Context Navigation

wireshark.xml@ 169834cb

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 169834cb was 169834cb, checked in by Bruce Dubbs <bdubbs@…>, 7 years ago

More tags -- almost done

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@18393 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 18.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.bz2">
8	<!ENTITY wireshark-download-ftp "ftp://ftp.uni-kl.de/pub/wireshark/src/wireshark-&wireshark-version;.tar.bz2">
9	<!ENTITY wireshark-md5sum "49a1023a69ac108ca089d750eee50e37">
10	<!ENTITY wireshark-size "31 MB">
11	<!ENTITY wireshark-buildsize "1.6 GB, with default GUI front-ends">
12	<!ENTITY wireshark-time "11 SBU, with default GUI front-ends">
13	]>
14
15	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16	<?dbhtml filename="wireshark.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>Wireshark-&wireshark-version;</title>
24
25	<indexterm zone="wireshark">
26	<primary sortas="a-Wireshark">Wireshark</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to Wireshark</title>
31
32	<para>
33	The <application>Wireshark</application> package contains a network
34	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35	for analyzing data captured <quote>off the wire</quote> from a live
36	network connection, or data read from a capture file.
37	</para>
38
39	<para>
40	<application>Wireshark</application> provides both a graphical and a
41	TTY-mode front-end for examining captured network packets from over 500
42	protocols, as well as the capability to read capture files from many
43	other popular network analyzers.
44	</para>
45
46	&lfs80_checked;
47
48	<bridgehead renderas="sect3">Package Information</bridgehead>
49	<itemizedlist spacing="compact">
50	<listitem>
51	<para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52	</listitem>
53	<listitem>
54	<para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55	</listitem>
56	<listitem>
57	<para>Download MD5 sum: &wireshark-md5sum;</para>
58	</listitem>
59	<listitem>
60	<para>Download size: &wireshark-size;</para>
61	</listitem>
62	<listitem>
63	<para>Estimated disk space required: &wireshark-buildsize;</para>
64	</listitem>
65	<listitem>
66	<para>Estimated build time: &wireshark-time;</para>
67	</listitem>
68	</itemizedlist>
69
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Optional patch:
75	<ulink url=
76	"&patch-root;/wireshark-&wireshark-version;-lua_5_3_1-1.patch"/>
77	(allows building the LUA bindings if <xref linkend="lua"/> is
78	installed and LUA is not disabled by passing <option>--without-lua
79	</option> to <command>configure</command>)
80	</para>
81	</listitem>
82	<listitem>
83	<para>
84	Additional Documentation:
85	<ulink url="https://www.wireshark.org/download/docs/"/>
86	(contains links to several different docs in a variety of formats)
87	</para>
88	</listitem>
89	</itemizedlist>
90
91	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
92
93	<bridgehead renderas="sect4">Required</bridgehead>
94	<para role="required">
95	<xref linkend="glib2"/>
96	</para>
97
98	<bridgehead renderas="sect4">Recommended</bridgehead>
99	<para role="recommended">
100	<xref linkend="gtk3"/> (for the <application>Gtk+3</application> GUI),
101	<xref linkend="libpcap"/> (required to capture data), and
102	<xref linkend="qt5"/> (for the <application>Qt5</application> GUI)
103	</para>
104
105	<bridgehead renderas="sect4">Optional</bridgehead>
106	<para role="optional">
107	<xref linkend="gnutls"/>,
108	<xref linkend="libgcrypt"/>,
109	<xref linkend="libnl"/>,
110	<xref linkend="lua"/>,
111	<xref linkend="mitkrb"/>,
112	<xref linkend="openssl"/>,
113	<xref linkend="sbc"/>,
114	<ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink>,
115	<ulink url="http://c-ares.haxx.se/">c-ares</ulink>,
116	<ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
117	<ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>, and
118	<ulink url="http://www.portaudio.com/">PortAudio</ulink>
119	(for GTK+ RTP player)
120	</para>
121
122	<bridgehead renderas="sect4">Optional (for GUI front-ends)
123	</bridgehead>
124	<para role="optional">
125	<xref linkend="gtk2"/>
126	</para>
127
128	<note>
129	<para>
130	The <application>GTK+</application> GUI needs one of <xref linkend=
131	"gtk2"/> or <xref linkend="gtk3"/>. If both are installed, GTK+3
132	is used by default.
