source: networking/netutils/wireshark.xml@ 13d0d6f

10.0 10.1 11.0 7.10 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus nosym perl-modules qt5new trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 13d0d6f was 13d0d6f, checked in by Fernando de Oliveira <fernando@…>, 6 years ago
  • Update to firefox-43.0.3.
  • Update to audacious-3.7.1, audacious-plugins-3.7.1.
  • Update to xapian-core-1.2.22.
  • Update to wireshark-2.0.1.
  • Update to doxygen-1.8.11.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@16772 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 18.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.bz2">
8 <!ENTITY wireshark-download-ftp "ftp://ftp.uni-kl.de/pub/wireshark/src/wireshark-&wireshark-version;.tar.bz2">
9 <!ENTITY wireshark-md5sum "c1610ab2238965363b811e5188750fb1">
10 <!ENTITY wireshark-size "30 MB">
11 <!ENTITY wireshark-buildsize "2 GB, with default GUI front-ends">
12 <!ENTITY wireshark-time "8.1 SBU, with default GUI front-ends">
13]>
14
15<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16 <?dbhtml filename="wireshark.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Wireshark-&wireshark-version;</title>
24
25 <indexterm zone="wireshark">
26 <primary sortas="a-Wireshark">Wireshark</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Wireshark</title>
31
32 <para>
33 The <application>Wireshark</application> package contains a network
34 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35 for analyzing data captured <quote>off the wire</quote> from a live
36 network connection, or data read from a capture file.
37 </para>
38
39 <para>
40 <application>Wireshark</application> provides both a graphical and a
41 TTY-mode front-end for examining captured network packets from over 500
42 protocols, as well as the capability to read capture files from many
43 other popular network analyzers.
44 </para>
45
46 &lfs78_checked;
47
48 <bridgehead renderas="sect3">Package Information</bridgehead>
49 <itemizedlist spacing="compact">
50 <listitem>
51 <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52 </listitem>
53 <listitem>
54 <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55 </listitem>
56 <listitem>
57 <para>Download MD5 sum: &wireshark-md5sum;</para>
58 </listitem>
59 <listitem>
60 <para>Download size: &wireshark-size;</para>
61 </listitem>
62 <listitem>
63 <para>Estimated disk space required: &wireshark-buildsize;</para>
64 </listitem>
65 <listitem>
66 <para>Estimated build time: &wireshark-time;</para>
67 </listitem>
68 </itemizedlist>
69
70 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
71 <itemizedlist spacing="compact">
72 <listitem>
73 <para>
74 Optional patch:
75 <ulink url=
76 "&patch-root;/wireshark-&wireshark-version;-lua_5_3_1-1.patch"/>
77 (allows building the LUA bindings if <xref linkend="lua"/> is
78 installed and LUA is not disabled by passing <option>--without-lua
79 </option> to <command>configure</command>)
80 </para>
81 </listitem>
82 <listitem>
83 <para>
84 Additional Documentation:
85 <ulink url="https://www.wireshark.org/download/docs/"/>
86 (contains links to several different docs in a variety of formats)
87 </para>
88 </listitem>
89 </itemizedlist>
90
91 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
92
93 <bridgehead renderas="sect4">Required</bridgehead>
94 <para role="required">
95 <xref linkend="glib2"/>
96 </para>
97
98 <bridgehead renderas="sect4">Recommended</bridgehead>
99 <para role="recommended">
100 <xref linkend="gtk3"/> (for the <application>Gtk+3</application> GUI),
101 <xref linkend="libpcap"/> (required to capture data), and
102 <xref linkend="qt5"/> (for the <application>Qt5</application> GUI)
103 </para>
104
105 <bridgehead renderas="sect4">Optional</bridgehead>
106 <para role="optional">
107 <xref linkend="gnutls"/>,
108 <xref linkend="libgcrypt"/>,
109 <xref linkend="libnl"/>,
110 <xref linkend="lua"/>,
111 <xref linkend="mitkrb"/>,
112 <xref linkend="openssl"/>,
113 <xref linkend="sbc"/>,
114 <ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink>,
115 <ulink url="http://c-ares.haxx.se/">c-ares</ulink>,
116 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
117 <ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>, and
118 <ulink url="http://www.portaudio.com/">PortAudio</ulink>
119 (for GTK+ RTP player)
120 </para>
121
122 <bridgehead renderas="sect4">Optional (for GUI front-ends)
123 </bridgehead>
124 <para role="optional">
125 <xref linkend="gtk2"/>, or
126 <xref linkend="qt4"/>,
127 </para>
128
129 <note>
130 <para>
131 The <application>GTK+</application> GUI needs one of <xref linkend=
132 "gtk2"/> or <xref linkend="gtk3"/>. If both are installed, GTK+3
133 is used by default.
134 </para>
135
136 <para>
137 The <application>Qt</application> GUI needs one of <xref linkend=
138 "qt4"/> or <xref linkend="qt5"/>. If both are installed, Qt5
139 is used by default.
140 </para>
141
142 <para>
143 Both GTK+ and Qt GUI front-ends are built, as recommended by the
144 upstream developers. If you want to override the defaults, some
145 configure switches have to be set (see <quote>Command
146 Explanations</quote>).
147 </para>
148 </note>
149
150 <para condition="html" role="usernotes">
151 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
152 </para>
153
154 </sect2>
155
156 <sect2 role="kernel" id="wireshark-kernel">
157 <title>Kernel Configuration</title>
158
159 <para>
160 The kernel must have the Packet protocol enabled for <application>
161 Wireshark</application> to capture live packets from the network:
162 </para>
163
164<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
165 Networking options ---&gt;
166 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
167
168 <para>
169 If built as a module, the name is <filename>af_packet.ko</filename>.
170 </para>
171
172 <indexterm zone="wireshark wireshark-kernel">
173 <primary sortas="d-Capturing-network-packets">
174 Capturing network packets
175 </primary>
176 </indexterm>
177
178 </sect2>
179
180 <sect2 role="installation">
181 <title>Installation of Wireshark</title>
182
183 <para>
184 <application>Wireshark</application> is a very large and complex
185 application. These instructions provide additional security measures to
186 ensure that only trusted users are allowed to view network traffic. First,
187 set up a system group for wireshark. As the <systemitem
188 class="username">root</systemitem> user:
189 </para>
190
191<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
192
193 <para>
194 Continue to install <application>Wireshark</application> by running
195 the following commands:
196 </para>
197
198<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-lua_5_3_1-1.patch &amp;&amp;
199
200./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
201
202make</userinput></screen>
203
204 <para>
205 This package does not come with a test suite.
206 </para>
207
208 <para>
209 Now, as the <systemitem class="username">root</systemitem> user:
210 </para>
211
212<screen role="root"><userinput>make install &amp;&amp;
213
214install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
215install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
216 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
217
218pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
219 for FILENAME in ../../wireshark/*.html; do
220 ln -s -v -f $FILENAME .
221 done &amp;&amp;
222popd
223unset FILENAME</userinput></screen>
224
225 <para>
226 If you downloaded any of the documentation files from the page
227 listed in the 'Additional Downloads', install them by issuing the
228 following commands as the <systemitem class="username">root</systemitem>
229 user:
230 </para>
231
232<screen role="root"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
233 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
234
235 <para>
236 Now, set ownership and permissions of sensitive applications to only
237 allow authorized users. As the <systemitem class="username">root
238 </systemitem> user:
239 </para>
240
241<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
242chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
243
244 <para>
245 Finally, add any users to the wireshark group (as <systemitem class=
246 "username">root</systemitem> user):
247 </para>
248
249<screen role="root"><userinput>usermod -a -G wireshark &lt;username&gt;</userinput></screen>
250
251 <para>
252 If you are installing wireshark for the first time, it will be necessary
253 to leave the session and login again, thus you will now have wireshark
254 between your groups, otherwise, it will not run properly.
255 </para>
256
257 </sect2>
258
259 <sect2 role="commands">
260 <title>Command Explanations</title>
261
262 <para>
263 <option>--with-gtk2=[yes/no]</option>: For the Gtk+2 GUI. If both Gtk+2
264 and 3 are installed, default is no. Notice that the GUI for only one Gtk+
265 version (either 2 or 3) can be built.
266 </para>
267
268 <para>
269 <option>--with-gtk3=[yes/no]</option>: For the Gtk+3 GUI. If both Gtk+2
270 and 3 are installed, default is yes.
271 </para>
272
273 <para>
274 <option>--with-qt=[yes/no/4/5]</option>: For the Qt GUI. Default is yes.
275 If both Qt4 and 5 are installed, Qt5 is chosen by default. Notice that the
276 GUI for only one Qt version (either 4 or 5) can be built.
277 </para>
278
279 <para>
280 <option>--disable-wireshark</option>: Use this switch if you
281 have <application>GTK+</application> installed but do not want to build
282 any of the GUIs.
283 </para>
284
285 </sect2>
286
287 <sect2 role="configuration">
288 <title>Configuring Wireshark</title>
289
290 <sect3 id="wireshark-config">
291 <title>Config Files</title>
292
293 <para><filename>/etc/wireshark.conf</filename> and
294 <filename>~/.config/wireshark/*</filename> (unless there is already
295 <filename>~/.wireshark/*</filename> in the system)</para>
296
297 <indexterm zone="wireshark wireshark-config">
298 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
299 </indexterm>
300
301 <indexterm zone="wireshark wireshark-config">
302 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
303 </indexterm>
304
305 </sect3>
306
307 <sect3>
308 <title>Configuration Information</title>
309
310 <para>Though the default configuration parameters are very sane, reference
311 the configuration section of the <ulink
312 url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
313 Guide</ulink> for configuration information. Most of
314 <application>Wireshark</application>'s configuration can be accomplished
315 using the menu options of the <command>wireshark</command> graphical
316 interfaces.</para>
317
318 <note>
319 <para>If you want to look at packets, make sure you don't filter them
320 out with <xref linkend="iptables"/>. If you want to exclude certain
321 classes of packets, it is more efficient to do it with
322 <application>iptables</application> than it is with
323 <application>Wireshark</application>.</para>
324 </note>
325
326 </sect3>
327
328 </sect2>
329
330 <sect2 role="content">
331 <title>Contents</title>
332
333 <segmentedlist>
334 <segtitle>Installed Programs</segtitle>
335 <segtitle>Installed Libraries</segtitle>
336 <segtitle>Installed Directories</segtitle>
337
338 <seglistitem>
339 <seg>
340 androiddump, capinfos, captype, dftest, dumpcap, editcap, idl2wrs,
341 mergecap, randpkt, rawshark, reordercap, text2pcap, tshark, wireshark,
342 and wireshark-gtk
343 </seg>
344 <seg>
345 libwireshark.so, libwiretap.so, libwsutil.so, and numerous modules
346 under /usr/lib/wireshark/plugins
347 </seg>
348 <seg>
349 /usr/{lib,share}/wireshark and
350 /usr/share/doc/wireshark-&wireshark-version;
351 </seg>
352 </seglistitem>
353 </segmentedlist>
354
355 <variablelist>
356 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
357 <?dbfo list-presentation="list"?>
358 <?dbhtml list-presentation="table"?>
359
360 <varlistentry id="capinfos">
361 <term><command>capinfos</command></term>
362 <listitem>
363 <para>reads a saved capture file and returns any or all of several
364 statistics about that file. It is able to detect and read any capture
365 supported by the <application>Wireshark</application> package.</para>
366 <indexterm zone="wireshark capinfos">
367 <primary sortas="b-capinfos">capinfos</primary>
368 </indexterm>
369 </listitem>
370 </varlistentry>
371
372 <varlistentry id="captype">
373 <term><command>captype</command></term>
374 <listitem>
375 <para>prints the file types of capture files.</para>
376 <indexterm zone="wireshark captype">
377 <primary sortas="b-captype">captype</primary>
378 </indexterm>
379 </listitem>
380 </varlistentry>
381
382 <varlistentry id="dftest">
383 <term><command>dftest</command></term>
384 <listitem>
385 <para>is a display-filter-compiler test program.</para>
386 <indexterm zone="wireshark dftest">
387 <primary sortas="b-dftest">dftest</primary>
388 </indexterm>
389 </listitem>
390 </varlistentry>
391
392 <varlistentry id="dumpcap">
393 <term><command>dumpcap</command></term>
394 <listitem>
395 <para>is a network traffic dump tool. It lets you capture packet data
396 from a live network and write the packets to a file.</para>
397 <indexterm zone="wireshark dumpcap">
398 <primary sortas="b-dumpcap">dumpcap</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 <varlistentry id="editcap">
404 <term><command>editcap</command></term>
405 <listitem>
406 <para>edits and/or translates the format of capture files. It knows
407 how to read <application>libpcap</application> capture files,
408 including those of <command>tcpdump</command>,
409 <application>Wireshark</application> and other tools that write
410 captures in that format.</para>
411 <indexterm zone="wireshark editcap">
412 <primary sortas="b-editcap">editcap</primary>
413 </indexterm>
414 </listitem>
415 </varlistentry>
416
417 <varlistentry id="mergecap">
418 <term><command>mergecap</command></term>
419 <listitem>
420 <para>combines multiple saved capture files into a single output
421 file.</para>
422 <indexterm zone="wireshark mergecap">
423 <primary sortas="b-mergecap">mergecap</primary>
424 </indexterm>
425 </listitem>
426 </varlistentry>
427
428 <varlistentry id="randpkt">
429 <term><command>randpkt</command></term>
430 <listitem>
431 <para>creates random-packet capture files.</para>
432 <indexterm zone="wireshark randpkt">
433 <primary sortas="b-randpkt">randpkt</primary>
434 </indexterm>
435 </listitem>
436 </varlistentry>
437
438 <varlistentry id="rawshark">
439 <term><command>rawshark</command></term>
440 <listitem>
441 <para>dump and analyze raw libpcap data.</para>
442 <indexterm zone="wireshark rawshark">
443 <primary sortas="b-rawshark">rawshark</primary>
444 </indexterm>
445 </listitem>
446 </varlistentry>
447
448 <varlistentry id="reordercap">
449 <term><command>reordercap</command></term>
450 <listitem>
451 <para>reorder timestamps of input file frames into output file.</para>
452 <indexterm zone="wireshark reordercap">
453 <primary sortas="b-reordercap">reordercap</primary>
454 </indexterm>
455 </listitem>
456 </varlistentry>
457
458 <varlistentry id="text2pcap">
459 <term><command>text2pcap</command></term>
460 <listitem>
461 <para>reads in an ASCII hex dump and writes the
462 data described into a <application>libpcap</application>-style
463 capture file.</para>
464 <indexterm zone="wireshark text2pcap">
465 <primary sortas="b-text2pcap">text2pcap</primary>
466 </indexterm>
467 </listitem>
468 </varlistentry>
469
470 <varlistentry id="tshark">
471 <term><command>tshark</command></term>
472 <listitem>
473 <para>is a TTY-mode network protocol analyzer. It lets you capture
474 packet data from a live network or read packets from a
475 previously saved capture file.</para>
476 <indexterm zone="wireshark tshark">
477 <primary sortas="b-tshark">tshark</primary>
478 </indexterm>
479 </listitem>
480 </varlistentry>
481
482 <varlistentry id="wireshark-prog">
483 <term><command>wireshark</command></term>
484 <listitem>
485 <para>
486 is the Qt GUI network protocol analyzer. It lets you interactively
487 browse packet data from a live network or from a previously saved
488 capture file.
489 </para>
490 <indexterm zone="wireshark wireshark-prog">
491 <primary sortas="b-wireshark">wireshark</primary>
492 </indexterm>
493 </listitem>
494 </varlistentry>
495
496 <varlistentry id="wireshark-gtk-prog">
497 <term><command>wireshark-gtk</command></term>
498 <listitem>
499 <para>
500 is the Gtk+ GUI network protocol analyzer. It lets you interactively
501 browse packet data from a live network or from a previously saved
502 capture file.
503 </para>
504 <indexterm zone="wireshark wireshark-gtk-prog">
505 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
506 </indexterm>
507 </listitem>
508 </varlistentry>
509
510 <varlistentry id="libwireshark">
511 <term><filename class='libraryfile'>libwireshark.so</filename></term>
512 <listitem>
513 <para>contains functions used by the
514 <application>Wireshark</application> programs to perform filtering and
515 packet capturing.</para>
516 <indexterm zone="wireshark libwireshark">
517 <primary sortas="c-libwireshark">libwireshark.so</primary>
518 </indexterm>
519 </listitem>
520 </varlistentry>
521
522 <varlistentry id="libwiretap">
523 <term><filename class='libraryfile'>libwiretap.so</filename></term>
524 <listitem>
525 <para>is a library being developed as a future replacement for
526 <filename class='libraryfile'>libpcap</filename>, the current
527 standard Unix library for packet capturing. For more information,
528 see the <filename>README</filename> file in the source
529 <filename class='directory'>wiretap</filename> directory.</para>
530 <indexterm zone="wireshark libwiretap">
531 <primary sortas="c-libwiretap">libwiretap.so</primary>
532 </indexterm>
533 </listitem>
534 </varlistentry>
535
536 </variablelist>
537
538 </sect2>
539
540</sect1>
Note: See TracBrowser for help on using the repository browser.