source: networking/netutils/wireshark.xml@ 5c2345ff

10.0 10.1 11.0 9.0 9.1 ken/refactor-virt lazarus qt5new trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 5c2345ff was 5c2345ff, checked in by Douglas R. Reno <renodr@…>, 3 years ago

Update to gvfs-1.40.0
Update to cheese-3.32.1
Update to evolution-data-server-3.32.1
Update to cifs-utils-6.9 (in preparation for Samba-4.10.2)
Wireshark: Say libxslt instead of libxslt-lib because of formatting. I have no objections to this being reverted, it's just a style preference.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@21442 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 18.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "258d62ac7434d126dc497303c8f7961b">
10 <!ENTITY wireshark-size "30 MB">
11 <!ENTITY wireshark-buildsize "553 GB (with all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "2.3 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13]>
14
15<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16 <?dbhtml filename="wireshark.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Wireshark-&wireshark-version;</title>
24
25 <indexterm zone="wireshark">
26 <primary sortas="a-Wireshark">Wireshark</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Wireshark</title>
31
32 <para>
33 The <application>Wireshark</application> package contains a network
34 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35 for analyzing data captured <quote>off the wire</quote> from a live
36 network connection, or data read from a capture file.
37 </para>
38
39 <para>
40 <application>Wireshark</application> provides both a graphical and a
41 TTY-mode front-end for examining captured network packets from over 500
42 protocols, as well as the capability to read capture files from many
43 other popular network analyzers.
44 </para>
45
46 &lfs84_checked;
47
48 <bridgehead renderas="sect3">Package Information</bridgehead>
49 <itemizedlist spacing="compact">
50 <listitem>
51 <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52 </listitem>
53 <listitem>
54 <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55 </listitem>
56 <listitem>
57 <para>Download MD5 sum: &wireshark-md5sum;</para>
58 </listitem>
59 <listitem>
60 <para>Download size: &wireshark-size;</para>
61 </listitem>
62 <listitem>
63 <para>Estimated disk space required: &wireshark-buildsize;</para>
64 </listitem>
65 <listitem>
66 <para>Estimated build time: &wireshark-time;</para>
67 </listitem>
68 </itemizedlist>
69
70 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
71 <itemizedlist spacing="compact">
72 <listitem>
73 <para>
74 Additional Documentation:
75 <ulink url="https://www.wireshark.org/download/docs/"/>
76 (contains links to several different docs in a variety of formats)
