Context Navigation

source: networking/netutils/wireshark.xml@ 4fcfbb92

Visit:

12.1 12.2 gimp3 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/for-12.3 xry111/llvm18 xry111/spidermonkey128

Last change on this file since 4fcfbb92 was f1757108, checked in by Pierre Labastie <pierre.labastie@…>, 11 months ago
Fix wireshark for python-3.12
Property mode set to `100644`
File size: 19.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "29d710e0cf96e26005bd13b9d1cd9384">
10	<!ENTITY wireshark-size "41 MB">
11	<!ENTITY wireshark-buildsize "822 MB (with all optional dependencies available in the BLFS book)">
12	<!ENTITY wireshark-time "2.3 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs120_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<listitem>
90	<para>
91	Required patch to build with Python-3.12:
92	<ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
93	</para>
94	</listitem>
95	<listitem>
96	<para>
97	Additional Documentation:
98	<ulink url="https://www.wireshark.org/download/docs/"/>
99	(contains links to several different docs in a variety of formats)
100	</para>
101	</listitem>
102	</itemizedlist>
103
104	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
105
106	<bridgehead renderas="sect4">Required</bridgehead>
107	<para role="required">
108	<xref linkend="cmake"/>,
109	<xref linkend="c-ares"/>,
110	<xref linkend="glib2"/>,
111	<xref linkend="libgcrypt"/>, and
112	(<xref linkend="qt5"/> or
113	<xref role="nodep" linkend="qt5-components"/> with qtmultimedia)
114	</para>
115
116	<bridgehead renderas="sect4">Recommended</bridgehead>
117	<para role="recommended">
118	<xref linkend="libpcap"/> (required to capture data)
119	</para>
120
121	<bridgehead renderas="sect4">Optional</bridgehead>
122	<para role="optional">
123	<xref linkend="asciidoctor"/>,
124	<xref linkend="brotli"/>,
125	<xref linkend="doxygen"/>,
126	<xref linkend="git"/>,
127	<xref linkend="gnutls"/>,
128	<xref linkend="libnl"/>,
129	<xref linkend="libxslt"/>,
130	<xref linkend="libxml2"/>,
131	<xref linkend="lua52"/>,
132	<xref linkend="mitkrb"/>,
133	<xref linkend="nghttp2"/>,
134	<xref linkend="sbc"/>,
135	<xref linkend="speex"/>,
136	<!--<ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,-->
137	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
138	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
139	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
140	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
141	<ulink url="https://www.libssh.org/">libssh</ulink>,
142	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
143	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
144	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
145	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
146	</para>
147
148
149	</sect2>
150
151	<sect2 role="kernel" id="wireshark-kernel">
152	<title>Kernel Configuration</title>
153
154	<para>
155	The kernel must have the Packet protocol enabled for <application>
156	Wireshark</application> to capture live packets from the network:
157	</para>
158
159	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
160	href="wireshark-kernel.xml"/>
161
162	<para>
163	If built as a module, the name is <filename>af_packet.ko</filename>.
164	</para>
165
166	<indexterm zone="wireshark wireshark-kernel">
167	<primary sortas="d-Capturing-network-packets">
168	Capturing network packets
169	</primary>
170	</indexterm>
171
172	</sect2>
173
174	<sect2 role="installation">
175	<title>Installation of Wireshark</title>
176
177	<para>
178	<application>Wireshark</application> is a very large and complex
179	application. These instructions provide additional security measures to
180	ensure that only trusted users are allowed to view network traffic. First,
181	set up a system group for wireshark. As the <systemitem
182	class="username">root</systemitem> user:
183	</para>
184
185	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
186
187	<para>
188	Fix building with Python-3.12 and higher:
189	</para>
190
191	<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-py_3.12_fix-1.patch</userinput></screen>
192
193	<para>
194	Continue to install <application>Wireshark</application> by running
195	the following commands:
