Read-only mirror of Wireshark's Git repository. GitHub won't let us disable pull requests. ☞ THEY WILL BE IGNORED HERE ☜ Please upload them at https://code.wireshark.org/review/ .
C C++ CMake Makefile Lua Shell Other
Latest commit 73ac697 Feb 20, 2017 @dkgroot dkgroot committed with Anders Broman [skinny]: Fix tvb struct size guard value
The struct size guard value was used incorrectly, causing message with short
content to be only partially dissected.

Minor:
- Renamed OffHookWithCgpn to OffHookWithCalingPartyNumber
- Added SetHookFlashDetect Message
- Removed some of the debug logging when parse_xml2skinny_dissector.py:debug=0

Change-Id: If4f20d2412f8775fac3d0a2979200e8369cea6f2
Reviewed-on: https://code.wireshark.org/review/20186
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Permalink
Failed to load latest commit information.
.tx Transifex: Add type of translation file Oct 22, 2015
capchild Don't use identical log messages for non-identical error cases. Feb 20, 2017
caputils Clean up the get_if_capabilities_ routines a bit. Feb 22, 2017
cmake CMake: Move the search for libgcc_s to GLib. Feb 17, 2017
codecs Change SpanDSP capitalization Dec 7, 2016
debian Qt: Disable pane menu items if not used in layout Feb 16, 2017
diameter [Diameter] Add 3GPP AVPs Feb 20, 2017
doc Rawshark: Try to avoid a VC runtime crash. Feb 17, 2017
docbook Qt: Reset Default profile support Feb 14, 2017
dtds Continue to remove $Id$ from top of file Mar 31, 2014
echld capture_opts: free memory on exit to avoid leak. Feb 2, 2017
epan [skinny]: Fix tvb struct size guard value Feb 22, 2017
extcap g_slist_free_full requires glib 2.28 Feb 16, 2017
fix FIX: fix spelling typo found by lintian Nov 2, 2016
help help/Makefile.am: Use the python command chosen by the configure script Oct 4, 2016
idl Geospatial and Imagery Access Service (GIAS) Dissector Apr 14, 2015
image Remove name resolution from the file dialogs. Sep 9, 2016
m4 Update comments and messages for the new name for Apple's OS for Macs. Dec 20, 2016
macosx-support-lib-patches Add copyright notices. Aug 5, 2016
packaging Revert "Another change required for that." Jan 4, 2017
plugins transum: Add protections against NULL trees. Feb 18, 2017
profiles Bluetooth profile: configure columns and layout for Bluetooth Dec 14, 2016
radius dicto (RFC5580) fix typo Jan 27, 2017
randpkt_core wiretap: add cleanup routine. Feb 14, 2017
test Enable some more tests. Jan 31, 2017
tools [skinny]: Fix tvb struct size guard value Feb 22, 2017
tpncp Continue to remove $Id$ from top of file Mar 31, 2014
ui Qt: Avoid flicker in filter expressions toolbar Feb 22, 2017
wimaxasncp Fix a lot of typos and misspellings Jan 8, 2016
wiretap wtap_opttypes(.h): fix commas at the end of enumerator lists are a C+… Feb 20, 2017
writecap cmake: make WERROR_COMMON_FLAGS a normal string Sep 30, 2016
wsutil Only do save_errno = errno and errno = save_errno around g_free(); Feb 22, 2017
.bzrignore Unify the bzr and git ignore files - they're the exact same format, Oct 6, 2012
.editorconfig sharkd: fix warning C4090: 'function' : different 'const' qualifiers Feb 3, 2017
.gitattributes Ensure that run_and_catch_crashes has UNIX/POSIX line endings Jun 4, 2015
.gitignore Clean up some UN*X-vs-Windows socket issues. Jan 26, 2017
.gitlab-ci.yml Add .gitlab-ci.yml. Nov 25, 2016
.gitreview Fix the host entry. Feb 11, 2014
.mailmap .mailmap: Update (of January and February ) Feb 7, 2017
.travis.yml travis: improve test matrix. Nov 14, 2016
AUTHORS [Automatic update for 2017-02-19] Feb 19, 2017
AUTHORS.src AUTHORS: Update record for Harald Welte Nov 7, 2016
CMakeLists.txt cmake: Add some missing SET_FEATURE_INFO Feb 21, 2017
CMakeListsCustom.txt.example Add modelines Jun 19, 2016
CMakeOptions.txt Make Libgcrypt a mandatory dependency Feb 13, 2017
COPYING Always use html2text.py for FAQ, improve output Mar 25, 2015
CPackConfig.txt cmake: add creation of version.conf to be shipped in tarball. Nov 21, 2016
ChangeLog Build 2.1.1. Jul 14, 2016
ConfigureChecks.cmake Fix the #defines for the presence of structure names. Oct 22, 2016
INSTALL Change a lot of http:// URLs to https://. Mar 10, 2015
INSTALL.configure The name configure.in has been deprecated for many years. Aug 23, 2012
Makefile.am CMake,autotools: remove unneeded files, fixes build Jan 25, 2017
Makefile.am.inc Cleanup runlex.sh to use builtin POSIX functions instead of sed Feb 15, 2017
NEWS Build 2.1.1. Jul 14, 2016
README Update the README. Aug 18, 2016
README.DECT Continue to remove $Id$ from top of file Mar 31, 2014
README.aix Continue to remove $Id$ from top of file Mar 31, 2014
README.bsd Set the minimum Qt version to 4.7. Oct 1, 2015
README.cmake cmake: install icons and .desktop files Nov 18, 2016
README.hpux Continue to remove $Id$ from top of file Mar 31, 2014
README.linux Continue to remove $Id$ from top of file Mar 31, 2014
README.macos Cleanups. Nov 17, 2015
README.vmware Continue to remove $Id$ from top of file Mar 31, 2014
README.windows Change a lot of http:// URLs to https://. Mar 10, 2015
Vagrantfile Vagrant setup fixes Jun 25, 2015
abi-descriptor.template Fix 'make dumpapi' target Nov 23, 2015
acinclude.m4 CMake,autotools: enable -Werror=implicit by default Dec 28, 2016
autogen.sh Fix typo in autogen.sh Jan 29, 2017
capinfos.c wsutil: remove leaks from filesystem and plugins code. Feb 18, 2017
capture_info.c Don't limit capture packet counts to a fixed set of protocols. Dec 22, 2015
capture_info.h Don't limit capture packet counts to a fixed set of protocols. Dec 22, 2015
capture_opts.c wiretap: add cleanup routine. Feb 14, 2017
capture_opts.h capture_opts: free memory on exit to avoid leak. Feb 2, 2017
capture_stop_conditions.c Clean up includes of unistd.h, fcntl.h, and sys/stat.h. Nov 7, 2015
capture_stop_conditions.h Add editor modelines; Adjust whitespace as needed. Oct 12, 2014
captype.c wsutil: remove leaks from filesystem and plugins code. Feb 18, 2017
cfile.c Make the capture file's interface description filterable Feb 9, 2017
cfile.h Make the capture file's interface description filterable Feb 9, 2017
cfilters Use MAC address documentation range in filter examples Aug 19, 2015
cmakeconfig.h.in Make Libgcrypt a mandatory dependency Feb 13, 2017
colorfilters Add proto_tree_add_checksum. Jul 21, 2016
conditions.c Modify includes of config.h so that out-of-tree builds, i.e. CMake Aug 24, 2014
conditions.h Always put editor-modelines at the end of the file ... Oct 14, 2014
config.guess Update to the latest config.guess and config.sub Jun 15, 2016
config.sub Update to the latest config.guess and config.sub Jun 15, 2016
configure.ac Make Libgcrypt a mandatory dependency Feb 13, 2017
dfilter_macros The UAT gui starts to work Jan 29, 2007
dfilters dfilter: Add membership operator Sep 11, 2015
dftest.c Add wtap_init to dftest. Feb 9, 2017
doxygen.cfg.in Continue to remove $Id$ from top of file Mar 31, 2014
doxygen_global.cfg Upgrade doxygen configuration (with doxyen 1.8) Apr 14, 2014
dumpcap.c capture_opts: free memory on exit to avoid leak. Feb 2, 2017
echld_test.c Fix some files to pass the pre-commit hook script. May 17, 2015
editcap.c Yell at the user less. Feb 20, 2017
extcap.c extcap: destroy hash tables on exit. Feb 3, 2017
extcap.h Include extcap binaries in the count of things to point out during st… Jan 4, 2017
extcap_parser.c Qt: Add extcap placeholder parameter Feb 2, 2017
extcap_parser.h Qt: Add extcap placeholder parameter Feb 2, 2017
extcap_spawn.c Yell at the user less. Feb 20, 2017
extcap_spawn.h extcap: Use stderr to print error message Jul 30, 2016
file.c Make the capture file's interface description filterable Feb 9, 2017
file.h Qt: Show merge progress. Jan 21, 2017
fileset.c Clean up conditional code for getting creation time. Oct 22, 2016
fileset.h Always put editor-modelines at the end of the file ... Oct 14, 2014
filter_files.c ifdef g_list_free_full it requires glib 2.28 Feb 15, 2017
filter_files.h filter_list: add cleanup function and call it on exit. Feb 10, 2017
frame_tvbuff.c Minimize allocations for frame tvbuffs and Buffers. Jul 22, 2016
frame_tvbuff.h Always put editor-modelines at the end of the file ... Oct 14, 2014
globals.h Always put editor-modelines at the end of the file ... Oct 14, 2014
ipmap.html Add wrapDateLine to support continuous longitudinal panning. Sep 29, 2012
log.h Replace tabs by spaces when editor modelines has "expandtab" Feb 13, 2015
macosx-setup.sh Change Qt setup from 5.5.0 to 5.8.0 Feb 13, 2017
make-version.pl More make-version.pl fixups. Jan 5, 2017
manuf [Automatic update for 2017-02-19] Feb 19, 2017
manuf.tmpl Merge the CaveBear list into manuf.tmpl. Aug 22, 2016
mergecap.c wiretap: add cleanup routine. Feb 14, 2017
pdml2html.xsl add link to Wireshark wiki to pdml2html.xsl Sep 18, 2016
randpkt.c wiretap: add cleanup routine. Feb 14, 2017
rawshark.c Rawshark: Try to avoid a VC runtime crash. Feb 17, 2017
register.h Remove RA_CONFIGURATION. Jan 5, 2017
reordercap.c Yell at the user less. Feb 20, 2017
ringbuffer.c More checks for localtime() and gmtime() returning NULL. Oct 22, 2016
ringbuffer.h Don't include "file.h" if you don't need it. Nov 4, 2015
services [Automatic update for 2017-02-19] Feb 19, 2017
sharkd.c wsutil: remove leaks from filesystem and plugins code. Feb 18, 2017
sharkd.h Add sharkd - daemon variant Jan 25, 2017
sharkd_daemon.c sharkd: fix a memory leak on Windows introduced in gfe06aad Feb 12, 2017
sharkd_session.c Yell at the user less. Feb 20, 2017
smi_modules remove (for now) the COPS PIBs from the list, as I have added a repro… Aug 28, 2007
summary.c Redo the block options APIs. Jul 14, 2016
summary.h Directly use wtap_opttypes calls to fetch SHB options. Jun 6, 2016
sync_pipe.h Revert "Windows: Wait for dumpcap to initialize." Apr 28, 2016
sync_pipe_write.c Windows: Remove the need for _CRT_NONSTDC_NO_DEPRECATE. Apr 13, 2016
text2pcap-scanner.l Include config.h at the very beginning of all Flex scanners. Dec 2, 2016
text2pcap.c Include <io.h> and <fcntl.h> for _setmode(). Nov 22, 2016
text2pcap.h Always put editor-modelines at the end of the file ... Oct 14, 2014
tfshark.c Yell at the user less. Feb 20, 2017
trigcap.c Add editor modelines; Adjust whitespace as needed. Oct 12, 2014
tshark.c Yell at the user less. Feb 20, 2017
vagrant_build.sh tools: permit setting BIN_DIR in the environment Jun 26, 2015
vagrant_provision.sh Qt: Initial RTP playback. Oct 2, 2015
wireshark-gtk.desktop Change "System" category to "Network" in desktop files Mar 4, 2016
wireshark-mime-package.xml Don't register Wireshark for .pfx (IPFIX) files. Jun 14, 2016
wireshark-qt.cpp wsutil: remove leaks from filesystem and plugins code. Feb 18, 2017
wireshark.appdata.xml Add an appdata entry for Wireshark. Feb 18, 2015
wireshark.desktop Register a few more file extensions as belonging to Wireshark. Jun 1, 2016
wireshark.dox Move the contents of wsar_html/core to wsar_html. Create tag files for Apr 30, 2013
wireshark.pc.in Generate better pkg-config file Jan 4, 2016
wka.tmpl Change spaces to tab for recent wka entries Dec 13, 2016
ws_diag_control.h Add clang-specific DIAG_OFF pragma May 22, 2016
ws_symbol_export.h Always put editor-modelines at the end of the file ... Oct 14, 2014
ws_version_info.c make-version: Clean up handling of VCSVERSION Oct 28, 2016
ws_version_info.h Link version code statically again Apr 21, 2016

README

General Information
-------------------

Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems.  It uses Qt, a graphical user interface
library, and libpcap, a packet capture and filtering library.

The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
files and write the packets from that capture file, possibly in a
different capture file format, and with some packets possibly removed
from the capture.

The official home of Wireshark is

    https://www.wireshark.org

The latest distribution can be found in the subdirectory

    https://www.wireshark.org/download


Installation
------------

The Wireshark project builds and tests regularly on the following platforms:

  - Linux (Ubuntu)
  - Microsoft Windows
  - macOS / OS X

Official installation packages are available for Microsoft Windows and
macOS.

It is available as either a standard or add-on package for many popular
operating sytems and Linux distributions including Debian, Ubuntu, Fedora,
CentOS, RHEL, Arch, Gentoo, openSUSE, FreeBSD, DragonFly BSD, NetBSD, and
OpenBSD.

Additionaly it is available through many third-party packaging systems
such as pkgsrc, OpenCSW, Homebrew, and MacPorts.

It should run on other Unix-ish systems without too much trouble.

In some cases the current version of Wireshark might not support your
operating system. This is the case for Windows XP, which is supported by
Wireshark 1.10 and earlier. In other cases the standard package for
Wireshark might simply be old. This is the case for Solaris and HP-UX.

NOTE: The Makefile depends on GNU "make"; it doesn't appear to
work with the "make" that comes with Solaris 7 nor the BSD "make".

Both Perl and Python are needed, the former for building the man pages.

If you decide to modify the yacc grammar or lex scanner, then
you need "flex" - it cannot be built with vanilla "lex" -
and either "bison" or the Berkeley "yacc". Your flex
version must be 2.5.1 or greater. Check this with 'flex -V'.

You must therefore install Perl, Python, GNU "make", "flex", and either "bison"
or Berkeley "yacc" on systems that lack them.

Full installation instructions can be found in the INSTALL file and in the
Developer's Guide at https://www.wireshark.org/docs/wsdg_html_chunked/

See also the appropriate README.<OS> files for OS-specific installation
instructions.

Usage
-----

In order to capture packets from the network, you need to make the
dumpcap program set-UID to root, or you need to have access to the
appropriate entry under /dev if your system is so inclined (BSD-derived
systems, and systems such as Solaris and HP-UX that support DLPI,
typically fall into this category).  Although it might be tempting to
make the Wireshark and TShark executables setuid root, or to run them as
root please don't.  The capture process has been isolated in dumpcap;
this simple program is less likely to contain security holes, and thus
safer to run as root.

Please consult the man page for a description of each command-line
option and interface feature.


Multiple File Types
-------------------

The wiretap library is a packet-capture library currently under
development parallel to wireshark.  In the future it is hoped that
wiretap will have more features than libpcap, but wiretap is still in
its infancy. However, wiretap is used in wireshark for its ability
to read multiple file types.  See the Wireshark man page or the
Wireshark User's Guide for a list of supported file formats.

In addition, it can read gzipped versions of any of those files
automatically, if you have the zlib library available when compiling
Wireshark. Wireshark needs a modern version of zlib to be able to use
zlib to read gzipped files; version 1.1.3 is known to work.  Versions
prior to 1.0.9 are missing some functions that Wireshark needs and won't
work.  "./configure" should detect if you have the proper zlib version
available and, if you don't, should disable zlib support. You can always
use "./configure --disable-zlib" to explicitly disable zlib support.

Although Wireshark can read AIX iptrace files, the documentation on
AIX's iptrace packet-trace command is sparse.  The 'iptrace' command
starts a daemon which you must kill in order to stop the trace. Through
experimentation it appears that sending a HUP signal to that iptrace
daemon causes a graceful shutdown and a complete packet is written
to the trace file. If a partial packet is saved at the end, Wireshark
will complain when reading that file, but you will be able to read all
other packets.  If this occurs, please let the Wireshark developers know
at wireshark-dev@wireshark.org, and be sure to send us a copy of that trace
file if it's small and contains non-sensitive data.

Support for Lucent/Ascend products is limited to the debug trace output
generated by the MAX and Pipline series of products.  Wireshark can read
the output of the "wandsession" "wandisplay", "wannext", and "wdd"
commands.

Wireshark can also read dump trace output from the Toshiba "Compact Router"
line of ISDN routers (TR-600 and TR-650). You can telnet to the router
and start a dump session with "snoop dump".

CoSine L2 debug output can also be read by Wireshark. To get the L2
debug output, get in the diags mode first and then use
"create-pkt-log-profile" and "apply-pkt-log-profile" commands under
layer-2 category. For more detail how to use these commands, you
should examine the help command by "layer-2 create ?" or "layer-2 apply ?".

To use the Lucent/Ascend, Toshiba and CoSine traces with Wireshark, you must
capture the trace output to a file on disk.  The trace is happening inside
the router and the router has no way of saving the trace to a file for you.
An easy way of doing this under Unix is to run "telnet <ascend> | tee <outfile>".
Or, if your system has the "script" command installed, you can save
a shell session, including telnet to a file. For example, to a file named
tracefile.out:

----
$ script tracefile.out
Script started on <date/time>
$ telnet router
..... do your trace, then exit from the router's telnet session.
$ exit
Script done on <date/time>
----


Name Resolution
---------------

Wireshark will attempt to use reverse name resolution capabilities
when decoding IPv4 and IPv6 packets.

If you want to turn off name resolution while using Wireshark, start
Wireshark with the "-n" option to turn off all name resolution (including
resolution of MAC addresses and TCP/UDP/SMTP port numbers to names), or
with the "-N mt" option to turn off name resolution for all
network-layer addresses (IPv4, IPv6, IPX).

You can make that the default setting by opening the Preferences dialog
box using the Preferences item in the Edit menu, selecting "Name
resolution", turning off the appropriate name resolution options,
clicking "Save", and clicking "OK".


SNMP
----

Wireshark can do some basic decoding of SNMP packets; it can also use
the libsmi library to do more sophisticated decoding, by reading MIB
files and using the information in those files to display OIDs and
variable binding values in a friendlier fashion.  The configure script
will automatically determine whether you have the libsmi library on
your system.  If you have the libsmi library but _do not_ want to have
Wireshark use it, you can run configure with the "--without-libsmi"
option.

How to Report a Bug
-------------------

Wireshark is under constant development, so it is possible that you will
encounter a bug while using it. Please report bugs at https://bugs.wireshark.org.
Be sure you enter into the bug:

1. The complete build information from the "About Wireshark"
   item in the Help menu or the output of "wireshark -v" for
   Wireshark bugs and the output of "tshark -v" for TShark bugs;

2. If the bug happened on Linux, the Linux distribution you were
   using, and the version of that distribution;

3. The command you used to invoke Wireshark, if you ran
   Wireshark from the command line, or TShark, if you ran
   TShark, and the sequence of operations you performed that
   caused the bug to appear.

If the bug is produced by a particular trace file, please be sure to
attach to the bug a trace file along with your bug description.  If the
trace file contains sensitive information (e.g., passwords), then please
do not send it.

If Wireshark died on you with a 'segmentation violation', 'bus error',
'abort', or other error that produces a UNIX core dump file, you can
help the developers a lot if you have a debugger installed.  A stack
trace can be obtained by using your debugger ('gdb' in this example),
the wireshark binary, and the resulting core file.  Here's an example of
how to use the gdb command 'backtrace' to do so.

----
$ gdb wireshark core
(gdb) backtrace
..... prints the stack trace
(gdb) quit
$
----

The core dump file may be named "wireshark.core" rather than "core" on
some platforms (e.g., BSD systems).  If you got a core dump with
TShark rather than Wireshark, use "tshark" as the first argument to
the debugger; the core dump may be named "tshark.core".

Disclaimer
----------

There is no warranty, expressed or implied, associated with this product.
Use at your own risk.


Gerald Combs <gerald@wireshark.org>

Gilbert Ramirez <gram@alumni.rice.edu>

Guy Harris <guy@alum.mit.edu>