source: networking/netutils/wireshark.xml@ 01685d4

10.0 10.1 11.0 11.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind lazarus perl-modules qt5new trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since 01685d4 was 01685d4, checked in by Bruce Dubbs <bdubbs@…>, 4 years ago

Update to sysstat-11.6.2.
Update to wireshark-2.4.4.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19672 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 19.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "660db152b7d6974c0e2ff12aa8a4fce6">
10 <!ENTITY wireshark-size "27 MB">
11 <!ENTITY wireshark-buildsize "1.7 GB (with default GUI front-end, and all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "3.6 SBU (with parallelism=4, default GUI front-end, and all optional dependencies available in the BLFS book)">
13]>
14
15<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16 <?dbhtml filename="wireshark.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Wireshark-&wireshark-version;</title>
24
25 <indexterm zone="wireshark">
26 <primary sortas="a-Wireshark">Wireshark</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Wireshark</title>
31
32 <para>
33 The <application>Wireshark</application> package contains a network
34 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35 for analyzing data captured <quote>off the wire</quote> from a live
36 network connection, or data read from a capture file.
37 </para>
38
39 <para>
40 <application>Wireshark</application> provides both a graphical and a
41 TTY-mode front-end for examining captured network packets from over 500
42 protocols, as well as the capability to read capture files from many
43 other popular network analyzers.
44 </para>
45
46 &lfs81_checked;
47
48 <bridgehead renderas="sect3">Package Information</bridgehead>
49 <itemizedlist spacing="compact">
50 <listitem>
51 <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52 </listitem>
53 <listitem>
54 <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55 </listitem>
56 <listitem>
57 <para>Download MD5 sum: &wireshark-md5sum;</para>
58 </listitem>
59 <listitem>
60 <para>Download size: &wireshark-size;</para>
61 </listitem>
62 <listitem>
63 <para>Estimated disk space required: &wireshark-buildsize;</para>
64 </listitem>
65 <listitem>
66 <para>Estimated build time: &wireshark-time;</para>
67 </listitem>
68 </itemizedlist>
69
70 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
71 <itemizedlist spacing="compact">
72 <listitem>
73 <para>
74 Optional patch:
75 <ulink url=
76 "&patch-root;/wireshark-&wireshark-version;-lua_5_3-1.patch"/>
77 (allows building the LUA bindings if <xref linkend="lua"/> is
78 installed and LUA is not disabled by passing <option>--without-lua
79 </option> to <command>configure</command>)
80 </para>
81 </listitem>
82 <listitem>
83 <para>
84 Additional Documentation:
85 <ulink url="https://www.wireshark.org/download/docs/"/>
86 (contains links to several different docs in a variety of formats)
87 </para>
88 </listitem>
89 </itemizedlist>
90
91 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
92
93 <bridgehead renderas="sect4">Required</bridgehead>
94 <para role="required">
95 <xref linkend="glib2"/> and
96 <xref linkend="libgcrypt"/>
97 </para>
98
99 <bridgehead renderas="sect4">Recommended</bridgehead>
100 <para role="recommended">
101 <xref linkend="libpcap"/> (required to capture data), and
102 <xref linkend="qt5"/> (for the <application>Qt5</application> GUI)
103 </para>
104
105 <bridgehead renderas="sect4">Optional</bridgehead>
106 <para role="optional">
107 <xref linkend="c-ares"/>,
108 <xref linkend="gnutls"/>,
109 <xref linkend="gtk3"/> or <xref linkend="gtk2"/> (for the legacy GTK GUI),
110 <xref linkend="libnl"/>,
111 <xref linkend="lua"/>,
112 <xref linkend="mitkrb"/>,
113 <xref linkend="nghttp2"/>,
114 <xref linkend="openssl"/>,
115 <xref linkend="sbc"/>,
116 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
117 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
118 <ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>,
119 <ulink url="https://www.libssh.org/">libssh</ulink>,
120 <ulink url="http://www.portaudio.com/">PortAudio</ulink>
121 (for GTK+ RTP player),
122 <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
123 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
124 </para>
125
126 <note>
127 <para>
128 The Qt GUI front-end is built by default, if <xref linkend="qt5"/> is
129 found. If you want to build the GTK+ GUI front-end, some configure
130 switches have to be set (see <quote>Command Explanations</quote>).
131 </para>
132 </note>
133
134 <para condition="html" role="usernotes">
135 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
136 </para>
137
138 </sect2>
139
140 <sect2 role="kernel" id="wireshark-kernel">
141 <title>Kernel Configuration</title>
142
143 <para>
144 The kernel must have the Packet protocol enabled for <application>
145 Wireshark</application> to capture live packets from the network:
146 </para>
147
148<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
149 Networking options ---&gt;
150 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
151
152 <para>
153 If built as a module, the name is <filename>af_packet.ko</filename>.
154 </para>
155
156 <indexterm zone="wireshark wireshark-kernel">
157 <primary sortas="d-Capturing-network-packets">
158 Capturing network packets
159 </primary>
160 </indexterm>
161
162 </sect2>
163
164 <sect2 role="installation">
165 <title>Installation of Wireshark</title>
166
167 <para>
168 <application>Wireshark</application> is a very large and complex
169 application. These instructions provide additional security measures to
170 ensure that only trusted users are allowed to view network traffic. First,
171 set up a system group for wireshark. As the <systemitem
172 class="username">root</systemitem> user:
173 </para>
174
175<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
176
177 <para>
178 Continue to install <application>Wireshark</application> by running
179 the following commands:
180 </para>
181
182<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-lua_5_3-1.patch &amp;&amp;
183
184./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
185make</userinput></screen>
186
187 <para>
188 This package does not come with a test suite.
189 </para>
190
191 <para>
192 Now, as the <systemitem class="username">root</systemitem> user:
193 </para>
194
195<screen role="root"><userinput>make install &amp;&amp;
196
197install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
198install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
199 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
200
201pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
202 for FILENAME in ../../wireshark/*.html; do
203 ln -s -v -f $FILENAME .
204 done &amp;&amp;
205popd
206unset FILENAME</userinput></screen>
207
208 <para>
209 If you downloaded any of the documentation files from the page
210 listed in the 'Additional Downloads', install them by issuing the
211 following commands as the <systemitem class="username">root</systemitem>
212 user:
213 </para>
214
215<screen role="root"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
216 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
217
218 <para>
219 Now, set ownership and permissions of sensitive applications to only
220 allow authorized users. As the <systemitem class="username">root
221 </systemitem> user:
222 </para>
223
224<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
225chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
226
227 <para>
228 Finally, add any users to the wireshark group (as <systemitem class=
229 "username">root</systemitem> user):
230 </para>
231
232<screen role="root"><userinput>usermod -a -G wireshark &lt;username&gt;</userinput></screen>
233
234 <para>
235 If you are installing wireshark for the first time, it will be necessary
236 to leave the session and login again, thus you will now have wireshark
237 between your groups, otherwise, it will not run properly.
238 </para>
239
240 </sect2>
241
242 <sect2 role="commands">
243 <title>Command Explanations</title>
244
245 <para>
246 <option>--with-gtk=[yes/no/2/3]</option>: For the Gtk+ GUI. Default is no.
247 If both Gtk+2 and 3 are installed, and <quote>yes</quote> is selected,
248 default is 3. Obviously, <xref linkend="gtk2"/> or <xref linkend="gtk3"/>
249 must have been built for this to work.
250 </para>
251
252 <para>
253 <option>--with-qt=[yes/no/4/5]</option>: For the Qt GUI. Default is yes,
254 if <xref linkend="qt5"/> is found on the system.
255 </para>
256
257 <para>
258 <option>--disable-wireshark</option>: Use this switch if you
259 have <application>Qt</application> installed but do not want to build
260 any of the GUIs.
