osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

We apper to spell it "TShark" rather than "Tshark", the fact that it's 

"Wireshark" rather than "WireShark" nonwithstanding.

Say we run on NT 4.0 rather than "NT" - I don't know whether we run on
NT 3.x (and 2000/2003/XP are really NT 5.x and Vista/2008 are really NT
6.x - that's why Microsoft are talking about "Windows 7" as the next big
release).

In the capture-privileges paragraph, note that it's dumpcap that needs
to run as root, and suggest not only that Wireshark shouldn't be set-UID
root, but that it shouldn't even be run as root, and that the same
applies to TShark.

Update "How to Report a Bug" to reflect that we're telling people to
report bugs on Bugzilla, and that "wireshark -v"/"tshark -v" give almost
all the version information we want.

svn path=/trunk/; revision=25605
This commit is contained in:
Guy Harris 2008-06-25 22:52:08 +00:00
parent 0740f305fb
commit ae9f16c37b
1 changed files with 29 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
README
View File

@ -7,7 +7,7 @@ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.
The Wireshark distribution also comes with Tshark, which is a
The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
@ -40,7 +40,7 @@ Wireshark is known to compile and run on the following systems:
- Tru64 UNIX (formerly Digital UNIX) (3.2 and later)
- Irix (6.5)
- AIX (4.3.2, with a bit of work)
- Win32 (NT, 2000, 2003, XP, Vista)
- Win32 (NT 4.0, 2000, 2003, XP, Vista)
and possibly on other versions of those OSes. It should run on other
Unix-ish systems without too much trouble.
@ -69,14 +69,15 @@ instructions.
Usage
-----
In order to capture packets from the network, you need to be running as
root, or have access to the appropriate entry under /dev if your system
is so inclined (BSD-derived systems, and systems such as Solaris and
HP-UX that support DLPI, typically fall into this category). Although
it might be tempting to make the Wireshark executable setuid root, please
don't. The capture process has been isolated in dumpcap, which can be
installed setuid root. This simple program is less likely to contain
security holes.
In order to capture packets from the network, you need to make the
dumpcap program set-UID to root, or you need to have access to the
appropriate entry under /dev if your system is so inclined (BSD-derived
systems, and systems such as Solaris and HP-UX that support DLPI,
typically fall into this category). Although it might be tempting to
make the Wireshark and TShark executables setuid root, or to run them as
root please don't. The capture process has been isolated in dumpcap;
this simple program is less likely to contain security holes, and thus
safer to run as root.
Please consult the man page for a description of each command-line
option and interface feature.
@ -208,27 +209,25 @@ option.
How to Report a Bug
-------------------
Wireshark is still under constant development, so it is possible that you will
encounter a bug while using it. Please report bugs to http://bugs.wireshark.org.
Be sure you tell us:
encounter a bug while using it. Please report bugs at http://bugs.wireshark.org.
Be sure you enter into the bug:
1) Operating System and version (the command 'uname -sr' may
tell you this, although on Linux systems it will probably
tell you only the version number of the Linux kernel, not of
the distribution as a whole; on Linux systems, please tell us
both the version number of the kernel, and which version of
which distribution you're running)
2) Version of GTK+ (the command 'gtk-config --version' will tell you)
3) Version of Wireshark (the command 'wireshark -v' will tell you,
unless the bug is so severe as to prevent that from working,
and should also tell you the versions of libraries with which
it was built)
4) The command you used to invoke Wireshark, and the sequence of
operations you performed that caused the bug to appear
1) the complete build information from the "About Wireshark"
item in the Help menu or the output of "wireshark -v" for
Wireshark bugs and the output of "tshark -v" for TShark bugs;
If the bug is produced by a particular trace file, please be sure to send
a trace file along with your bug description. Please don't send a trace file
greater than 1 MB when compressed. If the trace file contains sensitive
information (e.g., passwords), then please do not send it.
2) if the bug happened on Linux, the Linux distribution you were
using, and the version of that distribution;
3) the command you used to invoke Wireshark, if you ran
Wireshark from the command line, or TShark, if you ran
TShark, and the sequence of operations you performed that
caused the bug to appear.
If the bug is produced by a particular trace file, please be sure to
attach to the bug a trace file along with your bug description. If the
trace file contains sensitive information (e.g., passwords), then please
do not send it.
If Wireshark died on you with a 'segmentation violation', 'bus error',
'abort', or other error that produces a UNIX core dump file, you can
@ -245,7 +244,7 @@ $
The core dump file may be named "wireshark.core" rather than "core" on
some platforms (e.g., BSD systems). If you got a core dump with
Tshark rather than Wireshark, use "tshark" as the first argument to
TShark rather than Wireshark, use "tshark" as the first argument to
the debugger; the core dump may be named "tshark.core".
Disclaimer