Context Navigation

wireshark.xml@ 5fd1c78e

Visit:

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 5fd1c78e was 5fd1c78e, checked in by Bruce Dubbs <bdubbs@…>, 3 years ago

Package Updates

Update to Net-DNS-1.32 (Perl module).
Update to talloc-2.3.3.
Update to wireshark-3.4.7.

Property mode set to 100644

File size: 19.3 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "4954b93a4ea4936f2bed5718e44040c5">
10	<!ENTITY wireshark-size "31 MB">
11	<!ENTITY wireshark-buildsize "607 MB (with all optional dependencies available in the BLFS book)">
12	<!ENTITY wireshark-time "2.2 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentler reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27	<sect1info>
28	<date>$Date$</date>
29	</sect1info>
30
31	<title>Wireshark-&wireshark-version;</title>
32
33	<indexterm zone="wireshark">
34	<primary sortas="a-Wireshark">Wireshark</primary>
35	</indexterm>
36
37	<sect2 role="package">
38	<title>Introduction to Wireshark</title>
39
40	<para>
41	The <application>Wireshark</application> package contains a network
42	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
43	for analyzing data captured <quote>off the wire</quote> from a live
44	network connection, or data read from a capture file.
45	</para>
46
47	<para>
48	<application>Wireshark</application> provides both a graphical and a
49	TTY-mode front-end for examining captured network packets from over 500
50	protocols, as well as the capability to read capture files from many
51	other popular network analyzers.
52	</para>
53
54	&lfs101_checked;
55
56	<bridgehead renderas="sect3">Package Information</bridgehead>
57	<itemizedlist spacing="compact">
58	<listitem>
59	<para>
60	Download (HTTP): <ulink url="&wireshark-download-http;"/>
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
66	</para>
67	</listitem>
68	<listitem>
69	<para>
70	Download MD5 sum: &wireshark-md5sum;
71	</para>
72	</listitem>
73	<listitem>
74	<para>
75	Download size: &wireshark-size;
76	</para>
77	</listitem>
78	<listitem>
79	<para>
80	Estimated disk space required: &wireshark-buildsize;
81	</para>
82	</listitem>
83	<listitem>
84	<para>
85	Estimated build time: &wireshark-time;
86	</para>
87	</listitem>
88	</itemizedlist>
89
90	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
91	<itemizedlist spacing="compact">
92	<listitem>
93	<para>
94	Additional Documentation:
95	<ulink url="https://www.wireshark.org/download/docs/"/>
96	(contains links to several different docs in a variety of formats)
97	</para>
98	</listitem>
99	</itemizedlist>
100
101	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
102
103	<bridgehead renderas="sect4">Required</bridgehead>
104	<para role="required">
105	<xref linkend="cmake"/>,
106	<xref linkend="glib2"/>,
107	<xref linkend="libgcrypt"/>, and
108	<xref linkend="qt5"/>
109	</para>
110
111	<bridgehead renderas="sect4">Recommended</bridgehead>
112	<para role="recommended">
113	<xref linkend="libpcap"/> (required to capture data)
114	</para>
115
116	<bridgehead renderas="sect4">Optional</bridgehead>
117	<para role="optional">
118	<xref linkend="asciidoctor"/>,
119	<xref linkend="brotli"/>,
120	<xref linkend="c-ares"/>,
121	<xref linkend="doxygen"/>,
122	<xref linkend="git"/>,
123	<xref linkend="gnutls"/>,
124	<xref linkend="libnl"/>,
125	<xref linkend="libxslt"/>,
126	<xref linkend="libxml2"/>,
127	<xref linkend="lua52"/>,
128	<xref linkend="mitkrb"/>,
129	<xref linkend="nghttp2"/>,
130	<xref linkend="sbc"/>,
131	<xref linkend="speex"/>,
132	<!--<ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,-->
133	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
134	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
135	<ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
136	<ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
137	<ulink url="https://www.libssh.org/">libssh</ulink>,
138	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
139	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
140	<ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
141	<ulink url="https://www.soft-switch.org/">Spandsp</ulink>
142	</para>
143
144	<para condition="html" role="usernotes">
145	User Notes: <ulink url="&blfs-wiki;/wireshark"/>
146	</para>
147
148	</sect2>
149
150	<sect2 role="kernel" id="wireshark-kernel">
151	<title>Kernel Configuration</title>
152
153	<para>
154	The kernel must have the Packet protocol enabled for <application>
155	Wireshark</application> to capture live packets from the network:
156	</para>
157
158	<screen><literal>[*] Networking support ---> [CONFIG_NET]
159	Networking options --->
160	<*/M> Packet socket [CONFIG_PACKET]</literal></screen>
161
162	<para>
163	If built as a module, the name is <filename>af_packet.ko</filename>.
164	</para>
165
166	<indexterm zone="wireshark wireshark-kernel">
167	<primary sortas="d-Capturing-network-packets">
168	Capturing network packets
169	</primary>
170	</indexterm>
171
172	</sect2>
173
174	<sect2 role="installation">
175	<title>Installation of Wireshark</title>
176
177	<para>
178	<application>Wireshark</application> is a very large and complex
179	application. These instructions provide additional security measures to
180	ensure that only trusted users are allowed to view network traffic. First,
181	set up a system group for wireshark. As the <systemitem
182	class="username">root</systemitem> user:
183	</para>
184
185	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
186
187	<para>
188	Continue to install <application>Wireshark</application> by running
189	the following commands:
190	</para>
191
192	<screen><userinput>mkdir build &&
193	cd build &&
194
195	cmake -DCMAKE_INSTALL_PREFIX=/usr \
196	-DCMAKE_BUILD_TYPE=Release \
197	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
198	-G Ninja \
199	.. &&
200	ninja</userinput></screen>
201
202	<para>
203	This package does not come with a test suite.
204	</para>
205
206	<para>
207	Now, as the <systemitem class="username">root</systemitem> user:
208	</para>
209
210	<screen role="root"><userinput>ninja install &&
211
212	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
213	install -v -m644 ../README.linux ../doc/README.* ../doc/{*.pod,randpkt.txt} \
214	/usr/share/doc/wireshark-&wireshark-version; &&
215
216	pushd /usr/share/doc/wireshark-&wireshark-version; &&
217	for FILENAME in ../../wireshark/*.html; do
218	ln -s -v -f $FILENAME .
219	done &&
220	popd
221	unset FILENAME</userinput></screen>
222
223	<para>
224	If you downloaded any of the documentation files from the page
225	listed in the 'Additional Downloads', install them by issuing the
226	following commands as the <systemitem class="username">root</systemitem>
227	user:
228	</para>
229
230	<screen role="root"
231	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
232	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
233
234	<para>
235	Now, set ownership and permissions of sensitive applications to only
236	allow authorized users. As the <systemitem class="username">root
237	</systemitem> user:
238	</para>
239
240	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
241	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
242
243	<para>
244	Finally, add any users to the wireshark group (as <systemitem class=
245	"username">root</systemitem> user):
246	</para>
247
248	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
249
250	<para>
251	If you are installing wireshark for the first time, it will be necessary
252	to logout of your session and login again. This will put wireshark in your
253	groups, because otherwise Wireshark will not function properly.
254	</para>
255
256	</sect2>
257	<!--
258	<sect2 role="commands">
259	<title>Command Explanations</title>
260
261	<para>
262	<option>- -disable-wireshark</option>: Use this switch if you
263	have <application>Qt</application> installed but do not want to build
264	any of the GUIs.
265	</para>
266	</sect2>
267	-->
268
269	<sect2 role="configuration">
270	<title>Configuring Wireshark</title>
271
272	<sect3 id="wireshark-config">
273	<title>Config Files</title>
274
275	<para>
276	<filename>/etc/wireshark.conf</filename> and
277	<filename>~/.config/wireshark/*</filename> (unless there is already
278	<filename>~/.wireshark/*</filename> in the system)
279	</para>
280
281	<indexterm zone="wireshark wireshark-config">
282	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
283	</indexterm>
284
285	<indexterm zone="wireshark wireshark-config">
286	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
287	</indexterm>
288
289	</sect3>
290
291	<sect3>
292	<title>Configuration Information</title>
293
294	<para>
295	Though the default configuration parameters are very sane, reference
296	the configuration section of the <ulink url=
297	"http://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
298	</ulink> for configuration information. Most of <application>Wireshark
299	</application>'s configuration can be accomplished
300	using the menu options of the <command>wireshark</command> graphical
301	interfaces.
302	</para>
303
304	<note>
305	<para>
306	If you want to look at packets, make sure you don't filter them
307	out with <xref linkend="iptables"/>. If you want to exclude certain
308	classes of packets, it is more efficient to do it with
309	<application>iptables</application> than it is with
310	<application>Wireshark</application>.
311	</para>
312	</note>
313
314	</sect3>
315
316	</sect2>
317
318	<sect2 role="content">
319	<title>Contents</title>
320
321	<segmentedlist>
322	<segtitle>Installed Programs</segtitle>
323	<segtitle>Installed Libraries</segtitle>
324	<segtitle>Installed Directories</segtitle>
325
326	<seglistitem>
327	<seg>
328	capinfos, captype, dumpcap, editcap, idl2wrs,
329	mergecap, randpkt, rawshark, reordercap, sharkd,
330	text2pcap, tshark, and wireshark
331	</seg>
332	<seg>
333	libwireshark.so, libwiretap.so,
334	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
335	</seg>
336	<seg>
337	/usr/{include,lib,share}/wireshark and
338	/usr/share/doc/wireshark-&wireshark-version;
339	</seg>
340	</seglistitem>
341	</segmentedlist>
342
343	<variablelist>
344	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
345	<?dbfo list-presentation="list"?>
346	<?dbhtml list-presentation="table"?>
347
348	<varlistentry id="capinfos">
349	<term><command>capinfos</command></term>
350	<listitem>
351	<para>
352	reads a saved capture file and returns any or all of several
353	statistics about that file. It is able to detect and read any
354	capture supported by the <application>Wireshark</application>
355	package
356	</para>
357	<indexterm zone="wireshark capinfos">
358	<primary sortas="b-capinfos">capinfos</primary>
359	</indexterm>
360	</listitem>
361	</varlistentry>
362
363	<varlistentry id="captype">
364	<term><command>captype</command></term>
365	<listitem>
366	<para>
367	prints the file types of capture files
368	</para>
369	<indexterm zone="wireshark captype">
370	<primary sortas="b-captype">captype</primary>
371	</indexterm>
372	</listitem>
373	</varlistentry>
374
375	<varlistentry id="dumpcap">
376	<term><command>dumpcap</command></term>
377	<listitem>
378	<para>
379	is a network traffic dump tool. It lets you capture packet data
380	from a live network and write the packets to a file
381	</para>
382	<indexterm zone="wireshark dumpcap">
383	<primary sortas="b-dumpcap">dumpcap</primary>
384	</indexterm>
385	</listitem>
386	</varlistentry>
387
388	<varlistentry id="editcap">
389	<term><command>editcap</command></term>
390	<listitem>
391	<para>
392	edits and/or translates the format of capture files. It knows
393	how to read <application>libpcap</application> capture files,
394	including those of <command>tcpdump</command>,
395	<application>Wireshark</application> and other tools that write
396	captures in that format
397	</para>
398	<indexterm zone="wireshark editcap">
399	<primary sortas="b-editcap">editcap</primary>
400	</indexterm>
401	</listitem>
402	</varlistentry>
403
404	<varlistentry id="idl2wrs">
405	<term><command>idl2wrs</command></term>
406	<listitem>
407	<para>
408	is a program that takes a user specified CORBA IDL file and
409	generates <quote>C</quote> source code for a
410	<application>Wireshark</application> <quote>plugin</quote>. It
411	relies on two Python programs <command>wireshark_be.py</command>
412	and <command>wireshark_gen.py</command>, which are not installed
413	by default. They have to be copied manually from the
414	<filename class="directory">tools</filename> directory to the
415	<filename class="directory">$PYTHONPATH/site-packages/</filename>
416	directory
417	</para>
418	<indexterm zone="wireshark idl2wrs">
419	<primary sortas="b-idl2wrs">idl2wrs</primary>
420	</indexterm>
421	</listitem>
422	</varlistentry>
423
424	<varlistentry id="mergecap">
425	<term><command>mergecap</command></term>
426	<listitem>
427	<para>
428	combines multiple saved capture files into a single output file
429	</para>
430	<indexterm zone="wireshark mergecap">
431	<primary sortas="b-mergecap">mergecap</primary>
432	</indexterm>
433	</listitem>
434	</varlistentry>
435
436	<varlistentry id="randpkt">
437	<term><command>randpkt</command></term>
438	<listitem>
439	<para>
440	creates random-packet capture files
441	</para>
442	<indexterm zone="wireshark randpkt">
443	<primary sortas="b-randpkt">randpkt</primary>
444	</indexterm>
445	</listitem>
446	</varlistentry>
447
448	<varlistentry id="rawshark">
449	<term><command>rawshark</command></term>
450	<listitem>
451	<para>
452	dumps and analyzes raw libpcap data
453	</para>
454	<indexterm zone="wireshark rawshark">
455	<primary sortas="b-rawshark">rawshark</primary>
456	</indexterm>
457	</listitem>
458	</varlistentry>
459
460	<varlistentry id="reordercap">
461	<term><command>reordercap</command></term>
462	<listitem>
463	<para>
464	reorders timestamps of input file frames into an output file
465	</para>
466	<indexterm zone="wireshark reordercap">
467	<primary sortas="b-reordercap">reordercap</primary>
468	</indexterm>
469	</listitem>
470	</varlistentry>
471
472	<varlistentry id="sharkd">
473	<term><command>sharkd</command></term>
474	<listitem>
475	<para>
476	is a daemon that listens on UNIX sockets
477	</para>
478	<indexterm zone="wireshark sharkd">
479	<primary sortas="b-sharkd">sharkd</primary>
480	</indexterm>
481	</listitem>
482	</varlistentry>
483
484	<varlistentry id="text2pcap">
485	<term><command>text2pcap</command></term>
486	<listitem>
487	<para>
488	reads in an ASCII hex dump and writes the data described into a
489	<application>libpcap</application>-style capture file
490	</para>
491	<indexterm zone="wireshark text2pcap">
492	<primary sortas="b-text2pcap">text2pcap</primary>
493	</indexterm>
494	</listitem>
495	</varlistentry>
496
497	<varlistentry id="tshark">
498	<term><command>tshark</command></term>
499	<listitem>
500	<para>
501	is a TTY-mode network protocol analyzer. It lets you capture
502	packet data from a live network or read packets from a
503	previously saved capture file
504	</para>
505	<indexterm zone="wireshark tshark">
506	<primary sortas="b-tshark">tshark</primary>
507	</indexterm>
508	</listitem>
509	</varlistentry>
510
511	<varlistentry id="wireshark-prog">
512	<term><command>wireshark</command></term>
513	<listitem>
514	<para>
515	is the Qt GUI network protocol analyzer. It lets you interactively
516	browse packet data from a live network or from a previously saved
517	capture file
518	</para>
519	<indexterm zone="wireshark wireshark-prog">
520	<primary sortas="b-wireshark">wireshark</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524	<!-- seems to have disappeared
525	<varlistentry id="wireshark-gtk-prog">
526	<term><command>wireshark-gtk</command></term>
527	<listitem>
528	<para>
529	is the Gtk+ GUI network protocol analyzer. It lets you interactively
530	browse packet data from a live network or from a previously saved
531	capture file (optional).
532	</para>
533	<indexterm zone="wireshark wireshark-gtk-prog">
534	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
535	</indexterm>
536	</listitem>
537	</varlistentry>
538	-->
539	<varlistentry id="libwireshark">
540	<term><filename class="libraryfile">libwireshark.so</filename></term>
541	<listitem>
542	<para>
543	contains functions used by the <application>Wireshark</application>
544	programs to perform filtering and packet capturing
545	</para>
546	<indexterm zone="wireshark libwireshark">
547	<primary sortas="c-libwireshark">libwireshark.so</primary>
548	</indexterm>
549	</listitem>
550	</varlistentry>
551
552	<varlistentry id="libwiretap">
553	<term><filename class="libraryfile">libwiretap.so</filename></term>
554	<listitem>
555	<para>
556	is a library being developed as a future replacement for
557	<filename class="libraryfile">libpcap</filename>, the current
558	standard Unix library for packet capturing. For more information,
559	see the <filename>README</filename> file in the source
560	<filename class="directory">wiretap</filename> directory
561	</para>
562	<indexterm zone="wireshark libwiretap">
563	<primary sortas="c-libwiretap">libwiretap.so</primary>
564	</indexterm>
565	</listitem>
566	</varlistentry>
567
568	</variablelist>
569
570	</sect2>
571
572	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark.xml@ 5fd1c78e

Download in other formats: