source: networking/netutils/wireshark-systemd.xml@ 16bd324

systemd-13485
Last change on this file since 16bd324 was 16bd324, checked in by Christopher Gregory <cjg@…>, 9 years ago

Update to wireshark-1.12.2.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@15022 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 19.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "http://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.bz2">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "2f2a16be8b087227cb17733c72288ae4">
10 <!ENTITY wireshark-size "28 MB">
11 <!ENTITY wireshark-buildsize "750 MB (up to 1.5 GB)">
12 <!ENTITY wireshark-time "7.32 SBU">
13]>
14
15<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16 <?dbhtml filename="wireshark.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Wireshark-&wireshark-version;</title>
24
25 <indexterm zone="wireshark">
26 <primary sortas="a-Wireshark">Wireshark</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Wireshark</title>
31
32 <para>The <application>Wireshark</application> package contains a network
33 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
34 for analyzing data captured <quote>off the wire</quote> from a live network
35 connection, or data read from a capture file.
36 <application>Wireshark</application> provides both a graphical and a TTY-mode
37 front-end for examining captured network packets from over 500 protocols,
38 as well as the capability to read capture files from many other popular
39 network analyzers.</para>
40
41 &lfs76_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
47 </listitem>
48 <listitem>
49 <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
50 </listitem>
51 <listitem>
52 <para>Download MD5 sum: &wireshark-md5sum;</para>
53 </listitem>
54 <listitem>
55 <para>Download size: &wireshark-size;</para>
56 </listitem>
57 <listitem>
58 <para>Estimated disk space required: &wireshark-buildsize;</para>
59 </listitem>
60 <listitem>
61 <para>Estimated build time: &wireshark-time;</para>
62 </listitem>
63 </itemizedlist>
64
65 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
66 <itemizedlist spacing="compact">
67 <listitem>
68 <para>Additional Documentation:
69 <ulink url="http://www.wireshark.org/download/docs/"/>
70 </para>
71 </listitem>
72 </itemizedlist>
73
74 <para>From this page you can download many different docs in a variety
75 of formats.</para>
76
77 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
78
79 <bridgehead renderas="sect4">Required</bridgehead>
80 <para role="required">
81 <xref linkend="glib2"/> (to build the TTY-mode front-end only)
82 </para>
83
84 <para>Note that you need <application>GTK+</application> or
85 <application>Qt</application> installed, otherwise, pass
86 <option>--disable-wireshark</option> to the
87 <command>configure</command> command.</para>
88
89 <bridgehead renderas="sect4">Recommended</bridgehead>
90 <para role="recommended">
91 <xref linkend="gtk3"/> (to build the <application>GTK+3</application>
92 GUI) and
93 <xref linkend="libpcap"/> (required to capture data)
94 </para>
95
96 <bridgehead renderas="sect4">Optional</bridgehead>
97 <para role="optional">
98 <xref linkend="gnutls"/>,
99 <xref linkend="libgcrypt"/>,
100 <xref linkend="lua"/>,
101 <xref linkend="mitkrb"/>,
102 <xref linkend="openssl"/>,
103 <ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink>,
104 <ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>, and
105 <ulink url="http://www.portaudio.com/download.html">PortAudio</ulink>
106 </para>
107
108 <bridgehead renderas="sect4">Optional (to build different GUI front-ends)</bridgehead>
109 <para role="optional">
110 <xref linkend="gtk2"/> and
111 <xref linkend="qt4"/> or
112 <xref linkend="qt5"/>
113 </para>
114
115 <para condition="html" role="usernotes">User Notes:
116 <ulink url="&blfs-wiki;/wireshark"/></para>
117
118 </sect2>
119
120 <sect2 role="kernel" id="wireshark-kernel">
121 <title>Kernel Configuration</title>
122
123 <para>The kernel must have the Packet protocol enabled for
124 <application>Wireshark</application> to capture live packets from the
125 network.</para>
126
127<screen><literal>Networking support: Y
128 Networking options:
129 Packet: sockets monitoring interface: M or Y</literal></screen>
130
131 <para>If built as a module, the name is
132 <filename>af_packet.ko</filename>.</para>
133
134 <indexterm zone="wireshark wireshark-kernel">
135 <primary sortas="d-Capturing-network-packets">Capturing network
136 packets</primary>
137 </indexterm>
138
139 </sect2>
140
141 <sect2 role="installation">
142 <title>Installation of Wireshark</title>
143
144 <para>Optionally, fix the description of the program in the title.
145 The first change overwrites the default "SVN Unknown" in the title
146 and the second overwrites a utility script that resets the version
147 to "unknown".</para>
148
149<screen><userinput>cat > svnversion.h &lt;&lt; "EOF"
150#define SVNVERSION "BLFS"
151#define SVNPATH "source"
152EOF
153
154cat > make-version.pl &lt;&lt; "EOF"
155#!/usr/bin/perl
156EOF</userinput></screen>
157
158 <para><application>Wireshark</application> is a very large and complex
159 application. These instructions provide additional security measures to
160 ensure that only trusted users are allowed to view network traffic. First,
161 set up a system group for wireshark. As the <systemitem
162 class="username">root</systemitem> user:</para>
163
164<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
165
166 <para>If you want an unpriviledged user to execute
167 <application>wireshark</application>, run the following command as the
168 <systemitem class="username">root</systemitem> user:</para>
169
170<screen><userinput>usermod -a -G wireshark <replaceable>&lt;username&gt;</replaceable></userinput></screen>
171
172 <para>
173 If you have both <application>GTK+2</application> and
174 <application>GTK+3</application>, and both <application>Qt4</application>
175 and <application>Qt5</application> installed, the
176 <application>GTK+</application> GUI will be linked against
177 <application>GTK+3</application> and <application>Qt</application> GUI
178 will be linked against <application>Qt5</application>. The instructions
179 below only cover building of the <application>GTK+3</application> GUI.
180 Additional modifications must be made to the commands below if building
181 a GUI front-end against different supported toolkits. Examine "Command
182 Explanations" section for information on necessary modifications to the
183 <command>configure</command> command.
184 </para>
185
186 <para>
187 If you want to build the <application>Qt5</application> GUI and have both
188 <application>Qt4</application> and <application>Qt5</application>
189 installed, issue:
190 </para>
191
192<screen><userinput>export QT_SELECT=qt5</userinput></screen>
193
194 <para>
195 If you want to build the <application>Qt4</application> GUI and have both
196 <application>Qt4</application> and <application>Qt5</application>
197 installed, issue:
198 </para>
199
200<screen><userinput>sed -i "s:Qt5 Qt:Qt:g" configure</userinput></screen>
201
202 <para>
203 Install <application>Wireshark</application> by running the following
204 commands:
205 </para>
206
207<screen><userinput>./configure --prefix=/usr \
208 --sysconfdir=/etc \
209 --with-gtk3 \
210 --without-qt &amp;&amp;
211make</userinput></screen>
212
213 <para>This package does not come with a test suite.</para>
214
215 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
216
217<screen role="root"><userinput>make install &amp;&amp;
218
219install -v -dm755 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
220install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
221 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
222
223pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
224 for FILENAME in ../../wireshark/*.html; do
225 ln -sfv $FILENAME
226 done &amp;&amp;
227popd &amp;&amp;
228
229if [ -e /usr/bin/wireshark ]; then
230 install -v -Dm644 wireshark.desktop /usr/share/applications/wireshark.desktop
231fi &amp;&amp;
232
233if [ -e /usr/bin/wireshark-qt ]; then
234 install -v -Dm644 wireshark.desktop /usr/share/applications/wireshark-qt.desktop &amp;&amp;
235 sed -i "/Exec/s:wireshark:&amp;-qt:g" /usr/share/applications/wireshark-qt.desktop
236fi &amp;&amp;
237
238for size in 16 24 32 48 64 128 256 ; do
239 install -v -Dm644 image/wsicon${size}.png \
240 /usr/share/icons/hicolor/${size}x${size}/apps/wireshark.png &amp;&amp;
241 install -v -Dm644 image/WiresharkDoc-${size}.png \
242 /usr/share/icons/hicolor/${size}x${size}/mimetypes/application-vnd.tcpdump.pcap.png
243done &amp;&amp;
244
245unset size &amp;&amp;
246unset QT_SELECT</userinput></screen>
247
248 <para>If you downloaded any of the documentation files from the page
249 listed in the 'Additional Downloads', install them by issuing the following
250 commands as the <systemitem class="username">root</systemitem> user:</para>
251
252<screen role="root"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
253
254 <para>Now, set ownership and permissions of sensitive applications to
255 only allow authorized users. As the <systemitem
256 class="username">root</systemitem> user:</para>
257
258<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
259chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
260
261 <para>Finally, add any users to the wireshark group (as root user):</para>
262
263<screen role="root"><userinput>usermod -a -G wireshark &lt;username&gt;</userinput></screen>
264
265 </sect2>
266
267 <sect2 role="commands">
268 <title>Command Explanations</title>
269
270 <para>
271 <parameter>--with-gtk3</parameter>: This switch enables building
272 of the <application>GTK+3</application> GUI front-end. Replace it
273 with <parameter>--with-gtk2</parameter> if you have both
274 <application>GTK+2</application> and <application>GTK+3</application>
275 installed but wish to use <application>GTK+2</application> to build
276 the GUI front-end.
277 </para>
278
279 <para>
280 <parameter>--without-qt</parameter>: This switch disables building
281 of the <application>Qt</application> GUI front-end. Replace it with
282 <parameter>--with-qt</parameter> if you have installed either
283 <application>Qt4</application> or <application>Qt5</application>
284 and wish to build the <application>Qt</application> GUI front-end.
285 </para>
286
287 <para>
288 <option>--disable-wireshark</option>: Use this switch if you don't
289 want to build the GUI front-end.
290 </para>
291
292 </sect2>
293
294 <sect2 role="configuration">
295 <title>Configuring Wireshark</title>
296
297 <sect3 id="wireshark-config">
298 <title>Config Files</title>
299
300 <para><filename>/etc/wireshark.conf</filename> and
301 <filename>~/.wireshark/*</filename></para>
302
303 <indexterm zone="wireshark wireshark-config">
304 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
305 </indexterm>
306
307 <indexterm zone="wireshark wireshark-config">
308 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
309 </indexterm>
310
311 </sect3>
312
313 <sect3>
314 <title>Configuration Information</title>
315
316 <para>Though the default configuration parameters are very sane,
317 reference the configuration section of the
318 <ulink url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
319 Guide</ulink> for configuration information. Most of
320 <application>Wireshark</application>'s configuration can be accomplished
321 using the menu options of the <command>wireshark</command>
322 graphical interfaces.</para>
323
324 <note>
325 <para>If you want to look at packets, make sure you don't filter
326 them out with <xref linkend="iptables"/>. If you want to exclude
327 certain classes of packets, it is more efficient to do it with
328 <application>iptables</application> than it is with
329 <application>Wireshark</application>.</para>
330 </note>
331
332 </sect3>
333
334 </sect2>
335
336 <sect2 role="content">
337 <title>Contents</title>
338
339 <segmentedlist>
340 <segtitle>Installed Programs</segtitle>
341 <segtitle>Installed Libraries</segtitle>
342 <segtitle>Installed Directories</segtitle>
343
344 <seglistitem>
345 <seg>
346 capinfos, captype, dftest, dumpcap, editcap, mergecap,
347 randpkt, rawshark, reordercap, text2pcap, tshark,
348 wireshark and wireshark-qt
349 </seg>
350 <seg>
351 libfiletap.so, libwireshark.so, libwiretap.so and libwsutil.so
352 </seg>
353 <seg>
354 /usr/lib/wireshark,
355 /usr/share/doc/wireshark-&wireshark-version; and
356 /usr/share/wireshark
357 </seg>
358 </seglistitem>
359 </segmentedlist>
360
361 <variablelist>
362 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
363 <?dbfo list-presentation="list"?>
364 <?dbhtml list-presentation="table"?>
365
366 <varlistentry id="capinfos">
367 <term><command>capinfos</command></term>
368 <listitem>
369 <para>reads a saved capture file and returns any or all of several
370 statistics about that file. It is able to detect and read any capture
371 supported by the <application>Wireshark</application> package.</para>
372 <indexterm zone="wireshark capinfos">
373 <primary sortas="b-capinfos">capinfos</primary>
374 </indexterm>
375 </listitem>
376 </varlistentry>
377
378 <varlistentry id="captype">
379 <term><command>captype</command></term>
380 <listitem>
381 <para>prints the file types of capture files.</para>
382 <indexterm zone="wireshark captype">
383 <primary sortas="b-captype">captype</primary>
384 </indexterm>
385 </listitem>
386 </varlistentry>
387
388 <varlistentry id="dftest">
389 <term><command>dftest</command></term>
390 <listitem>
391 <para>is a display-filter-compiler test program.</para>
392 <indexterm zone="wireshark dftest">
393 <primary sortas="b-dftest">dftest</primary>
394 </indexterm>
395 </listitem>
396 </varlistentry>
397
398 <varlistentry id="dumpcap">
399 <term><command>dumpcap</command></term>
400 <listitem>
401 <para>is a network traffic dump tool. It lets you capture packet data
402 from a live network and write the packets to a file.</para>
403 <indexterm zone="wireshark dumpcap">
404 <primary sortas="b-dumpcap">dumpcap</primary>
405 </indexterm>
406 </listitem>
407 </varlistentry>
408
409 <varlistentry id="editcap">
410 <term><command>editcap</command></term>
411 <listitem>
412 <para>edits and/or translates the format of capture files. It knows
413 how to read <application>libpcap</application> capture files,
414 including those of <command>tcpdump</command>,
415 <application>Wireshark</application> and other tools that write
416 captures in that format.</para>
417 <indexterm zone="wireshark editcap">
418 <primary sortas="b-editcap">editcap</primary>
419 </indexterm>
420 </listitem>
421 </varlistentry>
422
423 <varlistentry id="mergecap">
424 <term><command>mergecap</command></term>
425 <listitem>
426 <para>combines multiple saved capture files into a single output
427 file.</para>
428 <indexterm zone="wireshark mergecap">
429 <primary sortas="b-mergecap">mergecap</primary>
430 </indexterm>
431 </listitem>
432 </varlistentry>
433
434 <varlistentry id="randpkt">
435 <term><command>randpkt</command></term>
436 <listitem>
437 <para>creates random-packet capture files.</para>
438 <indexterm zone="wireshark randpkt">
439 <primary sortas="b-randpkt">randpkt</primary>
440 </indexterm>
441 </listitem>
442 </varlistentry>
443
444 <varlistentry id="rawshark">
445 <term><command>rawshark</command></term>
446 <listitem>
447 <para>dump and analyze raw libpcap data.</para>
448 <indexterm zone="wireshark rawshark">
449 <primary sortas="b-rawshark">rawshark</primary>
450 </indexterm>
451 </listitem>
452 </varlistentry>
453
454 <varlistentry id="reordercap">
455 <term><command>reordercap</command></term>
456 <listitem>
457 <para>reorder timestamps of input file frames into output file.</para>
458 <indexterm zone="wireshark reordercap">
459 <primary sortas="b-reordercap">reordercap</primary>
460 </indexterm>
461 </listitem>
462 </varlistentry>
463
464 <varlistentry id="text2pcap">
465 <term><command>text2pcap</command></term>
466 <listitem>
467 <para>reads in an ASCII hex dump and writes the
468 data described into a <application>libpcap</application>-style
469 capture file.</para>
470 <indexterm zone="wireshark text2pcap">
471 <primary sortas="b-text2pcap">text2pcap</primary>
472 </indexterm>
473 </listitem>
474 </varlistentry>
475
476 <varlistentry id="tshark">
477 <term><command>tshark</command></term>
478 <listitem>
479 <para>is a TTY-mode network protocol analyzer. It lets you capture
480 packet data from a live network or read packets from a
481 previously saved capture file.</para>
482 <indexterm zone="wireshark tshark">
483 <primary sortas="b-tshark">tshark</primary>
484 </indexterm>
485 </listitem>
486 </varlistentry>
487
488 <varlistentry id="wireshark-prog">
489 <term><command>wireshark</command></term>
490 <listitem>
491 <para>is the GTK+ GUI network protocol analyzer. It lets you
492 interactively browse packet data from a live network or from a
493 previously saved capture file.</para>
494 <indexterm zone="wireshark wireshark-prog">
495 <primary sortas="b-wireshark">wireshark</primary>
496 </indexterm>
497 </listitem>
498 </varlistentry>
499
500 <varlistentry id="wireshark-qt-prog">
501 <term><command>wireshark-qt</command></term>
502 <listitem>
503 <para>is the Qt GUI network protocol analyzer. It lets you
504 interactively browse packet data from a live network or from a
505 previously saved capture file.</para>
506 <indexterm zone="wireshark wireshark-qt-prog">
507 <primary sortas="b-wireshark-qt">wireshark-qt</primary>
508 </indexterm>
509 </listitem>
510 </varlistentry>
511
512 <varlistentry id="libwireshark">
513 <term><filename class="libraryfile">libwireshark.so</filename></term>
514 <listitem>
515 <para>contains functions used by the
516 <application>Wireshark</application> programs to perform filtering and
517 packet capturing.</para>
518 <indexterm zone="wireshark libwireshark">
519 <primary sortas="c-libwireshark">libwireshark.so</primary>
520 </indexterm>
521 </listitem>
522 </varlistentry>
523
524 <varlistentry id="libwiretap">
525 <term><filename class="libraryfile">libwiretap.so</filename></term>
526 <listitem>
527 <para>is a library being developed as a future replacement for
528 <filename class="libraryfile">libpcap</filename>, the current
529 standard Unix library for packet capturing. For more information,
530 see the <filename>README</filename> file in the source
531 <filename class="directory">wiretap</filename> directory.</para>
532 <indexterm zone="wireshark libwiretap">
533 <primary sortas="c-libwiretap">libwiretap.so</primary>
534 </indexterm>
535 </listitem>
536 </varlistentry>
537
538 </variablelist>
539
540 </sect2>
541
542</sect1>
Note: See TracBrowser for help on using the repository browser.