osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Tethereal/tethereal -> TShark/tshark. 

svn path=/trunk/; revision=18268
daniel/osmux
Gerald Combs 2006-05-31 17:38:42 +00:00
parent 7bc853b62b
commit 8958bab6de
98 changed files with 438 additions and 438 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
FAQ
View File

@ -41,7 +41,7 @@
3. Installing Ethereal:
3.1 I installed an Ethereal RPM; why did it install Tethereal but not
3.1 I installed an Ethereal RPM; why did it install TShark but not
Ethereal?
4. Building Ethereal:
@ -70,7 +70,7 @@
5.1 Why does Ethereal crash with a Bus Error when I try to run it on Solaris
8?
5.2 When I run Tethereal with the "-x" option, why does it crash with an
5.2 When I run TShark with the "-x" option, why does it crash with an
error
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
@ -1169,7 +1169,7 @@ cies
3. Installing Ethereal
Q 3.1: I installed an Ethereal RPM; why did it install Tethereal but not
Q 3.1: I installed an Ethereal RPM; why did it install TShark but not
Ethereal?
A: Older versions of the Red Hat RPMs for Wireshark put only the non-GUI
@ -1270,7 +1270,7 @@ cies
Similar problems may exist with older versions of GTK+ for earlier versions
of Solaris.
Q 5.2: When I run Tethereal with the "-x" option, why does it crash with an
Q 5.2: When I run TShark with the "-x" option, why does it crash with an
error
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
@ -1440,7 +1440,7 @@ cies
supply to the host all network packets they see. Ethereal will try to put
the interface on which it's capturing into promiscuous mode unless the
"Capture packets in promiscuous mode" option is turned off in the "Capture
Options" dialog box, and Tethereal will try to put the interface on which
Options" dialog box, and TShark will try to put the interface on which
it's capturing into promiscuous mode unless the -p option was specified.
However, some network interfaces don't support promiscuous mode, and some
OSes might not allow interfaces to be put into promiscuous mode.
@ -1537,7 +1537,7 @@ cies
Q 7.6: How do I put an interface into promiscuous mode?
A: By not disabling promiscuous mode when running Ethereal or Tethereal.
A: By not disabling promiscuous mode when running Ethereal or TShark.
Note, however, that:
* the form of promiscuous mode that libpcap (the library that programs
@ -1768,7 +1768,7 @@ cies
A: If you are running Ethereal on Windows NT 4.0, Windows 2000, Windows XP,
or Windows Server 2003, and this is the first time you have run a
WinPcap-based program (such as Ethereal, or Tethereal, or WinDump, or
WinPcap-based program (such as Ethereal, or TShark, or WinDump, or
Analyzer, or...) since the machine was rebooted, you need to run that
program from an account with administrator privileges; once you have run
such a program, you will not need administrator privileges to run any such
@ -2137,7 +2137,7 @@ cies
passively capture packets.
This means that you should disable name resolution when capturing in monitor
mode; otherwise, when Ethereal (or Tethereal, or tcpdump) tries to display
mode; otherwise, when Ethereal (or TShark, or tcpdump) tries to display
IP addresses as host names, it will probably block for a long time trying to
resolve the name because it will not be able to communicate with any DNS or
NIS servers.
@ -2179,7 +2179,7 @@ cies
possible" option, clicking "Save" if you want to save that setting in your
preference file, and clicking "OK".
It can also be set on the Wireshark or Tethereal command line with a -o
It can also be set on the Wireshark or TShark command line with a -o
tcp.check_checksum:false command-line flag, or manually set in your
preferences file by adding a tcp.check_checksum:false line.

12
INSTALL
View File

@ -33,7 +33,7 @@ README.win32 for those instructions.
GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
1.2[.x].
2. If you wish to build Tethereal, the line-mode version of Ethereal,
2. If you wish to build TShark, the line-mode version of Ethereal,
make sure you have GLIB installed. See note #1 above for instructions
on checking if you have GLIB installed. You can download GLIB from
the same site as GTK.
@ -83,8 +83,8 @@ README.win32 for those instructions.
--disable-gtk2
Build Glib/Gtk+ 1.2[.x]-based ethereal.
--disable-tethereal
By default the line-mode packet analyzer, Tethereal, is built.
--disable-tshark
By default the line-mode packet analyzer, TShark, is built.
Use this switch to avoid building it.
--disable-editcap
@ -128,7 +128,7 @@ README.win32 for those instructions.
By default, if 'configure' finds zlib (a.k.a, libz), the
wiretap library will be built so that it can read compressed
capture files. If you have zlib but do not wish to build
it into the wiretap library, used by Wireshark, Tethereal, and
it into the wiretap library, used by Wireshark, TShark, and
the capture-file utilities that come in this package, use
this switch.
@ -144,7 +144,7 @@ README.win32 for those instructions.
--enable-setuid-install
Use this switch to install the packet analyzers as setuid.
Installating Ethereal and Tethereal as setuid 'root' is
Installating Ethereal and TShark as setuid 'root' is
dangerous. Repeat: IT'S DANGEROUS. Don't do it.
--with-ssl=DIR
@ -195,7 +195,7 @@ README.win32 for those instructions.
6. Run 'make'. Hopefully, you won't run into any problems.
7. Run './ethereal' or './tethereal', and make sure things are working.
7. Run './ethereal' or './tshark', and make sure things are working.
You must have root privileges in order to capture live data.
8. Run 'make install'. If you wish to install the man page, run

58
Makefile.am
View File

@ -60,13 +60,13 @@ ACLOCAL_AMFLAGS = `./aclocal-flags`
# automake will arrange that the Makefile define it as the union of all
# the "man{section}_MANS" variables.
#
bin_PROGRAMS = @ethereal_bin@ @capinfos_bin@ @editcap_bin@ @mergecap_bin@ @tethereal_bin@ @dftest_bin@ @randpkt_bin@ @text2pcap_bin@ @dumpcap_bin@
bin_PROGRAMS = @ethereal_bin@ @capinfos_bin@ @editcap_bin@ @mergecap_bin@ @tshark_bin@ @dftest_bin@ @randpkt_bin@ @text2pcap_bin@ @dumpcap_bin@
bin_SCRIPTS = @idl2wrs_bin@
man1_MANS = @ethereal_man@ @capinfos_man@ @editcap_man@ @mergecap_man@ @tethereal_man@ @text2pcap_man@ @dumpcap_man@ @idl2wrs_man@
man1_MANS = @ethereal_man@ @capinfos_man@ @editcap_man@ @mergecap_man@ @tshark_man@ @text2pcap_man@ @dumpcap_man@ @idl2wrs_man@
man4_MANS = @etherealfilter_man@
man_MANS =
EXTRA_PROGRAMS = ethereal tethereal capinfos editcap mergecap dftest \
EXTRA_PROGRAMS = ethereal tshark capinfos editcap mergecap dftest \
randpkt text2pcap dumpcap
EXTRA_SCRIPTS = idl2wrs
@ -77,7 +77,7 @@ idl2wrs: tools/idl2wrs.sh Makefile
#
# Ethereal configuration files are put in $(pkgdatadir).
#
pkgdata_DATA = AUTHORS-SHORT manuf ethereal.html tethereal.html \
pkgdata_DATA = AUTHORS-SHORT manuf ethereal.html tshark.html \
ethereal-filter.html capinfos.html editcap.html \
idl2wrs.html mergecap.html text2pcap.html dumpcap.html \
cfilters colorfilters dfilters
@ -266,11 +266,11 @@ endif # HAVE_PLUGINS
# Optional objects that I know how to build. These will be
# linked into the ethereal executable.
# They will also be linked into the tethereal executable; if this
# They will also be linked into the tshark executable; if this
# list ever grows to include something that can't be linked with
# tethereal, or if tethereal needs something that wireshark doesn't,
# tshark, or if tshark needs something that wireshark doesn't,
# we should probably split this into stuff needed both
# by wireshark and tethereal and stuff needed only by one or the
# by wireshark and tshark and stuff needed only by one or the
# other.
ethereal_optional_objects = @GETOPT_O@ @SNPRINTF_O@ @STRERROR_O@ \
@STRCASECMP_O@ @STRNCASECMP_O@ @MKSTEMP_O@ @STRPTIME_O@
@ -312,21 +312,21 @@ ethereal_LDADD = \
@LIBGNUTLS_LIBS@
# Additional libs that I know how to build. These will be
# linked into the tethereal executable.
tethereal_additional_libs = \
# linked into the tshark executable.
tshark_additional_libs = \
wiretap/libwiretap.la \
epan/libwireshark.la
# This is the automake dependency variable for the executable
tethereal_DEPENDENCIES = \
tshark_DEPENDENCIES = \
$(ethereal_optional_objects) \
$(tethereal_additional_libs) \
$(tshark_additional_libs) \
$(plugin_libs)
# This automake variable adds to the link-line for the executable
tethereal_LDADD = \
tshark_LDADD = \
$(ethereal_optional_objects) \
$(tethereal_additional_libs) \
$(tshark_additional_libs) \
@SNMP_LIBS@ @SSL_LIBS@ \
$(plugin_ldadd) \
@PCRE_LIBS@ \
@ -335,9 +335,9 @@ tethereal_LDADD = \
@LIBGNUTLS_LIBS@
if ENABLE_STATIC
tethereal_LDFLAGS = -Wl,-static -all-static
tshark_LDFLAGS = -Wl,-static -all-static
else
tethereal_LDFLAGS = -export-dynamic
tshark_LDFLAGS = -export-dynamic
endif
# Optional objects that I know how to build, and that are needed by
@ -398,9 +398,9 @@ SUFFIXES = .sh
$(editsh) $< > $@.tmp && chmod +x $@.tmp && mv $@.tmp $@
#
# Build "tethereal-tap-register.c", which contains a function
# Build "tshark-tap-register.c", which contains a function
# "register_all_tap_listeners()"
# that calls the register routines for all tethereal tap listeners.
# that calls the register routines for all tshark tap listeners.
#
# We do this by grepping through sources.
#
@ -411,9 +411,9 @@ SUFFIXES = .sh
# The first argument is the directory in which the source files live.
# All subsequent arguments are the files to scan.
#
tethereal-tap-register.c: $(TETHEREAL_TAP_SRC) $(srcdir)/make-tapreg-dotc
@echo Making tethereal-tap-register.c
@$(srcdir)/make-tapreg-dotc tethereal-tap-register.c $(srcdir) $(TETHEREAL_TAP_SRC)
tshark-tap-register.c: $(TSHARK_TAP_SRC) $(srcdir)/make-tapreg-dotc
@echo Making tshark-tap-register.c
@$(srcdir)/make-tapreg-dotc tshark-tap-register.c $(srcdir) $(TSHARK_TAP_SRC)
ps.c: print.ps rdps
./rdps $(srcdir)/print.ps ps.c
@ -557,7 +557,7 @@ EXTRA_DIST = \
doc/idl2wrs.pod \
doc/mergecap.pod \
doc/randpkt.txt \
doc/tethereal.pod \
doc/tshark.pod \
doc/text2pcap.pod \
doc/dumpcap.pod \
docbook/Makefile.auto.am \
@ -608,7 +608,7 @@ EXTRA_DIST = \
image/stock_dialog_question_48.xpm \
image/stock_dialog_info_48.xpm \
image/stock_dialog_stop_48.xpm \
image/tethereal.rc.in \
image/tshark.rc.in \
image/text2pcap.rc.in \
image/toolbar/autoscroll_24.xpm \
image/toolbar/capture_filter_24.xpm \
@ -688,7 +688,7 @@ EXTRA_DIST = \
if SETUID_INSTALL
install-exec-hook:
-chmod +s $(DESTDIR)$(bindir)/dumpcap
-chmod +s $(DESTDIR)$(bindir)/tethereal
-chmod +s $(DESTDIR)$(bindir)/tshark
else
install-exec-hook:
endif
@ -705,11 +705,11 @@ ethereal.1: doc/ethereal.pod AUTHORS-SHORT-FORMAT
(cd doc ; \
$(MAKE) ../ethereal.1 )
tethereal.1: doc/tethereal.pod
tshark.1: doc/tshark.pod
(cd doc ; \
$(MAKE) ../tethereal.1 )
$(MAKE) ../tshark.1 )
ethereal-filter.4: tethereal doc/ethereal-filter.pod.template
ethereal-filter.4: tshark doc/ethereal-filter.pod.template
(cd doc ; \
$(MAKE) ../ethereal-filter.4 )
@ -741,11 +741,11 @@ ethereal.html: doc/ethereal.pod AUTHORS-SHORT-FORMAT
(cd doc ; \
$(MAKE) ../ethereal.html )
tethereal.html: doc/tethereal.pod
tshark.html: doc/tshark.pod
(cd doc ; \
$(MAKE) ../tethereal.html )
$(MAKE) ../tshark.html )
ethereal-filter.html: tethereal doc/ethereal-filter.pod.template
ethereal-filter.html: tshark doc/ethereal-filter.pod.template
(cd doc ; \
$(MAKE) ../ethereal-filter.html )

18
Makefile.common
View File

@ -39,12 +39,12 @@ GENERATED_HEADER_FILES = \
# C source files generated from source files.
GENERATED_C_FILES = \
$(BUILT_C_FILES) \
tethereal-tap-register.c
tshark-tap-register.c
# All the generated files.
GENERATED_FILES = $(GENERATED_C_FILES) $(GENERATED_HEADER_FILES)
# sources common for ethereal and tethereal
# sources common for ethereal and tshark
ETHEREAL_COMMON_SRC = \
$(PLATFORM_SRC) \
capture_errs.c \
@ -92,8 +92,8 @@ ETHEREAL_COMMON_INCLUDES = \
util.h \
version_info.h
# sources for Tethereal taps
TETHEREAL_TAP_SRC = \
# sources for TShark taps
TSHARK_TAP_SRC = \
tap-afpstat.c \
tap-ansi_astat.c \
tap-bootpstat.c \
@ -181,15 +181,15 @@ ethereal_INCLUDES = \
tap_dfilter_dlg.h \
ui_util.h
# tethereal specifics
tethereal_SOURCES = \
# tshark specifics
tshark_SOURCES = \
$(ETHEREAL_COMMON_SRC) \
$(TETHEREAL_TAP_SRC) \
$(TSHARK_TAP_SRC) \
capture_opts.c \
capture_loop.c \
tempfile.c \
tethereal-tap-register.c \
tethereal.c
tshark-tap-register.c \
tshark.c
# text2pcap specifics
text2pcap_SOURCES = \

22
Makefile.nmake
View File

@ -29,7 +29,7 @@ PLATFORM_SRC = capture-wpcap.c capture_wpcap_packet.c
include Makefile.common
ethereal_OBJECTS = $(ethereal_SOURCES:.c=.obj)
tethereal_OBJECTS = $(tethereal_SOURCES:.c=.obj)
tshark_OBJECTS = $(tshark_SOURCES:.c=.obj)
dftest_OBJECTS = $(dftest_SOURCES:.c=.obj)
dumpcap_OBJECTS = $(dumpcap_SOURCES:.c=.obj)
@ -65,7 +65,7 @@ ethereal_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
!ENDIF
# $(PCAP_DIR)\lib\wpcap.lib
tethereal_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
tshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
wsock32.lib user32.lib \
$(GLIB_LIBS) \
$(NET_SNMP_DIR)\win32\lib\release\netsnmp.lib \
@ -118,10 +118,10 @@ randpkt_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
$(GLIB_LIBS) \
$(NET_SNMP_DIR)\win32\lib\release\netsnmp.lib
EXECUTABLES=ethereal.exe ethereal-gtk2.exe tethereal.exe \
EXECUTABLES=ethereal.exe ethereal-gtk2.exe tshark.exe \
capinfos.exe editcap.exe mergecap.exe text2pcap.exe randpkt.exe dumpcap.exe
RESOURCES=image\ethereal.res image\libwireshark.res image\tethereal.res \
RESOURCES=image\ethereal.res image\libwireshark.res image\tshark.res \
image\capinfos.res image\editcap.res image\mergecap.res \
image\text2pcap.res image\wiretap.res image\dumpcap.res
@ -170,10 +170,10 @@ ethereal-gtk2.exe : config.h svnversion.h $(ethereal_OBJECTS) $(command_line_OBJ
<<
!ENDIF
tethereal.exe : config.h svnversion.h $(tethereal_OBJECTS) $(command_line_OBJECTS) epan image\tethereal.res wiretap\wiretap-$(WTAP_VERSION).lib plugins
tshark.exe : config.h svnversion.h $(tshark_OBJECTS) $(command_line_OBJECTS) epan image\tshark.res wiretap\wiretap-$(WTAP_VERSION).lib plugins
@echo Linking $@
$(LINK) @<<
/OUT:tethereal.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console $(tethereal_LIBS) $(tethereal_OBJECTS) $(command_line_OBJECTS) image\tethereal.res
/OUT:tshark.exe $(conflags) $(conlibsdll) $(LDFLAGS) /SUBSYSTEM:console $(tshark_LIBS) $(tshark_OBJECTS) $(command_line_OBJECTS) image\tshark.res
<<
capinfos.exe : config.h capinfos.obj getopt.obj $(command_line_OBJECTS) wiretap\wiretap-$(WTAP_VERSION).lib image\capinfos.res
@ -261,7 +261,7 @@ AUTHORS-SHORT-FORMAT: AUTHORS-SHORT make-authors-format.pl
$(PERL) perlnoutf.pl make-authors-format.pl < AUTHORS-SHORT > AUTHORS-SHORT-FORMAT
#
# Build "tethereal-tap-register.c", which contains a function
# Build "tshark-tap-register.c", which contains a function
# "register_all_tap_listeners()"
# that calls the register routines for all tehtereal tap listeners.
#
@ -275,9 +275,9 @@ AUTHORS-SHORT-FORMAT: AUTHORS-SHORT make-authors-format.pl
# The second argument is the directory in which the source files live.
# All subsequent arguments are the files to scan.
#
tethereal-tap-register.c: $(TETHEREAL_TAP_SRC) make-tapreg-dotc
@echo Making tethereal-tap-register.c
@$(SH) make-tapreg-dotc tethereal-tap-register.c . $(TETHEREAL_TAP_SRC)
tshark-tap-register.c: $(TSHARK_TAP_SRC) make-tapreg-dotc
@echo Making tshark-tap-register.c
@$(SH) make-tapreg-dotc tshark-tap-register.c . $(TSHARK_TAP_SRC)
text2pcap-scanner.c : text2pcap-scanner.l
$(LEX) -otext2pcap-scanner.c text2pcap-scanner.l
@ -287,7 +287,7 @@ gtk2_distclean:
if exist gtk2.tmp rmdir gtk2.tmp
clean: gtk2_distclean
rm -f $(ethereal_OBJECTS) $(tethereal_OBJECTS) $(EXTRA_OBJECTS) \
rm -f $(ethereal_OBJECTS) $(tshark_OBJECTS) $(EXTRA_OBJECTS) \
$(EXECUTABLES) $(PDB_FILE) \
capinfos.obj editcap.obj mergecap.obj text2pcap.obj getopt.obj\
text2pcap-scanner.obj text2pcap-scanner.c rdps.obj \

2
README.bsd
View File

@ -1,6 +1,6 @@
$Id$
In order to capture packets (with Ethereal/Tethereal, tcpdump, or any
In order to capture packets (with Ethereal/TShark, tcpdump, or any
other packet capture program) on a BSD system, your kernel must have
the Berkeley packet Filter mechanism enabled. On some BSDs (recent
versions of FreeBSD, for example), it's enabled by default in the

2
README.hpux
View File

@ -99,7 +99,7 @@ as a shared library.
5 - HP-UX patches to fix packet capture problems
Note that packet-capture programs such as Ethereal/Tethereal or tcpdump
Note that packet-capture programs such as Ethereal/TShark or tcpdump
may, on HP-UX, not be able to see packets sent from the machine on which
they're running. Make sure you have a recent "LAN Cummulative/DLPI" patch
installed.

2
README.linux
View File

@ -1,6 +1,6 @@
$Id$
In order to capture packets (with Ethereal/Tethereal, tcpdump, or any
In order to capture packets (with Ethereal/TShark, tcpdump, or any
other libpcap-based packet capture program) on a Linux system, the
"packet" protocol must be supported by your kernel. If it is not, you
may get error messages such as

2
README.macos
View File

@ -5,7 +5,7 @@ not work on earlier versions of Mac OS).
In order to build Ethereal, you must have X11 and the X11 developer
headers and libraries installed; otherwise, you will not be able to
build or install GTK+, and will only be able to build Tethereal. The
build or install GTK+, and will only be able to build TShark. The
X11 and X11 SDK that come with Mac OS X 10.3[.x] are sufficient to build
and run Ethereal.

10
README.win32
View File

@ -1,6 +1,6 @@
$Id$
Installing Ethereal, Tethereal, and Editcap on Win32
Installing Ethereal, TShark, and Editcap on Win32
====================================================
These are the instructions for installing Ethereal
from the installation executable that is provided on
@ -13,7 +13,7 @@ and any of its mirrors.
The installation package allows you to install:
o Ethereal - the GUI version
o Tethereal - the console, line-mode version
o TShark - the console, line-mode version
o Editcap - a console, line-mode utility to convert
capture files from one format to another.
(The same functions are available in Wireshark)
@ -24,7 +24,7 @@ The installation package allows you to install:
Additionally, the installation package contains a "plugins"
option, which installs some additional dissector plugins
for use with Ethereal and Tethereal.
for use with Ethereal and TShark.
All binaries in Wireshark package are now built with debugging
information embedded. If you are experiencing a crash when running
@ -364,7 +364,7 @@ Source Output Tool
config.h.win32 config.h sed
epan/config.h.win32 epan/config.h sed
image/ethereal.rc.in image/ethereal.rc sed
image/tethereal.rc.in image/tethereal.rc sed
image/tshark.rc.in image/tshark.rc sed
image/editcap.rc.in image/editcap.rc sed
image/mergecap.rc.in image/mergecap.rc sed
image/text2pcap.rc.in image/text2pcap.rc sed
@ -379,7 +379,7 @@ make-reg-dotc, packet*.c register.c Bash + grep + sed
or
make-reg-dotc.py, packet*.c register.c Python
make-tapreg-dotc, tap-*.c tethereal-tap-register.c
make-tapreg-dotc, tap-*.c tshark-tap-register.c
Bash + grep + sed
make-tapreg-dotc, tap files gtk/ethereal-tap-register.c
in the gtk subdirectory Bash + grep + sed

2
capture-wpcap.c
View File

@ -1,6 +1,6 @@
/* capture-wpcap.c
* WinPcap-specific interfaces for capturing. We load WinPcap at run
* time, so that we only need one Wireshark binary and one Twireshark binary
* time, so that we only need one Wireshark binary and one TShark binary
* for Windows, regardless of whether WinPcap is installed or not.
*
* $Id$

14
capture_info.c
View File

@ -113,13 +113,13 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
/* Seen only when opening a capture file for reading. */
errmsg = "The file \"%s\" isn't a capture file in a format Twireshark understands.";
errmsg = "The file \"%s\" isn't a capture file in a format TShark understands.";
break;
case WTAP_ERR_UNSUPPORTED:
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" isn't a capture file in a format Twireshark understands.\n"
"The file \"%%s\" isn't a capture file in a format TShark understands.\n"
"(%s)", err_info);
g_free(err_info);
errmsg = errmsg_errno;
@ -135,15 +135,15 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
/* Seen only when opening a capture file for writing. */
errmsg = "Twireshark doesn't support writing capture files in that format.";
errmsg = "TShark doesn't support writing capture files in that format.";
break;
case WTAP_ERR_UNSUPPORTED_ENCAP:
if (for_writing)
errmsg = "Twireshark can't save this capture in that format.";
errmsg = "TShark can't save this capture in that format.";
else {
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" is a capture for a network type that Twireshark doesn't support.\n"
"The file \"%%s\" is a capture for a network type that TShark doesn't support.\n"
"(%s)", err_info);
g_free(err_info);
errmsg = errmsg_errno;
@ -152,9 +152,9 @@ cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
if (for_writing)
errmsg = "Twireshark can't save this capture in that format.";
errmsg = "TShark can't save this capture in that format.";
else
errmsg = "The file \"%s\" is a capture for a network type that Twireshark doesn't support.";
errmsg = "The file \"%s\" is a capture for a network type that TShark doesn't support.";
break;
case WTAP_ERR_BAD_RECORD:

6
capture_loop.c
View File

@ -458,7 +458,7 @@ capture_loop_open_input(capture_options *capture_opts, loop_data *ld,
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", capture_opts->iface);
/* XXX - opening Winsock on twireshark? */
/* XXX - opening Winsock on tshark? */
/* Initialize Windows Socket if we are in a WIN32 OS
This needs to be done before querying the interface for network/netmask */
@ -628,7 +628,7 @@ capture_loop_open_input(capture_options *capture_opts, loop_data *ld,
#endif
}
/* XXX - will this work for twireshark? */
/* XXX - will this work for tshark? */
#ifdef MUST_DO_SELECT
if (!ld->from_cap_pipe) {
#ifdef HAVE_PCAP_GET_SELECTABLE_FD
@ -753,7 +753,7 @@ gboolean capture_loop_init_output(capture_options *capture_opts, int save_file_f
if (ld->pdh == NULL) {
/* We couldn't set up to write to the capture file. */
/* XXX - use cf_open_error_message from twireshark instead? */
/* XXX - use cf_open_error_message from tshark instead? */
switch (err) {
case WTAP_ERR_CANT_OPEN:

4
capture_loop.h
View File

@ -98,9 +98,9 @@ extern void capture_loop_stop(void);
typedef void (*capture_packet_cb_fct)(u_char *, const struct pcap_pkthdr *, const u_char *);
/* moved from capture_loop.c here, so we can combine it (and the related functions) with twireshark */
/* moved from capture_loop.c here, so we can combine it (and the related functions) with tshark */
/* XXX - should be moved back to capture_loop.c */
/* E: capture_loop.c only (Wireshark/dumpcap) T: twireshark only */
/* E: capture_loop.c only (Wireshark/dumpcap) T: tshark only */
typedef struct _loop_data {
/* common */
gboolean go; /* TRUE as long as we're supposed to keep capturing */

2
capture_opts.c
View File

@ -244,7 +244,7 @@ capture_opts_add_iface_opt(capture_options *capture_opts, const char *optarg)
/*
* If the argument is a number, treat it as an index into the list
* of adapters, as printed by "twireshark -D".
* of adapters, as printed by "tshark -D".
*
* This should be OK on UNIX systems, as interfaces shouldn't have
* names that begin with digits. It can be useful on Windows, where

2
capture_wpcap_packet.c
View File

@ -1,7 +1,7 @@
/* capture_wpcap_packet.c
* WinPcap-specific interfaces for low-level information (packet.dll).
* We load WinPcap at run
* time, so that we only need one Wireshark binary and one Twireshark binary
* time, so that we only need one Wireshark binary and one TShark binary
* for Windows, regardless of whether WinPcap is installed or not.
*
* $Id$

2
clopts_common.c
View File

@ -1,5 +1,5 @@
/* clopts_common.c
* Handle command-line arguments common to Wireshark and Twireshark
* Handle command-line arguments common to Wireshark and TShark
*
* $Id$
*

2
clopts_common.h
View File

@ -1,5 +1,5 @@
/* clopts_common.h
* Handle command-line arguments common to Wireshark and Twireshark
* Handle command-line arguments common to Wireshark and TShark
*
* $Id$
*

24
configure.in
View File

@ -337,7 +337,7 @@ if test "$HAVE_GNU_SED" = no ; then
esac
fi
# Enable/disable tethereal
# Enable/disable tshark
AC_ARG_ENABLE(ethereal,
[ --enable-ethereal build GTK+-based ethereal. [default=yes]],enable_ethereal=$enableval,enable_ethereal=yes)
@ -524,21 +524,21 @@ rdps_bin="rdps\$(EXEEXT)"
AC_SUBST(rdps_bin)
# Enable/disable tethereal
# Enable/disable tshark
AC_ARG_ENABLE(tethereal,
[ --enable-tethereal build tethereal. [default=yes]],tethereal=$enableval,enable_tethereal=yes)
AC_ARG_ENABLE(tshark,
[ --enable-tshark build tshark. [default=yes]],tshark=$enableval,enable_tshark=yes)
if test "x$enable_tethereal" = "xyes" ; then
tethereal_bin="tethereal\$(EXEEXT)"
tethereal_man="tethereal.1"
if test "x$enable_tshark" = "xyes" ; then
tshark_bin="tshark\$(EXEEXT)"
tshark_man="tshark.1"
etherealfilter_man="ethereal-filter.4"
else
tethereal_bin=""
tethereal_man=""
tshark_bin=""
tshark_man=""
fi
AC_SUBST(tethereal_bin)
AC_SUBST(tethereal_man)
AC_SUBST(tshark_bin)
AC_SUBST(tshark_man)
AC_SUBST(etherealfilter_man)
@ -1402,7 +1402,7 @@ fi
echo ""
echo "The Ethereal package has been configured with the following options."
echo " Build ethereal : $enable_ethereal"
echo " Build tethereal : $enable_tethereal"
echo " Build tshark : $enable_tshark"
echo " Build capinfos : $enable_capinfos"
echo " Build editcap : $enable_editcap"
echo " Build dumpcap : $enable_dumpcap"

2
debian/rules vendored
View File

@ -62,7 +62,7 @@ clean: unpatch-stamp
cp /usr/share/misc/config.guess /usr/share/misc/config.sub .
-$(MAKE) distclean
rm -f rdps ethereal.1 tethereal.1 idl2deb.1 ethereal-filter.4 asn2deb.1
rm -f rdps ethereal.1 tshark.1 idl2deb.1 ethereal-filter.4 asn2deb.1
rm -f conftest conftest.c
rm -f config.guess config.sub config.log

6
debian/tethereal.files vendored
View File

@ -1,6 +0,0 @@
/usr/bin/tethereal
/usr/bin/tethereal
/usr/bin/tethereal

3
debian/tethereal.manpages vendored
View File

@ -1,3 +0,0 @@
tethereal.1
tethereal.1
tethereal.1

6
debian/tshark.files vendored Normal file
View File

@ -0,0 +1,6 @@
/usr/bin/tshark
/usr/bin/tshark
/usr/bin/tshark

3
debian/tshark.manpages vendored Normal file
View File

@ -0,0 +1,3 @@
tshark.1
tshark.1
tshark.1

18
doc/Makefile.am
View File

@ -39,17 +39,17 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT
--noindex \
ethereal-tmp.pod > ../ethereal.html
../tethereal.1: tethereal.pod ../config.h
../tshark.1: tshark.pod ../config.h
$(POD2MAN) \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/tethereal.pod > ../tethereal.1
$(srcdir)/tshark.pod > ../tshark.1
../tethereal.html: tethereal.pod ../config.h
../tshark.html: tshark.pod ../config.h
$(POD2HTML) \
--title="tethereal - The Wireshark Network Analyzer $(VERSION)" \
--title="tshark - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/tethereal.pod > ../tethereal.html
$(srcdir)/tshark.pod > ../tshark.html
../ethereal-filter.4: ethereal-filter.pod ../config.h
$(POD2MAN) \
@ -64,8 +64,8 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT
--noindex \
ethereal-filter.pod > ../ethereal-filter.html
ethereal-filter.pod: ethereal-filter.pod.template ../tethereal
../tethereal -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod
ethereal-filter.pod: ethereal-filter.pod.template ../tshark
../tshark -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod
../capinfos.1: capinfos.pod ../config.h
$(POD2MAN) \
@ -152,8 +152,8 @@ CLEANFILES = \
../editcap.html \
../mergecap.1 \
../mergecap.html \
../tethereal.1 \
../tethereal.html \
../tshark.1 \
../tshark.html \
../text2pcap.1 \
../text2pcap.html \
../dumpcap.1 \

24
doc/Makefile.nmake
View File

@ -26,10 +26,10 @@
include ../config.nmake
doc: ethereal.html tethereal.html ethereal-filter.html capinfos.html \
doc: ethereal.html tshark.html ethereal-filter.html capinfos.html \
editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html
man: ethereal.1 tethereal.1 ethereal-filter.4 capinfos.1 editcap.1 \
man: ethereal.1 tshark.1 ethereal-filter.4 capinfos.1 editcap.1 \
idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1
ethereal-tmp.pod: ethereal.pod ../AUTHORS-SHORT-FORMAT
@ -52,22 +52,22 @@ ethereal.html: ethereal-tmp.pod ../config.h
--noindex \
ethereal-tmp.pod > ethereal.html
../tethereal.exe:
../tshark.exe:
cd ..
$(MAKE) -f makefile.nmake tethereal.exe
$(MAKE) -f makefile.nmake tshark.exe
cd doc
tethereal.1: tethereal.pod ../config.h
tshark.1: tshark.pod ../config.h
$(POD2MAN) \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
tethereal.pod > tethereal.1
tshark.pod > tshark.1
tethereal.html: tethereal.pod ../config.h
tshark.html: tshark.pod ../config.h
$(POD2HTML) \
--title="tethereal - The Wireshark Network Analyzer $(VERSION)" \
--title="tshark - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
tethereal.pod > tethereal.html
tshark.pod > tshark.html
ethereal-filter.4: ethereal-filter.pod ../config.h
$(POD2MAN) \
@ -81,10 +81,10 @@ ethereal-filter.html: ethereal-filter.pod ../config.h
--noindex \
ethereal-filter.pod > ethereal-filter.html
ethereal-filter.pod: ethereal-filter.pod.template ../tethereal.exe
ethereal-filter.pod: ethereal-filter.pod.template ../tshark.exe
cd ..
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-deps
tethereal.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod
tshark.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake clean-deps
cd doc
@ -163,7 +163,7 @@ dumpcap.html: dumpcap.pod ../config.h
clean:
rm -f ethereal.html ethereal.1 ethereal-tmp.pod
rm -f tethereal.html tethereal.1
rm -f tshark.html tshark.1
rm -f ethereal-filter.html ethereal-filter.4 ethereal-filter.pod
rm -f capinfos.html capinfos.1
rm -f editcap.html editcap.1

6
doc/README.developer
View File

@ -497,17 +497,17 @@ much better to use the g_snprintf() function declared by <glib.h> instead.
You should test your dissector against incorrectly-formed packets. This
can be done using the randpkt and editcap utilities that come with the
Ethereal distribution. Testing using randpkt can be done by generating
output at the same layer as your protocol, and forcing Ethereal/Tethereal
output at the same layer as your protocol, and forcing Ethereal/TShark
to decode it as your protocol, e.g. if your protocol sits on top of UDP:
randpkt -c 50000 -t dns randpkt.pcap
tethereal -nVr randpkt.pcap -d udp.port==53,<myproto>
tshark -nVr randpkt.pcap -d udp.port==53,<myproto>
Testing using editcap can be done using preexisting capture files and the
"-E" flag, which introduces errors in a capture file. E.g.:
editcap -E 0.03 infile.pcap outfile.pcap
tethereal -nVr outfile.pcap
tshark -nVr outfile.pcap
1.1.4 Name convention.

16
doc/README.regression
View File

@ -1,27 +1,27 @@
#
# Ethereal/Tethereal Regression Testing
# Ethereal/TShark Regression Testing
#
# $Id$
#
# This is a sample Makefile for regression testing of the
# Ethereal engine. These tests use that uses 'tethereal -V' to analyze all
# Ethereal engine. These tests use that uses 'tshark -V' to analyze all
# the frames of a capture file.
#
# You should probably rename this file as 'Makefile' in a separate directory
# set aside for the sole purpose of regression testing. Two text files will
# be created for each capture file you test, so expect to have lots of files.
#
# Set TETHEREAL, CAPTURE_DIR, and CAPTURE_FILES to values appropriate for
# Set TSHARK, CAPTURE_DIR, and CAPTURE_FILES to values appropriate for
# your system. Run 'make' to create the initial datasets. Type 'make accept'
# to accept those files as the reference set.
#
# After you make changes to Tethereal, run 'make regress'. This will re-run
# After you make changes to TShark, run 'make regress'. This will re-run
# the tests and compare them against the accepted reference set of data.
# The comparison, which is just an invocation of 'diff -u' for the output
# of each trace file, will be put into a file called 'regress'. Examine
# this file for any changes that you did or did not expect.
#
# If you have introduced a change to Tethereal that shows up in the tests, but
# If you have introduced a change to TShark that shows up in the tests, but
# it is a valid change, run 'make accept' to accept those new data as your
# reference set.
#
@ -33,7 +33,7 @@
# 'make accept' Accept current tests; make them the reference test results
# 'make clean' Cleans any tests (but not references!)
TETHEREAL=/home/gram/prj/ethereal/debug/linux-ix86/tethereal
TSHARK=/home/gram/prj/ethereal/debug/linux-ix86/tshark
CAPTURE_DIR=/home/gram/prj/sniff
@ -59,8 +59,8 @@ all: $(TESTS)
clean:
rm -f $(TESTS)
%.tether : $(CAPTURE_DIR)/% $(TETHEREAL)
$(TETHEREAL) -V -n -r $< > $@
%.tether : $(CAPTURE_DIR)/% $(TSHARK)
$(TSHARK) -V -n -r $< > $@
accept: $(REFERENCES)

4
doc/README.stats_tree
View File

@ -4,9 +4,9 @@ tapping with stats_tree
Let's suppose that you want to write a tap only to keep counters, and you
don't want to get involved with GUI programming or maybe you'd like to make
it a plugin. A stats_tree might be the way to go. The stats_tree module takes
care of the representation (GUI for ethereal and text for tethereal) of the
care of the representation (GUI for ethereal and text for tshark) of the
tap data. So there's very little code to write to make a tap listener usable
from both ethereal and tethereal.
from both ethereal and tshark.
First, you should add the TAP to the dissector in question as described in
README.tapping .

4
doc/README.tapping
View File

@ -6,11 +6,11 @@ In order to use the tapping system, very little knowledge of ethereal
internals are required.
As examples on how to use the tap system see the implementation of
tap-rpcstat.c (tethereal version)
tap-rpcstat.c (tshark version)
gtk/gtk-rpcstat.c (gtk-ethereal version)
If all you need is to keep some counters, there's the stats_tree API,
which offers a simple way to make a GUI and tethereal tap-listener; see
which offers a simple way to make a GUI and tshark tap-listener; see
README.stats_tree. However, keep reading, as you'll need much of what's
in this document.

16
doc/README.xml-output
View File

@ -5,7 +5,7 @@ Copyright (c) 2003 by Gilbert Ramirez <gram@alumni.rice.edu>
Ethereal has the ability to export its protocol dissection in an
XML format, tethereal has similar functionality by using the "-Tpdml"
XML format, tshark has similar functionality by using the "-Tpdml"
option.
The XML that wireshark produces follows the Packet Details Markup
@ -18,10 +18,10 @@ A related XML format, the Packet Summary Markup Language (PSML), is
also defined by the Analyzer group to provide packet summary information.
The PSML format is not documented in a publicly-available HTML document,
but its format is simple. Ethereal can export this format too. Some day it
may be added to tethereal so that "-Tpsml" would produce PSML.
may be added to tshark so that "-Tpsml" would produce PSML.
One wonders if the "-T" option should read "-Txml" instead of "-Tpdml"
(and in the future, "-Tpsml"), but if tethereal was required to produce
(and in the future, "-Tpsml"), but if tshark was required to produce
another XML-based format of its protocol dissection, then "-Txml" would
be ambiguous.
@ -53,7 +53,7 @@ Example:
<pdml version="0" creator="ethereal/0.9.17">
The creator is "ethereal" (i.e., the "ethereal" engine. It will always say
"ethereal", not "tethereal") version 0.9.17.
"ethereal", not "tshark") version 0.9.17.
The "<proto>" tag
@ -192,13 +192,13 @@ a protocol or a field:
General Notes
=============
Generally, parsing XML is slow. If you're writing a script to parse
the PDML output of tethereal, pass a read filter with "-R" to tethereal to
try to reduce as much as possible the number of packets coming out of tethereal.
the PDML output of tshark, pass a read filter with "-R" to tshark to
try to reduce as much as possible the number of packets coming out of tshark.
The less your script has to process, the faster it will be.
'tools/msnchat' is a sample Python program that uses EtherealXML to parse PDML.
Given one or more capture files, it runs tethereal on each of them, providing
a read filter to reduce tethereal's output. It finds MSN Chat conversations
Given one or more capture files, it runs tshark on each of them, providing
a read filter to reduce tshark's output. It finds MSN Chat conversations
in the capture file and produces nice HTML showing the conversations. It has
only been tested with capture files containing non-simultaneous chat sessions,
but was written to more-or-less handle any number of simultanous chat

2
doc/capinfos.pod
View File

@ -106,7 +106,7 @@ Prints the help listing and exits.
=head1 SEE ALSO
I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>, I<editcap(1)>, I<tethereal(1)>
I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>, I<editcap(1)>, I<tshark(1)>
=head1 NOTES

2
doc/dumpcap.pod
View File

@ -198,7 +198,7 @@ See the manual page of I<tcpdump(8)>.
=head1 SEE ALSO
I<ethereal(1)>, I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
=head1 NOTES

14
doc/ethereal-filter.pod.template
View File

@ -7,12 +7,12 @@ ethereal-filter - Ethereal filter syntax and reference
B<ethereal> [other options]
S<[ B<-R> "filter expression" ]>
B<tethereal> [other options]
B<tshark> [other options]
S<[ B<-R> "filter expression" ]>
=head1 DESCRIPTION
B<Ethereal> and B<Tethereal> share a powerful filter engine that helps remove
B<Ethereal> and B<TShark> share a powerful filter engine that helps remove
the noise from a packet trace and lets you see only the packets that interest
you. If a packet meets the requirements expressed in your filter, then it
is displayed in the list of packets. Display filters let you compare the
@ -37,7 +37,7 @@ Think of a protocol or field in a filter as implicitly having the "exists"
operator.
Note: all protocol and field names that are available in B<Ethereal> and
B<Tethereal> filters are listed in the comprehensive B<FILTER PROTOCOL
B<TShark> filters are listed in the comprehensive B<FILTER PROTOCOL
REFERENCE> (see below).
=head2 Comparison operators
@ -85,11 +85,11 @@ a case-insensitive pattern match. More information on PCRE can be found in the
pcrepattern(3) man page (Perl Regular Expressions are explained in
B<http://www.perldoc.com/perl5.8.0/pod/perlre.html>).
Note: the "matches" operator is only available if B<Ethereal> or B<Tethereal>
Note: the "matches" operator is only available if B<Ethereal> or B<TShark>
have been compiled with the PCRE library. This can be checked by running:
ethereal -v
tethereal -v
tshark -v
or selecting the "About Ethereal" item from the "Help" menu in B<Ethereal>.
@ -221,7 +221,7 @@ Another example is:
You can use the slice operator on a protocol name, too.
The "frame" protocol can be useful, encompassing all the data captured
by B<Ethereal> or B<Tethereal>.
by B<Ethereal> or B<TShark>.
token[0:5] ne 0.0.0.1.1
llc[0] eq aa
@ -393,7 +393,7 @@ in B<http://www.winpcap.org/docs/man/html/group__language.html>.
=head1 SEE ALSO
I<ethereal(1)>, I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
=head1 AUTHORS

2
doc/ethereal.pod
View File

@ -2199,7 +2199,7 @@ See above in the description of the About:Plugins page.
=head1 SEE ALSO
I<ethereal-filter(4)> I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
I<ethereal-filter(4)> I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
=head1 NOTES

92
doc/tethereal.pod → doc/tshark.pod
View File

@ -1,11 +1,11 @@
=head1 NAME
tethereal - Dump and analyze network traffic
tshark - Dump and analyze network traffic
=head1 SYNOPSYS
B<tethereal>
B<tshark>
S<[ B<-a> E<lt>capture autostop conditionE<gt> ] ...>
S<[ B<-b> E<lt>capture ring buffer optionE<gt>] ...>
S<[ B<-B> E<lt>capture buffer size (Win32 only)E<gt> ] >
@ -39,18 +39,18 @@ S<[ B<-z> E<lt>statisticsE<gt> ]>
=head1 DESCRIPTION
B<Tethereal> is a network protocol analyzer. It lets you capture packet
B<TShark> is a network protocol analyzer. It lets you capture packet
data from a live network, or read packets from a previously saved
capture file, either printing a decoded form of those packets to the
standard output or writing the packets to a file. B<Tethereal>'s native
standard output or writing the packets to a file. B<TShark>'s native
capture file format is B<libpcap> format, which is also the format used
by B<tcpdump> and various other tools.
Without any options set, B<Tethereal> will work much like B<tcpdump>. It will
Without any options set, B<TShark> will work much like B<tcpdump>. It will
use the pcap library to capture traffic from the first available network
interface and displays a summary line on stdout for each received packet.
B<Tethereal> is able to detect, read and write the same capture files that
B<TShark> is able to detect, read and write the same capture files that
are supported by B<Ethereal>.
The input file doesn't need a specific filename extension, the file
format and an optional gzip compression will be automatically detected.
@ -59,16 +59,16 @@ I<http://www.ethereal.com/docs/man-pages/ethereal.1.html>
provides a detailed description.
Compressed file support uses (and therefore requires) the zlib library.
If the zlib library is not present, B<Tethereal> will compile, but will
If the zlib library is not present, B<TShark> will compile, but will
be unable to read compressed files.
If the B<-w> option is not specified, B<Tethereal> writes to the standard
If the B<-w> option is not specified, B<TShark> writes to the standard
output the text of a decoded form of the packets it captures or reads.
If the B<-w> option is specified, B<Tethereal> writes to the file
If the B<-w> option is specified, B<TShark> writes to the file
specified by that option the raw data of the packets, along with the
packets' time stamps.
When writing a decoded form of packets, B<Tethereal> writes, by
When writing a decoded form of packets, B<TShark> writes, by
default, a summary line containing the fields specified by the
preferences file (which are also the fields displayed in the packet list
pane in B<Ethereal>), although if it's writing packets as it captures
@ -78,19 +78,19 @@ writes instead a view of the details of the packet, showing all the
fields of all protocols in the packet.
If you want to write the decoded form of packets to a file, run
B<Tethereal> without the B<-w> option, and redirect its standard output to
B<TShark> without the B<-w> option, and redirect its standard output to
the file (do I<not> use the B<-w> option).
When writing packets to a file, B<Tethereal>, by default, writes the
When writing packets to a file, B<TShark>, by default, writes the
file in B<libpcap> format, and writes all of the packets it sees to the
output file. The B<-F> option can be used to specify the format in which
to write the file. This list of available file formats is displayed by
the B<-h> flag.
Read filters in B<Tethereal>, which allow you to select which packets
Read filters in B<TShark>, which allow you to select which packets
are to be decoded or written to a file, are very powerful; more fields
are filterable in B<Tethereal> than in other protocol analyzers, and the
syntax you can use to create your filters is richer. As B<Tethereal>
are filterable in B<TShark> than in other protocol analyzers, and the
syntax you can use to create your filters is richer. As B<TShark>
progresses, expect more and more protocol fields to be allowed in read
filters.
@ -100,7 +100,7 @@ from the read filter syntax. A read filter can also be specified when
capturing, and only packets that pass the read filter will be displayed
or saved to the output file; note, however, that capture filters are much
more efficient than read filters, and it may be more difficult for
B<Tethereal> to keep up with a busy network if a read filter is
B<TShark> to keep up with a busy network if a read filter is
specified for a live capture.
A capture or read filter can either be specified with the B<-f> or B<-R>
@ -111,7 +111,7 @@ after the option arguments, in which case all the arguments after the
filter arguments are treated as a filter expression. Capture filters
are supported only when doing a live capture; read filters are supported
when doing a live capture and when reading a capture file, but require
Tethereal to do more work when filtering, so you might be more likely to
TShark to do more work when filtering, so you might be more likely to
lose packets under heavy load if you're using a read filter. If the
filter is specified with command-line arguments after the option
arguments, it's a capture filter if a capture is being done (i.e., if no
@ -124,7 +124,7 @@ read (i.e., if a B<-r> option was specified).
=item -a E<lt>capture autostop conditionE<gt>
Specify a criterion that specifies when B<Tethereal> is to stop writing
Specify a criterion that specifies when B<TShark> is to stop writing
to a capture file. The criterion is of the form I<test>B<:>I<value>,
where I<test> is one of:
@ -139,9 +139,9 @@ B<files>:I<value> Stop writing to capture files after I<value> number of files w
=item -b E<lt>capture ring buffer optionE<gt>
Cause B<Tethereal> to run in "multiple files" mode. In "multiple files" mode,
B<Tethereal> will write to several capture files. When the first capture file
fills up, B<Tethereal> will switch writing to the next file and so on.
Cause B<TShark> to run in "multiple files" mode. In "multiple files" mode,
B<TShark> will write to several capture files. When the first capture file
fills up, B<TShark> will switch writing to the next file and so on.
The created filenames are based on the filename given with the B<-w> option, the number of
the file and on the creation date and time,
@ -149,7 +149,7 @@ e.g. outfile_00001_20050604120117.pcap, outfile_00001_20050604120523.pcap, ...
With the I<files> option it's also possible to form a "ring buffer".
This will fill up new files until the number of files specified,
at which point B<Tethereal> will discard the data in the first file and start
at which point B<TShark> will discard the data in the first file and start
writing to that file and so on. If the I<files> option is not set,
new files filled up until one of the capture stop conditions match (or
until the disk if full).
@ -188,7 +188,7 @@ TCP port 8888 as HTTP.
=item -D
Print a list of the interfaces on which B<Tethereal> can capture, and
Print a list of the interfaces on which B<TShark> can capture, and
exit. For each network interface, a number and an
interface name, possibly followed by a text description of the
interface, is printed. The interface name or the number can be supplied
@ -199,11 +199,11 @@ This can be useful on systems that don't have a command to list them
the number can be useful on Windows 2000 and later systems, where the
interface name is a somewhat complex string.
Note that "can capture" means that B<Tethereal> was able to open
that device to do a live capture. Depending on your system you may need to run tethereal from an account
Note that "can capture" means that B<TShark> was able to open
that device to do a live capture. Depending on your system you may need to run tshark from an account
with special privileges (for example, as root) to be able to capture
network traffic.
If B<Tethereal -D> is not run from such an account, it will not list
If B<TShark -D> is not run from such an account, it will not list
any interfaces.
=item -f E<lt>capture filterE<gt>
@ -226,22 +226,22 @@ Set the name of the network interface or pipe to use for live packet
capture.
Network interface names should match one of the names listed in
"B<tethereal -D>" (described above); a number, as reported by
"B<tethereal -D>", can also be used. If you're using UNIX, "B<netstat
"B<tshark -D>" (described above); a number, as reported by
"B<tshark -D>", can also be used. If you're using UNIX, "B<netstat
-i>" or "B<ifconfig -a>" might also work to list interface names,
although not all versions of UNIX support the B<-a> option to B<ifconfig>.
If no interface is specified, B<Tethereal> searches the list of
If no interface is specified, B<TShark> searches the list of