From ae9f16c37b0665357a56a0c0cc350774c0ce6f0b Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Wed, 25 Jun 2008 22:52:08 +0000 Subject: We apper to spell it "TShark" rather than "Tshark", the fact that it's "Wireshark" rather than "WireShark" nonwithstanding. Say we run on NT 4.0 rather than "NT" - I don't know whether we run on NT 3.x (and 2000/2003/XP are really NT 5.x and Vista/2008 are really NT 6.x - that's why Microsoft are talking about "Windows 7" as the next big release). In the capture-privileges paragraph, note that it's dumpcap that needs to run as root, and suggest not only that Wireshark shouldn't be set-UID root, but that it shouldn't even be run as root, and that the same applies to TShark. Update "How to Report a Bug" to reflect that we're telling people to report bugs on Bugzilla, and that "wireshark -v"/"tshark -v" give almost all the version information we want. svn path=/trunk/; revision=25605 --- README | 63 +++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) (limited to 'README') diff --git a/README b/README index a5b02b09a9..6a17b240ea 100644 --- a/README +++ b/README @@ -7,7 +7,7 @@ Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. -The Wireshark distribution also comes with Tshark, which is a +The Wireshark distribution also comes with TShark, which is a line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the same dissection, capture-file reading and writing, and packet filtering code as Wireshark, and with editcap, which is a program to read capture @@ -40,7 +40,7 @@ Wireshark is known to compile and run on the following systems: - Tru64 UNIX (formerly Digital UNIX) (3.2 and later) - Irix (6.5) - AIX (4.3.2, with a bit of work) - - Win32 (NT, 2000, 2003, XP, Vista) + - Win32 (NT 4.0, 2000, 2003, XP, Vista) and possibly on other versions of those OSes. It should run on other Unix-ish systems without too much trouble. @@ -69,14 +69,15 @@ instructions. Usage ----- -In order to capture packets from the network, you need to be running as -root, or have access to the appropriate entry under /dev if your system -is so inclined (BSD-derived systems, and systems such as Solaris and -HP-UX that support DLPI, typically fall into this category). Although -it might be tempting to make the Wireshark executable setuid root, please -don't. The capture process has been isolated in dumpcap, which can be -installed setuid root. This simple program is less likely to contain -security holes. +In order to capture packets from the network, you need to make the +dumpcap program set-UID to root, or you need to have access to the +appropriate entry under /dev if your system is so inclined (BSD-derived +systems, and systems such as Solaris and HP-UX that support DLPI, +typically fall into this category). Although it might be tempting to +make the Wireshark and TShark executables setuid root, or to run them as +root please don't. The capture process has been isolated in dumpcap; +this simple program is less likely to contain security holes, and thus +safer to run as root. Please consult the man page for a description of each command-line option and interface feature. @@ -208,27 +209,25 @@ option. How to Report a Bug ------------------- Wireshark is still under constant development, so it is possible that you will -encounter a bug while using it. Please report bugs to http://bugs.wireshark.org. -Be sure you tell us: - - 1) Operating System and version (the command 'uname -sr' may - tell you this, although on Linux systems it will probably - tell you only the version number of the Linux kernel, not of - the distribution as a whole; on Linux systems, please tell us - both the version number of the kernel, and which version of - which distribution you're running) - 2) Version of GTK+ (the command 'gtk-config --version' will tell you) - 3) Version of Wireshark (the command 'wireshark -v' will tell you, - unless the bug is so severe as to prevent that from working, - and should also tell you the versions of libraries with which - it was built) - 4) The command you used to invoke Wireshark, and the sequence of - operations you performed that caused the bug to appear - -If the bug is produced by a particular trace file, please be sure to send -a trace file along with your bug description. Please don't send a trace file -greater than 1 MB when compressed. If the trace file contains sensitive -information (e.g., passwords), then please do not send it. +encounter a bug while using it. Please report bugs at http://bugs.wireshark.org. +Be sure you enter into the bug: + + 1) the complete build information from the "About Wireshark" + item in the Help menu or the output of "wireshark -v" for + Wireshark bugs and the output of "tshark -v" for TShark bugs; + + 2) if the bug happened on Linux, the Linux distribution you were + using, and the version of that distribution; + + 3) the command you used to invoke Wireshark, if you ran + Wireshark from the command line, or TShark, if you ran + TShark, and the sequence of operations you performed that + caused the bug to appear. + +If the bug is produced by a particular trace file, please be sure to +attach to the bug a trace file along with your bug description. If the +trace file contains sensitive information (e.g., passwords), then please +do not send it. If Wireshark died on you with a 'segmentation violation', 'bus error', 'abort', or other error that produces a UNIX core dump file, you can @@ -245,7 +244,7 @@ $ The core dump file may be named "wireshark.core" rather than "core" on some platforms (e.g., BSD systems). If you got a core dump with -Tshark rather than Wireshark, use "tshark" as the first argument to +TShark rather than Wireshark, use "tshark" as the first argument to the debugger; the core dump may be named "tshark.core". Disclaimer -- cgit v1.2.3