Context Navigation

wireshark.xml@ ad8b716

Visit:

12.2 gimp3 lazarus trunk xry111/for-12.3 xry111/spidermonkey128

Last change on this file since ad8b716 was ad8b716, checked in by Bruce Dubbs <bdubbs@…>, 2 months ago

onsolidate qt5 pages.

Remove the page for a full qt5 install.
Remove qt5-components

Rename qt5-alternate to qt5-components adding instructions to optionally
add qtdoc and qtmultimedia to the build.

Property mode set to 100644

File size: 19.6 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "e118da25ca399111a4e5d947385c7c79">
10	<!ENTITY wireshark-size "43 MB">
11	<!ENTITY wireshark-buildsize "743 MB (171 MB installed)">
12	<!ENTITY wireshark-time "2.4 SBU (with parallelism=4)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer.</quote> This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs121_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<!--
90	<listitem>
91	<para>
92	Required patch to build with Python-3.12:
93	<ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
94	</para>
95	</listitem>
96	-->
97	<listitem>
98	<para>
99	Additional Documentation:
100	<ulink url="https://www.wireshark.org/download/docs/"/>
101	(contains links to several different docs in a variety of formats)
102	</para>
103	</listitem>
104	</itemizedlist>
105
106	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
107
108	<bridgehead renderas="sect4">Required</bridgehead>
109	<para role="required">
110	<xref linkend="cmake"/>,
111	<xref linkend="c-ares"/>,
112	<xref linkend="glib2"/>,
113	<xref linkend="libgcrypt"/>,
114	<xref linkend="qt6"/>, and
115	<xref linkend="speex"/>
116	</para>
117
118	<note>
119	<para>
120	<xref linkend="qt6"/> is not strictly required, since it can be
121	replaced with <application>Qt5</application>. See <quote>Command
122	explanations</quote> below.
123	</para>
124	</note>
125
126	<bridgehead renderas="sect4">Recommended</bridgehead>
127	<para role="recommended">
128	<xref linkend="libpcap"/> (required to capture data)
129	</para>
130
131	<bridgehead renderas="sect4">Optional</bridgehead>
132	<para role="optional">
133	<xref linkend="asciidoctor"/>,
134	<xref linkend="brotli"/>,
135	<xref linkend="doxygen"/>,
136	<xref linkend="git"/>,
137	<xref linkend="gnutls"/>,
138	<xref linkend="libnl"/>,
139	<xref linkend="libxslt"/>,
140	<xref linkend="libxml2"/>,
141	<xref linkend="lua52"/>,
142	<xref linkend="mitkrb"/>,
143	<xref linkend="nghttp2"/>,
144	<xref linkend="qt5-components"/> with qtmultimedia
145	(required if <xref role="nodep" linkend="qt6"/> is not installed),
146	<xref linkend="sbc"/>,
147	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
148	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
149	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
150	<ulink url="https://www.libssh.org/">libssh</ulink>,
151	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
152	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
153	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
154	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
155	</para>
156
157	</sect2>
158
159	<sect2 role="kernel" id="wireshark-kernel">
160	<title>Kernel Configuration</title>
161
162	<para>
163	The kernel must have the Packet protocol enabled for <application>
164	Wireshark</application> to capture live packets from the network:
165	</para>
166
167	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
168	href="wireshark-kernel.xml"/>
169
170	<para>
171	If built as a module, the name is <filename>af_packet.ko</filename>.
172	</para>
173
174	<indexterm zone="wireshark wireshark-kernel">
175	<primary sortas="d-Capturing-network-packets">
176	Capturing network packets
177	</primary>
178	</indexterm>
179
180	</sect2>
181
182	<sect2 role="installation">
183	<title>Installation of Wireshark</title>
184
185	<para>
186	<application>Wireshark</application> is a very large and complex
187	application. These instructions provide additional security measures to
188	ensure that only trusted users are allowed to view network traffic. First,
189	set up a system group for wireshark. As the <systemitem
190	class="username">root</systemitem> user:
191	</para>
192
193	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
194
195	<para>
196	Continue to install <application>Wireshark</application> by running
197	the following commands:
198	</para>
199
200	<screen><userinput>mkdir build &&
201	cd build &&
202
203	cmake -D CMAKE_INSTALL_PREFIX=/usr \
204	-D CMAKE_BUILD_TYPE=Release \
205	-D CMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
206	-G Ninja \
207	.. &&
208	ninja</userinput></screen>
209
210	<para>
211	This package does not come with a test suite.
212	</para>
213
214	<para>
215	Now, as the <systemitem class="username">root</systemitem> user:
216	</para>
217
218	<screen role="root"><userinput>ninja install &&
219
220	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
221	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
222	/usr/share/doc/wireshark-&wireshark-version; &&
223
224	pushd /usr/share/doc/wireshark-&wireshark-version; &&
225	for FILENAME in ../../wireshark/*.html; do
226	ln -s -v -f $FILENAME .
227	done &&
228	popd
229	unset FILENAME</userinput></screen>
230
231	<para>
232	If you downloaded any of the documentation files from the page
233	listed in the 'Additional Downloads', install them by issuing the
234	following commands as the <systemitem class="username">root</systemitem>
235	user:
236	</para>
237
238	<screen role="root"
239	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
240	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
241
242	<para>
243	Now, set ownership and permissions of sensitive applications to only
244	allow authorized users. As the <systemitem class="username">root
245	</systemitem> user:
246	</para>
247
248	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/tshark &&
249	chmod -v 6550 /usr/bin/tshark</userinput></screen>
250
251	<para>
252	Finally, add any users to the wireshark group (as <systemitem class=
253	"username">root</systemitem> user):
254	</para>
255
256	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
257
258	<para>
259	If you are installing wireshark for the first time, it will be necessary
260	to logout of your session and login again. This will put wireshark in your
261	groups, because otherwise Wireshark will not function properly.
262	</para>
263
264	</sect2>
265
266	<sect2 role="commands">
267	<title>Command Explanations</title>
268
269	<para>
270	<option>-D USE_qt6=OFF</option>: Use this switch if
271	<xref linkend="qt6"/> is not available. You'll need
272	<xref linkend="qt5-components"/> with qtmultimedia.
273	</para>
274	<!--
275	<para>
276	<option>- -disable-wireshark</option>: Use this switch if you
277	have <application>Qt</application> installed but do not want to build
278	any of the GUIs.
279	</para>
280	-->
281	</sect2>
282
283	<sect2 role="configuration">
284	<title>Configuring Wireshark</title>
285
286	<sect3 id="wireshark-config">
287	<title>Config Files</title>
288
289	<para>
290	<filename>/etc/wireshark.conf</filename> and
291	<filename>~/.config/wireshark/*</filename> (unless there is already
292	<filename>~/.wireshark/*</filename> in the system)
293	</para>
294
295	<indexterm zone="wireshark wireshark-config">
296	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
297	</indexterm>
298
299	<indexterm zone="wireshark wireshark-config">
300	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
301	</indexterm>
302
303	</sect3>
304
305	<sect3>
306	<title>Configuration Information</title>
307
308	<para>
309	Though the default configuration parameters are very sane, reference
310	the configuration section of the <ulink url=
311	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
312	</ulink> for configuration information. Most of <application>Wireshark
313	</application>'s configuration can be accomplished
314	using the menu options of the <command>wireshark</command> graphical
315	interfaces.
316	</para>
317
318	<note>
319	<para>
320	If you want to look at packets, make sure you don't filter them
321	out with <xref linkend="iptables"/>. If you want to exclude certain
322	classes of packets, it is more efficient to do it with
323	<application>iptables</application> than it is with
324	<application>Wireshark</application>.
325	</para>
326	</note>
327
328	</sect3>
329
330	</sect2>
331
332	<sect2 role="content">
333	<title>Contents</title>
334
335	<segmentedlist>
336	<segtitle>Installed Programs</segtitle>
337	<segtitle>Installed Libraries</segtitle>
338	<segtitle>Installed Directories</segtitle>
339
340	<seglistitem>
341	<seg>
342	capinfos, captype, editcap, idl2wrs,
343	mergecap, randpkt, rawshark, reordercap, sharkd,
344	text2pcap, tshark, and wireshark
345	</seg>
346	<seg>
347	libwireshark.so, libwiretap.so,
348	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
349	</seg>
350	<seg>
351	/usr/{lib,share}/wireshark and
352	/usr/share/doc/wireshark-&wireshark-version;
353	</seg>
354	</seglistitem>
355	</segmentedlist>
356
357	<variablelist>
358	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
359	<?dbfo list-presentation="list"?>
360	<?dbhtml list-presentation="table"?>
361
362	<varlistentry id="capinfos">
363	<term><command>capinfos</command></term>
364	<listitem>
365	<para>
366	reads a saved capture file and returns any or all of several
367	statistics about that file. It is able to detect and read any
368	capture supported by the <application>Wireshark</application>
369	package
370	</para>
371	<indexterm zone="wireshark capinfos">
372	<primary sortas="b-capinfos">capinfos</primary>
373	</indexterm>
374	</listitem>
375	</varlistentry>
376
377	<varlistentry id="captype">
378	<term><command>captype</command></term>
379	<listitem>
380	<para>
381	prints the file types of capture files
382	</para>
383	<indexterm zone="wireshark captype">
384	<primary sortas="b-captype">captype</primary>
385	</indexterm>
386	</listitem>
387	</varlistentry>
388	<!-- No longer built/installed
389	<varlistentry id="dumpcap">
390	<term><command>dumpcap</command></term>
391	<listitem>
392	<para>
393	is a network traffic dump tool. It lets you capture packet data
394	from a live network and write the packets to a file
395	</para>
396	<indexterm zone="wireshark dumpcap">
397	<primary sortas="b-dumpcap">dumpcap</primary>
398	</indexterm>
399	</listitem>
400	</varlistentry>
401	-->
402	<varlistentry id="editcap">
403	<term><command>editcap</command></term>
404	<listitem>
405	<para>
406	edits and/or translates the format of capture files. It knows
407	how to read <application>libpcap</application> capture files,
408	including those of <command>tcpdump</command>,
409	<application>Wireshark</application> and other tools that write
410	captures in that format
411	</para>
412	<indexterm zone="wireshark editcap">
413	<primary sortas="b-editcap">editcap</primary>
414	</indexterm>
415	</listitem>
416	</varlistentry>
417
418	<varlistentry id="idl2wrs">
419	<term><command>idl2wrs</command></term>
420	<listitem>
421	<para>
422	is a program that takes a user specified CORBA IDL file and
423	generates <quote>C</quote> source code for a
424	<application>Wireshark</application> <quote>plugin.</quote> It
425	relies on two Python programs <command>wireshark_be.py</command>
426	and <command>wireshark_gen.py</command>, which are not installed
427	by default. They have to be copied manually from the
428	<filename class="directory">tools</filename> directory to the
429	<filename class="directory">$PYTHONPATH/site-packages/</filename>
430	directory
431	</para>
432	<indexterm zone="wireshark idl2wrs">
433	<primary sortas="b-idl2wrs">idl2wrs</primary>
434	</indexterm>
435	</listitem>
436	</varlistentry>
437
438	<varlistentry id="mergecap">
439	<term><command>mergecap</command></term>
440	<listitem>
441	<para>
442	combines multiple saved capture files into a single output file
443	</para>
444	<indexterm zone="wireshark mergecap">
445	<primary sortas="b-mergecap">mergecap</primary>
446	</indexterm>
447	</listitem>
448	</varlistentry>
449
450	<varlistentry id="randpkt">
451	<term><command>randpkt</command></term>
452	<listitem>
453	<para>
454	creates random-packet capture files
455	</para>
456	<indexterm zone="wireshark randpkt">
457	<primary sortas="b-randpkt">randpkt</primary>
458	</indexterm>
459	</listitem>
460	</varlistentry>
461
462	<varlistentry id="rawshark">
463	<term><command>rawshark</command></term>
464	<listitem>
465	<para>
466	dumps and analyzes raw libpcap data
467	</para>
468	<indexterm zone="wireshark rawshark">
469	<primary sortas="b-rawshark">rawshark</primary>
470	</indexterm>
471	</listitem>
472	</varlistentry>
473
474	<varlistentry id="reordercap">
475	<term><command>reordercap</command></term>
476	<listitem>
477	<para>
478	reorders timestamps of input file frames into an output file
479	</para>
480	<indexterm zone="wireshark reordercap">
481	<primary sortas="b-reordercap">reordercap</primary>
482	</indexterm>
483	</listitem>
484	</varlistentry>
485
486	<varlistentry id="sharkd">
487	<term><command>sharkd</command></term>
488	<listitem>
489	<para>
490	is a daemon that listens on UNIX sockets
491	</para>
492	<indexterm zone="wireshark sharkd">
493	<primary sortas="b-sharkd">sharkd</primary>
494	</indexterm>
495	</listitem>
496	</varlistentry>
497
498	<varlistentry id="text2pcap">
499	<term><command>text2pcap</command></term>
500	<listitem>
501	<para>
502	reads in an ASCII hex dump and writes the data described into a
503	<application>libpcap</application>-style capture file
504	</para>
505	<indexterm zone="wireshark text2pcap">
506	<primary sortas="b-text2pcap">text2pcap</primary>
507	</indexterm>
508	</listitem>
509	</varlistentry>
510
511	<varlistentry id="tshark">
512	<term><command>tshark</command></term>
513	<listitem>
514	<para>
515	is a TTY-mode network protocol analyzer. It lets you capture
516	packet data from a live network or read packets from a
517	previously saved capture file
518	</para>
519	<indexterm zone="wireshark tshark">
520	<primary sortas="b-tshark">tshark</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524
525	<varlistentry id="wireshark-prog">
526	<term><command>wireshark</command></term>
527	<listitem>
528	<para>
529	is the Qt GUI network protocol analyzer. It lets you interactively
530	browse packet data from a live network or from a previously saved
531	capture file
532	</para>
533	<indexterm zone="wireshark wireshark-prog">
534	<primary sortas="b-wireshark">wireshark</primary>
535	</indexterm>
536	</listitem>
537	</varlistentry>
538	<!-- seems to have disappeared
539	<varlistentry id="wireshark-gtk-prog">
540	<term><command>wireshark-gtk</command></term>
541	<listitem>
542	<para>
543	is the Gtk+ GUI network protocol analyzer. It lets you interactively
544	browse packet data from a live network or from a previously saved
545	capture file (optional).
546	</para>
547	<indexterm zone="wireshark wireshark-gtk-prog">
548	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
549	</indexterm>
550	</listitem>
551	</varlistentry>
552	-->
553	<varlistentry id="libwireshark">
554	<term><filename class="libraryfile">libwireshark.so</filename></term>
555	<listitem>
556	<para>
557	contains functions used by the <application>Wireshark</application>
558	programs to perform filtering and packet capturing
559	</para>
560	<indexterm zone="wireshark libwireshark">
561	<primary sortas="c-libwireshark">libwireshark.so</primary>
562	</indexterm>
563	</listitem>
564	</varlistentry>
565
566	<varlistentry id="libwiretap">
567	<term><filename class="libraryfile">libwiretap.so</filename></term>
568	<listitem>
569	<para>
570	is a library being developed as a future replacement for
571	<filename class="libraryfile">libpcap</filename>, the current
572	standard Unix library for packet capturing. For more information,
573	see the <filename>README</filename> file in the source
574	<filename class="directory">wiretap</filename> directory
575	</para>
576	<indexterm zone="wireshark libwiretap">
577	<primary sortas="c-libwiretap">libwiretap.so</primary>
578	</indexterm>
579	</listitem>
580	</varlistentry>
581
582	</variablelist>
583
584	</sect2>
585
586	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark.xml@ ad8b716

Download in other formats: