113 lines
3.4 KiB
Plaintext
113 lines
3.4 KiB
Plaintext
|
General Information
|
||
|
------- -----------
|
||
|
|
||
|
Ethereal is a network traffic analyzer for Unix-ish operating systems.
|
||
|
It is based on GTK+, a graphical user interface library, and libpcap,
|
||
|
a packet capture and filtering library.
|
||
|
|
||
|
The official home of Ethereal is
|
||
|
|
||
|
http://ethereal.zing.org
|
||
|
|
||
|
The latest distribution can be found in the subdirectory
|
||
|
|
||
|
http://ethereal.zing.org/distribution
|
||
|
|
||
|
|
||
|
Installation
|
||
|
------------
|
||
|
|
||
|
Ethereal is known to compile and run under Linux (2.0.35) and Solaris
|
||
|
(2.6). It should run on other systems without too much trouble.
|
||
|
|
||
|
|
||
|
Installation Checklist (Short):
|
||
|
|
||
|
[ ] 1. Unpack the archive.
|
||
|
|
||
|
[ ] 2. Run './configure; make; make install; make install-man'.
|
||
|
If there are any problems, read on:
|
||
|
|
||
|
|
||
|
Installation Checklist (Long):
|
||
|
|
||
|
[ ] 0. This is alpha software. Beware.
|
||
|
|
||
|
[ ] 1. Make sure you have GTK+ installed. Try running 'gtk-config
|
||
|
--version'. If you need to install/reinstall GTK, you can find
|
||
|
it at
|
||
|
|
||
|
http://www.gtk.org .
|
||
|
|
||
|
Ethereal should work with the latest stable (1.0.x) version, but
|
||
|
I've had reports that it doesn't compile with the development
|
||
|
(1.1.x) tree.
|
||
|
|
||
|
[ ] 2. Make sure you have libpcap installed. The latest version can be
|
||
|
found at
|
||
|
|
||
|
ftp://ftp.ee.lbl.gov .
|
||
|
|
||
|
Make sure you install the headers ('make install-incl') when you
|
||
|
install the library.
|
||
|
|
||
|
[ ] 3. Run './configure' in the Ethereal distribution directory.
|
||
|
Running './configure --help' displays a list of options.
|
||
|
The file 'INSTALL' contains general instructions for running
|
||
|
'configure'.
|
||
|
|
||
|
[ ] 4. Run 'make'. Hopefully, you won't run into any problems.
|
||
|
|
||
|
[ ] 5. Run './ethereal', and make sure things are working. You must
|
||
|
have root privileges in order to capture live data.
|
||
|
|
||
|
[ ] 6. Run 'make install'. If you wish to install the man page, run
|
||
|
'make install-man'. You're done.
|
||
|
|
||
|
|
||
|
Usage
|
||
|
-----
|
||
|
|
||
|
In order to capture packets from the network, you need to be running
|
||
|
as root. Although it might be tempting to make the Ethereal executable
|
||
|
setuid root, please don't - alpha code is by nature not very robust, and
|
||
|
liable to contain security holes.
|
||
|
|
||
|
The filtering mechanism is far from complete. Until the interface
|
||
|
solidifies, here's a description of what each component of the filter
|
||
|
dialog:
|
||
|
|
||
|
- 'Filter name' entry: Gives a name to the filter you are about to create
|
||
|
or modify, e.g. 'Web and DNS traffic'
|
||
|
|
||
|
- 'Filter string' entry: The text describing the filtering action to
|
||
|
take. It must have the same format as tcpdump filter strings (both
|
||
|
programs use the same underlying library), e.g.
|
||
|
|
||
|
'tcp port 80 or tcp port 443 or port 53'
|
||
|
|
||
|
- 'New' button: If there is text in the two entry boxes, adds it to the
|
||
|
list.
|
||
|
|
||
|
- 'Change' button: Modifies the currently selected list item to match
|
||
|
what's in the two entry boxes.
|
||
|
|
||
|
- 'Copy' button: Makes a copy of the currently-selected list item.
|
||
|
|
||
|
- 'Delete' button: Deletes the currently-selected list item.
|
||
|
|
||
|
- 'OK' button: Sets the selected list item as the active filter. If
|
||
|
nothing is selected, turns filtering off.
|
||
|
|
||
|
- 'Save' button: Saves the current filter list in
|
||
|
$HOME/.ethereal/filters.
|
||
|
|
||
|
- 'Cancel' button: Closes the window without making changes.
|
||
|
|
||
|
|
||
|
Disclaimer
|
||
|
----------
|
||
|
|
||
|
There is no warranty, expressed or implied, associated with this product.
|
||
|
Use at your own risk.
|