source: networking/netutils/wireshark.xml@ 45ab6c7

11.0 qt5new trunk
Last change on this file since 45ab6c7 was 45ab6c7, checked in by Xi Ruoyao <xry111@…>, 5 months ago

more SVN prop clean up

Remove "$LastChanged$" everywhere, and also some unused $Date$

  • Property mode set to 100644
File size: 19.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "dbc93615612db327276aec8391a3c090">
10 <!ENTITY wireshark-size "31 MB">
11 <!ENTITY wireshark-buildsize "751 MB (with all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "2.4 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13]>
14
15<!-- Gentler reminder: many Wireshark releases contain vulnerability fixes,
16 we have not always been aware of these. At https://www.wireshark.org/security/
17 there is a list of advisories and the version in which they were fixed.
18
19 If you click on an advisory, after the bug number in the References:
20 there may be a CVE number, although perhaps those get added some time after
21 the release. Perhaps as a general rule treat ALL their advisories for crashes
22 etc as worthy of a security fix. -->
23
24<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25 <?dbhtml filename="wireshark.html"?>
26
27 <sect1info>
28 <date>$Date$</date>
29 </sect1info>
30
31 <title>Wireshark-&wireshark-version;</title>
32
33 <indexterm zone="wireshark">
34 <primary sortas="a-Wireshark">Wireshark</primary>
35 </indexterm>
36
37 <sect2 role="package">
38 <title>Introduction to Wireshark</title>
39
40 <para>
41 The <application>Wireshark</application> package contains a network
42 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
43 for analyzing data captured <quote>off the wire</quote> from a live
44 network connection, or data read from a capture file.
45 </para>
46
47 <para>
48 <application>Wireshark</application> provides both a graphical and a
49 TTY-mode front-end for examining captured network packets from over 500
50 protocols, as well as the capability to read capture files from many
51 other popular network analyzers.
52 </para>
53
54 &lfs101_checked;
55
56 <bridgehead renderas="sect3">Package Information</bridgehead>
57 <itemizedlist spacing="compact">
58 <listitem>
59 <para>
60 Download (HTTP): <ulink url="&wireshark-download-http;"/>
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download (FTP): <ulink url="&wireshark-download-ftp;"/>
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Download MD5 sum: &wireshark-md5sum;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Download size: &wireshark-size;
76 </para>
77 </listitem>
78 <listitem>
79 <para>
80 Estimated disk space required: &wireshark-buildsize;
81 </para>
82 </listitem>
83 <listitem>
84 <para>
85 Estimated build time: &wireshark-time;
86 </para>
87 </listitem>
88 </itemizedlist>
89
90 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
91 <itemizedlist spacing="compact">
92 <listitem>
93 <para>
94 Additional Documentation:
95 <ulink url="https://www.wireshark.org/download/docs/"/>
96 (contains links to several different docs in a variety of formats)
97 </para>
98 </listitem>
99 </itemizedlist>
100
101 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
102
103 <bridgehead renderas="sect4">Required</bridgehead>
104 <para role="required">
105 <xref linkend="cmake"/>,
106 <xref linkend="glib2"/>,
107 <xref linkend="libgcrypt"/>, and
108 <xref linkend="qt5"/>
109 </para>
110
111 <bridgehead renderas="sect4">Recommended</bridgehead>
112 <para role="recommended">
113 <xref linkend="libpcap"/> (required to capture data)
114 </para>
115
116 <bridgehead renderas="sect4">Optional</bridgehead>
117 <para role="optional">
118 <xref linkend="brotli"/>,
119 <xref linkend="c-ares"/>,
120 <xref linkend="doxygen"/>,
121 <xref linkend="git"/>,
122 <xref linkend="gnutls"/>,
123 <xref linkend="libnl"/>,
124 <xref linkend="libxslt"/>,
125 <xref linkend="libxml2"/>,
126 <xref linkend="lua52"/>,
127 <xref linkend="mitkrb"/>,
128 <xref linkend="nghttp2"/>,
129 <xref linkend="sbc"/>,
130 <xref linkend="speex"/>,
131 <ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,
132 <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
133 <ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
134 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
135 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
136 <ulink url="https://www.libssh.org/">libssh</ulink>,
137 <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
138 <ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
139 <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
140 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
141 </para>
142
143 <para condition="html" role="usernotes">
144 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
145 </para>
146
147 </sect2>
148
149 <sect2 role="kernel" id="wireshark-kernel">
150 <title>Kernel Configuration</title>
151
152 <para>
153 The kernel must have the Packet protocol enabled for <application>
154 Wireshark</application> to capture live packets from the network:
155 </para>
156
157<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
158 Networking options ---&gt;
159 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
160
161 <para>
162 If built as a module, the name is <filename>af_packet.ko</filename>.
163 </para>
164
165 <indexterm zone="wireshark wireshark-kernel">
166 <primary sortas="d-Capturing-network-packets">
167 Capturing network packets
168 </primary>
169 </indexterm>
170
171 </sect2>
172
173 <sect2 role="installation">
174 <title>Installation of Wireshark</title>
175
176 <para>
177 <application>Wireshark</application> is a very large and complex
178 application. These instructions provide additional security measures to
179 ensure that only trusted users are allowed to view network traffic. First,
180 set up a system group for wireshark. As the <systemitem
181 class="username">root</systemitem> user:
182 </para>
183
184<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
185
186 <para>
187 Continue to install <application>Wireshark</application> by running
188 the following commands:
189 </para>
190
191<screen><userinput>mkdir build &amp;&amp;
192cd build &amp;&amp;
193
194cmake -DCMAKE_INSTALL_PREFIX=/usr \
195 -DCMAKE_BUILD_TYPE=Release \
196 -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
197 -G Ninja \
198 .. &amp;&amp;
199ninja</userinput></screen>
200
201 <para>
202 This package does not come with a test suite.
203 </para>
204
205 <para>
206 Now, as the <systemitem class="username">root</systemitem> user:
207 </para>
208
209<screen role="root"><userinput>ninja install &amp;&amp;
210
211install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
212install -v -m644 ../README.linux ../doc/README.* ../doc/{*.pod,randpkt.txt} \
213 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
214
215pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
216 for FILENAME in ../../wireshark/*.html; do
217 ln -s -v -f $FILENAME .
218 done &amp;&amp;
219popd
220unset FILENAME</userinput></screen>
221
222 <para>
223 If you downloaded any of the documentation files from the page
224 listed in the 'Additional Downloads', install them by issuing the
225 following commands as the <systemitem class="username">root</systemitem>
226 user:
227 </para>
228
229<screen role="root"
230 remap="doc"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
231 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
232
233 <para>
234 Now, set ownership and permissions of sensitive applications to only
235 allow authorized users. As the <systemitem class="username">root
236 </systemitem> user:
237 </para>
238
239<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
240chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
241
242 <para>
243 Finally, add any users to the wireshark group (as <systemitem class=
244 "username">root</systemitem> user):
245 </para>
246
247 <screen role="root"><userinput>usermod -a -G wireshark <replaceable>&lt;username&gt;</replaceable></userinput></screen>
248
249 <para>
250 If you are installing wireshark for the first time, it will be necessary
251 to logout of your session and login again. This will put wireshark in your
252 groups, because otherwise Wireshark will not function properly.
253 </para>
254
255 </sect2>
256<!--
257 <sect2 role="commands">
258 <title>Command Explanations</title>
259
260 <para>
261 <option>- -disable-wireshark</option>: Use this switch if you
262 have <application>Qt</application> installed but do not want to build
263 any of the GUIs.
264 </para>
265 </sect2>
266-->
267
268 <sect2 role="configuration">
269 <title>Configuring Wireshark</title>
270
271 <sect3 id="wireshark-config">
272 <title>Config Files</title>
273
274 <para>
275 <filename>/etc/wireshark.conf</filename> and
276 <filename>~/.config/wireshark/*</filename> (unless there is already
277 <filename>~/.wireshark/*</filename> in the system)
278 </para>
279
280 <indexterm zone="wireshark wireshark-config">
281 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
282 </indexterm>
283
284 <indexterm zone="wireshark wireshark-config">
285 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
286 </indexterm>
287
288 </sect3>
289
290 <sect3>
291 <title>Configuration Information</title>
292
293 <para>
294 Though the default configuration parameters are very sane, reference
295 the configuration section of the <ulink url=
296 "http://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
297 </ulink> for configuration information. Most of <application>Wireshark
298 </application>'s configuration can be accomplished
299 using the menu options of the <command>wireshark</command> graphical
300 interfaces.
301 </para>
302
303 <note>
304 <para>
305 If you want to look at packets, make sure you don't filter them
306 out with <xref linkend="iptables"/>. If you want to exclude certain
307 classes of packets, it is more efficient to do it with
308 <application>iptables</application> than it is with
309 <application>Wireshark</application>.
310 </para>
311 </note>
312
313 </sect3>
314
315 </sect2>
316
317 <sect2 role="content">
318 <title>Contents</title>
319
320 <segmentedlist>
321 <segtitle>Installed Programs</segtitle>
322 <segtitle>Installed Libraries</segtitle>
323 <segtitle>Installed Directories</segtitle>
324
325 <seglistitem>
326 <seg>
327 capinfos, captype, dumpcap, editcap, idl2wrs,
328 mergecap, randpkt, rawshark, reordercap, sharkd,
329 text2pcap, tshark, and wireshark
330 </seg>
331 <seg>
332 libwireshark.so, libwiretap.so,
333 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
334 </seg>
335 <seg>
336 /usr/{include,lib,share}/wireshark and
337 /usr/share/doc/wireshark-&wireshark-version;
338 </seg>
339 </seglistitem>
340 </segmentedlist>
341
342 <variablelist>
343 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
344 <?dbfo list-presentation="list"?>
345 <?dbhtml list-presentation="table"?>
346
347 <varlistentry id="capinfos">
348 <term><command>capinfos</command></term>
349 <listitem>
350 <para>
351 reads a saved capture file and returns any or all of several
352 statistics about that file. It is able to detect and read any
353 capture supported by the <application>Wireshark</application>
354 package
355 </para>
356 <indexterm zone="wireshark capinfos">
357 <primary sortas="b-capinfos">capinfos</primary>
358 </indexterm>
359 </listitem>
360 </varlistentry>
361
362 <varlistentry id="captype">
363 <term><command>captype</command></term>
364 <listitem>
365 <para>
366 prints the file types of capture files
367 </para>
368 <indexterm zone="wireshark captype">
369 <primary sortas="b-captype">captype</primary>
370 </indexterm>
371 </listitem>
372 </varlistentry>
373
374 <varlistentry id="dumpcap">
375 <term><command>dumpcap</command></term>
376 <listitem>
377 <para>
378 is a network traffic dump tool. It lets you capture packet data
379 from a live network and write the packets to a file
380 </para>
381 <indexterm zone="wireshark dumpcap">
382 <primary sortas="b-dumpcap">dumpcap</primary>
383 </indexterm>
384 </listitem>
385 </varlistentry>
386
387 <varlistentry id="editcap">
388 <term><command>editcap</command></term>
389 <listitem>
390 <para>
391 edits and/or translates the format of capture files. It knows
392 how to read <application>libpcap</application> capture files,
393 including those of <command>tcpdump</command>,
394 <application>Wireshark</application> and other tools that write
395 captures in that format
396 </para>
397 <indexterm zone="wireshark editcap">
398 <primary sortas="b-editcap">editcap</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 <varlistentry id="idl2wrs">
404 <term><command>idl2wrs</command></term>
405 <listitem>
406 <para>
407 is a program that takes a user specified CORBA IDL file and
408 generates <quote>C</quote> source code for a
409 <application>Wireshark</application> <quote>plugin</quote>. It
410 relies on two Python programs <command>wireshark_be.py</command>
411 and <command>wireshark_gen.py</command>, which are not installed
412 by default. They have to be copied manually from the
413 <filename class="directory">tools</filename> directory to the
414 <filename class="directory">$PYTHONPATH/site-packages/</filename>
415 directory
416 </para>
417 <indexterm zone="wireshark idl2wrs">
418 <primary sortas="b-idl2wrs">idl2wrs</primary>
419 </indexterm>
420 </listitem>
421 </varlistentry>
422
423 <varlistentry id="mergecap">
424 <term><command>mergecap</command></term>
425 <listitem>
426 <para>
427 combines multiple saved capture files into a single output file
428 </para>
429 <indexterm zone="wireshark mergecap">
430 <primary sortas="b-mergecap">mergecap</primary>
431 </indexterm>
432 </listitem>
433 </varlistentry>
434
435 <varlistentry id="randpkt">
436 <term><command>randpkt</command></term>
437 <listitem>
438 <para>
439 creates random-packet capture files
440 </para>
441 <indexterm zone="wireshark randpkt">
442 <primary sortas="b-randpkt">randpkt</primary>
443 </indexterm>
444 </listitem>
445 </varlistentry>
446
447 <varlistentry id="rawshark">
448 <term><command>rawshark</command></term>
449 <listitem>
450 <para>
451 dumps and analyzes raw libpcap data
452 </para>
453 <indexterm zone="wireshark rawshark">
454 <primary sortas="b-rawshark">rawshark</primary>
455 </indexterm>
456 </listitem>
457 </varlistentry>
458
459 <varlistentry id="reordercap">
460 <term><command>reordercap</command></term>
461 <listitem>
462 <para>
463 reorders timestamps of input file frames into an output file
464 </para>
465 <indexterm zone="wireshark reordercap">
466 <primary sortas="b-reordercap">reordercap</primary>
467 </indexterm>
468 </listitem>
469 </varlistentry>
470
471 <varlistentry id="sharkd">
472 <term><command>sharkd</command></term>
473 <listitem>
474 <para>
475 is a daemon that listens on UNIX sockets
476 </para>
477 <indexterm zone="wireshark sharkd">
478 <primary sortas="b-sharkd">sharkd</primary>
479 </indexterm>
480 </listitem>
481 </varlistentry>
482
483 <varlistentry id="text2pcap">
484 <term><command>text2pcap</command></term>
485 <listitem>
486 <para>
487 reads in an ASCII hex dump and writes the data described into a
488 <application>libpcap</application>-style capture file
489 </para>
490 <indexterm zone="wireshark text2pcap">
491 <primary sortas="b-text2pcap">text2pcap</primary>
492 </indexterm>
493 </listitem>
494 </varlistentry>
495
496 <varlistentry id="tshark">
497 <term><command>tshark</command></term>
498 <listitem>
499 <para>
500 is a TTY-mode network protocol analyzer. It lets you capture
501 packet data from a live network or read packets from a
502 previously saved capture file
503 </para>
504 <indexterm zone="wireshark tshark">
505 <primary sortas="b-tshark">tshark</primary>
506 </indexterm>
507 </listitem>
508 </varlistentry>
509
510 <varlistentry id="wireshark-prog">
511 <term><command>wireshark</command></term>
512 <listitem>
513 <para>
514 is the Qt GUI network protocol analyzer. It lets you interactively
515 browse packet data from a live network or from a previously saved
516 capture file
517 </para>
518 <indexterm zone="wireshark wireshark-prog">
519 <primary sortas="b-wireshark">wireshark</primary>
520 </indexterm>
521 </listitem>
522 </varlistentry>
523<!-- seems to have disappeared
524 <varlistentry id="wireshark-gtk-prog">
525 <term><command>wireshark-gtk</command></term>
526 <listitem>
527 <para>
528 is the Gtk+ GUI network protocol analyzer. It lets you interactively
529 browse packet data from a live network or from a previously saved
530 capture file (optional).
531 </para>
532 <indexterm zone="wireshark wireshark-gtk-prog">
533 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
534 </indexterm>
535 </listitem>
536 </varlistentry>
537-->
538 <varlistentry id="libwireshark">
539 <term><filename class="libraryfile">libwireshark.so</filename></term>
540 <listitem>
541 <para>
542 contains functions used by the <application>Wireshark</application>
543 programs to perform filtering and packet capturing
544 </para>
545 <indexterm zone="wireshark libwireshark">
546 <primary sortas="c-libwireshark">libwireshark.so</primary>
547 </indexterm>
548 </listitem>
549 </varlistentry>
550
551 <varlistentry id="libwiretap">
552 <term><filename class="libraryfile">libwiretap.so</filename></term>
553 <listitem>
554 <para>
555 is a library being developed as a future replacement for
556 <filename class="libraryfile">libpcap</filename>, the current
557 standard Unix library for packet capturing. For more information,
558 see the <filename>README</filename> file in the source
559 <filename class="directory">wiretap</filename> directory
560 </para>
561 <indexterm zone="wireshark libwiretap">
562 <primary sortas="c-libwiretap">libwiretap.so</primary>
563 </indexterm>
564 </listitem>
565 </varlistentry>
566
567 </variablelist>
568
569 </sect2>
570
571</sect1>
Note: See TracBrowser for help on using the repository browser.