Context Navigation

source: networking/netutils/wireshark.xml@ 88f6e30

Visit:

trunk

Last change on this file since 88f6e30 was e55d2bb, checked in by Douglas R. Reno <renodr@…>, 2 months ago
Update to wireshark-4.2.3 and tag it
Property mode set to `100644`
File size: 19.9 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "6c773f66b127ea1928d43b96d0e28098">
10	<!ENTITY wireshark-size "43 MB">
11	<!ENTITY wireshark-buildsize "915 MB (with all optional dependencies available in the BLFS book; 170 MB installed)">
12	<!ENTITY wireshark-time "2.9 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs121_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<!--
90	<listitem>
91	<para>
92	Required patch to build with Python-3.12:
93	<ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
94	</para>
95	</listitem>
96	-->
97	<listitem>
98	<para>
99	Additional Documentation:
100	<ulink url="https://www.wireshark.org/download/docs/"/>
101	(contains links to several different docs in a variety of formats)
102	</para>
103	</listitem>
104	</itemizedlist>
105
106	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
107
108	<bridgehead renderas="sect4">Required</bridgehead>
109	<para role="required">
110	<xref linkend="cmake"/>,
111	<xref linkend="c-ares"/>,
112	<xref linkend="glib2"/>,
113	<xref linkend="libgcrypt"/>, and
114	<xref linkend="qt6"/>
115	</para>
116
117	<note>
118	<para>
119	<xref linkend="qt6"/> is not strictly required, since it can be
120	replaced with <application>Qt5</application>. See <quote>Command
121	explanations</quote> below.
122	</para>
123	</note>
124
125	<bridgehead renderas="sect4">Recommended</bridgehead>
126	<para role="recommended">
127	<xref linkend="libpcap"/> (required to capture data)
128	</para>
129
130	<bridgehead renderas="sect4">Optional</bridgehead>
131	<para role="optional">
132	<xref linkend="asciidoctor"/>,
133	<xref linkend="brotli"/>,
134	<xref linkend="doxygen"/>,
135	<xref linkend="git"/>,
136	<xref linkend="gnutls"/>,
137	<xref linkend="libnl"/>,
138	<xref linkend="libxslt"/>,
139	<xref linkend="libxml2"/>,
140	<xref linkend="lua52"/>,
141	<xref linkend="mitkrb"/>,
142	<xref linkend="nghttp2"/>,
143	(<xref linkend="qt5"/> or
144	<xref role="nodep" linkend="qt5-components"/> with qtmultimedia)
145	(required if <xref role="nodep" linkend="qt6"/> is not installed),
146	<xref linkend="sbc"/>,
147	<xref linkend="speex"/>,
148	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
149	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
150	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
151	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
152	<ulink url="https://www.libssh.org/">libssh</ulink>,
153	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
154	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
155	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
156	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
157	</para>
158
159
160	</sect2>
161
162	<sect2 role="kernel" id="wireshark-kernel">
163	<title>Kernel Configuration</title>
164
165	<para>
166	The kernel must have the Packet protocol enabled for <application>
167	Wireshark</application> to capture live packets from the network:
168	</para>
169
170	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
171	href="wireshark-kernel.xml"/>
172
173	<para>
174	If built as a module, the name is <filename>af_packet.ko</filename>.
175	</para>
176
177	<indexterm zone="wireshark wireshark-kernel">
178	<primary sortas="d-Capturing-network-packets">
179	Capturing network packets
180	</primary>
181	</indexterm>
182
183	</sect2>
184
185	<sect2 role="installation">
186	<title>Installation of Wireshark</title>
187
188	<para>
189	<application>Wireshark</application> is a very large and complex
190	application. These instructions provide additional security measures to
191	ensure that only trusted users are allowed to view network traffic. First,
192	set up a system group for wireshark. As the <systemitem
193	class="username">root</systemitem> user:
194	</para>
195
196	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
197
198	<para>
199	Continue to install <application>Wireshark</application> by running
200	the following commands:
201	</para>
202
203	<screen><userinput>mkdir build &&
204	cd build &&
205
206	cmake -DCMAKE_INSTALL_PREFIX=/usr \
207	-DCMAKE_BUILD_TYPE=Release \
208	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
209	-G Ninja \
210	.. &&
211	ninja</userinput></screen>
212
213	<para>
214	This package does not come with a test suite.
215	</para>
216
217	<para>
218	Now, as the <systemitem class="username">root</systemitem> user:
219	</para>
220
221	<screen role="root"><userinput>ninja install &&
222
223	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
224	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
225	/usr/share/doc/wireshark-&wireshark-version; &&
226
227	pushd /usr/share/doc/wireshark-&wireshark-version; &&
228	for FILENAME in ../../wireshark/*.html; do
229	ln -s -v -f $FILENAME .
230	done &&
231	popd
232	unset FILENAME</userinput></screen>
233
234	<para>
235	If you downloaded any of the documentation files from the page
236	listed in the 'Additional Downloads', install them by issuing the
237	following commands as the <systemitem class="username">root</systemitem>
238	user:
239	</para>
240
241	<screen role="root"
242	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
243	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
244
245	<para>
246	Now, set ownership and permissions of sensitive applications to only
247	allow authorized users. As the <systemitem class="username">root
248	</systemitem> user:
249	</para>
250
251	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
252	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
253
254	<para>
255	Finally, add any users to the wireshark group (as <systemitem class=
256	"username">root</systemitem> user):
257	</para>
258
259	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
260
261	<para>
262	If you are installing wireshark for the first time, it will be necessary
263	to logout of your session and login again. This will put wireshark in your
264	groups, because otherwise Wireshark will not function properly.
265	</para>
266
267	</sect2>
268
269	<sect2 role="commands">
270	<title>Command Explanations</title>
271
272	<para>
273	<option>-DUSE_qt6=OFF</option>: Use this switch if
274	<xref linkend="qt6"/> is not available. You'll need
275	<xref linkend="qt5"/> or at least <xref linkend="qt5-components"/>
276	with qtmultimedia in this case.
277	</para>
278	<!--
279	<para>
280	<option>- -disable-wireshark</option>: Use this switch if you
281	have <application>Qt</application> installed but do not want to build
282	any of the GUIs.
283	</para>
284	-->
285	</sect2>
286
287	<sect2 role="configuration">
288	<title>Configuring Wireshark</title>
289
290	<sect3 id="wireshark-config">
291	<title>Config Files</title>
292
293	<para>
294	<filename>/etc/wireshark.conf</filename> and
295	<filename>~/.config/wireshark/*</filename> (unless there is already
296	<filename>~/.wireshark/*</filename> in the system)
297	</para>
298
299	<indexterm zone="wireshark wireshark-config">
300	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
301	</indexterm>
302
303	<indexterm zone="wireshark wireshark-config">
304	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
305	</indexterm>
306
307	</sect3>
308
309	<sect3>
310	<title>Configuration Information</title>
311
312	<para>
313	Though the default configuration parameters are very sane, reference
314	the configuration section of the <ulink url=
315	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
316	</ulink> for configuration information. Most of <application>Wireshark
317	</application>'s configuration can be accomplished
318	using the menu options of the <command>wireshark</command> graphical
319	interfaces.
320	</para>
321
322	<note>
323	<para>
324	If you want to look at packets, make sure you don't filter them
325	out with <xref linkend="iptables"/>. If you want to exclude certain
326	classes of packets, it is more efficient to do it with
327	<application>iptables</application> than it is with
328	<application>Wireshark</application>.
329	</para>
330	</note>
331
332	</sect3>
333
334	</sect2>
335
336	<sect2 role="content">
337	<title>Contents</title>
338
339	<segmentedlist>
340	<segtitle>Installed Programs</segtitle>
341	<segtitle>Installed Libraries</segtitle>
342	<segtitle>Installed Directories</segtitle>
343
344	<seglistitem>
345	<seg>
346	capinfos, captype, dumpcap, editcap, idl2wrs,
347	mergecap, randpkt, rawshark, reordercap, sharkd,
348	text2pcap, tshark, and wireshark
349	</seg>
350	<seg>
351	libwireshark.so, libwiretap.so,
352	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
353	</seg>
354	<seg>
355	/usr/{lib,share}/wireshark and
356	/usr/share/doc/wireshark-&wireshark-version;
357	</seg>
358	</seglistitem>
359	</segmentedlist>
360
361	<variablelist>
362	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
363	<?dbfo list-presentation="list"?>
364	<?dbhtml list-presentation="table"?>
365
366	<varlistentry id="capinfos">
367	<term><command>capinfos</command></term>
368	<listitem>
369	<para>
370	reads a saved capture file and returns any or all of several
371	statistics about that file. It is able to detect and read any
372	capture supported by the <application>Wireshark</application>
373	package
374	</para>
375	<indexterm zone="wireshark capinfos">
376	<primary sortas="b-capinfos">capinfos</primary>
377	</indexterm>
378	</listitem>
379	</varlistentry>
380
381	<varlistentry id="captype">
382	<term><command>captype</command></term>
383	<listitem>
384	<para>
385	prints the file types of capture files
386	</para>
387	<indexterm zone="wireshark captype">
388	<primary sortas="b-captype">captype</primary>
389	</indexterm>
390	</listitem>
391	</varlistentry>
392
393	<varlistentry id="dumpcap">
394	<term><command>dumpcap</command></term>
395	<listitem>
396	<para>
397	is a network traffic dump tool. It lets you capture packet data
398	from a live network and write the packets to a file
399	</para>
400	<indexterm zone="wireshark dumpcap">
401	<primary sortas="b-dumpcap">dumpcap</primary>
402	</indexterm>
403	</listitem>
404	</varlistentry>
405
406	<varlistentry id="editcap">
407	<term><command>editcap</command></term>
408	<listitem>
409	<para>
410	edits and/or translates the format of capture files. It knows
411	how to read <application>libpcap</application> capture files,
412	including those of <command>tcpdump</command>,
413	<application>Wireshark</application> and other tools that write
414	captures in that format
415	</para>
416	<indexterm zone="wireshark editcap">
417	<primary sortas="b-editcap">editcap</primary>
418	</indexterm>
419	</listitem>
420	</varlistentry>
421
422	<varlistentry id="idl2wrs">
423	<term><command>idl2wrs</command></term>
424	<listitem>
425	<para>
426	is a program that takes a user specified CORBA IDL file and
427	generates <quote>C</quote> source code for a
428	<application>Wireshark</application> <quote>plugin</quote>. It
429	relies on two Python programs <command>wireshark_be.py</command>
430	and <command>wireshark_gen.py</command>, which are not installed
431	by default. They have to be copied manually from the
432	<filename class="directory">tools</filename> directory to the
433	<filename class="directory">$PYTHONPATH/site-packages/</filename>
434	directory
435	</para>
436	<indexterm zone="wireshark idl2wrs">
437	<primary sortas="b-idl2wrs">idl2wrs</primary>
438	</indexterm>
439	</listitem>
440	</varlistentry>
441
442	<varlistentry id="mergecap">
443	<term><command>mergecap</command></term>
444	<listitem>
445	<para>
446	combines multiple saved capture files into a single output file
447	</para>
448	<indexterm zone="wireshark mergecap">
449	<primary sortas="b-mergecap">mergecap</primary>
450	</indexterm>
451	</listitem>
452	</varlistentry>
453
454	<varlistentry id="randpkt">
455	<term><command>randpkt</command></term>
456	<listitem>
457	<para>
458	creates random-packet capture files
459	</para>
460	<indexterm zone="wireshark randpkt">
461	<primary sortas="b-randpkt">randpkt</primary>
462	</indexterm>
463	</listitem>
464	</varlistentry>
465
466	<varlistentry id="rawshark">
467	<term><command>rawshark</command></term>
468	<listitem>
469	<para>
470	dumps and analyzes raw libpcap data
471	</para>
472	<indexterm zone="wireshark rawshark">
473	<primary sortas="b-rawshark">rawshark</primary>
474	</indexterm>
475	</listitem>
476	</varlistentry>
477
478	<varlistentry id="reordercap">
479	<term><command>reordercap</command></term>
480	<listitem>
481	<para>
482	reorders timestamps of input file frames into an output file
483	</para>
484	<indexterm zone="wireshark reordercap">
485	<primary sortas="b-reordercap">reordercap</primary>
486	</indexterm>
487	</listitem>
488	</varlistentry>
489
490	<varlistentry id="sharkd">
491	<term><command>sharkd</command></term>
492	<listitem>
493	<para>
494	is a daemon that listens on UNIX sockets
495	</para>
496	<indexterm zone="wireshark sharkd">
497	<primary sortas="b-sharkd">sharkd</primary>
498	</indexterm>
499	</listitem>
500	</varlistentry>
501
502	<varlistentry id="text2pcap">
503	<term><command>text2pcap</command></term>
504	<listitem>
505	<para>
506	reads in an ASCII hex dump and writes the data described into a
507	<application>libpcap</application>-style capture file
508	</para>
509	<indexterm zone="wireshark text2pcap">
510	<primary sortas="b-text2pcap">text2pcap</primary>
511	</indexterm>
512	</listitem>
513	</varlistentry>
514
515	<varlistentry id="tshark">
516	<term><command>tshark</command></term>
517	<listitem>
518	<para>
519	is a TTY-mode network protocol analyzer. It lets you capture
520	packet data from a live network or read packets from a
521	previously saved capture file
522	</para>
523	<indexterm zone="wireshark tshark">
524	<primary sortas="b-tshark">tshark</primary>
525	</indexterm>
526	</listitem>
527	</varlistentry>
528
529	<varlistentry id="wireshark-prog">
530	<term><command>wireshark</command></term>
531	<listitem>
532	<para>
533	is the Qt GUI network protocol analyzer. It lets you interactively
534	browse packet data from a live network or from a previously saved
535	capture file
536	</para>
537	<indexterm zone="wireshark wireshark-prog">
538	<primary sortas="b-wireshark">wireshark</primary>
539	</indexterm>
540	</listitem>
541	</varlistentry>
542	<!-- seems to have disappeared
543	<varlistentry id="wireshark-gtk-prog">
544	<term><command>wireshark-gtk</command></term>
545	<listitem>
546	<para>
547	is the Gtk+ GUI network protocol analyzer. It lets you interactively
548	browse packet data from a live network or from a previously saved
549	capture file (optional).
550	</para>
551	<indexterm zone="wireshark wireshark-gtk-prog">
552	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
553	</indexterm>
554	</listitem>
555	</varlistentry>
556	-->
557	<varlistentry id="libwireshark">
558	<term><filename class="libraryfile">libwireshark.so</filename></term>
559	<listitem>
560	<para>
561	contains functions used by the <application>Wireshark</application>
562	programs to perform filtering and packet capturing
563	</para>
564	<indexterm zone="wireshark libwireshark">
565	<primary sortas="c-libwireshark">libwireshark.so</primary>
566	</indexterm>
567	</listitem>
568	</varlistentry>
569
570	<varlistentry id="libwiretap">
571	<term><filename class="libraryfile">libwiretap.so</filename></term>
572	<listitem>
573	<para>
574	is a library being developed as a future replacement for
575	<filename class="libraryfile">libpcap</filename>, the current
576	standard Unix library for packet capturing. For more information,
577	see the <filename>README</filename> file in the source
578	<filename class="directory">wiretap</filename> directory
579	</para>
580	<indexterm zone="wireshark libwiretap">
581	<primary sortas="c-libwiretap">libwiretap.so</primary>
582	</indexterm>
583	</listitem>
584	</varlistentry>
585
586	</variablelist>
587
588	</sect2>
589
590	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: