source: basicnet/netutils/ethereal.xml@ ccb2449

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

  <!ENTITY ethereal-download-http "http://www.ethereal.com/distribution/ethereal-&ethereal-version;.tar.bz2">
  <!ENTITY ethereal-download-ftp  "ftp://ftp.ethereal.com/pub/ethereal/all-versions/ethereal-&ethereal-version;.tar.bz2">
  <!ENTITY ethereal-md5sum        "f9905b9d347acdc05af664a7553f7f76">
  <!ENTITY ethereal-size          "8.8 MB">
  <!ENTITY ethereal-buildsize     "331 MB">
  <!ENTITY ethereal-time          "5.4 SBU">
]>

<sect1 id="ethereal" xreflabel="Ethereal-&ethereal-version;">
  <?dbhtml filename="ethereal.html"?>

  <sect1info>
    <othername>$LastChangedBy$</othername>
    <date>$Date$</date>
    <keywordset>
      <keyword role="package">ethereal-&ethereal-version;.tar</keyword>
      <keyword role="ftpdir">ethereal</keyword>
    </keywordset>
  </sect1info>

  <title>Ethereal-&ethereal-version;</title>

  <indexterm zone="ethereal">
    <primary sortas="a-Ethereal">Ethereal</primary>
  </indexterm>

  <sect2 role="package">
    <title>Introduction to Ethereal</title>

    <para>The <application>Ethereal</application> package contains a network
    protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
    for analyzing data captured <quote>off the wire</quote> from a live network
    connection, or data read from a capture file.
    <application>Ethereal</application> provides both a graphical and TTY-mode
    front-end for examining captured network packets from over 500 protocols,
    as well as the capability to read capture files from many other popular
    network analyzers.</para>

    <bridgehead renderas="sect3">Package Information</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>Download (HTTP): <ulink url="&ethereal-download-http;"/></para>
      </listitem>
      <listitem>
        <para>Download (FTP): <ulink url="&ethereal-download-ftp;"/></para>
      </listitem>
      <listitem>
        <para>Download MD5 sum: &ethereal-md5sum;</para>
      </listitem>
      <listitem>
        <para>Download size: &ethereal-size;</para>
      </listitem>
      <listitem>
        <para>Estimated disk space required: &ethereal-buildsize;</para>
      </listitem>
      <listitem>
        <para>Estimated build time: &ethereal-time;</para>
      </listitem>
    </itemizedlist>

    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
    <itemizedlist spacing="compact"> 
      <listitem> 
        <para>Additional Documentation: <ulink
        url="http://www.ethereal.com/docs/"/></para>
      </listitem>
    </itemizedlist>

    <para>From this page you can download many different docs in a variety
    of formats.</para>

    <bridgehead renderas="sect3">Ethereal dependencies</bridgehead>

    <bridgehead renderas="sect4">Required</bridgehead>
    <para role="required"><xref linkend="GLib"/> or <xref linkend="glib2"/>
    (to build the TTY-mode front-end only)</para>

    <bridgehead renderas="sect4">Recommended</bridgehead>
    <para role="recommended"><xref linkend="libpcap"/>
    (required to capture data)</para>

    <bridgehead renderas="sect4">Optional</bridgehead>
    <para role="optional"><xref linkend="pkgconfig"/>,
    <xref linkend="GTK"/> or <xref linkend="gtk2"/>
    (to build the GUI front-end),
    <xref linkend="openssl"/>,
    <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
    <xref linkend="python"/>,
    <xref linkend="pcre"/>,
    <ulink url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
    (which needs <ulink
    url="http://www.gnupg.org/download/index.html#libgpg-error">libgpg-error</ulink>
    then <ulink
    url="http://www.gnupg.org/download/index.html#libgcrypt">libgcrypt</ulink>),
    <ulink url="http://www.net-snmp.org/">Net-SNMP</ulink>,
    <ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink>, and
    <ulink url="http://www.lua.org/">Lua</ulink></para>

    <!-- Though configure looks for all these, and the developers I'm
         sure use them, the doc sources are not included in the release
         tarball (they are in SVN, though)
    <bridgehead renderas="sect4">Optional (to build additional
    documentation)</bridgehead>
    <para role="optional"><xref linkend="doxygen"/>,
    <xref linkend="libxml"/>,
    <xref linkend="libxslt"/>, and
    <xref linkend="fop"/></para>
    -->

    <para condition="html" role="usernotes">User Notes:
    <ulink url="&blfs-wiki;/ethereal"/></para>

  </sect2>

  <sect2 role="kernel" id="ethereal-kernel">
    <title>Kernel Configuration</title>

      <para>The kernel must have the Packet protocol enabled for
      <application>Ethereal</application> to capture live packets from the
      network. Enable the Packet protocol by choosing <quote>Y</quote> in the
      <quote>Networking</quote> &ndash; <quote>Packet socket</quote>
      configuration parameter. Alternatively, build the
      <filename>af_packet.ko</filename> module by choosing <quote>M</quote> in
      this parameter.</para>

      <indexterm zone="ethereal ethereal-kernel">
        <primary sortas="d-Capturing-network-packets">Capturing network
        packets</primary>
      </indexterm>

  </sect2>

  <sect2 role="installation">
    <title>Installation of Ethereal</title>

    <para>Install <application>Ethereal</application> by running the following
    commands:</para>

<screen><userinput>./configure --prefix=/usr \
            --sysconfdir=/etc \
            --enable-threads &amp;&amp;
make</userinput></screen>

    <para>This package does not come with a test suite.</para>

    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>

<screen role="root"><userinput>make install &amp;&amp;
install -v -m644 FAQ README{,.linux} doc/README.* doc/*.{pod,txt} \
                 /usr/share/ethereal &amp;&amp;
install -v -m644 -D ethereal.desktop \
                    /usr/share/applications/ethereal.desktop &amp;&amp;
install -v -m644 -D image/elogo3d48x48.png \
                    /usr/share/pixmaps/ethereal.png &amp;&amp;
install -v -m755 -d /usr/share/pixmaps/ethereal &amp;&amp;
install -v -m644 image/*.{png,ico,xpm,bmp} \
                 /usr/share/pixmaps/ethereal</userinput></screen>

    <para>If you downloaded any of the documentation files from the page
    listed in the 'Additional Downloads', install them by issuing the following
    commands as the <systemitem class="username">root</systemitem> user:</para>

<screen role="root"><userinput>install -v -m755 -d /usr/share/doc/ethereal-&ethereal-version; &amp;&amp;
install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> /usr/share/doc/ethereal-&ethereal-version;</userinput></screen>

  </sect2>

  <sect2 role="commands">
    <title>Command Explanations</title>

    <para><parameter>--enable-threads</parameter>: This parameter enables the
    use of threads in <command>ethereal</command>.</para>

    <para><option>--with-ssl</option>: This parameter enables the use of the
    <application>OpenSSL</application>
    <filename class='libraryfile'>libcrypto</filename> library.</para>

  </sect2>

  <sect2 role="configuration">
    <title>Configuring Ethereal</title>

    <sect3 id="ethereal-config">
      <title>Config Files</title>

      <para><filename>/etc/ethereal.conf</filename> and
      <filename>~/.ethereal/preferences</filename></para>

      <indexterm zone="ethereal ethereal-config">
        <primary sortas="e-AA.ethereal-preferences">~/.ethereal/preferences</primary>
      </indexterm>

      <indexterm zone="ethereal ethereal-config">
        <primary sortas="e-etc-ethereal.conf">/etc/ethereal.conf</primary>
      </indexterm>

    </sect3>

    <sect3>
      <title>Configuration Information</title>

      <para>Though the default configuration parameters are very sane,
      reference the configuration section of the
      <ulink url="http://www.ethereal.com/docs/user-guide/">Ethereal User's
      Guide</ulink> for configuration information. Most of
      <application>Ethereal</application>'s configuration can be accomplished
      using the menu options of the <command>ethereal</command>
      graphical interface.</para>

      <note>
        <para>If you want to look at packets, make sure you don't filter
        them out with <xref linkend="iptables"/>. If you want to exclude
        certain classes of packets, it is more efficient to do it with
        <application>iptables</application> than
        <application>Ethereal</application>.</para>
      </note>

    </sect3>

  </sect2>

  <sect2 role="content">
    <title>Contents</title>

    <segmentedlist>
      <segtitle>Installed Programs</segtitle>
      <segtitle>Installed Libraries</segtitle>
      <segtitle>Installed Directories</segtitle>

      <seglistitem>
        <seg>capinfos, dftest, editcap, ethereal, idl2eth, mergecap, randpkt,
        tethereal and text2pcap</seg>
        <seg>libethereal.so, libwiretap.so and numerous dissector plugin
        modules</seg>
        <seg>/usr/lib/ethereal, /usr/share/ethereal and
        /usr/share/pixmaps/ethereal</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="capinfos">
        <term><command>capinfos</command></term>
        <listitem>
          <para>reads a saved capture file and returns any or all of several
          statistics about that file. It is able to detect and read any capture
          supported by the <application>Ethereal</application> package.</para>
          <indexterm zone="ethereal capinfos">
            <primary sortas="b-capinfos">capinfos</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="dftest">
        <term><command>dftest</command></term>
        <listitem>
          <para>is a display-filter-compiler test program.</para>
          <indexterm zone="ethereal dftest">
            <primary sortas="b-dftest">dftest</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="editcap">
        <term><command>editcap</command></term>
        <listitem>
          <para>edits and/or translates the format of capture files. It knows
          how to read <application>libpcap</application> capture files,
          including those of <command>tcpdump</command>,
          <application>Ethereal</application> and other tools that write
          captures in that format.</para>
          <indexterm zone="ethereal editcap">
            <primary sortas="b-editcap">editcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="ethereal-prog">
        <term><command>ethereal</command></term>
        <listitem>
          <para>is a GUI network protocol analyzer. It lets you interactively
          browse packet data from a live network or from a previously
          saved capture file.</para>
          <indexterm zone="ethereal ethereal-prog">
            <primary sortas="b-ethereal">ethereal</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="idl2eth">
        <term><command>idl2eth</command></term>
        <listitem>
          <para>takes a user specified CORBA
          IDL file and generates <quote>C</quote> source code that
          can be used to create an <application>Ethereal</application>
          plugin.</para>
          <indexterm zone="ethereal idl2eth">
            <primary sortas="b-idl2eth">idl2eth</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="mergecap">
        <term><command>mergecap</command></term>
        <listitem>
          <para>combines multiple saved capture files into a single output
          file.</para>
          <indexterm zone="ethereal mergecap">
            <primary sortas="b-mergecap">mergecap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="randpkt">
        <term><command>randpkt</command></term>
        <listitem>
          <para>creates random-packet capture files.</para>
          <indexterm zone="ethereal randpkt">
            <primary sortas="b-randpkt">randpkt</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="tethereal">
        <term><command>tethereal</command></term>
        <listitem>
          <para>is a TTY-mode network protocol analyzer. It lets you capture
          packet data from a live network or read packets from a
          previously saved capture file.</para>
          <indexterm zone="ethereal tethereal">
            <primary sortas="b-tethereal">tethereal</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="text2pcap">
        <term><command>text2pcap</command></term>
        <listitem>
          <para>reads in an ASCII hex dump and writes the
          data described into a <application>libpcap</application>-style
          capture file.</para>
          <indexterm zone="ethereal text2pcap">
            <primary sortas="b-text2pcap">text2pcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="libethereal">
        <term><filename class='libraryfile'>libethereal.so</filename></term>
        <listitem>
          <para>contains functions used by the
          <application>Ethereal</application> programs to perform filtering and
          packet capturing.</para>
          <indexterm zone="ethereal libethereal">
            <primary sortas="c-libethereal">libethereal.so</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="libwiretap">
        <term><filename class='libraryfile'>libwiretap.so</filename></term>
        <listitem>
          <para>is a library being developed as a future replacement for
          <filename class='libraryfile'>libpcap</filename>, the current
          standard Unix library for packet capturing. For more information,
          see the <filename>README</filename> file in the source
          <filename class='directory'>wiretap</filename> directory.</para>
          <indexterm zone="ethereal libwiretap">
            <primary sortas="c-libwiretap">libwiretap.so</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>