77 </para>
78 </listitem>
79 </itemizedlist>
80
81 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
82
83 <bridgehead renderas="sect4">Required</bridgehead>
84 <para role="required">
85 <xref linkend="glib2"/>,
86 <xref linkend="libgcrypt"/>, and
87 <xref linkend="qt5"/>
88 </para>
89
90 <bridgehead renderas="sect4">Recommended</bridgehead>
91 <para role="recommended">
92 <xref linkend="libpcap"/> (required to capture data), and
93 </para>
94
95 <bridgehead renderas="sect4">Optional</bridgehead>
96 <para role="optional">
97 <xref linkend="c-ares"/>,
98 <xref linkend="doxygen"/>,
99 <xref linkend="git"/>,
100 <xref linkend="gnutls"/>,
101 <xref linkend="libnl"/>,
102 <xref linkend="libxslt"/>,
103 <xref linkend="libxml2"/>,
104 <xref linkend="lua52"/>,
105 <xref linkend="mitkrb"/>,
106 <xref linkend="nghttp2"/>,
107 <xref linkend="sbc"/>,
108 <ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,
109 <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
110 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
111 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
112 <ulink url="https://www.libssh.org/">libssh</ulink>,
113 <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
114 <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
115 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
116 </para>
117
118 <para condition="html" role="usernotes">
119 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
120 </para>
121
122 </sect2>
123
124 <sect2 role="kernel" id="wireshark-kernel">
125 <title>Kernel Configuration</title>
126
127 <para>
128 The kernel must have the Packet protocol enabled for <application>
129 Wireshark</application> to capture live packets from the network:
130 </para>
131
132<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
133 Networking options ---&gt;
134 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
135
136 <para>
137 If built as a module, the name is <filename>af_packet.ko</filename>.
138 </para>
139
140 <indexterm zone="wireshark wireshark-kernel">
141 <primary sortas="d-Capturing-network-packets">
142 Capturing network packets
143 </primary>
144 </indexterm>
145
146 </sect2>
147
148 <sect2 role="installation">
149 <title>Installation of Wireshark</title>
150
151 <para>
152 <application>Wireshark</application> is a very large and complex
153 application. These instructions provide additional security measures to
154 ensure that only trusted users are allowed to view network traffic. First,
155 set up a system group for wireshark. As the <systemitem
156 class="username">root</systemitem> user:
157 </para>
158
159<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
160
161 <para>
162 Continue to install <application>Wireshark</application> by running
163 the following commands:
164 </para>
165
166<screen><userinput>mkdir build &amp;&amp;
167cd build &amp;&amp;
168
169cmake -DCMAKE_INSTALL_PREFIX=/usr \
170 -DCMAKE_BUILD_TYPE=Release \
171 -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/PROGRAM=wireshark-&wireshark-version; \
172 -G Ninja \
173 .. &amp;&amp;
174ninja</userinput></screen>
175
176 <para>
177 This package does not come with a test suite.
178 </para>
179
180 <para>
181 Now, as the <systemitem class="username">root</systemitem> user:
182 </para>
183
184<screen role="root"><userinput>ninja install &amp;&amp;
185
186install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
187install -v -m644 README.linux doc/README.* doc/{*.pod,randpkt.txt} \
188 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
189
190pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
191 for FILENAME in ../../wireshark/*.html; do
192 ln -s -v -f $FILENAME .
193 done &amp;&amp;
194popd
195unset FILENAME</userinput></screen>
196
197 <para>
198 If you downloaded any of the documentation files from the page
199 listed in the 'Additional Downloads', install them by issuing the
200 following commands as the <systemitem class="username">root</systemitem>
201 user:
202 </para>
203
204<screen role="root"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
205 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
206
207 <para>
208 Now, set ownership and permissions of sensitive applications to only
209 allow authorized users. As the <systemitem class="username">root
210 </systemitem> user:
211 </para>
212
213<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
214chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
215
216 <para>
217 Finally, add any users to the wireshark group (as <systemitem class=
218 "username">root</systemitem> user):
219 </para>
220
221<screen role="root"><userinput>usermod -a -G wireshark &lt;username&gt;</userinput></screen>
222
223 <para>
224 If you are installing wireshark for the first time, it will be necessary
225 to leave the session and login again, thus you will now have wireshark
226 between your groups, otherwise, it will not run properly.
227 </para>
228
229 </sect2>
230<!--
231 <sect2 role="commands">
232 <title>Command Explanations</title>
233
234 <para>
235 <option>- -disable-wireshark</option>: Use this switch if you
236 have <application>Qt</application> installed but do not want to build
237 any of the GUIs.
238 </para>
239 </sect2>
240-->
241
242 <sect2 role="configuration">
243 <title>Configuring Wireshark</title>
244
245 <sect3 id="wireshark-config">
246 <title>Config Files</title>
247
248 <para><filename>/etc/wireshark.conf</filename> and
249 <filename>~/.config/wireshark/*</filename> (unless there is already
250 <filename>~/.wireshark/*</filename> in the system)</para>
251
252 <indexterm zone="wireshark wireshark-config">
253 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
254 </indexterm>
255
256 <indexterm zone="wireshark wireshark-config">
257 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
258 </indexterm>
259
260 </sect3>
261
262 <sect3>
263 <title>Configuration Information</title>
264
265 <para>Though the default configuration parameters are very sane, reference
266 the configuration section of the <ulink
267 url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
268 Guide</ulink> for configuration information. Most of
269 <application>Wireshark</application>'s configuration can be accomplished
270 using the menu options of the <command>wireshark</command> graphical
271 interfaces.</para>
272
273 <note>
274 <para>If you want to look at packets, make sure you don't filter them
275 out with <xref linkend="iptables"/>. If you want to exclude certain
276 classes of packets, it is more efficient to do it with
277 <application>iptables</application> than it is with
278 <application>Wireshark</application>.</para>
279 </note>
280
281 </sect3>
282
283 </sect2>
284
285 <sect2 role="content">
286 <title>Contents</title>
287
288 <segmentedlist>
289 <segtitle>Installed Programs</segtitle>
290 <segtitle>Installed Libraries</segtitle>
291 <segtitle>Installed Directories</segtitle>
292
293 <seglistitem>
294 <seg>
295 capinfos, captype, dumpcap, editcap, idl2wrs,
296 mergecap, randpkt, rawshark, reordercap, sharkd,
297 text2pcap, tshark, and wireshark
298 </seg>
299 <seg>
300 libwireshark.so, libwiretap.so, libwscodecs.so,
301 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
302 </seg>
303 <seg>
304 /usr/{include,lib,share}/wireshark and
305 /usr/share/doc/wireshark-&wireshark-version;
306 </seg>
307 </seglistitem>
308 </segmentedlist>
309
310 <variablelist>
311 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
312 <?dbfo list-presentation="list"?>
313 <?dbhtml list-presentation="table"?>
314
315 <varlistentry id="capinfos">
316 <term><command>capinfos</command></term>
317 <listitem>
318 <para>reads a saved capture file and returns any or all of several
319 statistics about that file. It is able to detect and read any capture
320 supported by the <application>Wireshark</application> package.</para>
321 <indexterm zone="wireshark capinfos">
322 <primary sortas="b-capinfos">capinfos</primary>
323 </indexterm>
324 </listitem>
325 </varlistentry>
326
327 <varlistentry id="captype">
328 <term><command>captype</command></term>
329 <listitem>
330 <para>prints the file types of capture files.</para>
331 <indexterm zone="wireshark captype">
332 <primary sortas="b-captype">captype</primary>
333 </indexterm>
334 </listitem>
335 </varlistentry>
336
337 <varlistentry id="dumpcap">
338 <term><command>dumpcap</command></term>
339 <listitem>
340 <para>is a network traffic dump tool. It lets you capture packet data
341 from a live network and write the packets to a file.</para>
342 <indexterm zone="wireshark dumpcap">
343 <primary sortas="b-dumpcap">dumpcap</primary>
344 </indexterm>
345 </listitem>
346 </varlistentry>
347
348 <varlistentry id="editcap">
349 <term><command>editcap</command></term>
350 <listitem>
351 <para>edits and/or translates the format of capture files. It knows
352 how to read <application>libpcap</application> capture files,
353 including those of <command>tcpdump</command>,
354 <application>Wireshark</application> and other tools that write
355 captures in that format.</para>
356 <indexterm zone="wireshark editcap">
357 <primary sortas="b-editcap">editcap</primary>
358 </indexterm>
359 </listitem>
360 </varlistentry>
361
362 <varlistentry id="idl2wrs">
363 <term><command>idl2wrs</command></term>
364 <listitem>
365 <para>is a program that takes a user specified CORBA IDL file and
366 generates <quote>C</quote> source code for a
367 <application>Wireshark</application> <quote>plugin</quote>. It relies
368 on two Python programs <command>wireshark_be.py</command> and
369 <command>wireshark_gen.py</command>, which are not installed
370 by default. They have to be copied manually from the <filename
371 class="directory">tools</filename> directory to the <filename
372 class="directory">$PYTHONPATH/site-packages/</filename> directory.
373 </para>
374 <indexterm zone="wireshark idl2wrs">
375 <primary sortas="b-idl2wrs">idl2wrs</primary>
376 </indexterm>
377 </listitem>
378 </varlistentry>
379
380 <varlistentry id="mergecap">
381 <term><command>mergecap</command></term>
382 <listitem>
383 <para>combines multiple saved capture files into a single output
384 file.</para>
385 <indexterm zone="wireshark mergecap">
386 <primary sortas="b-mergecap">mergecap</primary>
387 </indexterm>
388 </listitem>
389 </varlistentry>
390
391 <varlistentry id="randpkt">
392 <term><command>randpkt</command></term>
393 <listitem>
394 <para>creates random-packet capture files.</para>
395 <indexterm zone="wireshark randpkt">
396 <primary sortas="b-randpkt">randpkt</primary>
397 </indexterm>
398 </listitem>
399 </varlistentry>
400
401 <varlistentry id="rawshark">
402 <term><command>rawshark</command></term>
403 <listitem>
404 <para>dump and analyze raw libpcap data.</para>
405 <indexterm zone="wireshark rawshark">
406 <primary sortas="b-rawshark">rawshark</primary>
407 </indexterm>
408 </listitem>
409 </varlistentry>
410
411 <varlistentry id="reordercap">
412 <term><command>reordercap</command></term>
413 <listitem>
414 <para>reorder timestamps of input file frames into output file.</para>
415 <indexterm zone="wireshark reordercap">
416 <primary sortas="b-reordercap">reordercap</primary>
417 </indexterm>
418 </listitem>
419 </varlistentry>
420
421 <varlistentry id="sharkd">
422 <term><command>sharkd</command></term>
423 <listitem>
424 <para>is a daemon that listens on UNIX sockets.</para>
425 <indexterm zone="wireshark sharkd">
426 <primary sortas="b-sharkd">sharkd</primary>
427 </indexterm>
428 </listitem>
429 </varlistentry>
430
431 <varlistentry id="text2pcap">
432 <term><command>text2pcap</command></term>
433 <listitem>
434 <para>reads in an ASCII hex dump and writes the
435 data described into a <application>libpcap</application>-style
436 capture file.</para>
437 <indexterm zone="wireshark text2pcap">
438 <primary sortas="b-text2pcap">text2pcap</primary>
439 </indexterm>
440 </listitem>
441 </varlistentry>
442
443 <varlistentry id="tshark">
444 <term><command>tshark</command></term>
445 <listitem>
446 <para>is a TTY-mode network protocol analyzer. It lets you capture
447 packet data from a live network or read packets from a
448 previously saved capture file.</para>
449 <indexterm zone="wireshark tshark">
450 <primary sortas="b-tshark">tshark</primary>
451 </indexterm>
452 </listitem>
453 </varlistentry>
454
455 <varlistentry id="wireshark-prog">
456 <term><command>wireshark</command></term>
457 <listitem>
458 <para>
459 is the Qt GUI network protocol analyzer. It lets you interactively
460 browse packet data from a live network or from a previously saved
461 capture file.
462 </para>
463 <indexterm zone="wireshark wireshark-prog">
464 <primary sortas="b-wireshark">wireshark</primary>
465 </indexterm>
466 </listitem>
467 </varlistentry>
468
469 <varlistentry id="wireshark-gtk-prog">
470 <term><command>wireshark-gtk</command></term>
471 <listitem>
472 <para>
473 is the Gtk+ GUI network protocol analyzer. It lets you interactively
474 browse packet data from a live network or from a previously saved
475 capture file (optional).
476 </para>
477 <indexterm zone="wireshark wireshark-gtk-prog">
478 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
479 </indexterm>
480 </listitem>
481 </varlistentry>
482
483 <varlistentry id="libwireshark">
484 <term><filename class='libraryfile'>libwireshark.so</filename></term>
485 <listitem>
486 <para>contains functions used by the
487 <application>Wireshark</application> programs to perform filtering and
488 packet capturing.</para>
489 <indexterm zone="wireshark libwireshark">
490 <primary sortas="c-libwireshark">libwireshark.so</primary>
491 </indexterm>
492 </listitem>
493 </varlistentry>
494
495 <varlistentry id="libwiretap">
496 <term><filename class='libraryfile'>libwiretap.so</filename></term>
497 <listitem>
498 <para>is a library being developed as a future replacement for
499 <filename class='libraryfile'>libpcap</filename>, the current
500 standard Unix library for packet capturing. For more information,
501 see the <filename>README</filename> file in the source
502 <filename class='directory'>wiretap</filename> directory.</para>
503 <indexterm zone="wireshark libwiretap">
504 <primary sortas="c-libwiretap">libwiretap.so</primary>
505 </indexterm>
506 </listitem>
507 </varlistentry>
508
509 </variablelist>
510
511 </sect2>
512
513</sect1>
Note: See TracBrowser for help on using the repository browser.