Context Navigation

wireshark-systemd.xml@ ad6910d

Visit:

systemd-13485

Last change on this file since ad6910d was ac38e9dc, checked in by Douglas R. Reno <renodr@…>, 9 years ago

Import back into SVN from Github

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16309 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 19.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.bz2">
8	<!ENTITY wireshark-download-ftp "ftp://ftp.uni-kl.de/pub/wireshark/src/wireshark-&wireshark-version;.tar.bz2">
9	<!ENTITY wireshark-md5sum "25ad2bc1c2a21396827c238fcff51bf3">
10	<!ENTITY wireshark-size "28 MB">
11	<!ENTITY wireshark-buildsize "1.6 GB">
12	<!ENTITY wireshark-time "6.0 SBU">
13	]>
14
15	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16	<?dbhtml filename="wireshark.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>Wireshark-&wireshark-version;</title>
24
25	<indexterm zone="wireshark">
26	<primary sortas="a-Wireshark">Wireshark</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to Wireshark</title>
31
32	<para>
33	The <application>Wireshark</application> package contains a network
34	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35	for analyzing data captured <quote>off the wire</quote> from a live
36	network connection, or data read from a capture file.
37	</para>
38
39	<para>
40	<application>Wireshark</application> provides both a graphical and a
41	TTY-mode front-end for examining captured network packets from over 500
42	protocols, as well as the capability to read capture files from many
43	other popular network analyzers.
44	</para>
45
46	&lfs77_checked;
47
48	<bridgehead renderas="sect3">Package Information</bridgehead>
49	<itemizedlist spacing="compact">
50	<listitem>
51	<para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52	</listitem>
53	<listitem>
54	<para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55	</listitem>
56	<listitem>
57	<para>Download MD5 sum: &wireshark-md5sum;</para>
58	</listitem>
59	<listitem>
60	<para>Download size: &wireshark-size;</para>
61	</listitem>
62	<listitem>
63	<para>Estimated disk space required: &wireshark-buildsize;</para>
64	</listitem>
65	<listitem>
66	<para>Estimated build time: &wireshark-time;</para>
67	</listitem>
68	</itemizedlist>
69
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Additional Documentation:
75	<ulink url="https://www.wireshark.org/download/docs/"/>
76	(contains links to docs in a variety of formats)
77	</para>
78	</listitem>
79	</itemizedlist>
80	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
81
82	<bridgehead renderas="sect4">Required</bridgehead>
83	<para role="required">
84	<xref linkend="glib2"/>
85	</para>
86
87	<bridgehead renderas="sect4">Recommended</bridgehead>
88	<para role="recommended">
89	<xref linkend="gtk3"/> (to build the <application>GTK+3</application>
90	GUI) and
91	<xref linkend="libpcap"/> (required to capture data)
92	</para>
93
94	<bridgehead renderas="sect4">Optional</bridgehead>
95	<para role="optional">
96	<xref linkend="gnutls"/>,
97	<xref linkend="libgcrypt"/>,
98	<xref linkend="lua"/>,
99	<xref linkend="mitkrb"/>,
100	<xref linkend="openssl"/>,
101	<ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink>,
102	<ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>, and
103	<ulink url="http://www.portaudio.com/download.html">PortAudio</ulink>
104	</para>
105
106	<bridgehead renderas="sect4">Optional (to build different GUI front-ends)</bridgehead>
107	<para role="optional">
108	<xref linkend="gtk2"/> and
109	<xref linkend="qt4"/> or
110	<xref linkend="qt5"/>
111	</para>
112
113	<para condition="html" role="usernotes">
114	User Notes: <ulink url="&blfs-wiki;/wireshark"/>
115	</para>
116	</sect2>
117
118	<sect2 role="kernel" id="wireshark-kernel">
119	<title>Kernel Configuration</title>
120
121	<para>
122	The kernel must have the Packet protocol enabled for <application>
123	Wireshark</application> to capture live packets from the network:
124	</para>
125
126	<screen><literal>[*] Networking support ---> [CONFIG_NET]
127	Networking options --->
128	<*/M> Packet socket [CONFIG_PACKET]</literal></screen>
129
130	<indexterm zone="wireshark wireshark-kernel">
131	<primary sortas="d-Capturing-network-packets">
132	Capturing network packets
133	</primary>
134	</indexterm>
135
136	</sect2>
137
138	<sect2 role="installation">
139	<title>Installation of Wireshark</title>
140
141	<para>
142	Optionally, fix the description of the program in the title.
143	The first change overwrites the default <quote>SVN Unknown</quote> in
144	the title and the second overwrites a utility script that resets the
145	version to <quote>unknown</quote>.
146	</para>
147
148	<screen><userinput>cat > svnversion.h << "EOF" &&
149	#define SVNVERSION "BLFS"
150	#define SVNPATH "source"
151	EOF
152
153	cat > make-version.pl << "EOF"
154	<literal>#!/usr/bin/perl</literal>
155	EOF</userinput></screen>
156
157	<para>
158	<application>Wireshark</application> is a very large and complex
159	application. These instructions provide additional security measures to
160	ensure that only trusted users are allowed to view network traffic. First,
161	set up a system group for wireshark. As the <systemitem
162	class="username">root</systemitem> user:
163	</para>
164
165	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
166
167	<para>
168	If you have both <application>GTK+2</application> and
169	<application>GTK+3</application>, and both <application>Qt4</application>
170	and <application>Qt5</application> installed, the
171	<application>GTK+</application> GUI will be linked against
172	<application>GTK+3</application> and <application>Qt</application> GUI
173	will be linked against <application>Qt5</application>. The instructions
174	below only cover building of the <application>GTK+3</application> GUI.
175	Additional modifications must be made to the commands below if building
176	a GUI front-end against different supported toolkits. Examine "Command
177	Explanations" section for information on necessary modifications to the
178	<command>configure</command> command.
179	</para>
180
181	<para>
182	If you want to build the <application>Qt5</application> GUI and have both
183	<application>Qt4</application> and <application>Qt5</application>
184	installed, issue:
185	</para>
186
187	<screen><userinput>sed -i "s:moc;:moc-qt5;:g" configure &&
188	sed -i "s:uic;:uic-qt5;:g" configure &&
189	sed -i "s:(AM_V_RCC)rcc:&-qt5:g" ui/qt/Makefile.in</userinput></screen>
190
191	<para>
192	If you want to build the <application>Qt4</application> GUI and have both
193	<application>Qt4</application> and <application>Qt5</application>
194	installed, issue:
195	</para>
196
197	<screen><userinput>sed -i "s:Qt5 Qt:Qt:g" configure &&
198	sed -i "s:moc;:moc-qt4;:g" configure &&
199	sed -i "s:uic;:uic-qt4;:g" configure &&
200	sed -i "s:(AM_V_RCC)rcc:&-qt4:g" ui/qt/Makefile.in</userinput></screen>
201
202	<para>
203	Install <application>Wireshark</application> by running the following
204	commands:
205	</para>
206
207	<screen><userinput>./configure --prefix=/usr \
208	--sysconfdir=/etc \
209	--with-gtk3 \
210	--without-qt &&
211	make</userinput></screen>
212
213	<para>
214	This package does not come with a test suite.
215	</para>
216
217	<para>
218	Now, as the <systemitem class="username">root</systemitem> user:
219	</para>
220
221	<screen role="root"><userinput>make install &&
222
223	install -v -dm755 /usr/share/doc/wireshark-&wireshark-version; &&
224	install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
225	/usr/share/doc/wireshark-&wireshark-version; &&
226
227	pushd /usr/share/doc/wireshark-&wireshark-version; &&
228	for FILENAME in ../../wireshark/*.html; do
229	ln -sfv $FILENAME
230	done &&
231	popd &&
232
233	if [ -e /usr/bin/wireshark ]; then
234	install -v -Dm644 wireshark.desktop /usr/share/applications/wireshark.desktop
235	fi &&
236
237	if [ -e /usr/bin/wireshark-qt ]; then
238	install -v -Dm644 wireshark.desktop /usr/share/applications/wireshark-qt.desktop &&
239	sed -i "s:Exec.*wireshark:&-qt:g" /usr/share/applications/wireshark-qt.desktop &&
240	sed -i "s:Name.*Wireshark:& (Qt):g" /usr/share/applications/wireshark-qt.desktop
241	fi &&
242
243	for size in 16 24 32 48 64 128 256 ; do
244	install -v -Dm644 image/wsicon${size}.png \
245	/usr/share/icons/hicolor/${size}x${size}/apps/wireshark.png &&
246	install -v -Dm644 image/WiresharkDoc-${size}.png \
247	/usr/share/icons/hicolor/${size}x${size}/mimetypes/application-vnd.tcpdump.pcap.png
248	done &&
249
250	unset size</userinput></screen>
251
252	<para>
253	If you downloaded any of the documentation files from the page
254	listed in the 'Additional Downloads', install them by issuing the
255	following commands as the <systemitem class="username">root</systemitem>
256	user:
257	</para>
258
259	<screen role="root"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
260
261	<para>
262	Now, set ownership and permissions of sensitive applications to only
263	allow authorized users. As the <systemitem class="username">root
264	</systemitem> user:
265	</para>
266
267	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
268	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
269
270	<para>
271	Finally, add any users to the wireshark group (as <systemitem class=
272	"username">root</systemitem> user):
273	</para>
274
275	<screen role="root"><userinput>usermod -a -G wireshark <username></userinput></screen>
276
277	</sect2>
278
279	<sect2 role="commands">
280	<title>Command Explanations</title>
281
282	<para>
283	<parameter>--with-gtk3</parameter>: This switch enables building
284	of the <application>GTK+3</application> GUI front-end. Replace it
285	with <parameter>--with-gtk2</parameter> if you have both
286	<application>GTK+2</application> and <application>GTK+3</application>
287	installed but wish to use <application>GTK+2</application> to build
288	the GUI front-end.
289	</para>
290
291	<para>
292	<parameter>--without-qt</parameter>: This switch disables building
293	of the <application>Qt</application> GUI front-end. Replace it with
294	<parameter>--with-qt</parameter> if you have installed either
295	<application>Qt4</application> or <application>Qt5</application>
296	and wish to build the <application>Qt</application> GUI front-end.
297	</para>
298
299	<para>
300	<option>--disable-wireshark</option>: Use this switch if you don't
301	want to build the GUI front-end.
302	</para>
303
304	</sect2>
305
306	<sect2 role="configuration">
307	<title>Configuring Wireshark</title>
308
309	<sect3 id="wireshark-config">
310	<title>Config Files</title>
311
312	<para><filename>/etc/wireshark.conf</filename> and
313	<filename>~/.wireshark/*</filename></para>
314
315	<indexterm zone="wireshark wireshark-config">
316	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
317	</indexterm>
318
319	<indexterm zone="wireshark wireshark-config">
320	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
321	</indexterm>
322
323	</sect3>
324
325	<sect3>
326	<title>Configuration Information</title>
327
328	<para>Though the default configuration parameters are very sane,
329	reference the configuration section of the
330	<ulink url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
331	Guide</ulink> for configuration information. Most of
332	<application>Wireshark</application>'s configuration can be accomplished
333	using the menu options of the <command>wireshark</command>
334	graphical interfaces.</para>
335
336	<note>
337	<para>If you want to look at packets, make sure you don't filter
338	them out with <xref linkend="iptables"/>. If you want to exclude
339	certain classes of packets, it is more efficient to do it with
340	<application>iptables</application> than it is with
341	<application>Wireshark</application>.</para>
342	</note>
343
344	</sect3>
345
346	</sect2>
347
348	<sect2 role="content">
349	<title>Contents</title>
350
351	<segmentedlist>
352	<segtitle>Installed Programs</segtitle>
353	<segtitle>Installed Libraries</segtitle>
354	<segtitle>Installed Directories</segtitle>
355
356	<seglistitem>
357	<seg>
358	capinfos, captype, dftest, dumpcap, editcap, mergecap,
359	randpkt, rawshark, reordercap, text2pcap, tshark,
360	wireshark and wireshark-qt
361	</seg>
362	<seg>
363	libfiletap.so, libwireshark.so, libwiretap.so and libwsutil.so
364	</seg>
365	<seg>
366	/usr/lib/wireshark,
367	/usr/share/doc/wireshark-&wireshark-version;,
368	/usr/share/pixmaps/wireshark and
369	/usr/share/wireshark
370	</seg>
371	</seglistitem>
372	</segmentedlist>
373
374	<variablelist>
375	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
376	<?dbfo list-presentation="list"?>
377	<?dbhtml list-presentation="table"?>
378
379	<varlistentry id="capinfos">
380	<term><command>capinfos</command></term>
381	<listitem>
382	<para>reads a saved capture file and returns any or all of several
383	statistics about that file. It is able to detect and read any capture
384	supported by the <application>Wireshark</application> package.</para>
385	<indexterm zone="wireshark capinfos">
386	<primary sortas="b-capinfos">capinfos</primary>
387	</indexterm>
388	</listitem>
389	</varlistentry>
390
391	<varlistentry id="captype">
392	<term><command>captype</command></term>
393	<listitem>
394	<para>prints the file types of capture files.</para>
395	<indexterm zone="wireshark captype">
396	<primary sortas="b-captype">captype</primary>
397	</indexterm>
398	</listitem>
399	</varlistentry>
400
401	<varlistentry id="dftest">
402	<term><command>dftest</command></term>
403	<listitem>
404	<para>is a display-filter-compiler test program.</para>
405	<indexterm zone="wireshark dftest">
406	<primary sortas="b-dftest">dftest</primary>
407	</indexterm>
408	</listitem>
409	</varlistentry>
410
411	<varlistentry id="dumpcap">
412	<term><command>dumpcap</command></term>
413	<listitem>
414	<para>is a network traffic dump tool. It lets you capture packet data
415	from a live network and write the packets to a file.</para>
416	<indexterm zone="wireshark dumpcap">
417	<primary sortas="b-dumpcap">dumpcap</primary>
418	</indexterm>
419	</listitem>
420	</varlistentry>
421
422	<varlistentry id="editcap">
423	<term><command>editcap</command></term>
424	<listitem>
425	<para>edits and/or translates the format of capture files. It knows
426	how to read <application>libpcap</application> capture files,
427	including those of <command>tcpdump</command>,
428	<application>Wireshark</application> and other tools that write
429	captures in that format.</para>
430	<indexterm zone="wireshark editcap">
431	<primary sortas="b-editcap">editcap</primary>
432	</indexterm>
433	</listitem>
434	</varlistentry>
435
436	<varlistentry id="mergecap">
437	<term><command>mergecap</command></term>
438	<listitem>
439	<para>combines multiple saved capture files into a single output
440	file.</para>
441	<indexterm zone="wireshark mergecap">
442	<primary sortas="b-mergecap">mergecap</primary>
443	</indexterm>
444	</listitem>
445	</varlistentry>
446
447	<varlistentry id="randpkt">
448	<term><command>randpkt</command></term>
449	<listitem>
450	<para>creates random-packet capture files.</para>
451	<indexterm zone="wireshark randpkt">
452	<primary sortas="b-randpkt">randpkt</primary>
453	</indexterm>
454	</listitem>
455	</varlistentry>
456
457	<varlistentry id="rawshark">
458	<term><command>rawshark</command></term>
459	<listitem>
460	<para>dump and analyze raw libpcap data.</para>
461	<indexterm zone="wireshark rawshark">
462	<primary sortas="b-rawshark">rawshark</primary>
463	</indexterm>
464	</listitem>
465	</varlistentry>
466
467	<varlistentry id="reordercap">
468	<term><command>reordercap</command></term>
469	<listitem>
470	<para>reorder timestamps of input file frames into output file.</para>
471	<indexterm zone="wireshark reordercap">
472	<primary sortas="b-reordercap">reordercap</primary>
473	</indexterm>
474	</listitem>
475	</varlistentry>
476
477	<varlistentry id="text2pcap">
478	<term><command>text2pcap</command></term>
479	<listitem>
480	<para>reads in an ASCII hex dump and writes the
481	data described into a <application>libpcap</application>-style
482	capture file.</para>
483	<indexterm zone="wireshark text2pcap">
484	<primary sortas="b-text2pcap">text2pcap</primary>
485	</indexterm>
486	</listitem>
487	</varlistentry>
488
489	<varlistentry id="tshark">
490	<term><command>tshark</command></term>
491	<listitem>
492	<para>is a TTY-mode network protocol analyzer. It lets you capture
493	packet data from a live network or read packets from a
494	previously saved capture file.</para>
495	<indexterm zone="wireshark tshark">
496	<primary sortas="b-tshark">tshark</primary>
497	</indexterm>
498	</listitem>
499	</varlistentry>
500
501	<varlistentry id="wireshark-prog">
502	<term><command>wireshark</command></term>
503	<listitem>
504	<para>is the GTK+ GUI network protocol analyzer. It lets you
505	interactively browse packet data from a live network or from a
506	previously saved capture file.</para>
507	<indexterm zone="wireshark wireshark-prog">
508	<primary sortas="b-wireshark">wireshark</primary>
509	</indexterm>
510	</listitem>
511	</varlistentry>
512
513	<varlistentry id="wireshark-qt-prog">
514	<term><command>wireshark-qt</command></term>
515	<listitem>
516	<para>is the Qt GUI network protocol analyzer. It lets you
517	interactively browse packet data from a live network or from a
518	previously saved capture file.</para>
519	<indexterm zone="wireshark wireshark-qt-prog">
520	<primary sortas="b-wireshark-qt">wireshark-qt</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524
525	<varlistentry id="libwireshark">
526	<term><filename class="libraryfile">libwireshark.so</filename></term>
527	<listitem>
528	<para>contains functions used by the
529	<application>Wireshark</application> programs to perform filtering and
530	packet capturing.</para>
531	<indexterm zone="wireshark libwireshark">
532	<primary sortas="c-libwireshark">libwireshark.so</primary>
533	</indexterm>
534	</listitem>
535	</varlistentry>
536
537	<varlistentry id="libwiretap">
538	<term><filename class="libraryfile">libwiretap.so</filename></term>
539	<listitem>
540	<para>is a library being developed as a future replacement for
541	<filename class="libraryfile">libpcap</filename>, the current
542	standard Unix library for packet capturing. For more information,
543	see the <filename>README</filename> file in the source
544	<filename class="directory">wiretap</filename> directory.</para>
545	<indexterm zone="wireshark libwiretap">
546	<primary sortas="c-libwiretap">libwiretap.so</primary>
547	</indexterm>
548	</listitem>
549	</varlistentry>
550
551	</variablelist>
552
553	</sect2>
554
555	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark-systemd.xml@ ad6910d

Download in other formats: