source: basicnet/netutils/ethereal.xml@ 1a3dd316

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
   "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

  <!ENTITY ethereal-download-http "http://www.ethereal.com/distribution/ethereal-&ethereal-version;.tar.bz2">
  <!ENTITY ethereal-download-ftp  "ftp://ftp.ethereal.com/pub/ethereal/all-versions/ethereal-&ethereal-version;.tar.bz2">
  <!ENTITY ethereal-md5sum        "722a2529c3a19b5b81c825bca444baea">
  <!ENTITY ethereal-size          "5.0 MB">
  <!ENTITY ethereal-buildsize     "172 MB">
  <!ENTITY ethereal-time          "3.09 SBU">
]>

<sect1 id="ethereal" xreflabel="Ethereal-&ethereal-version;">
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<?dbhtml filename="ethereal.html"?>
<title>Ethereal-&ethereal-version;</title>

<sect2>
<title>Introduction to <application>Ethereal</application></title>

<para>The <application>Ethereal</application> package contains a network 
protocol analyzer, also known as a <quote>sniffer</quote>. This is useful for 
analyzing data captured <quote>off the wire</quote> from a live network 
connection, or data read from a capture file. 
<application>Ethereal</application> provides both <acronym>GUI</acronym> and 
<acronym>TTY</acronym>-mode programs for examining captured network packets 
from over 500 protocols, as well as the capability to read capture files from 
many other popular network analyzers.</para>

<sect3><title>Package information</title>
<itemizedlist spacing="compact">
<listitem><para>Download (HTTP): 
<ulink url="&ethereal-download-http;"/></para></listitem>
<listitem><para>Download (FTP): 
<ulink url="&ethereal-download-ftp;"/></para></listitem>
<listitem><para>MD5 Sum: &ethereal-md5sum;</para></listitem>
<listitem><para>Download size: &ethereal-size;</para></listitem>
<listitem><para>Estimated Disk space required: 
&ethereal-buildsize;</para></listitem>
<listitem><para>Estimated build time: 
&ethereal-time;</para></listitem></itemizedlist>
</sect3>

<sect3><title><application>Ethereal</application> dependencies</title>
<sect4><title>Recommended</title>
<para><xref linkend="libpcap"/> (required to capture data)</para>
</sect4>

<sect4><title>Optional</title>
<para><xref linkend="pkgconfig"/>, 
<xref linkend="GTK"/> or <xref linkend="GTK2"/> (to build the 
<acronym>GUI</acronym> front-end), 
<xref linkend="GLib"/> or <xref linkend="GLib2"/> (to build the 
<acronym>TTY</acronym>-mode front-end only), 
<xref linkend="openssl"/>, 
<xref linkend="heimdal"/> or <xref linkend="mitkrb"/>, 
<xref linkend="Python"/>, 
<xref linkend="pcre"/>, 
<ulink url="http://www.net-snmp.org/">Net-SNMP</ulink>, 
<ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink> and 
<ulink url="http://www.stack.nl/~dimitri/doxygen/">doxygen</ulink></para>
</sect4>

</sect3>

</sect2>

<sect2>
<title>Installation of <application>Ethereal</application></title>

<para>Install <application>Ethereal</application> by running the following 
commands:</para>

<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \
    --enable-randpkt --enable-threads &amp;&amp;
make &amp;&amp;
make install</command></userinput></screen>

</sect2>

<sect2>
<title>Command explanations</title>

<para><option>--enable-randpkt</option>: Adding this parameter will 
build the random capture program.</para>

<para><option>--enable-threads</option>: Adding this parameter enables the use 
of threads in <command>ethereal</command>.</para>

</sect2>

<sect2>
<title>Configuring <application>Ethereal</application></title>

<sect3><title>Config files</title>
<para><filename>/etc/ethereal.conf</filename> and 
<filename>~/.ethereal/preferences</filename></para>
</sect3>

<sect3><title>Configuration Information</title>
<sect4><title>Package configuration</title>
<para>Though the default configuration parameters are very sane, 
reference the configuration section of the 
<ulink url="http://www.ethereal.com/docs/user-guide/">Ethereal User's 
Guide</ulink> for configuration information. Most of 
<application>Ethereal</application>'s configuration can be accomplished 
using the menu options of the <command>ethereal</command> 
<acronym>GUI</acronym> interface.</para>
</sect4>

<sect4><title>Kernel configuration</title>
<para>The kernel must have the Packet protocol enabled for 
<application>Ethereal</application> to capture live packets from the network. 
Enable the Packet protocol by choosing <quote>Y</quote> in the 
<quote>Device Drivers</quote> &ndash; <quote>Networking support</quote> 
&ndash; <quote>Networking options</quote> &ndash; <quote>Packet socket</quote> 
configuration parameter. Alternatively, build the af_packet module by choosing 
<quote>M</quote> in this parameter.</para>

<para>If you plan on filtering captured packets (to eliminate them from being 
captured), a substantial performance increase can be acheived by letting the 
kernel do the filtering. Kernel filtering results in desired packets being 
dropped before being handed to userspace programs. To enable kernel filtering, 
you must enable the <quote>Network packet filtering</quote> and 
<quote><acronym>IP</acronym> tables support</quote> options in the 
<quote>Device Drivers</quote> &ndash; <quote>Networking support</quote> &ndash; 
<quote>Network packet filtering</quote> section. In addition, you'll need to
install and configure <xref linkend="postlfs-security-iptables"/>.</para>
</sect4>

</sect3>

</sect2>

<sect2>
<title>Contents</title>

<para>The <application>Ethereal</application> package contains 
<command>capinfo</command>, 
<command>dftest</command>, 
<command>editcap</command>, 
<command>ethereal</command>, 
<command>idl2eth</command>, 
<command>mergecap</command>, 
<command>randpkt</command>, 
<command>tethereal</command>, 
<command>text2pcap</command>, 
<filename class='libraryfile'>libethereal</filename>, 
<filename class='libraryfile'>libwiretap</filename> and 
many dissector plugin modules.</para>

</sect2>

<sect2><title>Description</title>

<sect3><title>capinfo</title>
<para><command>capinfo</command> reads a saved capture file and returns any or 
all of several statistics about that file. It is able to detect and read any 
capture supported by the <application>Ethereal</application> package.</para>
</sect3>

<sect3><title>dftest</title>
<para><command>dftest</command> is a display-filter-compiler test 
program.</para>
</sect3>

<sect3><title>editcap</title>
<para><command>editcap</command> edits and/or translates the format of capture 
files. It knows how to read <application>libpcap</application> capture files, 
including those of <command>tcpdump</command>, 
<application>Ethereal</application> and other tools that write captures in that 
format.</para>
</sect3>

<sect3><title>ethereal</title>
<para><command>ethereal</command> is a <acronym>GUI</acronym> network protocol 
analyzer. It lets you interactively browse packet data from a live network or 
from a previously saved capture file.</para>
</sect3>

<sect3><title>idl2eth</title>
<para><command>idl2eth</command> takes a user specified 
<acronym>CORBA</acronym> <acronym>IDL</acronym> file and generates 
<quote>C</quote> source code that can be used to create an 
<application>Ethereal</application> plugin.</para>
</sect3>

<sect3><title>mergecap</title>
<para><command>mergecap</command> combines multiple saved capture files into a 
single output file.</para>
</sect3>

<sect3><title>randpkt</title>
<para><command>randpkt</command> creates random-packet capture files.</para>
</sect3>

<sect3><title>tethereal</title>
<para><command>tethereal</command> is a <acronym>TTY</acronym>-mode network 
protocol analyzer. It lets you capture packet data from a live network or
read packets from a previously saved capture file.</para>
</sect3>

<sect3><title>text2pcap</title>
<para><command>text2pcap</command> reads in an <acronym>ASCII</acronym> hex 
dump and writes the data described into a 
<application>libpcap</application>-style capture file.</para>
</sect3>

</sect2>

</sect1>