Context Navigation

source: networking/netutils/wireshark.xml@ af40952f

Visit:

trunk

Last change on this file since af40952f was 4acf92b5, checked in by Bruce Dubbs <bdubbs@…>, 3 weeks ago
Update to wireshark-4.4.0.
Property mode set to `100644`
File size: 19.0 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "50a9ae3a9b90f92d6f352531fe68fbd2">
10	<!ENTITY wireshark-size "45 MB">
11	<!ENTITY wireshark-buildsize "771 MB (171 MB installed)">
12	<!ENTITY wireshark-time "2.5 SBU (with parallelism=4)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer.</quote> This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs122_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<!--
90	<listitem>
91	<para>
92	Required patch to build with Python-3.12:
93	<ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
94	</para>
95	</listitem>
96	-->
97	<listitem>
98	<para>
99	Additional Documentation:
100	<ulink url="https://www.wireshark.org/download/docs/"/>
101	(contains links to several different docs in a variety of formats)
102	</para>
103	</listitem>
104	</itemizedlist>
105
106	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
107
108	<bridgehead renderas="sect4">Required</bridgehead>
109	<para role="required">
110	<xref linkend="cmake"/>,
111	<xref linkend="c-ares"/>,
112	<xref linkend="glib2"/>,
113	<xref linkend="libgcrypt"/>,
114	<xref linkend="qt6"/>, and
115	<xref linkend="speex"/>
116	</para>
117	<!--
118	<note>
119	<para>
120	<xref linkend="qt6"/> is not strictly required, since it can be
121	replaced with <application>Qt5</application>. See <quote>Command
122	explanations</quote> below.
123	</para>
124	</note>
125	-->
126	<bridgehead renderas="sect4">Recommended</bridgehead>
127	<para role="recommended">
128	<xref linkend="libpcap"/> (required to capture data)
129	</para>
130
131	<bridgehead renderas="sect4">Optional</bridgehead>
132	<para role="optional">
133	<xref linkend="asciidoctor"/>,
134	<xref linkend="brotli"/>,
135	<xref linkend="doxygen"/>,
136	<xref linkend="git"/>,
137	<xref linkend="gnutls"/>,
138	<xref linkend="libnl"/>,
139	<xref linkend="libxslt"/>,
140	<xref linkend="libxml2"/>,
141	<xref linkend="lua"/>,
142	<xref linkend="mitkrb"/>,
143	<xref linkend="nghttp2"/>,
144	<xref linkend="sbc"/>,
145	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
146	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
147	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
148	<ulink url="https://www.libssh.org/">libssh</ulink>,
149	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
150	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
151	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
152	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
153	</para>
154
155	</sect2>
156
157	<sect2 role="kernel" id="wireshark-kernel">
158	<title>Kernel Configuration</title>
159
160	<para>
161	The kernel must have the Packet protocol enabled for <application>
162	Wireshark</application> to capture live packets from the network:
163	</para>
164
165	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
166	href="wireshark-kernel.xml"/>
167
168	<para>
169	If built as a module, the name is <filename>af_packet.ko</filename>.
170	</para>
171
172	<indexterm zone="wireshark wireshark-kernel">
173	<primary sortas="d-Capturing-network-packets">
174	Capturing network packets
175	</primary>
176	</indexterm>
177
178	</sect2>
179
180	<sect2 role="installation">
181	<title>Installation of Wireshark</title>
182
183	<para>
184	<application>Wireshark</application> is a very large and complex
185	application. These instructions provide additional security measures to
186	ensure that only trusted users are allowed to view network traffic. First,
187	set up a system group for wireshark. As the <systemitem
188	class="username">root</systemitem> user:
189	</para>
190
191	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
192
193	<para>
194	Continue to install <application>Wireshark</application> by running
195	the following commands:
196	</para>
197
198	<screen><userinput>mkdir build &&
199	cd build &&
200
201	cmake -D CMAKE_INSTALL_PREFIX=/usr \
202	-D CMAKE_BUILD_TYPE=Release \
203	-D CMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
204	-G Ninja \
205	.. &&
206	ninja</userinput></screen>
207
208	<para>
209	This package does not come with a test suite.
210	</para>
211
212	<para>
213	Now, as the <systemitem class="username">root</systemitem> user:
214	</para>
215
216	<screen role="root"><userinput>ninja install &&
217
218	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
219	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
220	/usr/share/doc/wireshark-&wireshark-version; &&
221
222	pushd /usr/share/doc/wireshark-&wireshark-version; &&
223	for FILENAME in ../../wireshark/*.html; do
224	ln -s -v -f $FILENAME .
225	done &&
226	popd
227	unset FILENAME</userinput></screen>
228
229	<para>
230	If you downloaded any of the documentation files from the page
231	listed in the 'Additional Downloads', install them by issuing the
232	following commands as the <systemitem class="username">root</systemitem>
233	user:
234	</para>
235
236	<screen role="root"
237	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
238	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
239
240	<para>
241	Now, set ownership and permissions of sensitive applications to only
242	allow authorized users. As the <systemitem class="username">root
243	</systemitem> user:
244	</para>
245
246	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/tshark &&
247	chmod -v 6550 /usr/bin/tshark</userinput></screen>
248
249	<para>
250	Finally, add any users to the wireshark group (as <systemitem class=
251	"username">root</systemitem> user):
252	</para>
253
254	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
255
256	<para>
257	If you are installing wireshark for the first time, it will be necessary
258	to logout of your session and login again. This will put wireshark in your
259	groups, because otherwise Wireshark will not function properly.
260	</para>
261
262	</sect2>
263
264	<sect2 role="configuration">
265	<title>Configuring Wireshark</title>
266
267	<sect3 id="wireshark-config">
268	<title>Config Files</title>
269
270	<para>
271	<filename>/etc/wireshark.conf</filename> and
272	<filename>~/.config/wireshark/*</filename> (unless there is already
273	<filename>~/.wireshark/*</filename> in the system)
274	</para>
275
276	<indexterm zone="wireshark wireshark-config">
277	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
278	</indexterm>
279
280	<indexterm zone="wireshark wireshark-config">
281	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
282	</indexterm>
283
284	</sect3>
285
286	<sect3>
287	<title>Configuration Information</title>
288
289	<para>
290	Though the default configuration parameters are very sane, reference
291	the configuration section of the <ulink url=
292	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
293	</ulink> for configuration information. Most of <application>Wireshark
294	</application>'s configuration can be accomplished
295	using the menu options of the <command>wireshark</command> graphical
296	interfaces.
297	</para>
298
299	<note>
300	<para>
301	If you want to look at packets, make sure you don't filter them
302	out with <xref linkend="iptables"/>. If you want to exclude certain
303	classes of packets, it is more efficient to do it with
304	<application>iptables</application> than it is with
305	<application>Wireshark</application>.
306	</para>
307	</note>
308
309	</sect3>
310
311	</sect2>
312
313	<sect2 role="content">
314	<title>Contents</title>
315
316	<segmentedlist>
317	<segtitle>Installed Programs</segtitle>
318	<segtitle>Installed Libraries</segtitle>
319	<segtitle>Installed Directories</segtitle>
320
321	<seglistitem>
322	<seg>
323	capinfos, captype, editcap, idl2wrs,
324	mergecap, randpkt, rawshark, reordercap, sharkd,
325	text2pcap, tshark, and wireshark
326	</seg>
327	<seg>
328	libwireshark.so, libwiretap.so,
329	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
330	</seg>
331	<seg>
332	/usr/{lib,share}/wireshark and
333	/usr/share/doc/wireshark-&wireshark-version;
334	</seg>
335	</seglistitem>
336	</segmentedlist>
337
338	<variablelist>
339	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
340	<?dbfo list-presentation="list"?>
341	<?dbhtml list-presentation="table"?>
342
343	<varlistentry id="capinfos">
344	<term><command>capinfos</command></term>
345	<listitem>
346	<para>
347	reads a saved capture file and returns any or all of several
348	statistics about that file. It is able to detect and read any
349	capture supported by the <application>Wireshark</application>
350	package
351	</para>
352	<indexterm zone="wireshark capinfos">
353	<primary sortas="b-capinfos">capinfos</primary>
354	</indexterm>
355	</listitem>
356	</varlistentry>
357
358	<varlistentry id="captype">
359	<term><command>captype</command></term>
360	<listitem>
361	<para>
362	prints the file types of capture files
363	</para>
364	<indexterm zone="wireshark captype">
365	<primary sortas="b-captype">captype</primary>
366	</indexterm>
367	</listitem>
368	</varlistentry>
369	<!-- No longer built/installed
370	<varlistentry id="dumpcap">
371	<term><command>dumpcap</command></term>
372	<listitem>
373	<para>
374	is a network traffic dump tool. It lets you capture packet data
375	from a live network and write the packets to a file
376	</para>
377	<indexterm zone="wireshark dumpcap">
378	<primary sortas="b-dumpcap">dumpcap</primary>
379	</indexterm>
380	</listitem>
381	</varlistentry>
382	-->
383	<varlistentry id="editcap">
384	<term><command>editcap</command></term>
385	<listitem>
386	<para>
387	edits and/or translates the format of capture files. It knows
388	how to read <application>libpcap</application> capture files,
389	including those of <command>tcpdump</command>,
390	<application>Wireshark</application> and other tools that write
391	captures in that format
392	</para>
393	<indexterm zone="wireshark editcap">
394	<primary sortas="b-editcap">editcap</primary>
395	</indexterm>
396	</listitem>
