb.
stream.client.fg: 7f0000
stream.client.bg: fbeded
stream.server.fg: 00007f
stream.server.bg: ededfb

######## Console: logging level ########
# (debugging only, not in the Preferences dialog)
# A bitmask of glib log levels:
# G_LOG_LEVEL_ERROR    = 4
# G_LOG_LEVEL_CRITICAL = 8
# G_LOG_LEVEL_WARNING  = 16
# G_LOG_LEVEL_MESSAGE  = 32
# G_LOG_LEVEL_INFO     = 64
# G_LOG_LEVEL_DEBUG    = 128
console.log.level: 28

####### Capture ########

# Default capture device
capture.device: br0

# Capture in promiscuous mode?
# TRUE or FALSE (case-insensitive).
capture.prom_mode: TRUE

# Update packet list in real time during capture?
# TRUE or FALSE (case-insensitive).
capture.real_time_update: TRUE

# Scroll packet list during capture?
# TRUE or FALSE (case-insensitive).
capture.auto_scroll: FALSE

# Show capture info dialog while capturing?
# TRUE or FALSE (case-insensitive).
capture.show_info: TRUE

######## Printing ########

# Can be one of "text" or "postscript".
print.format: text

# Can be one of "command" or "file".
print.destination: command

# This is the file that gets written to when the destination is set to "file"
print.file: wireshark.out

# Output gets piped to this command when the destination is set to "command"
print.command: lpr

####### Name Resolution ########

# Resolve addresses to names?
# TRUE or FALSE (case-insensitive), or a list of address types to resolve.
name_resolve: mt

# Name resolution concurrency.
# A decimal number.
name_resolve_concurrency: 500

####### Protocols ########

# Enable this option to recognise all traffic on RTP dynamic payload type 96 (0x60) as FEC data corresponding to Pro-MPEG Code of Practice #3 release 2
# TRUE or FALSE (case-insensitive).
2dparityfec.enable: FALSE

# Set the UDP port for AudioCodes Trunk Traces.Use http://x.x.x.x/TrunkTraces to enable the traces in the Blade
# A decimal number.
actrace.udp_port: 2428

# Set the TCP port for AgentX(if other than the default of 705)
# A decimal number.
agentx.tcp.agentx_port: 705

# Whether the AH payload decode should be placed in a subtree
# TRUE or FALSE (case-insensitive).
ah.place_ah_payload_in_subtree: FALSE

# Whether the AIM dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
aim.desegment: TRUE

# Whether that payload of UDP packets with a specific destination port should be automatically dissected as ALC packets
# TRUE or FALSE (case-insensitive).
alc.default.udp_port.enabled: FALSE

# Specifies the UDP destination port for automatic dissection of ALC packets
# A decimal number.
alc.default.udp_port: 4001

# Whether the LCT header Codepoint field should be considered the FEC Encoding ID of carried object
# TRUE or FALSE (case-insensitive).
alc.lct.codepoint_as_fec_id: TRUE

# How to decode LCT header extention 192
# One of: Don't decode, Decode as FLUTE extension (EXT_FDT)
# (case-insensitive).
alc.lct.ext.192: Decode as FLUTE extension (EXT_FDT)

# How to decode LCT header extention 193
# One of: Don't decode, Decode as FLUTE extension (EXT_CENC)
# (case-insensitive).
alc.lct.ext.193: Decode as FLUTE extension (EXT_CENC)

# Whether persistent call leg information is to be kept
# TRUE or FALSE (case-insensitive).
alcap.leg_info: TRUE

# The dynamic payload type which will be interpreted as AMR
# A decimal number.
amr.dynamic.payload.type: 0

# Type of AMR encoding of the payload
# One of: RFC 3267, AMR IF1, AMR IF2
# (case-insensitive).
amr.encoding.version: RFC 3267

# (if other than the default of IOS 4.0.1)
# One of: IS-634 rev. 0, TSB-80, IS-634-A, IOS 2.x, IOS 3.x, IOS 4.0.1
# (case-insensitive).
ansi_a_bsmap.global_variant: IOS 4.0.1

# GSM MAP SSNs to decode as ANSI MAP
# A string denoting an positive integer range (e.g., "1-20,30-40").
ansi_map.map.ssn: 5-14

# The UDP port on which Art-Net packets will be sent
# A decimal number.
artnet.udp_port: 6454

# The way DMX values are displayed
# One of: Percent, Hexadecimal, Decimal
# (case-insensitive).
artnet.dmx_disp_chan_val_type: Percent

# The way DMX channel numbers are displayed
# One of: Hexadecimal, Decimal
# (case-insensitive).
artnet.dmx_disp_chan_nr_type: Hexadecimal

# The number of columns for the DMX display
# One of: 6, 10, 12, 16, 24
# (case-insensitive).
artnet.dmx_disp_col_count: 16

# The TCP ports on which ASN.1 messages will be read
# A string denoting an positive integer range (e.g., "1-20,30-40").
asn1.tcp_ports: 801

# The UDP ports on which ASN.1 messages will be read
# A string denoting an positive integer range (e.g., "1-20,30-40").
asn1.udp_ports: 801

# The SCTP ports on which ASN.1 messages will be read
# A string denoting an positive integer range (e.g., "1-20,30-40").
asn1.sctp_ports: 801

# Desegment ASN.1 messages that span TCP segments
# TRUE or FALSE (case-insensitive).
asn1.desegment_messages: TRUE

# Compiled ASN.1 description of ASN.1 types
# A string.
asn1.file: 

# Name of top level PDU
# A string.
asn1.pdu_name: ASN1

# Offset for non-reassembled packets, wrong if this happens on other than the first packet!
# A decimal number.
asn1.first_pdu_offset: 0

# Show full names for all values
# TRUE or FALSE (case-insensitive).
asn1.flat: FALSE

# Allow this recursion level for eliminated type references
# One of: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
# (case-insensitive).
asn1.type_recursion: 1

# Extra output useful for debuging
# TRUE or FALSE (case-insensitive).
asn1.debug: FALSE

# log to file $TMP/wireshark.log
# TRUE or FALSE (case-insensitive).
asn1.verbose_log: FALSE

# Whether the ATP dissector should reassemble messages spanning multiple DDP packets
# TRUE or FALSE (case-insensitive).
atp.desegment: TRUE

# Set the port for BEEP messages (if other than the default of 10288)
# A decimal number.
beep.tcp.port: 10288

# Specifies that BEEP requires CRLF as a terminator, and not just CR or LF
# TRUE or FALSE (case-insensitive).
beep.strict_header_terminator: TRUE

# Whether the dissector should also display internal ASN.1 BER details such as Identifier and Length fields
# TRUE or FALSE (case-insensitive).
ber.show_internals: FALSE

# Whether the BGP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
bgp.desegment: TRUE

# BGP dissector detect the length of the AS number in AS_PATH attributes automatically or manually (NOTE: Automatic detection is not 100% accurate)
# One of: Auto-detect, 2 octet, 4 octet
# (case-insensitive).
bgp.asn_len: Auto-detect

# Whether the BitTorrent dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
bittorrent.desegment: TRUE

# Enabling this will tell which BitTorrent client that produced the handshake message
# TRUE or FALSE (case-insensitive).
bittorrent.decode_client: FALSE

# Novell Servers option 85 can be configured as a string instead of address
# TRUE or FALSE (case-insensitive).
bootp.novellserverstring: FALSE

# The PacketCable CCC protocol version
# One of: PKT-SP-PROV-I05-021127, IETF Draft 5, RFC 3495
# (case-insensitive).
bootp.pkt.ccc.protocol_version: RFC 3495

# Option Number for PacketCable CableLabs Client Configuration
# A decimal number.
bootp.pkt.ccc.option: 122

# For the sake of sub-dissectors registering to accept data from the BSSAP/BSAP dissector, this defines whether it is identified as BSSAP or BSAP.
# One of: BSSAP, BSAP
# (case-insensitive).
bssap.bsap_or_bssap: BSSAP

# Set Subsystem number used for BSSAP/BSSAP+
# A decimal number.
bssap.ssn: 98

# Decode NRI (for use with SGSN in Pool)
# TRUE or FALSE (case-insensitive).
bssgp.decode_nri: FALSE

# NRI length, in bits
# A decimal number.
bssgp.nri_length: 4

# Whether the ACL dissector should reassemble fragmented PDUs
# TRUE or FALSE (case-insensitive).
bthci_acl.btacl_reassembly: TRUE

# The date format: (DD/MM) or (MM/DD)
# One of: DD/MM/YYYY, MM/DD/YYYY
# (case-insensitive).
camel.date.format: DD/MM/YYYY

# TCAP Subsystem numbers used for Camel
# A string denoting an positive integer range (e.g., "1-20,30-40").
camel.tcap.ssn: 6-9

# Whether the CAST dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
cast.reassembly: TRUE

# Set the port for NetFlow messages
# A decimal number.
cflow.udp.port: 2055

# The type of CHDLC frame checksum (none, 16-bit, 32-bit)
# One of: None, 16-Bit, 32-Bit
# (case-insensitive).
chdlc.fcs_type: None

# The version of CIGI with which to dissect packets
# One of: From Packet, CIGI 2, CIGI 3
# (case-insensitive).
cigi.version: From Packet

# The byte order with which to dissect CIGI packets (CIGI3)
# One of: From Packet, Big-Endian, Little-Endian
# (case-insensitive).
cigi.byte_order: From Packet

# IPv4 address or hostname of the host
# A string.
cigi.host: 

# IPv4 address or hostname of the image generator
# A string.
cigi.ig: 

# NSAP selector for Transport Protocol (last byte in hex)
# A hexadecimal number.
clnp.tp_nsap_selector: 0x21

# Always try to decode NSDU as transport PDUs
# TRUE or FALSE (case-insensitive).
clnp.always_decode_transport: FALSE

# Whether segmented CLNP datagrams should be reassembled
# TRUE or FALSE (case-insensitive).
clnp.reassemble: TRUE

# TCP port for CLNP over TPKT
# A decimal number.
clnp.tpkt_port: 0

# Whether segmented TPKT datagrams should be reassembled
# TRUE or FALSE (case-insensitive).
clnp.tpkt_reassemble: FALSE

# Whether the CMP-over-TCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
cmp.desegment: TRUE

# Set the TCP port for COPS messages
# A decimal number.
cops.tcp.cops_port: 3288

# Whether the COPS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
cops.desegment: TRUE

# Decode the COPS messages using PacketCable clients. (Select port 2126)
# TRUE or FALSE (case-insensitive).
cops.packetcable: TRUE

# Whether segmented COTP datagrams should be reassembled. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
cotp.reassemble: TRUE

# How TSAPs should be displayed
# One of: As strings if printable, As strings, As bytes
# (case-insensitive).
cotp.tsap_display: As strings if printable

# Set the port for CPFI messages (if other than the default of 5000)
# A decimal number.
cpfi.udp.port: 5000

# Set the port for InstanceToInstance messages (if other than the default of 5001)
# A decimal number.
cpfi.udp.port2: 5001

# Control the way the '-->' is displayed. When enabled, keeps the 'lowest valued' endpoint of the src-dest pair on the left, and the arrow moves to distinguish source from dest. When disabled, keeps the arrow pointing right so the source of the frame is always on the left.
# TRUE or FALSE (case-insensitive).
cpfi.arrow_ctl: TRUE

# Set the destination UDP port Cisco wireless IDS messages
# A decimal number.
cwids.udp.port: 0

# Set the port for DAP operations (if other than the default of 102)
# A decimal number.
dap.tcp.port: 102

# Whether the DCE/RPC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
dcerpc.desegment_dcerpc: TRUE

# Whether the DCE/RPC dissector should reassemble fragmented DCE/RPC PDUs
# TRUE or FALSE (case-insensitive).
dcerpc.reassemble_dcerpc: TRUE

# Display some DCOM unmarshalled fields usually hidden
# TRUE or FALSE (case-insensitive).
dcom.display_unmarshalling_details: FALSE

# Whether the DCCP summary line should be shown in the protocol tree
# TRUE or FALSE (case-insensitive).
dcp.summary_in_tree: TRUE

# Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port
# TRUE or FALSE (case-insensitive).
dcp.try_heuristic_first: FALSE

# Whether to check the validity of the DCCP checksum
# TRUE or FALSE (case-insensitive).
dcp.check_checksum: TRUE

# If a payload looks like its embedded in an IP primitive message, and there is an wireshark dissector matching the DCT2000 protocol name, try parsing the payload using that dissector
# TRUE or FALSE (case-insensitive).
dct2000.ipprim_heuristic: TRUE

# If a payload looks like its embedded in an SCTP primitive message, and there is an wireshark dissector matching the DCT2000 protocol name, try parsing the payload using that dissector
# TRUE or FALSE (case-insensitive).
dct2000.sctpprim_heuristic: TRUE

# Set the port for DHCP failover communications
# A decimal number.
dhcpfo.tcp_port: 519

# Whether the DHCP failover dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
dhcpfo.desegment: TRUE

# Standard version used for decoding
# One of: Diameter base draft version 16 and below, Diameter base RFC 3588 
# (case-insensitive).
diameter.version: Diameter base RFC 3588 

# Set the TCP port for Diameter messages
# A decimal number.
diameter.tcp.port: 3868

# Set the SCTP port for Diameter messages
# A decimal number.
diameter.sctp.port: 3868

# Set the dictionary used for Diameter messages
# A string.
diameter.dictionary.name: /usr/local/share/wireshark/diameter/dictionary.xml

# Only attempt to load and use the Diameter XML Dictionary when this option is selected
# TRUE or FALSE (case-insensitive).
diameter.dictionary.use: TRUE

# Whether the Diameter dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
diameter.desegment: TRUE

# If set, the value 0 (zero) can be used as a valid application ID. This is used in experimental cases.
# TRUE or FALSE (case-insensitive).
diameter.allow_zero_as_app_id: TRUE

# If console output for errors should be suppressed or not
# TRUE or FALSE (case-insensitive).
diameter.suppress_console_output: TRUE

# Set the UDP port for DIS messages
# A decimal number.
dis.udp.port: 3000

# Set the port for DISP operations (if other than the default of 102)
# A decimal number.
disp.tcp.port: 102

# Set the TCP port for DISTCC messages
# A decimal number.
distcc.tcp.port: 3632

# Whether the DISTCC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
distcc.desegment_distcc_over_tcp: TRUE

# Whether the DNS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
dns.desegment_dns_messages: TRUE

# Set the port for DOP operations (if other than the default of 102)
# A decimal number.
dop.tcp.port: 102

# Whether the DSI dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
dsi.desegment: TRUE

# Set the port for DSP operations (if other than the default of 102)
# A decimal number.
dsp.tcp.port: 102

# semicolon separated list of private RSA keys used for DTLS decryption; each list entry must be in the form of <ip>,<port>,<protocol>,<key_file_name><key_file_name>   is the local file name of the RSA private key used by the specified server

# A string.
dtls.keys_list: 

# redirect dtls debug to file name; leave empty to disable debug, use "-" to redirect output to stderr

# A string.
dtls.debug_file: 

# Allow only packets with Major=0x03//Minor=0xFF as DVMRP V3 packets
# TRUE or FALSE (case-insensitive).
dvmrp.strict_v3: FALSE

# Whether the eDonkey dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
edonkey.desegment: TRUE

# Whether the EtherNet/IP dissector should desegment all messages spanning multiple TCP segments
# TRUE or FALSE (case-insensitive).
enip.desegment: TRUE

# The UDP port on which ENTTEC packets will be sent
# A decimal number.
enttec.udp_port: 3333

# The TCP port on which ENTTEC packets will be sent
# A decimal number.
enttec.tcp_port: 3333

# The way DMX values are displayed
# One of: Percent, Hexadecimal, Decimal
# (case-insensitive).
enttec.dmx_disp_chan_val_type: Percent

# The way DMX channel numbers are displayed
# One of: Hexadecimal, Decimal
# (case-insensitive).
enttec.dmx_disp_chan_nr_type: Hexadecimal

# The number of columns for the DMX display
# One of: 6, 10, 12, 16, 24
# (case-insensitive).
enttec.dmx_disp_col_count: 16

# This is done only if the Decoding is not SET or the packet does not belong to a SA. Assumes a 12 byte auth (HMAC-SHA1-96/HMAC-MD5-96/AES-XCBC-MAC-96) and attempts decode based on the ethertype 13 bytes from packet end
# TRUE or FALSE (case-insensitive).
esp.enable_null_encryption_decode_heuristic: FALSE

# Attempt to decode based on the SAD described hereafter.
# TRUE or FALSE (case-insensitive).
esp.enable_encryption_decode: TRUE

# Attempt to Check ESP Authentication based on the SAD described hereafter.
# TRUE or FALSE (case-insensitive).
esp.enable_authentication_check: TRUE

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_1: ipv6|3ffe::1|3ffe::2|*

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_1: BLOWFISH-CBC [RFC2451]

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_1: HMAC-SHA1-96 [RFC2404]

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_1: 0xfecafecacafecafebbccbbccdadaffff

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_1: 0x00fdabceff00aabb55412364d003219fffabc000

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_2: ipv6|3ffe::1|3ffe::3|*

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_2: BLOWFISH-CBC [RFC2451]

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_2: HMAC-SHA1-96 [RFC2404]

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_2: 0xecafecacafecafebbccbbccdadaffff

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_2: 0x00fdabceff00aabb55412364d003219fffabc000

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_3: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_3: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_3: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_3: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_3: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_4: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_4: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_4: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_4: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_4: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_5: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_5: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_5: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_5: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_5: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_6: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_6: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_6: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_6: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_6: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_7: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_7: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_7: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_7: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_7: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_8: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_8: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_8: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_8: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_8: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_9: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_9: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_9: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_9: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_9: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_10: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_10: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_10: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_10: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_10: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_11: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_11: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_11: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_11: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_11: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_12: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_12: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_12: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_12: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_12: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_13: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_13: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_13: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_13: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_13: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_14: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_14: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_14: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_14: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_14: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_15: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_15: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_15: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_15: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_15: 

# This field uses the following syntax : "Protocol|Source Address|Destination Adress|SPI". <Protocol>: either IPv4, IPv6 (upper and/or lowercase letters). <SPI> : the Security Parameter Index of the Security Association. You may indicate it in decimal (ex: 123) or in hexadecimal (ex: 0x45). The special keywords '*' may be used to match any SPI. Nevertheless, if you use more than one '*', it will restrict the length of the SPI in decimal to as many '*' as indicated. For example '**' will match 23 but not 234. 234 will be match by '***'. No checking will be done on the SPI value. Thus youhave to take into account that the SPI is 4 bytes length. <Addresses> : In this field we may have IPv6 or IPv4 address. Any address is a combination of an address or a prefix and a Prefixlen/Netmask separated by '/'. You may omit the Prefixlen/Netmask, assuming that the Address is 128 bits length for IPv6 and 32 bits length for IPv4. The character '*' used at the Prefixlen/Netmask position will be as if you had omit it. <IPv6 Addresses> : Any valid IPv6 address is accepted. ex: 3FFE::1/128, 3FFE:4:5:6666::/64, ::1/128, 3FFE:4::5 .If your address is incorrect and longer than 16 bytes, only the last 16 bytes will be taken into account. You also may use the special character '*' to indicate any 4 bits block. ie : 3ffe::45*6. If you use only one '*' in the Address field it will accept any IPv6 address. <IPv4 Addresses> : Any valid IPv4 address is accepted. ex : 190.0.0.1/24, 10.0.0.2 .You also may use the special character '*' to indicate any 8 bits block. ie : 190.*.*.3. If you use only one '*' in the Address field it will accept any IPv4 address. No checking of correct IPv4 address will be done. For example 456.345.567.890 will be accepted. Thus you have to take care about what you write. Nevertheless only 3 characters will be taken into account for one byte. Ex : 190.0.0.0184 will not be considered correct. (Instead a kind of LRU Mechanism will be used and the address taken into account will be 190.0.0.418). Moreover only the four first values will be used (Ie 190.0.0.12.13 will be considered as 190.0.0.12).
# A string.
esp.sa_16: 

# According to RFC 4305 Encryption Algorithms Requirements are the following : NULL (MUST), TripleDES-CBC [RFC2451] (MUST-), AES-CBC [RFC3602] (SHOULD+), AES-CTR [RFC3686] (SHOULD), DES-CBC [RFC2405] (SHOULD NOT). It will also decrypt BLOWFISH-CBC [RFC2451] and TWOFISH-CBC
# One of: NULL, TripleDES-CBC [RFC2451], AES-CBC [RFC3602], AES-CTR [RFC3686], DES-CBC [RFC2405], BLOWFISH-CBC [RFC2451], TWOFISH-CBC
# (case-insensitive).
esp.encryption_algorithm_16: NULL

# According to RFC 4305 Authentication Algorithms Requirements are the following : HMAC-SHA1-96 [RFC2404] (MUST), NULL (MUST), AES-XCBC-MAC-96 [RFC3566] (SHOULD+/Not Available), HMAC-MD5-96 [RFC2403] (MAY). It will also Check authentication for HMAC-SHA256
# One of: NULL, HMAC-SHA1-96 [RFC2404], HMAC-SHA256, HMAC-MD5-96 [RFC2403], ANY 12-bytes of Authentication [No Checking]
# (case-insensitive).
esp.authentication_algorithm_16: NULL

# The key sizes supported are the following : [TripleDES-CBC] : 192 bits. [AES-CBC] : 128/192/256 bits. [AES-CTR] : 160/224/288 bits. The remaining 32 bits will be used as nonce. [DES-CBC] : 64 bits. [BLOWFISH-CBC] : 128 bits. [TWOFISH-CBC] : 128/256 bits.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.encryption_key_16: 

# The key sizes supported are the following : [HMAC-SHA1-96] : Any. [HMAC-SHA256] : Any. [HMAC-MD5] : Any.Keys may be written in Ascii or in Hexadecimal beginning with 0x.
# A string.
esp.authentication_key_16: 

# Whether packets should be interpreted as coming from CheckPoint FireWall-1 monitor file if they look as if they do
# TRUE or FALSE (case-insensitive).
eth.interpret_as_fw1_monitor: FALSE

# Set TCP port 1 for etheric messages
# A decimal number.
etheric.tcp.port1: 1806

# Set TCP port 2 for etheric messages
# A decimal number.
etheric.tcp.port2: 10002

# Controls the display of the session's username in the info column.  This is only displayed if the packet containing it was seen during this capture session.
# TRUE or FALSE (case-insensitive).
exec.info_show_username: TRUE

# Controls the display of the command being run on the server by this session in the info column.  This is only displayed if the packet containing it was seen during this capture session.
# TRUE or FALSE (case-insensitive).
exec.info_show_command: FALSE

# If enabled, reassembly of multi-frame sequences is done
# TRUE or FALSE (case-insensitive).
fc.reassemble: TRUE

# This is the size of non-last frames in a multi-frame sequence
# A decimal number.
fc.max_frame_size: 1024

# Whether the FCIP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
fcip.desegment: TRUE

# Port number used for FCIP
# A decimal number.
fcip.target_port: 3225

# Whether the FDDI dissector should add 3-byte padding to all captured FDDI packets (useful with e.g. Tru64 UNIX tcpdump)
# TRUE or FALSE (case-insensitive).
fddi.padding: FALSE

# Encapsulation
# One of: FRF 3.2/Cisco HDLC, GPRS Network Service, Raw Ethernet
# (case-insensitive).
fr.encap: FRF 3.2/Cisco HDLC

# Show File Offset
# TRUE or FALSE (case-insensitive).
frame.show_file_off: FALSE

# Treat all frames as DOCSIS Frames
# TRUE or FALSE (case-insensitive).
frame.force_docsis_encap: FALSE

# Whether the FireWall-1 summary line should be shown in the protocol tree
# TRUE or FALSE (case-insensitive).
fw1.summary_in_tree: TRUE

# Whether the Firewall-1 monitor file includes UUID information
# TRUE or FALSE (case-insensitive).
fw1.with_uuid: FALSE

# Whether the interface list includes the chain position
# TRUE or FALSE (case-insensitive).
fw1.iflist_with_chain: FALSE

# Whether the GIOP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
giop.desegment_giop_messages: TRUE

# File containing stringified IORs, one per line.
# A string.
giop.ior_txt: IOR.txt

# Whether the Gryphon dissector should desegment all messages spanning multiple TCP segments
# TRUE or FALSE (case-insensitive).
gryphon.desegment: TRUE

# Always decode a GSM Short Message as Connectionless WSP if a Port Number Information Element is present in the SMS User Data Header.
# TRUE or FALSE (case-insensitive).
gsm-sms-ud.port_number_udh_means_wsp: FALSE

# Always try subdissection of the 1st fragment of a fragmented GSM Short Message. If reassembly is possible, the Short Message may be dissected twice (once as a short frame, once in its entirety).
# TRUE or FALSE (case-insensitive).
gsm-sms-ud.try_dissect_1st_fragment: FALSE

# Prevent sub-dissectors from replacing column data with their own. Eg. Prevent WSP dissector overwriting SMPP information.
# TRUE or FALSE (case-insensitive).
gsm-sms-ud.prevent_dissectors_chg_cols: FALSE

# TCAP Subsystem numbers used for GSM MAP
# A string denoting an positive integer range (e.g., "1-20,30-40").
gsm_map.tcap.ssn: 6-9

# Whether or not to try reassembling GSSAPI blobs spanning multiple (SMB/SessionSetup) PDUs
# TRUE or FALSE (case-insensitive).
gss-api.gssapi_reassembly: TRUE

# GTPv0 port (default 3386)
# A decimal number.
gtp.v0_port: 3386

# GTPv1 control plane port (default 2123)
# A decimal number.
gtp.v1c_port: 2123

# GTPv1 user plane port (default 2152)
# A decimal number.
gtp.v1u_port: 2152

# Dissect T-PDU
# TRUE or FALSE (case-insensitive).
gtp.dissect_tpdu: TRUE

# GTP ETSI order
# TRUE or FALSE (case-insensitive).
gtp.check_etsi: FALSE

# Dissect GTP over TCP
# TRUE or FALSE (case-insensitive).
gtp.dissect_gtp_over_tcp: TRUE

# H.225 Server TLS Port
# A decimal number.
h225.tls.port: 1300

# Whether the H.225 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
h225.reassembly: TRUE

# ON - display tunnelled H.245 inside H.225.0 tree, OFF - display tunnelled H.245 in root tree after H.225.0
# TRUE or FALSE (case-insensitive).
h225.h245_in_tree: TRUE

# ON - display tunnelled protocols inside H.225.0 tree, OFF - display tunnelled protocols in root tree after H.225.0
# TRUE or FALSE (case-insensitive).
h225.tp_in_tree: TRUE

# Whether the H.245 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
h245.reassembly: TRUE

# Whether the dissector should show short names or the long names from the standard
# TRUE or FALSE (case-insensitive).
h245.shorttypes: FALSE

# Whether persistent context information is to be kept
# TRUE or FALSE (case-insensitive).
h248.ctx_info: FALSE

# Port to be decoded as h248
# A decimal number.
h248.udp_port: 0

# Whether the HTTP dissector should reassemble headers of a request spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
http.desegment_headers: TRUE

# Whether the HTTP dissector should use the "Content-length:" value, if present, to reassemble the body of a request spanning multiple TCP segments, and reassemble chunked data spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
http.desegment_body: TRUE

# Whether to reassemble bodies of entities that are transfered using the "Transfer-Encoding: chunked" method
# TRUE or FALSE (case-insensitive).
http.dechunk_body: TRUE

# Whether to uncompress entity bodies that are compressed using "Content-Encoding: "
# TRUE or FALSE (case-insensitive).
http.decompress_body: TRUE

# Decode packets on this TCP port as HTTP
# A decimal number.
http.tcp_alternate_port: 0

# Whether the 128th and following bytes of the ICMP payload should be decoded as MPLS extensions or as a portion of the original packet
# TRUE or FALSE (case-insensitive).
icmp.favor_icmp_mpls: FALSE

# Whether the iFCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ifcp.desegment: TRUE

# TCAP Subsystem numbers used for INAP
# A string denoting an positive integer range (e.g., "1-20,30-40").
inap.ssn: 106,241

# Whether the IPv4 type-of-service field should be decoded as a Differentiated Services field (see RFC2474/RFC2475)
# TRUE or FALSE (case-insensitive).
ip.decode_tos_as_diffserv: TRUE

# Whether fragmented IP datagrams should be reassembled
# TRUE or FALSE (case-insensitive).
ip.defragment: TRUE

# Whether the IP summary line should be shown in the protocol tree
# TRUE or FALSE (case-insensitive).
ip.summary_in_tree: TRUE

# Whether to validate the IP checksum
# TRUE or FALSE (case-insensitive).
ip.check_checksum: TRUE

# Whether the IPDC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ipdc.desegment_ipdc_messages: TRUE

# Set the IPDC monitoring port
# A decimal number.
ipdc.tcp.port: 6668

# Whether fragmented IPv6 datagrams should be reassembled
# TRUE or FALSE (case-insensitive).
ipv6.defragment: TRUE

# The iSCSI protocol version
# One of: Draft 08, Draft 09, Draft 11, Draft 12, Draft 13
# (case-insensitive).
iscsi.protocol_version: Draft 13

# Whether the iSCSI dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
iscsi.desegment_iscsi_messages: TRUE

# When enabled, packets that appear bogus are ignored
# TRUE or FALSE (case-insensitive).
iscsi.bogus_pdu_filter: TRUE

# Ignore packets that haven't set the F bit when they should have
# TRUE or FALSE (case-insensitive).
iscsi.demand_good_f_bit: FALSE

# Treat packets whose data segment length is greater than this value as bogus
# A decimal number.
iscsi.bogus_pdu_max_data_len: 262144

# Port number of iSCSI target
# A decimal number.
iscsi.target_port: 3260

# When enabled, pdus are assumed to contain a data digest
# TRUE or FALSE (case-insensitive).
iscsi.enable_data_digests: FALSE

# When enabled, data digests are assumed to be CRC32C
# TRUE or FALSE (case-insensitive).
iscsi.data_digest_is_crc32c: TRUE

# The size of a data digest (bytes)
# A decimal number.
iscsi.data_digest_size: 4

# Whether the iSNS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
isns.desegment: TRUE

# Show the CIC value (in addition to the message type) in the Info column
# TRUE or FALSE (case-insensitive).
isup.show_cic_in_info: TRUE

# Whether APM messages datagrams should be reassembled
# TRUE or FALSE (case-insensitive).
isup.defragment_apm: TRUE

# Set TCP port for ISUP Thin messages
# A decimal number.
isup_thin.tcp.port: 0

# Support Implementers Guide (version 01)
# TRUE or FALSE (case-insensitive).
iua.support_ig: FALSE

# Whether IuUP Payload bits should be dissected
# TRUE or FALSE (case-insensitive).
iuup.dissect_payload: FALSE

# The payload contains a two byte pseudoheader indicating direction and circuit_id
# TRUE or FALSE (case-insensitive).
iuup.two_byte_pseudoheader: FALSE

# The dynamic payload type which will be interpreted as IuUP
# A decimal number.
iuup.dynamic.payload.type: 0

# Whether the JXTA dissector should reassemble messages spanning multiple UDP/HTTP/TCP segments. To use this option you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings  and enable "Reassemble fragmented IP datagrams" in the IP protocol settings.
# TRUE or FALSE (case-insensitive).
jxta.desegment: TRUE

# Enable to inspect UDP datagrams for JXTA messages.
# TRUE or FALSE (case-insensitive).
jxta.udp.heuristic: TRUE

# Enable to inspect TCP connections for JXTA conversations.
# TRUE or FALSE (case-insensitive).
jxta.tcp.heuristic: TRUE

# Enable to inspect SCTP connections for JXTA conversations.
# TRUE or FALSE (case-insensitive).
jxta.sctp.heuristic: FALSE

# K12 module configuration filename
# A string.
k12.config: 

# Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
kerberos.desegment: TRUE

# Whether the dissector should try to decrypt encrypted Kerberos blobs. This requires that the proper keytab file is installed as well.
# TRUE or FALSE (case-insensitive).
kerberos.decrypt: FALSE

# The keytab file containing all the secrets
# A string.
kerberos.file: insert filename here

# Set the port for Kismet Client/Server messages (if other than the default of 2501)
# A decimal number.
kismet.tcp.port: 2501

# Whether the Kpasswd dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
kpasswd.desegment: TRUE

# L2TPv3 Cookie Size
# One of: None, 4 Byte Cookie, 8 Byte Cookie
# (case-insensitive).
l2tp.cookie_size: 4 Byte Cookie

# L2TPv3 L2-Specific Sublayer
# One of: None, Default L2-Specific, ATM-Specific
# (case-insensitive).
l2tp.l2_specific: Default L2-Specific

# Decode L2TPv3 packet contents as this protocol
# One of: Ethernet, Cisco HDLC, Frame Relay, PPP, IP, MPLS, AAL5
# (case-insensitive).
l2tp.protocol: Cisco HDLC

# Whether the Laplink dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
laplink.desegment_laplink_over_tcp: TRUE

# Whether the LDAP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings, and disable "Verify length" in the BER protocol settings
# TRUE or FALSE (case-insensitive).
ldap.desegment_ldap_messages: TRUE

# Set the port for LDAP operations
# A decimal number.
ldap.tcp.port: 389

# Set the TCP port for messages (if other than the default of 646)
# A decimal number.
ldp.tcp.port: 646

# Set the UDP port for messages (if other than the default of 646)
# A decimal number.
ldp.udp.port: 646

# Whether the LDP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ldp.desegment_ldp_messages: TRUE

# Set UDP port for LGE Monitor messages
# A decimal number.
lge_monitor.udp.port: 0

# Whether to autodetect the cipher bit (because it might be set on unciphered data)
# TRUE or FALSE (case-insensitive).
llcgprs.autodetect_cipher_bit: FALSE

# Dissect this ethertype as LLT traffic in addition to the default, 0xCAFE.
# A hexadecimal number.
llt.alternate_ethertype: 0

# UDP port number to use for LMP
# A decimal number.
lmp.udp_port: 701

# Set the TCP or UDP port for Pegasus LSC messages
# A decimal number.
lsc.port: 0

# Swap frame control bytes (needed for some APs
# TRUE or FALSE (case-insensitive).
lwapp.swap_fc: FALSE

# Set the UDP port for lwres daemon(if other than the default of 921)
# A decimal number.
lwres.udp.lwres_port: 921

# Version used by Wireshark
# One of: Internet Draft version 2, Internet Draft version 8, Internet Draft version 12
# (case-insensitive).
m2pa.version: Internet Draft version 12

# Set the port for M2PA messages (Default of 3565)
# A decimal number.
m2pa.port: 3565

# The value of the parameter tag for protocol data 1
# One of: 0x000e (Draft 7), 0x0300 (RFC3331)
# (case-insensitive).
m2ua.protocol_data_1_tag: 0x0300 (RFC3331)

# Version used by Wireshark
# One of: Internet Draft version 5, Internet Draft version 6, Internet Draft version 7, RFC 3332
# (case-insensitive).
m3ua.version: RFC 3332

# Whether the dissector should decrypt MAPI PDUs
# TRUE or FALSE (case-insensitive).
mapi.decrypt: FALSE

# The name of the file containing the mate module's configuration
# A string.
mate.config: 

# A frame is considered for decoding as MDSHDR if either ethertype is 0xFCFC or zero. Turn this flag off if you you don't want ethertype zero to be decoded as MDSHDR. This might be useful to avoid problems with test frames.
# TRUE or FALSE (case-insensitive).
mdshdr.decode_if_etype_zero: TRUE

# Set the TCP port for MEGACO text messages
# A decimal number.
megaco.tcp.txt_port: 2944

# Set the UDP port for MEGACO text messages
# A decimal number.
megaco.udp.txt_port: 2944

# Specifies that the raw text of the MEGACO message should be displayed instead of (or in addition to) the dissection tree
# TRUE or FALSE (case-insensitive).
megaco.display_raw_text: TRUE

# Specifies that the dissection tree of the MEGACO message should be displayed instead of (or in addition to) the raw text
# TRUE or FALSE (case-insensitive).
megaco.display_dissect_tree: TRUE

# Set the UDP port for gateway messages (if other than the default of 2427)
# A decimal number.
mgcp.tcp.gateway_port: 2427

# Set the TCP port for gateway messages (if other than the default of 2427)
# A decimal number.
mgcp.udp.gateway_port: 2427

# Set the TCP port for callagent messages (if other than the default of 2727)
# A decimal number.
mgcp.tcp.callagent_port: 2727

# Set the UDP port for callagent messages (if other than the default of 2727)
# A decimal number.
mgcp.udp.callagent_port: 2727

# Specifies that the raw text of the MGCP message should be displayed instead of (or in addition to) the dissection tree
# TRUE or FALSE (case-insensitive).
mgcp.display_raw_text: FALSE

# Display the number of MGCP messages found in a packet in the protocol column.
# TRUE or FALSE (case-insensitive).
mgcp.display_mgcp_message_count: FALSE

# Display multipart bodies with no media type dissector as raw text (may cause problems with binary data).
# TRUE or FALSE (case-insensitive).
mime_multipart.display_unknown_body_as_text: FALSE

# Set the UDP port for messages (if other than the default of 3503)
# A decimal number.
mpls-echo.udp.port: 3503

# Whether the MQ dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
mq.desegment: TRUE

# Whether the MQ dissector should reassemble MQ messages spanning multiple TSH segments
# TRUE or FALSE (case-insensitive).
mq.reassembly: TRUE

# Specifies that the raw text of the MSRP message should be displayed in addition to the dissection tree
# TRUE or FALSE (case-insensitive).
msrp.display_raw_text: TRUE

# Where available, show which protocol and frame caused this MSRP stream to be created
# TRUE or FALSE (case-insensitive).
msrp.show_setup_info: TRUE

# Whether the MTP2 dissector should use extended sequence numbers as described in Q.703, Annex A as a default.
# TRUE or FALSE (case-insensitive).
mtp2.use_extended_sequence_numbers: FALSE

# The SS7 standard used in MTP3 packets
# One of: ITU, ANSI, Chinese ITU, Japan
# (case-insensitive).
mtp3.standard: ITU

# The structure of the pointcodes in ITU networks
# One of: Unstructured, 3-8-3, 4-3-4-3
# (case-insensitive).
mtp3.itu_pc_structure: Unstructured

# The structure of the pointcodes in Japan networks
# One of: Unstructured, 7-4-5, 3-4-4-5
# (case-insensitive).
mtp3.japan_pc_structure: Unstructured

# Use 5-bit (instead of 8-bit) SLS in ANSI MTP3 packets
# TRUE or FALSE (case-insensitive).
mtp3.ansi_5_bit_sls: FALSE

# Use 5-bit (instead of 4-bit) SLS in Japan MTP3 packets
# TRUE or FALSE (case-insensitive).
mtp3.japan_5_bit_sls: FALSE

# Format for point code in the address columns
# One of: Decimal, Hexadecimal, NI-Decimal, NI-Hexadecimal, Dashed
# (case-insensitive).
mtp3.addr_format: Dashed

# Whether the MySQL dissector should reassemble MySQL buffers spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
mysql.desegment_buffers: TRUE

# Whether the NBSS dissector should reassemble packets spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
nbss.desegment_nbss_commands: TRUE

# Whether the NCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ncp.desegment: TRUE

# Whether the NCP dissector should defragment NDS messages spanning multiple reply packets.
# TRUE or FALSE (case-insensitive).
ncp.defragment_nds: TRUE

# Dissect the NetWare Information Structure as NetWare 5.x or higher or as older NetWare 3.x.
# TRUE or FALSE (case-insensitive).
ncp.newstyle: TRUE

# Whether the NCP dissector should echo the NDS Entry ID to name resolves to the expert table.
# TRUE or FALSE (case-insensitive).
ncp.eid_2_expert: TRUE

# Whether the NCP dissector should echo NCP connection information to the expert table.
# TRUE or FALSE (case-insensitive).
ncp.connection_2_expert: FALSE

# Whether the NCP dissector should echo protocol errors to the expert table.
# TRUE or FALSE (case-insensitive).
ncp.error_2_expert: TRUE

# Whether the NCP dissector should echo server information to the expert table.
# TRUE or FALSE (case-insensitive).
ncp.server_2_expert: TRUE

# Whether the NCP dissector should echo file open/close/oplock information to the expert table.
# TRUE or FALSE (case-insensitive).
ncp.file_2_expert: FALSE

# Version of the NDMP protocol to assume if the version can not be automatically detected from the capture
# One of: Version 2, Version 3, Version 4, Version 5
# (case-insensitive).
ndmp.default_protocol_version: Version 4

# Whether the NDMP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ndmp.desegment: TRUE

# Whether the dissector should defragment NDMP messages spanning multiple packets.
# TRUE or FALSE (case-insensitive).
ndmp.defragment: TRUE

# Whether the NDPS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ndps.desegment_tcp: TRUE

# Whether the NDPS dissector should reassemble fragmented NDPS messages spanning multiple SPX packets
# TRUE or FALSE (case-insensitive).
ndps.desegment_spx: TRUE

# Whether or not the NDPS dissector should show object id's and other details
# TRUE or FALSE (case-insensitive).
ndps.show_oid: FALSE

# Whether the NetBIOS dissector should defragment messages spanning multiple frames
# TRUE or FALSE (case-insensitive).
netbios.defragment: TRUE

# The TCP port on which Monotone Netsync packets will be sent
# A decimal number.
netsync.tcp_port: 5253

# Whether the Netsync dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
netsync.desegment_netsync_messages: TRUE

# Whether the dissector should snoop the FH to filename mappings by looking inside certain packets
# TRUE or FALSE (case-insensitive).
nfs.file_name_snooping: FALSE

# Whether the dissector should snoop the full pathname for files for matching FH's
# TRUE or FALSE (case-insensitive).
nfs.file_full_name_snooping: FALSE

# With this option display filters for nfs fhandles (nfs.fh.{name|full_name|hash}) will find both the request and response packets for a RPC call, even if the actual fhandle is only present in one of the packets
# TRUE or FALSE (case-insensitive).
nfs.fhandle_find_both_reqrep: FALSE

# Decode all NFS file handles as if they are of this type
# One of: Unknown, SVR4, KNFSD_LE, NFSD_LE, KNFSD_NEW, NetApp
# (case-insensitive).
nfs.default_fhandle_type: Unknown

# Whether the dissector will track and match MSG and RES calls for asynchronous NLM
# TRUE or FALSE (case-insensitive).
nlm.msg_res_matching: FALSE

# Check this to decode NORM traffic between clients
# TRUE or FALSE (case-insensitive).
norm.heuristic_norm: FALSE

# Set the first UDP port
# A decimal number.
nsip.udp.port1: 2157

# Set the second UDP port
# A decimal number.
nsip.udp.port2: 19999

# NT Password (used to decrypt payloads)
# A string.
ntlmssp.nt_password: 

# Whether the OPSI dissector should desegment all messages spanning multiple TCP segments
# TRUE or FALSE (case-insensitive).
opsi.desegment_opsi_messages: TRUE

# Reassemble fragmented P_Mul packets
# TRUE or FALSE (case-insensitive).
p_mul.reassemble: TRUE

# Type of content in Data_PDU
# One of: No decoding, Compressed Data Type
# (case-insensitive).
p_mul.decode: No decoding

# Used for transmission of Request_PDUs, Reject_PDUs and Release_PDUs betweenthe transmitters
# A decimal number.
p_mul.tport: 2751

# Used for transmission of Announce_PDUs to inform the receiver(s)
# A decimal number.
p_mul.rport: 2752

# Used for the data traffic from the transmitters to the receiver(s)
# A decimal number.
p_mul.dport: 2753

# Used for the data traffic from the receiver(s) to the transmitter
# A decimal number.
p_mul.aport: 2754

# The UDP port on which Packet Cable Lawful Intercept packets will be sent
# A decimal number.
pcli.udp_port: 9000

# Whether the dissector should put the internal PER data in the tree or if it should hide it
# TRUE or FALSE (case-insensitive).
per.display_internal_per_fields: FALSE

# Whether to check the validity of the PGM checksum
# TRUE or FALSE (case-insensitive).
pgm.check_checksum: TRUE

# PGM Encap is PGM packets encapsulated in UDP packets (Note: This option is off, i.e. port is 0, by default)
# A decimal number.
pgm.udp.encap_ucast_port: 0

# PGM Encap is PGM packets encapsulated in UDP packets (Note: This option is off, i.e. port is 0, by default)
# A decimal number.
pgm.udp.encap_mcast_port: 0

# Set the port for PGSQL messages (if different from the default of 5432)
# A decimal number.
pgsql.tcp.port: 5432

# Decode packets on this UDP port as PacketCable CCC
# A decimal number.
pkt_ccc.udp_port: 0

# Whether the PN-RT summary line should be shown in the protocol tree
# TRUE or FALSE (case-insensitive).
pn_rt.summary_in_tree: TRUE

# The type of PPP frame checksum (none, 16-bit, 32-bit)
# One of: None, 16-Bit, 32-Bit
# (case-insensitive).
ppp.fcs_type: None

# Whether Van Jacobson-compressed PPP frames should be decompressed
# TRUE or FALSE (case-insensitive).
ppp.decompress_vj: TRUE

# Default Protocol ID to be used for PPPMuxCP
# A hexadecimal number.
ppp.default_proto_id: 0

# Show values of tags and lengths of data fields
# TRUE or FALSE (case-insensitive).
pppoed.show_tags_and_lengths: FALSE

# Whether the PVFS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
pvfs.desegment: TRUE

# Whether the Q.931 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
q931.desegment_h323_messages: TRUE

# Reassemble segmented Q.931 messages (Q.931 - Annex H)
# TRUE or FALSE (case-insensitive).
q931.reassembly: TRUE

# Set the UDP port for the Quake Server
# A decimal number.
quake.udp.port: 26000

# Set the UDP port for the Quake II Server
# A decimal number.
quake2.udp.port: 27910

# Set the UDP base port for the Quake III Arena Server
# A decimal number.
quake3.udp.arena_port: 27960

# Set the UDP base port for the Quake III Arena Master Server
# A decimal number.
quake3.udp.master_port: 27950

# Set the UDP port for the QuakeWorld Server
# A decimal number.
quakeworld.udp.port: 27500

# Shared secret used to decode User Passwords
# A string.
radius.shared_secret: 

# Whether to add or not to the tree the AVP's payload length
# TRUE or FALSE (case-insensitive).
radius.show_length: FALSE

# An alternate UDP port to decode as RADIUS
# A decimal number.
radius.alternate_port: 0

# Where available, show which protocol and frame caused this RDT stream to be created
# TRUE or FALSE (case-insensitive).
rdt.show_setup_info: TRUE

# Register a client UDP port for RDT traffic
# TRUE or FALSE (case-insensitive).
rdt.register_udp_port: FALSE

# Set the UDP port for clients
# A decimal number.
rdt.default_udp_port: 6970

# Whether the RPC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
rpc.desegment_rpc_over_tcp: TRUE

# Whether the RPC dissector should defragment RPC-over-TCP messages.
# TRUE or FALSE (case-insensitive).
rpc.defragment_rpc_over_tcp: TRUE

# Set the maximum size of RPCoverTCP PDUs.  If the size field of the record marker is larger than this value it will not be considered a valid RPC PDU.
# A decimal number.
rpc.max_tcp_pdu_size: 262144

# Whether the RPC dissector should attempt to dissect RPC PDUs containing programs that are not known to Wireshark. This will make the heuristics significantly weaker and elevate the risk for falsely identifying and misdissecting packets significantly.
# TRUE or FALSE (case-insensitive).
rpc.dissect_unknown_programs: FALSE

# Whether the RPC dissector should attempt to locate RPC PDU boundaries when initial fragment alignment is not known.  This may cause false positives, or slow operation.
# TRUE or FALSE (case-insensitive).
rpc.find_fragment_start: FALSE

# Specifies whether Wireshark should decode and display sub-messages within BUNDLE messages
# TRUE or FALSE (case-insensitive).
rsvp.process_bundle: TRUE

# Set the TCP port for RSYNC messages
# A decimal number.
rsync.tcp_port: 873

# Whether the RSYNC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
rsync.desegment: TRUE

# Where available, show which protocol and frame caused this RTCP stream to be created
# TRUE or FALSE (case-insensitive).
rtcp.show_setup_info: TRUE

# If call control SIP/H.323/RTSP/.. messages are missing in the trace, RTCP isn't decoded without this
# TRUE or FALSE (case-insensitive).
rtcp.heuristic_rtcp: FALSE

# Try to work out network delay by comparing time between packets as captured and delays as seen by endpoint
# TRUE or FALSE (case-insensitive).
rtcp.show_roundtrip_calculation: FALSE

# Minimum calculated roundtrip delay time in milliseconds that should be reported
# A decimal number.
rtcp.roundtrip_min_threshhold: 10

# Where available, show which protocol and frame caused this RTP stream to be created
# TRUE or FALSE (case-insensitive).
rtp.show_setup_info: TRUE

# If call control SIP/H323/RTSP/.. messages are missing in the trace, RTP isn't decoded without this
# TRUE or FALSE (case-insensitive).
rtp.heuristic_rtp: FALSE

# If an RTP version 0 packet is encountered, it can be treated as an invalid packet, a STUN packet, or a T.38 packet
# One of: Invalid RTP packets, STUN packets, T.38 packets
# (case-insensitive).
rtp.version0_type: Invalid RTP packets

# Payload Type for RFC2198 Redundant Audio Data
# A decimal number.
rtp.rfc2198_payload_type: 99

# This is the value of the Payload Type fieldthat specifies RTP Events
# A decimal number.
rtpevent.event_payload_type_value: 101

# Set the TCP port for RTSP messages
# A decimal number.
rtsp.tcp.port: 554

# Set the alternate TCP port for RTSP messages
# A decimal number.
rtsp.tcp.alternate_port: 8554

# Whether the RTSP dissector should reassemble headers of a request spanning multiple TCP segments.  To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
rtsp.desegment_headers: TRUE

# Whether the RTSP dissector should use the "Content-length:" value to desegment the body of a request spanning multiple TCP segments
# TRUE or FALSE (case-insensitive).
rtsp.desegment_body: TRUE

# Set the UDP port for Reliable UDP traffic
# A decimal number.
rudp.udp.port: 0

# Whether the S5066 dissector should reassemble PDUs spanning multiple TCP segments. The default is to use reassembly.
# TRUE or FALSE (case-insensitive).
s5066.desegment_pdus: TRUE

# Whether the S5066 dissector should dissect editon 1 of the STANAG. This editon was never formally approved and is very rare. The common edition is editon 1.2.
# TRUE or FALSE (case-insensitive).
s5066.edition_one: FALSE

# Set the port for STANAG 5066. (If other than the default 5066. This number is registered with IANA.)
# A decimal number.
s5066.tcp.port: 5066

# NT Password (used to verify password changes)
# A string.
samr.nt_password: 

# The source point code (usually MSC) (to determine whether message is uplink or downlink)
# A hexadecimal number.
sccp.source_pc: 0

# Show parameter length in the protocol tree
# TRUE or FALSE (case-insensitive).
sccp.show_length: FALSE

# Whether XUDT messages dshould be reassembled
# TRUE or FALSE (case-insensitive).
sccp.defragment_xudt: TRUE

# When Target Cannot Be Identified, Decode SCSI Messages As
# One of: Block Device, Sequential Device
# (case-insensitive).
scsi.decode_scsi_messages_as: Block Device

# Show source and destination port numbers in the protocol tree
# TRUE or FALSE (case-insensitive).
sctp.show_port_numbers_in_tree: TRUE

# The type of checksum used in SCTP packets
# One of: None, Adler 32, CRC 32c, Automatic
# (case-insensitive).
sctp.checksum: CRC 32c

# Show always SCTP control chunks in the Info column
# TRUE or FALSE (case-insensitive).
sctp.show_always_control_chunks: TRUE

# Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port or PPI
# TRUE or FALSE (case-insensitive).
sctp.try_heuristic_first: FALSE

# Specifies that RTP/RTCP/T.38/MSRP/etc streams are decoded based upon port numbers found in SIP/SDP payload
# TRUE or FALSE (case-insensitive).
sdp.establish_conversation: TRUE

# Set UDP port 1 for SigComp messages
# A decimal number.
sigcomp.udp.port: 5555

# Set UDP port 2 for SigComp messages
# A decimal number.
sigcomp.udp.port2: 6666

# Set TCP port 1 for SigComp messages
# A decimal number.
sigcomp.tcp.port: 5555

# Set TCP port 2 for SigComp messages
# A decimal number.
sigcomp.tcp.port2: 6666

# Preference whether to Dissect the UDVM code or not
# TRUE or FALSE (case-insensitive).
sigcomp.display.udvm.code: TRUE

# preference whether to display the bytecode in UDVM operands or not
# TRUE or FALSE (case-insensitive).
sigcomp.display.bytecode: FALSE

# preference whether to decompress message or not
# TRUE or FALSE (case-insensitive).
sigcomp.decomp.msg: TRUE

# preference whether to display the decompressed message as raw text or not
# TRUE or FALSE (case-insensitive).
sigcomp.display.decomp.msg.as.txt: FALSE

# 0 = UDVM executes silently, then increasing detail about execution of UDVM instructions, Warning! CPU intense at high detail
# One of: No-Printout, Low-detail, medium-detail, High-detail
# (case-insensitive).
sigcomp.show.udvm.execution: No-Printout

# Specifies that the raw text of the SIP message should be displayed in addition to the dissection tree
# TRUE or FALSE (case-insensitive).
sip.display_raw_text: FALSE

# If enabled, only SIP/2.0 traffic will be dissected as SIP. Disable it to allow SIP traffic with a different version to be dissected as SIP.
# TRUE or FALSE (case-insensitive).
sip.strict_sip_version: TRUE

# Whether the SIP dissector should reassemble headers of a request spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
sip.desegment_headers: TRUE

# Whether the SIP dissector should use the "Content-length:" value, if present, to reassemble the body of a request spanning multiple TCP segments, and reassemble chunked data spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
sip.desegment_body: TRUE

# Whether the SCCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
skinny.desegment: TRUE

# Whether the SoulSeek dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
slsk.desegment: TRUE

# Whether the SoulSeek dissector should decompress all zlib compressed packets inside messages
# TRUE or FALSE (case-insensitive).
slsk.decompress: TRUE

# Whether the dissector should reassemble the payload of SMB Transaction commands spanning multiple SMB PDUs
# TRUE or FALSE (case-insensitive).
smb.trans_reassembly: TRUE

# Whether the dissector should reassemble DCERPC over SMB commands
# TRUE or FALSE (case-insensitive).
smb.dcerpc_reassembly: TRUE

# Whether the dissector should snoop SMB and related CIFS protocols to discover and display Names associated with SIDs
# TRUE or FALSE (case-insensitive).
smb.sid_name_snooping: FALSE

# Whether the SMPP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
smpp.reassemble_smpp_over_tcp: TRUE

# Whether the SMTP dissector should reassemble command and response lines spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
smtp.desegment_lines: TRUE

# Whether fragmented BIUs should be reassembled
# TRUE or FALSE (case-insensitive).
sna.defragment: TRUE

# Whether the SNMP OID should be shown in the info column
# TRUE or FALSE (case-insensitive).
snmp.display_oid: TRUE

# List of MIB modules to load (the list is set to environment variable MIBS if the variable is not already set)The list must be separated by colons (:) on non-Windows systems and semicolons (;) on Windows systems
# A string.
snmp.mib_modules: IP-MIB:IF-MIB:TCP-MIB:UDP-MIB:SNMPv2-MIB:RFC1213-MIB:UCD-SNMP-MIB

# Whether the SNMP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
snmp.desegment: TRUE

# ON - display dissected variables inside SNMP tree, OFF - display dissected variables in root tree after SNMP
# TRUE or FALSE (case-insensitive).
snmp.var_in_tree: TRUE

# Whether the SRVLOC dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
srvloc.desegment_tcp: TRUE

# Set the UDP port for SSCOP messages encapsulated in UDP (0 to disable)
# A string denoting an positive integer range (e.g., "1-20,30-40").
sscop.udp.ports: 

# SSCOP payload (dissector to call on SSCOP payload)
# One of: Data (no further dissection), Q.2931, SSCF-NNI (MTP3-b)
# (case-insensitive).
sscop.payload: Q.2931

# Whether the SSH dissector should reassemble SSH buffers spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ssh.desegment_buffers: TRUE

# Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ssl.desegment_ssl_records: TRUE

# Whether the SSL dissector should reassemble SSL Application Data spanning multiple SSL records. 
# TRUE or FALSE (case-insensitive).
ssl.desegment_ssl_application_data: TRUE

# semicolon separated list of private RSA keys used for SSL decryption; each list entry must be in the form of <ip>,<port>,<protocol>,<key_file_name><key_file_name>   is the local file name of the RSA private key used by the specified server

# A string.
ssl.keys_list: 

# redirect ssl debug to file name; leave empty to disable debug, use "-" to redirect output to stderr

# A string.
ssl.debug_file: 

# Version used by Wireshark
# One of: Internet Draft version 08, RFC 3868
# (case-insensitive).
sua.version: RFC 3868

# Whether the T.38 dissector should decode using the Pre-Corrigendum T.38 ASN.1 specification (1998).
# TRUE or FALSE (case-insensitive).
t38.use_pre_corrigendum_asn1_specification: TRUE

# Whether a UDP packet that looks like RTP version 2 packet will be dissected as RTP packet or T.38 packet. If enabled there is a risk that T.38 UDPTL packets with sequence number higher than 32767 may be dissected as RTP.
# TRUE or FALSE (case-insensitive).
t38.dissect_possible_rtpv2_packets_as_rtp: FALSE

# Set the TCP port for T.38 messages
# A decimal number.
t38.tcp.port: 6004

# Set the UDP port for T.38 messages
# A decimal number.
t38.udp.port: 6004

# Whether the dissector should reassemble T.38 PDUs spanning multiple TCP segments when TPKT is used over TCP. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
t38.reassembly: TRUE

# Whether T.38 is used with TPKT for TCP
# One of: Never, Always, Maybe
# (case-insensitive).
t38.tpkt_usage: Maybe

# Where available, show which protocol and frame caused this T.38 stream to be created
# TRUE or FALSE (case-insensitive).
t38.show_setup_info: TRUE

# TACACS+ Encryption Key
# A string.
tacplus.key: 

# Whether the TALI dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
tali.reassemble: TRUE

# SCCP (and SUA) SSNs to decode as TCAP
# A string denoting an positive integer range (e.g., "1-20,30-40").
tcap.ssn: 

# Whether the TCP summary line should be shown in the protocol tree
# TRUE or FALSE (case-insensitive).
tcp.summary_in_tree: TRUE

# Whether to validate the TCP checksum
# TRUE or FALSE (case-insensitive).
tcp.check_checksum: TRUE

# Whether subdissector can request TCP streams to be reassembled
# TRUE or FALSE (case-insensitive).
tcp.desegment_tcp_streams: TRUE

# Make the TCP dissector analyze TCP sequence numbers to find and flag segment retransmissions, missing segments and RTT
# TRUE or FALSE (case-insensitive).
tcp.analyze_sequence_numbers: TRUE

# Make the TCP dissector use relative sequence numbers instead of absolute ones. To use this option you must also enable "Analyze TCP sequence numbers". This option will also try to track and adjust the window field according to any TCP window scaling options seen.
# TRUE or FALSE (case-insensitive).
tcp.relative_sequence_numbers: TRUE

# Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port
# TRUE or FALSE (case-insensitive).
tcp.try_heuristic_first: FALSE

# Whether the TDS dissector should reassemble TDS buffers spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
tds.desegment_buffers: TRUE

# Whether the TDS dissector should defragment messages spanning multiple Netlib buffers
# TRUE or FALSE (case-insensitive).
tds.defragment: TRUE

# Hint as to version of TDS protocol being decoded
# One of: Not Specified, TDS 4, TDS 5, TDS 7, TDS 8
# (case-insensitive).
tds.protocol_type: Not Specified

# Hint as to whether to decode TDS protocol as little-endian or big-endian. (TDS7/8 always decoded as little-endian)
# One of: Little Endian, Big Endian
# (case-insensitive).
tds.endian_type: Little Endian

# Additional TCP ports to decode as TDS
# A string denoting an positive integer range (e.g., "1-20,30-40").
tds.tcp_ports: 

# Check this to decode IPv6 traffic between Teredo clients and relays
# TRUE or FALSE (case-insensitive).
teredo.heuristic_teredo: FALSE

# Whether SEGMENTATION_MANAGER datagrams should be reassembled
# TRUE or FALSE (case-insensitive).
tipc.defragment: TRUE

# Whether to try to dissect TIPC data or not
# TRUE or FALSE (case-insensitive).
tipc.dissect_tipc_data: FALSE

# Whether the TNS dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
tns.desegment_tns_messages: TRUE

# Whether the TPKT dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
tpkt.desegment: TRUE

# Whether Linux mangling of the link-layer header should be checked for and worked around
# TRUE or FALSE (case-insensitive).
tr.fix_linux_botches: FALSE

# Whether the UCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ucp.desegment_ucp_messages: TRUE

# Whether the UDP summary line should be shown in the protocol tree
# TRUE or FALSE (case-insensitive).
udp.summary_in_tree: TRUE

# Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port
# TRUE or FALSE (case-insensitive).
udp.try_heuristic_first: FALSE

# Ignore an invalid checksum coverage field and continue dissection
# TRUE or FALSE (case-insensitive).
udplite.ignore_checksum_coverage: TRUE

# Whether the ULP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ulp.desegment_ulp_messages: TRUE

# Set the TCP port for Ulp messages(IANA registerd port is 7275)
# A decimal number.
ulp.tcp.port: 7275

# Whether the UMA dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
uma.desegment_ucp_messages: TRUE

# Set the TCP port1 for Unlicensed Mobile Access messages
# A decimal number.
uma.tcp.port1: 14001

# Data Link Type
# One of: Disabled, User 0 (DLT=147 WTAP_ENCAP=45), User 1 (DLT=148 WTAP_ENCAP=46), User 2 (DLT=149 WTAP_ENCAP=47), User 3 (DLT=150 WTAP_ENCAP=48), User 4 (DLT=151 WTAP_ENCAP=49), User 5 (DLT=152 WTAP_ENCAP=50), User 6 (DLT=153 WTAP_ENCAP=51), User 7 (DLT=154 WTAP_ENCAP=52), User 8 (DLT=155 WTAP_ENCAP=53), User 9 (DLT=156 WTAP_ENCAP=54), User 10 (DLT=157 WTAP_ENCAP=55), User 11 (DLT=158 WTAP_ENCAP=56), User 12 (DLT=159 WTAP_ENCAP=57), User 13 (DLT=160 WTAP_ENCAP=58), User 14 (DLT=161 WTAP_ENCAP=59), User 15 (DLT=162 WTAP_ENCAP=60)
# (case-insensitive).
user_dlt_a.dlt: Disabled

# 
# One of: No encpsulation, SSCOP
# (case-insensitive).
user_dlt_a.special_encap: No encpsulation

# Payload
# A string.
user_dlt_a.payload: 

# The size (in octets) of the Header
# A decimal number.
user_dlt_a.header_size: 0

# The size (in octets) of the Trailer
# A decimal number.
user_dlt_a.trailer_size: 0

# Header Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_a.header_proto: 

# Trailer Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_a.trailer_proto: 

# Data Link Type
# One of: Disabled, User 0 (DLT=147 WTAP_ENCAP=45), User 1 (DLT=148 WTAP_ENCAP=46), User 2 (DLT=149 WTAP_ENCAP=47), User 3 (DLT=150 WTAP_ENCAP=48), User 4 (DLT=151 WTAP_ENCAP=49), User 5 (DLT=152 WTAP_ENCAP=50), User 6 (DLT=153 WTAP_ENCAP=51), User 7 (DLT=154 WTAP_ENCAP=52), User 8 (DLT=155 WTAP_ENCAP=53), User 9 (DLT=156 WTAP_ENCAP=54), User 10 (DLT=157 WTAP_ENCAP=55), User 11 (DLT=158 WTAP_ENCAP=56), User 12 (DLT=159 WTAP_ENCAP=57), User 13 (DLT=160 WTAP_ENCAP=58), User 14 (DLT=161 WTAP_ENCAP=59), User 15 (DLT=162 WTAP_ENCAP=60)
# (case-insensitive).
user_dlt_b.dlt: Disabled

# 
# One of: No encpsulation, SSCOP
# (case-insensitive).
user_dlt_b.special_encap: No encpsulation

# Payload
# A string.
user_dlt_b.payload: 

# The size (in octets) of the Header
# A decimal number.
user_dlt_b.header_size: 0

# The size (in octets) of the Trailer
# A decimal number.
user_dlt_b.trailer_size: 0

# Header Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_b.header_proto: 

# Trailer Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_b.trailer_proto: 

# Data Link Type
# One of: Disabled, User 0 (DLT=147 WTAP_ENCAP=45), User 1 (DLT=148 WTAP_ENCAP=46), User 2 (DLT=149 WTAP_ENCAP=47), User 3 (DLT=150 WTAP_ENCAP=48), User 4 (DLT=151 WTAP_ENCAP=49), User 5 (DLT=152 WTAP_ENCAP=50), User 6 (DLT=153 WTAP_ENCAP=51), User 7 (DLT=154 WTAP_ENCAP=52), User 8 (DLT=155 WTAP_ENCAP=53), User 9 (DLT=156 WTAP_ENCAP=54), User 10 (DLT=157 WTAP_ENCAP=55), User 11 (DLT=158 WTAP_ENCAP=56), User 12 (DLT=159 WTAP_ENCAP=57), User 13 (DLT=160 WTAP_ENCAP=58), User 14 (DLT=161 WTAP_ENCAP=59), User 15 (DLT=162 WTAP_ENCAP=60)
# (case-insensitive).
user_dlt_c.dlt: Disabled

# 
# One of: No encpsulation, SSCOP
# (case-insensitive).
user_dlt_c.special_encap: No encpsulation

# Payload
# A string.
user_dlt_c.payload: 

# The size (in octets) of the Header
# A decimal number.
user_dlt_c.header_size: 0

# The size (in octets) of the Trailer
# A decimal number.
user_dlt_c.trailer_size: 0

# Header Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_c.header_proto: 

# Trailer Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_c.trailer_proto: 

# Data Link Type
# One of: Disabled, User 0 (DLT=147 WTAP_ENCAP=45), User 1 (DLT=148 WTAP_ENCAP=46), User 2 (DLT=149 WTAP_ENCAP=47), User 3 (DLT=150 WTAP_ENCAP=48), User 4 (DLT=151 WTAP_ENCAP=49), User 5 (DLT=152 WTAP_ENCAP=50), User 6 (DLT=153 WTAP_ENCAP=51), User 7 (DLT=154 WTAP_ENCAP=52), User 8 (DLT=155 WTAP_ENCAP=53), User 9 (DLT=156 WTAP_ENCAP=54), User 10 (DLT=157 WTAP_ENCAP=55), User 11 (DLT=158 WTAP_ENCAP=56), User 12 (DLT=159 WTAP_ENCAP=57), User 13 (DLT=160 WTAP_ENCAP=58), User 14 (DLT=161 WTAP_ENCAP=59), User 15 (DLT=162 WTAP_ENCAP=60)
# (case-insensitive).
user_dlt_d.dlt: Disabled

# 
# One of: No encpsulation, SSCOP
# (case-insensitive).
user_dlt_d.special_encap: No encpsulation

# Payload
# A string.
user_dlt_d.payload: 

# The size (in octets) of the Header
# A decimal number.
user_dlt_d.header_size: 0

# The size (in octets) of the Trailer
# A decimal number.
user_dlt_d.trailer_size: 0

# Header Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_d.header_proto: 

# Trailer Protocol (used only when ecapsulation is not given)
# A string.
user_dlt_d.trailer_proto: 

# To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
vnc.desegment: TRUE

# Decode this port's traffic as VNC in addition to the default ports (5500, 5501, 5900, 5901)
# A decimal number.
vnc.alternate_port: 0

# Enable this preference if you want to view the WBXML tokens without the representation in a media type (e.g., WML). Tokens will show up as Tag_0x12, attrStart_0x08 or attrValue_0x0B for example.
# TRUE or FALSE (case-insensitive).
wbxml.skip_wbxml_token_mapping: FALSE

# Enable this preference if you want to skip the parsing of the WBXML tokens that constitute the body of the WBXML document. Only the WBXML header will be dissected (and visualized) then.
# TRUE or FALSE (case-insensitive).
wbxml.disable_wbxml_token_parsing: FALSE

# Whether the WINS-Replication dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
winsrepl.reassemble: TRUE

# Whether fragmented 802.11 datagrams should be reassembled
# TRUE or FALSE (case-insensitive).
wlan.defragment: TRUE

# Some 802.11 cards include the FCS at the end of a packet, others do not.
# TRUE or FALSE (case-insensitive).
wlan.check_fcs: FALSE

# Some 802.11 cards leave the WEP bit set even though the packet is decrypted.
# TRUE or FALSE (case-insensitive).
wlan.ignore_wep: FALSE

# How many WEP keys do we have to choose from? (0 to disable, up to 4)
# One of: 0, 1, 2, 3, 4
# (case-insensitive).
wlan.wep_keys: 0

# First WEP key (A:B:C:D:E) [40bit], (A:B:C:D:E:F:G:H:I:J:K:L:M) [104bit], or whatever key length you're using
# A string.
wlan.wep_key1: 

# Second WEP key (A:B:C:D:E) [40bit], (A:B:C:D:E:F:G:H:I:J:K:L:M) [104bit], or whatever key length you're using
# A string.
wlan.wep_key2: 

# Third WEP key (A:B:C:D:E) [40bit], (A:B:C:D:E:F:G:H:I:J:K:L:M) [104bit], or whatever key length you're using
# A string.
wlan.wep_key3: 

# Fourth WEP key (A:B:C:D:E) [40bit] (A:B:C:D:E:F:G:H:I:J:K:L:M) [104bit], or whatever key length you're using
# A string.
wlan.wep_key4: 

# If CALL REQUEST not seen or didn't specify protocol, dissect as QLLC/SNA
# TRUE or FALSE (case-insensitive).
x.25.payload_is_qllc_sna: FALSE

# Reassemble fragmented X.25 packets
# TRUE or FALSE (case-insensitive).
x.25.reassemble: TRUE

# Whether the X11 dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
x11.desegment: TRUE

# Try to recognize XML for unknown media types
# TRUE or FALSE (case-insensitive).
xml.heuristic: FALSE

# Whether the X.25-over-TCP dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
xot.desegment: TRUE

# Whether the YMSG dissector should reasssemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive).
ymsg.desegment: TRUE