261 </para>
262
263 </sect2>
264
265 <sect2 role="configuration">
266 <title>Configuring Wireshark</title>
267
268 <sect3 id="wireshark-config">
269 <title>Config Files</title>
270
271 <para><filename>/etc/wireshark.conf</filename> and
272 <filename>~/.config/wireshark/*</filename> (unless there is already
273 <filename>~/.wireshark/*</filename> in the system)</para>
274
275 <indexterm zone="wireshark wireshark-config">
276 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
277 </indexterm>
278
279 <indexterm zone="wireshark wireshark-config">
280 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
281 </indexterm>
282
283 </sect3>
284
285 <sect3>
286 <title>Configuration Information</title>
287
288 <para>Though the default configuration parameters are very sane, reference
289 the configuration section of the <ulink
290 url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
291 Guide</ulink> for configuration information. Most of
292 <application>Wireshark</application>'s configuration can be accomplished
293 using the menu options of the <command>wireshark</command> graphical
294 interfaces.</para>
295
296 <note>
297 <para>If you want to look at packets, make sure you don't filter them
298 out with <xref linkend="iptables"/>. If you want to exclude certain
299 classes of packets, it is more efficient to do it with
300 <application>iptables</application> than it is with
301 <application>Wireshark</application>.</para>
302 </note>
303
304 </sect3>
305
306 </sect2>
307
308 <sect2 role="content">
309 <title>Contents</title>
310
311 <segmentedlist>
312 <segtitle>Installed Programs</segtitle>
313 <segtitle>Installed Libraries</segtitle>
314 <segtitle>Installed Directories</segtitle>
315
316 <seglistitem>
317 <seg>
318 capinfos, captype, dftest, dumpcap, editcap, idl2wrs,
319 mergecap, randpkt, rawshark, reordercap, sharkd,
320 text2pcap, tshark, wireshark, and wireshark-gtk (optional)
321 </seg>
322 <seg>
323 libwireshark.so, libwiretap.so, libwscodecs.so (optional),
324 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
325 </seg>
326 <seg>
327 /usr/{lib,share}/wireshark and
328 /usr/share/doc/wireshark-&wireshark-version;
329 </seg>
330 </seglistitem>
331 </segmentedlist>
332
333 <variablelist>
334 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
335 <?dbfo list-presentation="list"?>
336 <?dbhtml list-presentation="table"?>
337
338 <varlistentry id="capinfos">
339 <term><command>capinfos</command></term>
340 <listitem>
341 <para>reads a saved capture file and returns any or all of several
342 statistics about that file. It is able to detect and read any capture
343 supported by the <application>Wireshark</application> package.</para>
344 <indexterm zone="wireshark capinfos">
345 <primary sortas="b-capinfos">capinfos</primary>
346 </indexterm>
347 </listitem>
348 </varlistentry>
349
350 <varlistentry id="captype">
351 <term><command>captype</command></term>
352 <listitem>
353 <para>prints the file types of capture files.</para>
354 <indexterm zone="wireshark captype">
355 <primary sortas="b-captype">captype</primary>
356 </indexterm>
357 </listitem>
358 </varlistentry>
359
360 <varlistentry id="dftest">
361 <term><command>dftest</command></term>
362 <listitem>
363 <para>is a display-filter-compiler test program.</para>
364 <indexterm zone="wireshark dftest">
365 <primary sortas="b-dftest">dftest</primary>
366 </indexterm>
367 </listitem>
368 </varlistentry>
369
370 <varlistentry id="dumpcap">
371 <term><command>dumpcap</command></term>
372 <listitem>
373 <para>is a network traffic dump tool. It lets you capture packet data
374 from a live network and write the packets to a file.</para>
375 <indexterm zone="wireshark dumpcap">
376 <primary sortas="b-dumpcap">dumpcap</primary>
377 </indexterm>
378 </listitem>
379 </varlistentry>
380
381 <varlistentry id="editcap">
382 <term><command>editcap</command></term>
383 <listitem>
384 <para>edits and/or translates the format of capture files. It knows
385 how to read <application>libpcap</application> capture files,
386 including those of <command>tcpdump</command>,
387 <application>Wireshark</application> and other tools that write
388 captures in that format.</para>
389 <indexterm zone="wireshark editcap">
390 <primary sortas="b-editcap">editcap</primary>
391 </indexterm>
392 </listitem>
393 </varlistentry>
394
395 <varlistentry id="idl2wrs">
396 <term><command>idl2wrs</command></term>
397 <listitem>
398 <para>is a program that takes a user specified CORBA IDL file and
399 generates <quote>C</quote> source code for a
400 <application>Wireshark</application> <quote>plugin</quote>. It relies
401 on two Python programs <command>wireshark_be.py</command> and
402 <command>wireshark_gen.py</command>, which are not installed
403 by default. They have to be copied manually from the <filename
404 class="directory">tools</filename> directory to the <filename
405 class="directory">$PYTHONPATH/site-packages/</filename> directory.
406 </para>
407 <indexterm zone="wireshark idl2wrs">
408 <primary sortas="b-idl2wrs">idl2wrs</primary>
409 </indexterm>
410 </listitem>
411 </varlistentry>
412
413 <varlistentry id="mergecap">
414 <term><command>mergecap</command></term>
415 <listitem>
416 <para>combines multiple saved capture files into a single output
417 file.</para>
418 <indexterm zone="wireshark mergecap">
419 <primary sortas="b-mergecap">mergecap</primary>
420 </indexterm>
421 </listitem>
422 </varlistentry>
423
424 <varlistentry id="randpkt">
425 <term><command>randpkt</command></term>
426 <listitem>
427 <para>creates random-packet capture files.</para>
428 <indexterm zone="wireshark randpkt">
429 <primary sortas="b-randpkt">randpkt</primary>
430 </indexterm>
431 </listitem>
432 </varlistentry>
433
434 <varlistentry id="rawshark">
435 <term><command>rawshark</command></term>
436 <listitem>
437 <para>dump and analyze raw libpcap data.</para>
438 <indexterm zone="wireshark rawshark">
439 <primary sortas="b-rawshark">rawshark</primary>
440 </indexterm>
441 </listitem>
442 </varlistentry>
443
444 <varlistentry id="reordercap">
445 <term><command>reordercap</command></term>
446 <listitem>
447 <para>reorder timestamps of input file frames into output file.</para>
448 <indexterm zone="wireshark reordercap">
449 <primary sortas="b-reordercap">reordercap</primary>
450 </indexterm>
451 </listitem>
452 </varlistentry>
453
454 <varlistentry id="sharkd">
455 <term><command>sharkd</command></term>
456 <listitem>
457 <para>is a daemon that listens on UNIX sockets.</para>
458 <indexterm zone="wireshark sharkd">
459 <primary sortas="b-sharkd">sharkd</primary>
460 </indexterm>
461 </listitem>
462 </varlistentry>
463
464 <varlistentry id="text2pcap">
465 <term><command>text2pcap</command></term>
466 <listitem>
467 <para>reads in an ASCII hex dump and writes the
468 data described into a <application>libpcap</application>-style
469 capture file.</para>
470 <indexterm zone="wireshark text2pcap">
471 <primary sortas="b-text2pcap">text2pcap</primary>
472 </indexterm>
473 </listitem>
474 </varlistentry>
475
476 <varlistentry id="tshark">
477 <term><command>tshark</command></term>
478 <listitem>
479 <para>is a TTY-mode network protocol analyzer. It lets you capture
480 packet data from a live network or read packets from a
481 previously saved capture file.</para>
482 <indexterm zone="wireshark tshark">
483 <primary sortas="b-tshark">tshark</primary>
484 </indexterm>
485 </listitem>
486 </varlistentry>
487
488 <varlistentry id="wireshark-prog">
489 <term><command>wireshark</command></term>
490 <listitem>
491 <para>
492 is the Qt GUI network protocol analyzer. It lets you interactively
493 browse packet data from a live network or from a previously saved
494 capture file.
495 </para>
496 <indexterm zone="wireshark wireshark-prog">
497 <primary sortas="b-wireshark">wireshark</primary>
498 </indexterm>
499 </listitem>
500 </varlistentry>
501
502 <varlistentry id="wireshark-gtk-prog">
503 <term><command>wireshark-gtk</command></term>
504 <listitem>
505 <para>
506 is the Gtk+ GUI network protocol analyzer. It lets you interactively
507 browse packet data from a live network or from a previously saved
508 capture file (optional).
509 </para>
510 <indexterm zone="wireshark wireshark-gtk-prog">
511 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
512 </indexterm>
513 </listitem>
514 </varlistentry>
515
516 <varlistentry id="libwireshark">
517 <term><filename class='libraryfile'>libwireshark.so</filename></term>
518 <listitem>
519 <para>contains functions used by the
520 <application>Wireshark</application> programs to perform filtering and
521 packet capturing.</para>
522 <indexterm zone="wireshark libwireshark">
523 <primary sortas="c-libwireshark">libwireshark.so</primary>
524 </indexterm>
525 </listitem>
526 </varlistentry>
527
528 <varlistentry id="libwiretap">
529 <term><filename class='libraryfile'>libwiretap.so</filename></term>
530 <listitem>
531 <para>is a library being developed as a future replacement for
532 <filename class='libraryfile'>libpcap</filename>, the current
533 standard Unix library for packet capturing. For more information,
534 see the <filename>README</filename> file in the source
535 <filename class='directory'>wiretap</filename> directory.</para>
536 <indexterm zone="wireshark libwiretap">
537 <primary sortas="c-libwiretap">libwiretap.so</primary>
538 </indexterm>
539 </listitem>
540 </varlistentry>
541
542 </variablelist>
543
544 </sect2>
545
546</sect1>
Note: See TracBrowser for help on using the repository browser.