[1a3dd316] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[1a3dd316] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[894de226] | 7 | <!ENTITY wireshark-download-http "http://www.wireshark.org/download/src/wireshark-&wireshark-version;.tar.bz2">
|
---|
| 8 | <!ENTITY wireshark-download-ftp "ftp://ftp.uni-kl.de/pub/wireshark/src/wireshark-&wireshark-version;.tar.bz2">
|
---|
| 9 | <!ENTITY wireshark-md5sum "e57a8c8b364c38df3da97e2ee9f0d0bc">
|
---|
| 10 | <!ENTITY wireshark-size "11.8 MB">
|
---|
| 11 | <!ENTITY wireshark-buildsize "449 MB">
|
---|
| 12 | <!ENTITY wireshark-time "6.4 SBU">
|
---|
[1a3dd316] | 13 | ]>
|
---|
| 14 |
|
---|
[894de226] | 15 | <sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
|
---|
| 16 | <?dbhtml filename="wireshark.html"?>
|
---|
[50b8d8b] | 17 |
|
---|
[13659efc] | 18 | <sect1info>
|
---|
| 19 | <othername>$LastChangedBy$</othername>
|
---|
| 20 | <date>$Date$</date>
|
---|
| 21 | </sect1info>
|
---|
[50b8d8b] | 22 |
|
---|
[894de226] | 23 | <title>Wireshark-&wireshark-version;</title>
|
---|
[50b8d8b] | 24 |
|
---|
[894de226] | 25 | <indexterm zone="wireshark">
|
---|
| 26 | <primary sortas="a-Wireshark">Wireshark</primary>
|
---|
[13659efc] | 27 | </indexterm>
|
---|
| 28 |
|
---|
| 29 | <sect2 role="package">
|
---|
[894de226] | 30 | <title>Introduction to Wireshark</title>
|
---|
[13659efc] | 31 |
|
---|
[894de226] | 32 | <para>The <application>Wireshark</application> package contains a network
|
---|
[1065a91] | 33 | protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
|
---|
| 34 | for analyzing data captured <quote>off the wire</quote> from a live network
|
---|
| 35 | connection, or data read from a capture file.
|
---|
[894de226] | 36 | <application>Wireshark</application> provides both a graphical and TTY-mode
|
---|
[c3ee07c] | 37 | front-end for examining captured network packets from over 500 protocols,
|
---|
| 38 | as well as the capability to read capture files from many other popular
|
---|
| 39 | network analyzers.</para>
|
---|
[50b8d8b] | 40 |
|
---|
[13659efc] | 41 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 42 | <itemizedlist spacing="compact">
|
---|
| 43 | <listitem>
|
---|
[894de226] | 44 | <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
|
---|
[13659efc] | 45 | </listitem>
|
---|
| 46 | <listitem>
|
---|
[894de226] | 47 | <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
|
---|
[13659efc] | 48 | </listitem>
|
---|
| 49 | <listitem>
|
---|
[894de226] | 50 | <para>Download MD5 sum: &wireshark-md5sum;</para>
|
---|
[13659efc] | 51 | </listitem>
|
---|
| 52 | <listitem>
|
---|
[894de226] | 53 | <para>Download size: &wireshark-size;</para>
|
---|
[13659efc] | 54 | </listitem>
|
---|
| 55 | <listitem>
|
---|
[894de226] | 56 | <para>Estimated disk space required: &wireshark-buildsize;</para>
|
---|
[13659efc] | 57 | </listitem>
|
---|
| 58 | <listitem>
|
---|
[894de226] | 59 | <para>Estimated build time: &wireshark-time;</para>
|
---|
[2174baa] | 60 | </listitem>
|
---|
[13659efc] | 61 | </itemizedlist>
|
---|
[50b8d8b] | 62 |
|
---|
[3932f297] | 63 | <bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
---|
[9f12e36] | 64 | <itemizedlist spacing="compact">
|
---|
| 65 | <listitem>
|
---|
[3932f297] | 66 | <para>Additional Documentation: <ulink
|
---|
[894de226] | 67 | url="http://www.wireshark.org/docs/"/></para>
|
---|
[3932f297] | 68 | </listitem>
|
---|
| 69 | </itemizedlist>
|
---|
| 70 |
|
---|
| 71 | <para>From this page you can download many different docs in a variety
