Context Navigation

wireshark.xml@ 48aa301

Visit:

trunk

Last change on this file since 48aa301 was 6ba3ab5, checked in by Xi Ruoyao <xry111@…>, 6 weeks ago

bookwide: Remove external references for lz4

Now lz4 is in LFS. Also remove switches for building without lz4.

Property mode set to 100644

File size: 19.8 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "6c773f66b127ea1928d43b96d0e28098">
10	<!ENTITY wireshark-size "43 MB">
11	<!ENTITY wireshark-buildsize "915 MB (with all optional dependencies available in the BLFS book; 170 MB installed)">
12	<!ENTITY wireshark-time "2.9 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs121_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<!--
90	<listitem>
91	<para>
92	Required patch to build with Python-3.12:
93	<ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
94	</para>
95	</listitem>
96	-->
97	<listitem>
98	<para>
99	Additional Documentation:
100	<ulink url="https://www.wireshark.org/download/docs/"/>
101	(contains links to several different docs in a variety of formats)
102	</para>
103	</listitem>
104	</itemizedlist>
105
106	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
107
108	<bridgehead renderas="sect4">Required</bridgehead>
109	<para role="required">
110	<xref linkend="cmake"/>,
111	<xref linkend="c-ares"/>,
112	<xref linkend="glib2"/>,
113	<xref linkend="libgcrypt"/>, and
114	<xref linkend="qt6"/>
115	</para>
116
117	<note>
118	<para>
119	<xref linkend="qt6"/> is not strictly required, since it can be
120	replaced with <application>Qt5</application>. See <quote>Command
121	explanations</quote> below.
122	</para>
123	</note>
124
125	<bridgehead renderas="sect4">Recommended</bridgehead>
126	<para role="recommended">
127	<xref linkend="libpcap"/> (required to capture data)
128	</para>
129
130	<bridgehead renderas="sect4">Optional</bridgehead>
131	<para role="optional">
132	<xref linkend="asciidoctor"/>,
133	<xref linkend="brotli"/>,
134	<xref linkend="doxygen"/>,
135	<xref linkend="git"/>,
136	<xref linkend="gnutls"/>,
137	<xref linkend="libnl"/>,
138	<xref linkend="libxslt"/>,
139	<xref linkend="libxml2"/>,
140	<xref linkend="lua52"/>,
141	<xref linkend="mitkrb"/>,
142	<xref linkend="nghttp2"/>,
143	(<xref linkend="qt5"/> or
144	<xref role="nodep" linkend="qt5-components"/> with qtmultimedia)
145	(required if <xref role="nodep" linkend="qt6"/> is not installed),
146	<xref linkend="sbc"/>,
147	<xref linkend="speex"/>,
148	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
149	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
150	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
151	<ulink url="https://www.libssh.org/">libssh</ulink>,
152	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
153	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
154	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
155	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
156	</para>
157
158
159	</sect2>
160
161	<sect2 role="kernel" id="wireshark-kernel">
162	<title>Kernel Configuration</title>
163
164	<para>
165	The kernel must have the Packet protocol enabled for <application>
166	Wireshark</application> to capture live packets from the network:
167	</para>
168
169	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
170	href="wireshark-kernel.xml"/>
171
172	<para>
173	If built as a module, the name is <filename>af_packet.ko</filename>.
174	</para>
175
176	<indexterm zone="wireshark wireshark-kernel">
177	<primary sortas="d-Capturing-network-packets">
178	Capturing network packets
179	</primary>
180	</indexterm>
181
182	</sect2>
183
184	<sect2 role="installation">
185	<title>Installation of Wireshark</title>
186
187	<para>
188	<application>Wireshark</application> is a very large and complex
189	application. These instructions provide additional security measures to
190	ensure that only trusted users are allowed to view network traffic. First,
191	set up a system group for wireshark. As the <systemitem
192	class="username">root</systemitem> user:
193	</para>
194
195	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
196
197	<para>
198	Continue to install <application>Wireshark</application> by running
199	the following commands:
200	</para>
201
202	<screen><userinput>mkdir build &&
203	cd build &&
204
205	cmake -DCMAKE_INSTALL_PREFIX=/usr \
206	-DCMAKE_BUILD_TYPE=Release \
207	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
208	-G Ninja \
209	.. &&
210	ninja</userinput></screen>
211
212	<para>
213	This package does not come with a test suite.
214	</para>
215
216	<para>
217	Now, as the <systemitem class="username">root</systemitem> user:
218	</para>
219
220	<screen role="root"><userinput>ninja install &&
221
222	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
223	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
224	/usr/share/doc/wireshark-&wireshark-version; &&
225
226	pushd /usr/share/doc/wireshark-&wireshark-version; &&
227	for FILENAME in ../../wireshark/*.html; do
228	ln -s -v -f $FILENAME .
229	done &&
230	popd
231	unset FILENAME</userinput></screen>
232
233	<para>
234	If you downloaded any of the documentation files from the page
235	listed in the 'Additional Downloads', install them by issuing the
236	following commands as the <systemitem class="username">root</systemitem>
237	user:
238	</para>
239
240	<screen role="root"
241	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
242	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
243
244	<para>
245	Now, set ownership and permissions of sensitive applications to only
246	allow authorized users. As the <systemitem class="username">root
247	</systemitem> user:
248	</para>
249
250	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
251	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
252
253	<para>
254	Finally, add any users to the wireshark group (as <systemitem class=
255	"username">root</systemitem> user):
256	</para>
257
258	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
259
260	<para>
261	If you are installing wireshark for the first time, it will be necessary
262	to logout of your session and login again. This will put wireshark in your
263	groups, because otherwise Wireshark will not function properly.
264	</para>
265
266	</sect2>
267
268	<sect2 role="commands">
269	<title>Command Explanations</title>
270
271	<para>
272	<option>-DUSE_qt6=OFF</option>: Use this switch if
273	<xref linkend="qt6"/> is not available. You'll need
274	<xref linkend="qt5"/> or at least <xref linkend="qt5-components"/>
275	with qtmultimedia in this case.
276	</para>
277	<!--
278	<para>
279	<option>- -disable-wireshark</option>: Use this switch if you
280	have <application>Qt</application> installed but do not want to build
281	any of the GUIs.
282	</para>
283	-->
284	</sect2>
285
286	<sect2 role="configuration">
287	<title>Configuring Wireshark</title>
288
289	<sect3 id="wireshark-config">
290	<title>Config Files</title>
291
292	<para>
293	<filename>/etc/wireshark.conf</filename> and
294	<filename>~/.config/wireshark/*</filename> (unless there is already
295	<filename>~/.wireshark/*</filename> in the system)
296	</para>
297
298	<indexterm zone="wireshark wireshark-config">
299	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
300	</indexterm>
301
302	<indexterm zone="wireshark wireshark-config">
303	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
304	</indexterm>
305
306	</sect3>
307
308	<sect3>
309	<title>Configuration Information</title>
310
311	<para>
312	Though the default configuration parameters are very sane, reference
313	the configuration section of the <ulink url=
314	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
315	</ulink> for configuration information. Most of <application>Wireshark
316	</application>'s configuration can be accomplished
317	using the menu options of the <command>wireshark</command> graphical
318	interfaces.
319	</para>
320
321	<note>
322	<para>
323	If you want to look at packets, make sure you don't filter them
324	out with <xref linkend="iptables"/>. If you want to exclude certain
325	classes of packets, it is more efficient to do it with
326	<application>iptables</application> than it is with
327	<application>Wireshark</application>.
328	</para>
329	</note>
330
331	</sect3>
332
333	</sect2>
334
335	<sect2 role="content">
336	<title>Contents</title>
337
338	<segmentedlist>
339	<segtitle>Installed Programs</segtitle>
340	<segtitle>Installed Libraries</segtitle>
341	<segtitle>Installed Directories</segtitle>
342
343	<seglistitem>
344	<seg>
345	capinfos, captype, dumpcap, editcap, idl2wrs,
346	mergecap, randpkt, rawshark, reordercap, sharkd,
347	text2pcap, tshark, and wireshark
348	</seg>
349	<seg>
350	libwireshark.so, libwiretap.so,
351	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
352	</seg>
353	<seg>
354	/usr/{lib,share}/wireshark and
355	/usr/share/doc/wireshark-&wireshark-version;
356	</seg>
357	</seglistitem>
358	</segmentedlist>
359
360	<variablelist>
361	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
362	<?dbfo list-presentation="list"?>
363	<?dbhtml list-presentation="table"?>
364
365	<varlistentry id="capinfos">
366	<term><command>capinfos</command></term>
367	<listitem>
368	<para>
369	reads a saved capture file and returns any or all of several
370	statistics about that file. It is able to detect and read any
371	capture supported by the <application>Wireshark</application>
372	package
373	</para>
374	<indexterm zone="wireshark capinfos">
375	<primary sortas="b-capinfos">capinfos</primary>
376	</indexterm>
377	</listitem>
378	</varlistentry>
379
380	<varlistentry id="captype">
381	<term><command>captype</command></term>
382	<listitem>
383	<para>
384	prints the file types of capture files
385	</para>
386	<indexterm zone="wireshark captype">
387	<primary sortas="b-captype">captype</primary>
388	</indexterm>
389	</listitem>
390	</varlistentry>
391
392	<varlistentry id="dumpcap">
393	<term><command>dumpcap</command></term>
394	<listitem>
395	<para>
396	is a network traffic dump tool. It lets you capture packet data
397	from a live network and write the packets to a file
398	</para>
399	<indexterm zone="wireshark dumpcap">
400	<primary sortas="b-dumpcap">dumpcap</primary>
401	</indexterm>
402	</listitem>
403	</varlistentry>
404
405	<varlistentry id="editcap">
406	<term><command>editcap</command></term>
407	<listitem>
408	<para>
409	edits and/or translates the format of capture files. It knows
410	how to read <application>libpcap</application> capture files,
411	including those of <command>tcpdump</command>,
412	<application>Wireshark</application> and other tools that write
413	captures in that format
414	</para>
415	<indexterm zone="wireshark editcap">
416	<primary sortas="b-editcap">editcap</primary>
417	</indexterm>
418	</listitem>
419	</varlistentry>
420
421	<varlistentry id="idl2wrs">
422	<term><command>idl2wrs</command></term>
423	<listitem>
424	<para>
425	is a program that takes a user specified CORBA IDL file and
426	generates <quote>C</quote> source code for a
427	<application>Wireshark</application> <quote>plugin</quote>. It
428	relies on two Python programs <command>wireshark_be.py</command>
429	and <command>wireshark_gen.py</command>, which are not installed
430	by default. They have to be copied manually from the
431	<filename class="directory">tools</filename> directory to the
432	<filename class="directory">$PYTHONPATH/site-packages/</filename>
433	directory
434	</para>
435	<indexterm zone="wireshark idl2wrs">
436	<primary sortas="b-idl2wrs">idl2wrs</primary>
437	</indexterm>
438	</listitem>
439	</varlistentry>
440
441	<varlistentry id="mergecap">
442	<term><command>mergecap</command></term>
443	<listitem>
444	<para>
445	combines multiple saved capture files into a single output file
446	</para>
447	<indexterm zone="wireshark mergecap">
448	<primary sortas="b-mergecap">mergecap</primary>
449	</indexterm>
450	</listitem>
451	</varlistentry>
452
453	<varlistentry id="randpkt">
454	<term><command>randpkt</command></term>
455	<listitem>
456	<para>
457	creates random-packet capture files
458	</para>
459	<indexterm zone="wireshark randpkt">
460	<primary sortas="b-randpkt">randpkt</primary>
461	</indexterm>
462	</listitem>
463	</varlistentry>
464
465	<varlistentry id="rawshark">
466	<term><command>rawshark</command></term>
467	<listitem>
468	<para>
469	dumps and analyzes raw libpcap data
470	</para>
471	<indexterm zone="wireshark rawshark">
472	<primary sortas="b-rawshark">rawshark</primary>
473	</indexterm>
474	</listitem>
475	</varlistentry>
476
477	<varlistentry id="reordercap">
478	<term><command>reordercap</command></term>
479	<listitem>
480	<para>
481	reorders timestamps of input file frames into an output file
482	</para>
483	<indexterm zone="wireshark reordercap">
484	<primary sortas="b-reordercap">reordercap</primary>
485	</indexterm>
486	</listitem>
487	</varlistentry>
488
489	<varlistentry id="sharkd">
490	<term><command>sharkd</command></term>
491	<listitem>
492	<para>
493	is a daemon that listens on UNIX sockets
494	</para>
495	<indexterm zone="wireshark sharkd">
496	<primary sortas="b-sharkd">sharkd</primary>
497	</indexterm>
498	</listitem>
499	</varlistentry>
500
501	<varlistentry id="text2pcap">
502	<term><command>text2pcap</command></term>
503	<listitem>
504	<para>
505	reads in an ASCII hex dump and writes the data described into a
506	<application>libpcap</application>-style capture file
507	</para>
508	<indexterm zone="wireshark text2pcap">
509	<primary sortas="b-text2pcap">text2pcap</primary>
510	</indexterm>
511	</listitem>
512	</varlistentry>
513
514	<varlistentry id="tshark">
515	<term><command>tshark</command></term>
516	<listitem>
517	<para>
518	is a TTY-mode network protocol analyzer. It lets you capture
519	packet data from a live network or read packets from a
520	previously saved capture file
521	</para>
522	<indexterm zone="wireshark tshark">
523	<primary sortas="b-tshark">tshark</primary>
524	</indexterm>
525	</listitem>
526	</varlistentry>
527
528	<varlistentry id="wireshark-prog">
529	<term><command>wireshark</command></term>
530	<listitem>
531	<para>
532	is the Qt GUI network protocol analyzer. It lets you interactively
533	browse packet data from a live network or from a previously saved
534	capture file
535	</para>
536	<indexterm zone="wireshark wireshark-prog">
537	<primary sortas="b-wireshark">wireshark</primary>
538	</indexterm>
539	</listitem>
540	</varlistentry>
541	<!-- seems to have disappeared
542	<varlistentry id="wireshark-gtk-prog">
543	<term><command>wireshark-gtk</command></term>
544	<listitem>
545	<para>
546	is the Gtk+ GUI network protocol analyzer. It lets you interactively
547	browse packet data from a live network or from a previously saved
548	capture file (optional).
549	</para>
550	<indexterm zone="wireshark wireshark-gtk-prog">
551	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
552	</indexterm>
553	</listitem>
554	</varlistentry>
555	-->
556	<varlistentry id="libwireshark">
557	<term><filename class="libraryfile">libwireshark.so</filename></term>
558	<listitem>
559	<para>
560	contains functions used by the <application>Wireshark</application>
561	programs to perform filtering and packet capturing
562	</para>
563	<indexterm zone="wireshark libwireshark">
564	<primary sortas="c-libwireshark">libwireshark.so</primary>
565	</indexterm>
566	</listitem>
567	</varlistentry>
568
569	<varlistentry id="libwiretap">
570	<term><filename class="libraryfile">libwiretap.so</filename></term>
571	<listitem>
572	<para>
573	is a library being developed as a future replacement for
574	<filename class="libraryfile">libpcap</filename>, the current
575	standard Unix library for packet capturing. For more information,
576	see the <filename>README</filename> file in the source
577	<filename class="directory">wiretap</filename> directory
578	</para>
579	<indexterm zone="wireshark libwiretap">
580	<primary sortas="c-libwiretap">libwiretap.so</primary>
581	</indexterm>
582	</listitem>
583	</varlistentry>
584
585	</variablelist>
586
587	</sect2>
588
589	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark.xml@ 48aa301

Download in other formats: