73 lines
2.3 KiB
Plaintext
73 lines
2.3 KiB
Plaintext
General Information
|
|
------- -----------
|
|
|
|
Ethereal is a network traffic analyzer for Unix and Unix-like operating
|
|
systems. It is based on GTK+, a graphical user interface library,
|
|
and libpcap, a packet capture and filtering library.
|
|
|
|
The official home of Ethereal is
|
|
|
|
http://ethereal.zing.org
|
|
|
|
The latest distribution can be found in the subdirectory
|
|
|
|
http://ethereal.zing.org/distribution
|
|
|
|
|
|
Installation
|
|
------------
|
|
|
|
Ethereal is known to compile and run on the following systems:
|
|
|
|
- Linux (2.0.x)
|
|
- Solaris (2.5.1, 2.6)
|
|
- FreeBSD (2.2.5, 2.2.6)
|
|
|
|
It should run on other systems without too much trouble.
|
|
|
|
|
|
Full installation instructions can be found in the INSTALL file.
|
|
|
|
|
|
Usage
|
|
-----
|
|
|
|
In order to capture packets from the network, you need to be running
|
|
as root, or have access to the appropriate entry under /dev if your
|
|
system is so inclined (BSD-derived systems and Solaris typically fall
|
|
into this category. Although it might be tempting to make the
|
|
Ethereal executable setuid root, please don't - alpha code is by nature
|
|
not very robust, and liable to contain security holes.
|
|
|
|
Please consult the man page for a description of each command-line
|
|
option and interface feature.
|
|
|
|
|
|
Multiple File Types
|
|
-------------------
|
|
|
|
The wiretap library is a packet-capture library currently under
|
|
development parallel to ethereal. In the future it is hoped that
|
|
wiretap will have more features than libpcap, but wiretap is still in
|
|
its infancy. You can compile ethereal with the wiretap library by using
|
|
'./configure --with-wiretap'. Using wiretap will allow you to read
|
|
pcap, Sniffer, Sun "snoop", and LANalyzer trace files, but it disables
|
|
display filters. You can still capture packets from within ethereal
|
|
using libpcap, and therefore use libpcap-style capture filters, however.
|
|
|
|
If you can live without display filters and would like to read non-pcap
|
|
capture files, give wiretap a try. If you want to add support for other
|
|
packet-capture file formats, please look at the wiretap source code in the
|
|
wiretap directory.
|
|
|
|
Please report any problems that are wiretap related to
|
|
Gilbert Ramirez <gram@verdict.uthscsa.edu>. He uses token-ring at work, so he
|
|
is especially interested in any non-token-ring trace files you can send him.
|
|
|
|
|
|
Disclaimer
|
|
----------
|
|
|
|
There is no warranty, expressed or implied, associated with this product.
|
|
Use at your own risk.
|