forked from osmocom/wireshark
86bf1fc851
That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 |
||
|---|---|---|
| doc | ||
| image | ||
| wiretap | ||
| AUTHORS | ||
| COPYING | ||
| ChangeLog | ||
| INSTALL | ||
| Makefile.am | ||
| Makefile.in | ||
| NEWS | ||
| README | ||
| VERSION | ||
| acconfig.h | ||
| aclocal.m4 | ||
| capture.c | ||
| capture.h | ||
| config.guess | ||
| config.h.in | ||
| config.sub | ||
| configure | ||
| configure.in | ||
| ethereal.1 | ||
| ethereal.c | ||
| ethereal.h | ||
| ethertype.c | ||
| etypes.h | ||
| file.c | ||
| file.h | ||
| filter.c | ||
| filter.h | ||
| follow.c | ||
| follow.h | ||
| install-sh | ||
| manuf | ||
| menu.c | ||
| menu.h | ||
| missing | ||
| mkinstalldirs | ||
| packet-aarp.c | ||
| packet-arp.c | ||
| packet-atalk.c | ||
| packet-bootp.c | ||
| packet-data.c | ||
| packet-dns.c | ||
| packet-dns.h | ||
| packet-eth.c | ||
| packet-fddi.c | ||
| packet-ip.c | ||
| packet-ipv6.c | ||
| packet-ipv6.h | ||
| packet-ipx.c | ||
| packet-ipx.h | ||
| packet-llc.c | ||
| packet-lpd.c | ||
| packet-nbipx.c | ||
| packet-nbns.c | ||
| packet-ncp.c | ||
| packet-ncp.h | ||
| packet-null.c | ||
| packet-osi.c | ||
| packet-ospf.c | ||
| packet-ospf.h | ||
| packet-ppp.c | ||
| packet-raw.c | ||
| packet-rip.c | ||
| packet-rip.h | ||
| packet-tcp.c | ||
| packet-tr.c | ||
| packet-trmac.c | ||
| packet-udp.c | ||
| packet-vines.c | ||
| packet-vines.h | ||
| packet.c | ||
| packet.h | ||
| prefs.c | ||
| prefs.h | ||
| print.c | ||
| print.h | ||
| print.ps | ||
| ps.h | ||
| rdps.c | ||
| resolv.c | ||
| resolv.h | ||
| snprintf-imp.h | ||
| snprintf.c | ||
| snprintf.h | ||
| stamp-h.in | ||
| util.c | ||
| util.h | ||
README
General Information
------- -----------
Ethereal is a network traffic analyzer for Unix-ish operating systems.
It is based on GTK+, a graphical user interface library, and libpcap,
a packet capture and filtering library.
The official home of Ethereal is
http://ethereal.zing.org
The latest distribution can be found in the subdirectory
http://ethereal.zing.org/distribution
Installation
------------
Ethereal is known to compile and run under Linux (2.0.35) and Solaris
(2.6). It should run on other systems without too much trouble.
Installation Checklist (Short):
[ ] 1. Unpack the archive.
[ ] 2. Run './configure; make; make install; make install-man'.
If there are any problems, read on:
Installation Checklist (Long):
[ ] 0. This is alpha software. Beware.
[ ] 1. Make sure you have GTK+ installed. Try running 'gtk-config
--version'. If you need to install/reinstall GTK, you can find
it at
http://www.gtk.org .
Ethereal should work with the latest stable (1.0.x) version, but
I've had reports that it doesn't compile with the development
(1.1.x) tree.
[ ] 2. Make sure you have libpcap installed. The latest version can be
found at
ftp://ftp.ee.lbl.gov .
Make sure you install the headers ('make install-incl') when you
install the library.
[ ] 3. Run './configure' in the Ethereal distribution directory.
Running './configure --help' displays a list of options.
The file 'INSTALL' contains general instructions for running
'configure'.
Ethereal installs a support file (manuf) in /usr/local/etc by
default. You can change this location with the --sysconfdir
option.
[ ] 4. Run 'make'. Hopefully, you won't run into any problems.
[ ] 5. Run './ethereal', and make sure things are working. You must
have root privileges in order to capture live data.
[ ] 6. Run 'make install'. If you wish to install the man page, run
'make install-man'. You're done.
Usage
-----
In order to capture packets from the network, you need to be running
as root. Although it might be tempting to make the Ethereal executable
setuid root, please don't - alpha code is by nature not very robust, and
liable to contain security holes.
The filtering mechanism is far from complete. Until the interface
solidifies, here's a description of what each component of the filter
dialog:
- 'Filter name' entry: Gives a name to the filter you are about to create
or modify, e.g. 'Web and DNS traffic'
- 'Filter string' entry: The text describing the filtering action to
take. It must have the same format as tcpdump filter strings (both
programs use the same underlying library), e.g.
'tcp port 80 or tcp port 443 or port 53'
- 'New' button: If there is text in the two entry boxes, adds it to the
list.
- 'Change' button: Modifies the currently selected list item to match
what's in the two entry boxes.
- 'Copy' button: Makes a copy of the currently-selected list item.
- 'Delete' button: Deletes the currently-selected list item.
- 'OK' button: Sets the selected list item as the active filter. If
nothing is selected, turns filtering off.
- 'Save' button: Saves the current filter list in
$HOME/.ethereal/filters.
- 'Cancel' button: Closes the window without making changes.
Multiple File Types
-------------------
The wiretap library is a packet-capture library currently under development
parallel to ethereal. In the future it is hoped that wiretap will have more
features than libpcap, but wiretap is still in its infancy. You can compile
ethereal with the wiretap library by using './configure --with-wiretap'. Using
wiretap will allow you to read pcap, Sniffer, and LANalyzer trace files, but
it disables display filters. You can still capture packets from within
ethereal using libpcap, and therefore use libpcap-style capture filters,
however.
If you can live without display filters and would like to read non-pcap
capture files, give wiretap a try. If you want to add support for other
packet-capture file formats, please look at the wiretap source code in the
wiretap directory.
Please report any problems that are wiretap related to
Gilbert Ramirez <gram@verdict.uthscsa.edu>. He uses token-ring at work, so he
is especially interested in any non-token-ring trace files you can send him.
Disclaimer
----------
There is no warranty, expressed or implied, associated with this product.
Use at your own risk.