Context Navigation

source: networking/netutils/wireshark.xml@ bc99c9d

Visit:

12.1 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18

Last change on this file since bc99c9d was 891ab0d, checked in by Bruce Dubbs <bdubbs@…>, 8 months ago
Mention wirshark's preference for qt6
Property mode set to `100644`
File size: 19.7 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "37658796acb4e7a04a84fa8c5393c9a1">
10	<!ENTITY wireshark-size "43 MB">
11	<!ENTITY wireshark-buildsize "911 MB (with all optional dependencies available in the BLFS book; 168 MB installed)">
12	<!ENTITY wireshark-time "2.9 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs120_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<!--
90	<listitem>
91	<para>
92	Required patch to build with Python-3.12:
93	<ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
94	</para>
95	</listitem>
96	-->
97	<listitem>
98	<para>
99	Additional Documentation:
100	<ulink url="https://www.wireshark.org/download/docs/"/>
101	(contains links to several different docs in a variety of formats)
102	</para>
103	</listitem>
104	</itemizedlist>
105
106	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
107
108	<bridgehead renderas="sect4">Required</bridgehead>
109	<para role="required">
110	<xref linkend="cmake"/>,
111	<xref linkend="c-ares"/>,
112	<xref linkend="glib2"/>,
113	<xref linkend="libgcrypt"/>, and
114	(<xref linkend="qt5"/> or
115	<xref role="nodep" linkend="qt5-components"/> with qtmultimedia) or
116	<xref linkend="qt6"/>
117	</para>
118
119	<bridgehead renderas="sect4">Recommended</bridgehead>
120	<para role="recommended">
121	<xref linkend="libpcap"/> (required to capture data)
122	</para>
123
124	<bridgehead renderas="sect4">Optional</bridgehead>
125	<para role="optional">
126	<xref linkend="asciidoctor"/>,
127	<xref linkend="brotli"/>,
128	<xref linkend="doxygen"/>,
129	<xref linkend="git"/>,
130	<xref linkend="gnutls"/>,
131	<xref linkend="libnl"/>,
132	<xref linkend="libxslt"/>,
133	<xref linkend="libxml2"/>,
134	<xref linkend="lua52"/>,
135	<xref linkend="mitkrb"/>,
136	<xref linkend="nghttp2"/>,
137	<xref linkend="sbc"/>,
138	<xref linkend="speex"/>,
139	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
140	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
141	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
142	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
143	<ulink url="https://www.libssh.org/">libssh</ulink>,
144	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
145	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
146	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
147	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
148	</para>
149
150
151	</sect2>
152
153	<sect2 role="kernel" id="wireshark-kernel">
154	<title>Kernel Configuration</title>
155
156	<para>
157	The kernel must have the Packet protocol enabled for <application>
158	Wireshark</application> to capture live packets from the network:
159	</para>
160
161	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
162	href="wireshark-kernel.xml"/>
163
164	<para>
165	If built as a module, the name is <filename>af_packet.ko</filename>.
166	</para>
167
168	<indexterm zone="wireshark wireshark-kernel">
169	<primary sortas="d-Capturing-network-packets">
170	Capturing network packets
171	</primary>
172	</indexterm>
173
174	</sect2>
175
176	<sect2 role="installation">
177	<title>Installation of Wireshark</title>
178
179	<para>
180	<application>Wireshark</application> is a very large and complex
181	application. These instructions provide additional security measures to
182	ensure that only trusted users are allowed to view network traffic. First,
183	set up a system group for wireshark. As the <systemitem
184	class="username">root</systemitem> user:
185	</para>
186
187	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
188	<!--
189	<para>
190	Fix building with Python-3.12 and higher:
191	</para>
192
193	<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-py_3.12_fix-1.patch</userinput></screen>
194	-->
195	<para>
196	Continue to install <application>Wireshark</application> by running
197	the following commands:
198	</para>
199
200	<screen><userinput>mkdir build &&
201	cd build &&
202
203	cmake -DCMAKE_INSTALL_PREFIX=/usr \
204	-DCMAKE_BUILD_TYPE=Release \
205	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
206	-G Ninja \
207	.. &&
208	ninja</userinput></screen>
209
210	<note>
211	<para>
212	Wireshark now prefers <xref linkend="qt6"/>. If it is not available
213	Add <code>-DUSE_qt6=OFF</code> to the build instructions above.
214	</para>
215	</note>
216
217	<para>
218	This package does not come with a test suite.
219	</para>
220
221	<para>
222	Now, as the <systemitem class="username">root</systemitem> user:
223	</para>
224
225	<screen role="root"><userinput>ninja install &&
226
227	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
228	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
229	/usr/share/doc/wireshark-&wireshark-version; &&
230
231	pushd /usr/share/doc/wireshark-&wireshark-version; &&
232	for FILENAME in ../../wireshark/*.html; do
233	ln -s -v -f $FILENAME .
234	done &&
235	popd
236	unset FILENAME</userinput></screen>
237
238	<para>
239	If you downloaded any of the documentation files from the page
240	listed in the 'Additional Downloads', install them by issuing the
241	following commands as the <systemitem class="username">root</systemitem>
242	user:
243	</para>
244
245	<screen role="root"
246	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
247	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
248
249	<para>
250	Now, set ownership and permissions of sensitive applications to only
251	allow authorized users. As the <systemitem class="username">root
252	</systemitem> user:
253	</para>
254
255	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
256	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
257
258	<para>
259	Finally, add any users to the wireshark group (as <systemitem class=
260	"username">root</systemitem> user):
261	</para>
262
263	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
264
265	<para>
266	If you are installing wireshark for the first time, it will be necessary
267	to logout of your session and login again. This will put wireshark in your
268	groups, because otherwise Wireshark will not function properly.
269	</para>
270
271	</sect2>
272	<!--
273	<sect2 role="commands">
274	<title>Command Explanations</title>
275
276	<para>
277	<option>- -disable-wireshark</option>: Use this switch if you
278	have <application>Qt</application> installed but do not want to build
279	any of the GUIs.
280	</para>
281	</sect2>
282	-->
283
284	<sect2 role="configuration">
285	<title>Configuring Wireshark</title>
286
287	<sect3 id="wireshark-config">
288	<title>Config Files</title>
289
290	<para>
291	<filename>/etc/wireshark.conf</filename> and
292	<filename>~/.config/wireshark/*</filename> (unless there is already
293	<filename>~/.wireshark/*</filename> in the system)
294	</para>
295
296	<indexterm zone="wireshark wireshark-config">
297	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
298	</indexterm>
299
300	<indexterm zone="wireshark wireshark-config">
301	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
302	</indexterm>
303
304	</sect3>
305
306	<sect3>
307	<title>Configuration Information</title>
308
309	<para>
310	Though the default configuration parameters are very sane, reference
311	the configuration section of the <ulink url=
312	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
313	</ulink> for configuration information. Most of <application>Wireshark
314	</application>'s configuration can be accomplished
315	using the menu options of the <command>wireshark</command> graphical
316	interfaces.
317	</para>
318
319	<note>
320	<para>
321	If you want to look at packets, make sure you don't filter them
322	out with <xref linkend="iptables"/>. If you want to exclude certain
323	classes of packets, it is more efficient to do it with
324	<application>iptables</application> than it is with
325	<application>Wireshark</application>.
326	</para>
327	</note>
328
329	</sect3>
330
331	</sect2>
332
333	<sect2 role="content">
334	<title>Contents</title>
335
336	<segmentedlist>
337	<segtitle>Installed Programs</segtitle>
338	<segtitle>Installed Libraries</segtitle>
339	<segtitle>Installed Directories</segtitle>
340
341	<seglistitem>
342	<seg>
343	capinfos, captype, dumpcap, editcap, idl2wrs,
344	mergecap, randpkt, rawshark, reordercap, sharkd,
345	text2pcap, tshark, and wireshark
346	</seg>
347	<seg>
348	libwireshark.so, libwiretap.so,
349	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
350	</seg>
351	<seg>
352	/usr/{lib,share}/wireshark and
353	/usr/share/doc/wireshark-&wireshark-version;
354	</seg>
355	</seglistitem>
356	</segmentedlist>
357
358	<variablelist>
359	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
360	<?dbfo list-presentation="list"?>
361	<?dbhtml list-presentation="table"?>
362
363	<varlistentry id="capinfos">
364	<term><command>capinfos</command></term>
365	<listitem>
366	<para>
367	reads a saved capture file and returns any or all of several
368	statistics about that file. It is able to detect and read any
369	capture supported by the <application>Wireshark</application>
370	package
371	</para>
372	<indexterm zone="wireshark capinfos">
373	<primary sortas="b-capinfos">capinfos</primary>
374	</indexterm>
375	</listitem>
376	</varlistentry>
377
378	<varlistentry id="captype">
379	<term><command>captype</command></term>
380	<listitem>
381	<para>
382	prints the file types of capture files
383	</para>
384	<indexterm zone="wireshark captype">
385	<primary sortas="b-captype">captype</primary>
386	</indexterm>
387	</listitem>
388	</varlistentry>
389
390	<varlistentry id="dumpcap">
391	<term><command>dumpcap</command></term>
392	<listitem>
393	<para>
394	is a network traffic dump tool. It lets you capture packet data
395	from a live network and write the packets to a file
396	</para>
397	<indexterm zone="wireshark dumpcap">
398	<primary sortas="b-dumpcap">dumpcap</primary>
399	</indexterm>
400	</listitem>
401	</varlistentry>
402
403	<varlistentry id="editcap">
404	<term><command>editcap</command></term>
405	<listitem>
406	<para>
407	edits and/or translates the format of capture files. It knows
408	how to read <application>libpcap</application> capture files,
409	including those of <command>tcpdump</command>,
410	<application>Wireshark</application> and other tools that write
411	captures in that format
412	</para>
413	<indexterm zone="wireshark editcap">
414	<primary sortas="b-editcap">editcap</primary>
415	</indexterm>
416	</listitem>
417	</varlistentry>
418
419	<varlistentry id="idl2wrs">
420	<term><command>idl2wrs</command></term>
421	<listitem>
422	<para>
423	is a program that takes a user specified CORBA IDL file and
424	generates <quote>C</quote> source code for a
425	<application>Wireshark</application> <quote>plugin</quote>. It
426	relies on two Python programs <command>wireshark_be.py</command>
427	and <command>wireshark_gen.py</command>, which are not installed
428	by default. They have to be copied manually from the
429	<filename class="directory">tools</filename> directory to the
430	<filename class="directory">$PYTHONPATH/site-packages/</filename>
431	directory
432	</para>
433	<indexterm zone="wireshark idl2wrs">
434	<primary sortas="b-idl2wrs">idl2wrs</primary>
435	</indexterm>
436	</listitem>
437	</varlistentry>
438
439	<varlistentry id="mergecap">
440	<term><command>mergecap</command></term>
441	<listitem>
442	<para>
443	combines multiple saved capture files into a single output file
444	</para>
445	<indexterm zone="wireshark mergecap">
446	<primary sortas="b-mergecap">mergecap</primary>
447	</indexterm>
448	</listitem>
449	</varlistentry>
450
451	<varlistentry id="randpkt">
452	<term><command>randpkt</command></term>
453	<listitem>
454	<para>
455	creates random-packet capture files
456	</para>
457	<indexterm zone="wireshark randpkt">
458	<primary sortas="b-randpkt">randpkt</primary>
459	</indexterm>
460	</listitem>
461	</varlistentry>
462
463	<varlistentry id="rawshark">
464	<term><command>rawshark</command></term>
465	<listitem>
466	<para>
467	dumps and analyzes raw libpcap data
468	</para>
469	<indexterm zone="wireshark rawshark">
470	<primary sortas="b-rawshark">rawshark</primary>
471	</indexterm>
472	</listitem>
473	</varlistentry>
474
475	<varlistentry id="reordercap">
476	<term><command>reordercap</command></term>
477	<listitem>
478	<para>
479	reorders timestamps of input file frames into an output file
480	</para>
481	<indexterm zone="wireshark reordercap">
482	<primary sortas="b-reordercap">reordercap</primary>
483	</indexterm>
484	</listitem>
485	</varlistentry>
486
487	<varlistentry id="sharkd">
488	<term><command>sharkd</command></term>
489	<listitem>
490	<para>
491	is a daemon that listens on UNIX sockets
492	</para>
493	<indexterm zone="wireshark sharkd">
494	<primary sortas="b-sharkd">sharkd</primary>
495	</indexterm>
496	</listitem>
497	</varlistentry>
498
499	<varlistentry id="text2pcap">
500	<term><command>text2pcap</command></term>
501	<listitem>
502	<para>
503	reads in an ASCII hex dump and writes the data described into a
504	<application>libpcap</application>-style capture file
505	</para>
506	<indexterm zone="wireshark text2pcap">
507	<primary sortas="b-text2pcap">text2pcap</primary>
508	</indexterm>
509	</listitem>
510	</varlistentry>
511
512	<varlistentry id="tshark">
513	<term><command>tshark</command></term>
514	<listitem>
515	<para>
516	is a TTY-mode network protocol analyzer. It lets you capture
517	packet data from a live network or read packets from a
518	previously saved capture file
519	</para>
520	<indexterm zone="wireshark tshark">
521	<primary sortas="b-tshark">tshark</primary>
522	</indexterm>
523	</listitem>
524	</varlistentry>
525
526	<varlistentry id="wireshark-prog">
527	<term><command>wireshark</command></term>
528	<listitem>
529	<para>
530	is the Qt GUI network protocol analyzer. It lets you interactively
531	browse packet data from a live network or from a previously saved
532	capture file
533	</para>
534	<indexterm zone="wireshark wireshark-prog">
535	<primary sortas="b-wireshark">wireshark</primary>
536	</indexterm>
537	</listitem>
538	</varlistentry>
539	<!-- seems to have disappeared
540	<varlistentry id="wireshark-gtk-prog">
541	<term><command>wireshark-gtk</command></term>
542	<listitem>
543	<para>
544	is the Gtk+ GUI network protocol analyzer. It lets you interactively
545	browse packet data from a live network or from a previously saved
546	capture file (optional).
547	</para>
548	<indexterm zone="wireshark wireshark-gtk-prog">
549	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
550	</indexterm>
551	</listitem>
552	</varlistentry>
553	-->
554	<varlistentry id="libwireshark">
555	<term><filename class="libraryfile">libwireshark.so</filename></term>
556	<listitem>
557	<para>
558	contains functions used by the <application>Wireshark</application>
559	programs to perform filtering and packet capturing
560	</para>
561	<indexterm zone="wireshark libwireshark">
562	<primary sortas="c-libwireshark">libwireshark.so</primary>
563	</indexterm>
564	</listitem>
565	</varlistentry>
566
567	<varlistentry id="libwiretap">
568	<term><filename class="libraryfile">libwiretap.so</filename></term>
569	<listitem>
570	<para>
571	is a library being developed as a future replacement for
572	<filename class="libraryfile">libpcap</filename>, the current
573	standard Unix library for packet capturing. For more information,
574	see the <filename>README</filename> file in the source
575	<filename class="directory">wiretap</filename> directory
576	</para>
577	<indexterm zone="wireshark libwiretap">
578	<primary sortas="c-libwiretap">libwiretap.so</primary>
579	</indexterm>
580	</listitem>
581	</varlistentry>
582
583	</variablelist>
584
585	</sect2>
586
587	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: