From eb71f7fb96f883b748536eecde9f6f49eedbcfee Mon Sep 17 00:00:00 2001 From: Gerald Combs Date: Wed, 31 May 2006 19:12:15 +0000 Subject: Rename the main executable to "wireshark", along with more conversions: ethereal.com -> wireshark.org mailing lists and addresses ETHEREAL -> WIRESHARK Man pages Automake/Autoconf names svn path=/trunk/; revision=18271 --- AUTHORS | 2 +- FAQ | 32 +- INSTALL | 6 +- Makefile.am | 84 +- Makefile.common | 22 +- Makefile.nmake | 38 +- README.win32 | 60 +- acinclude.m4 | 202 +- cfilters | 2 +- configure.in | 76 +- debian/ethereal-common.manpages | 4 +- debian/rules | 6 +- doc/Makefile.am | 38 +- doc/Makefile.nmake | 34 +- doc/README.binarytrees | 14 +- doc/README.capture | 2 +- doc/README.design | 12 +- doc/README.developer | 76 +- doc/README.idl2wrs | 28 +- doc/README.malloc | 4 +- doc/README.packaging | 21 +- doc/README.plugins | 10 +- doc/README.regression | 6 +- doc/README.stats_tree | 6 +- doc/README.tapping | 22 +- doc/README.xml-output | 26 +- doc/capinfos.pod | 16 +- doc/dfilter2pod.pl | 4 +- doc/dumpcap.pod | 14 +- doc/editcap.pod | 14 +- doc/eproto2sgml | 6 +- doc/ethereal-filter.pod.template | 401 ---- doc/ethereal.pod | 2210 -------------------- doc/idl2wrs.pod | 22 +- doc/mergecap.pod | 16 +- doc/randpkt.txt | 2 +- doc/text2pcap.pod | 10 +- doc/tshark.pod | 46 +- doc/wireshark-filter.pod.template | 401 ++++ doc/wireshark.pod | 2210 ++++++++++++++++++++ docbook/catalog.xml | 4 +- docbook/developer-guide.xml | 8 +- docbook/edg_src/EDG_chapter_env_intro.xml | 12 +- docbook/edg_src/EDG_chapter_libraries.xml | 6 +- docbook/edg_src/EDG_chapter_sources.xml | 28 +- docbook/edg_src/EDG_chapter_tools.xml | 4 +- docbook/release-notes.xml | 28 +- docbook/wsug_src/WSUG_app_files.xml | 20 +- docbook/wsug_src/WSUG_app_tools.xml | 2 +- docbook/wsug_src/WSUG_chapter_advanced.xml | 4 +- docbook/wsug_src/WSUG_chapter_build_install.xml | 28 +- docbook/wsug_src/WSUG_chapter_capture.xml | 2 +- docbook/wsug_src/WSUG_chapter_introduction.xml | 8 +- docbook/wsug_src/WSUG_chapter_statistics.xml | 2 +- doxygen.cfg.in | 2 +- epan/dfilter/README.dfilter | 2 +- epan/dissectors/pidl/packet-dcerpc-atsvc.c | 2 +- epan/dissectors/pidl/packet-dcerpc-atsvc.h | 2 +- epan/dissectors/pidl/packet-dcerpc-initshutdown.c | 2 +- epan/dissectors/pidl/packet-dcerpc-initshutdown.h | 2 +- epan/dissectors/pidl/packet-dcerpc-winreg.c | 2 +- epan/dissectors/pidl/packet-dcerpc-winreg.h | 2 +- epan/doxygen.cfg.in | 2 +- ethereal.desktop | 88 - gtk/Makefile.am | 16 +- gtk/Makefile.common | 8 +- gtk/Makefile.nmake | 26 +- gtk/doxygen.cfg.in | 4 +- gtk/gui_utils.c | 2 +- gtk/win32-file-dlg.c | 12 +- help/faq.txt | 32 +- help/getting_started.txt | 4 +- help/overview.txt | 2 +- image/win32-file-dlg.rc | 10 +- make-faq | 6 +- manuf | 4 +- manuf.tmpl | 2 +- packaging/nsis/Makefile.nmake | 8 +- packaging/nsis/WinPcapPage.ini | 2 +- packaging/nsis/wireshark.nsi | 12 +- packaging/rpm/SPECS/ethereal.spec.in | 87 - packaging/rpm/SPECS/wireshark.spec.in | 87 + test/config.sh | 2 +- test/suite-capture.sh | 2 +- test/suite-io.sh | 2 +- test/test.sh | 2 +- tools/EtherealXML.py | 307 --- tools/WiresharkXML.py | 307 +++ tools/fuzz-test.sh | 2 +- tools/idl2wrs.sh | 2 +- tools/pidl/lib/Parse/Pidl/Ethereal/Conformance.pm | 347 --- tools/pidl/lib/Parse/Pidl/Ethereal/NDR.pm | 1021 --------- tools/pidl/lib/Parse/Pidl/Wireshark/Conformance.pm | 347 +++ tools/pidl/lib/Parse/Pidl/Wireshark/NDR.pm | 1021 +++++++++ tools/pidl/pidl | 2 +- wireshark.desktop | 88 + wiretap/AUTHORS | 2 +- wiretap/README | 2 +- wka.tmpl | 2 +- 99 files changed, 5124 insertions(+), 5125 deletions(-) delete mode 100644 doc/ethereal-filter.pod.template delete mode 100644 doc/ethereal.pod create mode 100644 doc/wireshark-filter.pod.template create mode 100644 doc/wireshark.pod delete mode 100644 ethereal.desktop delete mode 100644 packaging/rpm/SPECS/ethereal.spec.in create mode 100644 packaging/rpm/SPECS/wireshark.spec.in delete mode 100644 tools/EtherealXML.py create mode 100644 tools/WiresharkXML.py delete mode 100644 tools/pidl/lib/Parse/Pidl/Ethereal/Conformance.pm delete mode 100644 tools/pidl/lib/Parse/Pidl/Ethereal/NDR.pm create mode 100644 tools/pidl/lib/Parse/Pidl/Wireshark/Conformance.pm create mode 100644 tools/pidl/lib/Parse/Pidl/Wireshark/NDR.pm create mode 100644 wireshark.desktop diff --git a/AUTHORS b/AUTHORS index 534a4fa396..31bc62bde9 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2,7 +2,7 @@ Original Author -------- ------ -Gerald Combs +Gerald Combs Contributors diff --git a/FAQ b/FAQ index 1a93aa2df7..a8db25ba04 100644 --- a/FAQ +++ b/FAQ @@ -2,7 +2,7 @@ The Wireshark FAQ Note: This is just an ASCII snapshot of the faq and may not be up to - date. Please go to http://www.ethereal.com/faq.html for the up + date. Please go to http://www.wireshark.org/faq.html for the up to date version. The version of this snapshot can be found at the end of this document. @@ -237,9 +237,9 @@ Q 1.1: Where can I get help? - A: Community support is available on the ethereal-users mailing list. + A: Community support is available on the wireshark-users mailing list. Subscription information and archives for all of Ethereal's mailing lists - can be found at http://www.ethereal.com/lists. An IRC channel dedicated to + can be found at http://www.wireshark.org/lists. An IRC channel dedicated to Ethereal can be found at irc://irc.freenode.net/ethereal. Commercial support, training, and development services are available from @@ -1080,7 +1080,7 @@ cies it means "we don't know whether it can capture on them"; we expect that it will be able to capture on many of them, but we haven't tried it ourselves - if you try one of those types and it works, please send an update to - ethereal-web[AT]ethereal.com). + wireshark-web[AT]wireshark.org). It can also read a variety of capture file formats, including: * AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/Packet @@ -1177,12 +1177,12 @@ cies nonwithstanding; newer versions make it a bit clearer by giving that RPM a name starting with wireshark-base. - In those older versions, there's a separate ethereal-gnome RPM that includes + In those older versions, there's a separate wireshark-gnome RPM that includes GUI components such as Ethereal itself, the fact that Ethereal doesn't use GNOME nonwithstanding; newer versions make it a bit clearer by giving that RPM a name starting with wireshark-gtk+. - Find the ethereal-gnome or ethereal-gtk+ RPM, and install that also. + Find the wireshark-gnome or wireshark-gtk+ RPM, and install that also. 4. Building Ethereal @@ -1729,7 +1729,7 @@ cies that release, as, if there's a bug of that sort, it might've been fixed in a release after the one you're running. If the hang occurs in the most recent release of Ethereal, the bug should be reported to the Wireshark developers' - mailing list at ethereal-dev@ethereal.com. + mailing list at wireshark-dev@wireshark.org. On UNIX-flavored OSes, please try to force Ethereal to dump core, by sending it a SIGABRT signal (usually signal 6) with the kill command, and then get a @@ -1839,7 +1839,7 @@ cies mirror of the WinDump Web site for information on using WinDump. You would run WinDump with the -D flag; if it lists the interface, please - report this to ethereal-dev@ethereal.com giving full details of the problem, + report this to wireshark-dev@wireshark.org giving full details of the problem, including * the operating system you're using, and the version of that operating system; @@ -1862,7 +1862,7 @@ cies local mirror of the WinDump Web site for information on using WinDump. If you can capture on the interface with WinDump, send mail to - ethereal-users@ethereal.com giving full details of the problem, including + wireshark-users@wireshark.org giving full details of the problem, including * the operating system you're using, and the version of that operating system; * the type of network device you're using; @@ -1879,7 +1879,7 @@ cies there. If not, then see the WinPcap support page (or the local mirror of that page) - check the "Submitting bugs" section. - You may also want to ask the ethereal-users@ethereal.com and the + You may also want to ask the wireshark-users@wireshark.org and the winpcap-users@winpcap.org mailing lists to see if anybody happens to know about the problem and know a workaround or fix for the problem. (Note that you will have to subscribe to that list in order to be allowed to mail to @@ -2044,7 +2044,7 @@ cies If the attempt to capture on it succeeds, the interface is somehow not being reported by the mechanism Ethereal uses to get a list of interfaces; please - report this to ethereal-dev@ethereal.com giving full details of the problem, + report this to wireshark-dev@wireshark.org giving full details of the problem, including * the operating system you're using, and the version of that operating system (for Linux, give both the version number of the kernel and the @@ -2057,7 +2057,7 @@ cies that device with tcpdump. If you can capture on the interface with tcpdump, send mail to - ethereal-users@ethereal.com giving full details of the problem, including + wireshark-users@wireshark.org giving full details of the problem, including * the operating system you're using, and the version of that operating system (for Linux, give both the version number of the kernel and the name and version number of the distribution you're using); @@ -2074,7 +2074,7 @@ cies produces the OS (in the case of a Linux distribution, report the problem to whoever produces the distribution). - You may also want to ask the ethereal-users@ethereal.com and the + You may also want to ask the wireshark-users@wireshark.org and the tcpdump-workers@tcpdump.org mailing lists to see if anybody happens to know about the problem and know a workaround or fix for the problem. In your mail, please give full details of the problem, as described above, and also @@ -2187,7 +2187,7 @@ cies boring. Where can I find more interesting captures? A: We have a collection of strange and exotic sample capture files at - http://wiki.ethereal.com/SampleCaptures + http://wiki.wireshark.org/SampleCaptures Q 11.3: Why doesn't Ethereal correctly identify RTP packets? It shows them only as UDP. @@ -2278,8 +2278,8 @@ cies detect various viruses, worms, and the like. Please send support questions about Ethereal to the - ethereal-users[AT]ethereal.com mailing list. + wireshark-users[AT]wireshark.org mailing list. For corrections/additions/suggestions for this web page (and not Ethereal - support questions), please send email to ethereal-web[AT]ethereal.com. + support questions), please send email to wireshark-web[AT]wireshark.org. Last modified: Thu, February 23 2006. "Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc. diff --git a/INSTALL b/INSTALL index 0a9b951780..ea4249f6db 100644 --- a/INSTALL +++ b/INSTALL @@ -100,7 +100,7 @@ README.win32 for those instructions. is built. Use this switch to avoid building it. --disable-idl2wrs - By default the IDL-to-ethereal-dissector-source-code converter + By default the IDL-to-wireshark-dissector-source-code converter is built. Use this switch to avoid building it. --enable-dftest @@ -212,6 +212,6 @@ README.win32 for those instructions. to make an installable package for your system. If you have trouble with the build or installation process, you can -find assistance on the ethereal-users and ethereal-dev mailing lists. -See http://www.ethereal.com/lists/ for details. +find assistance on the wireshark-users and wireshark-dev mailing lists. +See http://www.wireshark.org/lists/ for details. diff --git a/Makefile.am b/Makefile.am index fbb7f92e28..5c1da0adc6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -60,13 +60,13 @@ ACLOCAL_AMFLAGS = `./aclocal-flags` # automake will arrange that the Makefile define it as the union of all # the "man{section}_MANS" variables. # -bin_PROGRAMS = @ethereal_bin@ @capinfos_bin@ @editcap_bin@ @mergecap_bin@ @tshark_bin@ @dftest_bin@ @randpkt_bin@ @text2pcap_bin@ @dumpcap_bin@ +bin_PROGRAMS = @wireshark_bin@ @capinfos_bin@ @editcap_bin@ @mergecap_bin@ @tshark_bin@ @dftest_bin@ @randpkt_bin@ @text2pcap_bin@ @dumpcap_bin@ bin_SCRIPTS = @idl2wrs_bin@ -man1_MANS = @ethereal_man@ @capinfos_man@ @editcap_man@ @mergecap_man@ @tshark_man@ @text2pcap_man@ @dumpcap_man@ @idl2wrs_man@ -man4_MANS = @etherealfilter_man@ +man1_MANS = @wireshark_man@ @capinfos_man@ @editcap_man@ @mergecap_man@ @tshark_man@ @text2pcap_man@ @dumpcap_man@ @idl2wrs_man@ +man4_MANS = @wiresharkfilter_man@ man_MANS = -EXTRA_PROGRAMS = ethereal tshark capinfos editcap mergecap dftest \ +EXTRA_PROGRAMS = wireshark tshark capinfos editcap mergecap dftest \ randpkt text2pcap dumpcap EXTRA_SCRIPTS = idl2wrs @@ -77,8 +77,8 @@ idl2wrs: tools/idl2wrs.sh Makefile # # Ethereal configuration files are put in $(pkgdatadir). # -pkgdata_DATA = AUTHORS-SHORT manuf ethereal.html tshark.html \ - ethereal-filter.html capinfos.html editcap.html \ +pkgdata_DATA = AUTHORS-SHORT manuf wireshark.html tshark.html \ + wireshark-filter.html capinfos.html editcap.html \ idl2wrs.html mergecap.html text2pcap.html dumpcap.html \ cfilters colorfilters dfilters @@ -265,27 +265,27 @@ plugin_ldadd = endif # HAVE_PLUGINS # Optional objects that I know how to build. These will be -# linked into the ethereal executable. +# linked into the wireshark executable. # They will also be linked into the tshark executable; if this # list ever grows to include something that can't be linked with # tshark, or if tshark needs something that wireshark doesn't, # we should probably split this into stuff needed both # by wireshark and tshark and stuff needed only by one or the # other. -ethereal_optional_objects = @GETOPT_O@ @SNPRINTF_O@ @STRERROR_O@ \ +wireshark_optional_objects = @GETOPT_O@ @SNPRINTF_O@ @STRERROR_O@ \ @STRCASECMP_O@ @STRNCASECMP_O@ @MKSTEMP_O@ @STRPTIME_O@ # Additional libs that I know how to build. These will be -# linked into the ethereal executable. -ethereal_additional_libs = \ +# linked into the wireshark executable. +wireshark_additional_libs = \ gtk/libui.a \ wiretap/libwiretap.la \ epan/libwireshark.la # This is the automake dependency variable for the executable -ethereal_DEPENDENCIES = \ - $(ethereal_optional_objects) \ - $(ethereal_additional_libs) \ +wireshark_DEPENDENCIES = \ + $(wireshark_optional_objects) \ + $(wireshark_additional_libs) \ $(plugin_libs) # This automake variable adds to the link-line for the executable. @@ -297,14 +297,14 @@ ethereal_DEPENDENCIES = \ # applications are X applications). if ENABLE_STATIC -ethereal_LDFLAGS = -Wl,-static -all-static +wireshark_LDFLAGS = -Wl,-static -all-static else -ethereal_LDFLAGS = -export-dynamic +wireshark_LDFLAGS = -export-dynamic endif -ethereal_LDADD = \ - $(ethereal_optional_objects) \ - $(ethereal_additional_libs) \ +wireshark_LDADD = \ + $(wireshark_optional_objects) \ + $(wireshark_additional_libs) \ @SNMP_LIBS@ @SSL_LIBS@ \ $(plugin_ldadd) \ @PCRE_LIBS@ \ @@ -319,13 +319,13 @@ tshark_additional_libs = \ # This is the automake dependency variable for the executable tshark_DEPENDENCIES = \ - $(ethereal_optional_objects) \ + $(wireshark_optional_objects) \ $(tshark_additional_libs) \ $(plugin_libs) # This automake variable adds to the link-line for the executable tshark_LDADD = \ - $(ethereal_optional_objects) \ + $(wireshark_optional_objects) \ $(tshark_additional_libs) \ @SNMP_LIBS@ @SSL_LIBS@ \ $(plugin_ldadd) \ @@ -436,13 +436,13 @@ dftest_additional_libs = \ epan/libwireshark.la dftest_DEPENDENCIES = \ - $(ethereal_optional_objects) \ + $(wireshark_optional_objects) \ $(dftest_additional_libs) \ $(plugin_libs) # This automake variable adds to the link-line for the executable dftest_LDADD = \ - $(ethereal_optional_objects) \ + $(wireshark_optional_objects) \ $(dftest_additional_libs) \ @SNMP_LIBS@ @SSL_LIBS@ \ $(plugin_ldadd) \ @@ -552,8 +552,8 @@ EXTRA_DIST = \ doc/capinfos.pod \ doc/dfilter2pod.pl \ doc/editcap.pod \ - doc/ethereal-filter.pod.template \ - doc/ethereal.pod \ + doc/wireshark-filter.pod.template \ + doc/wireshark.pod \ doc/idl2wrs.pod \ doc/mergecap.pod \ doc/randpkt.txt \ @@ -565,9 +565,9 @@ EXTRA_DIST = \ dumpcap.c \ editcap.c \ epan/libwireshark.def \ - ethereal_be.py \ - ethereal_gen.py \ - ethereal.desktop \ + wireshark_be.py \ + wireshark_gen.py \ + wireshark.desktop \ image/Ethereal.icns \ image/Makefile.nmake \ image/README.image \ @@ -696,22 +696,22 @@ endif DIST_SUBDIRS = tools wiretap doc epan plugins packaging gtk help if HAVE_PLUGINS -SUBDIRS = tools wiretap doc epan plugins packaging help @ethereal_SUBDIRS@ +SUBDIRS = tools wiretap doc epan plugins packaging help @wireshark_SUBDIRS@ else -SUBDIRS = tools wiretap doc epan packaging help @ethereal_SUBDIRS@ +SUBDIRS = tools wiretap doc epan packaging help @wireshark_SUBDIRS@ endif -ethereal.1: doc/ethereal.pod AUTHORS-SHORT-FORMAT +wireshark.1: doc/wireshark.pod AUTHORS-SHORT-FORMAT (cd doc ; \ - $(MAKE) ../ethereal.1 ) + $(MAKE) ../wireshark.1 ) tshark.1: doc/tshark.pod (cd doc ; \ $(MAKE) ../tshark.1 ) -ethereal-filter.4: tshark doc/ethereal-filter.pod.template +wireshark-filter.4: tshark doc/wireshark-filter.pod.template (cd doc ; \ - $(MAKE) ../ethereal-filter.4 ) + $(MAKE) ../wireshark-filter.4 ) capinfos.1: doc/capinfos.pod (cd doc ; \ @@ -737,17 +737,17 @@ dumpcap.1: doc/dumpcap.pod (cd doc ; \ $(MAKE) ../dumpcap.1 ) -ethereal.html: doc/ethereal.pod AUTHORS-SHORT-FORMAT +wireshark.html: doc/wireshark.pod AUTHORS-SHORT-FORMAT (cd doc ; \ - $(MAKE) ../ethereal.html ) + $(MAKE) ../wireshark.html ) tshark.html: doc/tshark.pod (cd doc ; \ $(MAKE) ../tshark.html ) -ethereal-filter.html: tshark doc/ethereal-filter.pod.template +wireshark-filter.html: tshark doc/wireshark-filter.pod.template (cd doc ; \ - $(MAKE) ../ethereal-filter.html ) + $(MAKE) ../wireshark-filter.html ) capinfos.html: doc/capinfos.pod (cd doc ; \ @@ -805,10 +805,10 @@ rpm-package: dist mkdir -p BUILD RPMS SOURCES ; \ cd SOURCES ; \ ln -s ../../../$(distdir).tar.gz ; \ - ln -s ../../../ethereal.desktop ; \ + ln -s ../../../wireshark.desktop ; \ ln -s ../../../image/elogo3d64x64.png ethereal.png ; \ cd .. ; \ - rpmbuild --define "_topdir `cd . && pwd`" -bb SPECS/ethereal.spec && \ + rpmbuild --define "_topdir `cd . && pwd`" -bb SPECS/wireshark.spec && \ echo "Package successfully built in `pwd`/RPMS." ; \ else \ echo "Error: RPM executable and/or source directory not found." ; \ @@ -819,10 +819,10 @@ srpm-package: dist mkdir -p BUILD SRPMS SOURCES ; \ cd SOURCES ; \ ln -s ../../../$(distdir).tar.gz ; \ - ln -s ../../../ethereal.desktop ; \ - ln -s ../../../image/elogo3d64x64.png ethereal.png ; \ + ln -s ../../../wireshark.desktop ; \ + ln -s ../../../image/elogo3d64x64.png wireshark.png ; \ cd .. ; \ - rpmbuild --define "_topdir `cd . && pwd`" -bs SPECS/ethereal.spec && \ + rpmbuild --define "_topdir `cd . && pwd`" -bs SPECS/wireshark.spec && \ echo "Package successfully built in `pwd`/SRPMS." ; \ else \ echo "Error: RPM executable and/or source directory not found." ; \ diff --git a/Makefile.common b/Makefile.common index 9cb087ec4f..7b2048c6e2 100644 --- a/Makefile.common +++ b/Makefile.common @@ -45,7 +45,7 @@ GENERATED_C_FILES = \ GENERATED_FILES = $(GENERATED_C_FILES) $(GENERATED_HEADER_FILES) # sources common for ethereal and tshark -ETHEREAL_COMMON_SRC = \ +WIRESHARK_COMMON_SRC = \ $(PLATFORM_SRC) \ capture_errs.c \ capture-pcap-util.c \ @@ -65,7 +65,7 @@ ETHEREAL_COMMON_SRC = \ version_info.c # corresponding headers -ETHEREAL_COMMON_INCLUDES = \ +WIRESHARK_COMMON_INCLUDES = \ svnversion.h \ capture_errs.h \ capture-pcap-util.h \ @@ -118,7 +118,7 @@ TSHARK_TAP_SRC = \ tap-wspstat.c # helpers already available on some platforms (and on others not) -EXTRA_ethereal_SOURCES = \ +EXTRA_wireshark_SOURCES = \ getopt.c \ mkstemp.c \ snprintf.c \ @@ -128,7 +128,7 @@ EXTRA_ethereal_SOURCES = \ strptime.c # corresponding headers -EXTRA_ethereal_INCLUDES = \ +EXTRA_wireshark_INCLUDES = \ getopt.h \ mkstemp.h \ snprintf.h \ @@ -137,8 +137,8 @@ EXTRA_ethereal_INCLUDES = \ strptime.h # ethereal specifics -ethereal_SOURCES = \ - $(ETHEREAL_COMMON_SRC) \ +wireshark_SOURCES = \ + $(WIRESHARK_COMMON_SRC) \ alert_box.c \ capture.c \ capture_info.c \ @@ -156,7 +156,7 @@ ethereal_SOURCES = \ tempfile.c # corresponding headers -ethereal_INCLUDES = \ +wireshark_INCLUDES = \ alert_box.h \ capture.h \ capture_info.h \ @@ -183,7 +183,7 @@ ethereal_INCLUDES = \ # tshark specifics tshark_SOURCES = \ - $(ETHEREAL_COMMON_SRC) \ + $(WIRESHARK_COMMON_SRC) \ $(TSHARK_TAP_SRC) \ capture_opts.c \ capture_loop.c \ @@ -234,6 +234,6 @@ dumpcap_SOURCES = \ # this target needed for distribution only noinst_HEADERS = \ - $(ETHEREAL_COMMON_INCLUDES) \ - $(ethereal_INCLUDES) \ - $(EXTRA_ethereal_INCLUDES) + $(WIRESHARK_COMMON_INCLUDES) \ + $(wireshark_INCLUDES) \ + $(EXTRA_wireshark_INCLUDES) diff --git a/Makefile.nmake b/Makefile.nmake index 2d558c680f..326e0fb150 100644 --- a/Makefile.nmake +++ b/Makefile.nmake @@ -1,4 +1,4 @@ -## Makefile for building ethereal.exe with Microsoft C and nmake +## Makefile for building wireshark.exe with Microsoft C and nmake ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake # # $Id$ @@ -28,7 +28,7 @@ PLATFORM_SRC = capture-wpcap.c capture_wpcap_packet.c include Makefile.common -ethereal_OBJECTS = $(ethereal_SOURCES:.c=.obj) +wireshark_OBJECTS = $(wireshark_SOURCES:.c=.obj) tshark_OBJECTS = $(tshark_SOURCES:.c=.obj) dftest_OBJECTS = $(dftest_SOURCES:.c=.obj) @@ -46,7 +46,7 @@ EXTRA_OBJECTS = \ mkstemp.obj \ strptime.obj -ethereal_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \ +wireshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \ wsock32.lib user32.lib shell32.lib comctl32.lib \ $(NET_SNMP_DIR)\win32\lib\release\netsnmp.lib \ !IFDEF HHC_DIR @@ -56,7 +56,7 @@ ethereal_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \ epan\libwireshark.lib \ !ELSE epan\dissectors\dissectors.lib \ - epan\ethereal.lib \ + epan\wireshark.lib \ epan\dfilter\dfilter.lib epan\ftypes\ftypes.lib \ $(ADNS_LIBS) \ $(PCRE_LIBS) \ @@ -73,7 +73,7 @@ tshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \ epan\libwireshark.lib \ !ELSE epan\dissectors\dissectors.lib \ - epan\ethereal.lib \ + epan\wireshark.lib \ epan\dfilter\dfilter.lib epan\ftypes\ftypes.lib \ $(ADNS_LIBS) \ $(PCRE_LIBS) \ @@ -105,7 +105,7 @@ dftest_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \ epan\libwireshark.lib \ !ELSE epan\dissectors\dissectors.lib \ - epan\ethereal.lib \ + epan\wireshark.lib \ epan\dfilter\dfilter.lib epan\ftypes\ftypes.lib \ $(ADNS_LIBS) \ $(PCRE_LIBS) \ @@ -118,10 +118,10 @@ randpkt_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \ $(GLIB_LIBS) \ $(NET_SNMP_DIR)\win32\lib\release\netsnmp.lib -EXECUTABLES=ethereal.exe ethereal-gtk2.exe tshark.exe \ +EXECUTABLES=wireshark.exe wireshark-gtk2.exe tshark.exe \ capinfos.exe editcap.exe mergecap.exe text2pcap.exe randpkt.exe dumpcap.exe -RESOURCES=image\ethereal.res image\libwireshark.res image\tshark.res \ +RESOURCES=image\wireshark.res image\libwireshark.res image\tshark.res \ image\capinfos.res image\editcap.res image\mergecap.res \ image\text2pcap.res image\wiretap.res image\dumpcap.res @@ -151,22 +151,22 @@ $(RESOURCES): image wiretap\wiretap-$(WTAP_VERSION).lib: wiretap !IFNDEF GTK1_DIR -ethereal.exe : +wireshark.exe : !ELSE -ethereal.exe : config.h svnversion.h $(ethereal_OBJECTS) $(command_line_OBJECTS) epan gtk image\ethereal.res wiretap\wiretap-$(WTAP_VERSION).lib gtk\libui.lib plugins +wireshark.exe : config.h svnversion.h $(wireshark_OBJECTS) $(command_line_OBJECTS) epan gtk image\wireshark.res wiretap\wiretap-$(WTAP_VERSION).lib gtk\libui.lib plugins @echo Linking $@ $(LINK) @<< - /OUT:ethereal.exe $(guiflags) $(guilibsdll) $(LDFLAGS) /SUBSYSTEM:windows $(ethereal_LIBS) $(GTK1_LIBS) gtk\libui.lib $(ethereal_OBJECTS) image\ethereal.res + /OUT:wireshark.exe $(guiflags) $(guilibsdll) $(LDFLAGS) /SUBSYSTEM:windows $(wireshark_LIBS) $(GTK1_LIBS) gtk\libui.lib $(wireshark_OBJECTS) image\wireshark.res << !ENDIF !IFNDEF GTK2_DIR -ethereal-gtk2.exe : +wireshark-gtk2.exe : !ELSE -ethereal-gtk2.exe : config.h svnversion.h $(ethereal_OBJECTS) $(command_line_OBJECTS) epan gtk2 image\ethereal.res wiretap\wiretap-$(WTAP_VERSION).lib gtk2.tmp\libui.lib plugins +wireshark-gtk2.exe : config.h svnversion.h $(wireshark_OBJECTS) $(command_line_OBJECTS) epan gtk2 image\wireshark.res wiretap\wiretap-$(WTAP_VERSION).lib gtk2.tmp\libui.lib plugins @echo Linking $@ $(LINK) @<< - /OUT:ethereal-gtk2.exe $(guiflags) $(guilibsdll) $(LDFLAGS) /SUBSYSTEM:windows $(ethereal_LIBS) $(GTK2_LIBS) gtk2.tmp\libui.lib $(ethereal_OBJECTS) image\ethereal.res + /OUT:wireshark-gtk2.exe $(guiflags) $(guilibsdll) $(LDFLAGS) /SUBSYSTEM:windows $(wireshark_LIBS) $(GTK2_LIBS) gtk2.tmp\libui.lib $(wireshark_OBJECTS) image\wireshark.res << !ENDIF @@ -287,7 +287,7 @@ gtk2_distclean: if exist gtk2.tmp rmdir gtk2.tmp clean: gtk2_distclean - rm -f $(ethereal_OBJECTS) $(tshark_OBJECTS) $(EXTRA_OBJECTS) \ + rm -f $(wireshark_OBJECTS) $(tshark_OBJECTS) $(EXTRA_OBJECTS) \ $(EXECUTABLES) $(PDB_FILE) \ capinfos.obj editcap.obj mergecap.obj text2pcap.obj getopt.obj\ text2pcap-scanner.obj text2pcap-scanner.c rdps.obj \ @@ -604,12 +604,12 @@ clean_setup: rm -r -f $(WIRESHARK_LIBS)/gtk-wimp ################################################################################ -# Prepare the source tree for running (t)ethereal directly from there. +# Prepare the source tree for running (t)wireshark directly from there. ################################################################################ -# "install-deps" will copy all dlls needed to run (t)ethereal -# to the source tree, so you can run (t)ethereal directly from there. -# Note that the gtk2 version of ethereal is called ethereal-gtk2.exe +# "install-deps" will copy all dlls needed to run (t)wireshark +# to the source tree, so you can run (t)wireshark directly from there. +# Note that the gtk2 version of wireshark is called wireshark-gtk2.exe install-deps: clean-deps install-gtk1-deps install-gtk2-deps cd plugins diff --git a/README.win32 b/README.win32 index 84dc93720a..51ff2d0072 100644 --- a/README.win32 +++ b/README.win32 @@ -6,7 +6,7 @@ These are the instructions for installing Ethereal from the installation executable that is provided on the Wireshark website at: -http://www.ethereal.com/distribution/win32 +http://www.wireshark.org/download/win32 and any of its mirrors. @@ -96,7 +96,7 @@ Developer's Guide You can find a comprehensive guide how to develop Ethereal in the Developer's Guide, which you can find (and much more info) at: -http://wiki.ethereal.com/Development +http://wiki.wireshark.org/Development The guide contains detailed information how to setup the development environment and it's usage. @@ -153,7 +153,7 @@ This will first check the availability of all required tools and then uses the tool wget to download each package file (together around 30MB!) from the server location at: - http://anonsvn.ethereal.com/ethereal-win32-libs/trunk/packages/ + http://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/ and unpack it in the $WIRESHARK_LIBS directory. @@ -174,7 +174,7 @@ packages contain header files and stub libraries to link against. PRECOMPILED VERSIONS OF ALL OF THESE PACKAGES ARE AVAILABLE AT: - http://anonsvn.ethereal.com/ethereal-win32-libs/trunk/packages/ + http://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/ The GLIB, GTK+, iconv, gettext packages for win32 can be found at the home @@ -207,7 +207,7 @@ The optional zlib package for win32 is available at its homepage: By default, the build process looks for these packages in -C:\ethereal-win32-libs. You can place them in a different directory, but +C:\wireshark-win32-libs. You can place them in a different directory, but you must update the WIRESHARK_LIBS variable in config.nmake accordingly. The following lists the packages needed to compile Ethereal and the default @@ -215,28 +215,28 @@ locations where to unpack them, when the above method isn't used. Package Default Location ------- ---------------- - glib-2.4.7.zip C:\ethereal-win32-libs\glib - glib-dev-2.4.7.zip C:\ethereal-win32-libs\glib - gtk+-1.3.0-20030717.zip C:\ethereal-win32-libs\gtk+ - gtk+-dev-1.3.0-20030115.zip C:\ethereal-win32-libs\gtk+ - libiconv-1.9.1.bin.woe32.zip C:\ethereal-win32-libs\libiconv-1.9.1.bin.woe32 - gettext-runtime-0.13.1.zip C:\ethereal-win32-libs\gettext-runtime-0.13.1 - net-snmp-5.2.1.2.zip C:\ethereal-win32-libs - wpdpack_3_0.zip C:\ethereal-win32-libs + glib-2.4.7.zip C:\wireshark-win32-libs\glib + glib-dev-2.4.7.zip C:\wireshark-win32-libs\glib + gtk+-1.3.0-20030717.zip C:\wireshark-win32-libs\gtk+ + gtk+-dev-1.3.0-20030115.zip C:\wireshark-win32-libs\gtk+ + libiconv-1.9.1.bin.woe32.zip C:\wireshark-win32-libs\libiconv-1.9.1.bin.woe32 + gettext-runtime-0.13.1.zip C:\wireshark-win32-libs\gettext-runtime-0.13.1 + net-snmp-5.2.1.2.zip C:\wireshark-win32-libs + wpdpack_3_0.zip C:\wireshark-win32-libs and optional: - adns-1.0-win32-04.zip C:\ethereal-win32-libs - pcre-4.4.zip C:\ethereal-win32-libs - zlib123-dll.zip C:\ethereal-win32-libs\zlib123-dll + adns-1.0-win32-04.zip C:\wireshark-win32-libs + pcre-4.4.zip C:\wireshark-win32-libs + zlib123-dll.zip C:\wireshark-win32-libs\zlib123-dll (to use the default locations, the directories in question should be created, and each zip file should be unpacked into the corresponding -directory). If you only want to change the C:\ethereal-win32-libs +directory). If you only want to change the C:\wireshark-win32-libs part, you just change the setting of WIRESHARK_LIBS in config.nmake; if you want to change subdirectories, you'll have to change the individual item for a package. (Note that some zip files create the subdirectory - -those zip files just have C:\ethereal-win32-libs in the list above - so +those zip files just have C:\wireshark-win32-libs in the list above - so if you don't want the package to be in that subdirectory, you'd have to rename the directory.) @@ -254,7 +254,7 @@ GTK+2 will look better in various ways, especially for WIN32 users. You can get the required libraries from: -http://www.ethereal.com/distribution/win32/development/gtk2 +http://www.wireshark.org/distribution/win32/development/gtk2 or (like the GTK+1 libraries from the GTK+ for Win32 project): @@ -264,16 +264,16 @@ If you want to try a build with GTK+2.x these Extra libraries are needed Package Default Location ------- ---------------- - gtk+-2.4.14.zip C:\ethereal-win32-libs\gtk2 - gtk+-dev-2.4.14.zip C:\ethereal-win32-libs\gtk2 - pango-1.4.1.zip C:\ethereal-win32-libs\gtk2 - pango-dev-1.4.1.zip C:\ethereal-win32-libs\gtk2 - atk-1.6.0.zip C:\ethereal-win32-libs\gtk2 - atk-dev-1.6.0.zip C:\ethereal-win32-libs\gtk2 + gtk+-2.4.14.zip C:\wireshark-win32-libs\gtk2 + gtk+-dev-2.4.14.zip C:\wireshark-win32-libs\gtk2 + pango-1.4.1.zip C:\wireshark-win32-libs\gtk2 + pango-dev-1.4.1.zip C:\wireshark-win32-libs\gtk2 + atk-1.6.0.zip C:\wireshark-win32-libs\gtk2 + atk-dev-1.6.0.zip C:\wireshark-win32-libs\gtk2 and optional: - gtk-wimp-0.7.0-bin.zip C:\ethereal-win32-libs\gtk-wimp + gtk-wimp-0.7.0-bin.zip C:\wireshark-win32-libs\gtk-wimp Be sure to set GTK2_DIR in config.nmake correct, to be able to compile. @@ -381,7 +381,7 @@ make-reg-dotc.py, packet*.c register.c Python make-tapreg-dotc, tap-*.c tshark-tap-register.c Bash + grep + sed -make-tapreg-dotc, tap files gtk/ethereal-tap-register.c +make-tapreg-dotc, tap files gtk/wireshark-tap-register.c in the gtk subdirectory Bash + grep + sed The Makefile.nmake supplied with the Wireshark distribution will, if @@ -434,7 +434,7 @@ and for a much smaller installer (using the lzma compression). In the ethereal directory, type "nmake -f makefile.nmake packaging" to build the installer. Please be patient while the compression is done, it will take some time even on fast machines. -You will hopefully now see something like ethereal-setup-0.10.12.exe in the dir packaging/nsis. +You will hopefully now see something like wireshark-setup-0.10.12.exe in the dir packaging/nsis. Installing GTK-Wimp @@ -542,7 +542,7 @@ To get it running, execute the following steps: $ make check $ make install -5. Patch Makefile.am in /gtk/Makefile.am by +5. Patch Makefile.am in /gtk/Makefile.am by removing "ethclist.c" from the dependencies. This patch is required since the private GTK+ clist widget @@ -567,7 +567,7 @@ To get it running, execute the following steps: 8. Run wireshark (add /opt/gnome/bin to $PATH if this is not yet done) - $ /ethereal + $ /ethereal And voila! Behold the mighty sniffer in all its glory! diff --git a/acinclude.m4 b/acinclude.m4 index 8a11f430b3..8ae007f0c4 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -51,7 +51,7 @@ dnl Franc,ois Pinard, Karl Berry, Richard Pixley, Ian Lance Taylor, dnl Roland McGrath, Noah Friedman, david d zuhn, and many others. # -# AC_ETHEREAL_ADD_DASH_L +# AC_WIRESHARK_ADD_DASH_L # # Add to the variable specified as the first argument a "-L" flag for the # directory specified as the second argument, and, on Solaris, add a @@ -60,7 +60,7 @@ dnl Roland McGrath, Noah Friedman, david d zuhn, and many others. # XXX - IRIX, and other OSes, may require some flag equivalent to # "-R" here. # -AC_DEFUN([AC_ETHEREAL_ADD_DASH_L], +AC_DEFUN([AC_WIRESHARK_ADD_DASH_L], [$1="$$1 -L$2" case "$host_os" in solaris*) @@ -71,23 +71,23 @@ esac # -# AC_ETHEREAL_STRUCT_SA_LEN +# AC_WIRESHARK_STRUCT_SA_LEN # dnl AC_STRUCT_ST_BLKSIZE extracted from the file in question, dnl "acspecific.m4" in GNU Autoconf 2.12, and turned into -dnl AC_ETHEREAL_STRUCT_SA_LEN, which checks if "struct sockaddr" +dnl AC_WIRESHARK_STRUCT_SA_LEN, which checks if "struct sockaddr" dnl has the 4.4BSD "sa_len" member, and defines HAVE_SA_LEN; that's dnl what's in this file. dnl Done by Guy Harris on 1998-11-14. dnl ### Checks for structure members -AC_DEFUN([AC_ETHEREAL_STRUCT_SA_LEN], -[AC_CACHE_CHECK([for sa_len in struct sockaddr], ac_cv_ethereal_struct_sa_len, +AC_DEFUN([AC_WIRESHARK_STRUCT_SA_LEN], +[AC_CACHE_CHECK([for sa_len in struct sockaddr], ac_cv_wireshark_struct_sa_len, [AC_TRY_COMPILE([#include #include ], [struct sockaddr s; s.sa_len;], -ac_cv_ethereal_struct_sa_len=yes, ac_cv_ethereal_struct_sa_len=no)]) -if test $ac_cv_ethereal_struct_sa_len = yes; then +ac_cv_wireshark_struct_sa_len=yes, ac_cv_wireshark_struct_sa_len=no)]) +if test $ac_cv_wireshark_struct_sa_len = yes; then AC_DEFINE(HAVE_SA_LEN, 1, [Define if sa_len field exists in struct sockaddr]) fi ]) @@ -96,7 +96,7 @@ fi dnl dnl Check whether a given format can be used to print 64-bit integers dnl -AC_DEFUN([AC_ETHEREAL_CHECK_64BIT_FORMAT], +AC_DEFUN([AC_WIRESHARK_CHECK_64BIT_FORMAT], [ AC_MSG_CHECKING([whether %$1x can be used to format 64-bit integers]) AC_RUN_IFELSE( @@ -137,11 +137,11 @@ AC_DEFUN([AC_ETHEREAL_CHECK_64BIT_FORMAT], ]) # -# AC_ETHEREAL_IPV6_STACK +# AC_WIRESHARK_IPV6_STACK # # By Jun-ichiro "itojun" Hagino, # -AC_DEFUN([AC_ETHEREAL_IPV6_STACK], +AC_DEFUN([AC_WIRESHARK_IPV6_STACK], [ v6type=unknown v6lib=none @@ -243,7 +243,7 @@ yes ]) # -# AC_ETHEREAL_GETHOSTBY_LIB_CHECK +# AC_WIRESHARK_GETHOSTBY_LIB_CHECK # # Checks whether we need "-lnsl" to get "gethostby*()", which we use # in "resolv.c". @@ -252,7 +252,7 @@ yes # GNU Autoconf 2.13; the comment came from there. # Done by Guy Harris on 2000-01-14. # -AC_DEFUN([AC_ETHEREAL_GETHOSTBY_LIB_CHECK], +AC_DEFUN([AC_WIRESHARK_GETHOSTBY_LIB_CHECK], [ # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT, # to get the SysV transport functions. @@ -266,7 +266,7 @@ AC_DEFUN([AC_ETHEREAL_GETHOSTBY_LIB_CHECK], ]) # -# AC_ETHEREAL_SOCKET_LIB_CHECK +# AC_WIRESHARK_SOCKET_LIB_CHECK # # Checks whether we need "-lsocket" to get "socket()", which is used # by libpcap on some platforms - and, in effect, "gethostby*()" on @@ -279,7 +279,7 @@ AC_DEFUN([AC_ETHEREAL_GETHOSTBY_LIB_CHECK], # # We use "connect" because that's what AC_PATH_XTRA did. # -AC_DEFUN([AC_ETHEREAL_SOCKET_LIB_CHECK], +AC_DEFUN([AC_WIRESHARK_SOCKET_LIB_CHECK], [ # lieder@skyler.mavd.honeywell.com says without -lsocket, # socket/setsockopt and other routines are undefined under SCO ODT @@ -295,9 +295,9 @@ AC_DEFUN([AC_ETHEREAL_SOCKET_LIB_CHECK], ]) # -# AC_ETHEREAL_PCAP_CHECK +# AC_WIRESHARK_PCAP_CHECK # -AC_DEFUN([AC_ETHEREAL_PCAP_CHECK], +AC_DEFUN([AC_WIRESHARK_PCAP_CHECK], [ if test -z "$pcap_dir" then @@ -355,7 +355,7 @@ AC_DEFUN([AC_ETHEREAL_PCAP_CHECK], # CFLAGS="$CFLAGS -I$pcap_dir/include" CPPFLAGS="$CPPFLAGS -I$pcap_dir/include" - AC_ETHEREAL_ADD_DASH_L(LDFLAGS, $pcap_dir/lib) + AC_WIRESHARK_ADD_DASH_L(LDFLAGS, $pcap_dir/lib) fi # Pcap header check @@ -375,7 +375,7 @@ and did you also install that package?]])) PCAP_LIBS=-lpcap AC_DEFINE(HAVE_LIBPCAP, 1, [Define to use libpcap library]) ], [ - ac_ethereal_extras_found=no + ac_wireshark_extras_found=no ac_save_LIBS="$LIBS" for extras in "-lcfg -lodm" "-lpfring" do @@ -392,7 +392,7 @@ and did you also install that package?]])) pcap_open_live(NULL, 0, 0, 0, NULL); ], [ - ac_ethereal_extras_found=yes + ac_wireshark_extras_found=yes AC_MSG_RESULT([yes]) PCAP_LIBS="-lpcap $extras" AC_DEFINE(HAVE_LIBPCAP, 1, [Define to use libpcap library]) @@ -400,12 +400,12 @@ and did you also install that package?]])) [ AC_MSG_RESULT([no]) ]) - if test x$ac_ethereal_extras_found = xyes + if test x$ac_wireshark_extras_found = xyes then break fi done - if test x$ac_ethereal_extras_found = xno + if test x$ac_wireshark_extras_found = xno then AC_MSG_ERROR([Can't link with library libpcap.]) fi @@ -493,9 +493,9 @@ and did you also install that package?]])) ]) # -# AC_ETHEREAL_ZLIB_CHECK +# AC_WIRESHARK_ZLIB_CHECK # -AC_DEFUN([AC_ETHEREAL_ZLIB_CHECK], +AC_DEFUN([AC_WIRESHARK_ZLIB_CHECK], [ if test "x$zlib_dir" != "x" then @@ -511,12 +511,12 @@ AC_DEFUN([AC_ETHEREAL_ZLIB_CHECK], # as the compiler and/or linker will search that other # directory before it searches the specified directory. # - ethereal_save_CFLAGS="$CFLAGS" + wireshark_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -I$zlib_dir/include" - ethereal_save_CPPFLAGS="$CPPFLAGS" + wireshark_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -I$zlib_dir/include" - ethereal_save_LIBS="$LIBS" - AC_ETHEREAL_ADD_DASH_L(LIBS, $zlib_dir/lib) + wireshark_save_LIBS="$LIBS" + AC_WIRESHARK_ADD_DASH_L(LIBS, $zlib_dir/lib) fi # @@ -589,8 +589,8 @@ AC_DEFUN([AC_ETHEREAL_ZLIB_CHECK], # LIBS. # LIBS="" - AC_ETHEREAL_ADD_DASH_L(LIBS, $zlib_dir/lib) - LIBS="$LIBS -lz $ethereal_save_LIBS" + AC_WIRESHARK_ADD_DASH_L(LIBS, $zlib_dir/lib) + LIBS="$LIBS -lz $wireshark_save_LIBS" else LIBS="-lz $LIBS" fi @@ -605,9 +605,9 @@ AC_DEFUN([AC_ETHEREAL_ZLIB_CHECK], # zlib there, or didn't find a zlib that # contains gzgets there. # - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" - LIBS="$ethereal_save_LIBS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" + LIBS="$wireshark_save_LIBS" fi want_zlib=no ]) @@ -647,9 +647,9 @@ AC_DEFUN([AC_ETHEREAL_ZLIB_CHECK], ]) # -# AC_ETHEREAL_LIBPCRE_CHECK +# AC_WIRESHARK_LIBPCRE_CHECK # -AC_DEFUN([AC_ETHEREAL_LIBPCRE_CHECK], +AC_DEFUN([AC_WIRESHARK_LIBPCRE_CHECK], [ if test "x$pcre_dir" != "x" then @@ -665,13 +665,13 @@ AC_DEFUN([AC_ETHEREAL_LIBPCRE_CHECK], # as the compiler and/or linker will search that other # directory before it searches the specified directory. # - ethereal_save_CFLAGS="$CFLAGS" + wireshark_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -I$pcre_dir/include" - ethereal_save_CPPFLAGS="$CPPFLAGS" + wireshark_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -I$pcre_dir/include" - ethereal_save_LIBS="$LIBS" + wireshark_save_LIBS="$LIBS" LIBS="$LIBS -lpcre" - ethereal_save_LDFLAGS="$LDFLAGS" + wireshark_save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -L$pcre_dir/lib" fi @@ -726,7 +726,7 @@ AC_DEFUN([AC_ETHEREAL_LIBPCRE_CHECK], # the beginning of CFLAGS, CPPFLAGS, # LDFLAGS, and LIBS. # - PCRE_LIBS="-L$pcre_dir/lib -lpcre $ethereal_save_LIBS" + PCRE_LIBS="-L$pcre_dir/lib -lpcre $wireshark_save_LIBS" else PCRE_LIBS="-lpcre" fi @@ -740,10 +740,10 @@ AC_DEFUN([AC_ETHEREAL_LIBPCRE_CHECK], # "--with-pcre=" directory, as we didn't # actually find pcre there. # - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" - LDFLAGS="$ethereal_save_LDFLAGS" - LIBS="$ethereal_save_LIBS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" + LDFLAGS="$wireshark_save_LDFLAGS" + LIBS="$wireshark_save_LIBS" PCRE_LIBS="" fi want_pcre=no @@ -753,9 +753,9 @@ AC_DEFUN([AC_ETHEREAL_LIBPCRE_CHECK], ]) # -# AC_ETHEREAL_LIBLUA_CHECK +# AC_WIRESHARK_LIBLUA_CHECK # -AC_DEFUN([AC_ETHEREAL_LIBLUA_CHECK],[ +AC_DEFUN([AC_WIRESHARK_LIBLUA_CHECK],[ if test "x$lua_dir" != "x" then @@ -771,23 +771,23 @@ AC_DEFUN([AC_ETHEREAL_LIBLUA_CHECK],[ # as the compiler and/or linker will search that other # directory before it searches the specified directory. # - ethereal_save_CFLAGS="$CFLAGS" + wireshark_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -I$lua_dir/include" - ethereal_save_CPPFLAGS="$CPPFLAGS" + wireshark_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -I$lua_dir/include" - ethereal_save_LIBS="$LIBS" + wireshark_save_LIBS="$LIBS" LIBS="$LIBS -L$lua_dir/lib -llua" - ethereal_save_LDFLAGS="$LDFLAGS" + wireshark_save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -L$lua_dir/lib" else # # The user specified no directory in which liblua resides, # so just add "-llua -lliblua" to the used libs. # - ethereal_save_CFLAGS="$CFLAGS" - ethereal_save_CPPFLAGS="$CPPFLAGS" - ethereal_save_LDFLAGS="$LDFLAGS" - ethereal_save_LIBS="$LIBS" + wireshark_save_CFLAGS="$CFLAGS" + wireshark_save_CPPFLAGS="$CPPFLAGS" + wireshark_save_LDFLAGS="$LDFLAGS" + wireshark_save_LIBS="$LIBS" LIBS="$LIBS -llua" fi @@ -868,7 +868,7 @@ AC_DEFUN([AC_ETHEREAL_LIBLUA_CHECK],[ # do we have 5.1? # - LIBS="$ethereal_save_LIBS $LUA_LIBS" + LIBS="$wireshark_save_LIBS $LUA_LIBS" AC_CHECK_LIB(lua, luaL_register, [ @@ -888,10 +888,10 @@ AC_DEFUN([AC_ETHEREAL_LIBLUA_CHECK],[ # "--with-lua=" directory, as we didn't # actually find lua there. # - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" - LDFLAGS="$ethereal_save_LDFLAGS" - LIBS="$ethereal_save_LIBS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" + LDFLAGS="$wireshark_save_LDFLAGS" + LIBS="$wireshark_save_LIBS" LUA_LIBS="" fi # User requested --with-lua but it isn't available @@ -909,10 +909,10 @@ AC_DEFUN([AC_ETHEREAL_LIBLUA_CHECK],[ # "--with-lua=" directory, as we didn't # actually find lua there. # - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" - LDFLAGS="$ethereal_save_LDFLAGS" - LIBS="$ethereal_save_LIBS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" + LDFLAGS="$wireshark_save_LDFLAGS" + LIBS="$wireshark_save_LIBS" LUA_LIBS="" # User requested --with-lua but it isn't available if test "x$want_lua" = "xyes" @@ -922,10 +922,10 @@ AC_DEFUN([AC_ETHEREAL_LIBLUA_CHECK],[ want_lua=no ]) - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" - LDFLAGS="$ethereal_save_LDFLAGS" - LIBS="$ethereal_save_LIBS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" + LDFLAGS="$wireshark_save_LDFLAGS" + LIBS="$wireshark_save_LIBS" AC_SUBST(LUA_LIBS) AC_SUBST(LUA_INCLUDES) @@ -933,9 +933,9 @@ AC_DEFUN([AC_ETHEREAL_LIBLUA_CHECK],[ ]) # -# AC_ETHEREAL_NETSNMP_CHECK +# AC_WIRESHARK_NETSNMP_CHECK # -AC_DEFUN([AC_ETHEREAL_NETSNMP_CHECK], +AC_DEFUN([AC_WIRESHARK_NETSNMP_CHECK], [ dnl get the net-snmp-config binary if test "x$netsnmpconfig" = "x" ; then @@ -970,8 +970,8 @@ AC_DEFUN([AC_ETHEREAL_NETSNMP_CHECK], # searching for the Net-SNMP headers, we look in whatever # directory that output specifies. # - ethereal_save_CFLAGS="$CFLAGS" - ethereal_save_CPPFLAGS="$CPPFLAGS" + wireshark_save_CFLAGS="$CFLAGS" + wireshark_save_CPPFLAGS="$CPPFLAGS" CFLAGS="$CFLAGS `$NETSNMPCONFIG --cflags`" CPPFLAGS="$CPPFLAGS `$NETSNMPCONFIG --cflags`" @@ -984,8 +984,8 @@ AC_DEFUN([AC_ETHEREAL_NETSNMP_CHECK], else AC_MSG_RESULT(Net-SNMP requires openssl but ssl not enabled - disabling Net-SNMP) fi - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" SNMP_LIBS= else AC_DEFINE(HAVE_NET_SNMP, 1, [Define to enable support for Net-SNMP]) @@ -1001,17 +1001,17 @@ AC_DEFUN([AC_ETHEREAL_NETSNMP_CHECK], # of '$NETSNMPCONFIG --cflags", as we # didn't actually find Net-SNMP there. # - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" fi fi fi ]) # -# AC_ETHEREAL_UCDSNMP_CHECK +# AC_WIRESHARK_UCDSNMP_CHECK # -AC_DEFUN([AC_ETHEREAL_UCDSNMP_CHECK], +AC_DEFUN([AC_WIRESHARK_UCDSNMP_CHECK], [ if test "x$ucdsnmp_dir" != "x" then @@ -1029,7 +1029,7 @@ AC_DEFUN([AC_ETHEREAL_UCDSNMP_CHECK], # CFLAGS="$CFLAGS -I$ucdsnmp_dir/include" CPPFLAGS="$CPPFLAGS -I$ucdsnmp_dir/include" - AC_ETHEREAL_ADD_DASH_L(LDFLAGS, $ucdsnmp_dir/lib) + AC_WIRESHARK_ADD_DASH_L(LDFLAGS, $ucdsnmp_dir/lib) fi # @@ -1059,7 +1059,7 @@ AC_DEFUN([AC_ETHEREAL_UCDSNMP_CHECK], # needed after the library *and* to cache all that # information. # - ethereal_save_LIBS="$LIBS" + wireshark_save_LIBS="$LIBS" found_sprint_realloc_objid=no for extras in "" "-L/usr/kerberos/lib -ldes425" "-lkstat" do @@ -1116,7 +1116,7 @@ AC_DEFUN([AC_ETHEREAL_UCDSNMP_CHECK], fi ]) done - LIBS="$ethereal_save_LIBS" + LIBS="$wireshark_save_LIBS" # # If we didn't find "sprint_realloc_objid()", fail. @@ -1146,13 +1146,13 @@ AC_DEFUN([AC_ETHEREAL_UCDSNMP_CHECK], ]) # -# AC_ETHEREAL_RPM_CHECK +# AC_WIRESHARK_RPM_CHECK # Looks for the rpm program, and checks to see if we can redefine "_topdir". # -AC_DEFUN([AC_ETHEREAL_RPM_CHECK], +AC_DEFUN([AC_WIRESHARK_RPM_CHECK], [ - AC_CHECK_PROG(ac_cv_ethereal_have_rpm, rpm, "yes", "no") - if test "x$ac_cv_ethereal_have_rpm" = "xyes"; then + AC_CHECK_PROG(ac_cv_wireshark_have_rpm, rpm, "yes", "no") + if test "x$ac_cv_wireshark_have_rpm" = "xyes"; then rpm --define '_topdir /tmp' > /dev/null 2>&1 AC_MSG_CHECKING(to see if we can redefine _topdir) if test $? -eq 0 ; then @@ -1166,10 +1166,10 @@ AC_DEFUN([AC_ETHEREAL_RPM_CHECK], ]) # -# AC_ETHEREAL_GNU_SED_CHECK +# AC_WIRESHARK_GNU_SED_CHECK # Checks if GNU sed is the first sed in PATH. # -AC_DEFUN([AC_ETHEREAL_GNU_SED_CHECK], +AC_DEFUN([AC_WIRESHARK_GNU_SED_CHECK], [ AC_MSG_CHECKING(for GNU sed as first sed in PATH) if ( sh -c "sed --version" /dev/null | grep "GNU sed" 2>&1 > /dev/null ) ; then @@ -1182,9 +1182,9 @@ AC_DEFUN([AC_ETHEREAL_GNU_SED_CHECK], ]) # -# AC_ETHEREAL_ADNS_CHECK +# AC_WIRESHARK_ADNS_CHECK # -AC_DEFUN([AC_ETHEREAL_ADNS_CHECK], +AC_DEFUN([AC_WIRESHARK_ADNS_CHECK], [ want_adns=defaultyes @@ -1192,7 +1192,7 @@ AC_DEFUN([AC_ETHEREAL_ADNS_CHECK], want_adns=yes withval=/usr/local if test -d "$withval"; then - AC_ETHEREAL_ADD_DASH_L(LDFLAGS, ${withval}/lib) + AC_WIRESHARK_ADD_DASH_L(LDFLAGS, ${withval}/lib) fi fi @@ -1211,12 +1211,12 @@ AC_DEFUN([AC_ETHEREAL_ADNS_CHECK], # -# AC_ETHEREAL_KRB5_CHECK +# AC_WIRESHARK_KRB5_CHECK # -AC_DEFUN([AC_ETHEREAL_KRB5_CHECK], +AC_DEFUN([AC_WIRESHARK_KRB5_CHECK], [ - ethereal_save_CFLAGS="$CFLAGS" - ethereal_save_CPPFLAGS="$CPPFLAGS" + wireshark_save_CFLAGS="$CFLAGS" + wireshark_save_CPPFLAGS="$CPPFLAGS" if test "x$krb5_dir" != "x" then # @@ -1332,7 +1332,7 @@ AC_DEFUN([AC_ETHEREAL_KRB5_CHECK], # the Kerberos library. # AC_MSG_RESULT($ac_krb5_version) - ethereal_save_LIBS="$LIBS" + wireshark_save_LIBS="$LIBS" found_krb5_kt_resolve=no for extras in "" "-lresolv" do @@ -1391,8 +1391,8 @@ AC_DEFUN([AC_ETHEREAL_KRB5_CHECK], # from before we added the flags for Kerberos. # AC_MSG_RESULT(Usable $ac_krb5_version not found - disabling dissection for some kerberos data in packet decoding) - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" KRB5_LIBS="" want_krb5=no fi @@ -1424,7 +1424,7 @@ AC_DEFUN([AC_ETHEREAL_KRB5_CHECK], AC_MSG_RESULT(no) ]) fi - LIBS="$ethereal_save_LIBS" + LIBS="$wireshark_save_LIBS" else # # It's not Heimdal or MIT. @@ -1443,8 +1443,8 @@ AC_DEFUN([AC_ETHEREAL_KRB5_CHECK], # from before we added the flags for Kerberos. # AC_MSG_RESULT(Kerberos not found - disabling dissection for some kerberos data in packet decoding) - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" KRB5_LIBS="" want_krb5=no fi @@ -1458,8 +1458,8 @@ AC_DEFUN([AC_ETHEREAL_KRB5_CHECK], # Restore the versions of CFLAGS and CPPFLAGS # from before we added the flags for Kerberos. # - CFLAGS="$ethereal_save_CFLAGS" - CPPFLAGS="$ethereal_save_CPPFLAGS" + CFLAGS="$wireshark_save_CFLAGS" + CPPFLAGS="$wireshark_save_CPPFLAGS" KRB5_LIBS="" want_krb5=no fi diff --git a/cfilters b/cfilters index 5fecfb8865..aeed9a2a64 100644 --- a/cfilters +++ b/cfilters @@ -10,4 +10,4 @@ "TCP or UDP port 80 (HTTP)" port 80 "HTTP TCP port (80)" tcp port http "No ARP and no DNS" not arp and port not 53 -"Non-HTTP and non-SMTP to/from www.ethereal.com" not port 80 and not port 25 and host www.ethereal.com +"Non-HTTP and non-SMTP to/from www.wireshark.org" not port 80 and not port 25 and host www.wireshark.org diff --git a/configure.in b/configure.in index bb1b84c393..0abc39c398 100644 --- a/configure.in +++ b/configure.in @@ -116,7 +116,7 @@ else fi AC_SUBST(HAVE_SVR4_PACKAGING) -AC_ETHEREAL_RPM_CHECK +AC_WIRESHARK_RPM_CHECK AC_SUBST(HAVE_RPM) # @@ -134,12 +134,12 @@ AC_ARG_WITH(extra-gcc-checks, [ if test $withval != no then - ethereal_extra_gcc_flags=" -Wcast-qual -Wcast-align -Wbad-function-cast -pedantic -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings" + wireshark_extra_gcc_flags=" -Wcast-qual -Wcast-align -Wbad-function-cast -pedantic -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings" fi ],) -AC_MSG_CHECKING(to see if we can add '-Wall -W $ethereal_extra_gcc_flags' to CFLAGS) +AC_MSG_CHECKING(to see if we can add '-Wall -W $wireshark_extra_gcc_flags' to CFLAGS) if test x$GCC != x ; then - CFLAGS="-D_U_=\"__attribute__((unused))\" -Wall -Wpointer-arith -W $ethereal_extra_gcc_flags $CFLAGS" + CFLAGS="-D_U_=\"__attribute__((unused))\" -Wall -Wpointer-arith -W $wireshark_extra_gcc_flags $CFLAGS" AC_MSG_RESULT(yes) else CFLAGS="-D_U_=\"\" $CFLAGS" @@ -281,7 +281,7 @@ if test "x$ac_cv_enable_usr_local" = "xyes" ; then # # Arrange that we search for libraries in "/usr/local/lib". # - AC_ETHEREAL_ADD_DASH_L(LDFLAGS, /usr/local/lib) + AC_WIRESHARK_ADD_DASH_L(LDFLAGS, /usr/local/lib) else AC_MSG_RESULT(no) fi @@ -314,7 +314,7 @@ esac # # Add any checks here that are necessary for other OSes. # -AC_ETHEREAL_GNU_SED_CHECK +AC_WIRESHARK_GNU_SED_CHECK if test "$HAVE_GNU_SED" = no ; then case "$host_os" in solaris*) @@ -401,8 +401,8 @@ fi # if test "$GTK_OK" = "no" ; then enable_ethereal="no" - ethereal_bin="" - ethereal_man="" + wireshark_bin="" + wireshark_man="" # Honor GLIB_CFLAGS if test "x$enable_gtk2" = "xyes" ; then AM_PATH_GLIB_2_0(2.0.0, CFLAGS="$CFLAGS $GLIB_CFLAGS", AC_MSG_ERROR(GLib2 distribution not found.), gmodule) @@ -410,9 +410,9 @@ if test "$GTK_OK" = "no" ; then AM_PATH_GLIB(1.2.0, CFLAGS="$CFLAGS $GLIB_CFLAGS", AC_MSG_ERROR(GLib distribution not found.), gmodule) fi else - ethereal_bin="ethereal\$(EXEEXT)" - ethereal_man="ethereal.1" - ethereal_SUBDIRS="gtk" + wireshark_bin="ethereal\$(EXEEXT)" + wireshark_man="ethereal.1" + wireshark_SUBDIRS="gtk" # Honor GLIB_CFLAGS if test "$GTK_OK" = "two" ; then AM_PATH_GLIB_2_0(2.0.0, , AC_MSG_ERROR(GLib distribution not found.), gmodule) @@ -488,11 +488,11 @@ AC_CHECK_HEADERS(inttypes.h, ], [ AC_MSG_RESULT(yes) - ac_ethereal_inttypes_h_defines_formats=yes + ac_wireshark_inttypes_h_defines_formats=yes ], [ AC_MSG_RESULT(no) - ac_ethereal_inttypes_h_defines_formats=no + ac_wireshark_inttypes_h_defines_formats=no ]) ], [ @@ -500,16 +500,16 @@ AC_CHECK_HEADERS(inttypes.h, # We don't have inttypes.h, so it obviously can't define those # macros. # - ac_ethereal_inttypes_h_defines_formats=no + ac_wireshark_inttypes_h_defines_formats=no ]) -if test "$ac_ethereal_inttypes_h_defines_formats" = yes; then +if test "$ac_wireshark_inttypes_h_defines_formats" = yes; then AC_DEFINE(INTTYPES_H_DEFINES_FORMATS,,[Define if defines PRI[doxu]64 macros]) else - AC_ETHEREAL_CHECK_64BIT_FORMAT(ll, + AC_WIRESHARK_CHECK_64BIT_FORMAT(ll, [ - AC_ETHEREAL_CHECK_64BIT_FORMAT(L, + AC_WIRESHARK_CHECK_64BIT_FORMAT(L, [ - AC_ETHEREAL_CHECK_64BIT_FORMAT(q, + AC_WIRESHARK_CHECK_64BIT_FORMAT(q, [ AC_MSG_ERROR([neither %llx nor %Lx nor %qx worked on a 64-bit integer]) ]) @@ -517,8 +517,8 @@ else ]) fi -AC_SUBST(ethereal_bin) -AC_SUBST(ethereal_man) +AC_SUBST(wireshark_bin) +AC_SUBST(wireshark_man) rdps_bin="rdps\$(EXEEXT)" AC_SUBST(rdps_bin) @@ -532,14 +532,14 @@ AC_ARG_ENABLE(tshark, if test "x$enable_tshark" = "xyes" ; then tshark_bin="tshark\$(EXEEXT)" tshark_man="tshark.1" - etherealfilter_man="ethereal-filter.4" + wiresharkfilter_man="wireshark-filter.4" else tshark_bin="" tshark_man="" fi AC_SUBST(tshark_bin) AC_SUBST(tshark_man) -AC_SUBST(etherealfilter_man) +AC_SUBST(wiresharkfilter_man) @@ -666,11 +666,11 @@ AC_SUBST(randpkt_bin) dnl Checks for "gethostbyname()" - and "-lnsl", if we need it to get dnl "gethostbyname()". -AC_ETHEREAL_GETHOSTBY_LIB_CHECK +AC_WIRESHARK_GETHOSTBY_LIB_CHECK dnl Checks for "connect()", used as a proxy for "socket()" - and dnl "-lsocket", if we need it to get "connect()". -AC_ETHEREAL_SOCKET_LIB_CHECK +AC_WIRESHARK_SOCKET_LIB_CHECK dnl pcap check AC_MSG_CHECKING(whether to use libpcap for packet capture) @@ -696,7 +696,7 @@ if test "x$want_pcap" = "xno" ; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - AC_ETHEREAL_PCAP_CHECK + AC_WIRESHARK_PCAP_CHECK fi dnl zlib check @@ -726,7 +726,7 @@ if test "x$want_zlib" = "xno" ; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - AC_ETHEREAL_ZLIB_CHECK + AC_WIRESHARK_ZLIB_CHECK if test "x$want_zlib" = "xno" ; then AC_MSG_RESULT(zlib not found - disabling compressed capture file support) fi @@ -760,7 +760,7 @@ if test "x$want_pcre" = "xno" ; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - AC_ETHEREAL_LIBPCRE_CHECK + AC_WIRESHARK_LIBPCRE_CHECK if test "x$want_pcre" = "xno" ; then AC_MSG_RESULT(libpcre not found - disabling support for perl compatible regular expressions in dfilters) fi @@ -794,7 +794,7 @@ if test "x$want_lua" = "xno" ; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - AC_ETHEREAL_LIBLUA_CHECK + AC_WIRESHARK_LIBLUA_CHECK if test "x$want_lua" = "xno" ; then AC_MSG_RESULT(liblua not found - disabling support for the lua scripting plugin) fi @@ -811,7 +811,7 @@ if test "x$enable_ipv6" = "xno" ; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - AC_ETHEREAL_IPV6_STACK + AC_WIRESHARK_IPV6_STACK fi @@ -853,7 +853,7 @@ elif test "x$withval" = "xyes"; then want_ssl=yes elif test -d "$withval"; then want_ssl=yes - AC_ETHEREAL_ADD_DASH_L(LDFLAGS, ${withval}/lib) + AC_WIRESHARK_ADD_DASH_L(LDFLAGS, ${withval}/lib) fi ],[ want_ssl=no @@ -930,7 +930,7 @@ else else AC_MSG_RESULT(yes) fi - AC_ETHEREAL_NETSNMP_CHECK + AC_WIRESHARK_NETSNMP_CHECK fi # @@ -946,7 +946,7 @@ if test "x$have_net_snmp" != "xyes" ; then else AC_MSG_RESULT(yes) fi - AC_ETHEREAL_UCDSNMP_CHECK + AC_WIRESHARK_UCDSNMP_CHECK fi fi @@ -984,7 +984,7 @@ if test "x$want_krb5" = "xno" ; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - AC_ETHEREAL_KRB5_CHECK + AC_WIRESHARK_KRB5_CHECK fi @@ -1001,14 +1001,14 @@ elif test "x$withval" = "xyes"; then want_adns=yes elif test -d "$withval"; then want_adns=yes - AC_ETHEREAL_ADD_DASH_L(LDFLAGS, ${withval}/lib) + AC_WIRESHARK_ADD_DASH_L(LDFLAGS, ${withval}/lib) fi ]) if test "x$with_adns" = "xno" ; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - AC_ETHEREAL_ADNS_CHECK + AC_WIRESHARK_ADNS_CHECK fi AC_SUBST(ADNS_LIBS) @@ -1024,7 +1024,7 @@ dnl Checks for typedefs, structures, and compiler characteristics. # We need to know whether "struct sockaddr" has an "sa_len" member # for get_interface_list(). -AC_ETHEREAL_STRUCT_SA_LEN +AC_WIRESHARK_STRUCT_SA_LEN # We must know our byte order AC_C_BIGENDIAN @@ -1221,7 +1221,7 @@ AC_CHECK_FUNCS(issetugid) AC_CHECK_FUNCS(mmap mprotect sysconf) dnl blank for now, but will be used in future -AC_SUBST(ethereal_SUBDIRS) +AC_SUBST(wireshark_SUBDIRS) dnl dnl check whether plugins should be enabled and, if they should be, @@ -1312,7 +1312,7 @@ AC_OUTPUT( packaging/nsis/Makefile packaging/rpm/Makefile packaging/rpm/SPECS/Makefile - packaging/rpm/SPECS/ethereal.spec + packaging/rpm/SPECS/wireshark.spec packaging/svr4/Makefile packaging/svr4/checkinstall packaging/svr4/pkginfo diff --git a/debian/ethereal-common.manpages b/debian/ethereal-common.manpages index 202116ce92..3d8554192a 100644 --- a/debian/ethereal-common.manpages +++ b/debian/ethereal-common.manpages @@ -1,12 +1,12 @@ editcap.1 mergecap.1 text2pcap.1 -ethereal-filter.4 +wireshark-filter.4 editcap.1 mergecap.1 text2pcap.1 -ethereal-filter.4 +wireshark-filter.4 editcap.1 mergecap.1 diff --git a/debian/rules b/debian/rules index d3ea39cc21..84d90c0d90 100755 --- a/debian/rules +++ b/debian/rules @@ -62,7 +62,7 @@ clean: unpatch-stamp cp /usr/share/misc/config.guess /usr/share/misc/config.sub . -$(MAKE) distclean - rm -f rdps ethereal.1 tshark.1 idl2deb.1 ethereal-filter.4 asn2deb.1 + rm -f rdps ethereal.1 tshark.1 idl2deb.1 wireshark-filter.4 asn2deb.1 rm -f conftest conftest.c rm -f config.guess config.sub config.log @@ -88,7 +88,7 @@ binary-arch: build $(MAKE) install DESTDIR=`pwd`/debian/tmp mkdir -p `pwd`/debian/tmp/usr/share/applications/ cp ethereal.desktop `pwd`/debian/tmp/usr/share/applications/ - cp debian/ethereal-root.desktop `pwd`/debian/tmp/usr/share/applications/ + cp debian/wireshark-root.desktop `pwd`/debian/tmp/usr/share/applications/ mkdir -p `pwd`/debian/tmp/usr/share/pixmaps/ cp image/hi48-app-ethereal.png `pwd`/debian/tmp/usr/share/pixmaps/ cp image/eicon3d32.xpm `pwd`/debian/tmp/usr/share/pixmaps/ @@ -98,7 +98,7 @@ binary-arch: build cp `pwd`/ethereal_be.py `pwd`/ethereal_gen.py \ `pwd`/debian/tmp/usr/lib/$(PYTHON_VERSION)/site-packages/ mkdir -p `pwd`/debian/tmp/usr/include/ethereal/ - for F in `cat debian/ethereal-dev.header-files`; do \ + for F in `cat debian/wireshark-dev.header-files`; do \ cp --parents $$F `pwd`/debian/tmp/usr/include/ethereal; \ done # .a is no longer built; why was is used ? diff --git a/doc/Makefile.am b/doc/Makefile.am index bc44daac65..205438270d 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -24,20 +24,20 @@ # We include dependencies on ../config.h in order to # capture when $(VERSION) changes. -ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT - cat $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT > ethereal-tmp.pod +wireshark-tmp.pod: $(srcdir)/wireshark.pod $(top_builddir)/AUTHORS-SHORT-FORMAT + cat $(srcdir)/wireshark.pod $(top_builddir)/AUTHORS-SHORT-FORMAT > wireshark-tmp.pod -../ethereal.1: ethereal-tmp.pod ../config.h +../wireshark.1: wireshark-tmp.pod ../config.h $(POD2MAN) \ --center="The Wireshark Network Analyzer" \ --release=$(VERSION) \ - ethereal-tmp.pod | sed 's/ETHEREAL-TMP/ETHEREAL/' > ../ethereal.1 + wireshark-tmp.pod | sed 's/WIRESHARK-TMP/WIRESHARK/' > ../wireshark.1 -../ethereal.html: ethereal-tmp.pod ../config.h +../wireshark.html: wireshark-tmp.pod ../config.h $(POD2HTML) \ --title="The Wireshark Network Analyzer $(VERSION)" \ --noindex \ - ethereal-tmp.pod > ../ethereal.html + wireshark-tmp.pod > ../wireshark.html ../tshark.1: tshark.pod ../config.h $(POD2MAN) \ @@ -51,21 +51,21 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT --noindex \ $(srcdir)/tshark.pod > ../tshark.html -../ethereal-filter.4: ethereal-filter.pod ../config.h +../wireshark-filter.4: wireshark-filter.pod ../config.h $(POD2MAN) \ --section=4 \ --center="The Wireshark Network Analyzer" \ --release=$(VERSION) \ - ethereal-filter.pod > ../ethereal-filter.4 + wireshark-filter.pod > ../wireshark-filter.4 -../ethereal-filter.html: ethereal-filter.pod ../config.h +../wireshark-filter.html: wireshark-filter.pod ../config.h $(POD2HTML) \ - --title="ethereal-filter - The Wireshark Network Analyzer $(VERSION)" \ + --title="wireshark-filter - The Wireshark Network Analyzer $(VERSION)" \ --noindex \ - ethereal-filter.pod > ../ethereal-filter.html + wireshark-filter.pod > ../wireshark-filter.html -ethereal-filter.pod: ethereal-filter.pod.template ../tshark - ../tshark -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod +wireshark-filter.pod: wireshark-filter.pod.template ../tshark + ../tshark -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/wireshark-filter.pod.template > wireshark-filter.pod ../capinfos.1: capinfos.pod ../config.h $(POD2MAN) \ @@ -140,12 +140,12 @@ ethereal-filter.pod: ethereal-filter.pod.template ../tshark $(srcdir)/dumpcap.pod > ../dumpcap.html CLEANFILES = \ - ethereal-filter.pod \ - ethereal-tmp.pod \ - ../ethereal-filter.4 \ - ../ethereal-filter.html \ - ../ethereal.1 \ - ../ethereal.html \ + wireshark-filter.pod \ + wireshark-tmp.pod \ + ../wireshark-filter.4 \ + ../wireshark-filter.html \ + ../wireshark.1 \ + ../wireshark.html \ ../capinfos.1 \ ../capinfos.html \ ../editcap.1 \ diff --git a/doc/Makefile.nmake b/doc/Makefile.nmake index fc86a8bab9..3006598d9f 100644 --- a/doc/Makefile.nmake +++ b/doc/Makefile.nmake @@ -26,31 +26,31 @@ include ../config.nmake -doc: ethereal.html tshark.html ethereal-filter.html capinfos.html \ +doc: wireshark.html tshark.html wireshark-filter.html capinfos.html \ editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html -man: ethereal.1 tshark.1 ethereal-filter.4 capinfos.1 editcap.1 \ +man: wireshark.1 tshark.1 wireshark-filter.4 capinfos.1 editcap.1 \ idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1 -ethereal-tmp.pod: ethereal.pod ../AUTHORS-SHORT-FORMAT - copy /B ethereal.pod + ..\AUTHORS-SHORT-FORMAT ethereal-tmp.pod +wireshark-tmp.pod: wireshark.pod ../AUTHORS-SHORT-FORMAT + copy /B wireshark.pod + ..\AUTHORS-SHORT-FORMAT wireshark-tmp.pod ../AUTHORS-SHORT-FORMAT: cd .. $(MAKE) -f makefile.nmake AUTHORS-SHORT-FORMAT cd doc -ethereal.1: ethereal.pod ../config.h +wireshark.1: wireshark.pod ../config.h $(POD2MAN) \ --center="The Wireshark Network Analyzer" \ --release=$(VERSION) \ - ethereal-tmp.pod > ethereal.1 + wireshark-tmp.pod > wireshark.1 -ethereal.html: ethereal-tmp.pod ../config.h +wireshark.html: wireshark-tmp.pod ../config.h $(POD2HTML) \ --title="The Wireshark Network Analyzer $(VERSION)" \ --noindex \ - ethereal-tmp.pod > ethereal.html + wireshark-tmp.pod > wireshark.html ../tshark.exe: cd .. @@ -69,22 +69,22 @@ tshark.html: tshark.pod ../config.h --noindex \ tshark.pod > tshark.html -ethereal-filter.4: ethereal-filter.pod ../config.h +wireshark-filter.4: wireshark-filter.pod ../config.h $(POD2MAN) \ --center="The Wireshark Network Analyzer" \ --release=$(VERSION) \ - ethereal-filter.pod > ethereal.4 + wireshark-filter.pod > wireshark.4 -ethereal-filter.html: ethereal-filter.pod ../config.h +wireshark-filter.html: wireshark-filter.pod ../config.h $(POD2HTML) \ - --title="ethereal-filter - The Wireshark Network Analyzer $(VERSION)" \ + --title="wireshark-filter - The Wireshark Network Analyzer $(VERSION)" \ --noindex \ - ethereal-filter.pod > ethereal-filter.html + wireshark-filter.pod > wireshark-filter.html -ethereal-filter.pod: ethereal-filter.pod.template ../tshark.exe +wireshark-filter.pod: wireshark-filter.pod.template ../tshark.exe cd .. $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-deps - tshark.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod + tshark.exe -G | $(PERL) doc\dfilter2pod.pl doc\wireshark-filter.pod.template > doc\wireshark-filter.pod $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake clean-deps cd doc @@ -162,9 +162,9 @@ dumpcap.html: dumpcap.pod ../config.h dumpcap.pod > dumpcap.html clean: - rm -f ethereal.html ethereal.1 ethereal-tmp.pod + rm -f wireshark.html wireshark.1 wireshark-tmp.pod rm -f tshark.html tshark.1 - rm -f ethereal-filter.html ethereal-filter.4 ethereal-filter.pod + rm -f wireshark-filter.html wireshark-filter.4 wireshark-filter.pod rm -f capinfos.html capinfos.1 rm -f editcap.html editcap.1 rm -f idl2wrs.html idl2wrs.1 diff --git a/doc/README.binarytrees b/doc/README.binarytrees index c5c039a6d3..0561f8af71 100644 --- a/doc/README.binarytrees +++ b/doc/README.binarytrees @@ -13,12 +13,12 @@ Benefits of using binary trees are that they are incredibly fast for accessing data and they scale very well with good characteristics even to very large number of objects. -Ethereal provides its own version of red black binary trees designed in +Wireshark provides its own version of red black binary trees designed in particular to be easy to use and to eliminate most of the memory management often associated with such trees. The trees supported by wireshark are currently all created using SEasonal -storage which means that when you load a new trace into ethereal, the SEasonal +storage which means that when you load a new trace into wireshark, the SEasonal memory management will automatically release every single byte of data associated with the tree. @@ -34,8 +34,8 @@ void *se_tree_lookup32(se_tree_t *se_tree, guint32 key); 2.1 se_tree_create(int type, char *name); se_tree_create() is used to initialize a tree that will be automatically -cleared and reset everytime ethereal is resetting all SEasonal storage, -that is every time you load a new capture file into ethereal or when +cleared and reset everytime wireshark is resetting all SEasonal storage, +that is every time you load a new capture file into wireshark or when you rescan the entire capture file from scratch. Name is just a literal text string and serves no other purpose than making @@ -58,7 +58,7 @@ void proto_register_...(void) { } That is how easy it is to create a binary tree. You only need to create it once -when ethereal starts and the tree will remain there until you exit ethereal. +when wireshark starts and the tree will remain there until you exit wireshark. Everytime a new capture is loaded, all nodes allocated to the tree is automatically and the tree is reset without you having to do anything at all. @@ -89,7 +89,7 @@ This is very neat and makes real difficult to have memory leaks in your code. NOTE: When you insert items in the tree, it is very likely that you only want to add any data to the tree during the very first time you process a particular packet. -Ethereal may reprocess the same packet multiple times afterwards by the user +Wireshark may reprocess the same packet multiple times afterwards by the user clicking on the packet or for other reasons. You probably DO want to protect the insert call within an if statement such as @@ -175,7 +175,7 @@ until an array element where length==0 is found indicating the end of the array. NOTE: you MUST terminate the se_tree_key_t array by {0, NULL} -If you forget to do this ethereal will immediately crash. +If you forget to do this wireshark will immediately crash. NOTE: length indicates the number of guint32 values in the vector, not number of bytes. diff --git a/doc/README.capture b/doc/README.capture index 4a7786a908..855a642cc4 100644 --- a/doc/README.capture +++ b/doc/README.capture @@ -3,7 +3,7 @@ $Id$ This document is an attempt, to bring some light to the things done, when packet capturing is performed. There might be things missing, and others maybe wrong :-( The following will concentrate a bit on the win32 gtk -port of ethereal. +port of wireshark. XXX: when ongoing file reorganisation will be completed, the following diff --git a/doc/README.design b/doc/README.design index 94705b6797..c88d6307b7 100644 --- a/doc/README.design +++ b/doc/README.design @@ -1,21 +1,21 @@ $Id$ Unfortunately, the closest thing to a design document is the -"README.developer" document in the "doc" directory of the Ethereal +"README.developer" document in the "doc" directory of the Wireshark source tree; however, although that's useful for people adding new -protocol dissectors to Ethereal, it doesn't describe the operations of -the "core" of Ethereal. +protocol dissectors to Wireshark, it doesn't describe the operations of +the "core" of Wireshark. We have no document describing that; however, a quick summary of the part of the code you'd probably be working with is: - for every capture file that Ethereal has open, there's a - "capture_file" structure - Ethereal currently supports only one + for every capture file that Wireshark has open, there's a + "capture_file" structure - Wireshark currently supports only one open capture file at a time, and that structure is named "cfile" (see the "file.h" header file); that structure has a member "plist", which points to a - "frame_data" structure - every link-layer frame that Ethereal + "frame_data" structure - every link-layer frame that Wireshark has read in has a "frame_data" structure (see the "epan/packet.h" header file), the "plist" member of "cfile" points to the first frame, and each frame has a "next" member diff --git a/doc/README.developer b/doc/README.developer index fa7696d99a..0db5c847c9 100644 --- a/doc/README.developer +++ b/doc/README.developer @@ -1,7 +1,7 @@ $Id$ This file is a HOWTO for Wireshark developers. It describes how to start coding -a Ethereal protocol dissector and the use some of the important functions and +a Wireshark protocol dissector and the use some of the important functions and variables. 1. Setting up your protocol dissector code. @@ -14,12 +14,12 @@ add to the protocol tree, and work with registered header fields. 1.1.1 Portability. -Ethereal runs on many platforms, and can be compiled with a number of +Wireshark runs on many platforms, and can be compiled with a number of different compilers; here are some rules for writing code that will work on multiple platforms. Don't use C++-style comments (comments beginning with "//" and running -to the end of the line); Ethereal's dissectors are written in C, and +to the end of the line); Wireshark's dissectors are written in C, and thus run through C rather than C++ compilers, and not all C compilers support C++-style comments (GCC does, but IBM's C compiler for AIX, for example, doesn't do so by default). @@ -154,14 +154,14 @@ you might be able to get away with not including the appropriate header file on your platform but that might not work on other platforms. Instead, use "g_ntohs()", "g_ntohl()", "g_htons()", and "g_htonl()"; those are declared by , and you'll need to include that anyway, -as Ethereal header files that all dissectors must include use stuff from +as Wireshark header files that all dissectors must include use stuff from . Don't fetch a little-endian value using "tvb_get_ntohs() or "tvb_get_ntohl()" and then using "g_ntohs()", "g_htons()", "g_ntohl()", or "g_htonl()" on the resulting value - the g_ routines in question convert between network byte order (big-endian) and *host* byte order, -not *little-endian* byte order; not all machines on which Ethereal runs +not *little-endian* byte order; not all machines on which Wireshark runs are little-endian, even though PC's are. Fetch those values using "tvb_get_letohs()" and "tvb_get_letohl()". @@ -280,7 +280,7 @@ snprintf() is not available on all platforms, so it's a good idea to use the g_snprintf() function declared by instead. tmpnam() -> mkstemp() -tmpnam is insecure and should not be used any more. Ethereal brings its +tmpnam is insecure and should not be used any more. Wireshark brings its own mkstemp implementation for use on platforms that lack mkstemp. Note: mkstemp does not accept NULL as a parameter. @@ -295,7 +295,7 @@ cause a trap, which will, at best, result in the OS slowly performing an unaligned access for you, and will, on at least some platforms, cause the program to be terminated. -Ethereal supports both platforms with GLib 1.2[.x]/GTK+ 1.2[.x] and GLib +Wireshark supports both platforms with GLib 1.2[.x]/GTK+ 1.2[.x] and GLib 2.x/GTK+ 1.3[.x] and 2.x. If at all possible, either use only mechanisms that are present in GLib 1.2[.x] and GTK+ 1.2[.x], use #if's to conditionally use older or newer mechanisms depending on the platform @@ -406,7 +406,7 @@ the chunk of memory is derived from a size field in the packet, make sure all the data is present in the packet before allocating the buffer. Doing so means that - 1) Ethereal won't leak that chunk of memory if an attempt to + 1) Wireshark won't leak that chunk of memory if an attempt to fetch data not present in the packet throws an exception and @@ -426,7 +426,7 @@ from the buffer, and the string has a specified size, you can use string is present before allocating a buffer for the string, and will also put a trailing '\0' at the end of the buffer. The resulting string will be a sequence of single-byte characters; the only Unicode characters that -will be handled correctly are those in the ASCII range. (Ethereal's +will be handled correctly are those in the ASCII range. (Wireshark's ability to handle non-ASCII strings is limited; it needs to be improved.) @@ -447,7 +447,7 @@ buffer are fetched ("the protocol ensures" isn't good enough, as protocol specifications can't ensure only packets that conform to the specification will be transmitted or that only packets for the protocol in question will be interpreted as packets for that protocol by -Ethereal). If there's no maximum length of string data to be fetched, +Wireshark). If there's no maximum length of string data to be fetched, routines such as "tvb_get_*_string()" are safer, as they allocate a buffer large enough to hold the string. (Note that some variants of this call require you to free the string once you're finished with it.) @@ -496,8 +496,8 @@ much better to use the g_snprintf() function declared by instead. You should test your dissector against incorrectly-formed packets. This can be done using the randpkt and editcap utilities that come with the -Ethereal distribution. Testing using randpkt can be done by generating -output at the same layer as your protocol, and forcing Ethereal/TShark +Wireshark distribution. Testing using randpkt can be done by generating +output at the same layer as your protocol, and forcing Wireshark/TShark to decode it as your protocol, e.g. if your protocol sits on top of UDP: randpkt -c 50000 -t dns randpkt.pcap @@ -511,7 +511,7 @@ Testing using editcap can be done using preexisting capture files and the 1.1.4 Name convention. -Ethereal uses the underscore_convention rather than the InterCapConvention for +Wireshark uses the underscore_convention rather than the InterCapConvention for function names, so new code should probably use underscores rather than intercaps for functions and variable names. This is especially important if you are writing code that will be called from outside your code. We are just @@ -533,7 +533,7 @@ existing file. 1.2 Skeleton code. -Ethereal requires certain things when setting up a protocol dissector. +Wireshark requires certain things when setting up a protocol dissector. Below is skeleton code for a dissector that you can copy to a file and fill in. Your dissector should follow the naming convention of packet- followed by the abbreviated name for the protocol. It is recommended @@ -692,14 +692,14 @@ dissect_PROTOABBREV(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) In this mode, Wireshark is only interested in the way protocols interact, protocol conversations are created, packets are reassembled and handed over to higher-level protocol dissectors. - In this mode Ethereal does not build a so-called "protocol tree". + In this mode Wireshark does not build a so-called "protocol tree". (b) Detailed dissection In this mode, Wireshark is also interested in all details of a given protocol, so a "protocol tree" is created. - Ethereal distinguishes between the 2 modes with the proto_tree pointer: + Wireshark distinguishes between the 2 modes with the proto_tree pointer: (a) <=> tree == NULL (b) <=> tree != NULL @@ -751,7 +751,7 @@ dissect_PROTOABBREV(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } -/* Register the protocol with Ethereal */ +/* Register the protocol with Wireshark */ /* this format is require because a script is used to build the C function that calls all the protocol registration. @@ -1227,7 +1227,7 @@ registration of protocols and fields at run-time, loadable modules of protocol dissectors (perhaps even user-supplied) is feasible. To do this, each protocol should have a register routine, which will be -called when Ethereal starts. The code to call the register routines is +called when Wireshark starts. The code to call the register routines is generated automatically; to arrange that a protocol's register routine be called at startup: @@ -1463,7 +1463,7 @@ field would be set to NULL. FT_BOOLEANS have a default map of 0 = "False", 1 (or anything else) = "True". Sometimes it is useful to change the labels for boolean values (e.g., to "Yes"/"No", "Fast"/"Slow", etc.). For these mappings, a struct called -true_false_string is used. (This struct is new as of Ethereal 0.7.6). +true_false_string is used. (This struct is new as of Wireshark 0.7.6). typedef struct true_false_string { char *true_string; @@ -1546,7 +1546,7 @@ Also be sure to use the handy array_length() macro found in packet.h to have the compiler compute the array length for you at compile time. If you don't have any fields to register, do *NOT* create a zero-length -"hf" array; not all compilers used to compile Ethereal support them. +"hf" array; not all compilers used to compile Wireshark support them. Just omit the "hf" array, and the "proto_register_field_array()" call, entirely. @@ -1918,7 +1918,7 @@ The final implication of this is that display filters work the way you'd naturally expect them to. You'd type "sna.th.fid == 0xf" to find Adjacent Subarea Nodes. The user does not have to shift the value of the FID to the high nibble of the byte ("sna.th.fid == 0xf0") as was necessary -before Ethereal 0.7.6. +before Wireshark 0.7.6. proto_tree_add_item_hidden() ---------------------------- @@ -2146,9 +2146,9 @@ proto_tree_add_text() proto_tree_add_text() is used to add a label to the GUI tree. It will contain no value, so it is not searchable in the display filter process. This function was needed in the transition from the old-style proto_tree -to this new-style proto_tree so that Ethereal would still decode all +to this new-style proto_tree so that Wireshark would still decode all protocols w/o being able to filter on all protocols and fields. -Otherwise we would have had to cripple Ethereal's functionality while we +Otherwise we would have had to cripple Wireshark's functionality while we converted all the old-style proto_tree calls to the new-style proto_tree calls. @@ -2306,7 +2306,7 @@ dissect_ipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 1.9 Editing Makefile.common to add your dissector. -To arrange that your dissector will be built as part of Ethereal, you +To arrange that your dissector will be built as part of Wireshark, you must add the name of the source file for your dissector to the 'DISSECTOR_SRC' macro in the 'Makefile.common' file in the 'epan/dissectors' directory. (Note that this is for modern versions of UNIX, so there @@ -2321,31 +2321,31 @@ compile). 1.10 Using the SVN source code tree. - See + See 1.11 Submitting code for your new dissector. - TEST YOUR DISSECTOR BEFORE SUBMITTING IT. Use fuzz-test.sh and/or randpkt against your dissector. These are - described at . + described at . - - Subscribe to by sending an email to - or visiting - . + - Subscribe to by sending an email to + or visiting + . - 'svn add' all the files of your new dissector. - 'svn diff' the workspace and save the result to a file. - Send the diff file along with a note requesting it's inclusion to - . You can also use this procedure for - providing patches to your dissector or any other part of ethereal. + . You can also use this procedure for + providing patches to your dissector or any other part of wireshark. - If possible, add sample capture files to the sample captures page at - . These files are used by + . These files are used by the automated build system for fuzz testing. - - If you find that you are contributing a lot to ethereal on an ongoing + - If you find that you are contributing a lot to wireshark on an ongoing basis you can request to become a committer which will allow you to commit files to subversion directly. @@ -2355,7 +2355,7 @@ compile). 2.2 Following "conversations". -In ethereal a conversation is defined as a series of data packet between two +In wireshark a conversation is defined as a series of data packet between two address:port combinations. A conversation is not sensitive to the direction of the packet. The same conversation will be returned for a packet bound from ServerA:1000 to ClientA:2000 and the packet from ClientA:2000 to ServerA:1000. @@ -2811,8 +2811,8 @@ conversation already exists or not and if it exists we also check whether the registered dissector_handle for that conversation is "our" dissector or not. If not we create a new conversation ontop of the previous one and set this new conversation to use our protocol. -Since ethereal keeps track of the frame number where a conversation started -ethereal will still be able to keep the packets apart eventhough they do use +Since wireshark keeps track of the frame number where a conversation started +wireshark will still be able to keep the packets apart eventhough they do use the same socketpair. (See packet-tftp.c and packet-snmp.c for examples of this) @@ -3064,9 +3064,9 @@ how many bytes it will need to read in order to determine the size of a PDU. For this mode it is reccommended that your dissector be the newer dissector type which returns "int" rather than the older type which returned "void". -This reassembly mode relies on Ethereal's mechanism for processing multiple PDUs +This reassembly mode relies on Wireshark's mechanism for processing multiple PDUs per frame. When a dissector processes a PDU from a tvbuff the PDU may not be -aligned to a frame of the underlying protocol. Ethereal allows dissectors to +aligned to a frame of the underlying protocol. Wireshark allows dissectors to process PDUs in an idempotent way--dissectors only need to consider one PDU at a time. If your dissector discovers that it can not process a complete PDU from the current tvbuff the dissector should halt processing and request additional diff --git a/doc/README.idl2wrs b/doc/README.idl2wrs index cd7392c91b..9f79886136 100644 --- a/doc/README.idl2wrs +++ b/doc/README.idl2wrs @@ -9,7 +9,7 @@ What is it ? As you have probably guessed from the name, "idl2wrs" takes a user specified IDL file and attempts to build a dissector that can decode the IDL traffic over GIOP. The resulting file is -"C" code, that should compile okay as an ethereal dissector. +"C" code, that should compile okay as an wireshark dissector. idl2wrs basically parses the data struct given to it by the omniidl compiler, and using the GIOP API available in packet-giop.[ch], @@ -18,8 +18,8 @@ generates get_CDR_xxx calls to decode the CORBA traffic on the wire. It consists of 4 main files. README.idl2wrs - This document -ethereal_be.py - The main compiler backend -ethereal_gen.py - A helper class, that generates the C code. +wireshark_be.py - The main compiler backend +wireshark_gen.py - A helper class, that generates the C code. idl2wrs - A simple shell script wrapper that the end user should use to generate the dissector from the IDL file(s). @@ -37,13 +37,13 @@ a CORBA class when teaching students how CORBA traffic looks like "on the wire". It is also COOL to work on a great Open Source project such as -the case with "Ethereal" (http://www.ethereal.com) +the case with "Wireshark" (http://www.wireshark.org) How to use idl2wrs ================== -To use the idl2wrs to generate ethereal dissectors, you +To use the idl2wrs to generate wireshark dissectors, you need the following. @@ -53,9 +53,9 @@ need the following. 2. omniidl from the the omniORB package must be available. http://omniorb.sourceforge.net/ -3 Of course you need ethereal installed to compile the +3 Of course you need wireshark installed to compile the code an tweak it if required. idl2wrs is part of the - standard Ethereal distribution + standard Wireshark distribution Procedure @@ -81,23 +81,23 @@ steps 3 or 4 instead. 3. To write the C code to stdout. - Usage: omniidl -p ./ -b ethereal_be + Usage: omniidl -p ./ -b wireshark_be - eg: omniidl -p ./ -b ethereal_be echo.idl + eg: omniidl -p ./ -b wireshark_be echo.idl 4. To write to a file, just redirect the output. - omniidl -p ./ -b ethereal_be echo.idl > packet-test-idl.c + omniidl -p ./ -b wireshark_be echo.idl > packet-test-idl.c You may wish to comment out the register_giop_user_module() code and that will leave you with heuristic dissection. -5. Copy the resulting C code to your ethereal src directory, edit the 2 make files +5. Copy the resulting C code to your wireshark src directory, edit the 2 make files to include the packet-test-idl.c - cp packet-test-idl.c /dir/where/ethereal/lives/ + cp packet-test-idl.c /dir/where/wireshark/lives/ edit Makefile.am edit Makefile.nmake @@ -130,8 +130,8 @@ See TODO list inside packet-giop.c Notes ===== -1. The "-p ./" option passed to omniidl indicates that the ethereal_be.py - and ethereal_gen.py are residing in the current directory. This may need +1. The "-p ./" option passed to omniidl indicates that the wireshark_be.py + and wireshark_gen.py are residing in the current directory. This may need tweaking if you place these files somewhere else. 2. If it complains about being unable to find some modules (eg tempfile.py), diff --git a/doc/README.malloc b/doc/README.malloc index 69619bf8d4..7e9ba9c786 100644 --- a/doc/README.malloc +++ b/doc/README.malloc @@ -3,7 +3,7 @@ $Id$ 1. Introduction In order to make memory management easier and to reduce the probability of -memory leaks ethereal provides its own memory management API. This API is +memory leaks wireshark provides its own memory management API. This API is implemented inside epan/emem.c and provides memory allocation functions where the allocated memory is automatically freed at certain points. @@ -32,7 +32,7 @@ where the data is to still be available in some later packet. The seasonal functions allocate memory that will stay around a lot longer but will be automatically freed once the current capture is closed and -Ethereal opens a new capture (either by reading a new capture file or by +Wireshark opens a new capture (either by reading a new capture file or by starting a new capture on some interface). These functions are useful for allocations with longer scope for example if you need some buffers or data to keep state between packets. diff --git a/doc/README.packaging b/doc/README.packaging index 0208a69955..d22fc2a85c 100644 --- a/doc/README.packaging +++ b/doc/README.packaging @@ -1,32 +1,31 @@ Here's a brief list of information that might be useful to anyone -distributing a software package containing Ethereal: +distributing a software package containing Wireshark: -1. The canonical location for every Ethereal source release is +1. The canonical location for every Wireshark source release is - http://www.ethereal.com/distribution/all-versions/, e.g. + http://www.wireshark.org/download/all-versions/, e.g. - http://www.ethereal.com/distribution/all-versions/ethereal-0.55.71.tar.bz2 + http://www.wireshark.org/download/all-versions/wireshark-0.55.71.tar.bz2 If your packaging system downloads a copy of the Wireshark sources, use this location. -2. The Wireshark web site URL is http://www.ethereal.com/ . +2. The Wireshark web site URL is http://www.wireshark.org/ . 3. Wireshark is released under the GNU General Public License. Make sure your package complies with this license, or we send in the marmots. -4. Ethereal and the "e" logo are registered trademarks of Ethereal, Inc. +4. Wireshark and the "e" logo are registered trademarks of Wireshark, Inc. 5. Custom version information can be added by creating a file called "version.conf". See make-version.pl for details. We recommend that - you use this to differentiate your package from official Ethereal + you use this to differentiate your package from official Wireshark releases. -6. Ethereal icons can be found in the "image" directory of the Wireshark - sources. Larger versions of the logo can be found at - http://www.ethereal.com/~gerald/ethereal_logo/povray/ . +6. Wireshark icons and logoscan be found in the "image" directory of the + Wireshark sources. If you have a question not addressed here, send it to -ethereal-dev@ethereal.com. +wireshark-dev@wireshark.org. $Id$ diff --git a/doc/README.plugins b/doc/README.plugins index 1d1f60cef5..4f0f3e2383 100644 --- a/doc/README.plugins +++ b/doc/README.plugins @@ -7,7 +7,7 @@ standard one. In fact all of the functions described in README.developer can be used in the plugins exactly as the are used in standard dissectors. -(Note, however, that not all OSes on which Ethereal runs can support +(Note, however, that not all OSes on which Wireshark runs can support plugins.) If you've chosen "xxx" as the name of your plugin (typically, that would @@ -68,7 +68,7 @@ information for the plugin. An example follows: /* Version number of package */ #define VERSION "0.0.8" -3. Changes to existing Ethereal files +3. Changes to existing Wireshark files You will also need to change the plugins/Makefile.am toplevel Makefile.am, the plugins/Makefile.nmake toplevel Makefile.nmake, the @@ -175,7 +175,7 @@ AC_OUTPUT( packaging/Makefile packaging/nsis/Makefile packaging/rpm/Makefile - packaging/rpm/ethereal.spec + packaging/rpm/wireshark.spec packaging/svr4/Makefile packaging/svr4/checkinstall packaging/svr4/pkginfo @@ -194,13 +194,13 @@ Plugins make some aspects of development easier and some harder. The good news is that if you are working on a single plugin then you will find recompiling the plugin MUCH faster than -recompiling a dissector and then linking it back into ethereal. +recompiling a dissector and then linking it back into wireshark. The bad news is that wireshark will not use the plugin unless the plugin is installed in one of the places it expects to look. One way to deal with this problem is to set up a working root for -ethereal, say in $HOME/build/root and build ethereal to install +wireshark, say in $HOME/build/root and build wireshark to install there ./configure --prefix=${HOME}/build/root;make install diff --git a/doc/README.regression b/doc/README.regression index e21365f60d..26ff7e8e52 100644 --- a/doc/README.regression +++ b/doc/README.regression @@ -1,10 +1,10 @@ # -# Ethereal/TShark Regression Testing +# Wireshark/TShark Regression Testing # # $Id$ # # This is a sample Makefile for regression testing of the -# Ethereal engine. These tests use that uses 'tshark -V' to analyze all +# Wireshark engine. These tests use that uses 'tshark -V' to analyze all # the frames of a capture file. # # You should probably rename this file as 'Makefile' in a separate directory @@ -33,7 +33,7 @@ # 'make accept' Accept current tests; make them the reference test results # 'make clean' Cleans any tests (but not references!) -TSHARK=/home/gram/prj/ethereal/debug/linux-ix86/tshark +TSHARK=/home/gram/prj/wireshark/debug/linux-ix86/tshark CAPTURE_DIR=/home/gram/prj/sniff diff --git a/doc/README.stats_tree b/doc/README.stats_tree index e834b08046..1ea57c4c19 100644 --- a/doc/README.stats_tree +++ b/doc/README.stats_tree @@ -4,9 +4,9 @@ tapping with stats_tree Let's suppose that you want to write a tap only to keep counters, and you don't want to get involved with GUI programming or maybe you'd like to make it a plugin. A stats_tree might be the way to go. The stats_tree module takes -care of the representation (GUI for ethereal and text for tshark) of the +care of the representation (GUI for wireshark and text for tshark) of the tap data. So there's very little code to write to make a tap listener usable -from both ethereal and tshark. +from both wireshark and tshark. First, you should add the TAP to the dissector in question as described in README.tapping . @@ -31,7 +31,7 @@ Other than that the stats_tree should be registered. If you want to make it a plugin, stats_tree_register() should be called by plugin_register_tap_listener() read README.plugin for other information -regarding ethereal plugins. +regarding wireshark plugins. If you want it as part of the dissector stats_tree_register() can be called either by proto_register_xxx() or if you prefer by proto_reg_handoff_xxx(). diff --git a/doc/README.tapping b/doc/README.tapping index 6db72ef576..8cbaf2566e 100644 --- a/doc/README.tapping +++ b/doc/README.tapping @@ -2,12 +2,12 @@ $Id$ The TAP system in wireshark is a powerful and flexible mechanism to get event driven notification on packets matching certain protocols and/or filters. -In order to use the tapping system, very little knowledge of ethereal +In order to use the tapping system, very little knowledge of wireshark internals are required. As examples on how to use the tap system see the implementation of tap-rpcstat.c (tshark version) -gtk/gtk-rpcstat.c (gtk-ethereal version) +gtk/gtk-rpcstat.c (gtk-wireshark version) If all you need is to keep some counters, there's the stats_tree API, which offers a simple way to make a GUI and tshark tap-listener; see @@ -100,13 +100,13 @@ matched the filter to your listener. The syntax for the filter string is identical to normal display filters. NOTE: Specifying filter strings will have a significant performance impact -on your application and ethereal. If possible it is MUCH better to take +on your application and wireshark. If possible it is MUCH better to take unfiltered data and just filter it yourself in the packet-callback than to specify a filter string. ONLY use a filter string if no other option exist. void (*reset)(void *tapdata) -This callback is called whenever ethereal wants to inform your +This callback is called whenever wireshark wants to inform your listener that it is about to start [re]reading a capture file or a new capture from an interface and that your application should reset any state it has in the *tapdata instance. @@ -125,10 +125,10 @@ or GUI updates down in (*draw) instead. void (*draw)(void *tapdata) -This callback is used when ethereal wants your application to redraw its +This callback is used when wireshark wants your application to redraw its output. It will usually not be called unless your application has received new data through the (*packet) callback. -On some ports of ethereal (gtk2) (*draw) will be called asynchronously +On some ports of wireshark (gtk2) (*draw) will be called asynchronously from a separate thread up to once every 2-3 seconds. On other ports it might only be called once when the capture is finished or the file has been [re]read completely. @@ -140,14 +140,14 @@ So, create three callbacks: 2, packet to update these state variables. 3, draw to take these state variables and draw them on the screen. -then just make ethereal call register_tap_listener() when you want to tap +then just make wireshark call register_tap_listener() when you want to tap and call remove_tap_listener() when you are finished. WHEN DO TAP LISTENERS GET CALLED? =================================== -Tap listeners are only called when ethereal reads a new capture for -the first time or whenever ethereal needs to rescan/redissect +Tap listeners are only called when wireshark reads a new capture for +the first time or whenever wireshark needs to rescan/redissect the capture. Redissection occurs when you apply a new display filter or if you change and Save/Apply a preference setting that might affect how @@ -158,7 +158,7 @@ to receive tap data during the dissection of the frame will be called in sequence. The order of which the tap listeners will be called is not defined. Not until all tap listeners for the frame has been called and returned -will ethereal continue to dissect the next packet. +will wireshark continue to dissect the next packet. This is why it is important to make the *_packet() callbacks execute as quickly as possible, else we create an extra delay until the next packet is dissected. @@ -204,7 +204,7 @@ Well, try this : register_tap_listener("tcp", struct, "tcp.port==57", NULL, packet, NULL); Let struct contain an email address? - Then you have something simple that will make ethereal send an email + Then you have something simple that will make wireshark send an email out automagically for each and every time it dissects a packet containing TCP traffic to port 57. Please put in some rate limitation if you do this. diff --git a/doc/README.xml-output b/doc/README.xml-output index 787311ce33..28545b2790 100644 --- a/doc/README.xml-output +++ b/doc/README.xml-output @@ -4,7 +4,7 @@ $Id$ Copyright (c) 2003 by Gilbert Ramirez -Ethereal has the ability to export its protocol dissection in an +Wireshark has the ability to export its protocol dissection in an XML format, tshark has similar functionality by using the "-Tpdml" option. @@ -17,7 +17,7 @@ http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm A related XML format, the Packet Summary Markup Language (PSML), is also defined by the Analyzer group to provide packet summary information. The PSML format is not documented in a publicly-available HTML document, -but its format is simple. Ethereal can export this format too. Some day it +but its format is simple. Wireshark can export this format too. Some day it may be added to tshark so that "-Tpsml" would produce PSML. One wonders if the "-T" option should read "-Txml" instead of "-Tpdml" @@ -31,7 +31,7 @@ The PDML that wireshark produces is known not to be loadable into Analyzer. It causes Analyzer to crash. As such, the PDML that wireshark produces is be labled with a version number of "0", which means that the PDML does not fully follow the PDML spec. Furthemore, a creator attribute in the -"" tag gives the version number of [t]ethereal that produced the PDML. +"" tag gives the version number of wireshark/tshark that produced the PDML. In that way, as the PDML produced by wireshark matures, but still does not meet the PDML spec, scripts can make intelligent decisions about how to best parse the PDML, based on the "creator" attribute. @@ -43,17 +43,17 @@ A protocol might contain one or more fields, denoted by the "" tag. A pseudo-protocol named "geninfo" is produced, as is required by the PDML spec, and exported as the first protocol after the opening "" tag. -Its information comes from ethereal's "frame" protocol, which servers +Its information comes from wireshark's "frame" protocol, which servers the similar purpose of storing packet meta-data. Both "geninfo" and "frame" protocols are provided in the PDML output. The "" tag ================ Example: - + -The creator is "ethereal" (i.e., the "ethereal" engine. It will always say -"ethereal", not "tshark") version 0.9.17. +The creator is "wireshark" (i.e., the "wireshark" engine. It will always say +"wireshark", not "tshark") version 0.9.17. The "" tag @@ -135,7 +135,7 @@ In PDML, the "Data" protocol would become another field under HTTP: -tools/EtherealXML.py +tools/WiresharkXML.py ==================== This is a python module which provides some infrastructor for Python developers who wish to parse PDML. It is designed to read @@ -146,20 +146,20 @@ The python user should import the module, define a callback function which accepts one argument, and call the parse_fh function: ------------------------------------------------------------ -import EtherealXML +import WiresharkXML def my_callback(packet): # do something fh = open(xml_filename) -EtherealXML.parse_fh(fh, my_callback) +WiresharkXML.parse_fh(fh, my_callback) # Now that the script has the packet data, do someting. ------------------------------------------------------------ The object that is passed to the callback function is an -EtherealXML.Packet object, which corresponds to a single packet. -EtherealXML Provides 3 classes, each of which corresponds to a PDML tag: +WiresharkXML.Packet object, which corresponds to a single packet. +WiresharkXML Provides 3 classes, each of which corresponds to a PDML tag: Packet - "" tag Protocol - "" tag @@ -196,7 +196,7 @@ the PDML output of tshark, pass a read filter with "-R" to tshark to try to reduce as much as possible the number of packets coming out of tshark. The less your script has to process, the faster it will be. -'tools/msnchat' is a sample Python program that uses EtherealXML to parse PDML. +'tools/msnchat' is a sample Python program that uses WiresharkXML to parse PDML. Given one or more capture files, it runs tshark on each of them, providing a read filter to reduce tshark's output. It finds MSN Chat conversations in the capture file and produces nice HTML showing the conversations. It has diff --git a/doc/capinfos.pod b/doc/capinfos.pod index 27c67e9bcf..01639f7499 100644 --- a/doc/capinfos.pod +++ b/doc/capinfos.pod @@ -30,11 +30,11 @@ corresponding to the statistic. If no flags are specified, B will report all statistics available. B is able to detect and read the same capture files that are -supported by B. +supported by B. The input files don't need a specific filename extension, the file format and an optional gzip compression will be automatically detected. -The I section of I or -I +The I section of I or +I provides a detailed description. =head1 OPTIONS @@ -106,15 +106,15 @@ Prints the help listing and exits. =head1 SEE ALSO -I, I, I, I, I, I +I, I, I, I, I, I =head1 NOTES -B is part of the B distribution. The latest version -of B can be found at B. +B is part of the B distribution. The latest version +of B can be found at B. HTML versions of the Wireshark project man pages are available at: -http://www.ethereal.com/docs/man-pages +http://www.wireshark.org/docs/man-pages =head1 AUTHORS @@ -125,4 +125,4 @@ http://www.ethereal.com/docs/man-pages Contributors ------------ - Gerald Combs + Gerald Combs diff --git a/doc/dfilter2pod.pl b/doc/dfilter2pod.pl index cd97a3d0bb..da2ac73a9e 100755 --- a/doc/dfilter2pod.pl +++ b/doc/dfilter2pod.pl @@ -1,10 +1,10 @@ #!/usr/bin/perl # -# Reads the display filter keyword dump produced by 'ethereal -G' and +# Reads the display filter keyword dump produced by 'wireshark -G' and # formats it for a pod document. The pod document is then used to # make a manpage # -# STDIN is the ethereal glossary +# STDIN is the wireshark glossary # arg1 is the pod template file. The =insert_dfilter_table token # will be replaced by the pod-formatted glossary # STDOUT is the output diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod index 19fd7aa4df..a5a48ddf49 100644 --- a/doc/dumpcap.pod +++ b/doc/dumpcap.pod @@ -26,7 +26,7 @@ S<[ B<-y> Ecapture link typeE ]> B is a network traffic dump tool. It lets you capture packet data from a live network and write the packets to a file. B's native capture file format is B format, which is also the format -used by B, B and various other tools. +used by B, B and various other tools. Without any options set it will use the pcap library to capture traffic from the first available network @@ -198,18 +198,18 @@ See the manual page of I. =head1 SEE ALSO -I, I, I, I, I +I, I, I, I, I =head1 NOTES -B is part of the B distribution. The latest version -of B can be found at B. +B is part of the B distribution. The latest version +of B can be found at B. HTML versions of the Wireshark project man pages are available at: -http://www.ethereal.com/docs/man-pages +http://www.wireshark.org/docs/man-pages =head1 AUTHORS -B is derived from the B capturing engine code; +B is derived from the B capturing engine code; see the list of -authors in the B man page for a list of authors of that code. +authors in the B man page for a list of authors of that code. diff --git a/doc/editcap.pod b/doc/editcap.pod index 79127d14a1..acf4732181 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -40,11 +40,11 @@ If the B<-r> flag is specified, the whole packet selection is reversed; in that case I the selected packets will be written to the capture file. B is able to detect, read and write the same capture files that -are supported by B. +are supported by B. The input file doesn't need a specific filename extension, the file format and an optional gzip compression will be automatically detected. -The I section of I or -I +The I section of I or +I provides a detailed description. B can write the file in several output formats. The B<-F> @@ -199,15 +199,15 @@ To introduce 5% random errors in a capture file use: =head1 SEE ALSO -I, I, I, I +I, I, I, I =head1 NOTES -B is part of the B distribution. The latest version -of B can be found at B. +B is part of the B distribution. The latest version +of B can be found at B. HTML versions of the Wireshark project man pages are available at: -http://www.ethereal.com/docs/man-pages +http://www.wireshark.org/docs/man-pages =head1 AUTHORS diff --git a/doc/eproto2sgml b/doc/eproto2sgml index 0c25a757b4..c8c832fa83 100644 --- a/doc/eproto2sgml +++ b/doc/eproto2sgml @@ -1,9 +1,9 @@ #!/usr/bin/perl # -# Reads the display filter keyword dump produced by 'ethereal -G' and +# Reads the display filter keyword dump produced by 'wireshark -G' and # formats it as an SGML bulleted list of protocols. # -# STDIN is the ethereal glossary +# STDIN is the wireshark glossary # arg1 is the pod template file. The =insert_dfilter_table token # will be replaced by the pod-formatted glossary # STDOUT is the output @@ -53,7 +53,7 @@ close(TEMPLATE) || die "Can't close $template: $!\n"; sub create_dfilter_table { - print "\n"; + print "\n"; # Print each protocol for $proto_name (sort keys %proto_abbrev) { diff --git a/doc/ethereal-filter.pod.template b/doc/ethereal-filter.pod.template deleted file mode 100644 index 01caa5b599..0000000000 --- a/doc/ethereal-filter.pod.template +++ /dev/null @@ -1,401 +0,0 @@ -=head1 NAME - -ethereal-filter - Ethereal filter syntax and reference - -=head1 SYNOPSYS - -B [other options] -S<[ B<-R> "filter expression" ]> - -B [other options] -S<[ B<-R> "filter expression" ]> - -=head1 DESCRIPTION - -B and B share a powerful filter engine that helps remove -the noise from a packet trace and lets you see only the packets that interest -you. If a packet meets the requirements expressed in your filter, then it -is displayed in the list of packets. Display filters let you compare the -fields within a protocol against a specific value, compare fields against -fields, and check the existence of specified fields or protocols. - -Filters are also used by other features such as statistics generation and -packet list colorization (the latter is only available to B). This -manual page describes their syntax and provides a comprehensive reference of -filter fields. - -=head1 FILTER SYNTAX - -=head2 Check whether a field or protocol exists - -The simplest filter allows you to check for the existence of a protocol or -field. If you want to see all packets which contain the IP protocol, the -filter would be "ip" (without the quotation marks). To see all packets -that contain a Token-Ring RIF field, use "tr.rif". - -Think of a protocol or field in a filter as implicitly having the "exists" -operator. - -Note: all protocol and field names that are available in B and -B filters are listed in the comprehensive B (see below). - -=head2 Comparison operators - -Fields can also be compared against values. The comparison operators -can be expressed either through English-like abbreviations or through -C-like symbols: - - eq, == Equal - ne, != Not Equal - gt, > Greater Than - lt, < Less Than - ge, >= Greater than or Equal to - le, <= Less than or Equal to - -=head2 Search and match operators - -Additional operators exist expressed only in English, not C-like syntax: - - contains Does the protocol, field or slice contain a value - matches Does the protocol or text string match the given Perl - regular expression - -The "contains" operator allows a filter to search for a sequence of -characters, expressed as a string (quoted or unquoted), or bytes, -expressed as a byte array. For example, to search for a given HTTP -URL in a capture, the following filter can be used: - - http contains "http://www.ethereal.com" - -The "contains" operator cannot be used on atomic fields, -such as numbers or IP addresses. - -The "matches" operator allows a filter to apply to a specified -Perl-compatible regular expression (PCRE). The "matches" operator is only -implemented for protocols and for protocol fields with a text string -representation. For example, to search for a given WAP WSP User-Agent, -you can write: - - wsp.user_agent matches "(?i)cldc" - -This example shows an interesting PCRE feature: pattern match options have to -be specified with the B<(?>optionB<)> construct. For instance, B<(?i)> performs -a case-insensitive pattern match. More information on PCRE can be found in the -pcrepattern(3) man page (Perl Regular Expressions are explained in -B). - -Note: the "matches" operator is only available if B or B -have been compiled with the PCRE library. This can be checked by running: - - ethereal -v - tshark -v - -or selecting the "About Ethereal" item from the "Help" menu in B. - -=head2 Functions - -The filter language has the following functions: - - upper(string-field) - converts a string field to uppercase - lower(string-field) - converts a string field to lowercase - -upper() and lower() are useful for performing case-insensitive string -comparisons. For example: - - upper(ncp.nds_stream_name) contains "MACRO" - lower(mount.dump.hostname) == "angel" - -=head2 Protocol field types - -Each protocol field is typed. The types are: - - Unsigned integer (8-bit, 16-bit, 24-bit, or 32-bit) - Signed integer (8-bit, 16-bit, 24-bit, or 32-bit) - Boolean - Ethernet address (6 bytes) - Byte array - IPv4 address - IPv6 address - IPX network number - Text string - Double-precision floating point number - -An integer may be expressed in decimal, octal, or hexadecimal notation. -The following three display filters are equivalent: - - frame.pkt_len > 10 - frame.pkt_len > 012 - frame.pkt_len > 0xa - -Boolean values are either true or false. In a display filter expression -testing the value of a Boolean field, "true" is expressed as 1 or any -other non-zero value, and "false" is expressed as zero. For example, a -token-ring packet's source route field is Boolean. To find any -source-routed packets, a display filter would be: - - tr.sr == 1 - -Non source-routed packets can be found with: - - tr.sr == 0 - -Ethernet addresses and byte arrays are represented by hex -digits. The hex digits may be separated by colons, periods, or hyphens: - - eth.dst eq ff:ff:ff:ff:ff:ff - aim.data == 0.1.0.d - fddi.src == aa-aa-aa-aa-aa-aa - echo.data == 7a - -IPv4 addresses can be represented in either dotted decimal notation or -by using the hostname: - - ip.dst eq www.mit.edu - ip.src == 192.168.1.1 - -IPv4 addresses can be compared with the same logical relations as numbers: -eq, ne, gt, ge, lt, and le. The IPv4 address is stored in host order, -so you do not have to worry about the endianness of an IPv4 address -when using it in a display filter. - -Classless InterDomain Routing (CIDR) notation can be used to test if an -IPv4 address is in a certain subnet. For example, this display filter -will find all packets in the 129.111 Class-B network: - - ip.addr == 129.111.0.0/16 - -Remember, the number after the slash represents the number of bits used -to represent the network. CIDR notation can also be used with -hostnames, as in this example of finding IP addresses on the same Class C -network as 'sneezy': - - ip.addr eq sneezy/24 - -The CIDR notation can only be used on IP addresses or hostnames, not in -variable names. So, a display filter like "ip.src/24 == ip.dst/24" is -not valid (yet). - -IPX networks are represented by unsigned 32-bit integers. Most likely -you will be using hexadecimal when testing IPX network values: - - ipx.src.net == 0xc0a82c00 - -Strings are enclosed in double quotes: - - http.request.method == "POST" - -Inside double quotes, you may use a backslash to embed a double quote -or an arbitrary byte represented in either octal or hexadecimal. - - browser.comment == "An embedded \" double-quote" - -Use of hexadecimal to look for "HEAD": - - http.request.method == "\x48EAD" - -Use of octal to look for "HEAD": - - http.request.method == "\110EAD" - -This means that you must escape backslashes with backslashes inside -double quotes. - - smb.path contains "\\\\SERVER\\SHARE" - -looks for \\SERVER\SHARE in "smb.path". - -=head2 The slice operator - -You can take a slice of a field if the field is a text string or a -byte array. -For example, you can filter on -the vendor portion of an ethernet address (the first three bytes) like -this: - - eth.src[0:3] == 00:00:83 - -Another example is: - - http.content_type[0:4] == "text" - -You can use the slice operator on a protocol name, too. -The "frame" protocol can be useful, encompassing all the data captured -by B or B. - - token[0:5] ne 0.0.0.1.1 - llc[0] eq aa - frame[100-199] contains "ethereal" - -The following syntax governs slices: - - [i:j] i = start_offset, j = length - [i-j] i = start_offset, j = end_offset, inclusive. - [i] i = start_offset, length = 1 - [:j] start_offset = 0, length = j - [i:] start_offset = i, end_offset = end_of_field - -Offsets can be negative, in which case they indicate the -offset from the B of the field. The last byte of the field is at offset --1, the last but one byte is at offset -2, and so on. -Here's how to check the last four bytes of a frame: - - frame[-4:4] == 0.1.2.3 - -or - - frame[-4:] == 0.1.2.3 - -You can concatenate slices using the comma operator: - - ftp[1,3-5,9:] == 01:03:04:05:09:0a:0b - -This concatenates offset 1, offsets 3-5, and offset 9 to the end of the ftp -data. - -=head2 Type conversions - -If a field is a text string or a byte array, it can be expressed in whichever -way is most convenient. - -So, for instance, the following filters are equivalent: - - http.request.method == "GET" - http.request.method == 47.45.54 - -A range can also be expressed in either way: - - frame[60:2] gt 50.51 - frame[60:2] gt "PQ" - -=head2 Bit field operations - -It is also possible to define tests with bit field operations. Currently the -following bit field operation is supported: - - bitwise_and, & Bitwise AND - -The bitwise AND operation allows testing to see if one or more bits are set. -Bitwise AND operates on integer protocol fields and slices. - -When testing for TCP SYN packets, you can write: - - tcp.flags & 0x02 - -That expression will match all packets that contain a "tcp.flags" field -with the 0x02 bit, i.e. the SYN bit, set. - -Similarly, filtering for all WSP GET and extended GET methods is achieved with: - - wsp.pdu_type & 0x40 - -When using slices, the bit mask must be specified as a byte string, and it must -have the same number of bytes as the slice itself, as in: - - ip[42:2] & 40:ff - -=head2 Logical expressions - -Tests can be combined using logical expressions. -These too are expressable in C-like syntax or with English-like -abbreviations: - - and, && Logical AND - or, || Logical OR - not, ! Logical NOT - -Expressions can be grouped by parentheses as well. The following are -all valid display filter expressions: - - tcp.port == 80 and ip.src == 192.168.2.1 - not llc - http and frame[100-199] contains "ethereal" - (ipx.src.net == 0xbad && ipx.src.node == 0.0.0.0.0.1) || ip - -Remember that whenever a protocol or field name occurs in an expression, the -"exists" operator is implicitly called. The "exists" operator has the highest -priority. This means that the first filter expression must be read as "show me -the packets for which tcp.port exists and equals 80, and ip.src exists and -equals 192.168.2.1". The second filter expression means "show me the packets -where not (llc exists)", or in other words "where llc does not exist" and hence -will match all packets that do not contain the llc protocol. -The third filter expression includes the constraint that offset 199 in the -frame exists, in other words the length of the frame is at least 200. - -A special caveat must be given regarding fields that occur more than -once per packet. "ip.addr" occurs twice per IP packet, once for the -source address, and once for the destination address. Likewise, -"tr.rif.ring" fields can occur more than once per packet. The following -two expressions are not equivalent: - - ip.addr ne 192.168.4.1 - not ip.addr eq 192.168.4.1 - -The first filter says "show me packets where an ip.addr exists that -does not equal 192.168.4.1". That is, as long as one ip.addr in the -packet does not equal 192.168.4.1, the packet passes the display -filter. The other ip.addr could equal 192.168.4.1 and the packet would -still be displayed. -The second filter says "don't show me any packets that have an -ip.addr field equal to 192.168.4.1". If one ip.addr is 192.168.4.1, -the packet does not pass. If B ip.addr field is 192.168.4.1, -then the packet is displayed. - -It is easy to think of the 'ne' and 'eq' operators as having an implict -"exists" modifier when dealing with multiply-recurring fields. "ip.addr -ne 192.168.4.1" can be thought of as "there exists an ip.addr that does -not equal 192.168.4.1". "not ip.addr eq 192.168.4.1" can be thought of as -"there does not exist an ip.addr equal to 192.168.4.1". - -Be careful with multiply-recurring fields; they can be confusing. - -Care must also be taken when using the display filter to remove noise -from the packet trace. If, for example, you want to filter out all IP -multicast packets to address 224.1.2.3, then using: - - ip.dst ne 224.1.2.3 - -may be too restrictive. Filtering with "ip.dst" selects only those -B packets that satisfy the rule. Any other packets, including all -non-IP packets, will not be displayed. To display the non-IP -packets as well, you can use one of the following two expressions: - - not ip or ip.dst ne 224.1.2.3 - not ip.addr eq 224.1.2.3 - -The first filter uses "not ip" to include all non-IP packets and then -lets "ip.dst ne 224.1.2.3" filter out the unwanted IP packets. The -second filter has already been explained above where filtering with -multiply occuring fields was discussed. - -=head1 FILTER PROTOCOL REFERENCE - -Each entry below provides an abbreviated protocol or field name. Every -one of these fields can be used in a display filter. The type of the -field is also given. - -=insert_dfilter_table - -=head1 NOTES - -The B manpage is part of the B distribution. -The latest version of B can be found at -B. - -Regular expressions in the "matches" operator are provided with B, -the Perl-Compatible Regular Expressions library: see B. - -This manpage does not describe the capture filter syntax, which is -different. See the tcpdump(8) manpage for a description of capture -filters. Microsoft Windows versions use WinPcap from -B for which the capture filter syntax is described -in B. - -=head1 SEE ALSO - -I, I, I, I, I - -=head1 AUTHORS - -See the list of authors in the B man page for a list of authors of -that code. diff --git a/doc/ethereal.pod b/doc/ethereal.pod deleted file mode 100644 index 3ab44eb7f2..0000000000 --- a/doc/ethereal.pod +++ /dev/null @@ -1,2210 +0,0 @@ - -=head1 NAME - -ethereal - Interactively dump and analyze network traffic - -=head1 SYNOPSYS - -B -S<[ B<-a> Ecapture autostop conditionE ] ...> -S<[ B<-b> Ecapture ring buffer optionE ] ...> -S<[ B<-B> Ecapture buffer size (Win32 only)E ] > -S<[ B<-c> Ecapture packet countE ]> -S<[ B<-D> ]> -S<[ B<-f> Ecapture filterE ]> -S<[ B<-g> Epacket numberE ]> -S<[ B<-h> ]> -S<[ B<-i> Ecapture interfaceE|- ]> -S<[ B<-k> ]> -S<[ B<-l> ]> -S<[ B<-L> ]> -S<[ B<-m> EfontE ]> -S<[ B<-n> ]> -S<[ B<-N> Ename resolving flagsE ] > -S<[ B<-o> Epreference/recent settingE ] ...> -S<[ B<-p> ]> -S<[ B<-Q> ]> -S<[ B<-r> EinfileE ]> -S<[ B<-R> Eread (display) filterE ]> -S<[ B<-S> ]> -S<[ B<-s> Ecapture snaplenE ]> -S<[ B<-t> ad|a|r|d ]> -S<[ B<-v> ]> -S<[ B<-w> EoutfileE ]> -S<[ B<-y> Ecapture link typeE ]> -S<[ B<-X> EeXtension optionE ]> -S<[ B<-z> EstatisticsE ]> -S<[ EinfileE ]> - -=head1 DESCRIPTION - -B is a GUI network protocol analyzer. It lets you -interactively browse packet data from a live network or from a -previously saved capture file. B's native capture file format -is B format, which is also the format used by B and -various other tools. - -B can read / import the following file formats: - -=over 4 - -=item * -libpcap, tcpdump and various other tools using tcpdump's capture format - -=item * -B and B - -=item * -Shomiti/Finisar B captures - -=item * -Novell B captures - -=item * -Microsoft B captures - -=item * -AIX's B captures - -=item * -Cinco Networks B captures - -=item * -Network Associates Windows-based B captures - -=item * -Network General/Network Associates DOS-based B (compressed or uncompressed) captures - -=item * -AG Group/WildPackets B/B/B/B/B captures - -=item * -B's WAN/LAN analyzer captures - -=item * -Network Instruments B version 9 captures - -=item * -B router debug output - -=item * -files from HP-UX's B - -=item * -B ISDN routers dump output - -=item * -the output from B from the ISDN4BSD project - -=item * -traces from the B USB S0. - -=item * -the output in B format from the Cisco Secure Intrusion Detection System - -=item * -B (pppdump format) - -=item * -the output from VMS's B/B/B utilities - -=item * -the text output from the B VMS utility - -=item * -Visual Networks' B traffic capture - -=item * -the output from B L2 debug - -=item * -the output from Accellent's B<5Views> LAN agents - -=item * -Endace Measurement Systems' ERF format captures - -=item * -Linux Bluez Bluetooth stack B traces - -=item * -Catapult DCT2000 .out files - -=back 4 - -There is no need to tell B what type of -file you are reading; it will determine the file type by itself. -B is also capable of reading any of these file formats if they -are compressed using gzip. B recognizes this directly from -the file; the '.gz' extension is not required for this purpose. - -Like other protocol analyzers, B's main window shows 3 views -of a packet. It shows a summary line, briefly describing what the -packet is. A packet details display is shown, allowing you to drill -down to exact protocol or field that you interested in. Finally, a hex -dump shows you exactly what the packet looks like when it goes over the -wire. - -In addition, B has some features that make it unique. It can -assemble all the packets in a TCP conversation and show you the ASCII -(or EBCDIC, or hex) data in that conversation. Display filters in -B are very powerful; more fields are filterable in B -than in other protocol analyzers, and the syntax you can use to create -your filters is richer. As B progresses, expect more and more -protocol fields to be allowed in display filters. - -Packet capturing is performed with the pcap library. The capture filter -syntax follows the rules of the pcap library. This syntax is different -from the display filter syntax. - -Compressed file support uses (and therefore requires) the zlib library. -If the zlib library is not present, B will compile, but will -be unable to read compressed files. - -The pathname of a capture file to be read can be specified with the -B<-r> option or can be specified as a command-line argument. - -=head1 OPTIONS - -=over 4 - -Most users will want to start B without options and configure -it from the menus instead. Those users may just skip this section. - -=item -a Ecapture autostop conditionE - -Specify a criterion that specifies when B is to stop writing -to a capture file. The criterion is of the form IB<:>I, -where I is one of: - -B:I Stop writing to a capture file after I seconds have elapsed. - -B:I Stop writing to a capture file after it reaches a size of I -kilobytes (where a kilobyte is 1024 bytes). If this option -is used together with the -b option, Ethereal will stop writing to the -current capture file and switch to the next one if filesize is reached. - -B:I Stop writing to capture files after I number of files were written. - -=item -b Ecapture ring buffer optionE - -Cause B to run in "multiple files" mode. In "multiple files" mode, -B will write to several capture files. When the first capture file -fills up, B will switch writing to the next file and so on. - -The created filenames are based on the filename given with the B<-w> flag, the number of -the file and on the creation date and time, -e.g. outfile_00001_20050604120117.pcap, outfile_00001_20050604120523.pcap, ... - -With the I option it's also possible to form a "ring buffer". -This will fill up new files until the number of files specified, -at which point B will discard the data in the first file and start -writing to that file and so on. If the I option is not set, -new files filled up until one of the capture stop conditions match (or -until the disk if full). - -The criterion is of the form IB<:>I, -where I is one of: - -B:I switch to the next file after I seconds have -elapsed, even if the current file is not completely filled up. - -B:I switch to the next file after it reaches a size of -I kilobytes (where a kilobyte is 1024 bytes). - -B:I begin again with the first file after I number of -files were written (form a ring buffer). - -=item -B Ecapture buffer size (Win32 only)E - -Win32 only: set capture buffer size (in MB, default is 1MB). This is used by the -the capture driver to buffer packet data until that data can be written to -disk. If you encounter packet drops while capturing, try to increase this size. - -=item -c Ecapture packet countE - -Set the maximum number of packets to read when capturing live -data. - -=item -D - -Print a list of the interfaces on which B can capture, and -exit. For each network interface, a number and an -interface name, possibly followed by a text description of the -interface, is printed. The interface name or the number can be supplied -to the B<-i> flag to specify an interface on which to capture. - -This can be useful on systems that don't have a command to list them -(e.g., Windows systems, or UNIX systems lacking B); -the number can be useful on Windows 2000 and later systems, where the -interface name is a somewhat complex string. - -Note that "can capture" means that B was able to open -that device to do a live capture; if, on your system, a program doing a -network capture must be run from an account with special privileges (for -example, as root), then, if B is run with the B<-D> flag and -is not run from such an account, it will not list any interfaces. - -=item -f Ecapture filterE - -Set the capture filter expression. - -=item -g Epacket numberE - -After reading in a capture file using the B<-r> flag, go to the given I. - -=item -h - -Print the version and options and exit. - -=item -i Ecapture interfaceE|- - -Set the name of the network interface or pipe to use for live packet -capture. - -Network interface names should match one of the names listed in -"B" (described above); a number, as reported by -"B", can also be used. If you're using UNIX, "B" or "B" might also work to list interface names, -although not all versions of UNIX support the B<-a> flag to B. - -If no interface is specified, B searches the list of -interfaces, choosing the first non-loopback interface if there are any -non-loopback interfaces, and choosing the first loopback interface if -there are no non-loopback interfaces. If there are no interfaces at all, -B reports an error and doesn't start the capture. - -Pipe names should be either the name of a FIFO (named pipe) or ``-'' to -read data from the standard input. Data read from pipes must be in -standard libpcap format. - -Note: the Win32 version of B doesn't support capturing from -pipes or stdin! - -=item -k - -Start the capture session immediately. If the B<-i> flag was -specified, the capture uses the specified interface. Otherwise, -B searches the list of interfaces, choosing the first -non-loopback interface if there are any non-loopback interfaces, and -choosing the first loopback interface if there are no non-loopback -interfaces; if there are no interfaces, B reports an error and -doesn't start the capture. - -=item -l - -Turn on automatic scrolling if the packet display is being updated -automatically as packets arrive during a capture (as specified by the -B<-S> flag). - -=item -L - -List the data link types supported by the interface and exit. - -=item -m EfontE - -Set the name of the font used by B for most text. B -will construct the name of the bold font used for the data in the byte -view pane that corresponds to the field selected in the packet details -pane from the name of the main text font. - -=item -n - -Disable network object name resolution (such as hostname, TCP and UDP port -names), the B<-N> flag might override this one. - -=item -N Ename resolving flagsE - -Turn on name resolving only for particular types of addresses and port -numbers, with name resolving for other types of addresses and port -numbers turned off. This flag overrides B<-n> if both B<-N> and B<-n> are -present. If both B<-N> and B<-n> flags are not present, all name resolutions are -turned on. - -The argument is a string that may contain the letters: - -B to enable MAC address resolution - -B to enable network address resolution - -B to enable transport-layer port number resolution - -B to enable concurrent (asynchronous) DNS lookups - -=item -o Epreference/recent settingE - -Set a preference or recent value, overriding the default value and any value -read from a preference/recent file. The argument to the flag is a string of -the form IB<:>I, where I is the name of the -preference/recent value (which is the same name that would appear in the -preference/recent file), and I is the value to which it should be set. -Since B 0.10.12, the recent settings replaces the formerly used --B, -P and -T flags to manipulate the GUI dimensions. - -=item -p - -I put the interface into promiscuous mode. Note that the -interface might be in promiscuous mode for some other reason; hence, -B<-p> cannot be used to ensure that the only traffic that is captured is -traffic sent to or from the machine on which B is running, -broadcast traffic, and multicast traffic to addresses received by that -machine. - -=item -Q - -Cause B to exit after the end of capture session (useful in -batch mode with B<-c> option for instance); this option requires the -B<-i> and B<-w> parameters. - -=item -r EinfileE - -Read packet data from I, can be any supported capture file format -(including gzipped files). It's not possible to use named pipes or stdin -here! - -=item -R Eread (display) filterE - -When reading a capture file specified with the B<-r> flag, causes the -specified filter (which uses the syntax of display filters, rather than -that of capture filters) to be applied to all packets read from the -capture file; packets not matching the filter are discarded. - -=item -S - -Automatically update the packet display as packets are coming in. - -=item -s Ecapture snaplenE - -Set the default snapshot length to use when capturing live data. -No more than I bytes of each network packet will be read into -memory, or saved to disk. - -=item -t ad|a|r|d - -Set the format of the packet timestamp displayed in the packet list -window, the default is relative. The format can be one of: - -B absolute with date: The absolute date and time is the actual time and -date the packet was captured - -B absolute: The absolute time is the actual time the packet was captured, -with no date displayed - -B relative: The relative time is the time elapsed between the first packet -and the current packet - -B delta: The delta time is the time since the previous packet was -captured - -=item -v - -Print the version and exit. - -=item -w EoutfileE - -Set the default capture file name. - -=item -y Ecapture link typeE - -If a capture is started from the command line with B<-k>, set the data -link type to use while capturing packets. The values reported by B<-L> -are the values that can be used. - -=item -X EeXtension optionsE - -Specify an option to be passed to an B module. The eXtension option -is in the form IB<:>I, where I can be: - -B:I tells B to load the given script in addition to the -default Lua scripts. - - -=item -z EstatisticsE - -Get B to collect various types of statistics and display the result -in a window that updates in semi-real time. -Currently implemented statistics are: - -B<-z> dcerpc,srt,I,I.I[,I] - -Collect call/reply SRT (Service Response Time) data for DCERPC interface I, -version I.I. -Data collected is number of calls for each procedure, MinSRT, MaxSRT -and AvgSRT. -Example: use B<-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0> to collect data for CIFS SAMR Interface. -This option can be used multiple times on the command line. - -If the optional filterstring is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0,ip.addr==1.2.3.4> to collect SAMR -SRT statistics for a specific host. - -B<-z> io,stat - -Collect packet/bytes statistics for the capture in intervals of 1 seconds. -This option will open a window with up to 5 color-coded graphs where -number-of-packets-per-second or number-of-bytes-per-second statistics -can be calculated and displayed. - -This option can be used multiple times on the command line. - -This graph window can also be opened from the Analyze:Statistics:Traffic:IO-Stat -menu item. - - -B<-z> rpc,srt,I,I[,] - -Collect call/reply SRT (Service Response Time) data for I/I. Data collected -is number of calls for each procedure, MinSRT, MaxSRT and AvgSRT. -Example: use B<-z rpc,srt,100003,3> to collect data for NFS v3. This -option can be used multiple times on the command line. - -If the optional filter string is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z rpc,srt,100003,3,nfs.fh.hash==0x12345678> to collect NFS v3 -SRT statistics for a specific file. - -B<-z> rpc,programs - -Collect call/reply RTT data for all known ONC-RPC programs/versions. -Data collected is number of calls for each protocol/version, MinRTT, -MaxRTT and AvgRTT. - -B<-z> scsi,srt,I[,] - -Collect call/reply SRT (Service Response Time) data for SCSI commandset . - -Commandsets are 0:SBC 1:SSC 5:MMC - - -Data collected -is number of calls for each procedure, MinSRT, MaxSRT and AvgSRT. -Example: use B<-z scsi,srt,0> to collect data for SCSI BLOCK COMMANDS (SBC). This -option can be used multiple times on the command line. - -If the optional filter string is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z scsi,srt,0,ip.addr==1.2.3.4> to collect SCSI SBC -SRT statistics for a specific iscsi/ifcp/fcip host. - -B<-z> smb,srt[,I] - -Collect call/reply SRT (Service Response Time) data for SMB. Data collected -is number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT. -Example: use B<-z smb,srt>. - -The data will be presented as separate tables for all normal SMB commands, -all Transaction2 commands and all NT Transaction commands. -Only those commands that are seen in the capture will have its stats -displayed. -Only the first command in a xAndX command chain will be used in the -calculation. So for common SessionSetupAndX + TreeConnectAndX chains, -only the SessionSetupAndX call will be used in the statistics. -This is a flaw that might be fixed in the future. - -This option can be used multiple times on the command line. - -If the optional filterstring is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z "smb,srt,ip.addr==1.2.3.4"> to only collect stats for -SMB packets echanged by the host at IP address 1.2.3.4 . - -B<-z> fc,srt[,I] - -Collect call/reply SRT (Service Response Time) data for FC. Data collected -is number of calls for each Fibre Channel command, MinSRT, MaxSRT and AvgSRT. -Example: use B<-z fc,srt>. -The Service Response Time is calculated as the time delta between the -First packet of the exchange and the Last packet of the exchange. - -The data will be presented as separate tables for all normal FC commands, -Only those commands that are seen in the capture will have its stats -displayed. - -This option can be used multiple times on the command line. - -If the optional filterstring is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z "fc,srt,fc.id==01.02.03"> to only collect stats for -FC packets echanged by the host at FC address 01.02.03 . - -B<-z> ldap,srt[,I] - -Collect call/reply SRT (Service Response Time) data for LDAP. Data collected -is number of calls for each implemented LDAP command, MinSRT, MaxSRT and AvgSRT. -Example: use B<-z ldap,srt>. -The Service Response Time is calculated as the time delta between the -Request and the Response. - -The data will be presented as separate tables for all implemented LDAP commands, -Only those commands that are seen in the capture will have its stats -displayed. - -This option can be used multiple times on the command line. - -If the optional filterstring is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z "ldap,srt,ip.addr==10.1.1.1"> to only collect stats for -LDAP packets echanged by the host at IP address 10.1.1.1 . - -The only LDAP command that are currently implemented and the stats will be available for are: -BIND -SEARCH -MODIFY -ADD -DELETE -MODRDN -COMPARE -EXTENDED - - -B<-z> mgcp,srt[I<,filter>] - -Collect requests/response SRT (Service Response Time) data for MGCP. -This is similar to B<-z smb,srt>). Data collected is number of calls -for each known MGCP Type, Minimum SRT, Maximum SRT and Average SRT. -Example: use B<-z mgcp,srt>. - -This option can be used multiple times on the command line. - -If the optional filterstring is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z "mgcp,srt,ip.addr==1.2.3.4"> to only collect stats for -MGCP packets exchanged by the host at IP address 1.2.3.4 . - -B<-z> conv,I[,I] - -Create a table that lists all conversations that could be seen in the -capture. I specifies for which type of conversation we want to -generate the statistics; currently the supported ones are - - "eth" Ethernet - "fc" Fibre Channel addresses - "fddi" FDDI addresses - "ip" IP addresses - "ipx" IPX addresses - "tcp" TCP/IP socket pairs Both IPv4 and IPv6 are supported - "tr" TokenRing - "udp" UDP/IP socket pairs Both IPv4 and IPv6 are supported - -If the optional filter string is specified, only those packets that match the -filter will be used in the calculations. - -The table is presented with one line for each conversation and displays -number of packets/bytes in each direction as well as total number of -packets/bytes. By default, the table is sorted according to total number -of packets. - -These tables can also be generated at runtime by selecting the appropriate -conversation type from the menu "Tools/Statistics/Conversation List/". - -B<-z> h225,counter[I<,filter>] - -Count ITU-T H.225 messages and their reasons. In the first column you get a -list of H.225 messages and H.225 message reasons, which occur in the current -capture file. The number of occurences of each message or reason is displayed -in the second column. - -Example: use B<-z h225,counter>. - -This option can be used multiple times on the command line. - -If the optional filterstring is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z "h225,counter,ip.addr==1.2.3.4"> to only collect stats for -H.225 packets exchanged by the host at IP address 1.2.3.4 . - - -B<-z> h225,srt[I<,filter>] - -Collect requests/response SRT (Service Response Time) data for ITU-T H.225 RAS. -Data collected is number of calls of each ITU-T H.225 RAS Message Type, -Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet. -You will also get the number of Open Requests (Unresponded Requests), -Discarded Responses (Responses without matching request) and Duplicate Messages. -Example: use B<-z h225,srt>. - -This option can be used multiple times on the command line. - -If the optional filterstring is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z "h225,srt,ip.addr==1.2.3.4"> to only collect stats for -ITU-T H.225 RAS packets exchanged by the host at IP address 1.2.3.4 . - -B<-z> sip,stat[I<,filter>] - -This option will activate a counter for SIP messages. You will get the number -of occurences of each SIP Method and of each SIP Status-Code. Additionally you -also get the number of resent SIP Messages (only for SIP over UDP). - -Example: use B<-z sip,stat>. - -This option can be used multiple times on the command line. - -If the optional filter string is provided, the stats will only be calculated -on those calls that match that filter. -Example: use B<-z "sip,stat,ip.addr==1.2.3.4"> to only collect stats for -SIP packets exchanged by the host at IP address 1.2.3.4 . - -=back - -=head1 INTERFACE - -=head2 MENU ITEMS - -=over 4 - -=item File:Open - -=item File:Open Recent - -=item File:Close - -Open or close a capture file. The I dialog box -allows a filter to be specified; when the capture file is read, the -filter is applied to all packets read from the file, and packets not -matching the filter are discarded. The I is a submenu -and will show a list of previously opened files. - -=item File:Merge - -Merge another capture file to the currently loaded one. The I -dialog box allows the merge "Prepended", "Chronologically" or "Appended", -relative to the already loaded one. - -=item File:Save - -=item File:Save As - -Save the current capture, or the packets currently displayed from that -capture, to a file. Check boxes let you select whether to save all -packets, or just those that have passed the current display filter and/or -those that are currently marked, and an option menu lets you select (from -a list of file formats in which at particular capture, or the packets -currently displayed from that capture, can be saved), a file format in -which to save it. - -=item File:File Set:List Files - -Show a dialog box that list all files of the file set matching the currently -loaded file. A file set is a compound of files resulting from a capture using -the "multiple files" / "ringbuffer" mode, recognizable by the filename pattern, -e.g.: Filename_00001_20050604101530.pcap. - -=item File:File Set:Next File - -=item File:File Set:Previous File - -If the currently loaded file is part of a file set (see above), open the -next / previous file in that set. - -=item File:Export - -Export captured data into an external format. Note: the data cannot be -imported back into Ethereal, so be sure to keep the capture file. - -=item File:Print - -Print packet data from the current capture. You can select the range of -packets to be printed (which packets are printed), and the output format of -each packet (how each packet is printed). The output format will be similar -to the displayed values, so a summary line, the packet details view, and/or -the hex dump of the packet can be printed. - -Printing options can be set with the I menu item, or in the -dialog box popped up by this menu item. - -=item File:Quit - -Exit the application. - -=item Edit:Find Packet - -Search forward or backward, starting with the currently selected packet -(or the most recently selected packet, if no packet is selected). Search -criteria can be a display filter expression, a string of hexadecimal -digits, or a text string. - -When searching for a text string, you can search the packet data, or you -can search the text in the Info column in the packet list pane or in the -packet details pane. - -Hexadecimal digits can be separated by colons, periods, or dashes. -Text string searches can be ASCII or Unicode (or both), and may be -case insensitive. - -=item Edit:Find Next - -=item Edit:Find Previous - -Search forward / backward for a packet matching the filter from the previous -search, starting with the currently selected packet (or the most recently -selected packet, if no packet is selected). - -=item Edit:Time Reference:Set Time Reference (toggle) - -Set (or unset if currently set) the selected packet as a Time Reference packet. -When a packet is set as a Time Reference packet, the timestamps in the packet -list pane will be replaced with the string "*REF*". -The relative time timestamp in later packets will then be calculated relative -to the timestamp of this Time Reference packet and not the first packet in -the capture. - -Packets that have been selected as Time Reference packets will always be -displayed in the packet list pane. Display filters will not affect or -hide these packets. - -If there is a column displayed for "Culmulative Bytes" this counter will -be reset at every Time Reference packet. - -=item Edit:Time Reference:Find Next - -=item Edit:Time Reference:Find Previous - -Search forward / backward for a time referenced packet. - -=item Edit:Mark Packet (toggle) - -Mark (or unmark if currently marked) the selected packet. The field -"frame.marked" is set for packets that are marked, so that, for example, -a display filters can be used to display only marked packets, and so that -the L dialog can be used to find the next or previous -marked packet. - -=item Edit:Mark All Packets - -=item Edit:Unmark All Packets - -Mark / Unmark all packets that are currently displayed. - -=item Edit:Preferences - -Set the GUI, capture, printing and protocol options -(see L dialog below). - -=item View:Main Toolbar - -=item View:Filter Toolbar - -=item View:Statusbar - -Show or hide the main window controls. - -=item View:Packet List - -=item View:Packet Details - -=item View:Packet Bytes - -Show or hide the main window panes. - -=item View:Time Display Format - -Set the format of the packet timestamp displayed in the packet list window. - -=item View:Name Resolution:Resolve Name - -Try to resolve a name for the currently seleted item. - -=item View:Name Resolution:Enable for ... Layer - -Enable or disable translation of addresses to names in the display. - -=item View:Colorize Packet List - -Enable or disable the coloring rules. Disabling will improve performance. - -=item View:Auto Scroll in Live Capture - -Enable or disable the automatic scrolling of the -packet list while a live capture is in progress. - -=item View:Zoom In - -=item View:Zoom Out - -Zoom into / out of the main window data (by changing the font size). - -=item View:Normal Size - -Reset the zoom factor of zoom in / zoom out back to normal font size. - -=item View:Resize All Columns - -Resize all columns to best fit the current packet display. - -=item View:Expand Subtrees - -Expands the currently selected item and it's subtrees in the packet details. - -=item View:Expand All - -=item View:Collapse All - -Expand / Collapse all branches of the packet details. - -=item View:Coloring Rules - -Change the foreground and background colors of the packet information in -the list of packets, based upon display filters. The list of display -filters is applied to each packet sequentially. After the first display -filter matches a packet, any additional display filters in the list are -ignored. Therefore, if you are filtering on the existence of protocols, -you should list the higher-level protocols first, and the lower-level -protocols last. - -=over - -=item How Colorization Works - -Packets are colored according to a list of color filters. Each filter -consists of a name, a filter expression and a coloration. A packet is -colored according to the first filter that it matches. Color filter -expressions use exactly the same syntax as display filter expressions. - -When Ethereal starts, the color filters are loaded from: - -=over - -1. The user's personal color filters file or, if that does not exist, - -2. The global color filters file. - -=back - -If neither of these exist then the packets will not be colored. - -=back - -=item View:Show Packet In New Window - -Create a new window containing a packet details view and a hex dump -window of the currently selected packet; this window will continue to -display that packet's details and data even if another packet is -selected. - -=item View:Reload - -Reload a capture file. Same as I and I the same -file again. - -=item Go:Back - -Go back in previously visited packets history. - -=item Go:Forward - -Go forward in previously visited packets history. - -=item Go:Go To Packet - -Go to a particular numbered packet. - -=item Go:Go To Corresponding Packet - -If a field in the packet details pane containing a packet number is -selected, go to the packet number specified by that field. (This works -only if the dissector that put that entry into the packet details put it -into the details as a filterable field rather than just as text.) This -can be used, for example, to go to the packet for the request -corresponding to a reply, or the reply corresponding to a request, if -that packet number has been put into the packet details. - -=item Go:First Packet - -=item Go:Last Packet - -Go to the first / last packet in the capture. - -=item Capture:Interfaces - -Shows a dialog box with all currently known interfaces and displaying the -current network traffic amount. Capture sessions can be started from here. -Beware: keeping this box open results in high system load! - -=item Capture:Options - -Initiate a live packet capture (see L -dialog below). If no filename is specified, a temporary file will be created -to hold the capture. The location of the file can be chosen by setting your -TMPDIR environment variable before starting B. Otherwise, the -default TMPDIR location is system-dependent, but is likely either F -or F. - -=item Capture:Start - -Start a live packet capture with the previously seleted options. This won't -open the options dialog box, and can be convenient for repeatingly capturing -with the same options. - -=item Capture:Stop - -Stop a running live capture. - -=item Capture:Restart - -While a live capture is running, stop it and restart with the same options -again. This can be convenient to remove unrelevant packets, if no valuable -packets were captured so far. - -=item Capture:Capture Filters - -Edit the saved list of capture filters, allowing filters to be added, -changed, or deleted. - -=item Analyze:Display Filters - -Edit the saved list of display filters, allowing filters to be added, -changed, or deleted. - -=item Analyze:Apply as Filter - -Create a display filter, or add to the display filter strip at the -bottom, a display filter based on the data currently highlighted in the -packe details, and apply the filter. - -If that data is a field that can be tested in a display filter -expression, the display filter will test that field; otherwise, the -display filter will be based on absolute offset within the packet, and -so could be unreliable if the packet contains protocols with -variable-length headers, such as a source-routed token-ring packet. - -The B option creates a display filter that tests for a match -of the data; the B option creates a display filter that -tests for a non-match of the data. The B, B, -B, and B options add to the end of -the display filter in the strip at the bottom an AND or OR operator -followed by the new display filter expression. - -=item Analyze:Prepare a Filter - -Create a display filter, or add to the display filter strip at the -bottom, a display filter based on the data currently highlighted in the -packet details, but don't apply the filter. - -=item Analyze:Enabled Protocols - -Allow protocol dissection to be enabled or disabled for a specific -protocol. Individual protocols can be enabled or disabled by clicking -on them in the list or by highlighting them and pressing the space bar. -The entire list can be enabled, disabled, or inverted using the buttons -below the list. - -When a protocol is disabled, dissection in a particular packet stops -when that protocol is reached, and Ethereal moves on to the next packet. -Any higher-layer protocols that would otherwise have been processed will -not be displayed. For example, disabling TCP will prevent the dissection -and display of TCP, HTTP, SMTP, Telnet, and any other protocol exclusively -dependent on TCP. - -The list of protocols can be saved, so that Ethereal will start up with -the protocols in that list disabled. - -=item Analyze:Decode As - -If you have a packet selected, present a dialog allowing you to change -which dissectors are used to decode this packet. The dialog has one -panel each for the link layer, network layer and transport layer -protocol/port numbers, and will allow each of these to be changed -independently. For example, if the selected packet is a TCP packet to -port 12345, using this dialog you can instruct Ethereal to decode all -packets to or from that TCP port as HTTP packets. - -=item Analyze:User Specified Decodes - -Create a new window showing whether any protocol ID to dissector -mappings have been changed by the user. This window also allows the -user to reset all decodes to their default values. - -=item Analyze:Follow TCP Stream - -If you have a TCP packet selected, display the contents of the data -stream for the TCP connection to which that packet belongs, as text, in -a separate window, and leave the list of packets in a filtered state, -with only those packets that are part of that TCP connection being -displayed. You can revert to your old view by pressing ENTER in the -display filter text box, thereby invoking your old display filter (or -resetting it back to no display filter). - -The window in which the data stream is displayed lets you select: - -=over 8 - -=item * - -whether to display the entire conversation, or one or the other side of -it; - -=item * - -whether the data being displayed is to be treated as ASCII or EBCDIC -text or as raw hex data; - -=back 4 - -and lets you print what's currently being displayed, using the same -print options that are used for the I menu item, or -save it as text to a file. - -=item Statistics:Summary - -Show summary information about the capture, including elapsed time, -packet counts, byte counts, and the like. If a display filter is in -effect, summary information will be shown about the capture and about -the packets currently being displayed. - -=item Statistics:Protocol Hierarchy - -Show the number of packets, and the number of bytes in those packets, -for each protocol in the trace. It organizes the protocols in the same -hierarchy in which they were found in the trace. Besides counting the -packets in which the protocol exists, a count is also made for packets -in which the protocol is the last protocol in the stack. These -last-protocol counts show you how many packets (and the byte count -associated with those packets) B in a particular protocol. In -the table, they are listed under "End Packets" and "End Bytes". - -=item Statistics:IO Graphs - -Open a window where up to 5 graphs in different colors can be displayed -to indicate number of packets or number of bytes per second for all packets -matching the specified filter. -By default only one graph will be displayed showing number of packets per second. - -The top part of the window contains the graphs and scales for the X and -Y axis. If the graph is too long to fit inside the window there is a -horizontal scrollbar below the drawing area that can scroll the graphs -to the left or the right. The horizontal axis displays the time into -the capture and the vertical axis will display the measured quantity at -that time. - -Below the drawing area and the scrollbar are the controls. On the -bottom left there will be five similar sets of controls to control each -induvidual graph such as "Display: