We apper to spell it "TShark" rather than "Tshark", the fact that it's

"Wireshark" rather than "WireShark" nonwithstanding. Say we run on NT 4.0 rather than "NT" - I don't know whether we run on NT 3.x (and 2000/2003/XP are really NT 5.x and Vista/2008 are really NT 6.x - that's why Microsoft are talking about "Windows 7" as the next big release). In the capture-privileges paragraph, note that it's dumpcap that needs to run as root, and suggest not only that Wireshark shouldn't be set-UID root, but that it shouldn't even be run as root, and that the same applies to TShark. Update "How to Report a Bug" to reflect that we're telling people to report bugs on Bugzilla, and that "wireshark -v"/"tshark -v" give almost all the version information we want. svn path=/trunk/; revision=25605
2008-06-25 22:52:08 +00:00 · 2008-06-25 22:52:08 +00:00 · ae9f16c37b
parent 0740f305fb
commit ae9f16c37b
1 changed files with 29 additions and 30 deletions
--- a/59
+++ b/59
@ -7,7 +7,7 @@ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
 Unix-like operating systems.  It uses GTK+, a graphical user interface
 library, and libpcap, a packet capture and filtering library.
-The Wireshark distribution also comes with Tshark, which is a
+The Wireshark distribution also comes with TShark, which is a
 line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
 same dissection, capture-file reading and writing, and packet filtering
 code as Wireshark, and with editcap, which is a program to read capture
@ -40,7 +40,7 @@ Wireshark is known to compile and run on the following systems:
  - Tru64 UNIX (formerly Digital UNIX) (3.2 and later)
  - Irix (6.5)
  - AIX (4.3.2, with a bit of work)
-  - Win32 (NT, 2000, 2003, XP, Vista)
+  - Win32 (NT 4.0, 2000, 2003, XP, Vista)
 and possibly on other versions of those OSes.  It should run on other
 Unix-ish systems without too much trouble.
@ -69,14 +69,15 @@ instructions.
 Usage
 -----          
-In order to capture packets from the network, you need to be running as
+In order to capture packets from the network, you need to make the
-root, or have access to the appropriate entry under /dev if your system
+dumpcap program set-UID to root, or you need to have access to the
-is so inclined (BSD-derived systems, and systems such as Solaris and
+appropriate entry under /dev if your system is so inclined (BSD-derived
-HP-UX that support DLPI, typically fall into this category). Although
+systems, and systems such as Solaris and HP-UX that support DLPI,
-it might be tempting to make the Wireshark executable setuid root, please
+typically fall into this category).  Although it might be tempting to
-don't. The capture process has been isolated in dumpcap, which can be
+make the Wireshark and TShark executables setuid root, or to run them as
-installed setuid root. This simple program is less likely to contain
+root please don't.  The capture process has been isolated in dumpcap;
-security holes.
+this simple program is less likely to contain security holes, and thus
 safer to run as root.
 Please consult the man page for a description of each command-line
 option and interface feature.
@ -208,27 +209,25 @@ option.
 How to Report a Bug
 -------------------
 Wireshark is still under constant development, so it is possible that you will
-encounter a bug while using it. Please report bugs to http://bugs.wireshark.org.
+encounter a bug while using it. Please report bugs at http://bugs.wireshark.org.
-Be sure you tell us:
+Be sure you enter into the bug:
-	1) Operating System and version (the command 'uname -sr' may
+	1) the complete build information from the "About Wireshark"
-	   tell you this, although on Linux systems it will probably
+	   item in the Help menu or the output of "wireshark -v" for
-	   tell you only the version number of the Linux kernel, not of
+	   Wireshark bugs and the output of "tshark -v" for TShark bugs;
 	   the distribution as a whole; on Linux systems, please tell us
 	   both the version number of the kernel, and which version of
 	   which distribution you're running)
 	2) Version of GTK+ (the command 'gtk-config --version' will tell you)
 	3) Version of Wireshark (the command 'wireshark -v' will tell you,
 	   unless the bug is so severe as to prevent that from working,
 	   and should also tell you the versions of libraries with which
 	   it was built)
 	4) The command you used to invoke Wireshark, and the sequence of
 	   operations you performed that caused the bug to appear
-If the bug is produced by a particular trace file, please be sure to send
+	2) if the bug happened on Linux, the Linux distribution you were
-a trace file along with your bug description. Please don't send a trace file
+	   using, and the version of that distribution;
-greater than 1 MB when compressed. If the trace file contains sensitive
+
-information (e.g., passwords), then please do not send it.
+	3) the command you used to invoke Wireshark, if you ran
 	   Wireshark from the command line, or TShark, if you ran
 	   TShark, and the sequence of operations you performed that
 	   caused the bug to appear.
 If the bug is produced by a particular trace file, please be sure to
 attach to the bug a trace file along with your bug description.  If the
 trace file contains sensitive information (e.g., passwords), then please
 do not send it.
 If Wireshark died on you with a 'segmentation violation', 'bus error',
 'abort', or other error that produces a UNIX core dump file, you can
@ -245,7 +244,7 @@ $
 The core dump file may be named "wireshark.core" rather than "core" on
 some platforms (e.g., BSD systems).  If you got a core dump with
-Tshark rather than Wireshark, use "tshark" as the first argument to
+TShark rather than Wireshark, use "tshark" as the first argument to
 the debugger; the core dump may be named "tshark.core".
 Disclaimer