diff options
author | Gerald Combs <gerald@wireshark.org> | 2006-05-31 17:38:42 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2006-05-31 17:38:42 +0000 |
commit | 8958bab6dee184310e4393e33591eb0cef1f7de1 (patch) | |
tree | afe5ad59d2280ee36c0ce913a4252cddc692436f /doc | |
parent | 7bc853b62b59e6cf66ba2c3a2699a8a79ef864bd (diff) |
Tethereal/tethereal -> TShark/tshark.
svn path=/trunk/; revision=18268
Diffstat (limited to 'doc')
-rw-r--r-- | doc/Makefile.am | 18 | ||||
-rw-r--r-- | doc/Makefile.nmake | 24 | ||||
-rw-r--r-- | doc/README.developer | 6 | ||||
-rw-r--r-- | doc/README.regression | 16 | ||||
-rw-r--r-- | doc/README.stats_tree | 4 | ||||
-rw-r--r-- | doc/README.tapping | 4 | ||||
-rw-r--r-- | doc/README.xml-output | 16 | ||||
-rw-r--r-- | doc/capinfos.pod | 2 | ||||
-rw-r--r-- | doc/dumpcap.pod | 2 | ||||
-rw-r--r-- | doc/ethereal-filter.pod.template | 14 | ||||
-rw-r--r-- | doc/ethereal.pod | 2 | ||||
-rw-r--r-- | doc/tshark.pod (renamed from doc/tethereal.pod) | 92 |
12 files changed, 100 insertions, 100 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am index 1cfe9b83ae..bc44daac65 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -39,17 +39,17 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT --noindex \ ethereal-tmp.pod > ../ethereal.html -../tethereal.1: tethereal.pod ../config.h +../tshark.1: tshark.pod ../config.h $(POD2MAN) \ --center="The Wireshark Network Analyzer" \ --release=$(VERSION) \ - $(srcdir)/tethereal.pod > ../tethereal.1 + $(srcdir)/tshark.pod > ../tshark.1 -../tethereal.html: tethereal.pod ../config.h +../tshark.html: tshark.pod ../config.h $(POD2HTML) \ - --title="tethereal - The Wireshark Network Analyzer $(VERSION)" \ + --title="tshark - The Wireshark Network Analyzer $(VERSION)" \ --noindex \ - $(srcdir)/tethereal.pod > ../tethereal.html + $(srcdir)/tshark.pod > ../tshark.html ../ethereal-filter.4: ethereal-filter.pod ../config.h $(POD2MAN) \ @@ -64,8 +64,8 @@ ethereal-tmp.pod: $(srcdir)/ethereal.pod $(top_builddir)/AUTHORS-SHORT-FORMAT --noindex \ ethereal-filter.pod > ../ethereal-filter.html -ethereal-filter.pod: ethereal-filter.pod.template ../tethereal - ../tethereal -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod +ethereal-filter.pod: ethereal-filter.pod.template ../tshark + ../tshark -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal-filter.pod.template > ethereal-filter.pod ../capinfos.1: capinfos.pod ../config.h $(POD2MAN) \ @@ -152,8 +152,8 @@ CLEANFILES = \ ../editcap.html \ ../mergecap.1 \ ../mergecap.html \ - ../tethereal.1 \ - ../tethereal.html \ + ../tshark.1 \ + ../tshark.html \ ../text2pcap.1 \ ../text2pcap.html \ ../dumpcap.1 \ diff --git a/doc/Makefile.nmake b/doc/Makefile.nmake index a58101bc6c..fc86a8bab9 100644 --- a/doc/Makefile.nmake +++ b/doc/Makefile.nmake @@ -26,10 +26,10 @@ include ../config.nmake -doc: ethereal.html tethereal.html ethereal-filter.html capinfos.html \ +doc: ethereal.html tshark.html ethereal-filter.html capinfos.html \ editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html -man: ethereal.1 tethereal.1 ethereal-filter.4 capinfos.1 editcap.1 \ +man: ethereal.1 tshark.1 ethereal-filter.4 capinfos.1 editcap.1 \ idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1 ethereal-tmp.pod: ethereal.pod ../AUTHORS-SHORT-FORMAT @@ -52,22 +52,22 @@ ethereal.html: ethereal-tmp.pod ../config.h --noindex \ ethereal-tmp.pod > ethereal.html -../tethereal.exe: +../tshark.exe: cd .. - $(MAKE) -f makefile.nmake tethereal.exe + $(MAKE) -f makefile.nmake tshark.exe cd doc -tethereal.1: tethereal.pod ../config.h +tshark.1: tshark.pod ../config.h $(POD2MAN) \ --center="The Wireshark Network Analyzer" \ --release=$(VERSION) \ - tethereal.pod > tethereal.1 + tshark.pod > tshark.1 -tethereal.html: tethereal.pod ../config.h +tshark.html: tshark.pod ../config.h $(POD2HTML) \ - --title="tethereal - The Wireshark Network Analyzer $(VERSION)" \ + --title="tshark - The Wireshark Network Analyzer $(VERSION)" \ --noindex \ - tethereal.pod > tethereal.html + tshark.pod > tshark.html ethereal-filter.4: ethereal-filter.pod ../config.h $(POD2MAN) \ @@ -81,10 +81,10 @@ ethereal-filter.html: ethereal-filter.pod ../config.h --noindex \ ethereal-filter.pod > ethereal-filter.html -ethereal-filter.pod: ethereal-filter.pod.template ../tethereal.exe +ethereal-filter.pod: ethereal-filter.pod.template ../tshark.exe cd .. $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-deps - tethereal.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod + tshark.exe -G | $(PERL) doc\dfilter2pod.pl doc\ethereal-filter.pod.template > doc\ethereal-filter.pod $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake clean-deps cd doc @@ -163,7 +163,7 @@ dumpcap.html: dumpcap.pod ../config.h clean: rm -f ethereal.html ethereal.1 ethereal-tmp.pod - rm -f tethereal.html tethereal.1 + rm -f tshark.html tshark.1 rm -f ethereal-filter.html ethereal-filter.4 ethereal-filter.pod rm -f capinfos.html capinfos.1 rm -f editcap.html editcap.1 diff --git a/doc/README.developer b/doc/README.developer index 1e14507622..fa7696d99a 100644 --- a/doc/README.developer +++ b/doc/README.developer @@ -497,17 +497,17 @@ much better to use the g_snprintf() function declared by <glib.h> instead. You should test your dissector against incorrectly-formed packets. This can be done using the randpkt and editcap utilities that come with the Ethereal distribution. Testing using randpkt can be done by generating -output at the same layer as your protocol, and forcing Ethereal/Tethereal +output at the same layer as your protocol, and forcing Ethereal/TShark to decode it as your protocol, e.g. if your protocol sits on top of UDP: randpkt -c 50000 -t dns randpkt.pcap - tethereal -nVr randpkt.pcap -d udp.port==53,<myproto> + tshark -nVr randpkt.pcap -d udp.port==53,<myproto> Testing using editcap can be done using preexisting capture files and the "-E" flag, which introduces errors in a capture file. E.g.: editcap -E 0.03 infile.pcap outfile.pcap - tethereal -nVr outfile.pcap + tshark -nVr outfile.pcap 1.1.4 Name convention. diff --git a/doc/README.regression b/doc/README.regression index 04f06bc0ab..e21365f60d 100644 --- a/doc/README.regression +++ b/doc/README.regression @@ -1,27 +1,27 @@ # -# Ethereal/Tethereal Regression Testing +# Ethereal/TShark Regression Testing # # $Id$ # # This is a sample Makefile for regression testing of the -# Ethereal engine. These tests use that uses 'tethereal -V' to analyze all +# Ethereal engine. These tests use that uses 'tshark -V' to analyze all # the frames of a capture file. # # You should probably rename this file as 'Makefile' in a separate directory # set aside for the sole purpose of regression testing. Two text files will # be created for each capture file you test, so expect to have lots of files. # -# Set TETHEREAL, CAPTURE_DIR, and CAPTURE_FILES to values appropriate for +# Set TSHARK, CAPTURE_DIR, and CAPTURE_FILES to values appropriate for # your system. Run 'make' to create the initial datasets. Type 'make accept' # to accept those files as the reference set. # -# After you make changes to Tethereal, run 'make regress'. This will re-run +# After you make changes to TShark, run 'make regress'. This will re-run # the tests and compare them against the accepted reference set of data. # The comparison, which is just an invocation of 'diff -u' for the output # of each trace file, will be put into a file called 'regress'. Examine # this file for any changes that you did or did not expect. # -# If you have introduced a change to Tethereal that shows up in the tests, but +# If you have introduced a change to TShark that shows up in the tests, but # it is a valid change, run 'make accept' to accept those new data as your # reference set. # @@ -33,7 +33,7 @@ # 'make accept' Accept current tests; make them the reference test results # 'make clean' Cleans any tests (but not references!) -TETHEREAL=/home/gram/prj/ethereal/debug/linux-ix86/tethereal +TSHARK=/home/gram/prj/ethereal/debug/linux-ix86/tshark CAPTURE_DIR=/home/gram/prj/sniff @@ -59,8 +59,8 @@ all: $(TESTS) clean: rm -f $(TESTS) -%.tether : $(CAPTURE_DIR)/% $(TETHEREAL) - $(TETHEREAL) -V -n -r $< > $@ +%.tether : $(CAPTURE_DIR)/% $(TSHARK) + $(TSHARK) -V -n -r $< > $@ accept: $(REFERENCES) diff --git a/doc/README.stats_tree b/doc/README.stats_tree index a8e3b668fe..e834b08046 100644 --- a/doc/README.stats_tree +++ b/doc/README.stats_tree @@ -4,9 +4,9 @@ tapping with stats_tree Let's suppose that you want to write a tap only to keep counters, and you don't want to get involved with GUI programming or maybe you'd like to make it a plugin. A stats_tree might be the way to go. The stats_tree module takes -care of the representation (GUI for ethereal and text for tethereal) of the +care of the representation (GUI for ethereal and text for tshark) of the tap data. So there's very little code to write to make a tap listener usable -from both ethereal and tethereal. +from both ethereal and tshark. First, you should add the TAP to the dissector in question as described in README.tapping . diff --git a/doc/README.tapping b/doc/README.tapping index 2347716dbb..6db72ef576 100644 --- a/doc/README.tapping +++ b/doc/README.tapping @@ -6,11 +6,11 @@ In order to use the tapping system, very little knowledge of ethereal internals are required. As examples on how to use the tap system see the implementation of -tap-rpcstat.c (tethereal version) +tap-rpcstat.c (tshark version) gtk/gtk-rpcstat.c (gtk-ethereal version) If all you need is to keep some counters, there's the stats_tree API, -which offers a simple way to make a GUI and tethereal tap-listener; see +which offers a simple way to make a GUI and tshark tap-listener; see README.stats_tree. However, keep reading, as you'll need much of what's in this document. diff --git a/doc/README.xml-output b/doc/README.xml-output index 25facda09d..787311ce33 100644 --- a/doc/README.xml-output +++ b/doc/README.xml-output @@ -5,7 +5,7 @@ Copyright (c) 2003 by Gilbert Ramirez <gram@alumni.rice.edu> Ethereal has the ability to export its protocol dissection in an -XML format, tethereal has similar functionality by using the "-Tpdml" +XML format, tshark has similar functionality by using the "-Tpdml" option. The XML that wireshark produces follows the Packet Details Markup @@ -18,10 +18,10 @@ A related XML format, the Packet Summary Markup Language (PSML), is also defined by the Analyzer group to provide packet summary information. The PSML format is not documented in a publicly-available HTML document, but its format is simple. Ethereal can export this format too. Some day it -may be added to tethereal so that "-Tpsml" would produce PSML. +may be added to tshark so that "-Tpsml" would produce PSML. One wonders if the "-T" option should read "-Txml" instead of "-Tpdml" -(and in the future, "-Tpsml"), but if tethereal was required to produce +(and in the future, "-Tpsml"), but if tshark was required to produce another XML-based format of its protocol dissection, then "-Txml" would be ambiguous. @@ -53,7 +53,7 @@ Example: <pdml version="0" creator="ethereal/0.9.17"> The creator is "ethereal" (i.e., the "ethereal" engine. It will always say -"ethereal", not "tethereal") version 0.9.17. +"ethereal", not "tshark") version 0.9.17. The "<proto>" tag @@ -192,13 +192,13 @@ a protocol or a field: General Notes ============= Generally, parsing XML is slow. If you're writing a script to parse -the PDML output of tethereal, pass a read filter with "-R" to tethereal to -try to reduce as much as possible the number of packets coming out of tethereal. +the PDML output of tshark, pass a read filter with "-R" to tshark to +try to reduce as much as possible the number of packets coming out of tshark. The less your script has to process, the faster it will be. 'tools/msnchat' is a sample Python program that uses EtherealXML to parse PDML. -Given one or more capture files, it runs tethereal on each of them, providing -a read filter to reduce tethereal's output. It finds MSN Chat conversations +Given one or more capture files, it runs tshark on each of them, providing +a read filter to reduce tshark's output. It finds MSN Chat conversations in the capture file and produces nice HTML showing the conversations. It has only been tested with capture files containing non-simultaneous chat sessions, but was written to more-or-less handle any number of simultanous chat diff --git a/doc/capinfos.pod b/doc/capinfos.pod index 740462c71b..27c67e9bcf 100644 --- a/doc/capinfos.pod +++ b/doc/capinfos.pod @@ -106,7 +106,7 @@ Prints the help listing and exits. =head1 SEE ALSO -I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>, I<editcap(1)>, I<tethereal(1)> +I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>, I<editcap(1)>, I<tshark(1)> =head1 NOTES diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod index 216f7fdefa..19fd7aa4df 100644 --- a/doc/dumpcap.pod +++ b/doc/dumpcap.pod @@ -198,7 +198,7 @@ See the manual page of I<tcpdump(8)>. =head1 SEE ALSO -I<ethereal(1)>, I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)> +I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)> =head1 NOTES diff --git a/doc/ethereal-filter.pod.template b/doc/ethereal-filter.pod.template index b560a8b3e4..01caa5b599 100644 --- a/doc/ethereal-filter.pod.template +++ b/doc/ethereal-filter.pod.template @@ -7,12 +7,12 @@ ethereal-filter - Ethereal filter syntax and reference B<ethereal> [other options] S<[ B<-R> "filter expression" ]> -B<tethereal> [other options] +B<tshark> [other options] S<[ B<-R> "filter expression" ]> =head1 DESCRIPTION -B<Ethereal> and B<Tethereal> share a powerful filter engine that helps remove +B<Ethereal> and B<TShark> share a powerful filter engine that helps remove the noise from a packet trace and lets you see only the packets that interest you. If a packet meets the requirements expressed in your filter, then it is displayed in the list of packets. Display filters let you compare the @@ -37,7 +37,7 @@ Think of a protocol or field in a filter as implicitly having the "exists" operator. Note: all protocol and field names that are available in B<Ethereal> and -B<Tethereal> filters are listed in the comprehensive B<FILTER PROTOCOL +B<TShark> filters are listed in the comprehensive B<FILTER PROTOCOL REFERENCE> (see below). =head2 Comparison operators @@ -85,11 +85,11 @@ a case-insensitive pattern match. More information on PCRE can be found in the pcrepattern(3) man page (Perl Regular Expressions are explained in B<http://www.perldoc.com/perl5.8.0/pod/perlre.html>). -Note: the "matches" operator is only available if B<Ethereal> or B<Tethereal> +Note: the "matches" operator is only available if B<Ethereal> or B<TShark> have been compiled with the PCRE library. This can be checked by running: ethereal -v - tethereal -v + tshark -v or selecting the "About Ethereal" item from the "Help" menu in B<Ethereal>. @@ -221,7 +221,7 @@ Another example is: You can use the slice operator on a protocol name, too. The "frame" protocol can be useful, encompassing all the data captured -by B<Ethereal> or B<Tethereal>. +by B<Ethereal> or B<TShark>. token[0:5] ne 0.0.0.1.1 llc[0] eq aa @@ -393,7 +393,7 @@ in B<http://www.winpcap.org/docs/man/html/group__language.html>. =head1 SEE ALSO -I<ethereal(1)>, I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)> +I<ethereal(1)>, I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)> =head1 AUTHORS diff --git a/doc/ethereal.pod b/doc/ethereal.pod index 261b514892..3ab44eb7f2 100644 --- a/doc/ethereal.pod +++ b/doc/ethereal.pod @@ -2199,7 +2199,7 @@ See above in the description of the About:Plugins page. =head1 SEE ALSO -I<ethereal-filter(4)> I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)> +I<ethereal-filter(4)> I<tshark(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)> =head1 NOTES diff --git a/doc/tethereal.pod b/doc/tshark.pod index b5bfb8188e..19193af20a 100644 --- a/doc/tethereal.pod +++ b/doc/tshark.pod @@ -1,11 +1,11 @@ =head1 NAME -tethereal - Dump and analyze network traffic +tshark - Dump and analyze network traffic =head1 SYNOPSYS -B<tethereal> +B<tshark> S<[ B<-a> E<lt>capture autostop conditionE<gt> ] ...> S<[ B<-b> E<lt>capture ring buffer optionE<gt>] ...> S<[ B<-B> E<lt>capture buffer size (Win32 only)E<gt> ] > @@ -39,18 +39,18 @@ S<[ B<-z> E<lt>statisticsE<gt> ]> =head1 DESCRIPTION -B<Tethereal> is a network protocol analyzer. It lets you capture packet +B<TShark> is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the -standard output or writing the packets to a file. B<Tethereal>'s native +standard output or writing the packets to a file. B<TShark>'s native capture file format is B<libpcap> format, which is also the format used by B<tcpdump> and various other tools. -Without any options set, B<Tethereal> will work much like B<tcpdump>. It will +Without any options set, B<TShark> will work much like B<tcpdump>. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet. -B<Tethereal> is able to detect, read and write the same capture files that +B<TShark> is able to detect, read and write the same capture files that are supported by B<Ethereal>. The input file doesn't need a specific filename extension, the file format and an optional gzip compression will be automatically detected. @@ -59,16 +59,16 @@ I<http://www.ethereal.com/docs/man-pages/ethereal.1.html> provides a detailed description. Compressed file support uses (and therefore requires) the zlib library. -If the zlib library is not present, B<Tethereal> will compile, but will +If the zlib library is not present, B<TShark> will compile, but will be unable to read compressed files. -If the B<-w> option is not specified, B<Tethereal> writes to the standard +If the B<-w> option is not specified, B<TShark> writes to the standard output the text of a decoded form of the packets it captures or reads. -If the B<-w> option is specified, B<Tethereal> writes to the file +If the B<-w> option is specified, B<TShark> writes to the file specified by that option the raw data of the packets, along with the packets' time stamps. -When writing a decoded form of packets, B<Tethereal> writes, by +When writing a decoded form of packets, B<TShark> writes, by default, a summary line containing the fields specified by the preferences file (which are also the fields displayed in the packet list pane in B<Ethereal>), although if it's writing packets as it captures @@ -78,19 +78,19 @@ writes instead a view of the details of the packet, showing all the fields of all protocols in the packet. If you want to write the decoded form of packets to a file, run -B<Tethereal> without the B<-w> option, and redirect its standard output to +B<TShark> without the B<-w> option, and redirect its standard output to the file (do I<not> use the B<-w> option). -When writing packets to a file, B<Tethereal>, by default, writes the +When writing packets to a file, B<TShark>, by default, writes the file in B<libpcap> format, and writes all of the packets it sees to the output file. The B<-F> option can be used to specify the format in which to write the file. This list of available file formats is displayed by the B<-h> flag. -Read filters in B<Tethereal>, which allow you to select which packets +Read filters in B<TShark>, which allow you to select which packets are to be decoded or written to a file, are very powerful; more fields -are filterable in B<Tethereal> than in other protocol analyzers, and the -syntax you can use to create your filters is richer. As B<Tethereal> +are filterable in B<TShark> than in other protocol analyzers, and the +syntax you can use to create your filters is richer. As B<TShark> progresses, expect more and more protocol fields to be allowed in read filters. @@ -100,7 +100,7 @@ from the read filter syntax. A read filter can also be specified when capturing, and only packets that pass the read filter will be displayed or saved to the output file; note, however, that capture filters are much more efficient than read filters, and it may be more difficult for -B<Tethereal> to keep up with a busy network if a read filter is +B<TShark> to keep up with a busy network if a read filter is specified for a live capture. A capture or read filter can either be specified with the B<-f> or B<-R> @@ -111,7 +111,7 @@ after the option arguments, in which case all the arguments after the filter arguments are treated as a filter expression. Capture filters are supported only when doing a live capture; read filters are supported when doing a live capture and when reading a capture file, but require -Tethereal to do more work when filtering, so you might be more likely to +TShark to do more work when filtering, so you might be more likely to lose packets under heavy load if you're using a read filter. If the filter is specified with command-line arguments after the option arguments, it's a capture filter if a capture is being done (i.e., if no @@ -124,7 +124,7 @@ read (i.e., if a B<-r> option was specified). =item -a E<lt>capture autostop conditionE<gt> -Specify a criterion that specifies when B<Tethereal> is to stop writing +Specify a criterion that specifies when B<TShark> is to stop writing to a capture file. The criterion is of the form I<test>B<:>I<value>, where I<test> is one of: @@ -139,9 +139,9 @@ B<files>:I<value> Stop writing to capture files after I<value> number of files w =item -b E<lt>capture ring buffer optionE<gt> -Cause B<Tethereal> to run in "multiple files" mode. In "multiple files" mode, -B<Tethereal> will write to several capture files. When the first capture file -fills up, B<Tethereal> will switch writing to the next file and so on. +Cause B<TShark> to run in "multiple files" mode. In "multiple files" mode, +B<TShark> will write to several capture files. When the first capture file +fills up, B<TShark> will switch writing to the next file and so on. The created filenames are based on the filename given with the B<-w> option, the number of the file and on the creation date and time, @@ -149,7 +149,7 @@ e.g. outfile_00001_20050604120117.pcap, outfile_00001_20050604120523.pcap, ... With the I<files> option it's also possible to form a "ring buffer". This will fill up new files until the number of files specified, -at which point B<Tethereal> will discard the data in the first file and start +at which point B<TShark> will discard the data in the first file and start writing to that file and so on. If the I<files> option is not set, new files filled up until one of the capture stop conditions match (or until the disk if full). @@ -188,7 +188,7 @@ TCP port 8888 as HTTP. =item -D -Print a list of the interfaces on which B<Tethereal> can capture, and +Print a list of the interfaces on which B<TShark> can capture, and exit. For each network interface, a number and an interface name, possibly followed by a text description of the interface, is printed. The interface name or the number can be supplied @@ -199,11 +199,11 @@ This can be useful on systems that don't have a command to list them the number can be useful on Windows 2000 and later systems, where the interface name is a somewhat complex string. -Note that "can capture" means that B<Tethereal> was able to open -that device to do a live capture. Depending on your system you may need to run tethereal from an account +Note that "can capture" means that B<TShark> was able to open +that device to do a live capture. Depending on your system you may need to run tshark from an account with special privileges (for example, as root) to be able to capture network traffic. -If B<Tethereal -D> is not run from such an account, it will not list +If B<TShark -D> is not run from such an account, it will not list any interfaces. =item -f E<lt>capture filterE<gt> @@ -226,22 +226,22 @@ Set the name of the network interface or pipe to use for live packet capture. Network interface names should match one of the names listed in -"B<tethereal -D>" (described above); a number, as reported by -"B<tethereal -D>", can also be used. If you're using UNIX, "B<netstat +"B<tshark -D>" (described above); a number, as reported by +"B<tshark -D>", can also be used. If you're using UNIX, "B<netstat -i>" or "B<ifconfig -a>" might also work to list interface names, although not all versions of UNIX support the B<-a> option to B<ifconfig>. -If no interface is specified, B<Tethereal> searches the list of +If no interface is specified, B<TShark> searches the list of interfaces, choosing the first non-loopback interface if there are any non-loopback interfaces, and choosing the first loopback interface if there are no non-loopback interfaces. If there are no interfaces at all, -B<Tethereal> reports an error and doesn't start the capture. +B<TShark> reports an error and doesn't start the capture. Pipe names should be either the name of a FIFO (named pipe) or ``-'' to read data from the standard input. Data read from pipes must be in standard libpcap format. -Note: the Win32 version of B<Tethereal> doesn't support capturing from +Note: the Win32 version of B<TShark> doesn't support capturing from pipes or stdin! =item -l @@ -256,9 +256,9 @@ dissected, it should work just as well as true line-buffering. We do this as a workaround for a deficiency in the Microsoft Visual C++ C library.) -This may be useful when piping the output of B<Tethereal> to another +This may be useful when piping the output of B<TShark> to another program, as it means that the program to which the output is piped will -see the dissected data for a packet as soon as B<Tethereal> sees the +see the dissected data for a packet as soon as B<TShark> sees the packet and generates that output, rather than seeing it only when the standard output buffer containing that data fills up. @@ -303,7 +303,7 @@ file), and I<value> is the value to which it should be set. I<Don't> put the interface into promiscuous mode. Note that the interface might be in promiscuous mode for some other reason; hence, B<-p> cannot be used to ensure that the only traffic that is captured is -traffic sent to or from the machine on which B<Tethereal> is running, +traffic sent to or from the machine on which B<TShark> is running, broadcast traffic, and multicast traffic to addresses received by that machine. @@ -391,7 +391,7 @@ Print the version and exit. =item -V -Cause B<Tethereal> to print a view of the packet details rather +Cause B<TShark> to print a view of the packet details rather than a one-line summary of the packet. =item -w E<lt>outfileE<gt>|- @@ -405,13 +405,13 @@ option for this. =item -x -Cause B<Tethereal> to print a hex and ASCII dump of the packet data +Cause B<TShark> to print a hex and ASCII dump of the packet data after printing the summary or details. =item -X E<lt>eXtension optionsE<gt> -Specify an option to be passed to a B<Tethereal> module. The eXtension option +Specify an option to be passed to a B<TShark> module. The eXtension option is in the form I<extension_key>B<:>I<value>, where I<extension_key> can be: B<lua_script>:I<lua_script_filename> tells B<Ethereal> to load the given script in addition to the @@ -425,7 +425,7 @@ reported by B<-L> are the values that can be used. =item -z E<lt>statisticsE<gt> -Get B<Tethereal> to collect various types of statistics and display the result +Get B<TShark> to collect various types of statistics and display the result after finishing reading the capture file. Use the B<-q> flag if you're reading a capture file and only want the statistics printed, not any per-packet information. @@ -569,9 +569,9 @@ I<filter> is a filter string that controls for which packets the field value will be presented in the info column. I<field> will only be presented in the Info column for the packets which match I<filter>. -NOTE: In order for B<Tethereal> to be able to extract the I<field> value +NOTE: In order for B<TShark> to be able to extract the I<field> value from the packet, I<field> MUST be part of the I<filter> string. If not, -B<Tethereal> will not be able to extract its value. +B<TShark> will not be able to extract its value. For a simple example to add the "nfs.fh.hash" field to the Info column for all packets containing the "nfs.fh.hash" field, use @@ -630,16 +630,16 @@ SMB packets echanged by the host at IP address 1.2.3.4 . B<-z> smb,sids -When this feature is used B<Tethereal> will print a report with all the +When this feature is used B<TShark> will print a report with all the discovered SID and account name mappings. Only those SIDs where the account name is known will be presented in the table. For this feature to work you will need to either to enable "Edit/Preferences/Protocols/SMB/Snoop SID to name mappings" in the preferences or you can override the preferences by specifying -B<-o "smb.sid_name_snooping:TRUE"> on the B<Tethereal> command line. +B<-o "smb.sid_name_snooping:TRUE"> on the B<TShark> command line. -The current methods used by B<Tethereal> to find the SID->name mapping +The current methods used by B<TShark> to find the SID->name mapping is relatively restricted but is hoped to be expanded in the future. B<-z> mgcp,rtd[I<,filter>] @@ -715,7 +715,7 @@ See the manual page of I<tcpdump(8)>. =head1 READ FILTER SYNTAX For a complete table of protocol and protocol fields that are filterable -in B<Tethereal> see the I<ethereal-filter(4)> manual page. +in B<TShark> see the I<ethereal-filter(4)> manual page. =head1 FILES @@ -861,7 +861,7 @@ I<ethereal-filter(4)> I<ethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)> =head1 NOTES -B<Tethereal> is part of the B<Ethereal> distribution. The latest version +B<TShark> is part of the B<Ethereal> distribution. The latest version of B<Ethereal> can be found at B<http://www.ethereal.com>. HTML versions of the Wireshark project man pages are available at: @@ -869,6 +869,6 @@ http://www.ethereal.com/docs/man-pages =head1 AUTHORS -B<Tethereal> uses the same packet dissection code that B<Ethereal> does, +B<TShark> uses the same packet dissection code that B<Ethereal> does, as well as using many other modules from B<Ethereal>; see the list of authors in the B<Ethereal> man page for a list of authors of that code. |