We apper to spell it "TShark" rather than "Tshark", the fact that it's
"Wireshark" rather than "WireShark" nonwithstanding. Say we run on NT 4.0 rather than "NT" - I don't know whether we run on NT 3.x (and 2000/2003/XP are really NT 5.x and Vista/2008 are really NT 6.x - that's why Microsoft are talking about "Windows 7" as the next big release). In the capture-privileges paragraph, note that it's dumpcap that needs to run as root, and suggest not only that Wireshark shouldn't be set-UID root, but that it shouldn't even be run as root, and that the same applies to TShark. Update "How to Report a Bug" to reflect that we're telling people to report bugs on Bugzilla, and that "wireshark -v"/"tshark -v" give almost all the version information we want. svn path=/trunk/; revision=25605
This commit is contained in:
parent
0740f305fb
commit
ae9f16c37b
59
README
59
README
|
@ -7,7 +7,7 @@ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
|
||||||
Unix-like operating systems. It uses GTK+, a graphical user interface
|
Unix-like operating systems. It uses GTK+, a graphical user interface
|
||||||
library, and libpcap, a packet capture and filtering library.
|
library, and libpcap, a packet capture and filtering library.
|
||||||
|
|
||||||
The Wireshark distribution also comes with Tshark, which is a
|
The Wireshark distribution also comes with TShark, which is a
|
||||||
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
|
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
|
||||||
same dissection, capture-file reading and writing, and packet filtering
|
same dissection, capture-file reading and writing, and packet filtering
|
||||||
code as Wireshark, and with editcap, which is a program to read capture
|
code as Wireshark, and with editcap, which is a program to read capture
|
||||||
|
@ -40,7 +40,7 @@ Wireshark is known to compile and run on the following systems:
|
||||||
- Tru64 UNIX (formerly Digital UNIX) (3.2 and later)
|
- Tru64 UNIX (formerly Digital UNIX) (3.2 and later)
|
||||||
- Irix (6.5)
|
- Irix (6.5)
|
||||||
- AIX (4.3.2, with a bit of work)
|
- AIX (4.3.2, with a bit of work)
|
||||||
- Win32 (NT, 2000, 2003, XP, Vista)
|
- Win32 (NT 4.0, 2000, 2003, XP, Vista)
|
||||||
|
|
||||||
and possibly on other versions of those OSes. It should run on other
|
and possibly on other versions of those OSes. It should run on other
|
||||||
Unix-ish systems without too much trouble.
|
Unix-ish systems without too much trouble.
|
||||||
|
@ -69,14 +69,15 @@ instructions.
|
||||||
Usage
|
Usage
|
||||||
-----
|
-----
|
||||||
|
|
||||||
In order to capture packets from the network, you need to be running as
|
In order to capture packets from the network, you need to make the
|
||||||
root, or have access to the appropriate entry under /dev if your system
|
dumpcap program set-UID to root, or you need to have access to the
|
||||||
is so inclined (BSD-derived systems, and systems such as Solaris and
|
appropriate entry under /dev if your system is so inclined (BSD-derived
|
||||||
HP-UX that support DLPI, typically fall into this category). Although
|
systems, and systems such as Solaris and HP-UX that support DLPI,
|
||||||
it might be tempting to make the Wireshark executable setuid root, please
|
typically fall into this category). Although it might be tempting to
|
||||||
don't. The capture process has been isolated in dumpcap, which can be
|
make the Wireshark and TShark executables setuid root, or to run them as
|
||||||
installed setuid root. This simple program is less likely to contain
|
root please don't. The capture process has been isolated in dumpcap;
|
||||||
security holes.
|
this simple program is less likely to contain security holes, and thus
|
||||||
|
safer to run as root.
|
||||||
|
|
||||||
Please consult the man page for a description of each command-line
|
Please consult the man page for a description of each command-line
|
||||||
option and interface feature.
|
option and interface feature.
|
||||||
|
@ -208,27 +209,25 @@ option.
|
||||||
How to Report a Bug
|
How to Report a Bug
|
||||||
-------------------
|
-------------------
|
||||||
Wireshark is still under constant development, so it is possible that you will
|
Wireshark is still under constant development, so it is possible that you will
|
||||||
encounter a bug while using it. Please report bugs to http://bugs.wireshark.org.
|
encounter a bug while using it. Please report bugs at http://bugs.wireshark.org.
|
||||||
Be sure you tell us:
|
Be sure you enter into the bug:
|
||||||
|
|
||||||
1) Operating System and version (the command 'uname -sr' may
|
1) the complete build information from the "About Wireshark"
|
||||||
tell you this, although on Linux systems it will probably
|
item in the Help menu or the output of "wireshark -v" for
|
||||||
tell you only the version number of the Linux kernel, not of
|
Wireshark bugs and the output of "tshark -v" for TShark bugs;
|
||||||
the distribution as a whole; on Linux systems, please tell us
|
|
||||||
both the version number of the kernel, and which version of
|
|
||||||
which distribution you're running)
|
|
||||||
2) Version of GTK+ (the command 'gtk-config --version' will tell you)
|
|
||||||
3) Version of Wireshark (the command 'wireshark -v' will tell you,
|
|
||||||
unless the bug is so severe as to prevent that from working,
|
|
||||||
and should also tell you the versions of libraries with which
|
|
||||||
it was built)
|
|
||||||
4) The command you used to invoke Wireshark, and the sequence of
|
|
||||||
operations you performed that caused the bug to appear
|
|
||||||
|
|
||||||
If the bug is produced by a particular trace file, please be sure to send
|
2) if the bug happened on Linux, the Linux distribution you were
|
||||||
a trace file along with your bug description. Please don't send a trace file
|
using, and the version of that distribution;
|
||||||
greater than 1 MB when compressed. If the trace file contains sensitive
|
|
||||||
information (e.g., passwords), then please do not send it.
|
3) the command you used to invoke Wireshark, if you ran
|
||||||
|
Wireshark from the command line, or TShark, if you ran
|
||||||
|
TShark, and the sequence of operations you performed that
|
||||||
|
caused the bug to appear.
|
||||||
|
|
||||||
|
If the bug is produced by a particular trace file, please be sure to
|
||||||
|
attach to the bug a trace file along with your bug description. If the
|
||||||
|
trace file contains sensitive information (e.g., passwords), then please
|
||||||
|
do not send it.
|
||||||
|
|
||||||
If Wireshark died on you with a 'segmentation violation', 'bus error',
|
If Wireshark died on you with a 'segmentation violation', 'bus error',
|
||||||
'abort', or other error that produces a UNIX core dump file, you can
|
'abort', or other error that produces a UNIX core dump file, you can
|
||||||
|
@ -245,7 +244,7 @@ $
|
||||||
|
|
||||||
The core dump file may be named "wireshark.core" rather than "core" on
|
The core dump file may be named "wireshark.core" rather than "core" on
|
||||||
some platforms (e.g., BSD systems). If you got a core dump with
|
some platforms (e.g., BSD systems). If you got a core dump with
|
||||||
Tshark rather than Wireshark, use "tshark" as the first argument to
|
TShark rather than Wireshark, use "tshark" as the first argument to
|
||||||
the debugger; the core dump may be named "tshark.core".
|
the debugger; the core dump may be named "tshark.core".
|
||||||
|
|
||||||
Disclaimer
|
Disclaimer
|
||||||
|
|
Loading…
Reference in New Issue