[1a3dd316] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[1a3dd316] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[3bb415b] | 7 | <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
|
---|
[7fd159db] | 8 | <!ENTITY wireshark-download-ftp " ">
|
---|
[db7e804] | 9 | <!ENTITY wireshark-md5sum "e699b1e001c6303013791d81faf7727d">
|
---|
[e022b07] | 10 | <!ENTITY wireshark-size "30 MB">
|
---|
[db7e804] | 11 | <!ENTITY wireshark-buildsize "571 MB (with all optional dependencies available in the BLFS book)">
|
---|
[e022b07] | 12 | <!ENTITY wireshark-time "2.5 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
|
---|
[1a3dd316] | 13 | ]>
|
---|
| 14 |
|
---|
[894de226] | 15 | <sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
|
---|
| 16 | <?dbhtml filename="wireshark.html"?>
|
---|
[50b8d8b] | 17 |
|
---|
[13659efc] | 18 | <sect1info>
|
---|
| 19 | <othername>$LastChangedBy$</othername>
|
---|
| 20 | <date>$Date$</date>
|
---|
| 21 | </sect1info>
|
---|
[50b8d8b] | 22 |
|
---|
[894de226] | 23 | <title>Wireshark-&wireshark-version;</title>
|
---|
[50b8d8b] | 24 |
|
---|
[894de226] | 25 | <indexterm zone="wireshark">
|
---|
| 26 | <primary sortas="a-Wireshark">Wireshark</primary>
|
---|
[13659efc] | 27 | </indexterm>
|
---|
| 28 |
|
---|
| 29 | <sect2 role="package">
|
---|
[894de226] | 30 | <title>Introduction to Wireshark</title>
|
---|
[13659efc] | 31 |
|
---|
[7014c9d] | 32 | <para>
|
---|
| 33 | The <application>Wireshark</application> package contains a network
|
---|
| 34 | protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
|
---|
| 35 | for analyzing data captured <quote>off the wire</quote> from a live
|
---|
| 36 | network connection, or data read from a capture file.
|
---|
| 37 | </para>
|
---|
| 38 |
|
---|
| 39 | <para>
|
---|
| 40 | <application>Wireshark</application> provides both a graphical and a
|
---|
| 41 | TTY-mode front-end for examining captured network packets from over 500
|
---|
| 42 | protocols, as well as the capability to read capture files from many
|
---|
| 43 | other popular network analyzers.
|
---|
| 44 | </para>
|
---|
[50b8d8b] | 45 |
|
---|
[22c3cdd7] | 46 | &lfs90_checked;
|
---|
[a079e73c] | 47 |
|
---|
[13659efc] | 48 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 49 | <itemizedlist spacing="compact">
|
---|
| 50 | <listitem>
|
---|
[894de226] | 51 | <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
|
---|
[13659efc] | 52 | </listitem>
|
---|
| 53 | <listitem>
|
---|
[894de226] | 54 | <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
|
---|
[13659efc] | 55 | </listitem>
|
---|
| 56 | <listitem>
|
---|
[894de226] | 57 | <para>Download MD5 sum: &wireshark-md5sum;</para>
|
---|
[13659efc] | 58 | </listitem>
|
---|
| 59 | <listitem>
|
---|
[894de226] | 60 | <para>Download size: &wireshark-size;</para>
|
---|
[13659efc] | 61 | </listitem>
|
---|
| 62 | <listitem>
|
---|
[894de226] | 63 | <para>Estimated disk space required: &wireshark-buildsize;</para>
|
---|
[13659efc] | 64 | </listitem>
|
---|
| 65 | <listitem>
|
---|
[894de226] | 66 | <para>Estimated build time: &wireshark-time;</para>
|
---|
[2174baa] | 67 | </listitem>
|
---|
[13659efc] | 68 | </itemizedlist>
|
---|
[50b8d8b] | 69 |
|
---|
[3932f297] | 70 | <bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
---|
[9f12e36] | 71 | <itemizedlist spacing="compact">
|
---|
[b11e915] | 72 | <listitem>
|
---|
[7014c9d] | 73 | <para>
|
---|
| 74 | Additional Documentation:
|
---|
| 75 | <ulink url="https://www.wireshark.org/download/docs/"/>
|
---|
| 76 | (contains links to several different docs in a variety of formats)
|
---|
[b11e915] | 77 | </para>
|
---|
| 78 | </listitem>
|
---|
[3932f297] | 79 | </itemizedlist>
|
---|
| 80 |
|
---|
[894de226] | 81 | <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
|
---|
[50b8d8b] | 82 |
|
---|
[13659efc] | 83 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
[6b14cb2] | 84 | <para role="required">
|
---|
[a1108958] | 85 | <xref linkend="glib2"/>,
|
---|
| 86 | <xref linkend="libgcrypt"/>, and
|
---|
| 87 | <xref linkend="qt5"/>
|
---|
[6b14cb2] | 88 | </para>
|
---|
[50b8d8b] | 89 |
|
---|
[13659efc] | 90 | <bridgehead renderas="sect4">Recommended</bridgehead>
|
---|
[a079e73c] | 91 | <para role="recommended">
|
---|
[65546bb] | 92 | <xref linkend="libpcap"/> (required to capture data)
|
---|
[a079e73c] | 93 | </para>
|
---|
[50b8d8b] | 94 |
|
---|
[13659efc] | 95 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[9ef15dba] | 96 | <para role="optional">
|
---|
[9ac8d7cc] | 97 | <xref linkend="brotli"/>,
|
---|
[4464d405] | 98 | <xref linkend="c-ares"/>,
|
---|
[a1108958] | 99 | <xref linkend="doxygen"/>,
|
---|
| 100 | <xref linkend="git"/>,
|
---|
[94e2b39a] | 101 | <xref linkend="gnutls"/>,
|
---|
[791e3e7d] | 102 | <xref linkend="libnl"/>,
|
---|
[5c2345ff] | 103 | <xref linkend="libxslt"/>,
|
---|
[a1108958] | 104 | <xref linkend="libxml2"/>,
|
---|
| 105 | <xref linkend="lua52"/>,
|
---|
[a079e73c] | 106 | <xref linkend="mitkrb"/>,
|
---|
[3bb415b] | 107 | <xref linkend="nghttp2"/>,
|
---|
[791e3e7d] | 108 | <xref linkend="sbc"/>,
|
---|
[9ac8d7cc] | 109 | <xref linkend="speex"/>,
|
---|
[a1108958] | 110 | <ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,
|
---|
| 111 | <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
|
---|
[791e3e7d] | 112 | <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
|
---|
[3bb415b] | 113 | <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
|
---|
| 114 | <ulink url="https://www.libssh.org/">libssh</ulink>,
|
---|
[a1108958] | 115 | <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
|
---|
[9ac8d7cc] | 116 | <ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
|
---|
[3bb415b] | 117 | <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
|
---|
| 118 | <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
|
---|
[a079e73c] | 119 | </para>
|
---|
[28d83dbc] | 120 |
|
---|
[7014c9d] | 121 | <para condition="html" role="usernotes">
|
---|
| 122 | User Notes: <ulink url="&blfs-wiki;/wireshark"/>
|
---|
| 123 | </para>
|
---|
[061ec9d] | 124 |
|
---|
[13659efc] | 125 | </sect2>
|
---|
[50b8d8b] | 126 |
|
---|
[894de226] | 127 | <sect2 role="kernel" id="wireshark-kernel">
|
---|
[13659efc] | 128 | <title>Kernel Configuration</title>
|
---|
[50b8d8b] | 129 |
|
---|
[7014c9d] | 130 | <para>
|
---|
| 131 | The kernel must have the Packet protocol enabled for <application>
|
---|
| 132 | Wireshark</application> to capture live packets from the network:
|
---|
| 133 | </para>
|
---|
[6d772cc] | 134 |
|
---|
[196d393] | 135 | <screen><literal>[*] Networking support ---> [CONFIG_NET]
|
---|
| 136 | Networking options --->
|
---|
| 137 | <*/M> Packet socket [CONFIG_PACKET]</literal></screen>
|
---|
[6b14cb2] | 138 |
|
---|
[7014c9d] | 139 | <para>
|
---|
| 140 | If built as a module, the name is <filename>af_packet.ko</filename>.
|
---|
| 141 | </para>
|
---|
[50b8d8b] | 142 |
|
---|
[7014c9d] | 143 | <indexterm zone="wireshark wireshark-kernel">
|
---|
| 144 | <primary sortas="d-Capturing-network-packets">
|
---|
| 145 | Capturing network packets
|
---|
| 146 | </primary>
|
---|
| 147 | </indexterm>
|
---|
[50b8d8b] | 148 |
|
---|
[13659efc] | 149 | </sect2>
|
---|
[50b8d8b] | 150 |
|
---|
[13659efc] | 151 | <sect2 role="installation">
|
---|
[894de226] | 152 | <title>Installation of Wireshark</title>
|
---|
[13659efc] | 153 |
|
---|
[7014c9d] | 154 | <para>
|
---|
| 155 | <application>Wireshark</application> is a very large and complex
|
---|
| 156 | application. These instructions provide additional security measures to
|
---|
| 157 | ensure that only trusted users are allowed to view network traffic. First,
|
---|
| 158 | set up a system group for wireshark. As the <systemitem
|
---|
| 159 | class="username">root</systemitem> user:
|
---|
| 160 | </para>
|
---|
[a079e73c] | 161 |
|
---|
| 162 | <screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
|
---|
| 163 |
|
---|
[7014c9d] | 164 | <para>
|
---|
| 165 | Continue to install <application>Wireshark</application> by running
|
---|
| 166 | the following commands:
|
---|
| 167 | </para>
|
---|
[13659efc] | 168 |
|
---|
[a1108958] | 169 | <screen><userinput>mkdir build &&
|
---|
| 170 | cd build &&
|
---|
[791e3e7d] | 171 |
|
---|
[a1108958] | 172 | cmake -DCMAKE_INSTALL_PREFIX=/usr \
|
---|
| 173 | -DCMAKE_BUILD_TYPE=Release \
|
---|
[235d561b] | 174 | -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
|
---|
[a1108958] | 175 | -G Ninja \
|
---|
| 176 | .. &&
|
---|
| 177 | ninja</userinput></screen>
|
---|
[28d83dbc] | 178 |
|
---|
[7014c9d] | 179 | <para>
|
---|
| 180 | This package does not come with a test suite.
|
---|
| 181 | </para>
|
---|
[50b8d8b] | 182 |
|
---|
[7014c9d] | 183 | <para>
|
---|
| 184 | Now, as the <systemitem class="username">root</systemitem> user:
|
---|
| 185 | </para>
|
---|
[50b8d8b] | 186 |
|
---|
[a1108958] | 187 | <screen role="root"><userinput>ninja install &&
|
---|
[894de226] | 188 |
|
---|
| 189 | install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
[235d561b] | 190 | install -v -m644 ../README.linux ../doc/README.* ../doc/{*.pod,randpkt.txt} \
|
---|
[894de226] | 191 | /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
[a079e73c] | 192 |
|
---|
[894de226] | 193 | pushd /usr/share/doc/wireshark-&wireshark-version; &&
|
---|
[0d7900a] | 194 | for FILENAME in ../../wireshark/*.html; do
|
---|
[2061231] | 195 | ln -s -v -f $FILENAME .
|
---|
[a079e73c] | 196 | done &&
|
---|
[791e3e7d] | 197 | popd
|
---|
| 198 | unset FILENAME</userinput></screen>
|
---|
[3932f297] | 199 |
|
---|
[7014c9d] | 200 | <para>
|
---|
| 201 | If you downloaded any of the documentation files from the page
|
---|
| 202 | listed in the 'Additional Downloads', install them by issuing the
|
---|
| 203 | following commands as the <systemitem class="username">root</systemitem>
|
---|
| 204 | user:
|
---|
| 205 | </para>
|
---|
[3932f297] | 206 |
|
---|
[06908bf6] | 207 | <screen role="root"
|
---|
| 208 | remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
|
---|
[6d772cc] | 209 | /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
|
---|
[50b8d8b] | 210 |
|
---|
[7014c9d] | 211 | <para>
|
---|
| 212 | Now, set ownership and permissions of sensitive applications to only
|
---|
| 213 | allow authorized users. As the <systemitem class="username">root
|
---|
| 214 | </systemitem> user:
|
---|
| 215 | </para>
|
---|
[a079e73c] | 216 |
|
---|
| 217 | <screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
|
---|
| 218 | chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
|
---|
| 219 |
|
---|
[7014c9d] | 220 | <para>
|
---|
| 221 | Finally, add any users to the wireshark group (as <systemitem class=
|
---|
| 222 | "username">root</systemitem> user):
|
---|
| 223 | </para>
|
---|
[b85a77f] | 224 |
|
---|
[4147841] | 225 | <screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
|
---|
[a079e73c] | 226 |
|
---|
[791e3e7d] | 227 | <para>
|
---|
| 228 | If you are installing wireshark for the first time, it will be necessary
|
---|
| 229 | to leave the session and login again, thus you will now have wireshark
|
---|
| 230 | between your groups, otherwise, it will not run properly.
|
---|
| 231 | </para>
|
---|
| 232 |
|
---|
[13659efc] | 233 | </sect2>
|
---|
[a1108958] | 234 | <!--
|
---|
[13659efc] | 235 | <sect2 role="commands">
|
---|
| 236 | <title>Command Explanations</title>
|
---|
[50b8d8b] | 237 |
|
---|
[6d772cc] | 238 | <para>
|
---|
[a1108958] | 239 | <option>- -disable-wireshark</option>: Use this switch if you
|
---|
[3bb415b] | 240 | have <application>Qt</application> installed but do not want to build
|
---|
[7014c9d] | 241 | any of the GUIs.
|
---|
| 242 | </para>
|
---|
[13659efc] | 243 | </sect2>
|
---|
[a1108958] | 244 | -->
|
---|
[50b8d8b] | 245 |
|
---|
[13659efc] | 246 | <sect2 role="configuration">
|
---|
[894de226] | 247 | <title>Configuring Wireshark</title>
|
---|
[13659efc] | 248 |
|
---|
[894de226] | 249 | <sect3 id="wireshark-config">
|
---|
[13659efc] | 250 | <title>Config Files</title>
|
---|
[50b8d8b] | 251 |
|
---|
[894de226] | 252 | <para><filename>/etc/wireshark.conf</filename> and
|
---|
[791e3e7d] | 253 | <filename>~/.config/wireshark/*</filename> (unless there is already
|
---|
| 254 | <filename>~/.wireshark/*</filename> in the system)</para>
|
---|
[50b8d8b] | 255 |
|
---|
[894de226] | 256 | <indexterm zone="wireshark wireshark-config">
|
---|
| 257 | <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
|
---|
[13659efc] | 258 | </indexterm>
|
---|
[50b8d8b] | 259 |
|
---|
[894de226] | 260 | <indexterm zone="wireshark wireshark-config">
|
---|
| 261 | <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
|
---|
[13659efc] | 262 | </indexterm>
|
---|
[50b8d8b] | 263 |
|
---|
[13659efc] | 264 | </sect3>
|
---|
[50b8d8b] | 265 |
|
---|
[13659efc] | 266 | <sect3>
|
---|
| 267 | <title>Configuration Information</title>
|
---|
[50b8d8b] | 268 |
|
---|
[791e3e7d] | 269 | <para>Though the default configuration parameters are very sane, reference
|
---|
| 270 | the configuration section of the <ulink
|
---|
| 271 | url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
|
---|
[1065a91] | 272 | Guide</ulink> for configuration information. Most of
|
---|
[894de226] | 273 | <application>Wireshark</application>'s configuration can be accomplished
|
---|
[791e3e7d] | 274 | using the menu options of the <command>wireshark</command> graphical
|
---|
| 275 | interfaces.</para>
|
---|
[50b8d8b] | 276 |
|
---|
[13659efc] | 277 | <note>
|
---|
[791e3e7d] | 278 | <para>If you want to look at packets, make sure you don't filter them
|
---|
| 279 | out with <xref linkend="iptables"/>. If you want to exclude certain
|
---|
| 280 | classes of packets, it is more efficient to do it with
|
---|
[894de226] | 281 | <application>iptables</application> than it is with
|
---|
| 282 | <application>Wireshark</application>.</para>
|
---|
[13659efc] | 283 | </note>
|
---|
[50b8d8b] | 284 |
|
---|
[13659efc] | 285 | </sect3>
|
---|
[50b8d8b] | 286 |
|
---|
[13659efc] | 287 | </sect2>
|
---|
[50b8d8b] | 288 |
|
---|
[13659efc] | 289 | <sect2 role="content">
|
---|
| 290 | <title>Contents</title>
|
---|
| 291 |
|
---|
| 292 | <segmentedlist>
|
---|
| 293 | <segtitle>Installed Programs</segtitle>
|
---|
| 294 | <segtitle>Installed Libraries</segtitle>
|
---|
| 295 | <segtitle>Installed Directories</segtitle>
|
---|
[50b8d8b] | 296 |
|
---|
[13659efc] | 297 | <seglistitem>
|
---|
[791e3e7d] | 298 | <seg>
|
---|
[a1108958] | 299 | capinfos, captype, dumpcap, editcap, idl2wrs,
|
---|
[3bb415b] | 300 | mergecap, randpkt, rawshark, reordercap, sharkd,
|
---|
[a1108958] | 301 | text2pcap, tshark, and wireshark
|
---|
[791e3e7d] | 302 | </seg>
|
---|
| 303 | <seg>
|
---|
[a1108958] | 304 | libwireshark.so, libwiretap.so, libwscodecs.so,
|
---|
[7fd159db] | 305 | libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
|
---|
[791e3e7d] | 306 | </seg>
|
---|
| 307 | <seg>
|
---|
[a1108958] | 308 | /usr/{include,lib,share}/wireshark and
|
---|
[791e3e7d] | 309 | /usr/share/doc/wireshark-&wireshark-version;
|
---|
| 310 | </seg>
|
---|
[13659efc] | 311 | </seglistitem>
|
---|
| 312 | </segmentedlist>
|
---|
[50b8d8b] | 313 |
|
---|
[13659efc] | 314 | <variablelist>
|
---|
| 315 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 316 | <?dbfo list-presentation="list"?>
|
---|
| 317 | <?dbhtml list-presentation="table"?>
|
---|
[50b8d8b] | 318 |
|
---|
[13659efc] | 319 | <varlistentry id="capinfos">
|
---|
| 320 | <term><command>capinfos</command></term>
|
---|
| 321 | <listitem>
|
---|
[1065a91] | 322 | <para>reads a saved capture file and returns any or all of several
|
---|
| 323 | statistics about that file. It is able to detect and read any capture
|
---|
[894de226] | 324 | supported by the <application>Wireshark</application> package.</para>
|
---|
| 325 | <indexterm zone="wireshark capinfos">
|
---|
[13659efc] | 326 | <primary sortas="b-capinfos">capinfos</primary>
|
---|
| 327 | </indexterm>
|
---|
| 328 | </listitem>
|
---|
| 329 | </varlistentry>
|
---|
[50b8d8b] | 330 |
|
---|
[b85a77f] | 331 | <varlistentry id="captype">
|
---|
| 332 | <term><command>captype</command></term>
|
---|
| 333 | <listitem>
|
---|
| 334 | <para>prints the file types of capture files.</para>
|
---|
| 335 | <indexterm zone="wireshark captype">
|
---|
| 336 | <primary sortas="b-captype">captype</primary>
|
---|
| 337 | </indexterm>
|
---|
| 338 | </listitem>
|
---|
| 339 | </varlistentry>
|
---|
| 340 |
|
---|
[894de226] | 341 | <varlistentry id="dumpcap">
|
---|
| 342 | <term><command>dumpcap</command></term>
|
---|
| 343 | <listitem>
|
---|
| 344 | <para>is a network traffic dump tool. It lets you capture packet data
|
---|
| 345 | from a live network and write the packets to a file.</para>
|
---|
| 346 | <indexterm zone="wireshark dumpcap">
|
---|
| 347 | <primary sortas="b-dumpcap">dumpcap</primary>
|
---|
| 348 | </indexterm>
|
---|
| 349 | </listitem>
|
---|
| 350 | </varlistentry>
|
---|
| 351 |
|
---|
[13659efc] | 352 | <varlistentry id="editcap">
|
---|
| 353 | <term><command>editcap</command></term>
|
---|
| 354 | <listitem>
|
---|
[1065a91] | 355 | <para>edits and/or translates the format of capture files. It knows
|
---|
| 356 | how to read <application>libpcap</application> capture files,
|
---|
| 357 | including those of <command>tcpdump</command>,
|
---|
[894de226] | 358 | <application>Wireshark</application> and other tools that write
|
---|
[28d83dbc] | 359 | captures in that format.</para>
|
---|
[894de226] | 360 | <indexterm zone="wireshark editcap">
|
---|
[13659efc] | 361 | <primary sortas="b-editcap">editcap</primary>
|
---|
| 362 | </indexterm>
|
---|
| 363 | </listitem>
|
---|
| 364 | </varlistentry>
|
---|
[50b8d8b] | 365 |
|
---|
[fa30d84] | 366 | <varlistentry id="idl2wrs">
|
---|
| 367 | <term><command>idl2wrs</command></term>
|
---|
| 368 | <listitem>
|
---|
| 369 | <para>is a program that takes a user specified CORBA IDL file and
|
---|
| 370 | generates <quote>C</quote> source code for a
|
---|
| 371 | <application>Wireshark</application> <quote>plugin</quote>. It relies
|
---|
| 372 | on two Python programs <command>wireshark_be.py</command> and
|
---|
| 373 | <command>wireshark_gen.py</command>, which are not installed
|
---|
| 374 | by default. They have to be copied manually from the <filename
|
---|
| 375 | class="directory">tools</filename> directory to the <filename
|
---|
| 376 | class="directory">$PYTHONPATH/site-packages/</filename> directory.
|
---|
| 377 | </para>
|
---|
| 378 | <indexterm zone="wireshark idl2wrs">
|
---|
| 379 | <primary sortas="b-idl2wrs">idl2wrs</primary>
|
---|
| 380 | </indexterm>
|
---|
| 381 | </listitem>
|
---|
| 382 | </varlistentry>
|
---|
| 383 |
|
---|
[13659efc] | 384 | <varlistentry id="mergecap">
|
---|
| 385 | <term><command>mergecap</command></term>
|
---|
| 386 | <listitem>
|
---|
[1065a91] | 387 | <para>combines multiple saved capture files into a single output
|
---|
[13659efc] | 388 | file.</para>
|
---|
[894de226] | 389 | <indexterm zone="wireshark mergecap">
|
---|
[13659efc] | 390 | <primary sortas="b-mergecap">mergecap</primary>
|
---|
| 391 | </indexterm>
|
---|
| 392 | </listitem>
|
---|
| 393 | </varlistentry>
|
---|
[50b8d8b] | 394 |
|
---|
[13659efc] | 395 | <varlistentry id="randpkt">
|
---|
| 396 | <term><command>randpkt</command></term>
|
---|
| 397 | <listitem>
|
---|
| 398 | <para>creates random-packet capture files.</para>
|
---|
[894de226] | 399 | <indexterm zone="wireshark randpkt">
|
---|
[13659efc] | 400 | <primary sortas="b-randpkt">randpkt</primary>
|
---|
| 401 | </indexterm>
|
---|
| 402 | </listitem>
|
---|
| 403 | </varlistentry>
|
---|
[50b8d8b] | 404 |
|
---|
[a079e73c] | 405 | <varlistentry id="rawshark">
|
---|
| 406 | <term><command>rawshark</command></term>
|
---|
| 407 | <listitem>
|
---|
| 408 | <para>dump and analyze raw libpcap data.</para>
|
---|
| 409 | <indexterm zone="wireshark rawshark">
|
---|
| 410 | <primary sortas="b-rawshark">rawshark</primary>
|
---|
| 411 | </indexterm>
|
---|
| 412 | </listitem>
|
---|
| 413 | </varlistentry>
|
---|
| 414 |
|
---|
[2061231] | 415 | <varlistentry id="reordercap">
|
---|
| 416 | <term><command>reordercap</command></term>
|
---|
| 417 | <listitem>
|
---|
| 418 | <para>reorder timestamps of input file frames into output file.</para>
|
---|
| 419 | <indexterm zone="wireshark reordercap">
|
---|
| 420 | <primary sortas="b-reordercap">reordercap</primary>
|
---|
| 421 | </indexterm>
|
---|
| 422 | </listitem>
|
---|
| 423 | </varlistentry>
|
---|
| 424 |
|
---|
[3bb415b] | 425 | <varlistentry id="sharkd">
|
---|
| 426 | <term><command>sharkd</command></term>
|
---|
| 427 | <listitem>
|
---|
| 428 | <para>is a daemon that listens on UNIX sockets.</para>
|
---|
| 429 | <indexterm zone="wireshark sharkd">
|
---|
| 430 | <primary sortas="b-sharkd">sharkd</primary>
|
---|
| 431 | </indexterm>
|
---|
| 432 | </listitem>
|
---|
| 433 | </varlistentry>
|
---|
| 434 |
|
---|
[894de226] | 435 | <varlistentry id="text2pcap">
|
---|
| 436 | <term><command>text2pcap</command></term>
|
---|
| 437 | <listitem>
|
---|
| 438 | <para>reads in an ASCII hex dump and writes the
|
---|
| 439 | data described into a <application>libpcap</application>-style
|
---|
| 440 | capture file.</para>
|
---|
| 441 | <indexterm zone="wireshark text2pcap">
|
---|
| 442 | <primary sortas="b-text2pcap">text2pcap</primary>
|
---|
| 443 | </indexterm>
|
---|
| 444 | </listitem>
|
---|
| 445 | </varlistentry>
|
---|
| 446 |
|
---|
| 447 | <varlistentry id="tshark">
|
---|
| 448 | <term><command>tshark</command></term>
|
---|
[13659efc] | 449 | <listitem>
|
---|
[1065a91] | 450 | <para>is a TTY-mode network protocol analyzer. It lets you capture
|
---|
| 451 | packet data from a live network or read packets from a
|
---|
[13659efc] | 452 | previously saved capture file.</para>
|
---|
[894de226] | 453 | <indexterm zone="wireshark tshark">
|
---|
| 454 | <primary sortas="b-tshark">tshark</primary>
|
---|
[13659efc] | 455 | </indexterm>
|
---|
| 456 | </listitem>
|
---|
| 457 | </varlistentry>
|
---|
[50b8d8b] | 458 |
|
---|
[894de226] | 459 | <varlistentry id="wireshark-prog">
|
---|
| 460 | <term><command>wireshark</command></term>
|
---|
[13659efc] | 461 | <listitem>
|
---|
[791e3e7d] | 462 | <para>
|
---|
| 463 | is the Qt GUI network protocol analyzer. It lets you interactively
|
---|
| 464 | browse packet data from a live network or from a previously saved
|
---|
| 465 | capture file.
|
---|
| 466 | </para>
|
---|
[894de226] | 467 | <indexterm zone="wireshark wireshark-prog">
|
---|
| 468 | <primary sortas="b-wireshark">wireshark</primary>
|
---|
[13659efc] | 469 | </indexterm>
|
---|
| 470 | </listitem>
|
---|
| 471 | </varlistentry>
|
---|
[50b8d8b] | 472 |
|
---|
[791e3e7d] | 473 | <varlistentry id="wireshark-gtk-prog">
|
---|
| 474 | <term><command>wireshark-gtk</command></term>
|
---|
[b85a77f] | 475 | <listitem>
|
---|
[791e3e7d] | 476 | <para>
|
---|
| 477 | is the Gtk+ GUI network protocol analyzer. It lets you interactively
|
---|
| 478 | browse packet data from a live network or from a previously saved
|
---|
[fa30d84] | 479 | capture file (optional).
|
---|
[791e3e7d] | 480 | </para>
|
---|
| 481 | <indexterm zone="wireshark wireshark-gtk-prog">
|
---|
| 482 | <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
|
---|
[b85a77f] | 483 | </indexterm>
|
---|
| 484 | </listitem>
|
---|
| 485 | </varlistentry>
|
---|
| 486 |
|
---|
[894de226] | 487 | <varlistentry id="libwireshark">
|
---|
| 488 | <term><filename class='libraryfile'>libwireshark.so</filename></term>
|
---|
[13659efc] | 489 | <listitem>
|
---|
[1065a91] | 490 | <para>contains functions used by the
|
---|
[894de226] | 491 | <application>Wireshark</application> programs to perform filtering and
|
---|
[13659efc] | 492 | packet capturing.</para>
|
---|
[894de226] | 493 | <indexterm zone="wireshark libwireshark">
|
---|
| 494 | <primary sortas="c-libwireshark">libwireshark.so</primary>
|
---|
[13659efc] | 495 | </indexterm>
|
---|
| 496 | </listitem>
|
---|
| 497 | </varlistentry>
|
---|
[50b8d8b] | 498 |
|
---|
[13659efc] | 499 | <varlistentry id="libwiretap">
|
---|
| 500 | <term><filename class='libraryfile'>libwiretap.so</filename></term>
|
---|
| 501 | <listitem>
|
---|
[1065a91] | 502 | <para>is a library being developed as a future replacement for
|
---|
| 503 | <filename class='libraryfile'>libpcap</filename>, the current
|
---|
| 504 | standard Unix library for packet capturing. For more information,
|
---|
| 505 | see the <filename>README</filename> file in the source
|
---|
[13659efc] | 506 | <filename class='directory'>wiretap</filename> directory.</para>
|
---|
[894de226] | 507 | <indexterm zone="wireshark libwiretap">
|
---|
[13659efc] | 508 | <primary sortas="c-libwiretap">libwiretap.so</primary>
|
---|
| 509 | </indexterm>
|
---|
| 510 | </listitem>
|
---|
| 511 | </varlistentry>
|
---|
[50b8d8b] | 512 |
|
---|
[13659efc] | 513 | </variablelist>
|
---|
| 514 |
|
---|
| 515 | </sect2>
|
---|
[1a3dd316] | 516 |
|
---|
| 517 | </sect1>
|
---|