397	</varlistentry>
398
399	<varlistentry id="idl2wrs">
400	<term><command>idl2wrs</command></term>
401	<listitem>
402	<para>
403	is a program that takes a user specified CORBA IDL file and
404	generates <quote>C</quote> source code for a
405	<application>Wireshark</application> <quote>plugin.</quote> It
406	relies on two Python programs <command>wireshark_be.py</command>
407	and <command>wireshark_gen.py</command>, which are not installed
408	by default. They have to be copied manually from the
409	<filename class="directory">tools</filename> directory to the
410	<filename class="directory">$PYTHONPATH/site-packages/</filename>
411	directory
412	</para>
413	<indexterm zone="wireshark idl2wrs">
414	<primary sortas="b-idl2wrs">idl2wrs</primary>
415	</indexterm>
416	</listitem>
417	</varlistentry>
418
419	<varlistentry id="mergecap">
420	<term><command>mergecap</command></term>
421	<listitem>
422	<para>
423	combines multiple saved capture files into a single output file
424	</para>
425	<indexterm zone="wireshark mergecap">
426	<primary sortas="b-mergecap">mergecap</primary>
427	</indexterm>
428	</listitem>
429	</varlistentry>
430
431	<varlistentry id="randpkt">
432	<term><command>randpkt</command></term>
433	<listitem>
434	<para>
435	creates random-packet capture files
436	</para>
437	<indexterm zone="wireshark randpkt">
438	<primary sortas="b-randpkt">randpkt</primary>
439	</indexterm>
440	</listitem>
441	</varlistentry>
442
443	<varlistentry id="rawshark">
444	<term><command>rawshark</command></term>
445	<listitem>
446	<para>
447	dumps and analyzes raw libpcap data
448	</para>
449	<indexterm zone="wireshark rawshark">
450	<primary sortas="b-rawshark">rawshark</primary>
451	</indexterm>
452	</listitem>
453	</varlistentry>
454
455	<varlistentry id="reordercap">
456	<term><command>reordercap</command></term>
457	<listitem>
458	<para>
459	reorders timestamps of input file frames into an output file
460	</para>
461	<indexterm zone="wireshark reordercap">
462	<primary sortas="b-reordercap">reordercap</primary>
463	</indexterm>
464	</listitem>
465	</varlistentry>
466
467	<varlistentry id="sharkd">
468	<term><command>sharkd</command></term>
469	<listitem>
470	<para>
471	is a daemon that listens on UNIX sockets
472	</para>
473	<indexterm zone="wireshark sharkd">
474	<primary sortas="b-sharkd">sharkd</primary>
475	</indexterm>
476	</listitem>
477	</varlistentry>
478
479	<varlistentry id="text2pcap">
480	<term><command>text2pcap</command></term>
481	<listitem>
482	<para>
483	reads in an ASCII hex dump and writes the data described into a
484	<application>libpcap</application>-style capture file
485	</para>
486	<indexterm zone="wireshark text2pcap">
487	<primary sortas="b-text2pcap">text2pcap</primary>
488	</indexterm>
489	</listitem>
490	</varlistentry>
491
492	<varlistentry id="tshark">
493	<term><command>tshark</command></term>
494	<listitem>
495	<para>
496	is a TTY-mode network protocol analyzer. It lets you capture
497	packet data from a live network or read packets from a
498	previously saved capture file
499	</para>
500	<indexterm zone="wireshark tshark">
501	<primary sortas="b-tshark">tshark</primary>
502	</indexterm>
503	</listitem>
504	</varlistentry>
505
506	<varlistentry id="wireshark-prog">
507	<term><command>wireshark</command></term>
508	<listitem>
509	<para>
510	is the Qt GUI network protocol analyzer. It lets you interactively
511	browse packet data from a live network or from a previously saved
512	capture file
513	</para>
514	<indexterm zone="wireshark wireshark-prog">
515	<primary sortas="b-wireshark">wireshark</primary>
516	</indexterm>
517	</listitem>
518	</varlistentry>
519	<!-- seems to have disappeared
520	<varlistentry id="wireshark-gtk-prog">
521	<term><command>wireshark-gtk</command></term>
522	<listitem>
523	<para>
524	is the Gtk+ GUI network protocol analyzer. It lets you interactively
525	browse packet data from a live network or from a previously saved
526	capture file (optional).
527	</para>
528	<indexterm zone="wireshark wireshark-gtk-prog">
529	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533	-->
534	<varlistentry id="libwireshark">
535	<term><filename class="libraryfile">libwireshark.so</filename></term>
536	<listitem>
537	<para>
538	contains functions used by the <application>Wireshark</application>
539	programs to perform filtering and packet capturing
540	</para>
541	<indexterm zone="wireshark libwireshark">
542	<primary sortas="c-libwireshark">libwireshark.so</primary>
543	</indexterm>
544	</listitem>
545	</varlistentry>
546
547	<varlistentry id="libwiretap">
548	<term><filename class="libraryfile">libwiretap.so</filename></term>
549	<listitem>
550	<para>
551	is a library being developed as a future replacement for
552	<filename class="libraryfile">libpcap</filename>, the current
553	standard Unix library for packet capturing. For more information,
554	see the <filename>README</filename> file in the source
555	<filename class="directory">wiretap</filename> directory
556	</para>
557	<indexterm zone="wireshark libwiretap">
558	<primary sortas="c-libwiretap">libwiretap.so</primary>
559	</indexterm>
560	</listitem>
561	</varlistentry>
562
563	</variablelist>
564
565	</sect2>
566
567	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: