diff --git a/doc/README.stats_tree b/doc/README.stats_tree index d21703f082..20bcc09c30 100644 --- a/doc/README.stats_tree +++ b/doc/README.stats_tree @@ -3,9 +3,9 @@ tapping with stats_tree Let's suppose that you want to write a tap only to keep counters, and you don't want to get involved with GUI programming or maybe you'd like to make it a plugin. A stats_tree might be the way to go. The stats_tree module takes -care of the representation (GUI for Wireshark and text for Tshark) of the +care of the representation (GUI for Wireshark and text for TShark) of the tap data. So there's very little code to write to make a tap listener usable -from both Wireshark and Tshark. +from both Wireshark and TShark. First, you should add the TAP to the dissector in question as described in README.tapping . diff --git a/doc/tshark.adoc b/doc/tshark.adoc index 81d0b56e44..4fd512d7c7 100644 --- a/doc/tshark.adoc +++ b/doc/tshark.adoc @@ -32,7 +32,7 @@ data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. *TShark*'s native capture file format is *pcapng* format, which is also the format used -by *wireshark* and various other tools. +by *Wireshark* and various other tools. Without any options set, *TShark* will work much like *tcpdump*. It will use the pcap library to capture traffic from the first available @@ -49,7 +49,7 @@ optional gzip, zstd or lz4 compression will be automatically detected. Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or https://www.wireshark.org/docs/man-pages/wireshark.html is a detailed description of the way *Wireshark* handles this, which is the same way -*Tshark* handles this. +*TShark* handles this. Compressed file support uses (and therefore requires) the zlib library. If the zlib library is not present when compiling *TShark*, it will be @@ -147,7 +147,7 @@ display of the packet summary or details; this would be used if *-z* options are specified in order to display statistics, so that only the statistics, not the packet information, is displayed. -The *-G* option is a special mode that simply causes *Tshark* +The *-G* option is a special mode that simply causes *TShark* to dump one of several types of internal glossaries and then exit. == OPTIONS @@ -155,7 +155,7 @@ to dump one of several types of internal glossaries and then exit. -2:: + -- -Perform a two-pass analysis. This causes tshark to buffer output until the +Perform a two-pass analysis. This causes *TShark* to buffer output until the entire first pass is done, but allows it to fill in fields that require future knowledge, such as 'response in frame #' fields. Also permits reassembly frame dependencies to be calculated correctly. @@ -257,7 +257,7 @@ files of size one megabyte each. Set capture buffer size (in MiB, default is 2 MiB). This is used by the capture driver to buffer packet data until that data can be written to disk. If you encounter packet drops while capturing, try to increase -this size. Note that, while *Tshark* attempts to set the buffer size +this size. Note that, while *TShark* attempts to set the buffer size to 2 MiB by default, and can be told to set it to a larger value, the system or interface on which you're capturing might silently limit the capture buffer size to a lower value or raise it to a higher value. @@ -330,7 +330,7 @@ the interface name might be a long name or a GUID. Note that "can capture" means that *TShark* was able to open that device to do a live capture. Depending on your system you may need to -run tshark from an account with special privileges (for example, as +run *TShark* from an account with special privileges (for example, as root) to be able to capture network traffic. If *tshark -D* is not run from such an account, it will not list any interfaces. -- @@ -423,14 +423,14 @@ user's group). -G [ ]:: + -- -The *-G* option will cause *Tshark* to dump one of several types of glossaries +The *-G* option will cause *TShark* to dump one of several types of glossaries and then exit. If no specific glossary type is specified, then the *fields* report will be generated by default. Using the report type of *help* lists all the current report types. The available report types include: -*column-formats* Dumps the column formats understood by tshark. +*column-formats* Dumps the column formats understood by *TShark*. There is one record per line. The fields are tab-delimited. [horizontal] @@ -487,7 +487,7 @@ Field 6:: base for display (for integer types); "parent bitfield width" for FT_B Field 7:: bitmask: format: hex: 0x.... Field 8:: blurb describing field -*folders* Dumps various folders used by tshark. This is essentially the +*folders* Dumps various folders used by *TShark*. This is essentially the same data reported in Wireshark's About | Folders tab. There is one record per line. The fields are tab-delimited. @@ -495,7 +495,7 @@ There is one record per line. The fields are tab-delimited. Field 1:: Folder type (e.g "Personal configuration:") Field 2:: Folder location (e.g. "/home/vagrant/.config/wireshark/") -*ftypes* Dumps the "ftypes" (fundamental types) understood by tshark. +*ftypes* Dumps the "ftypes" (fundamental types) understood by *TShark*. There is one record per line. The fields are tab-delimited. [horizontal] @@ -1010,7 +1010,7 @@ example, will save host name resolution records along with captured packets. -Future versions of *Tshark* may automatically change the capture format +Future versions of *TShark* may automatically change the capture format to *pcapng* as needed. The argument is a string that may contain the following letter: @@ -1231,7 +1231,7 @@ Multiple diameter messages in one frame are supported. Several fields with same name within one diameter message are supported, e.g. __diameter.Subscription-Id-Data__ or __diameter.Rating-Group__. -Note: *tshark -q* option is recommended to suppress default *tshark* output. +Note: *tshark -q* option is recommended to suppress default *TShark* output. -- *-z* dns,tree[,__filter__]:: diff --git a/docbook/wsug_src/WSUG_chapter_customize.adoc b/docbook/wsug_src/WSUG_chapter_customize.adoc index bba03b1b15..bd6e0c6069 100644 --- a/docbook/wsug_src/WSUG_chapter_customize.adoc +++ b/docbook/wsug_src/WSUG_chapter_customize.adoc @@ -404,7 +404,7 @@ stamp type to use while capturing packets. The values reported by `--list-time-stamp-types` are the values that can be used. -X :: -Specify an option to be passed to a Wireshark/Tshark module. The eXtension +Specify an option to be passed to a Wireshark/TShark module. The eXtension option is in the form extension_key:value, where extension_key can be: + -- diff --git a/docbook/wsug_src/WSUG_chapter_io.adoc b/docbook/wsug_src/WSUG_chapter_io.adoc index 815e7b6101..d684a9ddb2 100644 --- a/docbook/wsug_src/WSUG_chapter_io.adoc +++ b/docbook/wsug_src/WSUG_chapter_io.adoc @@ -756,7 +756,7 @@ The btn:[Close] button will, well, close the dialog box. Wireshark provides a variety of options for exporting packet data. This section describes general ways to export data from the main Wireshark application. -There are many other ways to export or extract data from capture files, including processing <> output and customizing Wireshark and tshark using Lua scripts. +There are many other ways to export or extract data from capture files, including processing <> output and customizing Wireshark and TShark using Lua scripts. [[ChIOExportSpecifiedPacketsDialog]] diff --git a/epan/wslua/wslua_capture_info.c b/epan/wslua/wslua_capture_info.c index c0a69ca876..cbdd7914d5 100644 --- a/epan/wslua/wslua_capture_info.c +++ b/epan/wslua/wslua_capture_info.c @@ -27,7 +27,7 @@ WSLUA_CLASS_DEFINE(CaptureInfo,FAIL_ON_NULL_OR_EXPIRED("CaptureInfo")); A `CaptureInfo` object, passed into Lua as an argument by `FileHandler` callback function `read_open()`, `read()`, `seek_read()`, `seq_read_close()`, and `read_close()`. This object represents capture file data and meta-data (data about the - capture file) being read into Wireshark/Tshark. + capture file) being read into Wireshark/TShark. This object's fields can be written-to by Lua during the read-based function callbacks. In other words, when the Lua plugin's `FileHandler.read_open()` function is invoked, a @@ -303,7 +303,7 @@ WSLUA_CLASS_DEFINE(CaptureInfoConst,FAIL_ON_NULL_OR_EXPIRED("CaptureInfoConst")) function `write_open()`. This object represents capture file data and meta-data (data about the - capture file) for the current capture in Wireshark/Tshark. + capture file) for the current capture in Wireshark/TShark. This object's fields are read-from when used by `write_open` function callback. In other words, when the Lua plugin's FileHandler `write_open` function is invoked, a diff --git a/epan/wslua/wslua_file.c b/epan/wslua/wslua_file.c index 8f6ed00e3d..c271544063 100644 --- a/epan/wslua/wslua_file.c +++ b/epan/wslua/wslua_file.c @@ -36,7 +36,7 @@ WSLUA_CLASS_DEFINE(File,FAIL_ON_NULL_OR_EXPIRED("File")); functions (e.g., `read_open`, `read`, `write`, etc.). This behaves similarly to the Lua `io` library's `file` object, returned when calling `io.open()`, *except* in this case you cannot call `file:close()`, `file:open()`, nor `file:setvbuf()`, - since Wireshark/tshark manages the opening and closing of files. + since Wireshark/TShark manages the opening and closing of files. You also cannot use the '`io`' library itself on this object, i.e. you cannot do `io.read(file, 4)`. Instead, use this `File` with the object-oriented style calling its methods, i.e. `myfile:read(4)`. (see later example) diff --git a/epan/wslua/wslua_file_handler.c b/epan/wslua/wslua_file_handler.c index eae7d823fb..91961490d7 100644 --- a/epan/wslua/wslua_file_handler.c +++ b/epan/wslua/wslua_file_handler.c @@ -788,7 +788,7 @@ static gboolean verify_filehandler_complete(FileHandler fh) { WSLUA_FUNCTION wslua_register_filehandler(lua_State* L) { - /* Register the FileHandler into Wireshark/tshark, so they can read/write this new format. + /* Register the FileHandler into Wireshark/TShark, so they can read/write this new format. All functions and settings must be complete before calling this registration function. This function cannot be called inside the reading/writing callback functions. */ #define WSLUA_ARG_register_filehandler_FILEHANDLER 1 /* the FileHandler object to be registered */ @@ -873,7 +873,7 @@ wslua_deregister_filehandler_work(FileHandler fh) } WSLUA_FUNCTION wslua_deregister_filehandler(lua_State* L) { - /* Deregister the FileHandler from Wireshark/tshark, so it no longer gets used for reading/writing/display. + /* Deregister the FileHandler from Wireshark/TShark, so it no longer gets used for reading/writing/display. This function cannot be called inside the reading/writing callback functions. */ #define WSLUA_ARG_register_filehandler_FILEHANDLER 1 /* the FileHandler object to be deregistered */ FileHandler fh = checkFileHandler(L,WSLUA_ARG_register_filehandler_FILEHANDLER); diff --git a/epan/wslua/wslua_listener.c b/epan/wslua/wslua_listener.c index d181e41c9b..8dc1bb35a7 100644 --- a/epan/wslua/wslua_listener.c +++ b/epan/wslua/wslua_listener.c @@ -352,7 +352,7 @@ WSLUA_ATTRIBUTE_FUNC_SETTER(Listener,packet); /* WSLUA_ATTRIBUTE Listener_draw WO A function that will be called once every few seconds to redraw the GUI objects; - in Tshark this funtion is called only at the very end of the capture file. + in TShark this funtion is called only at the very end of the capture file. When later called by Wireshark, the `draw` function will not be given any arguments. diff --git a/epan/wslua/wslua_tree.c b/epan/wslua/wslua_tree.c index 221e7e8066..ecb635c0c1 100644 --- a/epan/wslua/wslua_tree.c +++ b/epan/wslua/wslua_tree.c @@ -53,7 +53,7 @@ TreeItem create_TreeItem(proto_tree* tree, proto_item* item) CLEAR_OUTSTANDING(TreeItem, expired, TRUE) WSLUA_CLASS_DEFINE(TreeItem,FAIL_ON_NULL_OR_EXPIRED("TreeItem")); -/* >s represent information in the https://www.wireshark.org/docs/wsug_html_chunked/ChUsePacketDetailsPaneSection.html[packet details] pane of Wireshark, and the packet details view of Tshark. +/* >s represent information in the https://www.wireshark.org/docs/wsug_html_chunked/ChUsePacketDetailsPaneSection.html[packet details] pane of Wireshark, and the packet details view of TShark. A <> represents a node in the tree, which might also be a subtree and have a list of children. The children of a subtree have zero or more siblings which are other children of the same <> subtree. @@ -62,7 +62,7 @@ WSLUA_CLASS_DEFINE(TreeItem,FAIL_ON_NULL_OR_EXPIRED("TreeItem")); In some cases the tree is not truly added to, in order to improve performance. For example for packets not currently displayed/selected in Wireshark's visible - window pane, or if Tshark isn't invoked with the `-V` switch. However the + window pane, or if TShark isn't invoked with the `-V` switch. However the "add" type <> functions can still be called, and still return <> objects - but the info isn't really added to the tree. Therefore you do not typically need to worry about whether there's a real tree or not. If, for some diff --git a/tshark.c b/tshark.c index fbe2229c11..2dbcddeec7 100644 --- a/tshark.c +++ b/tshark.c @@ -3564,7 +3564,7 @@ process_cap_file(capture_file *cf, char *save_file, int out_file_type, /* Set up to write to the capture file. */ wtap_dump_params_init_no_idbs(¶ms, cf->provider.wth); - /* If we don't have an application name add Tshark */ + /* If we don't have an application name add TShark */ if (wtap_block_get_string_option_value(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) { /* this is free'd by wtap_block_unref() later */ wtap_block_add_string_option_format(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, "%s", get_appname_and_version());