196	</para>
197
198	<screen><userinput>mkdir build &&
199	cd build &&
200
201	cmake -DCMAKE_INSTALL_PREFIX=/usr \
202	-DCMAKE_BUILD_TYPE=Release \
203	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
204	-G Ninja \
205	.. &&
206	ninja</userinput></screen>
207
208	<para>
209	This package does not come with a test suite.
210	</para>
211
212	<para>
213	Now, as the <systemitem class="username">root</systemitem> user:
214	</para>
215
216	<screen role="root"><userinput>ninja install &&
217
218	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
219	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
220	/usr/share/doc/wireshark-&wireshark-version; &&
221
222	pushd /usr/share/doc/wireshark-&wireshark-version; &&
223	for FILENAME in ../../wireshark/*.html; do
224	ln -s -v -f $FILENAME .
225	done &&
226	popd
227	unset FILENAME</userinput></screen>
228
229	<para>
230	If you downloaded any of the documentation files from the page
231	listed in the 'Additional Downloads', install them by issuing the
232	following commands as the <systemitem class="username">root</systemitem>
233	user:
234	</para>
235
236	<screen role="root"
237	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
238	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
239
240	<para>
241	Now, set ownership and permissions of sensitive applications to only
242	allow authorized users. As the <systemitem class="username">root
243	</systemitem> user:
244	</para>
245
246	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
247	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
248
249	<para>
250	Finally, add any users to the wireshark group (as <systemitem class=
251	"username">root</systemitem> user):
252	</para>
253
254	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
255
256	<para>
257	If you are installing wireshark for the first time, it will be necessary
258	to logout of your session and login again. This will put wireshark in your
259	groups, because otherwise Wireshark will not function properly.
260	</para>
261
262	</sect2>
263	<!--
264	<sect2 role="commands">
265	<title>Command Explanations</title>
266
267	<para>
268	<option>- -disable-wireshark</option>: Use this switch if you
269	have <application>Qt</application> installed but do not want to build
270	any of the GUIs.
271	</para>
272	</sect2>
273	-->
274
275	<sect2 role="configuration">
276	<title>Configuring Wireshark</title>
277
278	<sect3 id="wireshark-config">
279	<title>Config Files</title>
280
281	<para>
282	<filename>/etc/wireshark.conf</filename> and
283	<filename>~/.config/wireshark/*</filename> (unless there is already
284	<filename>~/.wireshark/*</filename> in the system)
285	</para>
286
287	<indexterm zone="wireshark wireshark-config">
288	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
289	</indexterm>
290
291	<indexterm zone="wireshark wireshark-config">
292	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
293	</indexterm>
294
295	</sect3>
296
297	<sect3>
298	<title>Configuration Information</title>
299
300	<para>
301	Though the default configuration parameters are very sane, reference
302	the configuration section of the <ulink url=
303	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
304	</ulink> for configuration information. Most of <application>Wireshark
305	</application>'s configuration can be accomplished
306	using the menu options of the <command>wireshark</command> graphical
307	interfaces.
308	</para>
309
310	<note>
311	<para>
312	If you want to look at packets, make sure you don't filter them
313	out with <xref linkend="iptables"/>. If you want to exclude certain
314	classes of packets, it is more efficient to do it with
315	<application>iptables</application> than it is with
316	<application>Wireshark</application>.
317	</para>
318	</note>
319
320	</sect3>
321
322	</sect2>
323
324	<sect2 role="content">
325	<title>Contents</title>
326
327	<segmentedlist>
328	<segtitle>Installed Programs</segtitle>
329	<segtitle>Installed Libraries</segtitle>
330	<segtitle>Installed Directories</segtitle>
331
332	<seglistitem>
333	<seg>
334	capinfos, captype, dumpcap, editcap, idl2wrs,
335	mergecap, randpkt, rawshark, reordercap, sharkd,
336	text2pcap, tshark, and wireshark
337	</seg>
338	<seg>
339	libwireshark.so, libwiretap.so,
340	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
341	</seg>
342	<seg>
343	/usr/{include,lib,share}/wireshark and
344	/usr/share/doc/wireshark-&wireshark-version;
345	</seg>
346	</seglistitem>
347	</segmentedlist>
348
349	<variablelist>
350	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
351	<?dbfo list-presentation="list"?>
352	<?dbhtml list-presentation="table"?>
353
354	<varlistentry id="capinfos">
355	<term><command>capinfos</command></term>
356	<listitem>
357	<para>
358	reads a saved capture file and returns any or all of several
359	statistics about that file. It is able to detect and read any
360	capture supported by the <application>Wireshark</application>
361	package
362	</para>
363	<indexterm zone="wireshark capinfos">
364	<primary sortas="b-capinfos">capinfos</primary>
365	</indexterm>
366	</listitem>
367	</varlistentry>
368
369	<varlistentry id="captype">
370	<term><command>captype</command></term>
371	<listitem>
372	<para>
373	prints the file types of capture files
374	</para>
375	<indexterm zone="wireshark captype">
376	<primary sortas="b-captype">captype</primary>
377	</indexterm>
378	</listitem>
379	</varlistentry>
380
381	<varlistentry id="dumpcap">
382	<term><command>dumpcap</command></term>
383	<listitem>
384	<para>
385	is a network traffic dump tool. It lets you capture packet data
386	from a live network and write the packets to a file
387	</para>
388	<indexterm zone="wireshark dumpcap">
389	<primary sortas="b-dumpcap">dumpcap</primary>
390	</indexterm>
391	</listitem>
392	</varlistentry>
393
394	<varlistentry id="editcap">
395	<term><command>editcap</command></term>
396	<listitem>
397	<para>
398	edits and/or translates the format of capture files. It knows
399	how to read <application>libpcap</application> capture files,
400	including those of <command>tcpdump</command>,
401	<application>Wireshark</application> and other tools that write
402	captures in that format
403	</para>
404	<indexterm zone="wireshark editcap">
405	<primary sortas="b-editcap">editcap</primary>
406	</indexterm>
407	</listitem>
408	</varlistentry>
409
410	<varlistentry id="idl2wrs">
411	<term><command>idl2wrs</command></term>
412	<listitem>
413	<para>
414	is a program that takes a user specified CORBA IDL file and
415	generates <quote>C</quote> source code for a
416	<application>Wireshark</application> <quote>plugin</quote>. It
417	relies on two Python programs <command>wireshark_be.py</command>
418	and <command>wireshark_gen.py</command>, which are not installed
419	by default. They have to be copied manually from the
420	<filename class="directory">tools</filename> directory to the
421	<filename class="directory">$PYTHONPATH/site-packages/</filename>
422	directory
423	</para>
424	<indexterm zone="wireshark idl2wrs">
425	<primary sortas="b-idl2wrs">idl2wrs</primary>
426	</indexterm>
427	</listitem>
428	</varlistentry>
429
430	<varlistentry id="mergecap">
431	<term><command>mergecap</command></term>
432	<listitem>
433	<para>
434	combines multiple saved capture files into a single output file
435	</para>
436	<indexterm zone="wireshark mergecap">
437	<primary sortas="b-mergecap">mergecap</primary>
438	</indexterm>
439	</listitem>
440	</varlistentry>
441
442	<varlistentry id="randpkt">
443	<term><command>randpkt</command></term>
444	<listitem>
445	<para>
446	creates random-packet capture files
447	</para>
448	<indexterm zone="wireshark randpkt">
449	<primary sortas="b-randpkt">randpkt</primary>
450	</indexterm>
451	</listitem>
452	</varlistentry>
453
454	<varlistentry id="rawshark">
455	<term><command>rawshark</command></term>
456	<listitem>
457	<para>
458	dumps and analyzes raw libpcap data
459	</para>
460	<indexterm zone="wireshark rawshark">
461	<primary sortas="b-rawshark">rawshark</primary>
462	</indexterm>
463	</listitem>
464	</varlistentry>
465
466	<varlistentry id="reordercap">
467	<term><command>reordercap</command></term>
468	<listitem>
469	<para>
470	reorders timestamps of input file frames into an output file
471	</para>
472	<indexterm zone="wireshark reordercap">
473	<primary sortas="b-reordercap">reordercap</primary>
474	</indexterm>
475	</listitem>
476	</varlistentry>
477
478	<varlistentry id="sharkd">
479	<term><command>sharkd</command></term>
480	<listitem>
481	<para>
482	is a daemon that listens on UNIX sockets
483	</para>
484	<indexterm zone="wireshark sharkd">
485	<primary sortas="b-sharkd">sharkd</primary>
486	</indexterm>
487	</listitem>
488	</varlistentry>
489
490	<varlistentry id="text2pcap">
491	<term><command>text2pcap</command></term>
492	<listitem>
493	<para>
494	reads in an ASCII hex dump and writes the data described into a
495	<application>libpcap</application>-style capture file
496	</para>
497	<indexterm zone="wireshark text2pcap">
498	<primary sortas="b-text2pcap">text2pcap</primary>
499	</indexterm>
500	</listitem>
501	</varlistentry>
502
503	<varlistentry id="tshark">
504	<term><command>tshark</command></term>
505	<listitem>
506	<para>
507	is a TTY-mode network protocol analyzer. It lets you capture
508	packet data from a live network or read packets from a
509	previously saved capture file
510	</para>
511	<indexterm zone="wireshark tshark">
512	<primary sortas="b-tshark">tshark</primary>
513	</indexterm>
514	</listitem>
515	</varlistentry>
516
517	<varlistentry id="wireshark-prog">
518	<term><command>wireshark</command></term>
519	<listitem>
520	<para>
521	is the Qt GUI network protocol analyzer. It lets you interactively
522	browse packet data from a live network or from a previously saved
523	capture file
524	</para>
525	<indexterm zone="wireshark wireshark-prog">
526	<primary sortas="b-wireshark">wireshark</primary>
527	</indexterm>
528	</listitem>
529	</varlistentry>
530	<!-- seems to have disappeared
531	<varlistentry id="wireshark-gtk-prog">
532	<term><command>wireshark-gtk</command></term>
533	<listitem>
534	<para>
535	is the Gtk+ GUI network protocol analyzer. It lets you interactively
536	browse packet data from a live network or from a previously saved
537	capture file (optional).
538	</para>
539	<indexterm zone="wireshark wireshark-gtk-prog">
540	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
541	</indexterm>
542	</listitem>
543	</varlistentry>
544	-->
545	<varlistentry id="libwireshark">
546	<term><filename class="libraryfile">libwireshark.so</filename></term>
547	<listitem>
548	<para>
549	contains functions used by the <application>Wireshark</application>
550	programs to perform filtering and packet capturing
551	</para>
552	<indexterm zone="wireshark libwireshark">
553	<primary sortas="c-libwireshark">libwireshark.so</primary>
554	</indexterm>
555	</listitem>
556	</varlistentry>
557
558	<varlistentry id="libwiretap">
559	<term><filename class="libraryfile">libwiretap.so</filename></term>
560	<listitem>
561	<para>
562	is a library being developed as a future replacement for
563	<filename class="libraryfile">libpcap</filename>, the current
564	standard Unix library for packet capturing. For more information,
565	see the <filename>README</filename> file in the source
566	<filename class="directory">wiretap</filename> directory
567	</para>
568	<indexterm zone="wireshark libwiretap">
569	<primary sortas="c-libwiretap">libwiretap.so</primary>
570	</indexterm>
571	</listitem>
572	</varlistentry>
573
574	</variablelist>
575
576	</sect2>
577
578	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: