[1a3dd316] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[1a3dd316] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[3bb415b] | 7 | <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
|
---|
[7fd159db] | 8 | <!ENTITY wireshark-download-ftp " ">
|
---|
[0be8c5f9] | 9 | <!ENTITY wireshark-md5sum "29d710e0cf96e26005bd13b9d1cd9384">
|
---|
[bdd8adc9] | 10 | <!ENTITY wireshark-size "41 MB">
|
---|
[0be8c5f9] | 11 | <!ENTITY wireshark-buildsize "822 MB (with all optional dependencies available in the BLFS book)">
|
---|
| 12 | <!ENTITY wireshark-time "2.3 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
|
---|
[1a3dd316] | 13 | ]>
|
---|
| 14 |
|
---|
[0b8cb69c] | 15 | <!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
|
---|
[c8a095cb] | 16 | we have not always been aware of these. At https://www.wireshark.org/security/
|
---|
| 17 | there is a list of advisories and the version in which they were fixed.
|
---|
| 18 |
|
---|
| 19 | If you click on an advisory, after the bug number in the References:
|
---|
| 20 | there may be a CVE number, although perhaps those get added some time after
|
---|
| 21 | the release. Perhaps as a general rule treat ALL their advisories for crashes
|
---|
| 22 | etc as worthy of a security fix. -->
|
---|
| 23 |
|
---|
[894de226] | 24 | <sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
|
---|
| 25 | <?dbhtml filename="wireshark.html"?>
|
---|
[50b8d8b] | 26 |
|
---|
| 27 |
|
---|
[894de226] | 28 | <title>Wireshark-&wireshark-version;</title>
|
---|
[50b8d8b] | 29 |
|
---|
[894de226] | 30 | <indexterm zone="wireshark">
|
---|
| 31 | <primary sortas="a-Wireshark">Wireshark</primary>
|
---|
[13659efc] | 32 | </indexterm>
|
---|
| 33 |
|
---|
| 34 | <sect2 role="package">
|
---|
[894de226] | 35 | <title>Introduction to Wireshark</title>
|
---|
[13659efc] | 36 |
|
---|
[7014c9d] | 37 | <para>
|
---|
| 38 | The <application>Wireshark</application> package contains a network
|
---|
| 39 | protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
|
---|
| 40 | for analyzing data captured <quote>off the wire</quote> from a live
|
---|
| 41 | network connection, or data read from a capture file.
|
---|
| 42 | </para>
|
---|
| 43 |
|
---|
| 44 | <para>
|
---|
| 45 | <application>Wireshark</application> provides both a graphical and a
|
---|
| 46 | TTY-mode front-end for examining captured network packets from over 500
|
---|
| 47 | protocols, as well as the capability to read capture files from many
|
---|
| 48 | other popular network analyzers.
|
---|
| 49 | </para>
|
---|
[50b8d8b] | 50 |
|
---|
[d54f002] | 51 | &lfs120_checked;
|
---|
[a079e73c] | 52 |
|
---|
[13659efc] | 53 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 54 | <itemizedlist spacing="compact">
|
---|
| 55 | <listitem>
|
---|
[7c56ece] | 56 | <para>
|
---|
| 57 | Download (HTTP): <ulink url="&wireshark-download-http;"/>
|
---|
| 58 | </para>
|
---|
[13659efc] | 59 | </listitem>
|
---|
| 60 | <listitem>
|
---|
[7c56ece] | 61 | <para>
|
---|
| 62 | Download (FTP): <ulink url="&wireshark-download-ftp;"/>
|
---|
| 63 | </para>
|
---|
[13659efc] | 64 | </listitem>
|
---|
| 65 | <listitem>
|
---|
[7c56ece] | 66 | <para>
|
---|
| 67 | Download MD5 sum: &wireshark-md5sum;
|
---|
| 68 | </para>
|
---|
[13659efc] | 69 | </listitem>
|
---|
| 70 | <listitem>
|
---|
[7c56ece] | 71 | <para>
|
---|
| 72 | Download size: &wireshark-size;
|
---|
| 73 | </para>
|
---|
[13659efc] | 74 | </listitem>
|
---|
| 75 | <listitem>
|
---|
[7c56ece] | 76 | <para>
|
---|
| 77 | Estimated disk space required: &wireshark-buildsize;
|
---|
| 78 | </para>
|
---|
[13659efc] | 79 | </listitem>
|
---|
| 80 | <listitem>
|
---|
[7c56ece] | 81 | <para>
|
---|
| 82 | Estimated build time: &wireshark-time;
|
---|
| 83 | </para>
|
---|
[2174baa] | 84 | </listitem>
|
---|
[13659efc] | 85 | </itemizedlist>
|
---|
[50b8d8b] | 86 |
|
---|
[3932f297] | 87 | <bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
---|
[9f12e36] | 88 | <itemizedlist spacing="compact">
|
---|
[f1757108] | 89 | <listitem>
|
---|
| 90 | <para>
|
---|
| 91 | Required patch to build with Python-3.12:
|
---|
| 92 | <ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
|
---|
| 93 | </para>
|
---|
| 94 | </listitem>
|
---|
[b11e915] | 95 | <listitem>
|
---|
[7014c9d] | 96 | <para>
|
---|
| 97 | Additional Documentation:
|
---|
| 98 | <ulink url="https://www.wireshark.org/download/docs/"/>
|
---|
| 99 | (contains links to several different docs in a variety of formats)
|
---|
[7c56ece] | 100 | </para>
|
---|
[b11e915] | 101 | </listitem>
|
---|
[3932f297] | 102 | </itemizedlist>
|
---|
| 103 |
|
---|
[894de226] | 104 | <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
|
---|
[50b8d8b] | 105 |
|
---|
[13659efc] | 106 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
[6b14cb2] | 107 | <para role="required">
|
---|
[f853c30e] | 108 | <xref linkend="cmake"/>,
|
---|
[d85cc29] | 109 | <xref linkend="c-ares"/>,
|
---|
[8558044] | 110 | <xref linkend="glib2"/>,
|
---|
[a1108958] | 111 | <xref linkend="libgcrypt"/>, and
|
---|
[e440af5] | 112 | (<xref linkend="qt5"/> or
|
---|
[b3867c5] | 113 | <xref role="nodep" linkend="qt5-components"/> with qtmultimedia)
|
---|
[6b14cb2] | 114 | </para>
|
---|
[50b8d8b] | 115 |
|
---|
[13659efc] | 116 | <bridgehead renderas="sect4">Recommended</bridgehead>
|
---|
[a079e73c] | 117 | <para role="recommended">
|
---|
[65546bb] | 118 | <xref linkend="libpcap"/> (required to capture data)
|
---|
[a079e73c] | 119 | </para>
|
---|
[50b8d8b] | 120 |
|
---|
[13659efc] | 121 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[9ef15dba] | 122 | <para role="optional">
|
---|
[e713e66c] | 123 | <xref linkend="asciidoctor"/>,
|
---|
[9ac8d7cc] | 124 | <xref linkend="brotli"/>,
|
---|
[a1108958] | 125 | <xref linkend="doxygen"/>,
|
---|
| 126 | <xref linkend="git"/>,
|
---|
[94e2b39a] | 127 | <xref linkend="gnutls"/>,
|
---|
[791e3e7d] | 128 | <xref linkend="libnl"/>,
|
---|
[5c2345ff] | 129 | <xref linkend="libxslt"/>,
|
---|
[a1108958] | 130 | <xref linkend="libxml2"/>,
|
---|
| 131 | <xref linkend="lua52"/>,
|
---|
[a079e73c] | 132 | <xref linkend="mitkrb"/>,
|
---|
[3bb415b] | 133 | <xref linkend="nghttp2"/>,
|
---|
[791e3e7d] | 134 | <xref linkend="sbc"/>,
|
---|
[9ac8d7cc] | 135 | <xref linkend="speex"/>,
|
---|
[e713e66c] | 136 | <!--<ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,-->
|
---|
[a1108958] | 137 | <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
|
---|
[de5db85] | 138 | <ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
|
---|
[75e3e09] | 139 | <ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
|
---|
| 140 | <ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
|
---|
[3bb415b] | 141 | <ulink url="https://www.libssh.org/">libssh</ulink>,
|
---|
[a1108958] | 142 | <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
|
---|
[9ac8d7cc] | 143 | <ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
|
---|
[75e3e09] | 144 | <ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
|
---|
[746cbd8] | 145 | <ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
|
---|
[a079e73c] | 146 | </para>
|
---|
[28d83dbc] | 147 |
|
---|
[061ec9d] | 148 |
|
---|
[13659efc] | 149 | </sect2>
|
---|
[50b8d8b] | 150 |
|
---|
[894de226] | 151 | <sect2 role="kernel" id="wireshark-kernel">
|
---|
[13659efc] | 152 | <title>Kernel Configuration</title>
|
---|
[50b8d8b] | 153 |
|
---|
[7014c9d] | 154 | <para>
|
---|
| 155 | The kernel must have the Packet protocol enabled for <application>
|
---|
| 156 | Wireshark</application> to capture live packets from the network:
|
---|
| 157 | </para>
|
---|
[6d772cc] | 158 |
|
---|
[0add366] | 159 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
---|
| 160 | href="wireshark-kernel.xml"/>
|
---|
[6b14cb2] | 161 |
|
---|
[7014c9d] | 162 | <para>
|
---|
| 163 | If built as a module, the name is <filename>af_packet.ko</filename>.
|
---|
| 164 | </para>
|
---|
[50b8d8b] | 165 |
|
---|
[7014c9d] | 166 | <indexterm zone="wireshark wireshark-kernel">
|
---|
| 167 | <primary sortas="d-Capturing-network-packets">
|
---|
| 168 | Capturing network packets
|
---|
| 169 | </primary>
|
---|
| 170 | </indexterm>
|
---|
[50b8d8b] | 171 |
|
---|
[13659efc] | 172 | </sect2>
|
---|
[50b8d8b] | 173 |
|
---|
[13659efc] | 174 | <sect2 role="installation">
|
---|
[894de226] | 175 | <title>Installation of Wireshark</title>
|
---|
[13659efc] | 176 |
|
---|
[7014c9d] | 177 | <para>
|
---|
| 178 | <application>Wireshark</application> is a very large and complex
|
---|
| 179 | application. These instructions provide additional security measures to
|
---|
| 180 | ensure that only trusted users are allowed to view network traffic. First,
|
---|
| 181 | set up a system group for wireshark. As the <systemitem
|
---|
| 182 | class="username">root</systemitem> user:
|
---|
| 183 | </para>
|
---|
[a079e73c] | 184 |
|
---|
| 185 | <screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
|
---|
| 186 |
|
---|
[f1757108] | 187 | <para>
|
---|
| 188 | Fix building with Python-3.12 and higher:
|
---|
| 189 | </para>
|
---|
| 190 |
|
---|
| 191 | <screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-py_3.12_fix-1.patch</userinput></screen>
|
---|
| 192 |
|
---|
[7014c9d] | 193 | <para>
|
---|
| 194 | Continue to install <application>Wireshark</application> by running
|
---|
| 195 | the following commands:
|
---|
| 196 | </para>
|
---|
[13659efc] | 197 |
|
---|
[a1108958] | 198 | <screen><userinput>mkdir build &&
|
---|
| 199 | cd build &&
|
---|
[791e3e7d] | 200 |
|
---|
[a1108958] | 201 | cmake -DCMAKE_INSTALL_PREFIX=/usr \
|
---|
| 202 | -DCMAKE_BUILD_TYPE=Release \
|
---|
[235d561b] | 203 | -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
|
---|
[a1108958] | 204 | -G Ninja \
|
---|
| 205 | .. &&
|
---|
| 206 | ninja</userinput></screen>
|
---|
[28d83dbc] | 207 |
|
---|
[7014c9d] | 208 | <para>
|
---|
| 209 | This package does not come with a test suite.
|
---|
| 210 | </para>
|
---|
[50b8d8b] | 211 |
|
---|
[7014c9d] | 212 | <para>
|
---|
| 213 | Now, as the <systemitem class="username">root</systemitem> user:
|
---|
| 214 | </para>
|
---|
[50b8d8b] | 215 |
|
---|
[a1108958] | 216 | <screen role="root"><userinput>ninja install &&
|
---|
[894de226] | 217 |
|
---|
| 218 | install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
[8afd065] | 219 | install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
|
---|
[894de226] | 220 | /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
[a079e73c] | 221 |
|
---|
[894de226] | 222 | pushd /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
[0d7900a] | 223 | for FILENAME in ../../wireshark/*.html; do
|
---|
[2061231] | 224 | ln -s -v -f $FILENAME .
|
---|
[a079e73c] | 225 | done &&
|
---|
[791e3e7d] | 226 | popd
|
---|
| 227 | unset FILENAME</userinput></screen>
|
---|
[3932f297] | 228 |
|
---|
[7014c9d] | 229 | <para>
|
---|
| 230 | If you downloaded any of the documentation files from the page
|
---|
| 231 | listed in the 'Additional Downloads', install them by issuing the
|
---|
| 232 | following commands as the <systemitem class="username">root</systemitem>
|
---|
| 233 | user:
|
---|
| 234 | </para>
|
---|
[3932f297] | 235 |
|
---|
[06908bf6] | 236 | <screen role="root"
|
---|
| 237 | remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
|
---|
[6d772cc] | 238 | /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
|
---|
[50b8d8b] | 239 |
|
---|
[7014c9d] | 240 | <para>
|
---|
| 241 | Now, set ownership and permissions of sensitive applications to only
|
---|
| 242 | allow authorized users. As the <systemitem class="username">root
|
---|
| 243 | </systemitem> user:
|
---|
| 244 | </para>
|
---|
[a079e73c] | 245 |
|
---|
| 246 | <screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
|
---|
| 247 | chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
|
---|
| 248 |
|
---|
[7014c9d] | 249 | <para>
|
---|
| 250 | Finally, add any users to the wireshark group (as <systemitem class=
|
---|
| 251 | "username">root</systemitem> user):
|
---|
| 252 | </para>
|
---|
[b85a77f] | 253 |
|
---|
[4147841] | 254 | <screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
|
---|
[a079e73c] | 255 |
|
---|
[791e3e7d] | 256 | <para>
|
---|
| 257 | If you are installing wireshark for the first time, it will be necessary
|
---|
[eed90c8] | 258 | to logout of your session and login again. This will put wireshark in your
|
---|
| 259 | groups, because otherwise Wireshark will not function properly.
|
---|
[791e3e7d] | 260 | </para>
|
---|
| 261 |
|
---|
[13659efc] | 262 | </sect2>
|
---|
[a1108958] | 263 | <!--
|
---|
[13659efc] | 264 | <sect2 role="commands">
|
---|
| 265 | <title>Command Explanations</title>
|
---|
[50b8d8b] | 266 |
|
---|
[6d772cc] | 267 | <para>
|
---|
[a1108958] | 268 | <option>- -disable-wireshark</option>: Use this switch if you
|
---|
[3bb415b] | 269 | have <application>Qt</application> installed but do not want to build
|
---|
[7014c9d] | 270 | any of the GUIs.
|
---|
| 271 | </para>
|
---|
[13659efc] | 272 | </sect2>
|
---|
[a1108958] | 273 | -->
|
---|
[50b8d8b] | 274 |
|
---|
[13659efc] | 275 | <sect2 role="configuration">
|
---|
[894de226] | 276 | <title>Configuring Wireshark</title>
|
---|
[13659efc] | 277 |
|
---|
[894de226] | 278 | <sect3 id="wireshark-config">
|
---|
[13659efc] | 279 | <title>Config Files</title>
|
---|
[50b8d8b] | 280 |
|
---|
[7c56ece] | 281 | <para>
|
---|
| 282 | <filename>/etc/wireshark.conf</filename> and
|
---|
| 283 | <filename>~/.config/wireshark/*</filename> (unless there is already
|
---|
| 284 | <filename>~/.wireshark/*</filename> in the system)
|
---|
| 285 | </para>
|
---|
[50b8d8b] | 286 |
|
---|
[894de226] | 287 | <indexterm zone="wireshark wireshark-config">
|
---|
| 288 | <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
|
---|
[13659efc] | 289 | </indexterm>
|
---|
[50b8d8b] | 290 |
|
---|
[894de226] | 291 | <indexterm zone="wireshark wireshark-config">
|
---|
| 292 | <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
|
---|
[13659efc] | 293 | </indexterm>
|
---|
[50b8d8b] | 294 |
|
---|
[13659efc] | 295 | </sect3>
|
---|
[50b8d8b] | 296 |
|
---|
[13659efc] | 297 | <sect3>
|
---|
| 298 | <title>Configuration Information</title>
|
---|
[50b8d8b] | 299 |
|
---|
[7c56ece] | 300 | <para>
|
---|
| 301 | Though the default configuration parameters are very sane, reference
|
---|
| 302 | the configuration section of the <ulink url=
|
---|
[75e3e09] | 303 | "https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
|
---|
[7c56ece] | 304 | </ulink> for configuration information. Most of <application>Wireshark
|
---|
| 305 | </application>'s configuration can be accomplished
|
---|
| 306 | using the menu options of the <command>wireshark</command> graphical
|
---|
| 307 | interfaces.
|
---|
| 308 | </para>
|
---|
[50b8d8b] | 309 |
|
---|
[13659efc] | 310 | <note>
|
---|
[7c56ece] | 311 | <para>
|
---|
| 312 | If you want to look at packets, make sure you don't filter them
|
---|
| 313 | out with <xref linkend="iptables"/>. If you want to exclude certain
|
---|
| 314 | classes of packets, it is more efficient to do it with
|
---|
| 315 | <application>iptables</application> than it is with
|
---|
| 316 | <application>Wireshark</application>.
|
---|
| 317 | </para>
|
---|
[13659efc] | 318 | </note>
|
---|
[50b8d8b] | 319 |
|
---|
[13659efc] | 320 | </sect3>
|
---|
[50b8d8b] | 321 |
|
---|
[13659efc] | 322 | </sect2>
|
---|
[50b8d8b] | 323 |
|
---|
[13659efc] | 324 | <sect2 role="content">
|
---|
| 325 | <title>Contents</title>
|
---|
| 326 |
|
---|
| 327 | <segmentedlist>
|
---|
| 328 | <segtitle>Installed Programs</segtitle>
|
---|
| 329 | <segtitle>Installed Libraries</segtitle>
|
---|
| 330 | <segtitle>Installed Directories</segtitle>
|
---|
[50b8d8b] | 331 |
|
---|
[13659efc] | 332 | <seglistitem>
|
---|
[791e3e7d] | 333 | <seg>
|
---|
[a1108958] | 334 | capinfos, captype, dumpcap, editcap, idl2wrs,
|
---|
[3bb415b] | 335 | mergecap, randpkt, rawshark, reordercap, sharkd,
|
---|
[a1108958] | 336 | text2pcap, tshark, and wireshark
|
---|
[791e3e7d] | 337 | </seg>
|
---|
| 338 | <seg>
|
---|
[90eaa29e] | 339 | libwireshark.so, libwiretap.so,
|
---|
[7fd159db] | 340 | libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
|
---|
[791e3e7d] | 341 | </seg>
|
---|
| 342 | <seg>
|
---|
[a1108958] | 343 | /usr/{include,lib,share}/wireshark and
|
---|
[791e3e7d] | 344 | /usr/share/doc/wireshark-&wireshark-version;
|
---|
| 345 | </seg>
|
---|
[13659efc] | 346 | </seglistitem>
|
---|
| 347 | </segmentedlist>
|
---|
[50b8d8b] | 348 |
|
---|
[13659efc] | 349 | <variablelist>
|
---|
| 350 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 351 | <?dbfo list-presentation="list"?>
|
---|
| 352 | <?dbhtml list-presentation="table"?>
|
---|
[50b8d8b] | 353 |
|
---|
[13659efc] | 354 | <varlistentry id="capinfos">
|
---|
| 355 | <term><command>capinfos</command></term>
|
---|
| 356 | <listitem>
|
---|
[7c56ece] | 357 | <para>
|
---|
| 358 | reads a saved capture file and returns any or all of several
|
---|
| 359 | statistics about that file. It is able to detect and read any
|
---|
| 360 | capture supported by the <application>Wireshark</application>
|
---|
[4c24eb0a] | 361 | package
|
---|
[7c56ece] | 362 | </para>
|
---|
[894de226] | 363 | <indexterm zone="wireshark capinfos">
|
---|
[13659efc] | 364 | <primary sortas="b-capinfos">capinfos</primary>
|
---|
| 365 | </indexterm>
|
---|
| 366 | </listitem>
|
---|
| 367 | </varlistentry>
|
---|
[50b8d8b] | 368 |
|
---|
[b85a77f] | 369 | <varlistentry id="captype">
|
---|
| 370 | <term><command>captype</command></term>
|
---|
| 371 | <listitem>
|
---|
[7c56ece] | 372 | <para>
|
---|
[4c24eb0a] | 373 | prints the file types of capture files
|
---|
[7c56ece] | 374 | </para>
|
---|
[b85a77f] | 375 | <indexterm zone="wireshark captype">
|
---|
| 376 | <primary sortas="b-captype">captype</primary>
|
---|
| 377 | </indexterm>
|
---|
| 378 | </listitem>
|
---|
| 379 | </varlistentry>
|
---|
| 380 |
|
---|
[894de226] | 381 | <varlistentry id="dumpcap">
|
---|
| 382 | <term><command>dumpcap</command></term>
|
---|
| 383 | <listitem>
|
---|
[7c56ece] | 384 | <para>
|
---|
| 385 | is a network traffic dump tool. It lets you capture packet data
|
---|
[4c24eb0a] | 386 | from a live network and write the packets to a file
|
---|
[7c56ece] | 387 | </para>
|
---|
[894de226] | 388 | <indexterm zone="wireshark dumpcap">
|
---|
| 389 | <primary sortas="b-dumpcap">dumpcap</primary>
|
---|
| 390 | </indexterm>
|
---|
| 391 | </listitem>
|
---|
| 392 | </varlistentry>
|
---|
| 393 |
|
---|
[13659efc] | 394 | <varlistentry id="editcap">
|
---|
| 395 | <term><command>editcap</command></term>
|
---|
| 396 | <listitem>
|
---|
[7c56ece] | 397 | <para>
|
---|
| 398 | edits and/or translates the format of capture files. It knows
|
---|
| 399 | how to read <application>libpcap</application> capture files,
|
---|
| 400 | including those of <command>tcpdump</command>,
|
---|
| 401 | <application>Wireshark</application> and other tools that write
|
---|
[4c24eb0a] | 402 | captures in that format
|
---|
[7c56ece] | 403 | </para>
|
---|
[894de226] | 404 | <indexterm zone="wireshark editcap">
|
---|
[13659efc] | 405 | <primary sortas="b-editcap">editcap</primary>
|
---|
| 406 | </indexterm>
|
---|
| 407 | </listitem>
|
---|
| 408 | </varlistentry>
|
---|
[50b8d8b] | 409 |
|
---|
[fa30d84] | 410 | <varlistentry id="idl2wrs">
|
---|
| 411 | <term><command>idl2wrs</command></term>
|
---|
| 412 | <listitem>
|
---|
[7c56ece] | 413 | <para>
|
---|
| 414 | is a program that takes a user specified CORBA IDL file and
|
---|
| 415 | generates <quote>C</quote> source code for a
|
---|
| 416 | <application>Wireshark</application> <quote>plugin</quote>. It
|
---|
| 417 | relies on two Python programs <command>wireshark_be.py</command>
|
---|
| 418 | and <command>wireshark_gen.py</command>, which are not installed
|
---|
[4c24eb0a] | 419 | by default. They have to be copied manually from the
|
---|
| 420 | <filename class="directory">tools</filename> directory to the
|
---|
| 421 | <filename class="directory">$PYTHONPATH/site-packages/</filename>
|
---|
| 422 | directory
|
---|
[fa30d84] | 423 | </para>
|
---|
| 424 | <indexterm zone="wireshark idl2wrs">
|
---|
| 425 | <primary sortas="b-idl2wrs">idl2wrs</primary>
|
---|
| 426 | </indexterm>
|
---|
| 427 | </listitem>
|
---|
| 428 | </varlistentry>
|
---|
| 429 |
|
---|
[13659efc] | 430 | <varlistentry id="mergecap">
|
---|
| 431 | <term><command>mergecap</command></term>
|
---|
| 432 | <listitem>
|
---|
[7c56ece] | 433 | <para>
|
---|
[4c24eb0a] | 434 | combines multiple saved capture files into a single output file
|
---|
[7c56ece] | 435 | </para>
|
---|
[894de226] | 436 | <indexterm zone="wireshark mergecap">
|
---|
[13659efc] | 437 | <primary sortas="b-mergecap">mergecap</primary>
|
---|
| 438 | </indexterm>
|
---|
| 439 | </listitem>
|
---|
| 440 | </varlistentry>
|
---|
[50b8d8b] | 441 |
|
---|
[13659efc] | 442 | <varlistentry id="randpkt">
|
---|
| 443 | <term><command>randpkt</command></term>
|
---|
| 444 | <listitem>
|
---|
[7c56ece] | 445 | <para>
|
---|
[4c24eb0a] | 446 | creates random-packet capture files
|
---|
[7c56ece] | 447 | </para>
|
---|
[894de226] | 448 | <indexterm zone="wireshark randpkt">
|
---|
[13659efc] | 449 | <primary sortas="b-randpkt">randpkt</primary>
|
---|
| 450 | </indexterm>
|
---|
| 451 | </listitem>
|
---|
| 452 | </varlistentry>
|
---|
[50b8d8b] | 453 |
|
---|
[a079e73c] | 454 | <varlistentry id="rawshark">
|
---|
| 455 | <term><command>rawshark</command></term>
|
---|
| 456 | <listitem>
|
---|
[7c56ece] | 457 | <para>
|
---|
[4c24eb0a] | 458 | dumps and analyzes raw libpcap data
|
---|
[7c56ece] | 459 | </para>
|
---|
[a079e73c] | 460 | <indexterm zone="wireshark rawshark">
|
---|
| 461 | <primary sortas="b-rawshark">rawshark</primary>
|
---|
| 462 | </indexterm>
|
---|
| 463 | </listitem>
|
---|
| 464 | </varlistentry>
|
---|
| 465 |
|
---|
[2061231] | 466 | <varlistentry id="reordercap">
|
---|
| 467 | <term><command>reordercap</command></term>
|
---|
| 468 | <listitem>
|
---|
[7c56ece] | 469 | <para>
|
---|
[4c24eb0a] | 470 | reorders timestamps of input file frames into an output file
|
---|
[7c56ece] | 471 | </para>
|
---|
[2061231] | 472 | <indexterm zone="wireshark reordercap">
|
---|
| 473 | <primary sortas="b-reordercap">reordercap</primary>
|
---|
| 474 | </indexterm>
|
---|
| 475 | </listitem>
|
---|
| 476 | </varlistentry>
|
---|
| 477 |
|
---|
[3bb415b] | 478 | <varlistentry id="sharkd">
|
---|
| 479 | <term><command>sharkd</command></term>
|
---|
| 480 | <listitem>
|
---|
[7c56ece] | 481 | <para>
|
---|
[4c24eb0a] | 482 | is a daemon that listens on UNIX sockets
|
---|
[7c56ece] | 483 | </para>
|
---|
[3bb415b] | 484 | <indexterm zone="wireshark sharkd">
|
---|
| 485 | <primary sortas="b-sharkd">sharkd</primary>
|
---|
| 486 | </indexterm>
|
---|
| 487 | </listitem>
|
---|
| 488 | </varlistentry>
|
---|
| 489 |
|
---|
[894de226] | 490 | <varlistentry id="text2pcap">
|
---|
| 491 | <term><command>text2pcap</command></term>
|
---|
| 492 | <listitem>
|
---|
[7c56ece] | 493 | <para>
|
---|
| 494 | reads in an ASCII hex dump and writes the data described into a
|
---|
[4c24eb0a] | 495 | <application>libpcap</application>-style capture file
|
---|
[7c56ece] | 496 | </para>
|
---|
[894de226] | 497 | <indexterm zone="wireshark text2pcap">
|
---|
| 498 | <primary sortas="b-text2pcap">text2pcap</primary>
|
---|
| 499 | </indexterm>
|
---|
| 500 | </listitem>
|
---|
| 501 | </varlistentry>
|
---|
| 502 |
|
---|
| 503 | <varlistentry id="tshark">
|
---|
| 504 | <term><command>tshark</command></term>
|
---|
[13659efc] | 505 | <listitem>
|
---|
[7c56ece] | 506 | <para>
|
---|
| 507 | is a TTY-mode network protocol analyzer. It lets you capture
|
---|
| 508 | packet data from a live network or read packets from a
|
---|
[4c24eb0a] | 509 | previously saved capture file
|
---|
[7c56ece] | 510 | </para>
|
---|
[894de226] | 511 | <indexterm zone="wireshark tshark">
|
---|
| 512 | <primary sortas="b-tshark">tshark</primary>
|
---|
[13659efc] | 513 | </indexterm>
|
---|
| 514 | </listitem>
|
---|
| 515 | </varlistentry>
|
---|
[50b8d8b] | 516 |
|
---|
[894de226] | 517 | <varlistentry id="wireshark-prog">
|
---|
| 518 | <term><command>wireshark</command></term>
|
---|
[13659efc] | 519 | <listitem>
|
---|
[791e3e7d] | 520 | <para>
|
---|
| 521 | is the Qt GUI network protocol analyzer. It lets you interactively
|
---|
| 522 | browse packet data from a live network or from a previously saved
|
---|
[4c24eb0a] | 523 | capture file
|
---|
[791e3e7d] | 524 | </para>
|
---|
[894de226] | 525 | <indexterm zone="wireshark wireshark-prog">
|
---|
| 526 | <primary sortas="b-wireshark">wireshark</primary>
|
---|
[13659efc] | 527 | </indexterm>
|
---|
| 528 | </listitem>
|
---|
| 529 | </varlistentry>
|
---|
[90eaa29e] | 530 | <!-- seems to have disappeared
|
---|
[791e3e7d] | 531 | <varlistentry id="wireshark-gtk-prog">
|
---|
| 532 | <term><command>wireshark-gtk</command></term>
|
---|
[b85a77f] | 533 | <listitem>
|
---|
[791e3e7d] | 534 | <para>
|
---|
| 535 | is the Gtk+ GUI network protocol analyzer. It lets you interactively
|
---|
| 536 | browse packet data from a live network or from a previously saved
|
---|
[fa30d84] | 537 | capture file (optional).
|
---|
[791e3e7d] | 538 | </para>
|
---|
| 539 | <indexterm zone="wireshark wireshark-gtk-prog">
|
---|
| 540 | <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
|
---|
[b85a77f] | 541 | </indexterm>
|
---|
| 542 | </listitem>
|
---|
| 543 | </varlistentry>
|
---|
[90eaa29e] | 544 | -->
|
---|
[894de226] | 545 | <varlistentry id="libwireshark">
|
---|
[4c24eb0a] | 546 | <term><filename class="libraryfile">libwireshark.so</filename></term>
|
---|
[13659efc] | 547 | <listitem>
|
---|
[7c56ece] | 548 | <para>
|
---|
| 549 | contains functions used by the <application>Wireshark</application>
|
---|
[4c24eb0a] | 550 | programs to perform filtering and packet capturing
|
---|
[7c56ece] | 551 | </para>
|
---|
[894de226] | 552 | <indexterm zone="wireshark libwireshark">
|
---|
| 553 | <primary sortas="c-libwireshark">libwireshark.so</primary>
|
---|
[13659efc] | 554 | </indexterm>
|
---|
| 555 | </listitem>
|
---|
| 556 | </varlistentry>
|
---|
[50b8d8b] | 557 |
|
---|
[13659efc] | 558 | <varlistentry id="libwiretap">
|
---|
[4c24eb0a] | 559 | <term><filename class="libraryfile">libwiretap.so</filename></term>
|
---|
[13659efc] | 560 | <listitem>
|
---|
[7c56ece] | 561 | <para>
|
---|
| 562 | is a library being developed as a future replacement for
|
---|
[4c24eb0a] | 563 | <filename class="libraryfile">libpcap</filename>, the current
|
---|
[7c56ece] | 564 | standard Unix library for packet capturing. For more information,
|
---|
| 565 | see the <filename>README</filename> file in the source
|
---|
[4c24eb0a] | 566 | <filename class="directory">wiretap</filename> directory
|
---|
[7c56ece] | 567 | </para>
|
---|
[894de226] | 568 | <indexterm zone="wireshark libwiretap">
|
---|
[13659efc] | 569 | <primary sortas="c-libwiretap">libwiretap.so</primary>
|
---|
| 570 | </indexterm>
|
---|
| 571 | </listitem>
|
---|
| 572 | </varlistentry>
|
---|
[50b8d8b] | 573 |
|
---|
[13659efc] | 574 | </variablelist>
|
---|
| 575 |
|
---|
| 576 | </sect2>
|
---|
[1a3dd316] | 577 |
|
---|
| 578 | </sect1>
|
---|