1998-09-16 02:39:15 +00:00
|
|
|
General Information
|
|
|
|
------- -----------
|
|
|
|
|
1998-12-29 03:12:07 +00:00
|
|
|
Ethereal is a network traffic analyzer for Unix and Unix-like operating
|
|
|
|
systems. It is based on GTK+, a graphical user interface library,
|
|
|
|
and libpcap, a packet capture and filtering library.
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
The official home of Ethereal is
|
|
|
|
|
|
|
|
http://ethereal.zing.org
|
|
|
|
|
|
|
|
The latest distribution can be found in the subdirectory
|
|
|
|
|
|
|
|
http://ethereal.zing.org/distribution
|
|
|
|
|
|
|
|
|
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
1998-12-29 03:12:07 +00:00
|
|
|
Ethereal is known to compile and run on the following systems:
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-12-29 03:12:07 +00:00
|
|
|
- Linux (2.0.x)
|
|
|
|
- Solaris (2.5.1, 2.6)
|
|
|
|
- FreeBSD (2.2.5, 2.2.6)
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-12-29 03:12:07 +00:00
|
|
|
It should run on other systems without too much trouble.
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
|
1998-12-29 03:12:07 +00:00
|
|
|
Full installation instructions can be found in the INSTALL file.
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1998-12-29 03:12:07 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
Usage
|
|
|
|
-----
|
|
|
|
|
|
|
|
In order to capture packets from the network, you need to be running
|
1998-12-29 03:12:07 +00:00
|
|
|
as root, or have access to the appropriate entry under /dev if your
|
|
|
|
system is so inclined (BSD-derived systems and Solaris typically fall
|
|
|
|
into this category. Although it might be tempting to make the
|
|
|
|
Ethereal executable setuid root, please don't - alpha code is by nature
|
|
|
|
not very robust, and liable to contain security holes.
|
|
|
|
|
|
|
|
Please consult the man page for a description of each command-line
|
|
|
|
option and interface feature.
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
|
1998-11-12 06:01:27 +00:00
|
|
|
Multiple File Types
|
|
|
|
-------------------
|
|
|
|
|
1998-11-18 20:10:30 +00:00
|
|
|
The wiretap library is a packet-capture library currently under
|
|
|
|
development parallel to ethereal. In the future it is hoped that
|
|
|
|
wiretap will have more features than libpcap, but wiretap is still in
|
|
|
|
its infancy. You can compile ethereal with the wiretap library by using
|
|
|
|
'./configure --with-wiretap'. Using wiretap will allow you to read
|
1999-03-01 20:32:54 +00:00
|
|
|
libpcap, Sniffer, NetXray (and Sniffer Pro), Sun "snoop", LANalyzer,
|
|
|
|
Microsoft Network Monitor, and AIX "iptrace" 2.0 trace files. Some minimal
|
|
|
|
display filters now work. But because "Follow TCP Stream" relies on IP and TCP
|
|
|
|
display filtering, and those aren't yet available in wiretap's display filter
|
|
|
|
system, "Follow TCP Stream" is turned off when you compile --with-wiretap.
|
|
|
|
|
|
|
|
You can still capture packets from within ethereal using libpcap, and therefore
|
1999-01-30 10:35:19 +00:00
|
|
|
use libpcap-style capture filters, however.
|
1998-11-12 06:01:27 +00:00
|
|
|
|
1999-03-01 20:32:54 +00:00
|
|
|
If you want to add support for other packet-capture file formats, please
|
|
|
|
look at the wiretap source code in the wiretap directory.
|
1998-11-12 06:01:27 +00:00
|
|
|
|
|
|
|
Please report any problems that are wiretap related to
|
|
|
|
Gilbert Ramirez <gram@verdict.uthscsa.edu>. He uses token-ring at work, so he
|
|
|
|
is especially interested in any non-token-ring trace files you can send him.
|
|
|
|
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
Disclaimer
|
|
|
|
----------
|
|
|
|
|
|
|
|
There is no warranty, expressed or implied, associated with this product.
|
|
|
|
Use at your own risk.
|