}
Graham Bloice <graham.bloice[AT]trihedral.com> {
- Win32 icon for Ethereal, and Win32 resource-compiler files to
+ Win32 icon for Wireshark, and Win32 resource-compiler files to
add version/copyright/etc. information to Win32 executables
Support for sorting columns in the summary by clicking on them
Win32 Makefile improvements
remove redundant code from dumpcap.c
-this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
+this also implements command line option -D (and indexed interfaces at -i) for Wireshark and Dumpcap (as we have it in Tethereal already for a while)
------------------------------------------------------------------------
r16786 | ulfl | 2005-12-13 16:35:28 -0600 (Tue, 13 Dec 2005) | 1 line
M /trunk/tools/pidl/lib/Parse/Pidl/Ethereal/NDR.pm
The Bitmap routine in lib/Parse/Pidl/Ethereal/NDR.pm in Pidl generates
-fields as BASE_DEC; bitmaps are typically displayed in hex in Ethereal,
+fields as BASE_DEC; bitmaps are typically displayed in hex in Wireshark,
so it should generate BASE_HEX instead. (Submitted to
bugzilla.samba.org as bug 3313.)
replace all appearances of 'fprintf(stderr, "tethereal: ' with 'cmdarg_err("', this is:
a) smaller
-b) makes it possible to use some functions for Ethereal too
+b) makes it possible to use some functions for Wireshark too
c) is the wrong name now, as some outputs are not command line related :-(
use capture_opts_trim()
M /trunk/gtk/main.c
M /trunk/tethereal.c
-Handle "-G" only in Tethereal - it doesn't work in Ethereal, and isn't
+Handle "-G" only in Tethereal - it doesn't work in Wireshark, and isn't
necessary there.
Add a "cmdarg_err()" routine to report command-line option errors; it
M /trunk/epan/libethereal.def
M /trunk/ethereal_gen.py
-1. replace "and" with "&&" in ethereal_gen.py:2103
+1. replace "and" with "&&" in wireshark_gen.py:2103
2. add make_printable_string in libethereal.def
- The Ethereal FAQ
+ The Wireshark FAQ
Note: This is just an ASCII snapshot of the faq and may not be up to
date. Please go to http://www.ethereal.com/faq.html for the up
Q 1.2: How much does Ethereal cost?
- A: Ethereal is "free software"; you can download it without paying any
+ A: Wireshark is "free software"; you can download it without paying any
license fee. The version of Ethereal you download isn't a "demo" version,
with limitations not present in a "full" version; it is the full version.
- The license under which Ethereal is issued is the GNU General Public
+ The license under which Wireshark is issued is the GNU General Public
License. See the GNU GPL FAQ for some more information.
Q 1.3: Can I use Ethereal commercially?
Q 1.4: Can I use Ethereal as part of my commercial product?
- A: As noted, Ethereal is licensed under the GNU General Public License. The
+ A: As noted, Wireshark is licensed under the GNU General Public License. The
GPL imposes conditions on your use of GPL'ed code in your own products; you
cannot, for example, make a "derived work" from Ethereal, by making
modifications to it, and then sell the resulting derived work and not allow
Q 3.1: I installed an Ethereal RPM; why did it install Tethereal but not
Ethereal?
- A: Older versions of the Red Hat RPMs for Ethereal put only the non-GUI
- components into the ethereal RPM, the fact that Ethereal is a GUI program
+ A: Older versions of the Red Hat RPMs for Wireshark put only the non-GUI
+ components into the ethereal RPM, the fact that Wireshark is a GUI program
nonwithstanding; newer versions make it a bit clearer by giving that RPM a
- name starting with ethereal-base.
+ name starting with wireshark-base.
In those older versions, there's a separate ethereal-gnome RPM that includes
GUI components such as Ethereal itself, the fact that Ethereal doesn't use
GNOME nonwithstanding; newer versions make it a bit clearer by giving that
- RPM a name starting with ethereal-gtk+.
+ RPM a name starting with wireshark-gtk+.
Find the ethereal-gnome or ethereal-gtk+ RPM, and install that also.
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
- A: This is a bug in Ethereal 0.10.0a, which is fixed in 0.10.1 and later
+ A: This is a bug in Wireshark 0.10.0a, which is fixed in 0.10.1 and later
releases. To work around the bug, don't use "-x" unless you're also using
"-V"; note that "-V" produces a full dissection of each packet, so you might
not want to use it.
A: Ethereal can only be linked with version 4.2.2 or later of UCD SNMP. Your
version of Ethereal was dynamically linked with such a version of UCD SNMP;
however, you have an older version of UCD SNMP installed, which means that
- when Ethereal is run, it tries to link to the older version, and fails. You
+ when Wireshark is run, it tries to link to the older version, and fails. You
will have to replace that version of UCD SNMP with version 4.2.2 or a later
version.
when I try to run Ethereal on Windows?
- A: Ethereal is built using the GTK+ toolkit, which supports most
+ A: Wireshark is built using the GTK+ toolkit, which supports most
UNIX-flavored OSes, and also supports Windows.
Windows versions of Ethereal before 0.9.14 were built with an older version
Gtk-CRITICAL **: file gtkwindow.c: line 3107 (gtk_window_resize):
assertion `height > 0' failed.
- A: This is a bug in Ethereal 0.10.5 and 0.10.5a, which is fixed in Ethereal
+ A: This is a bug in Wireshark 0.10.5 and 0.10.5a, which is fixed in Wireshark
0.10.6 and later releases.
Q 6.2: I have an XXX network card on my machine; if I try to capture on it,
A: Capture filters currently use a different syntax than display filters.
Here's the corresponding section from the ethereal(1) man page:
- "Display filters in Ethereal are very powerful; more fields are filterable
- in Ethereal than in other protocol analyzers, and the syntax you can use to
+ "Display filters in Wireshark are very powerful; more fields are filterable
+ in Wireshark than in other protocol analyzers, and the syntax you can use to
create your filters is richer. As Ethereal progresses, expect more and more
protocol fields to be allowed in display filters.
this bug.
If you are running Ethereal on a UNIX-flavored platform, run "ethereal -v",
- or select "About Ethereal..." from the "Help" menu in Ethereal, to see what
+ or select "About Ethereal..." from the "Help" menu in Wireshark, to see what
version of libpcap it's using. If it's not 0.6 or later, you will need
either to upgrade your OS to get a later version of libpcap, or will need to
build and install a later version of libpcap from the tcpdump.org Web site
Q 7.12: Why does Ethereal hang after I stop a capture?
- A: The most likely reason for this is that Ethereal is trying to look up an
+ A: The most likely reason for this is that Wireshark is trying to look up an
IP address in the capture to convert it to a name (so that, for example, it
can display the name in the source address or destination address columns),
and that lookup process is taking a very long time.
A: Unfortunately, Windows 95/98/Me gives the same name to multiple instances
of the type of same network adapter. Therefore, WinPcap cannot distinguish
between them, so a WinPcap-based application can capture only on the first
- such interface; Ethereal is a libpcap/WinPcap-based application.
+ such interface; Wireshark is a libpcap/WinPcap-based application.
Q 8.6: I'm running Ethereal on Windows; why am I not seeing any traffic
being sent by the machine running Ethereal?
Q 11.1: Why am I seeing lots of packets with incorrect TCP checksums?
A: If the packets that have incorrect TCP checksums are all being sent by
- the machine on which Ethereal is running, this is probably because the
+ the machine on which Wireshark is running, this is probably because the
network interface on which you're capturing does TCP checksum offloading.
That means that the TCP checksum is added to the packet by the network
interface, not by the OS's TCP/IP stack; when capturing on an interface,
subsequent RTP traffic will be identified. Currently, that's the only place
we do that; there may be other places.
- However, there will always be places where Ethereal is simply incapable of
+ However, there will always be places where Wireshark is simply incapable of
deducing that a given UDP flow is RTP; a mechanism would be needed to allow
the user to specify that a given conversation should be treated as RTP. As
of Ethereal 0.8.16, such a mechanism exists; if you select a UDP or TCP
By default, if 'configure' finds zlib (a.k.a, libz), the
wiretap library will be built so that it can read compressed
capture files. If you have zlib but do not wish to build
- it into the wiretap library, used by Ethereal, Tethereal, and
+ it into the wiretap library, used by Wireshark, Tethereal, and
the capture-file utilities that come in this package, use
this switch.
# Makefile.am
-# Automake file for Ethereal
+# Automake file for Wireshark
#
# $Id$
#
# list ever grows to include something that can't be linked with
# tethereal, or if tethereal needs something that ethereal doesn't,
# we should probably split this into stuff needed both
-# by ethereal and tethereal and stuff needed only by one or the
+# by wireshark and tethereal and stuff needed only by one or the
# other.
ethereal_optional_objects = @GETOPT_O@ @SNPRINTF_O@ @STRERROR_O@ \
@STRCASECMP_O@ @STRNCASECMP_O@ @MKSTEMP_O@ @STRPTIME_O@
gtk-wimp gtk-wimp/gtk-wimp-0.7.0-bin.zip
!ENDIF
@echo.
- @echo Ethereal is ready to build.
+ @echo Wireshark is ready to build.
# Cleanup files installed by the setup target. It will not remove the
# downloaded zip files.
o A new capture file format "Nanosecond libpcap (Ethereal)" was added.
It is very similar to the common libpcap file format but is capable of
keeping nanosecond resolution timestamps. This format is currently
- supported only by Ethereal.
+ supported only by Wireshark.
o Ethereal's memory managment has been greatly improved.
Ethereal 0.10.6 has been released.
- This release fixes a preferences bug present in Ethereal which displayed
+ This release fixes a preferences bug present in Wireshark which displayed
(ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
(gtk_window_resize): assertion `height > 0' failed
A preference file has been added for disabled protocols.
- Color filters may now be imported and exported from within Ethereal.
+ Color filters may now be imported and exported from within Wireshark.
A new column type has been added for cumulative bytes.
A protocol hierarchy statistics tap was added to tethereal. This
code
- may be used to replace the hierarchy statistics code in Ethereal.
+ may be used to replace the hierarchy statistics code in Wireshark.
More updates have been added to TCP analysis.
(with mirrors in various countries, listed on the Centre's home page;
you may want to choose a mirror closer to you) has ported versions, in
-both source and binary form, for Ethereal, as well as for the libpcap,
+both source and binary form, for Wireshark, as well as for the libpcap,
GLib, GTK+, and zlib libraries that it uses.
The changes they've made appear largely to be compile option changes; if
o Tethereal - the console, line-mode version
o Editcap - a console, line-mode utility to convert
capture files from one format to another.
- (The same functions are available in Ethereal)
+ (The same functions are available in Wireshark)
o Text2Pcap - a console, line-mode utility to generate
a capture file from an ASCII hexdump of packets
o Mergecap - a console, line-mode utility to merge two
option, which installs some additional dissector plugins
for use with Ethereal and Tethereal.
-All binaries in Ethereal package are now built with debugging
+All binaries in Wireshark package are now built with debugging
information embedded. If you are experiencing a crash when running
Ethereal or other binaries, Dr. Watson or your debugger
can use the information embedded in the binary to provide useful
WinPcap 2.0/2.02 and later versions cannot be installed on the same
system at the same time.
-If Ethereal is not capturing packets and you have WinPcap installed, you
+If Wireshark is not capturing packets and you have WinPcap installed, you
can test your WinPcap installation by installing WinDump (tcpdump for
Windows) ported by the same folks who make WinPcap. It's at:
----------------------------------------------
Beside licensing problems with these compilers, there are known problems
-with DLL's. If Ethereal is compiled with MSVC Version 7, there are
+with DLL's. If Wireshark is compiled with MSVC Version 7, there are
conflicts in the MSVCRT DLL's, The MSVCRT.DLL includes the standard
ANSI-C functions like fopen, malloc, etc.. MSVCRT.DLL is shipped with
the MSVC 6 compiler versions, and dynamically linked to prebuild DLL's
Or you can start it from C:\cygwin\usr\X11R6\bin\startxwin.bat
-8. Run ethereal (add /opt/gnome/bin to $PATH if this is not yet done)
+8. Run wireshark (add /opt/gnome/bin to $PATH if this is not yet done)
$ <ethereal-src>/ethereal
dnl Macros that test for specific features.
-dnl This file is part of the Autoconf packaging for Ethereal.
+dnl This file is part of the Autoconf packaging for Wireshark.
dnl Copyright (C) 1998-2000 by Gerald Combs.
dnl
dnl $Id$
}
/*
- * Cannot check if MIBS is already set, as it could be set by Ethereal.
+ * Cannot check if MIBS is already set, as it could be set by Wireshark.
*
* If we have a list of modules to load, put that list in MIBS,
* otherwise clear MIBS.
objectID-value ObjectID-value,
empty Empty
- -- Added from RFC 1155 for Ethereal
+ -- Added from RFC 1155 for Wireshark
}
String-value ::= OCTET STRING (SIZE (0..65535))
ObjectID-value ::= OBJECT IDENTIFIER
Empty ::= NULL
- -- Added from RFC 1155 for Ethereal
+ -- Added from RFC 1155 for Wireshark
-- application-wide types
data.f = f;
data.only_marked = only_marked;
- fprintf(f,"# DO NOT EDIT THIS FILE! It was created by Ethereal\n");
+ fprintf(f,"# DO NOT EDIT THIS FILE! It was created by Wireshark\n");
g_slist_foreach(color_filter_list, write_filter, &data);
return TRUE;
}
-# DO NOT EDIT THIS FILE! It was created by Ethereal
+# DO NOT EDIT THIS FILE! It was created by Wireshark
@Bad TCP@tcp.analysis.flags@[0,0,0][65535,24383,24383]
@HSRP State Change@hsrp.state != 8 && hsrp.state != 16@[0,0,0][65535,63222,0]
@Spanning Tree Topology Change@stp.type == 0x80@[0,0,0][65535,63222,0]
(closes: #71994)
* added another .desktop entry to start ethereal with gksu from Gnome menu
* Upstream changes; libethereal and libwiretap handled differently; they may
- end up in new packages (but go in ethereal-common for now)
+ end up in new packages (but go in wireshark-common for now)
-- Frederic Peters <fpeters@debian.org> Sat, 27 Mar 2004 14:09:49 +0100
ethereal (0.10.2-2) unstable; urgency=low
- * New files in ethereal-dev (closes: #236702)
+ * New files in wireshark-dev (closes: #236702)
-- Frederic Peters <fpeters@debian.org> Sun, 7 Mar 2004 21:43:17 +0100
Recommends: ethereal (>= 0.9.1-3) | tethereal (>= 0.9.1-3)
Conflicts: ethereal (<< 0.9.1-3), tethereal (<< 0.9.1-3)
Description: network traffic analyser (common files)
- Ethereal is a network traffic analyzer, or "sniffer", for Unix and
+ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Ethereal decodes numerous protocols (too many
to list).
Depends: ${shlibs:Depends}, ethereal-common (= ${Source-Version})
Recommends: gksu
Description: network traffic analyzer
- Ethereal is a network traffic analyzer, or "sniffer", for Unix and
+ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Ethereal decodes numerous protocols (too many
to list).
Architecture: any
Depends: ${shlibs:Depends}, ethereal-common (= ${Source-Version})
Description: network traffic analyzer (console)
- Ethereal is a network traffic analyzer, or "sniffer", for Unix and
+ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Ethereal decodes numerous protocols (too many
to list).
Section: devel
Depends: ${shlibs:Depends}, omniidl (>> 1:3.0.4.1-10) | omniidl4 (>= 4.0.1-2) , libpcap0.8-dev, libtool, libglib2.0-dev, python, snacc, autotools-dev, debhelper, cdbs, automake1.7, autoconf
Description: network traffic analyser (development tools)
- Ethereal is a network traffic analyzer, or "sniffer", for Unix and
+ Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Ethereal decodes numerous protocols (too many
to list).
+#!/usr/bin/env python
+
+# idl2deb - quick hack by W. Borgert <debacle@debian.org> to create
-+# Debian GNU/Linux packages from idl2eth modules for Ethereal.
++# Debian GNU/Linux packages from idl2eth modules for Wireshark.
+# Copyright 2003, W. Borgert
+
+# Makefile.am and configure.ac code by:
+#!/usr/bin/env python
+
+# asn2deb - quick hack by W. Borgert <debacle@debian.org> to create
-+# Debian GNU/Linux packages from ASN.1 files for Ethereal.
++# Debian GNU/Linux packages from ASN.1 files for Wireshark.
+# Copyright 2004, W. Borgert
+
-+# ASN.1 module for Ethereal, use of snacc type table:
++# ASN.1 module for Wireshark, use of snacc type table:
+# Copyright 2003, Matthijs Melchior <matthijs.melchior@xs4all.nl>
+#
+# Wireshark - Network traffic analyzer
fi
-#
--# Run ethereal backend, looking for ethereal_be.py and ethereal_gen.py
+-# Run wireshark backend, looking for ethereal_be.py and ethereal_gen.py
-# in pythons's "site-packages" directory. If cannot find that, then
-# try looking in current directory. If still cannot, then exit with
-# error.
# Makefile.am
-# Automake file for Ethereal documentation
+# Automake file for Wireshark documentation
#
# $Id$
#
../ethereal.1: ethereal-tmp.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
ethereal-tmp.pod | sed 's/ETHEREAL-TMP/ETHEREAL/' > ../ethereal.1
../ethereal.html: ethereal-tmp.pod ../config.h
$(POD2HTML) \
- --title="The Ethereal Network Analyzer $(VERSION)" \
+ --title="The Wireshark Network Analyzer $(VERSION)" \
--noindex \
ethereal-tmp.pod > ../ethereal.html
../tethereal.1: tethereal.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/tethereal.pod > ../tethereal.1
../tethereal.html: tethereal.pod ../config.h
$(POD2HTML) \
- --title="tethereal - The Ethereal Network Analyzer $(VERSION)" \
+ --title="tethereal - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/tethereal.pod > ../tethereal.html
../ethereal-filter.4: ethereal-filter.pod ../config.h
$(POD2MAN) \
--section=4 \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
ethereal-filter.pod > ../ethereal-filter.4
../ethereal-filter.html: ethereal-filter.pod ../config.h
$(POD2HTML) \
- --title="ethereal-filter - The Ethereal Network Analyzer $(VERSION)" \
+ --title="ethereal-filter - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
ethereal-filter.pod > ../ethereal-filter.html
../capinfos.1: capinfos.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/capinfos.pod > ../capinfos.1
../capinfos.html: capinfos.pod ../config.h
$(POD2HTML) \
- --title="capinfos - The Ethereal Network Analyzer $(VERSION)" \
+ --title="capinfos - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/capinfos.pod > ../capinfos.html
../editcap.1: editcap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/editcap.pod > ../editcap.1
../editcap.html: editcap.pod ../config.h
$(POD2HTML) \
- --title="editcap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="editcap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/editcap.pod > ../editcap.html
../idl2eth.1: idl2eth.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/idl2eth.pod > ../idl2eth.1
../idl2eth.html: idl2eth.pod ../config.h
$(POD2HTML) \
- --title="idl2eth - The Ethereal Network Analyzer $(VERSION)" \
+ --title="idl2eth - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/idl2eth.pod > ../idl2eth.html
../mergecap.1: mergecap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/mergecap.pod > ../mergecap.1
../mergecap.html: mergecap.pod ../config.h
$(POD2HTML) \
- --title="mergecap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="mergecap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/mergecap.pod > ../mergecap.html
../text2pcap.1: text2pcap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/text2pcap.pod > ../text2pcap.1
../text2pcap.html: text2pcap.pod ../config.h
$(POD2HTML) \
- --title="text2pcap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="text2pcap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/text2pcap.pod > ../text2pcap.html
../dumpcap.1: dumpcap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
$(srcdir)/dumpcap.pod > ../dumpcap.1
../dumpcap.html: dumpcap.pod ../config.h
$(POD2HTML) \
- --title="dumpcap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="dumpcap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
$(srcdir)/dumpcap.pod > ../dumpcap.html
# Makefile.nmake
-# Nmake file for Ethereal documentation
+# Nmake file for Wireshark documentation
#
# $Id$
#
ethereal.1: ethereal.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
ethereal-tmp.pod > ethereal.1
ethereal.html: ethereal-tmp.pod ../config.h
$(POD2HTML) \
- --title="The Ethereal Network Analyzer $(VERSION)" \
+ --title="The Wireshark Network Analyzer $(VERSION)" \
--noindex \
ethereal-tmp.pod > ethereal.html
tethereal.1: tethereal.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
tethereal.pod > tethereal.1
tethereal.html: tethereal.pod ../config.h
$(POD2HTML) \
- --title="tethereal - The Ethereal Network Analyzer $(VERSION)" \
+ --title="tethereal - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
tethereal.pod > tethereal.html
ethereal-filter.4: ethereal-filter.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
ethereal-filter.pod > ethereal.4
ethereal-filter.html: ethereal-filter.pod ../config.h
$(POD2HTML) \
- --title="ethereal-filter - The Ethereal Network Analyzer $(VERSION)" \
+ --title="ethereal-filter - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
ethereal-filter.pod > ethereal-filter.html
capinfos.1: capinfos.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
capinfos.pod > capinfos.1
capinfos.html: capinfos.pod ../config.h
$(POD2HTML) \
- --title="capinfos - The Ethereal Network Analyzer $(VERSION)" \
+ --title="capinfos - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
capinfos.pod > capinfos.html
editcap.1: editcap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
editcap.pod > editcap.1
editcap.html: editcap.pod ../config.h
$(POD2HTML) \
- --title="editcap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="editcap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
editcap.pod > editcap.html
idl2eth.1: idl2eth.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
idl2eth.pod > idl2eth.1
idl2eth.html: idl2eth.pod ../config.h
$(POD2HTML) \
- --title="idl2eth - The Ethereal Network Analyzer $(VERSION)" \
+ --title="idl2eth - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
idl2eth.pod > idl2eth.html
mergecap.1: mergecap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
mergecap.pod > mergecap.1
mergecap.html: mergecap.pod ../config.h
$(POD2HTML) \
- --title="mergecap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="mergecap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
mergecap.pod > mergecap.html
text2pcap.1: text2pcap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
text2pcap.pod > text2pcap.1
text2pcap.html: text2pcap.pod ../config.h
$(POD2HTML) \
- --title="text2pcap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="text2pcap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
text2pcap.pod > text2pcap.html
dumpcap.1: dumpcap.pod ../config.h
$(POD2MAN) \
- --center="The Ethereal Network Analyzer" \
+ --center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
dumpcap.pod > dumpcap.1
dumpcap.html: dumpcap.pod ../config.h
$(POD2HTML) \
- --title="dumpcap - The Ethereal Network Analyzer $(VERSION)" \
+ --title="dumpcap - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
dumpcap.pod > dumpcap.html
particular to be easy to use and to eliminate most of the memory management
often associated with such trees.
-The trees supported by ethereal are currently all created using SEasonal
+The trees supported by wireshark are currently all created using SEasonal
storage which means that when you load a new trace into ethereal, the SEasonal
memory management will automatically release every single byte of data
associated with the tree.
$Id$
-This file is a HOWTO for Ethereal developers. It describes how to start coding
+This file is a HOWTO for Wireshark developers. It describes how to start coding
a Ethereal protocol dissector and the use some of the important functions and
variables.
on the proper boundary, which can cause crashes on some platforms (even
if it doesn't crash on an x86-based PC); furthermore, the data in a
packet is not necessarily in the byte order of the machine on which
-Ethereal is running. Use the tvbuff routines to extract individual
+Wireshark is running. Use the tvbuff routines to extract individual
items from the packet, or use "proto_tree_add_item()" and let it extract
the items for you.
2.x/GTK+ 1.3[.x] and 2.x. If at all possible, either use only
mechanisms that are present in GLib 1.2[.x] and GTK+ 1.2[.x], use #if's
to conditionally use older or newer mechanisms depending on the platform
-on which Ethereal is being built, or, if the code in GLib or GTK+ that
+on which Wireshark is being built, or, if the code in GLib or GTK+ that
implements that mechanism will build with GLib 1.2[.x]/GTK+ 1.2[.x],
conditionally include that code as part of the Ethereal source and use
the included version with GLib 1.2[.x] or GTK+ 1.2[.x]. In particular,
When different code must be used on UN*X and Win32, use a #if or #ifdef
that tests _WIN32, not WIN32. Try to write code portably whenever
-possible, however; note that there are some routines in Ethereal with
+possible, however; note that there are some routines in Wireshark with
platform-dependent implementations and platform-independent APIs, such
as the routines in epan/filesystem.c, allowing the code that calls it to
be written portably without #ifdefs.
1.1.3 Robustness.
-Ethereal is not guaranteed to read only network traces that contain correctly-
-formed packets. Ethereal is commonly used is to track down networking problems,
+Wireshark is not guaranteed to read only network traces that contain correctly-
+formed packets. Wireshark is commonly used is to track down networking problems,
and the problems might be due to a buggy protocol implementation sending out
bad packets.
use by the developers support this.
When creating a new file, you are free to choose an indentation logic. Most of
-the files in Ethereal tend to use 2-space or 4-space indentation. You are
+the files in Wireshark tend to use 2-space or 4-space indentation. You are
encouraged to write a short comment on the indentation logic at the beginning
of this new file.
(a) Operational dissection
- In this mode, Ethereal is only interested in the way protocols
+ In this mode, Wireshark is only interested in the way protocols
interact, protocol conversations are created, packets are reassembled
and handed over to higher-level protocol dissectors.
In this mode Ethereal does not build a so-called "protocol tree".
(b) Detailed dissection
- In this mode, Ethereal is also interested in all details of a given
+ In this mode, Wireshark is also interested in all details of a given
protocol, so a "protocol tree" is created.
Ethereal distinguishes between the 2 modes with the proto_tree pointer:
We should do this because is uncommon but it does happen that multiple
different protocols can use the same socketpair during different stages of
an application cycle. By keeping track of the frame number a conversation
-was started in ethereal can still tell these different protocols apart.
+was started in wireshark can still tell these different protocols apart.
The second argument to conversation_set_dissector is a dissector handle,
which is created with a call to create_dissector_handle or
If your packaging system downloads a copy of the Ethereal sources,
use this location.
-2. The Ethereal web site URL is http://www.ethereal.com/ .
+2. The Wireshark web site URL is http://www.ethereal.com/ .
-3. Ethereal is released under the GNU General Public License. Make sure
+3. Wireshark is released under the GNU General Public License. Make sure
your package complies with this license, or we send in the marmots.
4. Ethereal and the "e" logo are registered trademarks of Ethereal, Inc.
$Id$
-The TAP system in ethereal is a powerful and flexible mechanism to get event
+The TAP system in wireshark is a powerful and flexible mechanism to get event
driven notification on packets matching certain protocols and/or filters.
In order to use the tapping system, very little knowledge of ethereal
internals are required.
is be labled with a version number of "0", which means that the PDML does
not fully follow the PDML spec. Furthemore, a creator attribute in the
"<pdml>" tag gives the version number of [t]ethereal that produced the PDML.
-In that way, as the PDML produced by ethereal matures, but still does not
+In that way, as the PDML produced by wireshark matures, but still does not
meet the PDML spec, scripts can make intelligent decisions about how to
best parse the PDML, based on the "creator" attribute.
Many dissectors label the undissected payload of a protocol as belonging
to a "data" protocol, and the "data" protocol usually resided inside
that last protocol dissected. In the PDML, The "data" protocol becomes
-a "data" field, placed exactly where the "data" protocol is in ethereal's
+a "data" field, placed exactly where the "data" protocol is in wireshark's
protocol tree. So, if ethereal would normally show:
+-- Frame
=item Save Window Position
-If this item is selected, the position of the main Ethereal window will
-be saved when Ethereal exits, and used when Ethereal is started again.
+If this item is selected, the position of the main Wireshark window will
+be saved when Ethereal exits, and used when Wireshark is started again.
=item Save Window Size
-If this item is selected, the size of the main Ethereal window will
-be saved when Ethereal exits, and used when Ethereal is started again.
+If this item is selected, the size of the main Wireshark window will
+be saved when Ethereal exits, and used when Wireshark is started again.
=item File Open Dialog Behavior
captured packets are being saved grows as large as or larger than some
specified number of megabytes. If the check box is not checked, Ethereal
will not stop capturing at some capture file size (although the operating
-system on which Ethereal is running, or the available disk space, may still
+system on which Wireshark is running, or the available disk space, may still
limit the maximum size of a capture file). This option is disabled, if
"multiple files" mode is used,
files, and the same directory as for the personal preferences file is
used.
-Note: Whenever Ethereal is closed, your recent file
+Note: Whenever Wireshark is closed, your recent file
will be overwritten with the new settings, destroying any comments and
unknown/obsolete settings that were in the file.
-->
<!ENTITY DocumentTitle "<application>Ethereal</application> Developer's Guide">
- <!ENTITY DocumentSubTitle "&SvnVersion; for Ethereal &EtherealCurrentVersion;">
+ <!ENTITY DocumentSubTitle "&SvnVersion; for Wireshark &EtherealCurrentVersion;">
<!ENTITY DocumentTitleAbbreviation "EDG">
<!ENTITY DocumentCopyrightHolder "Ulf Lamping">
<section id="ChCodeStyle">
<title>Coding styleguides</title>
<para>
- The coding styleguides for Ethereal can be found in the "Code style"
+ The coding styleguides for Wireshark can be found in the "Code style"
section of the file <filename>doc/README.developer</filename>.
</para>
</section>
<title>What is <application>Ethereal?</application></title>
<para>
Well, if you want to start Ethereal development, you might already
- know what Ethereal is doing. If not, please have a look at the
+ know what Wireshark is doing. If not, please have a look at the
<ulink url="&EtherealUsersGuidePage;">Ethereal User's Guide</ulink>,
which will provide a lot of general information about it.
</para>
order to run.
</para>
<para>
- As Ethereal is developed in a platform independant way and uses libraries
+ As Wireshark is developed in a platform independant way and uses libraries
which are available for a lot of different platforms (such as the GTK+
GUI library), it's available on a such a wide variety of platforms.
</para>
</title>
<para>
Ethereal was initially developed by Gerald Combs. Ongoing development
- and maintenance of Ethereal is handled by the Ethereal team, a loose
+ and maintenance of Wireshark is handled by the Ethereal team, a loose
group of individuals who fix bugs and provide new functionality.
</para>
<para>
<section><title>Programming language(s) used</title>
<para>
- Almost any part of Ethereal is implemented in plain ANSI C.
+ Almost any part of Wireshark is implemented in plain ANSI C.
</para>
<para>
The typical task for a new Ethereal developer is to extend an existing,
or write a new dissector for a specific network protocol. As (almost) any
dissector is written in plain old ANSI C, a good knowledge about ANSI C
- will be sufficient for Ethereal development in almost any case.
+ will be sufficient for Wireshark development in almost any case.
</para>
<para>
So unless you are going to change the development process of Ethereal
Beside the usual tools for developing a program in C (compiler, make, ...),
the build process uses some additional helper tools (Perl, Python, Sed,
...), which are needed for the build process and in the case Ethereal
- should be installed from the released source packages. If Ethereal is
+ should be installed from the released source packages. If Wireshark is
installed from a binary package, none of these helper tools are needed on
the target system.
</para>
<section><title>Open Source Software</title>
<para>
- Ethereal is an open source software project, and is released under
+ Wireshark is an open source software project, and is released under
the <ulink url="&GPLWebsite;">GNU General Public Licence</ulink> (GPL).
You can freely use Ethereal on any number of computers you like, without
worrying about license keys or fees or such. In addition, all source
The maintainers and developers of Ethereal will maintain your
code as well, fixing it when API changes or other changes are
made, and generally keeping it in tune with what is happening
- with Ethereal. So if Ethereal is updated (which is done often),
+ with Ethereal. So if Wireshark is updated (which is done often),
you can get a new Ethereal version from the website and your changes
will already be included without any effort for you.
</para>
</itemizedlist>
</para>
<para>
- The Ethereal source code and binary kits for some platforms are all
+ The Wireshark source code and binary kits for some platforms are all
available on the download page of the Ethereal website:
<ulink url="&EtherealDownloadPage;">&EtherealDownloadPage;</ulink>.
</para>
<section id="ChIntroWiki"><title>Wiki</title>
<para>
- The Ethereal Wiki at <ulink
+ The Wireshark Wiki at <ulink
url="&EtherealWikiSite;">&EtherealWikiSite;</ulink> provides a wide range
of information related to Ethereal and packet capturing in general.
You will find a lot of information not part of this developer's guide. For
<varlistentry><term><command>ethereal-dev</command></term>
<listitem>
<para>
- This list is for Ethereal developers. People post questions about
+ This list is for Wireshark developers. People post questions about
the development of Ethereal, others (hopefully) provide answers.
If you want to start developing a protocol dissector, join this list.
</para>
<varlistentry><term><command>ethereal-bugs</command></term>
<listitem>
<para>
- This list is for Ethereal developers. Everytime a change to the bug
+ This list is for Wireshark developers. Everytime a change to the bug
database occurs, a mail to this mailing list is generated.
If you want to be notified about all the changes to the bug
database, join this list. Details about the bug database can be
<varlistentry><term><command>ethereal-cvs</command></term>
<listitem>
<para>
- This list is for Ethereal developers. Everytime a change to the SVN
+ This list is for Wireshark developers. Everytime a change to the SVN
repository is checked in, a mail to this mailing list is generated.
If you want to be notified about all the changes to the SVN
repository, join this list. Details about the SVN repository can be
<title>Win32: cygwin gcc</title>
<para>
Cygwin provides most of the required libraries (with file extension .a/.lib)
- for Ethereal suitable for cygwin's gcc compiler.
+ for Wireshark suitable for cygwin's gcc compiler.
</para>
</section>
</section>
</section>
<section id="ChSrcSVNServer">
- <title>The Ethereal Subversion repository</title>
+ <title>The Wireshark Subversion repository</title>
<para>
Subversion is used to keep track of the changes made to the Ethereal
- source code. The Ethereal source code is stored inside Ethereal project's
+ source code. The Wireshark source code is stored inside Ethereal project's
Subversion repository located at a server at the ethereal.com domain.
</para>
<para>
<para>
So after obtaining the sources, tools and libraries, the
first place to look at is <filename>doc/README.developer</filename>,
- here you will get the latest infos for Ethereal development for all
+ here you will get the latest infos for Wireshark development for all
supported platforms.
</para>
<tip><title>Tip!</title>
<listitem><para>
The maintainers and developers of Ethereal will maintain your code as
well, fixing it when API changes or other changes are made, and generally
- keeping it in tune with what is happening with Ethereal. So if Ethereal is
+ keeping it in tune with what is happening with Ethereal. So if Wireshark is
updated (which is done often), you can get a new Ethereal version from
the website and your changes will already be included without any effort
for you. The maintainers and developers of Ethereal will maintain your
</tip>
</para>
<para>
- The Ethereal community is using patches to transfer source code changes
+ The Wireshark community is using patches to transfer source code changes
between the authors.
</para>
<para>
sign indicates a deleted line compared to the original sources.
</para>
<para>
- As we always use so called "unified" diff files in Ethereal development,
+ As we always use so called "unified" diff files in Wireshark development,
three unchanged lines before and after the actual changed parts are
included. This will make it much easier for a merge/patch tool to find
the right place(s) to change in the existing sources.
<listitem><para>
<command>Follow the Ethereal source code style guide.</command>
Just because something compiles on your platform, that doesn't
- mean it'll compile on all of the other platforms for which Ethereal is
+ mean it'll compile on all of the other platforms for which Wireshark is
built.
Ethereal runs on many platforms, and can be compiled with a number of
different compilers. See <xref linkend="ChCodeStyle"/> for details.
<title>Introduction</title>
<para>
This chapter will provide you with information how to install
- the various tools needed for Ethereal development.
+ the various tools needed for Wireshark development.
</para>
<para>
None of the tools mentioned in this chapter is needed to run Ethereal,
<title>sed</title>
<para>
Sed it the streaming editor. It makes it easy for example to replace
- specially marked texts inside a source code file. The Ethereal build
+ specially marked texts inside a source code file. The Wireshark build
process uses this to stamp version strings into various places.
</para>
<section id="ChToolsSubversion">
<title>Subversion (SVN) client (optional)</title>
<para>
- The Ethereal project uses it's own subversion (or short SVN) server to keep
+ The Wireshark project uses it's own subversion (or short SVN) server to keep
track of all the changes done to the source code. Details about the usage
of subversion in the Ethereal project can be found in <xref
linkend="ChSrcSVNServer"/>.
<section id="ChUIGTK">
<title>The GTK library</title>
<para>
- Ethereal is based on the GTK toolkit, see: <ulink url="http://www.gtk.org"/>
+ Wireshark is based on the GTK toolkit, see: <ulink url="http://www.gtk.org"/>
for
details. GTK is designed to hide the details of the underlying GUI in
a platform independant way. As this is appreciated for a
<para>
There are other similar toolkits like Qt, wxwidgets, ..., which could
also
- be used for Ethereal. There's no "one and only" reason for or against
+ be used for Wireshark. There's no "one and only" reason for or against
any of these toolkits. However, the decision towards GTK was made a
long time ago :-)
</para>
gtk.h headers.
</para>
<para>
- There are some common compatibility issues in Ethereal between the two
+ There are some common compatibility issues in Wireshark between the two
versions.
</para>
<para>
<para>
First of all, have a look at: <ulink url="http://www.gtk.org"/> as this
will be the first place to look at. If you want to develop GTK related
- things for Ethereal, the most important place might
+ things for Wireshark, the most important place might
be the GTK API documentation at: <ulink url="http://gtk.org/api/"/>.
</para>
<para>
<section id="ChUIGUIDocs">
<title>GUI Reference documents</title>
<para>
- Although the GUI development of Ethereal is platform independant, the
+ Although the GUI development of Wireshark is platform independant, the
Ethereal development team tries to
follow the GNOME Human Interface Guidelines (HIG) where appropriate.
This is the case, because both GNOME and Ethereal are based on the GTK+
<section id="ChWorksIntro">
<title>Introduction</title>
<para>
- This chapter will give you a short overview, how Ethereal is working.
+ This chapter will give you a short overview, how Wireshark is working.
</para>
</section>
<section id="ChWorksDissectPackets">
<title>Dissect packets</title>
<para>
- While Ethereal is loading packets from a file, each packet is dissected.
+ While Wireshark is loading packets from a file, each packet is dissected.
Ethereal tries to detect what kind of packet it is and getting as much
information from it as possible. In this run, only the information showed
in the packet list pane is needed though.
</term>
<listitem>
<para>
- When Ethereal is trying to translate Ethernet hardware
+ When Wireshark is trying to translate Ethernet hardware
addresses to names, it consults the files listed in
<xref linkend="AppFilesTabFolders"/>.
If an address is not found in /etc/ethers,
00.2b.08.93.4b.a1 Freds_machine
</programlisting>
The settings from this file are read in at program start and never
- written by Ethereal.
+ written by Wireshark.
</para>
</listitem>
</varlistentry>
</para>
<para>
The settings from this file are read in at program start and never
- written by Ethereal.
+ written by Wireshark.
</para>
</listitem>
</varlistentry>
</para>
<para>
The settings from this file are read in at program start and never
- written by Ethereal.
+ written by Wireshark.
</para>
</listitem>
</varlistentry>
</para>
<para>
The settings from this file are read in at program start and never
- written by Ethereal.
+ written by Wireshark.
</para>
</listitem>
</varlistentry>
<section id="ChWindowsFolder"><title>Windows folders</title>
<para>
- Here you will find some details about the folders used in Ethereal
+ Here you will find some details about the folders used in Wireshark
on different Windows versions.
</para>
<para>
</note>
<para>
The following will try to guide
- you to the right place where to look for Ethereals profile data.
+ you to the right place where to look for Wiresharks profile data.
</para>
<para>
<variablelist>
you are currently working on, but on the domain server.
</para>
<para>
- As Ethereal is using the correct places to store it's profile data,
+ As Wireshark is using the correct places to store it's profile data,
your settings will travel with you, if you logon to a different computer
the next time.
</para>
<para>
Ethereal provides you with additional information generated out of
the plain packet data or it may need to indicate dissection problems.
- Messages generated by Ethereal are usually placed in [] parentheses.
+ Messages generated by Wireshark are usually placed in [] parentheses.
</para>
<section id="AppMessagesList"><title>Packet List Messages</title>
<para>
<title><command>capinfos</command>: Print information about capture files
</title>
<para>
- Included with Ethereal is a small utility called
+ Included with Wireshark is a small utility called
<command>capinfos</command>, which is a command-line utility to
print information about binary capture files.
</para>
<section id="AppToolseditcap">
<title><command>editcap</command>: Edit capture files</title>
<para>
- Included with Ethereal is a small utility called
+ Included with Wireshark is a small utility called
<command>editcap</command>, which is a command-line utility for
working with capture files. Its main function is to remove
packets from capture files, but it can also be used to convert
time stamp precision itself (whatever the benefit may be).
</para>
<para>
- The common libpcap capture file format that is used by Ethereal (and a
+ The common libpcap capture file format that is used by Wireshark (and a
lot of other tools) supports a fixed microsecond resolution "0.123456"
only.
</para>
</section>
<section><title>Accuracy</title>
<para>
- It's often asked: "Which time stamp accuracy is provided by Ethereal?".
+ It's often asked: "Which time stamp accuracy is provided by Wireshark?".
Well, Ethereal doesn't create any time stamps itself but simply get's them
from "somewhere else" and displays them. So accuracy will depend on the
capture system (operating system, performance, ...) that you use.
UN*X systems, and "Windows NT based" systems (Windows NT 4.0,
Windows 2000, Windows XP, Windows Server 2003, Windows Vista)
represent time internally as UTC.
- When Ethereal is capturing, no conversion is necessary.
+ When Wireshark is capturing, no conversion is necessary.
However, if the system time zone is not set
correctly, the system's UTC time might not be correctly set even
if the system clock appears to display correct local time.
<para>
<command>Name resolution will often fail.</command> The name to be
resolved might simply be unknown by the name servers asked or the servers
- are just not available and the name is also not found in Ethereal's
+ are just not available and the name is also not found in Wireshark's
configuration files.
</para>
</listitem>
</listitem>
<listitem>
<para>
- <command>Resolved DNS names are cached by Ethereal.</command>
+ <command>Resolved DNS names are cached by Wireshark.</command>
This is required for acceptable performance.
However, if the name resolution information
- should change while Ethereal is running,
+ should change while Wireshark is running,
Ethereal won't notice a change to the name resolution information once
- it's get cached. If this information changes while Ethereal is running,
+ it's get cached. If this information changes while Wireshark is running,
e.g. a new DHCP lease takes effect, Ethereal won't notice it.
XXX - is this true for all or only for DNS info?
</para>
<note><title>Note!</title>
<para>
<command>Since Ethereal Version 0.10.12, the WinPcap installer has become
- part of the main Ethereal installer, so you don't need to download and
+ part of the main Wireshark installer, so you don't need to download and
install two separate packages any longer!</command>
</para>
</note>
(both Ethereal GTK1 and 2 cannot be installed at the same time):
<itemizedlist>
<listitem><para>
- <command>Etheral GTK1</command> - Ethereal is a GUI network protocol
+ <command>Etheral GTK1</command> - Wireshark is a GUI network protocol
analyzer.
</para></listitem>
<listitem><para>
- <command>Etheral GTK2</command> - Ethereal is a GUI network protocol
+ <command>Etheral GTK2</command> - Wireshark is a GUI network protocol
analyzer (using the modern GTK2 GUI toolkit, recommended).
</para></listitem>
<listitem><para>
protocol analyzer.
</para></listitem>
</itemizedlist>
- The dissection extensions for Ethereal and Tethereal:
+ The dissection extensions for Wireshark and Tethereal:
<itemizedlist>
<listitem><para>
<command>Dissector Plugins</command> - Plugins with some extended dissections.
<title>Update Ethereal</title>
<para>
From time to time you may want to update your installed Ethereal to a more
- recent version. If you join Ethereal's announce mailing list, you will be
+ recent version. If you join Wireshark's announce mailing list, you will be
informed about new Ethereal versions, see <xref
linkend="ChIntroMailingLists"/> for details how to subscribe to this list.
</para>
<para>
New versions of Ethereal usually become available every 4-8 weeks.
- Updating Ethereal is done the same way as installing it, you simply
+ Updating Wireshark is done the same way as installing it, you simply
download and start the installer exe. A reboot is usually not required and
all your personal settings remain unchanged.
</para>
start the uninstallation procedure.
</para>
<para>
- The Ethereal uninstaller will provide several options which things to be
+ The Wireshark uninstaller will provide several options which things to be
uninstalled, the default is to remove the core components but keep the personal
settings, WinPcap and alike.
</para>
Capturing live network data is one of the major features of Ethereal.
</para>
<para>
- The Ethereal capture engine provides the following features:
+ The Wireshark capture engine provides the following features:
</para>
<para>
<itemizedlist>
<para>
While capturing, the underlying libpcap capturing engine will grab the
packets from the network card and keep the packet data in a (relatively)
- small kernel buffer. This data is read by Ethereal and saved into
+ small kernel buffer. This data is read by Wireshark and saved into
the capture file(s) the user specified.
</para>
<varlistentry><term><command>-a <capture autostop condition></command></term>
<listitem>
<para>
- Specify a criterion that specifies when Ethereal is to stop writing
+ Specify a criterion that specifies when Wireshark is to stop writing
to a capture file. The criterion is of the form test:value, where test
is one of:
<variablelist>
Note that "can capture" means that Ethereal was able to open
that device to do a live capture; if, on your system, a program doing a
network capture must be run from an account with special privileges (for
-example, as root), then, if Ethereal is run with the <command>-D</command> flag and
+example, as root), then, if Wireshark is run with the <command>-D</command> flag and
is not run from such an account, it will not list any interfaces.
</para>
</listitem>
<listitem>
<para>
This option sets the name of the font used for most text
- displayed by Ethereal. XXX - add an example!
+ displayed by Wireshark. XXX - add an example!
</para>
</listitem>
</varlistentry>
the interface might be in promiscuous mode for some other
reason; hence, -p cannot be used to ensure that the only
traffic that is captured is traffic sent to or from the
- machine on which Ethereal is running, broadcast traffic, and
+ machine on which Wireshark is running, broadcast traffic, and
multicast traffic to addresses received by that machine.
</para>
</listitem>
<varlistentry><term><command>-r <infile></command></term>
<listitem>
<para>
- This option provides the name of a capture file for Ethereal
+ This option provides the name of a capture file for Wireshark
to read and display. This capture file can be in one of the
formats Ethereal understands.
</para>
<section id="ChCustColorizationSection"><title>Packet colorization</title>
<para>
- A very useful mechanism available in Ethereal is packet colorization.
+ A very useful mechanism available in Wireshark is packet colorization.
You can set-up Ethereal so that it will colorize packets according to a
filter. This allows you to emphasize the packets you are usually
interested in.
</note>
<para>
<xref linkend="ChCustColorFilterMany"/> shows an example of several color
- filters being used in Ethereal. You may not like the color choices,
+ filters being used in Wireshark. You may not like the color choices,
however, feel free to choose your own.
</para>
<figure id="ChCustColorFilterMany">
<para>
You have to use the Save button to save your settings. The OK or Apply
buttons will not save your changes permanently, so they will be lost
- when Ethereal is closed.
+ when Wireshark is closed.
</para>
</warning>
<para>
<section id="ChIntroWhatIs">
<title>What is <application>Ethereal?</application></title>
<para>
- Ethereal is a network packet analyzer. A network packet
+ Wireshark is a network packet analyzer. A network packet
analyzer will try to capture network packets and tries to display
that packet data as detailed as possible.
</para>
<title>Many protocol decoders</title>
<para>
There are protocol decoders (or dissectors, as they are
- known in Ethereal) for a great many protocols:
+ known in Wireshark) for a great many protocols:
see <xref linkend="AppProtocols"/>.
</para>
</section>
<section><title>Open Source Software</title>
<para>
- Ethereal is an open source software project, and is released under
+ Wireshark is an open source software project, and is released under
the <ulink url="&GPLWebsite;">GNU General Public Licence</ulink> (GPL).
You can freely use Ethereal on any number of computers you like, without
worrying about license keys or fees or such. In addition, all source
</para>
</section>
- <section id="ChIntroNoFeatures"><title>What Ethereal is not</title>
+ <section id="ChIntroNoFeatures"><title>What Wireshark is not</title>
<para>
Here are some things Ethereal does not provide:
<itemizedlist>
</title>
<para>
Ethereal was initially developed by Gerald Combs. Ongoing development
- and maintenance of Ethereal is handled by the Ethereal team, a loose
+ and maintenance of Wireshark is handled by the Ethereal team, a loose
group of individuals who fix bugs and provide new functionality.
</para>
<para>
Ethereal web site.
</para>
<para>
- Ethereal is an open source software project, and is released under
+ Wireshark is an open source software project, and is released under
the <ulink url="&GPLWebsite;">GNU General Public Licence</ulink> (GPL).
All source code is freely available under the GPL. You are welcome to
modify Ethereal to suit your own needs, and it would be appreciated
The maintainers and developers of Ethereal will maintain your
code as well, fixing it when API changes or other changes are
made, and generally keeping it in tune with what is happening
- with Ethereal. So if Ethereal is updated (which is done often),
+ with Ethereal. So if Wireshark is updated (which is done often),
you can get a new Ethereal version from the website and your changes
will already be included without any effort for you.
</para>
</itemizedlist>
</para>
<para>
- The Ethereal source code and binary kits for some platforms are all
+ The Wireshark source code and binary kits for some platforms are all
available on the download page of the Ethereal website:
<ulink url="&EtherealDownloadPage;">&EtherealDownloadPage;</ulink>.
</para>
<section id="ChIntroWiki"><title>Wiki</title>
<para>
- The Ethereal Wiki at <ulink
+ The Wireshark Wiki at <ulink
url="&EtherealWikiPage;">&EtherealWikiPage;</ulink> provides a wide range
of information related to Ethereal and packet capturing in general.
You will find a lot of information not part of this user's guide. For
<varlistentry><term><command>ethereal-dev</command></term>
<listitem>
<para>
- This list is for Ethereal developers. If you want to start
+ This list is for Wireshark developers. If you want to start
developing a protocol dissector, join this list.
</para>
</listitem>
<section>
<title>An approach to troubleshooting with Ethereal</title>
<para>
- Ethereal is a very useful tool for network troubleshooting, since it
+ Wireshark is a very useful tool for network troubleshooting, since it
contains a number of features that allow you to quickly focus on
problems in your networkfor several reasons:
<itemizedlist>
<section id="ChUseMenuSection"><title>The Menu</title>
<para>
- The Ethereal menu sits on top of the Ethereal window.
+ The Wireshark menu sits on top of the Ethereal window.
An example is shown in <xref linkend="ChUseEtherealMenu"/>.
</para>
<note><title>Note!</title>
<section id="ChUseFileMenuSection"><title>The "File" menu</title>
<para>
- The Ethereal file menu contains the fields shown in
+ The Wireshark file menu contains the fields shown in
<xref linkend="ChUseTabFile"/>.
</para>
<figure id="ChUseEtherealFileMenu">
<section id="ChUseEditMenuSection"><title>The "Edit" menu</title>
<para>
- The Ethereal Edit menu contains the fields shown in
+ The Wireshark Edit menu contains the fields shown in
<xref linkend="ChUseTabEdit"/>.
</para>
<figure id="ChUseEtherealEditMenu">
<section id="ChUseViewMenuSection"><title>The "View" menu</title>
<para>
- The Ethereal View menu contains the fields shown in
+ The Wireshark View menu contains the fields shown in
<xref linkend="ChUseTabView"/>.
</para>
<figure id="ChUseEtherealViewMenu">
<section id="ChUseGoMenuSection"><title>The "Go" menu</title>
<para>
- The Ethereal Go menu contains the fields shown in
+ The Wireshark Go menu contains the fields shown in
<xref linkend="ChUseTabGo"/>.
</para>
<figure id="ChUseEtherealGoMenu">
<section id="ChUseCaptureMenuSection"><title>The "Capture" menu</title>
<para>
- The Ethereal Capture menu contains the fields shown in
+ The Wireshark Capture menu contains the fields shown in
<xref linkend="ChUseTabCap"/>.
</para>
<figure id="ChUseEtherealCaptureMenu">
<section id="ChUseAnalyzeMenuSection"><title>The "Analyze" menu</title>
<para>
- The Ethereal Analyze menu contains the fields shown in
+ The Wireshark Analyze menu contains the fields shown in
<xref linkend="ChUseAnalyze"/>.
</para>
<figure id="ChUseEtherealAnalyzeMenu">
<section id="ChUseStatisticsMenuSection"><title>The "Statistics" menu</title>
<para>
- The Ethereal Statistics menu contains the fields shown in
+ The Wireshark Statistics menu contains the fields shown in
<xref linkend="ChUseStatistics"/>.
</para>
<figure id="ChUseEtherealStatisticsMenu">
<section id="ChUseHelpMenuSection"><title>The "Help" menu</title>
<para>
- The Ethereal Help menu contains the fields shown in
+ The Wireshark Help menu contains the fields shown in
<xref linkend="ChUseHelp"/>.
</para>
<figure id="ChUseEtherealHelpMenu">
<graphic entityref="EtherealStatusbarEmpty" format="PNG"/>
</figure>
This statusbar is shown while no capture file is loaded, e.g. when
- Ethereal is started.
+ Wireshark is started.
</para>
<para>
<figure id="ChUseEtherealStatusbarLoaded">
</figure>
</para>
<para>
- You can also select and view packets the same way, while Ethereal is
+ You can also select and view packets the same way, while Wireshark is
capturing, if you selected "Update list of packets in real time" in the
Ethereal Capture Preferences dialog box.
</para>
<section>
<title>Combining expressions</title>
<para>
- You can combine filter expressions in Ethereal using the
+ You can combine filter expressions in Wireshark using the
logical operators shown in <xref linkend="FiltLogOps"/>
</para>
<table id="FiltLogOps">
<section id="PreForeword">
<title>Foreword</title>
<para>
- Ethereal is one of those programs that many network managers would love
+ Wireshark is one of those programs that many network managers would love
to be able to use, but they are often prevented from getting what they
would like from Ethereal because of the lack of documentation.
</para>
<section id="WhatIs"><title>What is Ethereal?</title>
<para>
- Ethereal is the world's most popular network protocol analyzer. It
+ Wireshark is the world's most popular network protocol analyzer. It
is used for troubleshooting, analysis, development, and education.
</para>
</section>
Under a grant funded by the U.S. Department of Homeland Security,
<ulink url="http://www.coverity.com">Coverity</ulink> has uncovered
- a number of vulnerabilities in Ethereal:
+ a number of vulnerabilities in Wireshark:
<itemizedlist>
<!-- CID 1 - 149: Fixed for 0.99.0 -->
-->
<!ENTITY DocumentTitle "<application>Ethereal</application> User's Guide">
- <!ENTITY DocumentSubTitle "&SvnVersion; for Ethereal &EtherealCurrentVersion;">
+ <!ENTITY DocumentSubTitle "&SvnVersion; for Wireshark &EtherealCurrentVersion;">
<!ENTITY DocumentTitleAbbreviation "EUG">
<!ENTITY DocumentCopyrightHolder1 "Ulf Lamping ">
epan 0.0.0:
-* Initial public release (in ethereal CVS tree)
+* Initial public release (in wireshark CVS tree)
/* host_name_lookup_init fires up an ADNS socket if we're using ADNS */
extern void host_name_lookup_init(void);
-/* host_name_lookup_process does ADNS processing in GTK+ timeouts in Ethereal,
+/* host_name_lookup_process does ADNS processing in GTK+ timeouts in Wireshark,
and before processing each packet in Tethereal, if we're using ADNS */
extern gint host_name_lookup_process(gpointer data);
Edit ftypes.h and declare the fvalue_foo(), ftype_can_foo() and fvalue_foo() methods. Add the cmp_foo() method to the struct _ftype_t.
-This is the first time that a make in ethereal/epan/dfilter/ can succeed. If it fails, then some code in the previously edited files must be corrected.
+This is the first time that a make in wireshark/epan/dfilter/ can succeed. If it fails, then some code in the previously edited files must be corrected.
Edit ftypes.c and define the fvalue_foo() method with its associated logic. Define also the ftype_can_foo() and fvalue_foo() methods.
Edit all ftype-*.c files and add the required fvalue_foo() methods.
-This is the point where you should be able to compile without errors in ethereal/epan/ftypes/. If not, first fix the errors.
+This is the point where you should be able to compile without errors in wireshark/epan/ftypes/. If not, first fix the errors.
Go to ethereal/epan/ and run make. If this one succeeds, then we're almost done as no errors should occur here.
* of NCP request and give a sequence ID. The response, unfortunately, only
* identifies itself via the sequence ID; you have to know what type of NCP
* request the request packet contained in order to successfully parse the NCP
- * response. A global method for doing this does not exist in ethereal yet
+ * response. A global method for doing this does not exist in wireshark yet
* (NFS also requires it), so for now the NCP section will keep its own hash
* table keeping track of NCP packet types.
*
}
/* Initializes the hash table and the mem_chunk area each time a new
- * file is loaded or re-loaded in ethereal */
+ * file is loaded or re-loaded in wireshark */
static void
ncp_init_protocol(void)
{
<GET_ATTR_QUOTE>. {
g_string_sprintfa(build_data->error,
- "error in ethereal:protocol xmpli at %s : could not find attribute value!",
+ "error in wireshark:protocol xmpli at %s : could not find attribute value!",
location);
yyterminate();
}
if (! got_it) {
g_string_sprintfa(build_data->error,
- "error in ethereal:protocol xmpli at %s : no such parameter %s!",
+ "error in wireshark:protocol xmpli at %s : no such parameter %s!",
location, attr_name);
g_free(attr_name);
yyterminate();
h225ras_call_t * new_h225ras_call(h225ras_call_info_key *h225ras_call_key, packet_info *pinfo, e_guid_t *guid, int category);
h225ras_call_t * append_h225ras_call(h225ras_call_t *prev_call, packet_info *pinfo, e_guid_t *guid, int category);
-void h225_init_routine(void); /* init routine, used by ethereal */
+void h225_init_routine(void); /* init routine, used by wireshark */
#endif /* __h225_HASH__*/
* If the program wasn't started with special privileges,
* scan the users plugin directory. (Even if we relinquish
* them, plugins aren't safe unless we've *permanently*
- * relinquished them, and we can't do that in Ethereal as,
+ * relinquished them, and we can't do that in Wireshark as,
* if we need privileges to start capturing, we'd need to
* reclaim them before each time we start capturing.)
*/
TS_ABSOLUTE_WITH_DATE,
TS_DELTA,
/*
- * Special value used for the command-line setting in Ethereal, to indicate
+ * Special value used for the command-line setting in Wireshark, to indicate
* that no value has been set from the command line.
*/
TS_NOT_SET
# is "C". It will generate code to use the GIOP/IIOP get_CDR_XXX API.
#
#
-# Please see packet-giop.h in Ethereal distro for API description.
-# Ethereal is available at http://www.ethereal.com/
+# Please see packet-giop.h in Wireshark distro for API description.
+# Wireshark is available at http://www.ethereal.com/
#
# Omniidl is part of the OmniOrb distribution, and is available at
# http://www.uk.research.att.com/omniORB/omniORB.html
# dissectors from CORBA IDL descriptions. The output language generated
# is "C". It will generate code to use the GIOP/IIOP get_CDR_XXX API.
#
-# Please see packet-giop.h in Ethereal distro for API description.
-# Ethereal is available at http://www.ethereal.com/
+# Please see packet-giop.h in Wireshark distro for API description.
+# Wireshark is available at http://www.ethereal.com/
#
# Omniidl is part of the OmniOrb distribution, and is available at
# http://www.uk.research.att.com/omniORB/omniORB.html
# Makefile.am
-# Automake file for Ethereal help files
+# Automake file for Wireshark help files
#
# $Id$
#
- The Ethereal FAQ
+ The Wireshark FAQ
Note: This is just an ASCII snapshot of the faq and may not be up to
date. Please go to http://www.ethereal.com/faq.html for the up
Q 1.2: How much does Ethereal cost?
- A: Ethereal is "free software"; you can download it without paying any
+ A: Wireshark is "free software"; you can download it without paying any
license fee. The version of Ethereal you download isn't a "demo" version,
with limitations not present in a "full" version; it is the full version.
- The license under which Ethereal is issued is the GNU General Public
+ The license under which Wireshark is issued is the GNU General Public
License. See the GNU GPL FAQ for some more information.
Q 1.3: Can I use Ethereal commercially?
Q 1.4: Can I use Ethereal as part of my commercial product?
- A: As noted, Ethereal is licensed under the GNU General Public License. The
+ A: As noted, Wireshark is licensed under the GNU General Public License. The
GPL imposes conditions on your use of GPL'ed code in your own products; you
cannot, for example, make a "derived work" from Ethereal, by making
modifications to it, and then sell the resulting derived work and not allow
Q 3.1: I installed an Ethereal RPM; why did it install Tethereal but not
Ethereal?
- A: Older versions of the Red Hat RPMs for Ethereal put only the non-GUI
- components into the ethereal RPM, the fact that Ethereal is a GUI program
+ A: Older versions of the Red Hat RPMs for Wireshark put only the non-GUI
+ components into the ethereal RPM, the fact that Wireshark is a GUI program
nonwithstanding; newer versions make it a bit clearer by giving that RPM a
- name starting with ethereal-base.
+ name starting with wireshark-base.
In those older versions, there's a separate ethereal-gnome RPM that includes
GUI components such as Ethereal itself, the fact that Ethereal doesn't use
GNOME nonwithstanding; newer versions make it a bit clearer by giving that
- RPM a name starting with ethereal-gtk+.
+ RPM a name starting with wireshark-gtk+.
Find the ethereal-gnome or ethereal-gtk+ RPM, and install that also.
"** ERROR **: file print.c: line 691 (print_line): should not be reached.
- A: This is a bug in Ethereal 0.10.0a, which is fixed in 0.10.1 and later
+ A: This is a bug in Wireshark 0.10.0a, which is fixed in 0.10.1 and later
releases. To work around the bug, don't use "-x" unless you're also using
"-V"; note that "-V" produces a full dissection of each packet, so you might
not want to use it.
A: Ethereal can only be linked with version 4.2.2 or later of UCD SNMP. Your
version of Ethereal was dynamically linked with such a version of UCD SNMP;
however, you have an older version of UCD SNMP installed, which means that
- when Ethereal is run, it tries to link to the older version, and fails. You
+ when Wireshark is run, it tries to link to the older version, and fails. You
will have to replace that version of UCD SNMP with version 4.2.2 or a later
version.
when I try to run Ethereal on Windows?
- A: Ethereal is built using the GTK+ toolkit, which supports most
+ A: Wireshark is built using the GTK+ toolkit, which supports most
UNIX-flavored OSes, and also supports Windows.
Windows versions of Ethereal before 0.9.14 were built with an older version
Gtk-CRITICAL **: file gtkwindow.c: line 3107 (gtk_window_resize):
assertion `height > 0' failed.
- A: This is a bug in Ethereal 0.10.5 and 0.10.5a, which is fixed in Ethereal
+ A: This is a bug in Wireshark 0.10.5 and 0.10.5a, which is fixed in Wireshark
0.10.6 and later releases.
Q 6.2: I have an XXX network card on my machine; if I try to capture on it,
A: Capture filters currently use a different syntax than display filters.
Here's the corresponding section from the ethereal(1) man page:
- "Display filters in Ethereal are very powerful; more fields are filterable
- in Ethereal than in other protocol analyzers, and the syntax you can use to
+ "Display filters in Wireshark are very powerful; more fields are filterable
+ in Wireshark than in other protocol analyzers, and the syntax you can use to
create your filters is richer. As Ethereal progresses, expect more and more
protocol fields to be allowed in display filters.
this bug.
If you are running Ethereal on a UNIX-flavored platform, run "ethereal -v",
- or select "About Ethereal..." from the "Help" menu in Ethereal, to see what
+ or select "About Ethereal..." from the "Help" menu in Wireshark, to see what
version of libpcap it's using. If it's not 0.6 or later, you will need
either to upgrade your OS to get a later version of libpcap, or will need to
build and install a later version of libpcap from the tcpdump.org Web site
Q 7.12: Why does Ethereal hang after I stop a capture?
- A: The most likely reason for this is that Ethereal is trying to look up an
+ A: The most likely reason for this is that Wireshark is trying to look up an
IP address in the capture to convert it to a name (so that, for example, it
can display the name in the source address or destination address columns),
and that lookup process is taking a very long time.
A: Unfortunately, Windows 95/98/Me gives the same name to multiple instances
of the type of same network adapter. Therefore, WinPcap cannot distinguish
between them, so a WinPcap-based application can capture only on the first
- such interface; Ethereal is a libpcap/WinPcap-based application.
+ such interface; Wireshark is a libpcap/WinPcap-based application.
Q 8.6: I'm running Ethereal on Windows; why am I not seeing any traffic
being sent by the machine running Ethereal?
Q 11.1: Why am I seeing lots of packets with incorrect TCP checksums?
A: If the packets that have incorrect TCP checksums are all being sent by
- the machine on which Ethereal is running, this is probably because the
+ the machine on which Wireshark is running, this is probably because the
network interface on which you're capturing does TCP checksum offloading.
That means that the TCP checksum is added to the packet by the network
interface, not by the OS's TCP/IP stack; when capturing on an interface,
subsequent RTP traffic will be identified. Currently, that's the only place
we do that; there may be other places.
- However, there will always be places where Ethereal is simply incapable of
+ However, there will always be places where Wireshark is simply incapable of
deducing that a given UDP flow is RTP; a mechanism would be needed to allow
the user to specify that a given conversation should be treated as RTP. As
of Ethereal 0.8.16, such a mechanism exists; if you select a UDP or TCP
-Ethereal is a GUI network protocol analyzer.
+Wireshark is a GUI network protocol analyzer.
It lets you interactively browse packet data from a live network or from a previously saved capture file.
-Endace Measurement Systems' ERF format captures
-Linux Bluez Bluetooth stack hcidump -w traces
-There is no need to tell Ethereal what type of file you are reading; it will determine the file type by itself. Ethereal is also capable of reading any of these file formats if they are compressed using gzip. Ethereal recognizes this directly from the file; the '.gz' extension is not required for this purpose.
+There is no need to tell Ethereal what type of file you are reading; it will determine the file type by itself. Wireshark is also capable of reading any of these file formats if they are compressed using gzip. Ethereal recognizes this directly from the file; the '.gz' extension is not required for this purpose.
# The output language generated is "C". It will generate code to use the
# GIOP/IIOP get_CDR_XXX API.
#
-# Please see packet-giop.h in Ethereal distro for API description.
-# Ethereal is available at http://www.ethereal.com/
+# Please see packet-giop.h in Wireshark distro for API description.
+# Wireshark is available at http://www.ethereal.com/
#
# Omniidl is part of the OmniOrb distribution, and is available at
# http://omniorb.sourceforge.net/
fi
#
-# Run ethereal backend, looking for ethereal_be.py and ethereal_gen.py
+# Run wireshark backend, looking for ethereal_be.py and ethereal_gen.py
# in pythons's "site-packages" directory. If cannot find that, then
# try looking in current directory. If still cannot, then exit with
# error.
-e s/@VERSION_MICRO@/$(VERSION_MICRO)/ \
< ethereal.exe.manifest.in > $@
-ethereal.rc : win32-file-dlg.rc ethereal.rc.in ethereal.exe.manifest ..\config.nmake
+ethereal.rc : win32-file-dlg.rc ethereal.rc.in wireshark.exe.manifest ..\config.nmake
sed -e s/@VERSION@/$(VERSION)/ \
-e s/@RC_VERSION@/$(RC_VERSION)/ \
< ethereal.rc.in > $@
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community\0"
+ VALUE "CompanyName", "The Wireshark developer community\0"
VALUE "FileDescription", "Capinfos\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "Capinfos @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community\0"
+ VALUE "CompanyName", "The Wireshark developer community\0"
VALUE "FileDescription", "Dumpcap\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "Dumpcap @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community\0"
+ VALUE "CompanyName", "The Wireshark developer community\0"
VALUE "FileDescription", "Editcap\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "Editcap @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community, http://www.ethereal.com/\0"
+ VALUE "CompanyName", "The Wireshark developer community, http://www.ethereal.com/\0"
VALUE "FileDescription", "Ethereal\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "Ethereal @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community, http://www.ethereal.com/\0"
+ VALUE "CompanyName", "The Wireshark developer community, http://www.ethereal.com/\0"
VALUE "FileDescription", "Ethereal dissector library\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "libethereal @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community\0"
+ VALUE "CompanyName", "The Wireshark developer community\0"
VALUE "FileDescription", "Mergecap\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "Mergecap @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community\0"
+ VALUE "CompanyName", "The Wireshark developer community\0"
VALUE "FileDescription", "Tethereal\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "Tethereal @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community\0"
+ VALUE "CompanyName", "The Wireshark developer community\0"
VALUE "FileDescription", "Text2pcap\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "Text2pcap @VERSION@\0"
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The Ethereal developer community, http://www.ethereal.com/\0"
+ VALUE "CompanyName", "The Wireshark developer community, http://www.ethereal.com/\0"
VALUE "FileDescription", "Ethereal capture file library\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "wiretap @VERSION@\0"
rm -f FAQ
cat >FAQ <<EOF
- The Ethereal FAQ
+ The Wireshark FAQ
Note: This is just an ASCII snapshot of the faq and may not be up to
date. Please go to http://www.ethereal.com/faq.html for the up
# <http://www.cavebear.com/CaveBear/Ethernet/>
# <ftp://ftp.cavebear.com/pub/Ethernet.txt>
#
-# The Ethereal 'manuf' file, which started out as a subset of Michael
+# The Wireshark 'manuf' file, which started out as a subset of Michael
# Patton's list and grew from there.
#
# In the event of data set collisions the Ethereal entries have been given
# <http://www.cavebear.com/CaveBear/Ethernet/>
# <ftp://ftp.cavebear.com/pub/Ethernet.txt>
#
-# The Ethereal 'manuf' file, which started out as a subset of Michael
+# The Wireshark 'manuf' file, which started out as a subset of Michael
# Patton's list and grew from there.
#
# In the event of data set collisions the Ethereal entries have been given
Right=250
Top=40
Bottom=48
-Text=This text will be replaced, depending on current WinPcap version in ethereal.nsi
+Text=This text will be replaced, depending on current WinPcap version in wireshark.nsi
State=1
[Field 5]
; Uninstall stuff (NSIS 2.08: "\r\n" don't work here)
!define MUI_UNCONFIRMPAGE_TEXT_TOP "The following Ethereal installation will be uninstalled. Click 'Next' to continue."
; Uninstall stuff (this text isn't used with the MODERN_UI!)
-;UninstallText "This will uninstall Ethereal.\r\nBefore starting the uninstallation, make sure Ethereal is not running.\r\nClick 'Next' to continue."
+;UninstallText "This will uninstall Ethereal.\r\nBefore starting the uninstallation, make sure Wireshark is not running.\r\nClick 'Next' to continue."
XPStyle on
!define MUI_COMPONENTSPAGE_SMALLDESC
!define MUI_FINISHPAGE_NOAUTOCLOSE
!define MUI_UNFINISHPAGE_NOAUTOCLOSE
-!define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the installation of Ethereal.\r\n\r\nBefore starting the installation, make sure Ethereal is not running.\r\n\r\nClick 'Next' to continue."
+!define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the installation of Ethereal.\r\n\r\nBefore starting the installation, make sure Wireshark is not running.\r\n\r\nClick 'Next' to continue."
;!define MUI_FINISHPAGE_LINK "Install WinPcap to be able to capture packets from a network!"
;!define MUI_FINISHPAGE_LINK_LOCATION "http://www.winpcap.org"
; ============================================================================
; License page configuration
; ============================================================================
-LicenseText "Ethereal is distributed under the GNU General Public License."
+LicenseText "Wireshark is distributed under the GNU General Public License."
LicenseData "..\..\COPYING"
; ============================================================================
WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "DisplayVersion" "${VERSION}"
WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "DisplayName" "Ethereal ${VERSION}"
WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "UninstallString" '"$INSTDIR\uninstall.exe"'
-WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "Publisher" "The Ethereal developer community, http://www.ethereal.com"
+WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "Publisher" "The Wireshark developer community, http://www.ethereal.com"
WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "HelpLink" "mailto:ethereal-users@ethereal.com"
WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "URLInfoAbout" "http://www.ethereal.com"
WriteRegStr HKEY_LOCAL_MACHINE "Software\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "URLUpdateInfo" "http://www.ethereal.com/distribution/win32/"
; "Do not include Readme, Help, or Uninstall entries on the Programs menu."
Delete "$SMPROGRAMS\Ethereal\Ethereal Web Site.lnk"
;WriteINIStr "$SMPROGRAMS\Ethereal\Ethereal Web Site.url" "InternetShortcut" "URL" "http://www.ethereal.com/"
-CreateShortCut "$SMPROGRAMS\Ethereal\Ethereal.lnk" "$INSTDIR\ethereal.exe" "" "$INSTDIR\ethereal.exe" 0 "" "" "The Ethereal Network Protocol Analyzer"
+CreateShortCut "$SMPROGRAMS\Ethereal\Ethereal.lnk" "$INSTDIR\ethereal.exe" "" "$INSTDIR\ethereal.exe" 0 "" "" "The Wireshark Network Protocol Analyzer"
;CreateShortCut "$SMPROGRAMS\Ethereal\Ethereal Manual.lnk" "$INSTDIR\ethereal.html"
;CreateShortCut "$SMPROGRAMS\Ethereal\Display Filters Manual.lnk" "$INSTDIR\ethereal-filter.html"
CreateShortCut "$SMPROGRAMS\Ethereal\Ethereal Program Directory.lnk" \
ReadINIStr $0 "$PLUGINSDIR\AdditionalTasksPage.ini" "Field 3" "State"
StrCmp $0 "0" SecRequired_skip_DesktopIcon
SecRequired_install_DesktopIcon:
-CreateShortCut "$DESKTOP\Ethereal.lnk" "$INSTDIR\ethereal.exe" "" "$INSTDIR\ethereal.exe" 0 "" "" "The Ethereal Network Protocol Analyzer"
+CreateShortCut "$DESKTOP\Ethereal.lnk" "$INSTDIR\ethereal.exe" "" "$INSTDIR\ethereal.exe" 0 "" "" "The Wireshark Network Protocol Analyzer"
SecRequired_skip_DesktopIcon:
; is command line option "/quicklaunchicon" set?
ReadINIStr $0 "$PLUGINSDIR\AdditionalTasksPage.ini" "Field 4" "State"
StrCmp $0 "0" SecRequired_skip_QuickLaunchIcon
SecRequired_install_QuickLaunchIcon:
-CreateShortCut "$QUICKLAUNCH\Ethereal.lnk" "$INSTDIR\ethereal.exe" "" "$INSTDIR\ethereal.exe" 0 "" "" "The Ethereal Network Protocol Analyzer"
+CreateShortCut "$QUICKLAUNCH\Ethereal.lnk" "$INSTDIR\ethereal.exe" "" "$INSTDIR\ethereal.exe" 0 "" "" "The Wireshark Network Protocol Analyzer"
SecRequired_skip_QuickLaunchIcon:
; Create File Extensions (depending on additional tasks page)
; if Ethereal was previously installed, unselect previously not installed icons etc.
- ; detect if Ethereal is already installed ->
+ ; detect if Wireshark is already installed ->
ReadRegStr $0 HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ethereal" "UninstallString"
- IfErrors lbl_ethereal_notinstalled ;if RegKey is unavailable, Ethereal is not installed
+ IfErrors lbl_ethereal_notinstalled ;if RegKey is unavailable, Wireshark is not installed
; only select Start Menu Group, if previously installed
; (we use the "all users" start menu, so select it first)
Requires: libpcap openssl
%description
-Ethereal is a free network protocol analyzer for Unix and Windows. It
+Wireshark is a free network protocol analyzer for Unix and Windows. It
allows you to examine data from a live network or from a capture file
on disk. You can interactively browse the capture data, viewing summary
and detail information for each packet. Ethereal has several powerful
# Makefile.am
-# Automake file for Ethereal
+# Automake file for Wireshark
#
# $Id$
#
-Overview of changes in Ethereal DOCSIS Plugin 0.0.2
+Overview of changes in Wireshark DOCSIS Plugin 0.0.2
* Fixed a number of cosmetic things.
-Overview of changes in Ethereal DOCSIS Plugin 0.0.3
+Overview of changes in Wireshark DOCSIS Plugin 0.0.3
* Added Checks to each TLV Type to validate length. If the length is invalid
an Exception is thrown.
* Cleaned up the code in all dissctors so that they are a little more readable.
-Overview of changes in Ethereal DOCSIS Plugin 0.0.4
+Overview of changes in Wireshark DOCSIS Plugin 0.0.4
* Added Support for Baseline Privacy Key Management Messages
* Added Concatenation Support
-Overview of changes in Ethereal DOCSIS Plugin 0.0.5
+Overview of changes in Wireshark DOCSIS Plugin 0.0.5
* Added Support in packet-tlv.c for SNMPv3 Kickstart TLV's
* Added Support in packet-tlv.c for Subscriber Management TLV's
# Makefile.am
-# Automake file for Ethereal/GIOP subdissectors
+# Automake file for Wireshark/GIOP subdissectors
#
# $Id$
#
Dearborn Group Technology has released under GPL this plugin
-for Ethereal. It decodes the protocol used by their Gryphon
+for Wireshark. It decodes the protocol used by their Gryphon
automotive network tool.
The plugin decodes the communication protocol, but not any
SubTreeTypeArr -- a class that represents the ett array for a protocol
.new(subtree*,...) -- creates an array
:add(subtree*,...) -- adds Etts to the array
- :register() -- registers the ett array with ethereal
+ :register() -- registers the ett array with wireshark
-Proto -- a class that represents protocol info in ethereal
+Proto -- a class that represents protocol info in wireshark
.new(name,filter_name,descr) -- creates and registers a new protocol
:register_field_array(field_array) -- registers a field array as this protocol's
:add_uint_pref(abbr,...) -- adds an uint preference to this protocol
ELUA_CLASS_DEFINE(Proto,NOP)
/*
- A new protocol in ethereal. Protocols have more uses, the main one is to dissect
+ A new protocol in wireshark. Protocols have more uses, the main one is to dissect
a protocol. But they can be just dummies used to register preferences for
other purposes.
*/
-Overview of changes in Ethereal MGCP plugin 0.0.9:
+Overview of changes in Wireshark MGCP plugin 0.0.9:
* Added calculation of request-to-response time delay
* support for building detailed delay statistics by the tapping
subsystem of ethereal
-Overview of changes in Ethereal MGCP plugin 0.0.2:
+Overview of changes in Wireshark MGCP plugin 0.0.2:
* Fixed misc problems with improperly dissecting some xgcp packets as
short or malformed.
}
/* Print info for a 'geninfo' pseudo-protocol. This is required by
- * the PDML spec. The information is contained in Ethereal's 'frame' protocol,
+ * the PDML spec. The information is contained in Wireshark's 'frame' protocol,
* but we produce a 'geninfo' protocol in the PDML to conform to spec.
* The 'frame' protocol follows the 'geninfo' protocol in the PDML. */
static void
* This routine is based on a routine created by Dan Lasley
* <DLASLEY@PROMUS.com>.
*
- * It was modified for Ethereal by Gilbert Ramirez and others.
+ * It was modified for Wireshark by Gilbert Ramirez and others.
*/
#define MAX_OFFSET_LEN 8 /* max length of hex offset of bytes */
/* sync_pipe.h
- * Low-level synchronization pipe routines for use by Ethereal and dumpcap
+ * Low-level synchronization pipe routines for use by Wireshark and dumpcap
*
* $Id$
*
* if it's omitted?
*
* XXX - should this be called "srt" rather than "rtt"? The
- * equivalent tap for Ethereal calls it "srt", for "Service
+ * equivalent tap for Wireshark calls it "srt", for "Service
* Response Time", rather than "rtt" for "Round-Trip Time".
*/
if(sscanf(optarg,"dcerpc,rtt,%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x,%d.%d%n", &d1,&d2,&d3,&d40,&d41,&d42,&d43,&d44,&d45,&d46,&d47,&major,&minor,&pos)==13){
/* This callback is never used by tethereal but it is here for completeness.
* When registering below, we could just have left this function as NULL.
*
- * When used by ethereal, this function will be called whenever we would need
+ * When used by wireshark, this function will be called whenever we would need
* to reset all state. Such as when ethereal opens a new file, when it
* starts a new capture, when it rescans the packetlist after some prefs have
* changed etc.
* stdout.
* Tethereal will only call this callback once, which is when tethereal has
* finished reading all packets and exists.
- * If used with ethereal this may be called any time, perhaps once every 3
+ * If used with wireshark this may be called any time, perhaps once every 3
* seconds or so.
* This function may even be called in parallell with (*reset) or (*draw)
* so make sure there are no races. The data in the rpcstat_t can thus change
if(!sid_name_snooping){
fprintf(stderr,"The -z smb,sids function needs SMB/SID-Snooping to be enabled.\n");
- fprintf(stderr,"Either enable Edit/Preferences/Protocols/SMB/Snoop SID name mappings in ethereal\n");
+ fprintf(stderr,"Either enable Edit/Preferences/Protocols/SMB/Snoop SID name mappings in wireshark\n");
fprintf(stderr,"or override the preference file by specifying\n");
fprintf(stderr," -o \"smb.sid_name_snooping=TRUE\"\n");
fprintf(stderr,"on the tethereal command line.\n");
* stdout.
* Tethereal will only call this callback once, which is when tethereal has
* finished reading all packets and exists.
- * If used with ethereal this may be called any time, perhaps once every 3
+ * If used with wireshark this may be called any time, perhaps once every 3
* seconds or so.
* This function may even be called in parallell with (*reset) or (*draw)
* so make sure there are no races. The data in the rpcstat_t can thus change
fprintf(output, "\n");
fprintf(output, "Processing:\n");
- fprintf(output, " -R <read filter> packet filter in Ethereal display filter syntax\n");
+ fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
fprintf(output, " -d %s ...\n", decode_as_arg_template);
*
* (XXX - it might be nice to be able to save and print at
* the same time, sort of like an "Update list of packets
- * in real time" capture in Ethereal.)
+ * in real time" capture in Wireshark.)
*/
if (capture_opts.iface != NULL)
continue;
# Makefile.am
-# Automake file for Ethereal
+# Automake file for Wireshark
#
# $Id$
#
return self.DFilterCount(pkt_http,
'http.request.method <= "HEAE"', 1)
- # XXX - this isn't handled in ethereal yet
+ # XXX - this isn't handled in wireshark yet
def ck_slice_1(self):
return self.DFilterCount(pkt_http,
'http.request.method[0] == "H"', 1)
return self.DFilterCount(pkt_http,
"ip[2:2] == 00:c1", 1)
- # These don't work yet in Ethereal
+ # These don't work yet in Wireshark
def ck_slice_4(self):
return self.DFilterCount(pkt_http,
"ip[-5] == 0x86", 1)
#!/usr/bin/env python
"""
-Check the sanity of field definitions in Ethereal.
+Check the sanity of field definitions in Wireshark.
"""
import sys
=head1 NAME
-Parse::Pidl::Ethereal::Conformance - Conformance file parser for Ethereal
+Parse::Pidl::Ethereal::Conformance - Conformance file parser for Wireshark
=head1 DESCRIPTION
=head1 NAME
-Parse::Pidl::Ethereal::NDR - Parser generator for Ethereal
+Parse::Pidl::Ethereal::NDR - Parser generator for Wireshark
=cut
/* version_info.c
- * Routines to report version information for stuff used by Ethereal
+ * Routines to report version information for stuff used by Wireshark
*
* $Id$
*
#ifndef HAVE_LIBPCRE
break_point = str->len - 1;
g_string_append(str,
- "\nNOTE: this build doesn't support the \"matches\" operator for Ethereal filter"
+ "\nNOTE: this build doesn't support the \"matches\" operator for Wireshark filter"
"\nsyntax.");
do_word_wrap(str, break_point);
#endif /* HAVE_LIBPCRE */
/* version_info.h
* Declarations of outines to report version information for stuff used
- * by Ethereal
+ * by Wireshark
*
* $Id$
*
Wiretap 0.0.0:
-* Initial public release (in ethereal CVS tree)
+* Initial public release (in wireshark CVS tree)
Wiretap is very good at reading many file formats, as per #2
above. Wiretap has no filter capability at present; it currently doesn't
support packet capture, so it wouldn't be useful there, and filtering
-when reading a capture file is done by Ethereal, using a more powerful
+when reading a capture file is done by Wireshark, using a more powerful
filtering mechanism than that provided by BPF.
dnl Macros that test for specific features.
-dnl This file is part of the Autoconf packaging for Ethereal.
+dnl This file is part of the Autoconf packaging for Wireshark.
dnl Copyright (C) 1998-2000 by Gerald Combs.
dnl
dnl $Id$
/* Opens a file and prepares a wtap struct.
If "do_random" is TRUE, it opens the file twice; the second open
allows the application to do random-access I/O without moving
- the seek offset for sequential I/O, which is used by Ethereal
+ the seek offset for sequential I/O, which is used by Wireshark
so that it can do sequential I/O to a capture file that's being
written to as new packets arrive independently of random I/O done
to display protocol trees for packets when they're selected. */
/*
* More values used by libpcap 0.5 as DLT_ values and used by the
* current CVS version of libpcap in capture file headers.
- * They are not yet handled in Ethereal.
+ * They are not yet handled in Wireshark.
* If we get a capture that contains them, we'll implement them.
*/
{ 102, WTAP_ENCAP_SLIP_BSDOS },
#endif
/*
- * These ones are handled in Ethereal, though.
+ * These ones are handled in Wireshark, though.
*/
{ 104, WTAP_ENCAP_CHDLC }, /* Cisco HDLC */
{ 105, WTAP_ENCAP_IEEE_802_11 }, /* IEEE 802.11 */