source: networking/netutils/wireshark.xml@ a82b5f44

10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since a82b5f44 was a82b5f44, checked in by Pierre Labastie <pieere@…>, 13 months ago

sudo-1.9.3p1
wireshark-3.2.7
thunderbird-78.3.0 (security fix)
libuv-1.40.0
posgresql-13.0
cups-filters-1.28.3
libnsl-1.3.0

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23760 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 18.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "2d83614af3e99b08a230c3a416949d23">
10 <!ENTITY wireshark-size "30 MB">
11 <!ENTITY wireshark-buildsize "719 MB (with all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "2.4 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13]>
14
15<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16 <?dbhtml filename="wireshark.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Wireshark-&wireshark-version;</title>
24
25 <indexterm zone="wireshark">
26 <primary sortas="a-Wireshark">Wireshark</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Wireshark</title>
31
32 <para>
33 The <application>Wireshark</application> package contains a network
34 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35 for analyzing data captured <quote>off the wire</quote> from a live
36 network connection, or data read from a capture file.
37 </para>
38
39 <para>
40 <application>Wireshark</application> provides both a graphical and a
41 TTY-mode front-end for examining captured network packets from over 500
42 protocols, as well as the capability to read capture files from many
43 other popular network analyzers.
44 </para>
45
46 &lfs10_checked;
47
48 <bridgehead renderas="sect3">Package Information</bridgehead>
49 <itemizedlist spacing="compact">
50 <listitem>
51 <para>
52 Download (HTTP): <ulink url="&wireshark-download-http;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download (FTP): <ulink url="&wireshark-download-ftp;"/>
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download MD5 sum: &wireshark-md5sum;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Download size: &wireshark-size;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated disk space required: &wireshark-buildsize;
73 </para>
74 </listitem>
75 <listitem>
76 <para>
77 Estimated build time: &wireshark-time;
78 </para>
79 </listitem>
80 </itemizedlist>
81
82 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
83 <itemizedlist spacing="compact">
84 <listitem>
85 <para>
86 Additional Documentation:
87 <ulink url="https://www.wireshark.org/download/docs/"/>
88 (contains links to several different docs in a variety of formats)
89 </para>
90 </listitem>
91 </itemizedlist>
92
93 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
94
95 <bridgehead renderas="sect4">Required</bridgehead>
96 <para role="required">
97 <xref linkend="glib2"/>,
98 <xref linkend="libgcrypt"/>, and
99 <xref linkend="qt5"/>
100 </para>
101
102 <bridgehead renderas="sect4">Recommended</bridgehead>
103 <para role="recommended">
104 <xref linkend="libpcap"/> (required to capture data)
105 </para>
106
107 <bridgehead renderas="sect4">Optional</bridgehead>
108 <para role="optional">
109 <xref linkend="brotli"/>,
110 <xref linkend="c-ares"/>,
111 <xref linkend="doxygen"/>,
112 <xref linkend="git"/>,
113 <xref linkend="gnutls"/>,
114 <xref linkend="libnl"/>,
115 <xref linkend="libxslt"/>,
116 <xref linkend="libxml2"/>,
117 <xref linkend="lua52"/>,
118 <xref linkend="mitkrb"/>,
119 <xref linkend="nghttp2"/>,
120 <xref linkend="sbc"/>,
121 <xref linkend="speex"/>,
122 <ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,
123 <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
124 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
125 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
126 <ulink url="https://www.libssh.org/">libssh</ulink>,
127 <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
128 <ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
129 <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
130 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
131 </para>
132
133 <para condition="html" role="usernotes">
134 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
135 </para>
136
137 </sect2>
138
139 <sect2 role="kernel" id="wireshark-kernel">
140 <title>Kernel Configuration</title>
141
142 <para>
143 The kernel must have the Packet protocol enabled for <application>
144 Wireshark</application> to capture live packets from the network:
145 </para>
146
147<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
148 Networking options ---&gt;
149 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
150
151 <para>
152 If built as a module, the name is <filename>af_packet.ko</filename>.
153 </para>
154
155 <indexterm zone="wireshark wireshark-kernel">
156 <primary sortas="d-Capturing-network-packets">
157 Capturing network packets
158 </primary>
159 </indexterm>
160
161 </sect2>
162
163 <sect2 role="installation">
164 <title>Installation of Wireshark</title>
165
166 <para>
167 <application>Wireshark</application> is a very large and complex
168 application. These instructions provide additional security measures to
169 ensure that only trusted users are allowed to view network traffic. First,
170 set up a system group for wireshark. As the <systemitem
171 class="username">root</systemitem> user:
172 </para>
173
174<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
175
176 <para>
177 Continue to install <application>Wireshark</application> by running
178 the following commands:
179 </para>
180
181<screen><userinput>mkdir build &amp;&amp;
182cd build &amp;&amp;
183
184cmake -DCMAKE_INSTALL_PREFIX=/usr \
185 -DCMAKE_BUILD_TYPE=Release \
186 -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
187 -G Ninja \
188 .. &amp;&amp;
189ninja</userinput></screen>
190
191 <para>
192 This package does not come with a test suite.
193 </para>
194
195 <para>
196 Now, as the <systemitem class="username">root</systemitem> user:
197 </para>
198
199<screen role="root"><userinput>ninja install &amp;&amp;
200
201install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
202install -v -m644 ../README.linux ../doc/README.* ../doc/{*.pod,randpkt.txt} \
203 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
204
205pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
206 for FILENAME in ../../wireshark/*.html; do
207 ln -s -v -f $FILENAME .
208 done &amp;&amp;
209popd
210unset FILENAME</userinput></screen>
211
212 <para>
213 If you downloaded any of the documentation files from the page
214 listed in the 'Additional Downloads', install them by issuing the
215 following commands as the <systemitem class="username">root</systemitem>
216 user:
217 </para>
218
219<screen role="root"
220 remap="doc"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
221 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
222
223 <para>
224 Now, set ownership and permissions of sensitive applications to only
225 allow authorized users. As the <systemitem class="username">root
226 </systemitem> user:
227 </para>
228
229<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
230chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
231
232 <para>
233 Finally, add any users to the wireshark group (as <systemitem class=
234 "username">root</systemitem> user):
235 </para>
236
237 <screen role="root"><userinput>usermod -a -G wireshark <replaceable>&lt;username&gt;</replaceable></userinput></screen>
238
239 <para>
240 If you are installing wireshark for the first time, it will be necessary
241 to logout of your session and login again. This will put wireshark in your
242 groups, because otherwise Wireshark will not function properly.
243 </para>
244
245 </sect2>
246<!--
247 <sect2 role="commands">
248 <title>Command Explanations</title>
249
250 <para>
251 <option>- -disable-wireshark</option>: Use this switch if you
252 have <application>Qt</application> installed but do not want to build
253 any of the GUIs.
254 </para>
255 </sect2>
256-->
257
258 <sect2 role="configuration">
259 <title>Configuring Wireshark</title>
260
261 <sect3 id="wireshark-config">
262 <title>Config Files</title>
263
264 <para>
265 <filename>/etc/wireshark.conf</filename> and
266 <filename>~/.config/wireshark/*</filename> (unless there is already
267 <filename>~/.wireshark/*</filename> in the system)
268 </para>
269
270 <indexterm zone="wireshark wireshark-config">
271 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
272 </indexterm>
273
274 <indexterm zone="wireshark wireshark-config">
275 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
276 </indexterm>
277
278 </sect3>
279
280 <sect3>
281 <title>Configuration Information</title>
282
283 <para>
284 Though the default configuration parameters are very sane, reference
285 the configuration section of the <ulink url=
286 "http://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
287 </ulink> for configuration information. Most of <application>Wireshark
288 </application>'s configuration can be accomplished
289 using the menu options of the <command>wireshark</command> graphical
290 interfaces.
291 </para>
292
293 <note>
294 <para>
295 If you want to look at packets, make sure you don't filter them
296 out with <xref linkend="iptables"/>. If you want to exclude certain
297 classes of packets, it is more efficient to do it with
298 <application>iptables</application> than it is with
299 <application>Wireshark</application>.
300 </para>
301 </note>
302
303 </sect3>
304
305 </sect2>
306
307 <sect2 role="content">
308 <title>Contents</title>
309
310 <segmentedlist>
311 <segtitle>Installed Programs</segtitle>
312 <segtitle>Installed Libraries</segtitle>
313 <segtitle>Installed Directories</segtitle>
314
315 <seglistitem>
316 <seg>
317 capinfos, captype, dumpcap, editcap, idl2wrs,
318 mergecap, randpkt, rawshark, reordercap, sharkd,
319 text2pcap, tshark, and wireshark
320 </seg>
321 <seg>
322 libwireshark.so, libwiretap.so,
323 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
324 </seg>
325 <seg>
326 /usr/{include,lib,share}/wireshark and
327 /usr/share/doc/wireshark-&wireshark-version;
328 </seg>
329 </seglistitem>
330 </segmentedlist>
331
332 <variablelist>
333 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
334 <?dbfo list-presentation="list"?>
335 <?dbhtml list-presentation="table"?>
336
337 <varlistentry id="capinfos">
338 <term><command>capinfos</command></term>
339 <listitem>
340 <para>
341 reads a saved capture file and returns any or all of several
342 statistics about that file. It is able to detect and read any
343 capture supported by the <application>Wireshark</application>
344 package.
345 </para>
346 <indexterm zone="wireshark capinfos">
347 <primary sortas="b-capinfos">capinfos</primary>
348 </indexterm>
349 </listitem>
350 </varlistentry>
351
352 <varlistentry id="captype">
353 <term><command>captype</command></term>
354 <listitem>
355 <para>
356 prints the file types of capture files.
357 </para>
358 <indexterm zone="wireshark captype">
359 <primary sortas="b-captype">captype</primary>
360 </indexterm>
361 </listitem>
362 </varlistentry>
363
364 <varlistentry id="dumpcap">
365 <term><command>dumpcap</command></term>
366 <listitem>
367 <para>
368 is a network traffic dump tool. It lets you capture packet data
369 from a live network and write the packets to a file.
370 </para>
371 <indexterm zone="wireshark dumpcap">
372 <primary sortas="b-dumpcap">dumpcap</primary>
373 </indexterm>
374 </listitem>
375 </varlistentry>
376
377 <varlistentry id="editcap">
378 <term><command>editcap</command></term>
379 <listitem>
380 <para>
381 edits and/or translates the format of capture files. It knows
382 how to read <application>libpcap</application> capture files,
383 including those of <command>tcpdump</command>,
384 <application>Wireshark</application> and other tools that write
385 captures in that format.
386 </para>
387 <indexterm zone="wireshark editcap">
388 <primary sortas="b-editcap">editcap</primary>
389 </indexterm>
390 </listitem>
391 </varlistentry>
392
393 <varlistentry id="idl2wrs">
394 <term><command>idl2wrs</command></term>
395 <listitem>
396 <para>
397 is a program that takes a user specified CORBA IDL file and
398 generates <quote>C</quote> source code for a
399 <application>Wireshark</application> <quote>plugin</quote>. It
400 relies on two Python programs <command>wireshark_be.py</command>
401 and <command>wireshark_gen.py</command>, which are not installed
402 by default. They have to be copied manually from the <filename
403 class="directory">tools</filename> directory to the <filename
404 class="directory">$PYTHONPATH/site-packages/</filename> directory.
405 </para>
406 <indexterm zone="wireshark idl2wrs">
407 <primary sortas="b-idl2wrs">idl2wrs</primary>
408 </indexterm>
409 </listitem>
410 </varlistentry>
411
412 <varlistentry id="mergecap">
413 <term><command>mergecap</command></term>
414 <listitem>
415 <para>
416 combines multiple saved capture files into a single output file.
417 </para>
418 <indexterm zone="wireshark mergecap">
419 <primary sortas="b-mergecap">mergecap</primary>
420 </indexterm>
421 </listitem>
422 </varlistentry>
423
424 <varlistentry id="randpkt">
425 <term><command>randpkt</command></term>
426 <listitem>
427 <para>
428 creates random-packet capture files.
429 </para>
430 <indexterm zone="wireshark randpkt">
431 <primary sortas="b-randpkt">randpkt</primary>
432 </indexterm>
433 </listitem>
434 </varlistentry>
435
436 <varlistentry id="rawshark">
437 <term><command>rawshark</command></term>
438 <listitem>
439 <para>
440 dumps and analyzes raw libpcap data.
441 </para>
442 <indexterm zone="wireshark rawshark">
443 <primary sortas="b-rawshark">rawshark</primary>
444 </indexterm>
445 </listitem>
446 </varlistentry>
447
448 <varlistentry id="reordercap">
449 <term><command>reordercap</command></term>
450 <listitem>
451 <para>
452 reorders timestamps of input file frames into output file.
453 </para>
454 <indexterm zone="wireshark reordercap">
455 <primary sortas="b-reordercap">reordercap</primary>
456 </indexterm>
457 </listitem>
458 </varlistentry>
459
460 <varlistentry id="sharkd">
461 <term><command>sharkd</command></term>
462 <listitem>
463 <para>
464 is a daemon that listens on UNIX sockets.
465 </para>
466 <indexterm zone="wireshark sharkd">
467 <primary sortas="b-sharkd">sharkd</primary>
468 </indexterm>
469 </listitem>
470 </varlistentry>
471
472 <varlistentry id="text2pcap">
473 <term><command>text2pcap</command></term>
474 <listitem>
475 <para>
476 reads in an ASCII hex dump and writes the data described into a
477 <application>libpcap</application>-style capture file.
478 </para>
479 <indexterm zone="wireshark text2pcap">
480 <primary sortas="b-text2pcap">text2pcap</primary>
481 </indexterm>
482 </listitem>
483 </varlistentry>
484
485 <varlistentry id="tshark">
486 <term><command>tshark</command></term>
487 <listitem>
488 <para>
489 is a TTY-mode network protocol analyzer. It lets you capture
490 packet data from a live network or read packets from a
491 previously saved capture file.
492 </para>
493 <indexterm zone="wireshark tshark">
494 <primary sortas="b-tshark">tshark</primary>
495 </indexterm>
496 </listitem>
497 </varlistentry>
498
499 <varlistentry id="wireshark-prog">
500 <term><command>wireshark</command></term>
501 <listitem>
502 <para>
503 is the Qt GUI network protocol analyzer. It lets you interactively
504 browse packet data from a live network or from a previously saved
505 capture file.
506 </para>
507 <indexterm zone="wireshark wireshark-prog">
508 <primary sortas="b-wireshark">wireshark</primary>
509 </indexterm>
510 </listitem>
511 </varlistentry>
512<!-- seems to have disappeared
513 <varlistentry id="wireshark-gtk-prog">
514 <term><command>wireshark-gtk</command></term>
515 <listitem>
516 <para>
517 is the Gtk+ GUI network protocol analyzer. It lets you interactively
518 browse packet data from a live network or from a previously saved
519 capture file (optional).
520 </para>
521 <indexterm zone="wireshark wireshark-gtk-prog">
522 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
523 </indexterm>
524 </listitem>
525 </varlistentry>
526-->
527 <varlistentry id="libwireshark">
528 <term><filename class='libraryfile'>libwireshark.so</filename></term>
529 <listitem>
530 <para>
531 contains functions used by the <application>Wireshark</application>
532 programs to perform filtering and packet capturing.
533 </para>
534 <indexterm zone="wireshark libwireshark">
535 <primary sortas="c-libwireshark">libwireshark.so</primary>
536 </indexterm>
537 </listitem>
538 </varlistentry>
539
540 <varlistentry id="libwiretap">
541 <term><filename class='libraryfile'>libwiretap.so</filename></term>
542 <listitem>
543 <para>
544 is a library being developed as a future replacement for
545 <filename class='libraryfile'>libpcap</filename>, the current
546 standard Unix library for packet capturing. For more information,
547 see the <filename>README</filename> file in the source
548 <filename class='directory'>wiretap</filename> directory.
549 </para>
550 <indexterm zone="wireshark libwiretap">
551 <primary sortas="c-libwiretap">libwiretap.so</primary>
552 </indexterm>
553 </listitem>
554 </varlistentry>
555
556 </variablelist>
557
558 </sect2>
559
560</sect1>
Note: See TracBrowser for help on using the repository browser.