4 Ethereal is a network traffic analyzer for Unix and Unix-like operating
5 systems. It is based on GTK+, a graphical user interface library,
6 and libpcap, a packet capture and filtering library.
8 The official home of Ethereal is
10 http://ethereal.zing.org
12 The latest distribution can be found in the subdirectory
14 http://ethereal.zing.org/distribution
16 Interesting and exotic packet traces can be found at
18 http://ethereal.zing.org/~gram/sample.html
24 Ethereal is known to compile and run on the following systems:
26 - Linux (2.0.x, 2.1.x, 2.2.x)
27 - Solaris (2.5.1, 2.6)
28 - FreeBSD (2.2.5, 2.2.6)
29 - Sequent PTX v4.4.5 (Nick Williams <njw@sequent.com>)
30 - Tru64 UNIX (formerly Digital UNIX) (3.2, 4.0)
32 It should run on other systems without too much trouble.
35 Full installation instructions can be found in the INSTALL file.
37 See also the appropriate README.<OS> files for OS-specific installation
43 In order to capture packets from the network, you need to be running
44 as root, or have access to the appropriate entry under /dev if your
45 system is so inclined (BSD-derived systems and Solaris typically fall
46 into this category. Although it might be tempting to make the
47 Ethereal executable setuid root, please don't - alpha code is by nature
48 not very robust, and liable to contain security holes.
50 Please consult the man page for a description of each command-line
51 option and interface feature.
57 The wiretap library is a packet-capture library currently under
58 development parallel to ethereal. In the future it is hoped that
59 wiretap will have more features than libpcap, but wiretap is still in
60 its infancy. You can compile ethereal with the wiretap library by using
61 './configure --with-wiretap'. Using wiretap will allow you to read
62 libpcap, Sniffer, NetXray (and Sniffer Pro), Sun "snoop", LANalyzer,
63 Microsoft Network Monitor, and AIX "iptrace" 2.0 trace files. Some minimal
64 display filters now work. But because "Follow TCP Stream" relies on IP and TCP
65 display filtering, and those aren't yet available in wiretap's display filter
66 system, "Follow TCP Stream" is turned off when you compile --with-wiretap.
68 You can still capture packets from within ethereal using libpcap, and therefore
69 use libpcap-style capture filters, however.
71 If you want to add support for other packet-capture file formats, please
72 look at the wiretap source code in the wiretap directory.
74 Please report any problems that are wiretap related to
75 Gilbert Ramirez <gram@verdict.uthscsa.edu>.
80 If your operating system includes IPv6 support, ethereal will attempt to
81 use reverse name resolution capabilities when decoding IPv6 packets. If
82 you want to turn off name resolution while using ethereal, start ethereal
83 with the "-n" option. If you would like to compile ethereal without
84 support for IPv6 name resolution, use the "--disable-ipv6" option with
85 "./configure". If you compile ethereal without IPv6 name resolution,
86 you will still be able to decode IPv6 packets, but you'll only see IPv6
87 addresses, not host names.
89 The "Follow TCP Stream" feature only supports TCP over IPv4. Support for TCP
95 Ethereal can do some basic decoding of SNMP packets, but it relies on an
96 external SNMP library to do this. You can use either the UCD or the CMU
97 SNMP libraries. The configure script will automatically determine which
98 library you have on your system and will use it. If you have an SNMP
99 library but _do not_ want to have ethereal use it, you can run configure
100 with the "--disable-snmp" option. No SNMP support will be compiled into
101 ethereal with this option.
107 There is no warranty, expressed or implied, associated with this product.
108 Use at your own risk.
111 Gerald Combs <gerald@zing.org>
112 Gilbert Ramirez <gram@verdict.uthscsa.edu>
git.samba.org / obnox / wireshark / wip.git / blob