From a9918e475983e2b808ce74b1688032cd0d34af71 Mon Sep 17 00:00:00 2001
From: Matthias Cramer <cramer@freestone.net>
Date: Fri, 21 Mar 2025 08:02:38 +0100
Subject: [PATCH] Copyright and Wireshark

---
 LICENSE   | 2 +-
 README.md | 9 +++++++--
 main.c    | 6 ++++++
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/LICENSE b/LICENSE
index f678f41..79e5214 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 BSD 3-Clause License
 
-Copyright (c) 2025, Matthias Cramer
+Copyright (c) 2025, Matthias Cramer, cramer@freestone.net
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
diff --git a/README.md b/README.md
index ed07243..bae57be 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,5 @@
 # pcapmirror
-
-pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the `libpcap` library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.
+pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using [TZSP encapsulation](https://en.wikipedia.org/wiki/TZSP). It leverages the `libpcap` library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.
 
 ## Usage
 
@@ -26,6 +25,12 @@ sudo pcapmirror -i eth0 -f "tcp port 80" -r 192.168.1.100 -p 47008 -v
 ```
 *Note*: Running pcapmirror typically requires root privileges due to the use of libpcap for capturing network traffic.
 
+## Usage with wireshark
+
+With this tool, you can mirror traffic directly to a running [Wireshark](https://www.wireshark.org/).
+
+To avoid capturing traffic from your own monitoring machine, configure Wireshark with a capture filter of udp port 37008 or udp dst port 37008. Also, verify that your firewall permits this UDP traffic.
+
 ## Compile and Install
 
 Compile the program:
diff --git a/main.c b/main.c
index fe57f15..99abc67 100644
--- a/main.c
+++ b/main.c
@@ -1,3 +1,9 @@
+/*
+pcapmirror - A simple packet mirroring tool using libpcap
+
+Copyright (c) 2025, Matthias Cramer, cramer@freestone.net
+*/
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <pcap.h>