source: networking/netutils/wireshark.xml@ 9ac8d7cc

10.0 10.1 11.0 11.1 11.2 9.1 lazarus plabs/python-mods qt5new trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 9ac8d7cc was 9ac8d7cc, checked in by Pierre Labastie <pieere@…>, 3 years ago

Update to speexdsp-1.2.0
Fix wireshark optional dependencies

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22667 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 18.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "e699b1e001c6303013791d81faf7727d">
10 <!ENTITY wireshark-size "30 MB">
11 <!ENTITY wireshark-buildsize "571 MB (with all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "2.5 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13]>
14
15<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16 <?dbhtml filename="wireshark.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Wireshark-&wireshark-version;</title>
24
25 <indexterm zone="wireshark">
26 <primary sortas="a-Wireshark">Wireshark</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Wireshark</title>
31
32 <para>
33 The <application>Wireshark</application> package contains a network
34 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35 for analyzing data captured <quote>off the wire</quote> from a live
36 network connection, or data read from a capture file.
37 </para>
38
39 <para>
40 <application>Wireshark</application> provides both a graphical and a
41 TTY-mode front-end for examining captured network packets from over 500
42 protocols, as well as the capability to read capture files from many
43 other popular network analyzers.
44 </para>
45
46 &lfs90_checked;
47
48 <bridgehead renderas="sect3">Package Information</bridgehead>
49 <itemizedlist spacing="compact">
50 <listitem>
51 <para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52 </listitem>
53 <listitem>
54 <para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55 </listitem>
56 <listitem>
57 <para>Download MD5 sum: &wireshark-md5sum;</para>
58 </listitem>
59 <listitem>
60 <para>Download size: &wireshark-size;</para>
61 </listitem>
62 <listitem>
63 <para>Estimated disk space required: &wireshark-buildsize;</para>
64 </listitem>
65 <listitem>
66 <para>Estimated build time: &wireshark-time;</para>
67 </listitem>
68 </itemizedlist>
69
70 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
71 <itemizedlist spacing="compact">
72 <listitem>
73 <para>
74 Additional Documentation:
75 <ulink url="https://www.wireshark.org/download/docs/"/>
76 (contains links to several different docs in a variety of formats)
77 </para>
78 </listitem>
79 </itemizedlist>
80
81 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
82
83 <bridgehead renderas="sect4">Required</bridgehead>
84 <para role="required">
85 <xref linkend="glib2"/>,
86 <xref linkend="libgcrypt"/>, and
87 <xref linkend="qt5"/>
88 </para>
89
90 <bridgehead renderas="sect4">Recommended</bridgehead>
91 <para role="recommended">
92 <xref linkend="libpcap"/> (required to capture data)
93 </para>
94
95 <bridgehead renderas="sect4">Optional</bridgehead>
96 <para role="optional">
97 <xref linkend="brotli"/>,
98 <xref linkend="c-ares"/>,
99 <xref linkend="doxygen"/>,
100 <xref linkend="git"/>,
101 <xref linkend="gnutls"/>,
102 <xref linkend="libnl"/>,
103 <xref linkend="libxslt"/>,
104 <xref linkend="libxml2"/>,
105 <xref linkend="lua52"/>,
106 <xref linkend="mitkrb"/>,
107 <xref linkend="nghttp2"/>,
108 <xref linkend="sbc"/>,
109 <xref linkend="speex"/>,
110 <ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,
111 <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
112 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
113 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
114 <ulink url="https://www.libssh.org/">libssh</ulink>,
115 <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
116 <ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
117 <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
118 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
119 </para>
120
121 <para condition="html" role="usernotes">
122 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
123 </para>
124
125 </sect2>
126
127 <sect2 role="kernel" id="wireshark-kernel">
128 <title>Kernel Configuration</title>
129
130 <para>
131 The kernel must have the Packet protocol enabled for <application>
132 Wireshark</application> to capture live packets from the network:
133 </para>
134
135<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
136 Networking options ---&gt;
137 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
138
139 <para>
140 If built as a module, the name is <filename>af_packet.ko</filename>.
141 </para>
142
143 <indexterm zone="wireshark wireshark-kernel">
144 <primary sortas="d-Capturing-network-packets">
145 Capturing network packets
146 </primary>
147 </indexterm>
148
149 </sect2>
150
151 <sect2 role="installation">
152 <title>Installation of Wireshark</title>
153
154 <para>
155 <application>Wireshark</application> is a very large and complex
156 application. These instructions provide additional security measures to
157 ensure that only trusted users are allowed to view network traffic. First,
158 set up a system group for wireshark. As the <systemitem
159 class="username">root</systemitem> user:
160 </para>
161
162<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
163
164 <para>
165 Continue to install <application>Wireshark</application> by running
166 the following commands:
167 </para>
168
169<screen><userinput>mkdir build &amp;&amp;
170cd build &amp;&amp;
171
172cmake -DCMAKE_INSTALL_PREFIX=/usr \
173 -DCMAKE_BUILD_TYPE=Release \
174 -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
175 -G Ninja \
176 .. &amp;&amp;
177ninja</userinput></screen>
178
179 <para>
180 This package does not come with a test suite.
181 </para>
182
183 <para>
184 Now, as the <systemitem class="username">root</systemitem> user:
185 </para>
186
187<screen role="root"><userinput>ninja install &amp;&amp;
188
189install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
190install -v -m644 ../README.linux ../doc/README.* ../doc/{*.pod,randpkt.txt} \
191 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
192
193pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
194 for FILENAME in ../../wireshark/*.html; do
195 ln -s -v -f $FILENAME .
196 done &amp;&amp;
197popd
198unset FILENAME</userinput></screen>
199
200 <para>
201 If you downloaded any of the documentation files from the page
202 listed in the 'Additional Downloads', install them by issuing the
203 following commands as the <systemitem class="username">root</systemitem>
204 user:
205 </para>
206
207<screen role="root"
208 remap="doc"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
209 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
210
211 <para>
212 Now, set ownership and permissions of sensitive applications to only
213 allow authorized users. As the <systemitem class="username">root
214 </systemitem> user:
215 </para>
216
217<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
218chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
219
220 <para>
221 Finally, add any users to the wireshark group (as <systemitem class=
222 "username">root</systemitem> user):
223 </para>
224
225 <screen role="root"><userinput>usermod -a -G wireshark <replaceable>&lt;username&gt;</replaceable></userinput></screen>
226
227 <para>
228 If you are installing wireshark for the first time, it will be necessary
229 to leave the session and login again, thus you will now have wireshark
230 between your groups, otherwise, it will not run properly.
231 </para>
232
233 </sect2>
234<!--
235 <sect2 role="commands">
236 <title>Command Explanations</title>
237
238 <para>
239 <option>- -disable-wireshark</option>: Use this switch if you
240 have <application>Qt</application> installed but do not want to build
241 any of the GUIs.
242 </para>
243 </sect2>
244-->
245
246 <sect2 role="configuration">
247 <title>Configuring Wireshark</title>
248
249 <sect3 id="wireshark-config">
250 <title>Config Files</title>
251
252 <para><filename>/etc/wireshark.conf</filename> and
253 <filename>~/.config/wireshark/*</filename> (unless there is already
254 <filename>~/.wireshark/*</filename> in the system)</para>
255
256 <indexterm zone="wireshark wireshark-config">
257 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
258 </indexterm>
259
260 <indexterm zone="wireshark wireshark-config">
261 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
262 </indexterm>
263
264 </sect3>
265
266 <sect3>
267 <title>Configuration Information</title>
268
269 <para>Though the default configuration parameters are very sane, reference
270 the configuration section of the <ulink
271 url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
272 Guide</ulink> for configuration information. Most of
273 <application>Wireshark</application>'s configuration can be accomplished
274 using the menu options of the <command>wireshark</command> graphical
275 interfaces.</para>
276
277 <note>
278 <para>If you want to look at packets, make sure you don't filter them
279 out with <xref linkend="iptables"/>. If you want to exclude certain
280 classes of packets, it is more efficient to do it with
281 <application>iptables</application> than it is with
282 <application>Wireshark</application>.</para>
283 </note>
284
285 </sect3>
286
287 </sect2>
288
289 <sect2 role="content">
290 <title>Contents</title>
291
292 <segmentedlist>
293 <segtitle>Installed Programs</segtitle>
294 <segtitle>Installed Libraries</segtitle>
295 <segtitle>Installed Directories</segtitle>
296
297 <seglistitem>
298 <seg>
299 capinfos, captype, dumpcap, editcap, idl2wrs,
300 mergecap, randpkt, rawshark, reordercap, sharkd,
301 text2pcap, tshark, and wireshark
302 </seg>
303 <seg>
304 libwireshark.so, libwiretap.so, libwscodecs.so,
305 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
306 </seg>
307 <seg>
308 /usr/{include,lib,share}/wireshark and
309 /usr/share/doc/wireshark-&wireshark-version;
310 </seg>
311 </seglistitem>
312 </segmentedlist>
313
314 <variablelist>
315 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
316 <?dbfo list-presentation="list"?>
317 <?dbhtml list-presentation="table"?>
318
319 <varlistentry id="capinfos">
320 <term><command>capinfos</command></term>
321 <listitem>
322 <para>reads a saved capture file and returns any or all of several
323 statistics about that file. It is able to detect and read any capture
324 supported by the <application>Wireshark</application> package.</para>
325 <indexterm zone="wireshark capinfos">
326 <primary sortas="b-capinfos">capinfos</primary>
327 </indexterm>
328 </listitem>
329 </varlistentry>
330
331 <varlistentry id="captype">
332 <term><command>captype</command></term>
333 <listitem>
334 <para>prints the file types of capture files.</para>
335 <indexterm zone="wireshark captype">
336 <primary sortas="b-captype">captype</primary>
337 </indexterm>
338 </listitem>
339 </varlistentry>
340
341 <varlistentry id="dumpcap">
342 <term><command>dumpcap</command></term>
343 <listitem>
344 <para>is a network traffic dump tool. It lets you capture packet data
345 from a live network and write the packets to a file.</para>
346 <indexterm zone="wireshark dumpcap">
347 <primary sortas="b-dumpcap">dumpcap</primary>
348 </indexterm>
349 </listitem>
350 </varlistentry>
351
352 <varlistentry id="editcap">
353 <term><command>editcap</command></term>
354 <listitem>
355 <para>edits and/or translates the format of capture files. It knows
356 how to read <application>libpcap</application> capture files,
357 including those of <command>tcpdump</command>,
358 <application>Wireshark</application> and other tools that write
359 captures in that format.</para>
360 <indexterm zone="wireshark editcap">
361 <primary sortas="b-editcap">editcap</primary>
362 </indexterm>
363 </listitem>
364 </varlistentry>
365
366 <varlistentry id="idl2wrs">
367 <term><command>idl2wrs</command></term>
368 <listitem>
369 <para>is a program that takes a user specified CORBA IDL file and
370 generates <quote>C</quote> source code for a
371 <application>Wireshark</application> <quote>plugin</quote>. It relies
372 on two Python programs <command>wireshark_be.py</command> and
373 <command>wireshark_gen.py</command>, which are not installed
374 by default. They have to be copied manually from the <filename
375 class="directory">tools</filename> directory to the <filename
376 class="directory">$PYTHONPATH/site-packages/</filename> directory.
377 </para>
378 <indexterm zone="wireshark idl2wrs">
379 <primary sortas="b-idl2wrs">idl2wrs</primary>
380 </indexterm>
381 </listitem>
382 </varlistentry>
383
384 <varlistentry id="mergecap">
385 <term><command>mergecap</command></term>
386 <listitem>
387 <para>combines multiple saved capture files into a single output
388 file.</para>
389 <indexterm zone="wireshark mergecap">
390 <primary sortas="b-mergecap">mergecap</primary>
391 </indexterm>
392 </listitem>
393 </varlistentry>
394
395 <varlistentry id="randpkt">
396 <term><command>randpkt</command></term>
397 <listitem>
398 <para>creates random-packet capture files.</para>
399 <indexterm zone="wireshark randpkt">
400 <primary sortas="b-randpkt">randpkt</primary>
401 </indexterm>
402 </listitem>
403 </varlistentry>
404
405 <varlistentry id="rawshark">
406 <term><command>rawshark</command></term>
407 <listitem>
408 <para>dump and analyze raw libpcap data.</para>
409 <indexterm zone="wireshark rawshark">
410 <primary sortas="b-rawshark">rawshark</primary>
411 </indexterm>
412 </listitem>
413 </varlistentry>
414
415 <varlistentry id="reordercap">
416 <term><command>reordercap</command></term>
417 <listitem>
418 <para>reorder timestamps of input file frames into output file.</para>
419 <indexterm zone="wireshark reordercap">
420 <primary sortas="b-reordercap">reordercap</primary>
421 </indexterm>
422 </listitem>
423 </varlistentry>
424
425 <varlistentry id="sharkd">
426 <term><command>sharkd</command></term>
427 <listitem>
428 <para>is a daemon that listens on UNIX sockets.</para>
429 <indexterm zone="wireshark sharkd">
430 <primary sortas="b-sharkd">sharkd</primary>
431 </indexterm>
432 </listitem>
433 </varlistentry>
434
435 <varlistentry id="text2pcap">
436 <term><command>text2pcap</command></term>
437 <listitem>
438 <para>reads in an ASCII hex dump and writes the
439 data described into a <application>libpcap</application>-style
440 capture file.</para>
441 <indexterm zone="wireshark text2pcap">
442 <primary sortas="b-text2pcap">text2pcap</primary>
443 </indexterm>
444 </listitem>
445 </varlistentry>
446
447 <varlistentry id="tshark">
448 <term><command>tshark</command></term>
449 <listitem>
450 <para>is a TTY-mode network protocol analyzer. It lets you capture
451 packet data from a live network or read packets from a
452 previously saved capture file.</para>
453 <indexterm zone="wireshark tshark">
454 <primary sortas="b-tshark">tshark</primary>
455 </indexterm>
456 </listitem>
457 </varlistentry>
458
459 <varlistentry id="wireshark-prog">
460 <term><command>wireshark</command></term>
461 <listitem>
462 <para>
463 is the Qt GUI network protocol analyzer. It lets you interactively
464 browse packet data from a live network or from a previously saved
465 capture file.
466 </para>
467 <indexterm zone="wireshark wireshark-prog">
468 <primary sortas="b-wireshark">wireshark</primary>
469 </indexterm>
470 </listitem>
471 </varlistentry>
472
473 <varlistentry id="wireshark-gtk-prog">
474 <term><command>wireshark-gtk</command></term>
475 <listitem>
476 <para>
477 is the Gtk+ GUI network protocol analyzer. It lets you interactively
478 browse packet data from a live network or from a previously saved
479 capture file (optional).
480 </para>
481 <indexterm zone="wireshark wireshark-gtk-prog">
482 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
483 </indexterm>
484 </listitem>
485 </varlistentry>
486
487 <varlistentry id="libwireshark">
488 <term><filename class='libraryfile'>libwireshark.so</filename></term>
489 <listitem>
490 <para>contains functions used by the
491 <application>Wireshark</application> programs to perform filtering and
492 packet capturing.</para>
493 <indexterm zone="wireshark libwireshark">
494 <primary sortas="c-libwireshark">libwireshark.so</primary>
495 </indexterm>
496 </listitem>
497 </varlistentry>
498
499 <varlistentry id="libwiretap">
500 <term><filename class='libraryfile'>libwiretap.so</filename></term>
501 <listitem>
502 <para>is a library being developed as a future replacement for
503 <filename class='libraryfile'>libpcap</filename>, the current
504 standard Unix library for packet capturing. For more information,
505 see the <filename>README</filename> file in the source
506 <filename class='directory'>wiretap</filename> directory.</para>
507 <indexterm zone="wireshark libwiretap">
508 <primary sortas="c-libwiretap">libwiretap.so</primary>
509 </indexterm>
510 </listitem>
511 </varlistentry>
512
513 </variablelist>
514
515 </sect2>
516
517</sect1>
Note: See TracBrowser for help on using the repository browser.