is the same as "Tools/Capture", and "Display" has an "Options" item,
which pops up a dialog box to let you change the "default" time-stamp
column display format on the fly (the "default" is what the "-t"
command-line option sets), and have the display change when you do that.
Made infrastructure changes to make the immediate display update work.
Removed some unused functions, declared some functions used only in the
file in which they're defined "static", and removed some unnecessary
#includes.
svn path=/trunk/; revision=317
General Information
------- -----------
Ethereal is a network traffic analyzer for Unix and Unix-like operating
systems. It is based on GTK+, a graphical user interface library,
and libpcap, a packet capture and filtering library.
The official home of Ethereal is
http://ethereal.zing.org
The latest distribution can be found in the subdirectory
http://ethereal.zing.org/distribution
Interesting and exotic packet traces can be found at
http://ethereal.zing.org/~gram/sample.html
Installation
------------
Ethereal is known to compile and run on the following systems:
- Linux (2.0.x, 2.1.x, 2.2.x)
- Solaris (2.5.1, 2.6)
- FreeBSD (2.2.5, 2.2.6)
- Sequent PTX v4.4.5 (Nick Williams <njw@sequent.com>)
- Tru64 UNIX (formerly Digital UNIX) (3.2, 4.0)
It should run on other systems without too much trouble.
Full installation instructions can be found in the INSTALL file.
See also the appropriate README.<OS> files for OS-specific installation
instructions.
Usage
-----
In order to capture packets from the network, you need to be running
as root, or have access to the appropriate entry under /dev if your
system is so inclined (BSD-derived systems and Solaris typically fall
into this category. Although it might be tempting to make the
Ethereal executable setuid root, please don't - alpha code is by nature
not very robust, and liable to contain security holes.
Please consult the man page for a description of each command-line
option and interface feature.
Multiple File Types
-------------------
The wiretap library is a packet-capture library currently under
development parallel to ethereal. In the future it is hoped that
wiretap will have more features than libpcap, but wiretap is still in
its infancy. You can compile ethereal with the wiretap library by using
'./configure --with-wiretap'. Using wiretap will allow you to read
libpcap, Sniffer, NetXray (and Sniffer Pro), Sun "snoop", LANalyzer,
Microsoft Network Monitor, and AIX "iptrace" 2.0 trace files. Some minimal
display filters now work. But because "Follow TCP Stream" relies on IP and TCP
display filtering, and those aren't yet available in wiretap's display filter
system, "Follow TCP Stream" is turned off when you compile --with-wiretap.
You can still capture packets from within ethereal using libpcap, and therefore
use libpcap-style capture filters, however.
If you want to add support for other packet-capture file formats, please
look at the wiretap source code in the wiretap directory.
Please report any problems that are wiretap related to
Gilbert Ramirez <gram@verdict.uthscsa.edu>.
IPv6
----
If your operating system includes IPv6 support, ethereal will attempt to
use reverse name resolution capabilities when decoding IPv6 packets. If
you want to turn off name resolution while using ethereal, start ethereal
with the "-n" option. If you would like to compile ethereal without
support for IPv6 name resolution, use the "--disable-ipv6" option with
"./configure". If you compile ethereal without IPv6 name resolution,
you will still be able to decode IPv6 packets, but you'll only see IPv6
addresses, not host names.
The "Follow TCP Stream" feature only supports TCP over IPv4. Support for TCP
over IPv6 is planned.
Disclaimer
----------
There is no warranty, expressed or implied, associated with this product.
Use at your own risk.
Gerald Combs <gerald@zing.org>
Gilbert Ramirez <gram@verdict.uthscsa.edu>
88e94a0186