source: networking/netutils/wireshark.xml@ 94b42903

10.0 10.1 11.0 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus perl-modules qt5new trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 94b42903 was 94b42903, checked in by Bruce Dubbs <bdubbs@…>, 4 years ago

Archive openssl-1.1.x. Moved to LFS.
Update to v4l-utils-1.14.2.
Update to vlc-3.0.0.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19748 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 19.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "660db152b7d6974c0e2ff12aa8a4fce6">
10 <!ENTITY wireshark-size "27 MB">
11 <!ENTITY wireshark-buildsize "1.7 GB (with default GUI front-end, and all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "3.6 SBU (with parallelism=4, default GUI front-end, and all optional dependencies available in the BLFS book)">
13]>
14
15<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16 <?dbhtml filename="wireshark.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Wireshark-&wireshark-version;</title>
24
25 <indexterm zone="wireshark">
26 <primary sortas="a-Wireshark">Wireshark</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Wireshark</title>
31
32 <para>
33 The <application>Wireshark</application> package contains a network
34 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35 for analyzing data captured <quote>off the wire</quote> from a live
36 network connection, or data read from a capture file.
37 </para>
38
39 <para>
40 <application>Wireshark</application> provides both a graphical and a
41 TTY-mode front-end for examining captured network packets from over 500
42 protocols, as well as the capability to read capture files from many
43 other popular network analyzers.
44 </para>
45
46 &lfs81_checked;
47
48 <bridgehead renderas="sect3">Package Information</bridgehead>
49 <itemizedlist spacing="compact">
50 <listitem>
51 <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52 </listitem>
53 <listitem>
54 <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55 </listitem>
56 <listitem>
57 <para>Download MD5 sum: &wireshark-md5sum;</para>
58 </listitem>
59 <listitem>
60 <para>Download size: &wireshark-size;</para>
61 </listitem>
62 <listitem>
63 <para>Estimated disk space required: &wireshark-buildsize;</para>
64 </listitem>
65 <listitem>
66 <para>Estimated build time: &wireshark-time;</para>
67 </listitem>
68 </itemizedlist>
69
70 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
71 <itemizedlist spacing="compact">
72 <listitem>
73 <para>
74 Optional patch:
75 <ulink url=
76 "&patch-root;/wireshark-&wireshark-version;-lua_5_3-1.patch"/>
77 (allows building the LUA bindings if <xref linkend="lua"/> is
78 installed and LUA is not disabled by passing <option>--without-lua
79 </option> to <command>configure</command>)
80 </para>
81 </listitem>
82 <listitem>
83 <para>
84 Additional Documentation:
85 <ulink url="https://www.wireshark.org/download/docs/"/>
86 (contains links to several different docs in a variety of formats)
87 </para>
88 </listitem>
89 </itemizedlist>
90
91 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
92
93 <bridgehead renderas="sect4">Required</bridgehead>
94 <para role="required">
95 <xref linkend="glib2"/> and
96 <xref linkend="libgcrypt"/>
97 </para>
98
99 <bridgehead renderas="sect4">Recommended</bridgehead>
100 <para role="recommended">
101 <xref linkend="libpcap"/> (required to capture data), and
102 <xref linkend="qt5"/> (for the <application>Qt5</application> GUI)
103 </para>
104
105 <bridgehead renderas="sect4">Optional</bridgehead>
106 <para role="optional">
107 <xref linkend="c-ares"/>,
108 <xref linkend="gnutls"/>,
109 <xref linkend="gtk3"/> or <xref linkend="gtk2"/> (for the legacy GTK GUI),
110 <xref linkend="libnl"/>,
111 <xref linkend="lua"/>,
112 <xref linkend="mitkrb"/>,
113 <xref linkend="nghttp2"/>,
114 <xref linkend="sbc"/>,
115 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
116 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
117 <ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>,
118 <ulink url="https://www.libssh.org/">libssh</ulink>,
119 <ulink url="http://www.portaudio.com/">PortAudio</ulink>
120 (for GTK+ RTP player),
121 <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
122 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
123 </para>
124
125 <note>
126 <para>
127 The Qt GUI front-end is built by default, if <xref linkend="qt5"/> is
128 found. If you want to build the GTK+ GUI front-end, some configure
129 switches have to be set (see <quote>Command Explanations</quote>).
130 </para>
131 </note>
132
133 <para condition="html" role="usernotes">
134 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
135 </para>
136
137 </sect2>
138
139 <sect2 role="kernel" id="wireshark-kernel">
140 <title>Kernel Configuration</title>
141
142 <para>
143 The kernel must have the Packet protocol enabled for <application>
144 Wireshark</application> to capture live packets from the network:
145 </para>
146
147<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
148 Networking options ---&gt;
149 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
150
151 <para>
152 If built as a module, the name is <filename>af_packet.ko</filename>.
153 </para>
154
155 <indexterm zone="wireshark wireshark-kernel">
156 <primary sortas="d-Capturing-network-packets">
157 Capturing network packets
158 </primary>
159 </indexterm>
160
161 </sect2>
162
163 <sect2 role="installation">
164 <title>Installation of Wireshark</title>
165
166 <para>
167 <application>Wireshark</application> is a very large and complex
168 application. These instructions provide additional security measures to
169 ensure that only trusted users are allowed to view network traffic. First,
170 set up a system group for wireshark. As the <systemitem
171 class="username">root</systemitem> user:
172 </para>
173
174<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
175
176 <para>
177 Continue to install <application>Wireshark</application> by running
178 the following commands:
179 </para>
180
181<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-lua_5_3-1.patch &amp;&amp;
182
183./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
184make</userinput></screen>
185
186 <para>
187 This package does not come with a test suite.
188 </para>
189
190 <para>
191 Now, as the <systemitem class="username">root</systemitem> user:
192 </para>
193
194<screen role="root"><userinput>make install &amp;&amp;
195
196install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
197install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
198 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
199
200pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
201 for FILENAME in ../../wireshark/*.html; do
202 ln -s -v -f $FILENAME .
203 done &amp;&amp;
204popd
205unset FILENAME</userinput></screen>
206
207 <para>
208 If you downloaded any of the documentation files from the page
209 listed in the 'Additional Downloads', install them by issuing the
210 following commands as the <systemitem class="username">root</systemitem>
211 user:
212 </para>
213
214<screen role="root"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
215 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
216
217 <para>
218 Now, set ownership and permissions of sensitive applications to only
219 allow authorized users. As the <systemitem class="username">root
220 </systemitem> user:
221 </para>
222
223<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
224chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
225
226 <para>
227 Finally, add any users to the wireshark group (as <systemitem class=
228 "username">root</systemitem> user):
229 </para>
230
231<screen role="root"><userinput>usermod -a -G wireshark &lt;username&gt;</userinput></screen>
232
233 <para>
234 If you are installing wireshark for the first time, it will be necessary
235 to leave the session and login again, thus you will now have wireshark
236 between your groups, otherwise, it will not run properly.
237 </para>
238
239 </sect2>
240
241 <sect2 role="commands">
242 <title>Command Explanations</title>
243
244 <para>
245 <option>--with-gtk=[yes/no/2/3]</option>: For the Gtk+ GUI. Default is no.
246 If both Gtk+2 and 3 are installed, and <quote>yes</quote> is selected,
247 default is 3. Obviously, <xref linkend="gtk2"/> or <xref linkend="gtk3"/>
248 must have been built for this to work.
249 </para>
250
251 <para>
252 <option>--with-qt=[yes/no/4/5]</option>: For the Qt GUI. Default is yes,
253 if <xref linkend="qt5"/> is found on the system.
254 </para>
255
256 <para>
257 <option>--disable-wireshark</option>: Use this switch if you
258 have <application>Qt</application> installed but do not want to build
259 any of the GUIs.
260 </para>
261
262 </sect2>
263
264 <sect2 role="configuration">
265 <title>Configuring Wireshark</title>
266
267 <sect3 id="wireshark-config">
268 <title>Config Files</title>
269
270 <para><filename>/etc/wireshark.conf</filename> and
271 <filename>~/.config/wireshark/*</filename> (unless there is already
272 <filename>~/.wireshark/*</filename> in the system)</para>
273
274 <indexterm zone="wireshark wireshark-config">
275 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
276 </indexterm>
277
278 <indexterm zone="wireshark wireshark-config">
279 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
280 </indexterm>
281
282 </sect3>
283
284 <sect3>
285 <title>Configuration Information</title>
286
287 <para>Though the default configuration parameters are very sane, reference
288 the configuration section of the <ulink
289 url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
290 Guide</ulink> for configuration information. Most of
291 <application>Wireshark</application>'s configuration can be accomplished
292 using the menu options of the <command>wireshark</command> graphical
293 interfaces.</para>
294
295 <note>
296 <para>If you want to look at packets, make sure you don't filter them
297 out with <xref linkend="iptables"/>. If you want to exclude certain
298 classes of packets, it is more efficient to do it with
299 <application>iptables</application> than it is with
300 <application>Wireshark</application>.</para>
301 </note>
302
303 </sect3>
304
305 </sect2>
306
307 <sect2 role="content">
308 <title>Contents</title>
309
310 <segmentedlist>
311 <segtitle>Installed Programs</segtitle>
312 <segtitle>Installed Libraries</segtitle>
313 <segtitle>Installed Directories</segtitle>
314
315 <seglistitem>
316 <seg>
317 capinfos, captype, dftest, dumpcap, editcap, idl2wrs,
318 mergecap, randpkt, rawshark, reordercap, sharkd,
319 text2pcap, tshark, wireshark, and wireshark-gtk (optional)
320 </seg>
321 <seg>
322 libwireshark.so, libwiretap.so, libwscodecs.so (optional),
323 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
324 </seg>
325 <seg>
326 /usr/{lib,share}/wireshark and
327 /usr/share/doc/wireshark-&wireshark-version;
328 </seg>
329 </seglistitem>
330 </segmentedlist>
331
332 <variablelist>
333 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
334 <?dbfo list-presentation="list"?>
335 <?dbhtml list-presentation="table"?>
336
337 <varlistentry id="capinfos">
338 <term><command>capinfos</command></term>
339 <listitem>
340 <para>reads a saved capture file and returns any or all of several
341 statistics about that file. It is able to detect and read any capture
342 supported by the <application>Wireshark</application> package.</para>
343 <indexterm zone="wireshark capinfos">
344 <primary sortas="b-capinfos">capinfos</primary>
345 </indexterm>
346 </listitem>
347 </varlistentry>
348
349 <varlistentry id="captype">
350 <term><command>captype</command></term>
351 <listitem>
352 <para>prints the file types of capture files.</para>
353 <indexterm zone="wireshark captype">
354 <primary sortas="b-captype">captype</primary>
355 </indexterm>
356 </listitem>
357 </varlistentry>
358
359 <varlistentry id="dftest">
360 <term><command>dftest</command></term>
361 <listitem>
362 <para>is a display-filter-compiler test program.</para>
363 <indexterm zone="wireshark dftest">
364 <primary sortas="b-dftest">dftest</primary>
365 </indexterm>
366 </listitem>
367 </varlistentry>
368
369 <varlistentry id="dumpcap">
370 <term><command>dumpcap</command></term>
371 <listitem>
372 <para>is a network traffic dump tool. It lets you capture packet data
373 from a live network and write the packets to a file.</para>
374 <indexterm zone="wireshark dumpcap">
375 <primary sortas="b-dumpcap">dumpcap</primary>
376 </indexterm>
377 </listitem>
378 </varlistentry>
379
380 <varlistentry id="editcap">
381 <term><command>editcap</command></term>
382 <listitem>
383 <para>edits and/or translates the format of capture files. It knows
384 how to read <application>libpcap</application> capture files,
385 including those of <command>tcpdump</command>,
386 <application>Wireshark</application> and other tools that write
387 captures in that format.</para>
388 <indexterm zone="wireshark editcap">
389 <primary sortas="b-editcap">editcap</primary>
390 </indexterm>
391 </listitem>
392 </varlistentry>
393
394 <varlistentry id="idl2wrs">
395 <term><command>idl2wrs</command></term>
396 <listitem>
397 <para>is a program that takes a user specified CORBA IDL file and
398 generates <quote>C</quote> source code for a
399 <application>Wireshark</application> <quote>plugin</quote>. It relies
400 on two Python programs <command>wireshark_be.py</command> and
401 <command>wireshark_gen.py</command>, which are not installed
402 by default. They have to be copied manually from the <filename
403 class="directory">tools</filename> directory to the <filename
404 class="directory">$PYTHONPATH/site-packages/</filename> directory.
405 </para>
406 <indexterm zone="wireshark idl2wrs">
407 <primary sortas="b-idl2wrs">idl2wrs</primary>
408 </indexterm>
409 </listitem>
410 </varlistentry>
411
412 <varlistentry id="mergecap">
413 <term><command>mergecap</command></term>
414 <listitem>
415 <para>combines multiple saved capture files into a single output
416 file.</para>
417 <indexterm zone="wireshark mergecap">
418 <primary sortas="b-mergecap">mergecap</primary>
419 </indexterm>
420 </listitem>
421 </varlistentry>
422
423 <varlistentry id="randpkt">
424 <term><command>randpkt</command></term>
425 <listitem>
426 <para>creates random-packet capture files.</para>
427 <indexterm zone="wireshark randpkt">
428 <primary sortas="b-randpkt">randpkt</primary>
429 </indexterm>
430 </listitem>
431 </varlistentry>
432
433 <varlistentry id="rawshark">
434 <term><command>rawshark</command></term>
435 <listitem>
436 <para>dump and analyze raw libpcap data.</para>
437 <indexterm zone="wireshark rawshark">
438 <primary sortas="b-rawshark">rawshark</primary>
439 </indexterm>
440 </listitem>
441 </varlistentry>
442
443 <varlistentry id="reordercap">
444 <term><command>reordercap</command></term>
445 <listitem>
446 <para>reorder timestamps of input file frames into output file.</para>
447 <indexterm zone="wireshark reordercap">
448 <primary sortas="b-reordercap">reordercap</primary>
449 </indexterm>
450 </listitem>
451 </varlistentry>
452
453 <varlistentry id="sharkd">
454 <term><command>sharkd</command></term>
455 <listitem>
456 <para>is a daemon that listens on UNIX sockets.</para>
457 <indexterm zone="wireshark sharkd">
458 <primary sortas="b-sharkd">sharkd</primary>
459 </indexterm>
460 </listitem>
461 </varlistentry>
462
463 <varlistentry id="text2pcap">
464 <term><command>text2pcap</command></term>
465 <listitem>
466 <para>reads in an ASCII hex dump and writes the
467 data described into a <application>libpcap</application>-style
468 capture file.</para>
469 <indexterm zone="wireshark text2pcap">
470 <primary sortas="b-text2pcap">text2pcap</primary>
471 </indexterm>
472 </listitem>
473 </varlistentry>
474
475 <varlistentry id="tshark">
476 <term><command>tshark</command></term>
477 <listitem>
478 <para>is a TTY-mode network protocol analyzer. It lets you capture
479 packet data from a live network or read packets from a
480 previously saved capture file.</para>
481 <indexterm zone="wireshark tshark">
482 <primary sortas="b-tshark">tshark</primary>
483 </indexterm>
484 </listitem>
485 </varlistentry>
486
487 <varlistentry id="wireshark-prog">
488 <term><command>wireshark</command></term>
489 <listitem>
490 <para>
491 is the Qt GUI network protocol analyzer. It lets you interactively
492 browse packet data from a live network or from a previously saved
493 capture file.
494 </para>
495 <indexterm zone="wireshark wireshark-prog">
496 <primary sortas="b-wireshark">wireshark</primary>
497 </indexterm>
498 </listitem>
499 </varlistentry>
500
501 <varlistentry id="wireshark-gtk-prog">
502 <term><command>wireshark-gtk</command></term>
503 <listitem>
504 <para>
505 is the Gtk+ GUI network protocol analyzer. It lets you interactively
506 browse packet data from a live network or from a previously saved
507 capture file (optional).
508 </para>
509 <indexterm zone="wireshark wireshark-gtk-prog">
510 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
511 </indexterm>
512 </listitem>
513 </varlistentry>
514
515 <varlistentry id="libwireshark">
516 <term><filename class='libraryfile'>libwireshark.so</filename></term>
517 <listitem>
518 <para>contains functions used by the
519 <application>Wireshark</application> programs to perform filtering and
520 packet capturing.</para>
521 <indexterm zone="wireshark libwireshark">
522 <primary sortas="c-libwireshark">libwireshark.so</primary>
523 </indexterm>
524 </listitem>
525 </varlistentry>
526
527 <varlistentry id="libwiretap">
528 <term><filename class='libraryfile'>libwiretap.so</filename></term>
529 <listitem>
530 <para>is a library being developed as a future replacement for
531 <filename class='libraryfile'>libpcap</filename>, the current
532 standard Unix library for packet capturing. For more information,
533 see the <filename>README</filename> file in the source
534 <filename class='directory'>wiretap</filename> directory.</para>
535 <indexterm zone="wireshark libwiretap">
536 <primary sortas="c-libwiretap">libwiretap.so</primary>
537 </indexterm>
538 </listitem>
539 </varlistentry>
540
541 </variablelist>
542
543 </sect2>
544
545</sect1>
Note: See TracBrowser for help on using the repository browser.