133	</para>
134
135	<para>
136	The <application>Qt</application> GUI needs <xref linkend="qt5"/>.
137	</para>
138
139	<para>
140	Both GTK+ and Qt GUI front-ends are built, as recommended by the
141	upstream developers. If you want to override the defaults, some
142	configure switches have to be set (see <quote>Command
143	Explanations</quote>).
144	</para>
145	</note>
146
147	<para condition="html" role="usernotes">
148	User Notes: <ulink url="&blfs-wiki;/wireshark"/>
149	</para>
150
151	</sect2>
152
153	<sect2 role="kernel" id="wireshark-kernel">
154	<title>Kernel Configuration</title>
155
156	<para>
157	The kernel must have the Packet protocol enabled for <application>
158	Wireshark</application> to capture live packets from the network:
159	</para>
160
161	<screen><literal>[*] Networking support ---> [CONFIG_NET]
162	Networking options --->
163	<*/M> Packet socket [CONFIG_PACKET]</literal></screen>
164
165	<para>
166	If built as a module, the name is <filename>af_packet.ko</filename>.
167	</para>
168
169	<indexterm zone="wireshark wireshark-kernel">
170	<primary sortas="d-Capturing-network-packets">
171	Capturing network packets
172	</primary>
173	</indexterm>
174
175	</sect2>
176
177	<sect2 role="installation">
178	<title>Installation of Wireshark</title>
179
180	<para>
181	<application>Wireshark</application> is a very large and complex
182	application. These instructions provide additional security measures to
183	ensure that only trusted users are allowed to view network traffic. First,
184	set up a system group for wireshark. As the <systemitem
185	class="username">root</systemitem> user:
186	</para>
187
188	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
189
190	<para>
191	Continue to install <application>Wireshark</application> by running
192	the following commands:
193	</para>
194
195	<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-lua_5_3_1-1.patch &&
196
197	./configure --prefix=/usr --sysconfdir=/etc &&
198	make</userinput></screen>
199
200	<para>
201	This package does not come with a test suite.
202	</para>
203
204	<para>
205	Now, as the <systemitem class="username">root</systemitem> user:
206	</para>
207
208	<screen role="root"><userinput>make install &&
209
210	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
211	install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
212	/usr/share/doc/wireshark-&wireshark-version; &&
213
214	pushd /usr/share/doc/wireshark-&wireshark-version; &&
215	for FILENAME in ../../wireshark/*.html; do
216	ln -s -v -f $FILENAME .
217	done &&
218	popd
219	unset FILENAME</userinput></screen>
220
221	<para>
222	If you downloaded any of the documentation files from the page
223	listed in the 'Additional Downloads', install them by issuing the
224	following commands as the <systemitem class="username">root</systemitem>
225	user:
226	</para>
227
228	<screen role="root"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
229	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
230
231	<para>
232	Now, set ownership and permissions of sensitive applications to only
233	allow authorized users. As the <systemitem class="username">root
234	</systemitem> user:
235	</para>
236
237	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
238	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
239
240	<para>
241	Finally, add any users to the wireshark group (as <systemitem class=
242	"username">root</systemitem> user):
243	</para>
244
245	<screen role="root"><userinput>usermod -a -G wireshark <username></userinput></screen>
246
247	<para>
248	If you are installing wireshark for the first time, it will be necessary
249	to leave the session and login again, thus you will now have wireshark
250	between your groups, otherwise, it will not run properly.
251	</para>
252
253	</sect2>
254
255	<sect2 role="commands">
256	<title>Command Explanations</title>
257
258	<para>
259	<option>--with-gtk2=[yes/no]</option>: For the Gtk+2 GUI. If both Gtk+2
260	and 3 are installed, default is no. Notice that the GUI for only one Gtk+
261	version (either 2 or 3) can be built.
262	</para>
263
264	<para>
265	<option>--with-gtk3=[yes/no]</option>: For the Gtk+3 GUI. If both Gtk+2
266	and 3 are installed, default is yes.
267	</para>
268
269	<para>
270	<option>--with-qt=[yes/no/4/5]</option>: For the Qt GUI. Default is yes.
271	</para>
272
273	<para>
274	<option>--disable-wireshark</option>: Use this switch if you
275	have <application>GTK+</application> installed but do not want to build
276	any of the GUIs.
277	</para>
278
279	</sect2>
280
281	<sect2 role="configuration">
282	<title>Configuring Wireshark</title>
283
284	<sect3 id="wireshark-config">
285	<title>Config Files</title>
286
287	<para><filename>/etc/wireshark.conf</filename> and
288	<filename>~/.config/wireshark/*</filename> (unless there is already
289	<filename>~/.wireshark/*</filename> in the system)</para>
290
291	<indexterm zone="wireshark wireshark-config">
292	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
293	</indexterm>
294
295	<indexterm zone="wireshark wireshark-config">
296	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
297	</indexterm>
298
299	</sect3>
300
301	<sect3>
302	<title>Configuration Information</title>
303
304	<para>Though the default configuration parameters are very sane, reference
305	the configuration section of the <ulink
306	url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
307	Guide</ulink> for configuration information. Most of
308	<application>Wireshark</application>'s configuration can be accomplished
309	using the menu options of the <command>wireshark</command> graphical
310	interfaces.</para>
311
312	<note>
313	<para>If you want to look at packets, make sure you don't filter them
314	out with <xref linkend="iptables"/>. If you want to exclude certain
315	classes of packets, it is more efficient to do it with
316	<application>iptables</application> than it is with
317	<application>Wireshark</application>.</para>
318	</note>
319
320	</sect3>
321
322	</sect2>
323
324	<sect2 role="content">
325	<title>Contents</title>
326
327	<segmentedlist>
328	<segtitle>Installed Programs</segtitle>
329	<segtitle>Installed Libraries</segtitle>
330	<segtitle>Installed Directories</segtitle>
331
332	<seglistitem>
333	<seg>
334	androiddump, capinfos, captype, dftest, dumpcap, editcap, idl2wrs,
335	mergecap, randpkt, rawshark, reordercap, text2pcap, tshark, wireshark,
336	and wireshark-gtk
337	</seg>
338	<seg>
339	libwireshark.so, libwiretap.so, libwsutil.so, and numerous modules
340	under /usr/lib/wireshark/plugins
341	</seg>
342	<seg>
343	/usr/{lib,share}/wireshark and
344	/usr/share/doc/wireshark-&wireshark-version;
345	</seg>
346	</seglistitem>
347	</segmentedlist>
348
349	<variablelist>
350	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
351	<?dbfo list-presentation="list"?>
352	<?dbhtml list-presentation="table"?>
353
354	<varlistentry id="capinfos">
355	<term><command>capinfos</command></term>
356	<listitem>
357	<para>reads a saved capture file and returns any or all of several
358	statistics about that file. It is able to detect and read any capture
359	supported by the <application>Wireshark</application> package.</para>
360	<indexterm zone="wireshark capinfos">
361	<primary sortas="b-capinfos">capinfos</primary>
362	</indexterm>
363	</listitem>
364	</varlistentry>
365
366	<varlistentry id="captype">
367	<term><command>captype</command></term>
368	<listitem>
369	<para>prints the file types of capture files.</para>
370	<indexterm zone="wireshark captype">
371	<primary sortas="b-captype">captype</primary>
372	</indexterm>
373	</listitem>
374	</varlistentry>
375
376	<varlistentry id="dftest">
377	<term><command>dftest</command></term>
378	<listitem>
379	<para>is a display-filter-compiler test program.</para>
380	<indexterm zone="wireshark dftest">
381	<primary sortas="b-dftest">dftest</primary>
382	</indexterm>
383	</listitem>
384	</varlistentry>
385
386	<varlistentry id="dumpcap">
387	<term><command>dumpcap</command></term>
388	<listitem>
389	<para>is a network traffic dump tool. It lets you capture packet data
390	from a live network and write the packets to a file.</para>
391	<indexterm zone="wireshark dumpcap">
392	<primary sortas="b-dumpcap">dumpcap</primary>
393	</indexterm>
394	</listitem>
395	</varlistentry>
396
397	<varlistentry id="editcap">
398	<term><command>editcap</command></term>
399	<listitem>
400	<para>edits and/or translates the format of capture files. It knows
401	how to read <application>libpcap</application> capture files,
402	including those of <command>tcpdump</command>,
403	<application>Wireshark</application> and other tools that write
404	captures in that format.</para>
405	<indexterm zone="wireshark editcap">
406	<primary sortas="b-editcap">editcap</primary>
407	</indexterm>
408	</listitem>
409	</varlistentry>
410
411	<varlistentry id="mergecap">
412	<term><command>mergecap</command></term>
413	<listitem>
414	<para>combines multiple saved capture files into a single output
415	file.</para>
416	<indexterm zone="wireshark mergecap">
417	<primary sortas="b-mergecap">mergecap</primary>
418	</indexterm>
419	</listitem>
420	</varlistentry>
421
422	<varlistentry id="randpkt">
423	<term><command>randpkt</command></term>
424	<listitem>
425	<para>creates random-packet capture files.</para>
426	<indexterm zone="wireshark randpkt">
427	<primary sortas="b-randpkt">randpkt</primary>
428	</indexterm>
429	</listitem>
430	</varlistentry>
431
432	<varlistentry id="rawshark">
433	<term><command>rawshark</command></term>
434	<listitem>
435	<para>dump and analyze raw libpcap data.</para>
436	<indexterm zone="wireshark rawshark">
437	<primary sortas="b-rawshark">rawshark</primary>
438	</indexterm>
439	</listitem>
440	</varlistentry>
441
442	<varlistentry id="reordercap">
443	<term><command>reordercap</command></term>
444	<listitem>
445	<para>reorder timestamps of input file frames into output file.</para>
446	<indexterm zone="wireshark reordercap">
447	<primary sortas="b-reordercap">reordercap</primary>
448	</indexterm>
449	</listitem>
450	</varlistentry>
451
452	<varlistentry id="text2pcap">
453	<term><command>text2pcap</command></term>
454	<listitem>
455	<para>reads in an ASCII hex dump and writes the
456	data described into a <application>libpcap</application>-style
457	capture file.</para>
458	<indexterm zone="wireshark text2pcap">
459	<primary sortas="b-text2pcap">text2pcap</primary>
460	</indexterm>
461	</listitem>
462	</varlistentry>
463
464	<varlistentry id="tshark">
465	<term><command>tshark</command></term>
466	<listitem>
467	<para>is a TTY-mode network protocol analyzer. It lets you capture
468	packet data from a live network or read packets from a
469	previously saved capture file.</para>
470	<indexterm zone="wireshark tshark">
471	<primary sortas="b-tshark">tshark</primary>
472	</indexterm>
473	</listitem>
474	</varlistentry>
475
476	<varlistentry id="wireshark-prog">
477	<term><command>wireshark</command></term>
478	<listitem>
479	<para>
480	is the Qt GUI network protocol analyzer. It lets you interactively
481	browse packet data from a live network or from a previously saved
482	capture file.
483	</para>
484	<indexterm zone="wireshark wireshark-prog">
485	<primary sortas="b-wireshark">wireshark</primary>
486	</indexterm>
487	</listitem>
488	</varlistentry>
489
490	<varlistentry id="wireshark-gtk-prog">
491	<term><command>wireshark-gtk</command></term>
492	<listitem>
493	<para>
494	is the Gtk+ GUI network protocol analyzer. It lets you interactively
495	browse packet data from a live network or from a previously saved
496	capture file.
497	</para>
498	<indexterm zone="wireshark wireshark-gtk-prog">
499	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
500	</indexterm>
501	</listitem>
502	</varlistentry>
503
504	<varlistentry id="libwireshark">
505	<term><filename class='libraryfile'>libwireshark.so</filename></term>
506	<listitem>
507	<para>contains functions used by the
508	<application>Wireshark</application> programs to perform filtering and
509	packet capturing.</para>
510	<indexterm zone="wireshark libwireshark">
511	<primary sortas="c-libwireshark">libwireshark.so</primary>
512	</indexterm>
513	</listitem>
514	</varlistentry>
515
516	<varlistentry id="libwiretap">
517	<term><filename class='libraryfile'>libwiretap.so</filename></term>
518	<listitem>
519	<para>is a library being developed as a future replacement for
520	<filename class='libraryfile'>libpcap</filename>, the current
521	standard Unix library for packet capturing. For more information,
522	see the <filename>README</filename> file in the source
523	<filename class='directory'>wiretap</filename> directory.</para>
524	<indexterm zone="wireshark libwiretap">
525	<primary sortas="c-libwiretap">libwiretap.so</primary>
526	</indexterm>
527	</listitem>
528	</varlistentry>
529
530	</variablelist>
531
532	</sect2>
533
534	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark.xml@ 169834cb

Download in other formats: