MATE: Getting Started
MATE has not being released yet as a part of wireshark, a lot of testing is still necessary as there are many bugs. Other than that some features are to be rewritten in the next future.
However MATE needs testers, modules for matelib, example files etc. So if you know the protocols you are working with and want to help making MATE work, you are welcome on board.
Other Ideas on what MATE should do might come from other people using it, see Mate/Discussion.
These are the steps to try out MATE:
- on unix
update Wireshark to at least version 0.10.13 (see Help->About)
- on windows
download and install (or update to) wireshark version 0.10.13 (see Help->About)
- MATE won't install by default, select MATE while installing.
run Wireshark and check if the plugin is installed correct (MATE should appear in Help->About->Plugins)
get a configuration file e.g. tcp.mate (see Mate/Examples for more) and place it somewhere on your harddisk (e.g. D:\tcp.mate on win32)
go to Preferences->mate and set the config filename to the file you want to use (e.g. D:\tcp.mate on win32), you don't have to restart Wireshark
load a corresponding capture file (e.g. SampleCaptures/http.cap) and see if MATE has added some new display filter fields, something like: mate tcp_pdu:1->tcp_ses:1
or, at prompt: path_to/wireshark -o "mate.config: tcp.mate" -r http.cap
If anything went well, your packet details might look something like this:
