aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/Makefile.am38
-rw-r--r--doc/Makefile.nmake34
-rw-r--r--doc/README.binarytrees14
-rw-r--r--doc/README.capture2
-rw-r--r--doc/README.design12
-rw-r--r--doc/README.developer76
-rw-r--r--doc/README.idl2wrs28
-rw-r--r--doc/README.malloc4
-rw-r--r--doc/README.packaging21
-rw-r--r--doc/README.plugins10
-rw-r--r--doc/README.regression6
-rw-r--r--doc/README.stats_tree6
-rw-r--r--doc/README.tapping22
-rw-r--r--doc/README.xml-output26
-rw-r--r--doc/capinfos.pod16
-rwxr-xr-xdoc/dfilter2pod.pl4
-rw-r--r--doc/dumpcap.pod14
-rw-r--r--doc/editcap.pod14
-rw-r--r--doc/eproto2sgml6
-rw-r--r--doc/idl2wrs.pod22
-rw-r--r--doc/mergecap.pod16
-rw-r--r--doc/randpkt.txt2
-rw-r--r--doc/text2pcap.pod10
-rw-r--r--doc/tshark.pod46
-rw-r--r--doc/wireshark-filter.pod.template (renamed from doc/ethereal-filter.pod.template)34
-rw-r--r--doc/wireshark.pod (renamed from doc/ethereal.pod)202
26 files changed, 342 insertions, 343 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am
index bc44daac65..205438270d 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -24,20 +24,20 @@
# We include dependencies on ../config.h in order to
# capture when $(VERSION) changes.
-ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT
- cat $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT > ethereal-tmp.pod
+wireshark-tmp.pod: $(srcdir)/wireshark.pod $(top_builddir)/AUTHORS-SHORT-FORMAT
+ cat $(srcdir)/wireshark.pod $(top_builddir)/AUTHORS-SHORT-FORMAT > wireshark-tmp.pod
-../ethereal.1: ethereal-tmp.pod ../config.h
+../wireshark.1: wireshark-tmp.pod ../config.h
$(POD2MAN) \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
- ethereal-tmp.pod | sed 's/ETHEREAL-TMP/ETHEREAL/' > ../ethereal.1
+ wireshark-tmp.pod | sed 's/WIRESHARK-TMP/WIRESHARK/' > ../wireshark.1
-../ethereal.html: ethereal-tmp.pod ../config.h
+../wireshark.html: wireshark-tmp.pod ../config.h
$(POD2HTML) \
--title="The Wireshark Network Analyzer $(VERSION)" \
--noindex \
- ethereal-tmp.pod > ../ethereal.html
+ wireshark-tmp.pod > ../wireshark.html
../tshark.1: tshark.pod ../config.h
$(POD2MAN) \
@@ -51,21 +51,21 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT
--noindex \
$(srcdir)/tshark.pod > ../tshark.html
-../ethereal-filter.4: ethereal-filter.pod ../config.h
+../wireshark-filter.4: wireshark-filter.pod ../config.h
$(POD2MAN) \
--section=4 \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
- ethereal-filter.pod > ../ethereal-filter.4
+ wireshark-filter.pod > ../wireshark-filter.4
-../ethereal-filter.html: ethereal-filter.pod ../config.h
+../wireshark-filter.html: wireshark-filter.pod ../config.h
$(POD2HTML) \
- --title="ethereal-filter - The Wireshark Network Analyzer $(VERSION)" \
+ --title="wireshark-filter - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
- ethereal-filter.pod > ../ethereal-filter.html
+ wireshark-filter.pod > ../wireshark-filter.html
-ethereal-filter.pod: ethereal-filter.pod.template ../tshark
- ../tshark -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod
+wireshark-filter.pod: wireshark-filter.pod.template ../tshark
+ ../tshark -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/wireshark-filter.pod.template > wireshark-filter.pod
../capinfos.1: capinfos.pod ../config.h
$(POD2MAN) \
@@ -140,12 +140,12 @@ ethereal-filter.pod: ethereal-filter.pod.template ../tshark
$(srcdir)/dumpcap.pod > ../dumpcap.html
CLEANFILES = \
- ethereal-filter.pod \
- ethereal-tmp.pod \
- ../ethereal-filter.4 \
- ../ethereal-filter.html \
- ../ethereal.1 \
- ../ethereal.html \
+ wireshark-filter.pod \
+ wireshark-tmp.pod \
+ ../wireshark-filter.4 \
+ ../wireshark-filter.html \
+ ../wireshark.1 \
+ ../wireshark.html \
../capinfos.1 \
../capinfos.html \
../editcap.1 \
diff --git a/doc/Makefile.nmake b/doc/Makefile.nmake
index fc86a8bab9..3006598d9f 100644
--- a/doc/Makefile.nmake
+++ b/doc/Makefile.nmake
@@ -26,31 +26,31 @@
include ../config.nmake
-doc: ethereal.html tshark.html ethereal-filter.html capinfos.html \
+doc: wireshark.html tshark.html wireshark-filter.html capinfos.html \
editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html
-man: ethereal.1 tshark.1 ethereal-filter.4 capinfos.1 editcap.1 \
+man: wireshark.1 tshark.1 wireshark-filter.4 capinfos.1 editcap.1 \
idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1
-ethereal-tmp.pod: ethereal.pod ../AUTHORS-SHORT-FORMAT
- copy /B ethereal.pod + ..\AUTHORS-SHORT-FORMAT ethereal-tmp.pod
+wireshark-tmp.pod: wireshark.pod ../AUTHORS-SHORT-FORMAT
+ copy /B wireshark.pod + ..\AUTHORS-SHORT-FORMAT wireshark-tmp.pod
../AUTHORS-SHORT-FORMAT:
cd ..
$(MAKE) -f makefile.nmake AUTHORS-SHORT-FORMAT
cd doc
-ethereal.1: ethereal.pod ../config.h
+wireshark.1: wireshark.pod ../config.h
$(POD2MAN) \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
- ethereal-tmp.pod > ethereal.1
+ wireshark-tmp.pod > wireshark.1
-ethereal.html: ethereal-tmp.pod ../config.h
+wireshark.html: wireshark-tmp.pod ../config.h
$(POD2HTML) \
--title="The Wireshark Network Analyzer $(VERSION)" \
--noindex \
- ethereal-tmp.pod > ethereal.html
+ wireshark-tmp.pod > wireshark.html
../tshark.exe:
cd ..
@@ -69,22 +69,22 @@ tshark.html: tshark.pod ../config.h
--noindex \
tshark.pod > tshark.html
-ethereal-filter.4: ethereal-filter.pod ../config.h
+wireshark-filter.4: wireshark-filter.pod ../config.h
$(POD2MAN) \
--center="The Wireshark Network Analyzer" \
--release=$(VERSION) \
- ethereal-filter.pod > ethereal.4
+ wireshark-filter.pod > wireshark.4
-ethereal-filter.html: ethereal-filter.pod ../config.h
+wireshark-filter.html: wireshark-filter.pod ../config.h
$(POD2HTML) \
- --title="ethereal-filter - The Wireshark Network Analyzer $(VERSION)" \
+ --title="wireshark-filter - The Wireshark Network Analyzer $(VERSION)" \
--noindex \
- ethereal-filter.pod > ethereal-filter.html
+ wireshark-filter.pod > wireshark-filter.html
-ethereal-filter.pod: ethereal-filter.pod.template ../tshark.exe
+wireshark-filter.pod: wireshark-filter.pod.template ../tshark.exe
cd ..
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-deps
- tshark.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod
+ tshark.exe -G | $(PERL) doc\dfilter2pod.pl doc\wireshark-filter.pod.template > doc\wireshark-filter.pod
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake clean-deps
cd doc
@@ -162,9 +162,9 @@ dumpcap.html: dumpcap.pod ../config.h
dumpcap.pod > dumpcap.html
clean:
- rm -f ethereal.html ethereal.1 ethereal-tmp.pod
+ rm -f wireshark.html wireshark.1 wireshark-tmp.pod
rm -f tshark.html tshark.1
- rm -f ethereal-filter.html ethereal-filter.4 ethereal-filter.pod
+ rm -f wireshark-filter.html wireshark-filter.4 wireshark-filter.pod
rm -f capinfos.html capinfos.1
rm -f editcap.html editcap.1
rm -f idl2wrs.html idl2wrs.1
diff --git a/doc/README.binarytrees b/doc/README.binarytrees
index c5c039a6d3..0561f8af71 100644
--- a/doc/README.binarytrees
+++ b/doc/README.binarytrees
@@ -13,12 +13,12 @@ Benefits of using binary trees are that they are incredibly fast for
accessing data and they scale very well with good characteristics even to
very large number of objects.
-Ethereal provides its own version of red black binary trees designed in
+Wireshark provides its own version of red black binary trees designed in
particular to be easy to use and to eliminate most of the memory management
often associated with such trees.
The trees supported by wireshark are currently all created using SEasonal
-storage which means that when you load a new trace into ethereal, the SEasonal
+storage which means that when you load a new trace into wireshark, the SEasonal
memory management will automatically release every single byte of data
associated with the tree.
@@ -34,8 +34,8 @@ void *se_tree_lookup32(se_tree_t *se_tree, guint32 key);
2.1 se_tree_create(int type, char *name);
se_tree_create() is used to initialize a tree that will be automatically
-cleared and reset everytime ethereal is resetting all SEasonal storage,
-that is every time you load a new capture file into ethereal or when
+cleared and reset everytime wireshark is resetting all SEasonal storage,
+that is every time you load a new capture file into wireshark or when
you rescan the entire capture file from scratch.
Name is just a literal text string and serves no other purpose than making
@@ -58,7 +58,7 @@ void proto_register_...(void) {
}
That is how easy it is to create a binary tree. You only need to create it once
-when ethereal starts and the tree will remain there until you exit ethereal.
+when wireshark starts and the tree will remain there until you exit wireshark.
Everytime a new capture is loaded, all nodes allocated to the tree is
automatically and the tree is reset without you having to do anything at all.
@@ -89,7 +89,7 @@ This is very neat and makes real difficult to have memory leaks in your code.
NOTE: When you insert items in the tree, it is very likely that you only
want to add any data to the tree during the very first time you process
a particular packet.
-Ethereal may reprocess the same packet multiple times afterwards by the user
+Wireshark may reprocess the same packet multiple times afterwards by the user
clicking on the packet or for other reasons.
You probably DO want to protect the insert call within an if statement such
as
@@ -175,7 +175,7 @@ until an array element where length==0 is found indicating the end of the
array.
NOTE: you MUST terminate the se_tree_key_t array by {0, NULL}
-If you forget to do this ethereal will immediately crash.
+If you forget to do this wireshark will immediately crash.
NOTE: length indicates the number of guint32 values in the vector, not number
of bytes.
diff --git a/doc/README.capture b/doc/README.capture
index 4a7786a908..855a642cc4 100644
--- a/doc/README.capture
+++ b/doc/README.capture
@@ -3,7 +3,7 @@ $Id$
This document is an attempt, to bring some light to the things done, when
packet capturing is performed. There might be things missing, and others
maybe wrong :-( The following will concentrate a bit on the win32 gtk
-port of ethereal.
+port of wireshark.
XXX: when ongoing file reorganisation will be completed, the following
diff --git a/doc/README.design b/doc/README.design
index 94705b6797..c88d6307b7 100644
--- a/doc/README.design
+++ b/doc/README.design
@@ -1,21 +1,21 @@
$Id$
Unfortunately, the closest thing to a design document is the
-"README.developer" document in the "doc" directory of the Ethereal
+"README.developer" document in the "doc" directory of the Wireshark
source tree; however, although that's useful for people adding new
-protocol dissectors to Ethereal, it doesn't describe the operations of
-the "core" of Ethereal.
+protocol dissectors to Wireshark, it doesn't describe the operations of
+the "core" of Wireshark.
We have no document describing that; however, a quick summary of the
part of the code you'd probably be working with is:
- for every capture file that Ethereal has open, there's a
- "capture_file" structure - Ethereal currently supports only one
+ for every capture file that Wireshark has open, there's a
+ "capture_file" structure - Wireshark currently supports only one
open capture file at a time, and that structure is named
"cfile" (see the "file.h" header file);
that structure has a member "plist", which points to a
- "frame_data" structure - every link-layer frame that Ethereal
+ "frame_data" structure - every link-layer frame that Wireshark
has read in has a "frame_data" structure (see the
"epan/packet.h" header file), the "plist" member of "cfile"
points to the first frame, and each frame has a "next" member
diff --git a/doc/README.developer b/doc/README.developer
index fa7696d99a..0db5c847c9 100644
--- a/doc/README.developer
+++ b/doc/README.developer
@@ -1,7 +1,7 @@
$Id$
This file is a HOWTO for Wireshark developers. It describes how to start coding
-a Ethereal protocol dissector and the use some of the important functions and
+a Wireshark protocol dissector and the use some of the important functions and
variables.
1. Setting up your protocol dissector code.
@@ -14,12 +14,12 @@ add to the protocol tree, and work with registered header fields.
1.1.1 Portability.
-Ethereal runs on many platforms, and can be compiled with a number of
+Wireshark runs on many platforms, and can be compiled with a number of
different compilers; here are some rules for writing code that will work
on multiple platforms.
Don't use C++-style comments (comments beginning with "//" and running
-to the end of the line); Ethereal's dissectors are written in C, and
+to the end of the line); Wireshark's dissectors are written in C, and
thus run through C rather than C++ compilers, and not all C compilers
support C++-style comments (GCC does, but IBM's C compiler for AIX, for
example, doesn't do so by default).
@@ -154,14 +154,14 @@ you might be able to get away with not including the appropriate header
file on your platform but that might not work on other platforms.
Instead, use "g_ntohs()", "g_ntohl()", "g_htons()", and "g_htonl()";
those are declared by <glib.h>, and you'll need to include that anyway,
-as Ethereal header files that all dissectors must include use stuff from
+as Wireshark header files that all dissectors must include use stuff from
<glib.h>.
Don't fetch a little-endian value using "tvb_get_ntohs() or
"tvb_get_ntohl()" and then using "g_ntohs()", "g_htons()", "g_ntohl()",
or "g_htonl()" on the resulting value - the g_ routines in question
convert between network byte order (big-endian) and *host* byte order,
-not *little-endian* byte order; not all machines on which Ethereal runs
+not *little-endian* byte order; not all machines on which Wireshark runs
are little-endian, even though PC's are. Fetch those values using
"tvb_get_letohs()" and "tvb_get_letohl()".
@@ -280,7 +280,7 @@ snprintf() is not available on all platforms, so it's a good idea to use the
g_snprintf() function declared by <glib.h> instead.
tmpnam() -> mkstemp()
-tmpnam is insecure and should not be used any more. Ethereal brings its
+tmpnam is insecure and should not be used any more. Wireshark brings its
own mkstemp implementation for use on platforms that lack mkstemp.
Note: mkstemp does not accept NULL as a parameter.
@@ -295,7 +295,7 @@ cause a trap, which will, at best, result in the OS slowly performing an
unaligned access for you, and will, on at least some platforms, cause
the program to be terminated.
-Ethereal supports both platforms with GLib 1.2[.x]/GTK+ 1.2[.x] and GLib
+Wireshark supports both platforms with GLib 1.2[.x]/GTK+ 1.2[.x] and GLib
2.x/GTK+ 1.3[.x] and 2.x. If at all possible, either use only
mechanisms that are present in GLib 1.2[.x] and GTK+ 1.2[.x], use #if's
to conditionally use older or newer mechanisms depending on the platform
@@ -406,7 +406,7 @@ the chunk of memory is derived from a size field in the packet, make
sure all the data is present in the packet before allocating the buffer.
Doing so means that
- 1) Ethereal won't leak that chunk of memory if an attempt to
+ 1) Wireshark won't leak that chunk of memory if an attempt to
fetch data not present in the packet throws an exception
and
@@ -426,7 +426,7 @@ from the buffer, and the string has a specified size, you can use
string is present before allocating a buffer for the string, and will also
put a trailing '\0' at the end of the buffer. The resulting string will be
a sequence of single-byte characters; the only Unicode characters that
-will be handled correctly are those in the ASCII range. (Ethereal's
+will be handled correctly are those in the ASCII range. (Wireshark's
ability to handle non-ASCII strings is limited; it needs to be
improved.)
@@ -447,7 +447,7 @@ buffer are fetched ("the protocol ensures" isn't good enough, as
protocol specifications can't ensure only packets that conform to the
specification will be transmitted or that only packets for the protocol
in question will be interpreted as packets for that protocol by
-Ethereal). If there's no maximum length of string data to be fetched,
+Wireshark). If there's no maximum length of string data to be fetched,
routines such as "tvb_get_*_string()" are safer, as they allocate a buffer
large enough to hold the string. (Note that some variants of this call
require you to free the string once you're finished with it.)
@@ -496,8 +496,8 @@ much better to use the g_snprintf() function declared by <glib.h> instead.
You should test your dissector against incorrectly-formed packets. This
can be done using the randpkt and editcap utilities that come with the
-Ethereal distribution. Testing using randpkt can be done by generating
-output at the same layer as your protocol, and forcing Ethereal/TShark
+Wireshark distribution. Testing using randpkt can be done by generating
+output at the same layer as your protocol, and forcing Wireshark/TShark
to decode it as your protocol, e.g. if your protocol sits on top of UDP:
randpkt -c 50000 -t dns randpkt.pcap
@@ -511,7 +511,7 @@ Testing using editcap can be done using preexisting capture files and the
1.1.4 Name convention.
-Ethereal uses the underscore_convention rather than the InterCapConvention for
+Wireshark uses the underscore_convention rather than the InterCapConvention for
function names, so new code should probably use underscores rather than
intercaps for functions and variable names. This is especially important if you
are writing code that will be called from outside your code. We are just
@@ -533,7 +533,7 @@ existing file.
1.2 Skeleton code.
-Ethereal requires certain things when setting up a protocol dissector.
+Wireshark requires certain things when setting up a protocol dissector.
Below is skeleton code for a dissector that you can copy to a file and
fill in. Your dissector should follow the naming convention of packet-
followed by the abbreviated name for the protocol. It is recommended
@@ -692,14 +692,14 @@ dissect_PROTOABBREV(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
In this mode, Wireshark is only interested in the way protocols
interact, protocol conversations are created, packets are reassembled
and handed over to higher-level protocol dissectors.
- In this mode Ethereal does not build a so-called "protocol tree".
+ In this mode Wireshark does not build a so-called "protocol tree".
(b) Detailed dissection
In this mode, Wireshark is also interested in all details of a given
protocol, so a "protocol tree" is created.
- Ethereal distinguishes between the 2 modes with the proto_tree pointer:
+ Wireshark distinguishes between the 2 modes with the proto_tree pointer:
(a) <=> tree == NULL
(b) <=> tree != NULL
@@ -751,7 +751,7 @@ dissect_PROTOABBREV(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
-/* Register the protocol with Ethereal */
+/* Register the protocol with Wireshark */
/* this format is require because a script is used to build the C function
that calls all the protocol registration.
@@ -1227,7 +1227,7 @@ registration of protocols and fields at run-time, loadable modules of
protocol dissectors (perhaps even user-supplied) is feasible.
To do this, each protocol should have a register routine, which will be
-called when Ethereal starts. The code to call the register routines is
+called when Wireshark starts. The code to call the register routines is
generated automatically; to arrange that a protocol's register routine
be called at startup:
@@ -1463,7 +1463,7 @@ field would be set to NULL.
FT_BOOLEANS have a default map of 0 = "False", 1 (or anything else) = "True".
Sometimes it is useful to change the labels for boolean values (e.g.,
to "Yes"/"No", "Fast"/"Slow", etc.). For these mappings, a struct called
-true_false_string is used. (This struct is new as of Ethereal 0.7.6).
+true_false_string is used. (This struct is new as of Wireshark 0.7.6).
typedef struct true_false_string {
char *true_string;
@@ -1546,7 +1546,7 @@ Also be sure to use the handy array_length() macro found in packet.h
to have the compiler compute the array length for you at compile time.
If you don't have any fields to register, do *NOT* create a zero-length
-"hf" array; not all compilers used to compile Ethereal support them.
+"hf" array; not all compilers used to compile Wireshark support them.
Just omit the "hf" array, and the "proto_register_field_array()" call,
entirely.
@@ -1918,7 +1918,7 @@ The final implication of this is that display filters work the way you'd
naturally expect them to. You'd type "sna.th.fid == 0xf" to find Adjacent
Subarea Nodes. The user does not have to shift the value of the FID to
the high nibble of the byte ("sna.th.fid == 0xf0") as was necessary
-before Ethereal 0.7.6.
+before Wireshark 0.7.6.
proto_tree_add_item_hidden()
----------------------------
@@ -2146,9 +2146,9 @@ proto_tree_add_text()
proto_tree_add_text() is used to add a label to the GUI tree. It will
contain no value, so it is not searchable in the display filter process.
This function was needed in the transition from the old-style proto_tree
-to this new-style proto_tree so that Ethereal would still decode all
+to this new-style proto_tree so that Wireshark would still decode all
protocols w/o being able to filter on all protocols and fields.
-Otherwise we would have had to cripple Ethereal's functionality while we
+Otherwise we would have had to cripple Wireshark's functionality while we
converted all the old-style proto_tree calls to the new-style proto_tree
calls.
@@ -2306,7 +2306,7 @@ dissect_ipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1.9 Editing Makefile.common to add your dissector.
-To arrange that your dissector will be built as part of Ethereal, you
+To arrange that your dissector will be built as part of Wireshark, you
must add the name of the source file for your dissector to the
'DISSECTOR_SRC' macro in the 'Makefile.common' file in the 'epan/dissectors'
directory. (Note that this is for modern versions of UNIX, so there
@@ -2321,31 +2321,31 @@ compile).
1.10 Using the SVN source code tree.
- See <http://www.ethereal.com/development.html#source>
+ See <http://www.wireshark.org/development.html#source>
1.11 Submitting code for your new dissector.
- TEST YOUR DISSECTOR BEFORE SUBMITTING IT.
Use fuzz-test.sh and/or randpkt against your dissector. These are
- described at <http://wiki.ethereal.com/FuzzTesting>.
+ described at <http://wiki.wireshark.org/FuzzTesting>.
- - Subscribe to <mailto:ethereal-dev@ethereal.com> by sending an email to
- <mailto:ethereal-dev-request@ethereal.com?body="help"> or visiting
- <http://www.ethereal.com/lists/>.
+ - Subscribe to <mailto:wireshark-dev@wireshark.org> by sending an email to
+ <mailto:wireshark-dev-request@wireshark.org?body="help"> or visiting
+ <http://www.wireshark.org/lists/>.
- 'svn add' all the files of your new dissector.
- 'svn diff' the workspace and save the result to a file.
- Send the diff file along with a note requesting it's inclusion to
- <mailto:ethereal-dev@ethereal.com>. You can also use this procedure for
- providing patches to your dissector or any other part of ethereal.
+ <mailto:wireshark-dev@wireshark.org>. You can also use this procedure for
+ providing patches to your dissector or any other part of wireshark.
- If possible, add sample capture files to the sample captures page at
- <http://wiki.ethereal.com/SampleCaptures>. These files are used by
+ <http://wiki.wireshark.org/SampleCaptures>. These files are used by
the automated build system for fuzz testing.
- - If you find that you are contributing a lot to ethereal on an ongoing
+ - If you find that you are contributing a lot to wireshark on an ongoing
basis you can request to become a committer which will allow you to
commit files to subversion directly.
@@ -2355,7 +2355,7 @@ compile).
2.2 Following "conversations".
-In ethereal a conversation is defined as a series of data packet between two
+In wireshark a conversation is defined as a series of data packet between two
address:port combinations. A conversation is not sensitive to the direction of
the packet. The same conversation will be returned for a packet bound from
ServerA:1000 to ClientA:2000 and the packet from ClientA:2000 to ServerA:1000.
@@ -2811,8 +2811,8 @@ conversation already exists or not and if it exists we also check whether the
registered dissector_handle for that conversation is "our" dissector or not.
If not we create a new conversation ontop of the previous one and set this new
conversation to use our protocol.
-Since ethereal keeps track of the frame number where a conversation started
-ethereal will still be able to keep the packets apart eventhough they do use
+Since wireshark keeps track of the frame number where a conversation started
+wireshark will still be able to keep the packets apart eventhough they do use
the same socketpair.
(See packet-tftp.c and packet-snmp.c for examples of this)
@@ -3064,9 +3064,9 @@ how many bytes it will need to read in order to determine the size of a PDU.
For this mode it is reccommended that your dissector be the newer dissector
type which returns "int" rather than the older type which returned "void".
-This reassembly mode relies on Ethereal's mechanism for processing multiple PDUs
+This reassembly mode relies on Wireshark's mechanism for processing multiple PDUs
per frame. When a dissector processes a PDU from a tvbuff the PDU may not be
-aligned to a frame of the underlying protocol. Ethereal allows dissectors to
+aligned to a frame of the underlying protocol. Wireshark allows dissectors to
process PDUs in an idempotent way--dissectors only need to consider one PDU at a
time. If your dissector discovers that it can not process a complete PDU from
the current tvbuff the dissector should halt processing and request additional
diff --git a/doc/README.idl2wrs b/doc/README.idl2wrs
index cd7392c91b..9f79886136 100644
--- a/doc/README.idl2wrs
+++ b/doc/README.idl2wrs
@@ -9,7 +9,7 @@ What is it ?
As you have probably guessed from the name, "idl2wrs" takes a
user specified IDL file and attempts to build a dissector that
can decode the IDL traffic over GIOP. The resulting file is
-"C" code, that should compile okay as an ethereal dissector.
+"C" code, that should compile okay as an wireshark dissector.
idl2wrs basically parses the data struct given to it by
the omniidl compiler, and using the GIOP API available in packet-giop.[ch],
@@ -18,8 +18,8 @@ generates get_CDR_xxx calls to decode the CORBA traffic on the wire.
It consists of 4 main files.
README.idl2wrs - This document
-ethereal_be.py - The main compiler backend
-ethereal_gen.py - A helper class, that generates the C code.
+wireshark_be.py - The main compiler backend
+wireshark_gen.py - A helper class, that generates the C code.
idl2wrs - A simple shell script wrapper that the end user should
use to generate the dissector from the IDL file(s).
@@ -37,13 +37,13 @@ a CORBA class when teaching students how CORBA traffic looks like
"on the wire".
It is also COOL to work on a great Open Source project such as
-the case with "Ethereal" (http://www.ethereal.com)
+the case with "Wireshark" (http://www.wireshark.org)
How to use idl2wrs
==================
-To use the idl2wrs to generate ethereal dissectors, you
+To use the idl2wrs to generate wireshark dissectors, you
need the following.
@@ -53,9 +53,9 @@ need the following.
2. omniidl from the the omniORB package must be available.
http://omniorb.sourceforge.net/
-3 Of course you need ethereal installed to compile the
+3 Of course you need wireshark installed to compile the
code an tweak it if required. idl2wrs is part of the
- standard Ethereal distribution
+ standard Wireshark distribution
Procedure
@@ -81,23 +81,23 @@ steps 3 or 4 instead.
3. To write the C code to stdout.
- Usage: omniidl -p ./ -b ethereal_be <your file.idl>
+ Usage: omniidl -p ./ -b wireshark_be <your file.idl>
- eg: omniidl -p ./ -b ethereal_be echo.idl
+ eg: omniidl -p ./ -b wireshark_be echo.idl
4. To write to a file, just redirect the output.
- omniidl -p ./ -b ethereal_be echo.idl > packet-test-idl.c
+ omniidl -p ./ -b wireshark_be echo.idl > packet-test-idl.c
You may wish to comment out the register_giop_user_module() code
and that will leave you with heuristic dissection.
-5. Copy the resulting C code to your ethereal src directory, edit the 2 make files
+5. Copy the resulting C code to your wireshark src directory, edit the 2 make files
to include the packet-test-idl.c
- cp packet-test-idl.c /dir/where/ethereal/lives/
+ cp packet-test-idl.c /dir/where/wireshark/lives/
edit Makefile.am
edit Makefile.nmake
@@ -130,8 +130,8 @@ See TODO list inside packet-giop.c
Notes
=====
-1. The "-p ./" option passed to omniidl indicates that the ethereal_be.py
- and ethereal_gen.py are residing in the current directory. This may need
+1. The "-p ./" option passed to omniidl indicates that the wireshark_be.py
+ and wireshark_gen.py are residing in the current directory. This may need
tweaking if you place these files somewhere else.
2. If it complains about being unable to find some modules (eg tempfile.py),
diff --git a/doc/README.malloc b/doc/README.malloc
index 69619bf8d4..7e9ba9c786 100644
--- a/doc/README.malloc
+++ b/doc/README.malloc
@@ -3,7 +3,7 @@ $Id$
1. Introduction
In order to make memory management easier and to reduce the probability of
-memory leaks ethereal provides its own memory management API. This API is
+memory leaks wireshark provides its own memory management API. This API is
implemented inside epan/emem.c and provides memory allocation functions
where the allocated memory is automatically freed at certain points.
@@ -32,7 +32,7 @@ where the data is to still be available in some later packet.
The seasonal functions allocate memory that will stay around a lot longer
but will be automatically freed once the current capture is closed and
-Ethereal opens a new capture (either by reading a new capture file or by
+Wireshark opens a new capture (either by reading a new capture file or by
starting a new capture on some interface). These functions are useful for
allocations with longer scope for example if you need some buffers or data to
keep state between packets.
diff --git a/doc/README.packaging b/doc/README.packaging
index 0208a69955..d22fc2a85c 100644
--- a/doc/README.packaging
+++ b/doc/README.packaging
@@ -1,32 +1,31 @@
Here's a brief list of information that might be useful to anyone
-distributing a software package containing Ethereal:
+distributing a software package containing Wireshark:
-1. The canonical location for every Ethereal source release is
+1. The canonical location for every Wireshark source release is
- http://www.ethereal.com/distribution/all-versions/, e.g.
+ http://www.wireshark.org/download/all-versions/, e.g.
- http://www.ethereal.com/distribution/all-versions/ethereal-0.55.71.tar.bz2
+ http://www.wireshark.org/download/all-versions/wireshark-0.55.71.tar.bz2
If your packaging system downloads a copy of the Wireshark sources,
use this location.
-2. The Wireshark web site URL is http://www.ethereal.com/ .
+2. The Wireshark web site URL is http://www.wireshark.org/ .
3. Wireshark is released under the GNU General Public License. Make sure
your package complies with this license, or we send in the marmots.
-4. Ethereal and the "e" logo are registered trademarks of Ethereal, Inc.
+4. Wireshark and the "e" logo are registered trademarks of Wireshark, Inc.
5. Custom version information can be added by creating a file called
"version.conf". See make-version.pl for details. We recommend that
- you use this to differentiate your package from official Ethereal
+ you use this to differentiate your package from official Wireshark
releases.
-6. Ethereal icons can be found in the "image" directory of the Wireshark
- sources. Larger versions of the logo can be found at
- http://www.ethereal.com/~gerald/ethereal_logo/povray/ .
+6. Wireshark icons and logoscan be found in the "image" directory of the
+ Wireshark sources.
If you have a question not addressed here, send it to
-ethereal-dev@ethereal.com.
+wireshark-dev@wireshark.org.
$Id$
diff --git a/doc/README.plugins b/doc/README.plugins
index 1d1f60cef5..4f0f3e2383 100644
--- a/doc/README.plugins
+++ b/doc/README.plugins
@@ -7,7 +7,7 @@ standard one. In fact all of the functions described in
README.developer can be used in the plugins exactly as the are used in
standard dissectors.
-(Note, however, that not all OSes on which Ethereal runs can support
+(Note, however, that not all OSes on which Wireshark runs can support
plugins.)
If you've chosen "xxx" as the name of your plugin (typically, that would
@@ -68,7 +68,7 @@ information for the plugin. An example follows:
/* Version number of package */
#define VERSION "0.0.8"
-3. Changes to existing Ethereal files
+3. Changes to existing Wireshark files
You will also need to change the plugins/Makefile.am toplevel
Makefile.am, the plugins/Makefile.nmake toplevel Makefile.nmake, the
@@ -175,7 +175,7 @@ AC_OUTPUT(
packaging/Makefile
packaging/nsis/Makefile
packaging/rpm/Makefile
- packaging/rpm/ethereal.spec
+ packaging/rpm/wireshark.spec
packaging/svr4/Makefile
packaging/svr4/checkinstall
packaging/svr4/pkginfo
@@ -194,13 +194,13 @@ Plugins make some aspects of development easier and some harder.
The good news is that if you are working on a single plugin
then you will find recompiling the plugin MUCH faster than
-recompiling a dissector and then linking it back into ethereal.
+recompiling a dissector and then linking it back into wireshark.
The bad news is that wireshark will not use the plugin unless the
plugin is installed in one of the places it expects to look.
One way to deal with this problem is to set up a working root for
-ethereal, say in $HOME/build/root and build ethereal to install
+wireshark, say in $HOME/build/root and build wireshark to install
there
./configure --prefix=${HOME}/build/root;make install
diff --git a/doc/README.regression b/doc/README.regression
index e21365f60d..26ff7e8e52 100644
--- a/doc/README.regression
+++ b/doc/README.regression
@@ -1,10 +1,10 @@
#
-# Ethereal/TShark Regression Testing
+# Wireshark/TShark Regression Testing
#
# $Id$
#
# This is a sample Makefile for regression testing of the
-# Ethereal engine. These tests use that uses 'tshark -V' to analyze all
+# Wireshark engine. These tests use that uses 'tshark -V' to analyze all
# the frames of a capture file.
#
# You should probably rename this file as 'Makefile' in a separate directory
@@ -33,7 +33,7 @@
# 'make accept' Accept current tests; make them the reference test results
# 'make clean' Cleans any tests (but not references!)
-TSHARK=/home/gram/prj/ethereal/debug/linux-ix86/tshark
+TSHARK=/home/gram/prj/wireshark/debug/linux-ix86/tshark
CAPTURE_DIR=/home/gram/prj/sniff
diff --git a/doc/README.stats_tree b/doc/README.stats_tree
index e834b08046..1ea57c4c19 100644
--- a/doc/README.stats_tree
+++ b/doc/README.stats_tree
@@ -4,9 +4,9 @@ tapping with stats_tree
Let's suppose that you want to write a tap only to keep counters, and you
don't want to get involved with GUI programming or maybe you'd like to make
it a plugin. A stats_tree might be the way to go. The stats_tree module takes
-care of the representation (GUI for ethereal and text for tshark) of the
+care of the representation (GUI for wireshark and text for tshark) of the
tap data. So there's very little code to write to make a tap listener usable
-from both ethereal and tshark.
+from both wireshark and tshark.
First, you should add the TAP to the dissector in question as described in
README.tapping .
@@ -31,7 +31,7 @@ Other than that the stats_tree should be registered.
If you want to make it a plugin, stats_tree_register() should be called by
plugin_register_tap_listener() read README.plugin for other information
-regarding ethereal plugins.
+regarding wireshark plugins.
If you want it as part of the dissector stats_tree_register() can be called
either by proto_register_xxx() or if you prefer by proto_reg_handoff_xxx().
diff --git a/doc/README.tapping b/doc/README.tapping
index 6db72ef576..8cbaf2566e 100644
--- a/doc/README.tapping
+++ b/doc/README.tapping
@@ -2,12 +2,12 @@ $Id$
The TAP system in wireshark is a powerful and flexible mechanism to get event
driven notification on packets matching certain protocols and/or filters.
-In order to use the tapping system, very little knowledge of ethereal
+In order to use the tapping system, very little knowledge of wireshark
internals are required.
As examples on how to use the tap system see the implementation of
tap-rpcstat.c (tshark version)
-gtk/gtk-rpcstat.c (gtk-ethereal version)
+gtk/gtk-rpcstat.c (gtk-wireshark version)
If all you need is to keep some counters, there's the stats_tree API,
which offers a simple way to make a GUI and tshark tap-listener; see
@@ -100,13 +100,13 @@ matched the filter to your listener.
The syntax for the filter string is identical to normal display filters.
NOTE: Specifying filter strings will have a significant performance impact
-on your application and ethereal. If possible it is MUCH better to take
+on your application and wireshark. If possible it is MUCH better to take
unfiltered data and just filter it yourself in the packet-callback than
to specify a filter string.
ONLY use a filter string if no other option exist.
void (*reset)(void *tapdata)
-This callback is called whenever ethereal wants to inform your
+This callback is called whenever wireshark wants to inform your
listener that it is about to start [re]reading a capture file or a new capture
from an interface and that your application should reset any state it has
in the *tapdata instance.
@@ -125,10 +125,10 @@ or GUI updates down in (*draw) instead.
void (*draw)(void *tapdata)
-This callback is used when ethereal wants your application to redraw its
+This callback is used when wireshark wants your application to redraw its
output. It will usually not be called unless your application has received
new data through the (*packet) callback.
-On some ports of ethereal (gtk2) (*draw) will be called asynchronously
+On some ports of wireshark (gtk2) (*draw) will be called asynchronously
from a separate thread up to once every 2-3 seconds.
On other ports it might only be called once when the capture is finished
or the file has been [re]read completely.
@@ -140,14 +140,14 @@ So, create three callbacks:
2, packet to update these state variables.
3, draw to take these state variables and draw them on the screen.
-then just make ethereal call register_tap_listener() when you want to tap
+then just make wireshark call register_tap_listener() when you want to tap
and call remove_tap_listener() when you are finished.
WHEN DO TAP LISTENERS GET CALLED?
===================================
-Tap listeners are only called when ethereal reads a new capture for
-the first time or whenever ethereal needs to rescan/redissect
+Tap listeners are only called when wireshark reads a new capture for
+the first time or whenever wireshark needs to rescan/redissect
the capture.
Redissection occurs when you apply a new display filter or if you
change and Save/Apply a preference setting that might affect how
@@ -158,7 +158,7 @@ to receive tap data during the dissection of the frame will be called in
sequence.
The order of which the tap listeners will be called is not defined.
Not until all tap listeners for the frame has been called and returned
-will ethereal continue to dissect the next packet.
+will wireshark continue to dissect the next packet.
This is why it is important to make the *_packet() callbacks execute as
quickly as possible, else we create an extra delay until the next packet
is dissected.
@@ -204,7 +204,7 @@ Well, try this :
register_tap_listener("tcp", struct, "tcp.port==57", NULL, packet, NULL);
Let struct contain an email address?
- Then you have something simple that will make ethereal send an email
+ Then you have something simple that will make wireshark send an email
out automagically for each and every time it dissects
a packet containing TCP traffic to port 57.
Please put in some rate limitation if you do this.
diff --git a/doc/README.xml-output b/doc/README.xml-output
index 787311ce33..28545b2790 100644
--- a/doc/README.xml-output
+++ b/doc/README.xml-output
@@ -4,7 +4,7 @@ $Id$
Copyright (c) 2003 by Gilbert Ramirez <gram@alumni.rice.edu>
-Ethereal has the ability to export its protocol dissection in an
+Wireshark has the ability to export its protocol dissection in an
XML format, tshark has similar functionality by using the "-Tpdml"
option.
@@ -17,7 +17,7 @@ http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm
A related XML format, the Packet Summary Markup Language (PSML), is
also defined by the Analyzer group to provide packet summary information.
The PSML format is not documented in a publicly-available HTML document,
-but its format is simple. Ethereal can export this format too. Some day it
+but its format is simple. Wireshark can export this format too. Some day it
may be added to tshark so that "-Tpsml" would produce PSML.
One wonders if the "-T" option should read "-Txml" instead of "-Tpdml"
@@ -31,7 +31,7 @@ The PDML that wireshark produces is known not to be loadable into Analyzer.
It causes Analyzer to crash. As such, the PDML that wireshark produces
is be labled with a version number of "0", which means that the PDML does
not fully follow the PDML spec. Furthemore, a creator attribute in the
-"<pdml>" tag gives the version number of [t]ethereal that produced the PDML.
+"<pdml>" tag gives the version number of wireshark/tshark that produced the PDML.
In that way, as the PDML produced by wireshark matures, but still does not
meet the PDML spec, scripts can make intelligent decisions about how to
best parse the PDML, based on the "creator" attribute.
@@ -43,17 +43,17 @@ A protocol might contain one or more fields, denoted by the "<field>" tag.
A pseudo-protocol named "geninfo" is produced, as is required by the PDML
spec, and exported as the first protocol after the opening "<packet>" tag.
-Its information comes from ethereal's "frame" protocol, which servers
+Its information comes from wireshark's "frame" protocol, which servers
the similar purpose of storing packet meta-data. Both "geninfo" and
"frame" protocols are provided in the PDML output.
The "<pdml>" tag
================
Example:
- <pdml version="0" creator="ethereal/0.9.17">
+ <pdml version="0" creator="wireshark/0.9.17">
-The creator is "ethereal" (i.e., the "ethereal" engine. It will always say
-"ethereal", not "tshark") version 0.9.17.
+The creator is "wireshark" (i.e., the "wireshark" engine. It will always say
+"wireshark", not "tshark") version 0.9.17.
The "<proto>" tag
@@ -135,7 +135,7 @@ In PDML, the "Data" protocol would become another field under HTTP:
-tools/EtherealXML.py
+tools/WiresharkXML.py
====================
This is a python module which provides some infrastructor for
Python developers who wish to parse PDML. It is designed to read
@@ -146,20 +146,20 @@ The python user should import the module, define a callback function
which accepts one argument, and call the parse_fh function:
------------------------------------------------------------
-import EtherealXML
+import WiresharkXML
def my_callback(packet):
# do something
fh = open(xml_filename)
-EtherealXML.parse_fh(fh, my_callback)
+WiresharkXML.parse_fh(fh, my_callback)
# Now that the script has the packet data, do someting.
------------------------------------------------------------
The object that is passed to the callback function is an
-EtherealXML.Packet object, which corresponds to a single packet.
-EtherealXML Provides 3 classes, each of which corresponds to a PDML tag:
+WiresharkXML.Packet object, which corresponds to a single packet.
+WiresharkXML Provides 3 classes, each of which corresponds to a PDML tag:
Packet - "<packet>" tag
Protocol - "<proto>" tag
@@ -196,7 +196,7 @@ the PDML output of tshark, pass a read filter with "-R" to tshark to
try to reduce as much as possible the number of packets coming out of tshark.
The less your script has to process, the faster it will be.
-'tools/msnchat' is a sample Python program that uses EtherealXML to parse PDML.
+'tools/msnchat' is a sample Python program that uses WiresharkXML to parse PDML.
Given one or more capture files, it runs tshark on each of them, providing
a read filter to reduce tshark's output. It finds MSN Chat conversations
in the capture file and produces nice HTML showing the conversations. It has
diff --git a/doc/capinfos.pod b/doc/capinfos.pod
index 27c67e9bcf..01639f7499 100644
--- a/doc/capinfos.pod
+++ b/doc/capinfos.pod
@@ -30,11 +30,11 @@ corresponding to the statistic. If no flags are specified, B<Capinfos>
will report all statistics available.
B<Capinfos> is able to detect and read the same capture files that are
-supported by B<Ethereal>.
+supported by B<Wireshark>.
The input files don't need a specific filename extension, the file
format and an optional gzip compression will be automatically detected.
-The I<capture file format> section of I<ethereal(1)> or
-I<http://www.ethereal.com/docs/man-pages/ethereal.1.html>
+The I<capture file format> section of I<wireshark(1)> or
+I<http://www.wireshark.org/docs/man-pages/wireshark.1.html>
provides a detailed description.
=head1 OPTIONS
@@ -106,15 +106,15 @@ Prints the help listing and exits.
=head1 SEE ALSO
-I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>, I<editcap(1)>, I<tshark(1)>
+I<tcpdump(8)>, I<pcap(3)>, I<wireshark(1)>, I<mergecap(1)>, I<editcap(1)>, I<tshark(1)>
=head1 NOTES
-B<Capinfos> is part of the B<Ethereal> distribution. The latest version
-of B<Ethereal> can be found at B<http://www.ethereal.com>.
+B<Capinfos> is part of the B<Wireshark> distribution. The latest version
+of B<Wireshark> can be found at B<http://www.wireshark.org>.
HTML versions of the Wireshark project man pages are available at:
-http://www.ethereal.com/docs/man-pages
+http://www.wireshark.org/docs/man-pages
=head1 AUTHORS
@@ -125,4 +125,4 @@ http://www.ethereal.com/docs/man-pages
Contributors
------------
- Gerald Combs <gerald[AT]ethereal.com>
+ Gerald Combs <gerald[AT]wireshark.org>
diff --git a/doc/dfilter2pod.pl b/doc/dfilter2pod.pl
index cd97a3d0bb..da2ac73a9e 100755
--- a/doc/dfilter2pod.pl
+++ b/doc/dfilter2pod.pl
@@ -1,10 +1,10 @@
#!/usr/bin/perl
#
-# Reads the display filter keyword dump produced by 'ethereal -G' and
+# Reads the display filter keyword dump produced by 'wireshark -G' and
# formats it for a pod document. The pod document is then used to
# make a manpage
#
-# STDIN is the ethereal glossary
+# STDIN is the wireshark glossary
# arg1 is the pod template file. The =insert_dfilter_table token
# will be replaced by the pod-formatted glossary
# STDOUT is the output
diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod
index 19fd7aa4df..a5a48ddf49 100644
--- a/doc/dumpcap.pod
+++ b/doc/dumpcap.pod
@@ -26,7 +26,7 @@ S<[ B<-y> E<lt>capture link typeE<gt> ]>
B<Dumpcap> is a network traffic dump tool. It lets you capture packet
data from a live network and write the packets to a file. B<Dumpcap>'s
native capture file format is B<libpcap> format, which is also the format
-used by B<Ethereal>, B<tcpdump> and various other tools.
+used by B<Wireshark>, B<tcpdump> and various other tools.
Without any options set it will
use the pcap library to capture traffic from the first available network
@@ -198,18 +198,18 @@ See the manual page of I<tcpdump(8)>.
=head1 SEE ALSO
-I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
+I<wireshark(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
=head1 NOTES
-B<Dumpcap> is part of the B<Ethereal> distribution. The latest version
-of B<Ethereal> can be found at B<http://www.ethereal.com>.
+B<Dumpcap> is part of the B<Wireshark> distribution. The latest version
+of B<Wireshark> can be found at B<http://www.wireshark.org>.
HTML versions of the Wireshark project man pages are available at:
-http://www.ethereal.com/docs/man-pages
+http://www.wireshark.org/docs/man-pages
=head1 AUTHORS
-B<Dumpcap> is derived from the B<Ethereal> capturing engine code;
+B<Dumpcap> is derived from the B<Wireshark> capturing engine code;
see the list of
-authors in the B<Ethereal> man page for a list of authors of that code.
+authors in the B<Wireshark> man page for a list of authors of that code.
diff --git a/doc/editcap.pod b/doc/editcap.pod
index 79127d14a1..acf4732181 100644
--- a/doc/editcap.pod
+++ b/doc/editcap.pod
@@ -40,11 +40,11 @@ If the B<-r> flag is specified, the whole packet selection is reversed;
in that case I<only> the selected packets will be written to the capture file.
B<Editcap> is able to detect, read and write the same capture files that
-are supported by B<Ethereal>.
+are supported by B<Wireshark>.
The input file doesn't need a specific filename extension, the file
format and an optional gzip compression will be automatically detected.
-The I<capture file format> section of I<ethereal(1)> or
-I<http://www.ethereal.com/docs/man-pages/ethereal.1.html>
+The I<capture file format> section of I<wireshark(1)> or
+I<http://www.wireshark.org/docs/man-pages/wireshark.1.html>
provides a detailed description.
B<Editcap> can write the file in several output formats. The B<-F>
@@ -199,15 +199,15 @@ To introduce 5% random errors in a capture file use:
=head1 SEE ALSO
-I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>
+I<tcpdump(8)>, I<pcap(3)>, I<wireshark(1)>, I<mergecap(1)>
=head1 NOTES
-B<Editcap> is part of the B<Ethereal> distribution. The latest version
-of B<Ethereal> can be found at B<http://www.ethereal.com>.
+B<Editcap> is part of the B<Wireshark> distribution. The latest version
+of B<Wireshark> can be found at B<http://www.wireshark.org>.
HTML versions of the Wireshark project man pages are available at:
-http://www.ethereal.com/docs/man-pages
+http://www.wireshark.org/docs/man-pages
=head1 AUTHORS
diff --git a/doc/eproto2sgml b/doc/eproto2sgml
index 0c25a757b4..c8c832fa83 100644
--- a/doc/eproto2sgml
+++ b/doc/eproto2sgml
@@ -1,9 +1,9 @@
#!/usr/bin/perl
#
-# Reads the display filter keyword dump produced by 'ethereal -G' and
+# Reads the display filter keyword dump produced by 'wireshark -G' and
# formats it as an SGML bulleted list of protocols.
#
-# STDIN is the ethereal glossary
+# STDIN is the wireshark glossary
# arg1 is the pod template file. The =insert_dfilter_table token
# will be replaced by the pod-formatted glossary
# STDOUT is the output
@@ -53,7 +53,7 @@ close(TEMPLATE) || die "Can't close $template: $!\n";
sub create_dfilter_table {
- print "<itemizedlist id=\"EtherealListOfProtos\">\n";
+ print "<itemizedlist id=\"WiresharkListOfProtos\">\n";
# Print each protocol
for $proto_name (sort keys %proto_abbrev) {
diff --git a/doc/idl2wrs.pod b/doc/idl2wrs.pod
index 7dd80740de..fffedb25de 100644
--- a/doc/idl2wrs.pod
+++ b/doc/idl2wrs.pod
@@ -1,7 +1,7 @@
=head1 NAME
-idl2wrs - CORBA IDL to Ethereal Plugin Generator
+idl2wrs - CORBA IDL to Wireshark Plugin Generator
=head1 SYNOPSYS
@@ -10,9 +10,9 @@ B<idl2wrs> filename
=head1 DESCRIPTION
B<idl2wrs> is a program that takes a user specified B<CORBA IDL>
-file and generates B<"C"> source code for an B<Ethereal> "plugin".
+file and generates B<"C"> source code for an B<Wireshark> "plugin".
-This resulting file can be compiled as an B<Ethereal> plugin, and
+This resulting file can be compiled as an B<Wireshark> plugin, and
used to monitor B<GIOP/IIOP> traffic that is using this IDL.
B<idl2wrs> is actually a shell script wrapper for two B<Python> programs.
@@ -21,9 +21,9 @@ These programs are:
=over 4
-B<ethereal_be.py> - Contains the main IDL Visitor Class
+B<wireshark_be.py> - Contains the main IDL Visitor Class
-B<ethereal_gen.py> - Contains the Source Code Generator Class
+B<wireshark_gen.py> - Contains the Source Code Generator Class
=back
@@ -55,12 +55,12 @@ Currently there are no options. B<idl2wrs> can be invoked as follows.
=head1 ENVIRONMENT
-B<idl2wrs> will look for B<ethereal_be.py> and B<ethereal_gen.py> in
+B<idl2wrs> will look for B<wireshark_be.py> and B<wireshark_gen.py> in
B<$PYTHONPATH/site-packages/> and if not found, will try the current
directory B<./>
The B<-p> option passed to omniidl (inside B<idl2wrs>) indicates where
-B<ethereal_be.py> and B<ethereal_gen.py> will be searched. This may
+B<wireshark_be.py> and B<wireshark_gen.py> will be searched. This may
need tweaking if you place these files somewhere else.
If it complains about being unable to find some modules (eg tempfile.py),
@@ -71,14 +71,14 @@ eg: PYTHONPATH=/usr/lib/python1.5/
=head1 SEE ALSO
-I<ethereal(1)>
+I<wireshark(1)>
=head1 NOTES
-B<idl2wrs> (including B<ethereal_be.py> and B<ethereal_gen.py>) are part of
-the B<Ethereal> distribution. The latest version of B<Ethereal> can
-be found at B<http://www.ethereal.com>.
+B<idl2wrs> (including B<wireshark_be.py> and B<wireshark_gen.py>) are part of
+the B<Wireshark> distribution. The latest version of B<Wireshark> can
+be found at B<http://www.wireshark.org>.
B<idl2wrs> uses B<omniidl>, and IDL parser, and can be found at
B<http://omniorb.sourceforge.net/>
diff --git a/doc/mergecap.pod b/doc/mergecap.pod
index 168117c07d..3709764571 100644
--- a/doc/mergecap.pod
+++ b/doc/mergecap.pod
@@ -21,17 +21,17 @@ I<...>
B<Mergecap> is a program that combines multiple saved capture files into
a single output file specified by the B<-w> argument. B<Mergecap> knows
how to read B<libpcap> capture files, including those of B<tcpdump>,
-B<Ethereal>, and other tools that write captures in that format.
+B<Wireshark>, and other tools that write captures in that format.
By default, it writes the capture file in B<libpcap> format, and writes
all of the packets in both input capture files to the output file.
B<Mergecap> is able to detect, read and write the same capture files that
-are supported by B<Ethereal>.
+are supported by B<Wireshark>.
The input files don't need a specific filename extension, the file
format and an optional gzip compression will be automatically detected.
-The I<capture file format> section of I<ethereal(1)> or
-I<http://www.ethereal.com/docs/man-pages/ethereal.1.html>
+The I<capture file format> section of I<wireshark(1)> or
+I<http://www.wireshark.org/docs/man-pages/wireshark.1.html>
provides a detailed description.
B<Mergecap> can write the file in several output formats.
@@ -120,18 +120,18 @@ fddi>' is specified).
=head1 SEE ALSO
-I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<editcap(1)>
+I<tcpdump(8)>, I<pcap(3)>, I<wireshark(1)>, I<editcap(1)>
=head1 NOTES
B<Mergecap> is based heavily upon B<editcap> by Richard Sharpe
<sharpe[AT]ns.aus.com> and Guy Harris <guy[AT]alum.mit.edu>.
-B<Mergecap> is part of the B<Ethereal> distribution. The latest version
-of B<Ethereal> can be found at B<http://www.ethereal.com>.
+B<Mergecap> is part of the B<Wireshark> distribution. The latest version
+of B<Wireshark> can be found at B<http://www.wireshark.org>.
HTML versions of the Wireshark project man pages are available at:
-http://www.ethereal.com/docs/man-pages
+http://www.wireshark.org/docs/man-pages
=head1 AUTHORS
diff --git a/doc/randpkt.txt b/doc/randpkt.txt
index ce428f5e07..3680e7f483 100644
--- a/doc/randpkt.txt
+++ b/doc/randpkt.txt
@@ -5,7 +5,7 @@ $Id$
randpkt is a small utility creates a libpcap trace file full of random packets.
You can control the number of packets, the maximum size of each packet,
and the type of each packet. It is not build by default, but you
-can create it in the top-level Ethereal directory by typing:
+can create it in the top-level Wireshark directory by typing:
make randpkt
diff --git a/doc/text2pcap.pod b/doc/text2pcap.pod
index c5a0720789..585cf2f3f4 100644
--- a/doc/text2pcap.pod
+++ b/doc/text2pcap.pod
@@ -77,7 +77,7 @@ B<Text2pcap> also allows the user to read in dumps of
application-level data, by inserting dummy L2, L3 and L4 headers
before each packet. The user can elect to insert Ethernet headers,
Ethernet and IP, or Ethernet, IP and UDP/TCP headers before each
-packet. This allows Ethereal or any other full-packet decoder to
+packet. This allows Wireshark or any other full-packet decoder to
handle these dumps.
=head1 OPTIONS
@@ -118,7 +118,7 @@ for the Ethernet header in hex. Use this option if your dump has Layer
encapsulation. Example: I<-e 0x806> to specify an ARP packet.
For IP packets, instead of generating a fake Ethernet header you can
-also use I<-l 12> to indicate a raw IP packet to Ethereal. Note that
+also use I<-l 12> to indicate a raw IP packet to Wireshark. Note that
I<-l 12> does not work for any non-IP Layer 3 packet (e.g. ARP),
whereas generating a dummy Ethernet header with I<-e> works for any
sort of L3 packet.
@@ -195,12 +195,12 @@ a second.
=head1 SEE ALSO
-I<od(1)>, I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<editcap(1)>, I<strptime(3)>.
+I<od(1)>, I<tcpdump(8)>, I<pcap(3)>, I<wireshark(1)>, I<editcap(1)>, I<strptime(3)>.
=head1 NOTES
-B<Text2pcap> is part of the B<Ethereal> distribution. The latest version
-of B<Ethereal> can be found at B<http://www.ethereal.com>.
+B<Text2pcap> is part of the B<Wireshark> distribution. The latest version
+of B<Wireshark> can be found at B<http://www.wireshark.org>.
=head1 AUTHORS
diff --git a/doc/tshark.pod b/doc/tshark.pod
index 19193af20a..4c8f3ac087 100644
--- a/doc/tshark.pod
+++ b/doc/tshark.pod
@@ -51,11 +51,11 @@ use the pcap library to capture traffic from the first available network
interface and displays a summary line on stdout for each received packet.
B<TShark> is able to detect, read and write the same capture files that
-are supported by B<Ethereal>.
+are supported by B<Wireshark>.
The input file doesn't need a specific filename extension, the file
format and an optional gzip compression will be automatically detected.
-The I<capture file format> section of I<ethereal(1)> or
-I<http://www.ethereal.com/docs/man-pages/ethereal.1.html>
+The I<capture file format> section of I<wireshark(1)> or
+I<http://www.wireshark.org/docs/man-pages/wireshark.1.html>
provides a detailed description.
Compressed file support uses (and therefore requires) the zlib library.
@@ -71,7 +71,7 @@ packets' time stamps.
When writing a decoded form of packets, B<TShark> writes, by
default, a summary line containing the fields specified by the
preferences file (which are also the fields displayed in the packet list
-pane in B<Ethereal>), although if it's writing packets as it captures
+pane in B<Wireshark>), although if it's writing packets as it captures
them, rather than writting packets from a saved capture file, it won't
show the "frame number" field. If the B<-V> option is specified, it
writes instead a view of the details of the packet, showing all the
@@ -132,7 +132,7 @@ B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
B<filesize>:I<value> Stop writing to a capture file after it reaches a size of I<value>
kilobytes (where a kilobyte is 1024 bytes). If this option
-is used together with the -b option, Ethereal will stop writing to the
+is used together with the -b option, Wireshark will stop writing to the
current capture file and switch to the next one if filesize is reached.
B<files>:I<value> Stop writing to capture files after I<value> number of files were written.
@@ -414,7 +414,7 @@ after printing the summary or details.
Specify an option to be passed to a B<TShark> module. The eXtension option
is in the form I<extension_key>B<:>I<value>, where I<extension_key> can be:
-B<lua_script>:I<lua_script_filename> tells B<Ethereal> to load the given script in addition to the
+B<lua_script>:I<lua_script_filename> tells B<Wireshark> to load the given script in addition to the
default Lua scripts.
@@ -715,11 +715,11 @@ See the manual page of I<tcpdump(8)>.
=head1 READ FILTER SYNTAX
For a complete table of protocol and protocol fields that are filterable
-in B<TShark> see the I<ethereal-filter(4)> manual page.
+in B<TShark> see the I<wireshark-filter(4)> manual page.
=head1 FILES
-These files contains various B<Ethereal> configuration values.
+These files contains various B<Wireshark> configuration values.
=over 4
@@ -745,17 +745,17 @@ starts a comment that runs to the end of the line:
# TRUE or FALSE (case-insensitive).
capture.prom_mode: TRUE
-The global preferences file is looked for in the F<ethereal> directory
+The global preferences file is looked for in the F<wireshark> directory
under the F<share> subdirectory of the main installation directory (for
-example, F</usr/local/share/ethereal/preferences>) on UNIX-compatible
+example, F</usr/local/share/wireshark/preferences>) on UNIX-compatible
systems, and in the main installation directory (for example,
-F<C:\Program Files\Ethereal\preferences>) on Windows systems.
+F<C:\Program Files\Wireshark\preferences>) on Windows systems.
The personal preferences file is looked for in
-F<$HOME/.ethereal/preferences> on
-UNIX-compatible systems and F<%APPDATA%\Ethereal\preferences> (or, if
+F<$HOME/.wireshark/preferences> on
+UNIX-compatible systems and F<%APPDATA%\Wireshark\preferences> (or, if
%APPDATA% isn't defined, F<%USERPROFILE%\Application
-Data\Ethereal\preferences>) on Windows systems.
+Data\Wireshark\preferences>) on Windows systems.
=item Disabled (Enabled) Protocols
@@ -801,7 +801,7 @@ lines of an F<ethers> file:
The global F<ethers> file is looked for in the F</etc> directory on
UNIX-compatible systems, and in the main installation directory (for
-example, F<C:\Program Files\Ethereal>) on Windows systems.
+example, F<C:\Program Files\Wireshark>) on Windows systems.
The personal F<ethers> file is looked for in the same directory as the personal
preferences file.
@@ -848,7 +848,7 @@ For example, these four lines are valid lines of an F<ipxnets> file:
The global F<ipxnets> file is looked for in the F</etc> directory on
UNIX-compatible systems, and in the main installation directory (for
-example, F<C:\Program Files\Ethereal>) on Windows systems.
+example, F<C:\Program Files\Wireshark>) on Windows systems.
The personal F<ipxnets> file is looked for in the same directory as the
personal preferences file.
@@ -857,18 +857,18 @@ personal preferences file.
=head1 SEE ALSO
-I<ethereal-filter(4)> I<ethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
+I<wireshark-filter(4)> I<wireshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
=head1 NOTES
-B<TShark> is part of the B<Ethereal> distribution. The latest version
-of B<Ethereal> can be found at B<http://www.ethereal.com>.
+B<TShark> is part of the B<Wireshark> distribution. The latest version
+of B<Wireshark> can be found at B<http://www.wireshark.org>.
HTML versions of the Wireshark project man pages are available at:
-http://www.ethereal.com/docs/man-pages
+http://www.wireshark.org/docs/man-pages
=head1 AUTHORS
-B<TShark> uses the same packet dissection code that B<Ethereal> does,
-as well as using many other modules from B<Ethereal>; see the list of
-authors in the B<Ethereal> man page for a list of authors of that code.
+B<TShark> uses the same packet dissection code that B<Wireshark> does,
+as well as using many other modules from B<Wireshark>; see the list of
+authors in the B<Wireshark> man page for a list of authors of that code.
diff --git a/doc/ethereal-filter.pod.template b/doc/wireshark-filter.pod.template
index 01caa5b599..5e410bf375 100644
--- a/doc/ethereal-filter.pod.template
+++ b/doc/wireshark-filter.pod.template
@@ -1,10 +1,10 @@
=head1 NAME
-ethereal-filter - Ethereal filter syntax and reference
+wireshark-filter - Wireshark filter syntax and reference
=head1 SYNOPSYS
-B<ethereal> [other options]
+B<wireshark> [other options]
S<[ B<-R> "filter expression" ]>
B<tshark> [other options]
@@ -12,7 +12,7 @@ S<[ B<-R> "filter expression" ]>
=head1 DESCRIPTION
-B<Ethereal> and B<TShark> share a powerful filter engine that helps remove
+B<Wireshark> and B<TShark> share a powerful filter engine that helps remove
the noise from a packet trace and lets you see only the packets that interest
you. If a packet meets the requirements expressed in your filter, then it
is displayed in the list of packets. Display filters let you compare the
@@ -20,7 +20,7 @@ fields within a protocol against a specific value, compare fields against
fields, and check the existence of specified fields or protocols.
Filters are also used by other features such as statistics generation and
-packet list colorization (the latter is only available to B<Ethereal>). This
+packet list colorization (the latter is only available to B<Wireshark>). This
manual page describes their syntax and provides a comprehensive reference of
filter fields.
@@ -36,7 +36,7 @@ that contain a Token-Ring RIF field, use "tr.rif".
Think of a protocol or field in a filter as implicitly having the "exists"
operator.
-Note: all protocol and field names that are available in B<Ethereal> and
+Note: all protocol and field names that are available in B<Wireshark> and
B<TShark> filters are listed in the comprehensive B<FILTER PROTOCOL
REFERENCE> (see below).
@@ -66,7 +66,7 @@ characters, expressed as a string (quoted or unquoted), or bytes,
expressed as a byte array. For example, to search for a given HTTP
URL in a capture, the following filter can be used:
- http contains "http://www.ethereal.com"
+ http contains "http://www.wireshark.org"
The "contains" operator cannot be used on atomic fields,
such as numbers or IP addresses.
@@ -85,13 +85,13 @@ a case-insensitive pattern match. More information on PCRE can be found in the
pcrepattern(3) man page (Perl Regular Expressions are explained in
B<http://www.perldoc.com/perl5.8.0/pod/perlre.html>).
-Note: the "matches" operator is only available if B<Ethereal> or B<TShark>
+Note: the "matches" operator is only available if B<Wireshark> or B<TShark>
have been compiled with the PCRE library. This can be checked by running:
- ethereal -v
+ wireshark -v
tshark -v
-or selecting the "About Ethereal" item from the "Help" menu in B<Ethereal>.
+or selecting the "About Wireshark" item from the "Help" menu in B<Wireshark>.
=head2 Functions
@@ -221,11 +221,11 @@ Another example is:
You can use the slice operator on a protocol name, too.
The "frame" protocol can be useful, encompassing all the data captured
-by B<Ethereal> or B<TShark>.
+by B<Wireshark> or B<TShark>.
token[0:5] ne 0.0.0.1.1
llc[0] eq aa
- frame[100-199] contains "ethereal"
+ frame[100-199] contains "wireshark"
The following syntax governs slices:
@@ -309,7 +309,7 @@ all valid display filter expressions:
tcp.port == 80 and ip.src == 192.168.2.1
not llc
- http and frame[100-199] contains "ethereal"
+ http and frame[100-199] contains "wireshark"
(ipx.src.net == 0xbad && ipx.src.node == 0.0.0.0.0.1) || ip
Remember that whenever a protocol or field name occurs in an expression, the
@@ -378,9 +378,9 @@ field is also given.
=head1 NOTES
-The B<ethereal-filters> manpage is part of the B<Ethereal> distribution.
-The latest version of B<Ethereal> can be found at
-B<http://www.ethereal.com>.
+The B<wireshark-filters> manpage is part of the B<Wireshark> distribution.
+The latest version of B<Wireshark> can be found at
+B<http://www.wireshark.org>.
Regular expressions in the "matches" operator are provided with B<libpcre>,
the Perl-Compatible Regular Expressions library: see B<http://www.pcre.org/>.
@@ -393,9 +393,9 @@ in B<http://www.winpcap.org/docs/man/html/group__language.html>.
=head1 SEE ALSO
-I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
+I<wireshark(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
=head1 AUTHORS
-See the list of authors in the B<Ethereal> man page for a list of authors of
+See the list of authors in the B<Wireshark> man page for a list of authors of
that code.
diff --git a/doc/ethereal.pod b/doc/wireshark.pod
index 3ab44eb7f2..e972c9e19c 100644
--- a/doc/ethereal.pod
+++ b/doc/wireshark.pod
@@ -1,11 +1,11 @@
=head1 NAME
-ethereal - Interactively dump and analyze network traffic
+wireshark - Interactively dump and analyze network traffic
=head1 SYNOPSYS
-B<ethereal>
+B<wireshark>
S<[ B<-a> E<lt>capture autostop conditionE<gt> ] ...>
S<[ B<-b> E<lt>capture ring buffer optionE<gt> ] ...>
S<[ B<-B> E<lt>capture buffer size (Win32 only)E<gt> ] >
@@ -38,13 +38,13 @@ S<[ E<lt>infileE<gt> ]>
=head1 DESCRIPTION
-B<Ethereal> is a GUI network protocol analyzer. It lets you
+B<Wireshark> is a GUI network protocol analyzer. It lets you
interactively browse packet data from a live network or from a
-previously saved capture file. B<Ethereal>'s native capture file format
+previously saved capture file. B<Wireshark>'s native capture file format
is B<libpcap> format, which is also the format used by B<tcpdump> and
various other tools.
-B<Ethereal> can read / import the following file formats:
+B<Wireshark> can read / import the following file formats:
=over 4
@@ -131,25 +131,25 @@ Catapult DCT2000 .out files
=back 4
-There is no need to tell B<Ethereal> what type of
+There is no need to tell B<Wireshark> what type of
file you are reading; it will determine the file type by itself.
-B<Ethereal> is also capable of reading any of these file formats if they
-are compressed using gzip. B<Ethereal> recognizes this directly from
+B<Wireshark> is also capable of reading any of these file formats if they
+are compressed using gzip. B<Wireshark> recognizes this directly from
the file; the '.gz' extension is not required for this purpose.
-Like other protocol analyzers, B<Ethereal>'s main window shows 3 views
+Like other protocol analyzers, B<Wireshark>'s main window shows 3 views
of a packet. It shows a summary line, briefly describing what the
packet is. A packet details display is shown, allowing you to drill
down to exact protocol or field that you interested in. Finally, a hex
dump shows you exactly what the packet looks like when it goes over the
wire.
-In addition, B<Ethereal> has some features that make it unique. It can
+In addition, B<Wireshark> has some features that make it unique. It can
assemble all the packets in a TCP conversation and show you the ASCII
(or EBCDIC, or hex) data in that conversation. Display filters in
-B<Ethereal> are very powerful; more fields are filterable in B<Ethereal>
+B<Wireshark> are very powerful; more fields are filterable in B<Wireshark>
than in other protocol analyzers, and the syntax you can use to create
-your filters is richer. As B<Ethereal> progresses, expect more and more
+your filters is richer. As B<Wireshark> progresses, expect more and more
protocol fields to be allowed in display filters.
Packet capturing is performed with the pcap library. The capture filter
@@ -157,7 +157,7 @@ syntax follows the rules of the pcap library. This syntax is different
from the display filter syntax.
Compressed file support uses (and therefore requires) the zlib library.
-If the zlib library is not present, B<Ethereal> will compile, but will
+If the zlib library is not present, B<Wireshark> will compile, but will
be unable to read compressed files.
The pathname of a capture file to be read can be specified with the
@@ -167,12 +167,12 @@ B<-r> option or can be specified as a command-line argument.
=over 4
-Most users will want to start B<Ethereal> without options and configure
+Most users will want to start B<Wireshark> without options and configure
it from the menus instead. Those users may just skip this section.
=item -a E<lt>capture autostop conditionE<gt>
-Specify a criterion that specifies when B<Ethereal> is to stop writing
+Specify a criterion that specifies when B<Wireshark> is to stop writing
to a capture file. The criterion is of the form I<test>B<:>I<value>,
where I<test> is one of:
@@ -180,16 +180,16 @@ B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
B<filesize>:I<value> Stop writing to a capture file after it reaches a size of I<value>
kilobytes (where a kilobyte is 1024 bytes). If this option
-is used together with the -b option, Ethereal will stop writing to the
+is used together with the -b option, Wireshark will stop writing to the
current capture file and switch to the next one if filesize is reached.
B<files>:I<value> Stop writing to capture files after I<value> number of files were written.
=item -b E<lt>capture ring buffer optionE<gt>
-Cause B<Ethereal> to run in "multiple files" mode. In "multiple files" mode,
-B<Ethereal> will write to several capture files. When the first capture file
-fills up, B<Ethereal> will switch writing to the next file and so on.
+Cause B<Wireshark> to run in "multiple files" mode. In "multiple files" mode,
+B<Wireshark> will write to several capture files. When the first capture file
+fills up, B<Wireshark> will switch writing to the next file and so on.
The created filenames are based on the filename given with the B<-w> flag, the number of
the file and on the creation date and time,
@@ -197,7 +197,7 @@ e.g. outfile_00001_20050604120117.pcap, outfile_00001_20050604120523.pcap, ...
With the I<files> option it's also possible to form a "ring buffer".
This will fill up new files until the number of files specified,
-at which point B<Ethereal> will discard the data in the first file and start
+at which point B<Wireshark> will discard the data in the first file and start
writing to that file and so on. If the I<files> option is not set,
new files filled up until one of the capture stop conditions match (or
until the disk if full).
@@ -227,7 +227,7 @@ data.
=item -D
-Print a list of the interfaces on which B<Ethereal> can capture, and
+Print a list of the interfaces on which B<Wireshark> can capture, and
exit. For each network interface, a number and an
interface name, possibly followed by a text description of the
interface, is printed. The interface name or the number can be supplied
@@ -238,10 +238,10 @@ This can be useful on systems that don't have a command to list them
the number can be useful on Windows 2000 and later systems, where the
interface name is a somewhat complex string.
-Note that "can capture" means that B<Ethereal> was able to open
+Note that "can capture" means that B<Wireshark> was able to open
that device to do a live capture; if, on your system, a program doing a
network capture must be run from an account with special privileges (for
-example, as root), then, if B<Ethereal> is run with the B<-D> flag and
+example, as root), then, if B<Wireshark> is run with the B<-D> flag and
is not run from such an account, it will not list any interfaces.
=item -f E<lt>capture filterE<gt>
@@ -262,32 +262,32 @@ Set the name of the network interface or pipe to use for live packet
capture.
Network interface names should match one of the names listed in
-"B<ethereal -D>" (described above); a number, as reported by
-"B<ethereal -D>", can also be used. If you're using UNIX, "B<netstat
+"B<wireshark -D>" (described above); a number, as reported by
+"B<wireshark -D>", can also be used. If you're using UNIX, "B<netstat
-i>" or "B<ifconfig -a>" might also work to list interface names,
although not all versions of UNIX support the B<-a> flag to B<ifconfig>.
-If no interface is specified, B<Ethereal> searches the list of
+If no interface is specified, B<Wireshark> searches the list of
interfaces, choosing the first non-loopback interface if there are any
non-loopback interfaces, and choosing the first loopback interface if
there are no non-loopback interfaces. If there are no interfaces at all,
-B<Ethereal> reports an error and doesn't start the capture.
+B<Wireshark> reports an error and doesn't start the capture.
Pipe names should be either the name of a FIFO (named pipe) or ``-'' to
read data from the standard input. Data read from pipes must be in
standard libpcap format.
-Note: the Win32 version of B<Ethereal> doesn't support capturing from
+Note: the Win32 version of B<Wireshark> doesn't support capturing from
pipes or stdin!
=item -k
Start the capture session immediately. If the B<-i> flag was
specified, the capture uses the specified interface. Otherwise,
-B<Ethereal> searches the list of interfaces, choosing the first
+B<Wireshark> searches the list of interfaces, choosing the first
non-loopback interface if there are any non-loopback interfaces, and
choosing the first loopback interface if there are no non-loopback
-interfaces; if there are no interfaces, B<Ethereal> reports an error and
+interfaces; if there are no interfaces, B<Wireshark> reports an error and
doesn't start the capture.
=item -l
@@ -302,7 +302,7 @@ List the data link types supported by the interface and exit.
=item -m E<lt>fontE<gt>
-Set the name of the font used by B<Ethereal> for most text. B<Ethereal>
+Set the name of the font used by B<Wireshark> for most text. B<Wireshark>
will construct the name of the bold font used for the data in the byte
view pane that corresponds to the field selected in the packet details
pane from the name of the main text font.
@@ -337,7 +337,7 @@ read from a preference/recent file. The argument to the flag is a string of
the form I<prefname>B<:>I<value>, where I<prefname> is the name of the
preference/recent value (which is the same name that would appear in the
preference/recent file), and I<value> is the value to which it should be set.
-Since B<Ethereal> 0.10.12, the recent settings replaces the formerly used
+Since B<Wireshark> 0.10.12, the recent settings replaces the formerly used
-B, -P and -T flags to manipulate the GUI dimensions.
=item -p
@@ -345,13 +345,13 @@ Since B<Ethereal> 0.10.12, the recent settings replaces the formerly used
I<Don't> put the interface into promiscuous mode. Note that the
interface might be in promiscuous mode for some other reason; hence,
B<-p> cannot be used to ensure that the only traffic that is captured is
-traffic sent to or from the machine on which B<Ethereal> is running,
+traffic sent to or from the machine on which B<Wireshark> is running,
broadcast traffic, and multicast traffic to addresses received by that
machine.
=item -Q
-Cause B<Ethereal> to exit after the end of capture session (useful in
+Cause B<Wireshark> to exit after the end of capture session (useful in
batch mode with B<-c> option for instance); this option requires the
B<-i> and B<-w> parameters.
@@ -411,16 +411,16 @@ are the values that can be used.
=item -X E<lt>eXtension optionsE<gt>
-Specify an option to be passed to an B<Ethereal> module. The eXtension option
+Specify an option to be passed to an B<Wireshark> module. The eXtension option
is in the form I<extension_key>B<:>I<value>, where I<extension_key> can be:
-B<lua_script>:I<lua_script_filename> tells B<Ethereal> to load the given script in addition to the
+B<lua_script>:I<lua_script_filename> tells B<Wireshark> to load the given script in addition to the
default Lua scripts.
=item -z E<lt>statisticsE<gt>
-Get B<Ethereal> to collect various types of statistics and display the result
+Get B<Wireshark> to collect various types of statistics and display the result
in a window that updates in semi-real time.
Currently implemented statistics are:
@@ -700,7 +700,7 @@ next / previous file in that set.
=item File:Export
Export captured data into an external format. Note: the data cannot be
-imported back into Ethereal, so be sure to keep the capture file.
+imported back into Wireshark, so be sure to keep the capture file.
=item File:Print
@@ -861,7 +861,7 @@ consists of a name, a filter expression and a coloration. A packet is
colored according to the first filter that it matches. Color filter
expressions use exactly the same syntax as display filter expressions.
-When Ethereal starts, the color filters are loaded from:
+When Wireshark starts, the color filters are loaded from:
=over
@@ -926,7 +926,7 @@ Beware: keeping this box open results in high system load!
Initiate a live packet capture (see L<Capture Options|/item_capture_options>
dialog below). If no filename is specified, a temporary file will be created
to hold the capture. The location of the file can be chosen by setting your
-TMPDIR environment variable before starting B<Ethereal>. Otherwise, the
+TMPDIR environment variable before starting B<Wireshark>. Otherwise, the
default TMPDIR location is system-dependent, but is likely either F</var/tmp>
or F</tmp>.
@@ -990,13 +990,13 @@ The entire list can be enabled, disabled, or inverted using the buttons
below the list.
When a protocol is disabled, dissection in a particular packet stops
-when that protocol is reached, and Ethereal moves on to the next packet.
+when that protocol is reached, and Wireshark moves on to the next packet.
Any higher-layer protocols that would otherwise have been processed will
not be displayed. For example, disabling TCP will prevent the dissection
and display of TCP, HTTP, SMTP, Telnet, and any other protocol exclusively
dependent on TCP.
-The list of protocols can be saved, so that Ethereal will start up with
+The list of protocols can be saved, so that Wireshark will start up with
the protocols in that list disabled.
=item Analyze:Decode As
@@ -1006,7 +1006,7 @@ which dissectors are used to decode this packet. The dialog has one
panel each for the link layer, network layer and transport layer
protocol/port numbers, and will allow each of these to be changed
independently. For example, if the selected packet is a TCP packet to
-port 12345, using this dialog you can instruct Ethereal to decode all
+port 12345, using this dialog you can instruct Wireshark to decode all
packets to or from that TCP port as HTTP packets.
=item Analyze:User Specified Decodes
@@ -1112,7 +1112,7 @@ second intervals.
interval will be in the drawing area. The default is 5 pixels per tick.
"Y-scale:" controls the max value for the y-axis. Default value is
-"auto" which means that B<Ethereal> will try to adjust the maxvalue
+"auto" which means that B<Wireshark> will try to adjust the maxvalue
automatically.
"advanced..." If Unit:advanced... is selected the window will display
@@ -1220,7 +1220,7 @@ ascending or descending order by any column.
By first selecting a conversation by clicking on it and then using the
right mouse button (on those platforms that have a right
-mouse button) ethereal will display a popup menu offering several different
+mouse button) wireshark will display a popup menu offering several different
filter operations to apply to the capture.
These statistics windows can also be invoked from the Wireshark command
@@ -1234,7 +1234,7 @@ interface and display B<Procedure>, B<Number of Calls>, B<Minimum SRT>,
B<Maximum SRT> and B<Average SRT> for all procedures for that
program/version. These windows opened will update in semi-real time to
reflect changes when doing live captures or when reading new capture
-files into B<Ethereal>.
+files into B<Wireshark>.
This dialog will also allow an optional filter string to be used.
If an optional filter string is used only such DCE-RPC request/response pairs
@@ -1248,7 +1248,7 @@ and display B<FC Type>, B<Number of Calls>, B<Minimum SRT>,
B<Maximum SRT> and B<Average SRT> for all FC types.
These windows opened will update in semi-real time to
reflect changes when doing live captures or when reading new capture
-files into B<Ethereal>.
+files into B<Wireshark>.
The Service Response Time is calculated as the time delta between the
First packet of the exchange and the Last packet of the exchange.
@@ -1262,7 +1262,7 @@ string is specified all request/response pairs will be used.
Open a window to display statistics for an arbitrary ONC-RPC program interface
and display B<Procedure>, B<Number of Calls>, B<Minimum SRT>, B<Maximum SRT> and B<Average SRT> for all procedures for that program/version.
These windows opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into B<Ethereal>.
+doing live captures or when reading new capture files into B<Wireshark>.
This dialog will also allow an optional filter string to be used.
If an optional filter string is used only such ONC-RPC request/response pairs
@@ -1271,7 +1271,7 @@ string is specified all request/response pairs will be used.
By first selecting a conversation by clicking on it and then using the
right mouse button (on those platforms that have a right
-mouse button) ethereal will display a popup menu offering several different
+mouse button) wireshark will display a popup menu offering several different
filter operations to apply to the capture.
=item Statistics:Service Response Time:SMB
@@ -1294,7 +1294,7 @@ on those calls matching that filter.
By first selecting a conversation by clicking on it and then using the
right mouse button (on those platforms that have a right
-mouse button) ethereal will display a popup menu offering several different
+mouse button) wireshark will display a popup menu offering several different
filter operations to apply to the capture.
=item Statistics:Service Response Time:MGCP
@@ -1303,7 +1303,7 @@ Collect requests/response SRT (Service Response Time) data for MGCP.
Data collected is B<number of calls> for each known MGCP Type,
B<Minimum SRT>, B<Maximum SRT>, B<Average SRT>, B<Minimum in Packet>, and B<Maximum in Packet>.
These windows opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into B<Ethereal>.
+doing live captures or when reading new capture files into B<Wireshark>.
You can apply an optional filter string in a dialog box, before starting
the calculation. The statistics will only be calculated
@@ -1317,7 +1317,7 @@ B<Minimum SRT>, B<Maximum SRT>, B<Average SRT>, B<Minimum in Packet>, and B<Maxi
You will also get the number of B<Open Requests> (Unresponded Requests),
B<Discarded Responses> (Responses without matching request) and Duplicate Messages.
These windows opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into B<Ethereal>.
+doing live captures or when reading new capture files into B<Wireshark>.
You can apply an optional filter string in a dialog box, before starting
the calculation. The statistics will only be calculated
@@ -1330,7 +1330,7 @@ list of H.225 messages and H.225 message reasons, which occur in the current
capture file. The number of occurences of each message or reason will be displayed
in the second column.
This window opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into B<Ethereal>.
+doing live captures or when reading new capture files into B<Wireshark>.
You can apply an optional filter string in a dialog box, before starting
the counter. The statistics will only be calculated
@@ -1343,7 +1343,7 @@ SIP Method and of each SIP Status-Code. Additionally you also get the number of
resent SIP Messages (only for SIP over UDP).
This window opened will update in semi-real time to reflect changes when
-doing live captures or when reading new capture files into B<Ethereal>.
+doing live captures or when reading new capture files into B<Wireshark>.
You can apply an optional filter string in a dialog box, before starting
the counter. The statistics will only be calculated
@@ -1366,13 +1366,13 @@ List of supported protocols and display filter protocol fields.
Display locally installed HTML versions of these manual pages in a web browser.
-=item Help:Ethereal Online
+=item Help:Wireshark Online
-Various links to online resources to be open in a web browser, like http://www.ethereal.com.
+Various links to online resources to be open in a web browser, like http://www.wireshark.org.
-=item Help:About Ethereal
+=item Help:About Wireshark
-See various information about Ethereal (see L<About|/item_about> dialog below), like the
+See various information about Wireshark (see L<About|/item_about> dialog below), like the
version, the folders used, the available plugins, ...
=back
@@ -1424,7 +1424,7 @@ source and destination addresses, protocol, and description are
displayed for each packet; the I<Columns> page in the dialog box popped
up by I<Edit:Preferences> lets you change this (although, unfortunately,
you currently have to save the preferences, and exit and restart
-Ethereal, for those changes to take effect).
+Wireshark, for those changes to take effect).
If you click on the heading for a column, the display will be sorted by
that column; clicking on the heading again will reverse the sort order
@@ -1467,7 +1467,7 @@ The statusbar can be hidden by I<View:Statusbar>.
=item Preferences
The I<Preferences> dialog lets you control various personal preferences
-for the behavior of B<Ethereal>.
+for the behavior of B<Wireshark>.
=over 6
@@ -1513,19 +1513,19 @@ item can be set to use either inverse video, or bold characters.
=item Save Window Position
If this item is selected, the position of the main Wireshark window will
-be saved when Ethereal exits, and used when Wireshark is started again.
+be saved when Wireshark exits, and used when Wireshark is started again.
=item Save Window Size
If this item is selected, the size of the main Wireshark window will
-be saved when Ethereal exits, and used when Wireshark is started again.
+be saved when Wireshark exits, and used when Wireshark is started again.
=item File Open Dialog Behavior
-This item allows the user to select how Ethereal handles the listing
+This item allows the user to select how Wireshark handles the listing
of the "File Open" Dialog when opening trace files. "Remember Last
-Directory" causes Ethereal to automatically position the dialog in the
-directory of the most recently opened file, even between launches of Ethereal.
+Directory" causes Wireshark to automatically position the dialog in the
+directory of the most recently opened file, even between launches of Wireshark.
"Always Open in Directory" allows the user to define a persistent directory
that the dialog will always default to.
@@ -1602,7 +1602,7 @@ The I<Filter:> text entry lets you set a capture filter expression to be
used when capturing.
If any of the environment variables SSH_CONNECTION, SSH_CLIENT,
-REMOTEHOST, DISPLAY, or CLIENTNAME are set, Ethereal will create a
+REMOTEHOST, DISPLAY, or CLIENTNAME are set, Wireshark will create a
default capture filter that excludes traffic from the hosts and ports
defined in those variables.
@@ -1630,8 +1630,8 @@ system for a particular save file.
=item Protocol Preferences
-There are also pages for various protocols that Ethereal dissects,
-controlling the way Ethereal handles those protocols.
+There are also pages for various protocols that Wireshark dissects,
+controlling the way Wireshark handles those protocols.
=back
@@ -1808,7 +1808,7 @@ does not close the dialog.
Saves the current list of color filters in your personal color filters
file. Unless you do this they will not be used the next time you start
-Ethereal.
+Wireshark.
=item CLOSE
@@ -1870,22 +1870,22 @@ The I<Stop capture after ... files> field lets you specify the number
of capture files used, until the capture is stopped.
The I<Stop capture after ... packet(s)> check box and field let
-you specify that Ethereal should stop capturing after having captured
-some number of packets; if the check box is not checked, Ethereal will
+you specify that Wireshark should stop capturing after having captured
+some number of packets; if the check box is not checked, Wireshark will
not stop capturing at some fixed number of captured packets.
The I<Stop capture after ... megabyte(s)> check box and field lets
-you specify that Ethereal should stop capturing after the file to which
+you specify that Wireshark should stop capturing after the file to which
captured packets are being saved grows as large as or larger than some
-specified number of megabytes. If the check box is not checked, Ethereal
+specified number of megabytes. If the check box is not checked, Wireshark
will not stop capturing at some capture file size (although the operating
system on which Wireshark is running, or the available disk space, may still
limit the maximum size of a capture file). This option is disabled, if
"multiple files" mode is used,
The I<Stop capture after ... second(s)> check box and field let you
-specify that Ethereal should stop capturing after it has been capturing
-for some number of seconds; if the check box is not checked, Ethereal
+specify that Wireshark should stop capturing after it has been capturing
+for some number of seconds; if the check box is not checked, Wireshark
will not stop capturing after some fixed time has elapsed.
The I<Update list of packets in real time> check box lets you specify
@@ -1901,11 +1901,11 @@ should be translated to names.
=item About
-The I<About> dialog lets you view various information about Ethereal.
+The I<About> dialog lets you view various information about Wireshark.
-=item About:Ethereal
+=item About:Wireshark
-The I<Ethereal> page lets you view general information about Ethereal,
+The I<Wireshark> page lets you view general information about Wireshark,
like the installed version, licensing information and such.
=item About:Authors
@@ -1914,7 +1914,7 @@ The I<Authors> page shows the author and all contributors.
=item About:Folders
-The I<Folders> page lets you view the directory names where Ethereal is
+The I<Folders> page lets you view the directory names where Wireshark is
searching it's various configuration and other files.
=item About:Plugins
@@ -1926,24 +1926,24 @@ The I<Plugins List> shows the name and version of each dissector plugin
module found on your system.
On Unix-compatible systems, the plugins are looked for in the following
-directories: the F<lib/ethereal/plugins/$VERSION> directory under the
+directories: the F<lib/wireshark/plugins/$VERSION> directory under the
main installation directory (for example,
-F</usr/local/lib/ethereal/plugins/$VERSION>), and then
-F<$HOME/.ethereal/plugins>.
+F</usr/local/lib/wireshark/plugins/$VERSION>), and then
+F<$HOME/.wireshark/plugins>.
On Windows systems, the plugins are looked for in the following
directories: F<plugins\$VERSION> directory under the main installation
-directory (for example, F<C:\Program Files\Ethereal\plugins\$VERSION>),
-and then F<%APPDATA%\Ethereal\plugins\$VERSION> (or, if %APPDATA% isn't
-defined, F<%USERPROFILE%\Application Data\Ethereal\plugins\$VERSION>).
+directory (for example, F<C:\Program Files\Wireshark\plugins\$VERSION>),
+and then F<%APPDATA%\Wireshark\plugins\$VERSION> (or, if %APPDATA% isn't
+defined, F<%USERPROFILE%\Application Data\Wireshark\plugins\$VERSION>).
$VERSION is the version number of the plugin interface, which
-is typically the version number of Ethereal. Note that a dissector
+is typically the version number of Wireshark. Note that a dissector
plugin module may support more than one protocol; there is not
necessarily a one-to-one correspondence between dissector plugin modules
and protocols. Protocols supported by a dissector plugin module are
enabled and disabled using the I<Edit:Protocols> dialog box, just as
-protocols built into Ethereal are.
+protocols built into Wireshark are.
=back
@@ -1954,11 +1954,11 @@ See the manual page of I<tcpdump(8)>.
=head1 DISPLAY FILTER SYNTAX
For a complete table of protocol and protocol fields that are filterable
-in B<Ethereal> see the I<ethereal-filter(4)> manual page.
+in B<Wireshark> see the I<wireshark-filter(4)> manual page.
=head1 FILES
-These files contains various B<Ethereal> configuration settings.
+These files contains various B<Wireshark> configuration settings.
=over 4
@@ -1984,16 +1984,16 @@ starts a comment that runs to the end of the line:
# TRUE or FALSE (case-insensitive).
gui.scrollbar_on_right: TRUE
-The global preferences file is looked for in the F<ethereal> directory
+The global preferences file is looked for in the F<wireshark> directory
under the F<share> subdirectory of the main installation directory (for
-example, F</usr/local/share/ethereal/preferences>) on UNIX-compatible
+example, F</usr/local/share/wireshark/preferences>) on UNIX-compatible
systems, and in the main installation directory (for example,
-F<C:\Program Files\Ethereal\preferences>) on Windows systems.
+F<C:\Program Files\Wireshark\preferences>) on Windows systems.
-The personal preferences file is looked for in F<$HOME/.ethereal/preferences> on
-UNIX-compatible systems and F<%APPDATA%\Ethereal\preferences> (or, if
+The personal preferences file is looked for in F<$HOME/.wireshark/preferences> on
+UNIX-compatible systems and F<%APPDATA%\Wireshark\preferences> (or, if
%APPDATA% isn't defined, F<%USERPROFILE%\Application
-Data\Ethereal\preferences>) on Windows systems.
+Data\Wireshark\preferences>) on Windows systems.
Note: Whenever the preferences are saved by using the I<Save> button
in the I<Edit:Preferences> dialog box, your personal preferences file
@@ -2003,7 +2003,7 @@ unknown/obsolete settings that were in the file.
=item Recent
The F<recent> file contains personal settings (mostly GUI related) such
-as the current B<Ethereal> window size. The file is saved at program exit and
+as the current B<Wireshark> window size. The file is saved at program exit and
read in at program start automatically. Note: The command line flag B<-o>
may be used to override settings from this file.
@@ -2067,7 +2067,7 @@ lines of an F<ethers> file:
The global F<ethers> file is looked for in the F</etc> directory on
UNIX-compatible systems, and in the main installation directory (for
-example, F<C:\Program Files\Ethereal>) on Windows systems.
+example, F<C:\Program Files\Wireshark>) on Windows systems.
The personal F<ethers> file is looked for in the same directory as the personal
preferences file.
@@ -2114,7 +2114,7 @@ For example, these four lines are valid lines of an F<ipxnets> file:
The global F<ipxnets> file is looked for in the F</etc> directory on
UNIX-compatible systems, and in the main installation directory (for
-example, F<C:\Program Files\Ethereal>) on Windows systems.
+example, F<C:\Program Files\Wireshark>) on Windows systems.
The personal F<ipxnets> file is looked for in the same directory as the
personal preferences file.
@@ -2199,12 +2199,12 @@ See above in the description of the About:Plugins page.
=head1 SEE ALSO
-I<ethereal-filter(4)> I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
+I<wireshark-filter(4)> I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
=head1 NOTES
-The latest version of B<Ethereal> can be found at
-B<http://www.ethereal.com>.
+The latest version of B<Wireshark> can be found at
+B<http://www.wireshark.org>.
=head1 AUTHORS