return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=518
General Information
------- -----------
Ethereal is a network traffic analyzer for Unix and Unix-like operating
systems. It uses GTK+, a graphical user interface library,
and libpcap, a packet capture and filtering library.
The official home of Ethereal is
http://ethereal.zing.org
The latest distribution can be found in the subdirectory
http://ethereal.zing.org/distribution
Interesting and exotic packet traces can be found at
http://ethereal.zing.org/~gram/sample.html
Installation
------------
Ethereal is known to compile and run on the following systems:
- Linux (2.0.x, 2.1.x, 2.2.x)
- Solaris (2.5.1, 2.6)
- FreeBSD (2.2.5, 2.2.6)
- Sequent PTX v4.4.5 (Nick Williams <njw@sequent.com>)
- Tru64 UNIX (formerly Digital UNIX) (3.2, 4.0)
It should run on other systems without too much trouble.
NOTE: the Makefile appears to depend on GNU "make"; it doesn't appear to
work with the "make" that comes with Solaris 7 nor the BSD "make".
In addition, ethereal requires "flex" - it cannot be built
with vanilla "lex" - and either "bison" or the Berkeley "yacc". Your flex
version must be 2.5.1 or greater. Check this with 'flex -V'.
You must therefore install GNU "make", "flex", and either "bison" or
Berkeley "yacc" on systems that lack them.
Full installation instructions can be found in the INSTALL file.
See also the appropriate README.<OS> files for OS-specific installation
instructions.
Usage
-----
In order to capture packets from the network, you need to be running
as root, or have access to the appropriate entry under /dev if your
system is so inclined (BSD-derived systems and Solaris typically fall
into this category. Although it might be tempting to make the
Ethereal executable setuid root, please don't - alpha code is by nature
not very robust, and liable to contain security holes.
Please consult the man page for a description of each command-line
option and interface feature.
Multiple File Types
-------------------
The wiretap library is a packet-capture library currently under
development parallel to ethereal. In the future it is hoped that
wiretap will have more features than libpcap, but wiretap is still in
its infancy. However, wiretap is used in ethereal for its ability
to read multiple file types. You can read the following file
formats, and create display filters for them as well:
libpcap, Sniffer (uncompresed), NetXray, Sniffer Pro, snoop,
Shomiti, LANalyzer, Network Monitor, iptrace 2.0 (AIX), and
RADCOM's WAN/LAN Analyzer
IPv6
----
If your operating system includes IPv6 support, ethereal will attempt to
use reverse name resolution capabilities when decoding IPv6 packets. If
you want to turn off name resolution while using ethereal, start ethereal
with the "-n" option. If you would like to compile ethereal without
support for IPv6 name resolution, use the "--disable-ipv6" option with
"./configure". If you compile ethereal without IPv6 name resolution,
you will still be able to decode IPv6 packets, but you'll only see IPv6
addresses, not host names.
The "Follow TCP Stream" feature only supports TCP over IPv4. Support for TCP
over IPv6 is planned.
SNMP
----
Ethereal can do some basic decoding of SNMP packets, but it relies on an
external SNMP library to do this. You can use either the UCD or the CMU
SNMP libraries. The configure script will automatically determine which
library you have on your system and will use it. If you have an SNMP
library but _do not_ want to have ethereal use it, you can run configure
with the "--disable-snmp" option. No SNMP support will be compiled into
ethereal with this option.
Disclaimer
----------
There is no warranty, expressed or implied, associated with this product.
Use at your own risk.
Gerald Combs <gerald@zing.org>
Gilbert Ramirez <gram@verdict.uthscsa.edu>