General Information
------- -----------

Ethereal is a network traffic analyzer for Unix and Unix-like operating
systems.  It is based on GTK+, a graphical user interface library,
and libpcap, a packet capture and filtering library.

The official home of Ethereal is

    http://ethereal.zing.org

The latest distribution can be found in the subdirectory

    http://ethereal.zing.org/distribution

Interesting and exotic packet traces can be found at

    http://ethereal.zing.org/~gram/sample.html


Installation
------------

Ethereal is known to compile and run on the following systems:

  - Linux (2.0.x, 2.1.x, 2.2.x)
  - Solaris (2.5.1, 2.6)
  - FreeBSD (2.2.5, 2.2.6)
  - Sequent PTX v4.4.5  (Nick Williams <njw@sequent.com>)
  - Tru64 UNIX (formerly Digital UNIX) (3.2, 4.0)

It should run on other systems without too much trouble.

NOTE: the Makefile appears to depend on GNU "make"; it doesn't appear to
work with the "make" that comes with Solaris 7 nor the BSD "make".

In addition, wiretap (see below) requires "flex" - it cannot be built
with vanilla "lex" - and either "bison" or the Berkeley "yacc"; whilst
the "yacc" that comes with Solaris 7 has a "-p" flag to replace "yy" in
various variable names with a specified prefix, to allow multiple
yacc-built parsers in the same program, it doesn't replace "yy" in the
"y.tab.h" file, so the lexical analyzer has no clue that "yylval" has
been renamed to "wtap_lval".  (What *were* they thinking?)

You must therefore install GNU "make", "flex", and either "bison" or
Berkeley "yacc" on systems that lack them.

Full installation instructions can be found in the INSTALL file.
         
See also the appropriate README.<OS> files for OS-specific installation
instructions.

Usage
-----          

In order to capture packets from the network, you need to be running
as root, or have access to the appropriate entry under /dev if your
system is so inclined (BSD-derived systems and Solaris typically fall
into this category.  Although it might be tempting to make the
Ethereal executable setuid root, please don't - alpha code is by nature
not very robust, and liable to contain security holes.

Please consult the man page for a description of each command-line
option and interface feature.


Multiple File Types
-------------------

The wiretap library is a packet-capture library currently under
development parallel to ethereal.  In the future it is hoped that
wiretap will have more features than libpcap, but wiretap is still in
its infancy. However, wiretap is used in ethereal for its ability
to read multiple file types. You can read the following file
formats, and create display filters for them as well:

libpcap, Sniffer (uncompresed), NetXray, Sniffer Pro, snoop,
Shomiti, LANalyzer, Network Monitor, and iptrace 2.0 (AIX)


IPv6
----
If your operating system includes IPv6 support, ethereal will attempt to
use reverse name resolution capabilities when decoding IPv6 packets. If
you want to turn off name resolution while using ethereal, start ethereal
with the "-n" option. If you would like to compile ethereal without
support for IPv6 name resolution, use the "--disable-ipv6" option with
"./configure". If you compile ethereal without IPv6 name resolution,
you will still be able to decode IPv6 packets, but you'll only see IPv6
addresses, not host names.

The "Follow TCP Stream" feature only supports TCP over IPv4. Support for TCP
over IPv6 is planned.


SNMP
----
Ethereal can do some basic decoding of SNMP packets, but it relies on an
external SNMP library to do this. You can use either the UCD or the CMU
SNMP libraries. The configure script will automatically determine which
library you have on your system and will use it. If you have an SNMP
library but _do not_ want to have ethereal use it, you can run configure
with the "--disable-snmp" option. No SNMP support will be compiled into
ethereal with this option.


Disclaimer
----------

There is no warranty, expressed or implied, associated with this product.
Use at your own risk.


Gerald Combs <gerald@zing.org>
Gilbert Ramirez <gram@verdict.uthscsa.edu>