|
---|
| 72 | of formats.</para>
|
---|
| 73 |
|
---|
[894de226] | 74 | <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
|
---|
[50b8d8b] | 75 |
|
---|
[13659efc] | 76 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
[5de2721] | 77 | <para role="required"><xref linkend="GLib"/> or <xref linkend="glib2"/>
|
---|
| 78 | (to build the TTY-mode front-end only)</para>
|
---|
[50b8d8b] | 79 |
|
---|
[894de226] | 80 | <para>Note that if you don't have <application>Gtk+</application>
|
---|
| 81 | installed, you will need to pass <option>--disable-wireshark</option>
|
---|
| 82 | to the <command>configure</command> command.</para>
|
---|
| 83 |
|
---|
[13659efc] | 84 | <bridgehead renderas="sect4">Recommended</bridgehead>
|
---|
[5de2721] | 85 | <para role="recommended"><xref linkend="libpcap"/>
|
---|
| 86 | (required to capture data)</para>
|
---|
[50b8d8b] | 87 |
|
---|
[13659efc] | 88 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[4dbbf634] | 89 | <para role="optional"><xref linkend="pkgconfig"/>,
|
---|
[5de2721] | 90 | <xref linkend="GTK"/> or <xref linkend="gtk2"/>
|
---|
| 91 | (to build the GUI front-end),
|
---|
[1065a91] | 92 | <xref linkend="openssl"/>,
|
---|
| 93 | <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
|
---|
| 94 | <xref linkend="python"/>,
|
---|
| 95 | <xref linkend="pcre"/>,
|
---|
[3932f297] | 96 | <ulink url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
|
---|
| 97 | (which needs <ulink
|
---|
| 98 | url="http://www.gnupg.org/download/index.html#libgpg-error">libgpg-error</ulink>
|
---|
| 99 | then <ulink
|
---|
| 100 | url="http://www.gnupg.org/download/index.html#libgcrypt">libgcrypt</ulink>),
|
---|
| 101 | <ulink url="http://www.net-snmp.org/">Net-SNMP</ulink>,
|
---|
| 102 | <ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink>, and
|
---|
| 103 | <ulink url="http://www.lua.org/">Lua</ulink></para>
|
---|
| 104 |
|
---|
| 105 | <!-- Though configure looks for all these, and the developers I'm
|
---|
| 106 | sure use them, the doc sources are not included in the release
|
---|
| 107 | tarball (they are in SVN, though)
|
---|
[1065a91] | 108 | <bridgehead renderas="sect4">Optional (to build additional
|
---|
[28d83dbc] | 109 | documentation)</bridgehead>
|
---|
[4dbbf634] | 110 | <para role="optional"><xref linkend="doxygen"/>,
|
---|
[1065a91] | 111 | <xref linkend="libxml"/>,
|
---|
[5de2721] | 112 | <xref linkend="libxslt"/>, and
|
---|
[28d83dbc] | 113 | <xref linkend="fop"/></para>
|
---|
[3932f297] | 114 | -->
|
---|
[28d83dbc] | 115 |
|
---|
[061ec9d] | 116 | <para condition="html" role="usernotes">User Notes:
|
---|
[894de226] | 117 | <ulink url="&blfs-wiki;/wireshark"/></para>
|
---|
[061ec9d] | 118 |
|
---|
[13659efc] | 119 | </sect2>
|
---|
[50b8d8b] | 120 |
|
---|
[894de226] | 121 | <sect2 role="kernel" id="wireshark-kernel">
|
---|
[13659efc] | 122 | <title>Kernel Configuration</title>
|
---|
[50b8d8b] | 123 |
|
---|
[1065a91] | 124 | <para>The kernel must have the Packet protocol enabled for
|
---|
[894de226] | 125 | <application>Wireshark</application> to capture live packets from the
|
---|
[1065a91] | 126 | network. Enable the Packet protocol by choosing <quote>Y</quote> in the
|
---|
[3932f297] | 127 | <quote>Networking</quote> – <quote>Packet socket</quote>
|
---|
| 128 | configuration parameter. Alternatively, build the
|
---|
| 129 | <filename>af_packet.ko</filename> module by choosing <quote>M</quote> in
|
---|
| 130 | this parameter.</para>
|
---|
[50b8d8b] | 131 |
|
---|
[894de226] | 132 | <indexterm zone="wireshark wireshark-kernel">
|
---|
[1065a91] | 133 | <primary sortas="d-Capturing-network-packets">Capturing network
|
---|
[13659efc] | 134 | packets</primary>
|
---|
| 135 | </indexterm>
|
---|
[50b8d8b] | 136 |
|
---|
[13659efc] | 137 | </sect2>
|
---|
[50b8d8b] | 138 |
|
---|
[13659efc] | 139 | <sect2 role="installation">
|
---|
[894de226] | 140 | <title>Installation of Wireshark</title>
|
---|
[13659efc] | 141 |
|
---|
[894de226] | 142 | <para>Install <application>Wireshark</application> by running the following
|
---|
[13659efc] | 143 | commands:</para>
|
---|
| 144 |
|
---|
[3932f297] | 145 | <screen><userinput>./configure --prefix=/usr \
|
---|
| 146 | --sysconfdir=/etc \
|
---|
| 147 | --enable-threads &&
|
---|
[13659efc] | 148 | make</userinput></screen>
|
---|
[28d83dbc] | 149 |
|
---|
| 150 | <para>This package does not come with a test suite.</para>
|
---|
[50b8d8b] | 151 |
|
---|
[13659efc] | 152 | <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
|
---|
[50b8d8b] | 153 |
|
---|
[28d83dbc] | 154 | <screen role="root"><userinput>make install &&
|
---|
[894de226] | 155 |
|
---|
| 156 | install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
| 157 | install -v -m644 FAQ README{,.linux} doc/README.* doc/*.{pod,txt} \
|
---|
| 158 | /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
| 159 | pushd /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
| 160 | for FILENAME in ../../wireshark/*.html; do \
|
---|
| 161 | ln -s -v $FILENAME .
|
---|
| 162 | done &&
|
---|
| 163 | popd &&
|
---|
| 164 |
|
---|
| 165 | install -v -m644 -D wireshark.desktop \
|
---|
| 166 | /usr/share/applications/wireshark.desktop &&
|
---|
| 167 | install -v -m644 -D image/wsicon48.png \
|
---|
| 168 | /usr/share/pixmaps/wireshark.png &&
|
---|
| 169 | install -v -m755 -d /usr/share/pixmaps/wireshark &&
|
---|
[3932f297] | 170 | install -v -m644 image/*.{png,ico,xpm,bmp} \
|
---|
[894de226] | 171 | /usr/share/pixmaps/wireshark</userinput></screen>
|
---|
[3932f297] | 172 |
|
---|
| 173 | <para>If you downloaded any of the documentation files from the page
|
---|
| 174 | listed in the 'Additional Downloads', install them by issuing the following
|
---|
| 175 | commands as the <systemitem class="username">root</systemitem> user:</para>
|
---|
| 176 |
|
---|
[894de226] | 177 | <screen role="root"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
|
---|
[50b8d8b] | 178 |
|
---|
[13659efc] | 179 | </sect2>
|
---|
[50b8d8b] | 180 |
|
---|
[13659efc] | 181 | <sect2 role="commands">
|
---|
| 182 | <title>Command Explanations</title>
|
---|
[50b8d8b] | 183 |
|
---|
[1065a91] | 184 | <para><parameter>--enable-threads</parameter>: This parameter enables the
|
---|
[894de226] | 185 | use of threads in <command>wireshark</command>.</para>
|
---|
[50b8d8b] | 186 |
|
---|
[894de226] | 187 | <para><option>--with-ssl</option>: This parameter is required if you
|
---|
| 188 | are linking Kerberos libraries into the build so that the
|
---|
[50b8d8b] | 189 | <application>OpenSSL</application>
|
---|
[894de226] | 190 | <filename class='libraryfile'>libcrypto</filename> library is found.</para>
|
---|
[50b8d8b] | 191 |
|
---|
[13659efc] | 192 | </sect2>
|
---|
[50b8d8b] | 193 |
|
---|
[13659efc] | 194 | <sect2 role="configuration">
|
---|
[894de226] | 195 | <title>Configuring Wireshark</title>
|
---|
[13659efc] | 196 |
|
---|
[894de226] | 197 | <sect3 id="wireshark-config">
|
---|
[13659efc] | 198 | <title>Config Files</title>
|
---|
[50b8d8b] | 199 |
|
---|
[894de226] | 200 | <para><filename>/etc/wireshark.conf</filename> and
|
---|
| 201 | <filename>~/.wireshark/*</filename></para>
|
---|
[50b8d8b] | 202 |
|
---|
[894de226] | 203 | <indexterm zone="wireshark wireshark-config">
|
---|
| 204 | <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
|
---|
[13659efc] | 205 | </indexterm>
|
---|
[50b8d8b] | 206 |
|
---|
[894de226] | 207 | <indexterm zone="wireshark wireshark-config">
|
---|
| 208 | <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
|
---|
[13659efc] | 209 | </indexterm>
|
---|
[50b8d8b] | 210 |
|
---|
[13659efc] | 211 | </sect3>
|
---|
[50b8d8b] | 212 |
|
---|
[13659efc] | 213 | <sect3>
|
---|
| 214 | <title>Configuration Information</title>
|
---|
[50b8d8b] | 215 |
|
---|
[1065a91] | 216 | <para>Though the default configuration parameters are very sane,
|
---|
| 217 | reference the configuration section of the
|
---|
[894de226] | 218 | <ulink url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
|
---|
[1065a91] | 219 | Guide</ulink> for configuration information. Most of
|
---|
[894de226] | 220 | <application>Wireshark</application>'s configuration can be accomplished
|
---|
| 221 | using the menu options of the <command>wireshark</command>
|
---|
[c3ee07c] | 222 | graphical interface.</para>
|
---|
[50b8d8b] | 223 |
|
---|
[13659efc] | 224 | <note>
|
---|
[1065a91] | 225 | <para>If you want to look at packets, make sure you don't filter
|
---|
| 226 | them out with <xref linkend="iptables"/>. If you want to exclude
|
---|
| 227 | certain classes of packets, it is more efficient to do it with
|
---|
[894de226] | 228 | <application>iptables</application> than it is with
|
---|
| 229 | <application>Wireshark</application>.</para>
|
---|
[13659efc] | 230 | </note>
|
---|
[50b8d8b] | 231 |
|
---|
[13659efc] | 232 | </sect3>
|
---|
[50b8d8b] | 233 |
|
---|
[13659efc] | 234 | </sect2>
|
---|
[50b8d8b] | 235 |
|
---|
[13659efc] | 236 | <sect2 role="content">
|
---|
| 237 | <title>Contents</title>
|
---|
| 238 |
|
---|
| 239 | <segmentedlist>
|
---|
| 240 | <segtitle>Installed Programs</segtitle>
|
---|
| 241 | <segtitle>Installed Libraries</segtitle>
|
---|
| 242 | <segtitle>Installed Directories</segtitle>
|
---|
[50b8d8b] | 243 |
|
---|
[13659efc] | 244 | <seglistitem>
|
---|
[894de226] | 245 | <seg>capinfos, dftest, dumpcap, editcap, idl2wrs, mergecap, randpkt,
|
---|
| 246 | text2pcap, tshark and wireshark</seg>
|
---|
| 247 | <seg>libwireshark.so, libwiretap.so and numerous dissector plugin
|
---|
[28d83dbc] | 248 | modules</seg>
|
---|
[894de226] | 249 | <seg>/usr/lib/wireshark, /usr/share/doc/wireshark-&wireshark-version;,
|
---|
| 250 | /usr/share/pixmaps/wireshark and /usr/share/wireshark</seg>
|
---|
[13659efc] | 251 | </seglistitem>
|
---|
| 252 | </segmentedlist>
|
---|
[50b8d8b] | 253 |
|
---|
[13659efc] | 254 | <variablelist>
|
---|
| 255 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 256 | <?dbfo list-presentation="list"?>
|
---|
| 257 | <?dbhtml list-presentation="table"?>
|
---|
[50b8d8b] | 258 |
|
---|
[13659efc] | 259 | <varlistentry id="capinfos">
|
---|
| 260 | <term><command>capinfos</command></term>
|
---|
| 261 | <listitem>
|
---|
[1065a91] | 262 | <para>reads a saved capture file and returns any or all of several
|
---|
| 263 | statistics about that file. It is able to detect and read any capture
|
---|
[894de226] | 264 | supported by the <application>Wireshark</application> package.</para>
|
---|
| 265 | <indexterm zone="wireshark capinfos">
|
---|
[13659efc] | 266 | <primary sortas="b-capinfos">capinfos</primary>
|
---|
| 267 | </indexterm>
|
---|
| 268 | </listitem>
|
---|
| 269 | </varlistentry>
|
---|
[50b8d8b] | 270 |
|
---|
[13659efc] | 271 | <varlistentry id="dftest">
|
---|
| 272 | <term><command>dftest</command></term>
|
---|
| 273 | <listitem>
|
---|
| 274 | <para>is a display-filter-compiler test program.</para>
|
---|
[894de226] | 275 | <indexterm zone="wireshark dftest">
|
---|
[13659efc] | 276 | <primary sortas="b-dftest">dftest</primary>
|
---|
| 277 | </indexterm>
|
---|
| 278 | </listitem>
|
---|
| 279 | </varlistentry>
|
---|
[50b8d8b] | 280 |
|
---|
[894de226] | 281 | <varlistentry id="dumpcap">
|
---|
| 282 | <term><command>dumpcap</command></term>
|
---|
| 283 | <listitem>
|
---|
| 284 | <para>is a network traffic dump tool. It lets you capture packet data
|
---|
| 285 | from a live network and write the packets to a file.</para>
|
---|
| 286 | <indexterm zone="wireshark dumpcap">
|
---|
| 287 | <primary sortas="b-dumpcap">dumpcap</primary>
|
---|
| 288 | </indexterm>
|
---|
| 289 | </listitem>
|
---|
| 290 | </varlistentry>
|
---|
| 291 |
|
---|
[13659efc] | 292 | <varlistentry id="editcap">
|
---|
| 293 | <term><command>editcap</command></term>
|
---|
| 294 | <listitem>
|
---|
[1065a91] | 295 | <para>edits and/or translates the format of capture files. It knows
|
---|
| 296 | how to read <application>libpcap</application> capture files,
|
---|
| 297 | including those of <command>tcpdump</command>,
|
---|
[894de226] | 298 | <application>Wireshark</application> and other tools that write
|
---|
[28d83dbc] | 299 | captures in that format.</para>
|
---|
[894de226] | 300 | <indexterm zone="wireshark editcap">
|
---|
[13659efc] | 301 | <primary sortas="b-editcap">editcap</primary>
|
---|
| 302 | </indexterm>
|
---|
| 303 | </listitem>
|
---|
| 304 | </varlistentry>
|
---|
[50b8d8b] | 305 |
|
---|
[894de226] | 306 | <varlistentry id="idl2wrs">
|
---|
| 307 | <term><command>idl2wrs</command></term>
|
---|
[13659efc] | 308 | <listitem>
|
---|
[1065a91] | 309 | <para>takes a user specified CORBA
|
---|
| 310 | IDL file and generates <quote>C</quote> source code that
|
---|
[894de226] | 311 | can be used to create an <application>Wireshark</application>
|
---|
[28d83dbc] | 312 | plugin.</para>
|
---|
[894de226] | 313 | <indexterm zone="wireshark idl2wrs">
|
---|
| 314 | <primary sortas="b-idl2wrs">idl2wrs</primary>
|
---|
[13659efc] | 315 | </indexterm>
|
---|
| 316 | </listitem>
|
---|
| 317 | </varlistentry>
|
---|
[50b8d8b] | 318 |
|
---|
[13659efc] | 319 | <varlistentry id="mergecap">
|
---|
| 320 | <term><command>mergecap</command></term>
|
---|
| 321 | <listitem>
|
---|
[1065a91] | 322 | <para>combines multiple saved capture files into a single output
|
---|
[13659efc] | 323 | file.</para>
|
---|
[894de226] | 324 | <indexterm zone="wireshark mergecap">
|
---|
[13659efc] | 325 | <primary sortas="b-mergecap">mergecap</primary>
|
---|
| 326 | </indexterm>
|
---|
| 327 | </listitem>
|
---|
| 328 | </varlistentry>
|
---|
[50b8d8b] | 329 |
|
---|
[13659efc] | 330 | <varlistentry id="randpkt">
|
---|
| 331 | <term><command>randpkt</command></term>
|
---|
| 332 | <listitem>
|
---|
| 333 | <para>creates random-packet capture files.</para>
|
---|
[894de226] | 334 | <indexterm zone="wireshark randpkt">
|
---|
[13659efc] | 335 | <primary sortas="b-randpkt">randpkt</primary>
|
---|
| 336 | </indexterm>
|
---|
| 337 | </listitem>
|
---|
| 338 | </varlistentry>
|
---|
[50b8d8b] | 339 |
|
---|
[894de226] | 340 | <varlistentry id="text2pcap">
|
---|
| 341 | <term><command>text2pcap</command></term>
|
---|
| 342 | <listitem>
|
---|
| 343 | <para>reads in an ASCII hex dump and writes the
|
---|
| 344 | data described into a <application>libpcap</application>-style
|
---|
| 345 | capture file.</para>
|
---|
| 346 | <indexterm zone="wireshark text2pcap">
|
---|
| 347 | <primary sortas="b-text2pcap">text2pcap</primary>
|
---|
| 348 | </indexterm>
|
---|
| 349 | </listitem>
|
---|
| 350 | </varlistentry>
|
---|
| 351 |
|
---|
| 352 | <varlistentry id="tshark">
|
---|
| 353 | <term><command>tshark</command></term>
|
---|
[13659efc] | 354 | <listitem>
|
---|
[1065a91] | 355 | <para>is a TTY-mode network protocol analyzer. It lets you capture
|
---|
| 356 | packet data from a live network or read packets from a
|
---|
[13659efc] | 357 | previously saved capture file.</para>
|
---|
[894de226] | 358 | <indexterm zone="wireshark tshark">
|
---|
| 359 | <primary sortas="b-tshark">tshark</primary>
|
---|
[13659efc] | 360 | </indexterm>
|
---|
| 361 | </listitem>
|
---|
| 362 | </varlistentry>
|
---|
[50b8d8b] | 363 |
|
---|
[894de226] | 364 | <varlistentry id="wireshark-prog">
|
---|
| 365 | <term><command>wireshark</command></term>
|
---|
[13659efc] | 366 | <listitem>
|
---|
[894de226] | 367 | <para>is a GUI network protocol analyzer. It lets you interactively
|
---|
| 368 | browse packet data from a live network or from a previously
|
---|
| 369 | saved capture file.</para>
|
---|
| 370 | <indexterm zone="wireshark wireshark-prog">
|
---|
| 371 | <primary sortas="b-wireshark">wireshark</primary>
|
---|
[13659efc] | 372 | </indexterm>
|
---|
| 373 | </listitem>
|
---|
| 374 | </varlistentry>
|
---|
[50b8d8b] | 375 |
|
---|
[894de226] | 376 | <varlistentry id="libwireshark">
|
---|
| 377 | <term><filename class='libraryfile'>libwireshark.so</filename></term>
|
---|
[13659efc] | 378 | <listitem>
|
---|
[1065a91] | 379 | <para>contains functions used by the
|
---|
[894de226] | 380 | <application>Wireshark</application> programs to perform filtering and
|
---|
[13659efc] | 381 | packet capturing.</para>
|
---|
[894de226] | 382 | <indexterm zone="wireshark libwireshark">
|
---|
| 383 | <primary sortas="c-libwireshark">libwireshark.so</primary>
|
---|
[13659efc] | 384 | </indexterm>
|
---|
| 385 | </listitem>
|
---|
| 386 | </varlistentry>
|
---|
[50b8d8b] | 387 |
|
---|
[13659efc] | 388 | <varlistentry id="libwiretap">
|
---|
| 389 | <term><filename class='libraryfile'>libwiretap.so</filename></term>
|
---|
| 390 | <listitem>
|
---|
[1065a91] | 391 | <para>is a library being developed as a future replacement for
|
---|
| 392 | <filename class='libraryfile'>libpcap</filename>, the current
|
---|
| 393 | standard Unix library for packet capturing. For more information,
|
---|
| 394 | see the <filename>README</filename> file in the source
|
---|
[13659efc] | 395 | <filename class='directory'>wiretap</filename> directory.</para>
|
---|
[894de226] | 396 | <indexterm zone="wireshark libwiretap">
|
---|
[13659efc] | 397 | <primary sortas="c-libwiretap">libwiretap.so</primary>
|
---|
| 398 | </indexterm>
|
---|
| 399 | </listitem>
|
---|
| 400 | </varlistentry>
|
---|
[50b8d8b] | 401 |
|
---|
[13659efc] | 402 | </variablelist>
|
---|
| 403 |
|
---|
| 404 | </sect2>
|
---|
[1a3dd316] | 405 |
|
---|
| 406 | </sect1>
|
---|