osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

ethereal to wireshark changes 

svn path=/trunk/; revision=18501
daniel/osmux
Ronnie Sahlberg 2006-06-17 12:21:54 +00:00
parent 62e32390b5
commit 06bdc31f5b
7 changed files with 62 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.bsd
View File

@ -1,6 +1,6 @@
$Id$
In order to capture packets (with Ethereal/TShark, tcpdump, or any
In order to capture packets (with Wireshark/TShark, tcpdump, or any
other packet capture program) on a BSD system, your kernel must have
the Berkeley packet Filter mechanism enabled. On some BSDs (recent
versions of FreeBSD, for example), it's enabled by default in the

16
README.hpux
View File

@ -2,13 +2,13 @@ $Id$
Contents:
1 - Building ethereal
1 - Building wireshark
2 - Building GTK+/GLib with HP's C compiler
3 - nettl support
4 - libpcap on HP-UX
5 - HP-UX patches to fix packet capture problems
1 - Building ethereal
1 - Building wireshark
The Software Porting And Archive Centre for HP-UX, at
@ -20,7 +20,7 @@ both source and binary form, for Wireshark, as well as for the libpcap,
GLib, GTK+, and zlib libraries that it uses.
The changes they've made appear largely to be compile option changes; if
you've downloaded the source to the latest version of Ethereal (the
you've downloaded the source to the latest version of Wireshark (the
version on the Centre's site may not necessarily be the latest version),
it should be able to compile, perhaps with those changes.
@ -40,12 +40,12 @@ By default, HP's C compiler doesn't support "long long int" to provide
64-bit integral data types on 32-bit platforms; the "-Ae" flag must be
supplied to enable extensions such as that.
Ethereal's "configure" script automatically includes that flag if it
Wireshark's "configure" script automatically includes that flag if it
detects that the native compiler is being used on HP-UX; however, the
configure scripts for GTK+ and GLib don't do so, which means that 64-bit
integer support won't be enabled.
This may prevent some parts of Ethereal from compiling; in order to get
This may prevent some parts of Wireshark from compiling; in order to get
64-bit integer support in GTK+/GLib, edit all the Makefiles for GTK+ and
GLib, as generated by the GTK+ and GLib "configure" scripts, to add
"-Ae" to all "CFLAGS = " definitions found in those Makefiles. (If a
@ -54,7 +54,7 @@ definition that includes "-Ae".)
3 - nettl support
nettl is used on HP-UX to trace various streams based subsystems. Ethereal
nettl is used on HP-UX to trace various streams based subsystems. Wireshark
can read nettl files containing raw IP frames (NS_LS_IP, NS_LS_TCP,
NS_LS_UDP, NS_LS_ICMP subsystems), all ethernet/tokenring/fddi driver
level frames (such as BTLAN, BASE100, GELAN, IGELAN subsystems) and LAPB
@ -80,7 +80,7 @@ on old versions of 10.20 and 9.04.
4 - libpcap on HP-UX
If you want to use Ethereal to capture packets, you will have to install
If you want to use Wireshark to capture packets, you will have to install
libpcap; binary distributions are, as noted above, available from the
Software Porting And Archive Centre for HP-UX, as well as source code.
@ -99,7 +99,7 @@ as a shared library.
5 - HP-UX patches to fix packet capture problems
Note that packet-capture programs such as Ethereal/TShark or tcpdump
Note that packet-capture programs such as Wireshark/TShark or tcpdump
may, on HP-UX, not be able to see packets sent from the machine on which
they're running. Make sure you have a recent "LAN Cummulative/DLPI" patch
installed.

10
README.linux
View File

@ -1,6 +1,6 @@
$Id$
In order to capture packets (with Ethereal/TShark, tcpdump, or any
In order to capture packets (with Wireshark/TShark, tcpdump, or any
other libpcap-based packet capture program) on a Linux system, the
"packet" protocol must be supported by your kernel. If it is not, you
may get error messages such as
@ -83,13 +83,13 @@ distribution releases will not have this problem.
In addition, older versions of libpcap will, on Linux systems with a
2.0[.x] kernel, or if built for systems with a 2.0[.x] kernel, not turn
promiscuous mode off on a network device until the program using
promiscuous mode exits, so if you start a capture with Ethereal on some
promiscuous mode exits, so if you start a capture with Wireshark on some
Linux distributions, the network interface will be put in promiscuous
mode and will remain in promiscuous mode until Ethereal exits. There
mode and will remain in promiscuous mode until Wireshark exits. There
might be additional libpcap bugs that cause it not to be turned off even
when Ethereal exits; if your network is busy, this could cause the Linux
when Wireshark exits; if your network is busy, this could cause the Linux
networking stack to do a lot more work discarding packets not intended
for the machine, so you may want to check, after running Ethereal,
for the machine, so you may want to check, after running Wireshark,
whether any network interfaces are in promiscuous mode (the output of
"ifconfig -a" will say something such as

16
README.macos
View File

@ -1,21 +1,21 @@
$Id$
This file tries to help building Ethereal for Mac OS X (Ethereal does
This file tries to help building Wireshark for Mac OS X (Wireshark does
not work on earlier versions of Mac OS).
In order to build Ethereal, you must have X11 and the X11 developer
In order to build Wireshark, you must have X11 and the X11 developer
headers and libraries installed; otherwise, you will not be able to
build or install GTK+, and will only be able to build TShark. The
X11 and X11 SDK that come with Mac OS X 10.3[.x] are sufficient to build
and run Ethereal.
and run Wireshark.
The changes to enable libwiretap and libwireshark being built as shared
libraries have broken shared gtk1 builds on Mac OS X. The GLib 1.x and
GTK+ 1.x release tarballs were built with an older version of libtool
that didn't support shared libraries on Mac OS X, so you can't build and
install them as shared libraries, but the shared-library build of
Ethereal requires GLib and GTK+, on Mac OS X, to be shared libraries.
The alternative to build Ethereal as one big statically linked binary
Wireshark requires GLib and GTK+, on Mac OS X, to be shared libraries.
The alternative to build Wireshark as one big statically linked binary
isn't working either (and may never have worked on this OS).
The way out of this situation is to use gtk2 and associated libraries
@ -47,7 +47,7 @@ directory:
However, on Tiger, it appears that the libraries built and installed by
those packages collide with libraries that come with the OS, so you
might have to configure GTK+ not to support loading those images
(Ethereal doesn't use the ability to load JPEG, PNG, or TIFF images), by
(Wireshark doesn't use the ability to load JPEG, PNG, or TIFF images), by
using the "--without-libpng", "--without-libjpeg", and
"---without-libtiff" flags when running "configure" in the GTK+ source
directory.
@ -77,11 +77,11 @@ do "sudo ranlib /usr/local/lib/libjpeg.a" after "make install-lib".
For libpng, use scripts/makefile.darwin, not scripts/makefile.macosx.
Finally run the configure script. By default it will use
the Glib2 and GTK+2 libraries. If you run Ethereal's configure script
the Glib2 and GTK+2 libraries. If you run Wireshark's configure script
with the "--disable-gtk2" argument it'll try to configure with GLib
1.2[.x] and GTK+ 1.2[.x], in which case:
if they're not installed, the configure script will fail;
if they are installed, the configure script will configure
Ethereal to build with them.
Wireshark to build with them.

4
README.tru64
View File

@ -35,9 +35,9 @@ Interface configuration
In order to capture all packets on a network, you may want to allow
applications to put the interface on that network into "local copy"
mode, so that Ethereal can see packets sent by the host on which it's
mode, so that Wireshark can see packets sent by the host on which it's
running as well as packets received by that host, and to put the
interface into "promiscuous" mode, so that Ethereal can see packets on
interface into "promiscuous" mode, so that Wireshark can see packets on
the network segment not sent to the host on which it's running, by using
the pfconfig(1) command:

2
README.vmware
View File

@ -23,7 +23,7 @@ With the patch from VMware, you can sniff the packets on these
network devices. Note the distinction between "network device", where a
device driver file exists in /dev, and "interface", which is a namespace
private to the kernel (not on the filesystem). You have to supply the
full pathname of the device to Ethereal (i.e., "/dev/vmnetN").
full pathname of the device to Wireshark (i.e., "/dev/vmnetN").
When vmnet1 is up, you will be able to select it from the list of
interfaces, since it will have both a device name (/dev/vmnet1) and
an interface name "vmnet1"

74
README.win32
View File

@ -1,8 +1,8 @@
$Id$
Installing Ethereal, TShark, and Editcap on Win32
Installing Wireshark, TShark, and Editcap on Win32
====================================================
These are the instructions for installing Ethereal
These are the instructions for installing Wireshark
from the installation executable that is provided on
the Wireshark website at:
@ -12,7 +12,7 @@ and any of its mirrors.
The installation package allows you to install:
o Ethereal - the GUI version
o Wireshark - the GUI version
o TShark - the console, line-mode version
o Editcap - a console, line-mode utility to convert
capture files from one format to another.
@ -24,29 +24,29 @@ The installation package allows you to install:
Additionally, the installation package contains a "plugins"
option, which installs some additional dissector plugins
for use with Ethereal and TShark.
for use with Wireshark and TShark.
All binaries in Wireshark package are now built with debugging
information embedded. If you are experiencing a crash when running
Ethereal or other binaries, Dr. Watson or your debugger
Wireshark or other binaries, Dr. Watson or your debugger
can use the information embedded in the binary to provide useful
information to the Wireshark developers that will help them pinpoint
the problem.
In the past, two versions of Ethereal binaries were published -- a
In the past, two versions of Wireshark binaries were published -- a
version that could capture packets and a version which could not.
The latter is useful if you're only reading files produced by
another product (e.g., a sniffer, firewall, or intrustion detection system)
and did not wish to install WinPcap, the library Ethereal uses
and did not wish to install WinPcap, the library Wireshark uses
to capture packets on Win32 platforms.
As of WinPcap 2.1, all the WinPcap libraries have been released as DLLs.
This means that Ethereal can detect the presence of WinPcap at run time,
This means that Wireshark can detect the presence of WinPcap at run time,
which means that only one version of the Wireshark binaries needs to be
shipped.
If you don't want to capture packets, just install the Ethereal
package. If you do want to capture packets, install Ethereal *and*
If you don't want to capture packets, just install the Wireshark
package. If you do want to capture packets, install Wireshark *and*
install the latest non-beta version of WinPcap, available from:
http://winpcap.polito.it/
@ -85,7 +85,7 @@ They also make Analyzer, a GUI sniffer for Win32:
http://analyzer.polito.it/
The rest of this documentation is only interesting if
you want to compile Ethereal yourself.
you want to compile Wireshark yourself.
Compiling the Wireshark distribution from source
@ -93,7 +93,7 @@ Compiling the Wireshark distribution from source
Developer's Guide
-----------------
You can find a comprehensive guide how to develop Ethereal in the
You can find a comprehensive guide how to develop Wireshark in the
Developer's Guide, which you can find (and much more info) at:
http://wiki.wireshark.org/Development
@ -104,9 +104,9 @@ environment and it's usage.
Compilers
---------
MS Visual C++ Version 6
This is the common compiler used for building Ethereal on win32.
This is the common compiler used for building Wireshark on win32.
If you've downloaded an Ethereal source tarball and unpacked it, then,
If you've downloaded an Wireshark source tarball and unpacked it, then,
before you do any build, you must do
nmake -f makefile.nmake distclean
@ -131,7 +131,7 @@ Currently unsupported for two reasons:
See section "Problems with MS Visual C++ Version 7 / VC.NET" below.
Cygwin GCC
Ethereal can entirely be built with cygwin GCC. However the built binaries will
Wireshark can entirely be built with cygwin GCC. However the built binaries will
only run in a cygwin environment, so they are not standalone Win32 applications.
It is however not excluded that native Win32 code can be compiled on cygwin GCC
but you then have to use -mms-bitfields as a strict minimum and probably
@ -210,7 +210,7 @@ By default, the build process looks for these packages in
C:\wireshark-win32-libs. You can place them in a different directory, but
you must update the WIRESHARK_LIBS variable in config.nmake accordingly.
The following lists the packages needed to compile Ethereal and the default
The following lists the packages needed to compile Wireshark and the default
locations where to unpack them, when the above method isn't used.
Package Default Location
@ -248,7 +248,7 @@ Compiling the Wireshark distribution using GTK+2
-----------------------------------------------
The more recent version 2 of the GTK+ can be used to compile
Ethereal with, but is still considered beta.
Wireshark with, but is still considered beta.
GTK+2 will look better in various ways, especially for WIN32 users.
@ -277,23 +277,23 @@ and optional:
Be sure to set GTK2_DIR in config.nmake correct, to be able to compile.
Running your freshly compiled Ethereal
Running your freshly compiled Wireshark
--------------------------------------
Make sure the glib and gtk DLL's are in your path or you use a directory
where all required DLL's and the exe files reside.- i.e., that your
path includes the directory (folder) or directories (folders) in which
those DLLs are found - when you run Ethereal.
those DLLs are found - when you run Wireshark.
Note the wiretap*.dll must be in your path as well and if wiretap is changed
be sure to put the new one in your path.
Plugins (gryphon.dll and mgcp.dll) can go in:
<Ethereal installation directory>\plugins\<version>
<Wireshark installation directory>\plugins\<version>
Where <version> is the version number, without brackets. For example,
if you have Ethereal 0.10.12 installed in the default location, plugins
will reside in C:\Program Files\Ethereal\plugins\0.10.12
if you have Wireshark 0.99.1 installed in the default location, plugins
will reside in C:\Program Files\Wireshark\plugins\0.99.1
Yes, the location of plugins needs to be more flexible.
@ -320,7 +320,7 @@ as the "command.com" on Windows 2000, at least, can't handle non-8.3
directory names. (It may be that the "command.com" in Windows 95, Windows
98, and Windows Me, as it's the only command interpreter in those systems,
can handle those directories. If not, it may not be possible to build
Ethereal from the command line on those versions of Windows.)
Wireshark from the command line on those versions of Windows.)
Be sure that your command-line environment is set up to compile
and link with MSVC++. When installing MSVC++, you can have your
@ -329,8 +329,8 @@ command line, or you can invoke the vcvars32.bat script, which can
usually be found in the "VC98\Bin" subdirectory of the directory in
which Visual Studio was installed.
The first time you build Ethereal, run "nmake -f makefile.nmake distclean"
in the top-level Ethereal source directory to make sure that the "config.h"
The first time you build Wireshark, run "nmake -f makefile.nmake distclean"
in the top-level Wireshark source directory to make sure that the "config.h"
files will be reconstructed from the "config.h.win32" files. (If, for
example, you have "config.h" files left over from a Unix build, a
Windows build will fail.)
@ -442,12 +442,12 @@ Installing GTK-Wimp
GTK-Wimp can be used to get a native Look-and-Feel on WinXP machines,
especially with the new "coloured" WinXP theme. It will only take effect
together with the GTK2 version of Ethereal.
together with the GTK2 version of Wireshark.
No changes to the Wireshark sources are needed, GTK-Wimp simply changes the
way GTK2 displays the widgets (by changing the GTK2 default theme).
GTK-Wimp will be automatically installed if you use the official Ethereal Setup.
GTK-Wimp will be automatically installed if you use the official Wireshark Setup.
In this case, the files mentioned below are already existing at the appropriate
places.
@ -456,7 +456,7 @@ method is error prone and therefore no longer recommended):
1. Go to http://gtk-wimp.sourceforge.net/
2. Download the ZIP archive containing the library and the theme
3. Locate the installation directory of Ethereal (C:\Program Files\Ethereal)
3. Locate the installation directory of Wireshark (C:\Program Files\Wireshark)
4. Create a subdirectory 'share\themes\Default\gtk-2.0'
5. Drop the file 'gtkrc' in 'share\themes\Default\gtk-2.0'
6. Create a subdirectory named 'lib\gtk-2.0\2.4.0\engines'
@ -464,10 +464,10 @@ method is error prone and therefore no longer recommended):
When you're finished, you should have:
C:\Program Files\Ethereal\lib\gtk-2.0\2.4.0\engines\libwimp.dll
C:\Program Files\Ethereal\share\themes\Default\gtk-2.0\gtkrc
C:\Program Files\Wireshark\lib\gtk-2.0\2.4.0\engines\libwimp.dll
C:\Program Files\Wireshark\share\themes\Default\gtk-2.0\gtkrc
After (re-)starting Ethereal, you should now see it's widgets in the modern
After (re-)starting Wireshark, you should now see it's widgets in the modern
WinXP style on your screen.
@ -492,7 +492,7 @@ The same problem seems to apply on all MSVC compilers after version 6, like the
Instructions for Cygwin
-----------------------
It is possible to build Ethereal under Cygwin using their version
It is possible to build Wireshark under Cygwin using their version
of XFree86. References:
- http://www.ethereal.com/lists/ethereal-dev/200205/msg00107.html
- http://www.ethereal.com/lists/ethereal-dev/200302/msg00026.html
@ -546,10 +546,10 @@ To get it running, execute the following steps:
removing "ethclist.c" from the dependencies.
This patch is required since the private GTK+ clist widget
(was required for earlier versions of GTK+ but prevents Ethereal
(was required for earlier versions of GTK+ but prevents Wireshark
from running with cygwin).
6. Configure and make Ethereal:
6. Configure and make Wireshark:
Set the path (if this has not yet been done earlier)
@ -575,7 +575,7 @@ To get it running, execute the following steps:
want to use them. Note also that running "make install" produces lots of
output to the console; this is normal.
Note: Compiling Ethereal under cygwin takes a lot of time, because the
Note: Compiling Wireshark under cygwin takes a lot of time, because the
generation of 'register.c' takes ages. If you only edit one dissector and
you know what you're doing, it is acceptable to uncomment the generation
of the file 'register.c' in Makefile. Look for the 'register.c' target:
@ -587,12 +587,12 @@ of the file 'register.c' in Makefile. Look for the 'register.c' target:
Of course, you need to generate the 'register.c' file at least once.
Note: You can also capture packets on a cygwin built Ethereal. You then have
Note: You can also capture packets on a cygwin built Wireshark. You then have
to unpack the WinPCap development package, install the files in lib/ and
include/ in say /usr/lib and /usr/include (they must be in the search path of
the compiler and linker, otherwise you have to specify the configure option
--with-pcap=/location/to/pcap so the packet capture functionality can be used.
In order to run Ethereal, you have to add the .dll files in a directory in the
In order to run Wireshark, you have to add the .dll files in a directory in the
PATH (e.g., /bin).
Should you want packet capturing enabled in the cygwin build, then you have to
remove --without-pcap from step 6.