We apper to spell it "TShark" rather than "Tshark", the fact that it's
"Wireshark" rather than "WireShark" nonwithstanding. Say we run on NT 4.0 rather than "NT" - I don't know whether we run on NT 3.x (and 2000/2003/XP are really NT 5.x and Vista/2008 are really NT 6.x - that's why Microsoft are talking about "Windows 7" as the next big release). In the capture-privileges paragraph, note that it's dumpcap that needs to run as root, and suggest not only that Wireshark shouldn't be set-UID root, but that it shouldn't even be run as root, and that the same applies to TShark. Update "How to Report a Bug" to reflect that we're telling people to report bugs on Bugzilla, and that "wireshark -v"/"tshark -v" give almost all the version information we want. svn path=/trunk/; revision=25605
This commit is contained in:
parent
0740f305fb
commit
ae9f16c37b
59
README
59
README
|
@ -7,7 +7,7 @@ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
|
|||
Unix-like operating systems. It uses GTK+, a graphical user interface
|
||||
library, and libpcap, a packet capture and filtering library.
|
||||
|
||||
The Wireshark distribution also comes with Tshark, which is a
|
||||
The Wireshark distribution also comes with TShark, which is a
|
||||
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
|
||||
same dissection, capture-file reading and writing, and packet filtering
|
||||
code as Wireshark, and with editcap, which is a program to read capture
|
||||
|
@ -40,7 +40,7 @@ Wireshark is known to compile and run on the following systems:
|
|||
- Tru64 UNIX (formerly Digital UNIX) (3.2 and later)
|
||||
- Irix (6.5)
|
||||
- AIX (4.3.2, with a bit of work)
|
||||
- Win32 (NT, 2000, 2003, XP, Vista)
|
||||
- Win32 (NT 4.0, 2000, 2003, XP, Vista)
|
||||
|
||||
and possibly on other versions of those OSes. It should run on other
|
||||
Unix-ish systems without too much trouble.
|
||||
|
@ -69,14 +69,15 @@ instructions.
|
|||
Usage
|
||||
-----
|
||||
|
||||
In order to capture packets from the network, you need to be running as
|
||||
root, or have access to the appropriate entry under /dev if your system
|
||||
is so inclined (BSD-derived systems, and systems such as Solaris and
|
||||
HP-UX that support DLPI, typically fall into this category). Although
|
||||
it might be tempting to make the Wireshark executable setuid root, please
|
||||
don't. The capture process has been isolated in dumpcap, which can be
|
||||
installed setuid root. This simple program is less likely to contain
|
||||
security holes.
|
||||
In order to capture packets from the network, you need to make the
|
||||
dumpcap program set-UID to root, or you need to have access to the
|
||||
appropriate entry under /dev if your system is so inclined (BSD-derived
|
||||
systems, and systems such as Solaris and HP-UX that support DLPI,
|
||||
typically fall into this category). Although it might be tempting to
|
||||
make the Wireshark and TShark executables setuid root, or to run them as
|
||||
root please don't. The capture process has been isolated in dumpcap;
|
||||
this simple program is less likely to contain security holes, and thus
|
||||
safer to run as root.
|
||||
|
||||
Please consult the man page for a description of each command-line
|
||||
option and interface feature.
|
||||
|
@ -208,27 +209,25 @@ option.
|
|||
How to Report a Bug
|
||||
-------------------
|
||||
Wireshark is still under constant development, so it is possible that you will
|
||||
encounter a bug while using it. Please report bugs to http://bugs.wireshark.org.
|
||||
Be sure you tell us:
|
||||
encounter a bug while using it. Please report bugs at http://bugs.wireshark.org.
|
||||
Be sure you enter into the bug:
|
||||
|
||||
1) Operating System and version (the command 'uname -sr' may
|
||||
tell you this, although on Linux systems it will probably
|
||||
tell you only the version number of the Linux kernel, not of
|
||||
the distribution as a whole; on Linux systems, please tell us
|
||||
both the version number of the kernel, and which version of
|
||||
which distribution you're running)
|
||||
2) Version of GTK+ (the command 'gtk-config --version' will tell you)
|
||||
3) Version of Wireshark (the command 'wireshark -v' will tell you,
|
||||
unless the bug is so severe as to prevent that from working,
|
||||
and should also tell you the versions of libraries with which
|
||||
it was built)
|
||||
4) The command you used to invoke Wireshark, and the sequence of
|
||||
operations you performed that caused the bug to appear
|
||||
1) the complete build information from the "About Wireshark"
|
||||
item in the Help menu or the output of "wireshark -v" for
|
||||
Wireshark bugs and the output of "tshark -v" for TShark bugs;
|
||||
|
||||
If the bug is produced by a particular trace file, please be sure to send
|
||||
a trace file along with your bug description. Please don't send a trace file
|
||||
greater than 1 MB when compressed. If the trace file contains sensitive
|
||||
information (e.g., passwords), then please do not send it.
|
||||
2) if the bug happened on Linux, the Linux distribution you were
|
||||
using, and the version of that distribution;
|
||||
|
||||
3) the command you used to invoke Wireshark, if you ran
|
||||
Wireshark from the command line, or TShark, if you ran
|
||||
TShark, and the sequence of operations you performed that
|
||||
caused the bug to appear.
|
||||
|
||||
If the bug is produced by a particular trace file, please be sure to
|
||||
attach to the bug a trace file along with your bug description. If the
|
||||
trace file contains sensitive information (e.g., passwords), then please
|
||||
do not send it.
|
||||
|
||||
If Wireshark died on you with a 'segmentation violation', 'bus error',
|
||||
'abort', or other error that produces a UNIX core dump file, you can
|
||||
|
@ -245,7 +244,7 @@ $
|
|||
|
||||
The core dump file may be named "wireshark.core" rather than "core" on
|
||||
some platforms (e.g., BSD systems). If you got a core dump with
|
||||
Tshark rather than Wireshark, use "tshark" as the first argument to
|
||||
TShark rather than Wireshark, use "tshark" as the first argument to
|
||||
the debugger; the core dump may be named "tshark.core".
|
||||
|
||||
Disclaimer
|
||||
|
|
Loading…
Reference in New Issue