Context Navigation

source: networking/netutils/wireshark.xml@ c3f38243

Visit:

12.1 12.2 gimp3 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/for-12.3 xry111/llvm18 xry111/spidermonkey128

Last change on this file since c3f38243 was 7c4770f5, checked in by Bruce Dubbs <bdubbs@…>, 11 months ago
Update to wireshark-4.2.0.
Property mode set to `100644`
File size: 19.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "37658796acb4e7a04a84fa8c5393c9a1">
10	<!ENTITY wireshark-size "43 MB">
11	<!ENTITY wireshark-buildsize "911 MB (with all optional dependencies available in the BLFS book; 168 MB installed)">
12	<!ENTITY wireshark-time "2.9 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs120_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<!--
90	<listitem>
91	<para>
92	Required patch to build with Python-3.12:
93	<ulink url="&patch-root;/wireshark-&wireshark-version;-py_3.12_fix-1.patch"/>
94	</para>
95	</listitem>
96	-->
97	<listitem>
98	<para>
99	Additional Documentation:
100	<ulink url="https://www.wireshark.org/download/docs/"/>
101	(contains links to several different docs in a variety of formats)
102	</para>
103	</listitem>
104	</itemizedlist>
105
106	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
107
108	<bridgehead renderas="sect4">Required</bridgehead>
109	<para role="required">
110	<xref linkend="cmake"/>,
111	<xref linkend="c-ares"/>,
112	<xref linkend="glib2"/>,
113	<xref linkend="libgcrypt"/>, and
114	(<xref linkend="qt5"/> or
115	<xref role="nodep" linkend="qt5-components"/> with qtmultimedia)
116	</para>
117
118	<bridgehead renderas="sect4">Recommended</bridgehead>
119	<para role="recommended">
120	<xref linkend="libpcap"/> (required to capture data)
121	</para>
122
123	<bridgehead renderas="sect4">Optional</bridgehead>
124	<para role="optional">
125	<xref linkend="asciidoctor"/>,
126	<xref linkend="brotli"/>,
127	<xref linkend="doxygen"/>,
128	<xref linkend="git"/>,
129	<xref linkend="gnutls"/>,
130	<xref linkend="libnl"/>,
131	<xref linkend="libxslt"/>,
132	<xref linkend="libxml2"/>,
133	<xref linkend="lua52"/>,
134	<xref linkend="mitkrb"/>,
135	<xref linkend="nghttp2"/>,
136	<xref linkend="sbc"/>,
137	<xref linkend="speex"/>,
138	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
139	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
140	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
141	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
142	<ulink url="https://www.libssh.org/">libssh</ulink>,
143	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
144	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
145	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
146	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
147	</para>
148
149
150	</sect2>
151
152	<sect2 role="kernel" id="wireshark-kernel">
153	<title>Kernel Configuration</title>
154
155	<para>
156	The kernel must have the Packet protocol enabled for <application>
157	Wireshark</application> to capture live packets from the network:
158	</para>
159
160	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
161	href="wireshark-kernel.xml"/>
162
163	<para>
164	If built as a module, the name is <filename>af_packet.ko</filename>.
165	</para>
166
167	<indexterm zone="wireshark wireshark-kernel">
168	<primary sortas="d-Capturing-network-packets">
169	Capturing network packets
170	</primary>
171	</indexterm>
172
173	</sect2>
174
175	<sect2 role="installation">
176	<title>Installation of Wireshark</title>
177
178	<para>
179	<application>Wireshark</application> is a very large and complex
180	application. These instructions provide additional security measures to
181	ensure that only trusted users are allowed to view network traffic. First,
182	set up a system group for wireshark. As the <systemitem
183	class="username">root</systemitem> user:
184	</para>
185
186	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
187	<!--
188	<para>
189	Fix building with Python-3.12 and higher:
190	</para>
191
192	<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-py_3.12_fix-1.patch</userinput></screen>
193	-->
194	<para>
195	Continue to install <application>Wireshark</application> by running
196	the following commands:
197	</para>
198
199	<screen><userinput>mkdir build &&
200	cd build &&
201
202	cmake -DCMAKE_INSTALL_PREFIX=/usr \
203	-DCMAKE_BUILD_TYPE=Release \
204	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
205	-G Ninja \
206	.. &&
207	ninja</userinput></screen>
208
209	<para>
210	This package does not come with a test suite.
211	</para>
212
213	<para>
214	Now, as the <systemitem class="username">root</systemitem> user:
215	</para>
216
217	<screen role="root"><userinput>ninja install &&
218
219	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
220	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
221	/usr/share/doc/wireshark-&wireshark-version; &&
222
223	pushd /usr/share/doc/wireshark-&wireshark-version; &&
224	for FILENAME in ../../wireshark/*.html; do
225	ln -s -v -f $FILENAME .
226	done &&
227	popd
228	unset FILENAME</userinput></screen>
229
230	<para>
231	If you downloaded any of the documentation files from the page
232	listed in the 'Additional Downloads', install them by issuing the
233	following commands as the <systemitem class="username">root</systemitem>
234	user:
235	</para>
236
237	<screen role="root"
238	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
239	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
240
241	<para>
242	Now, set ownership and permissions of sensitive applications to only
243	allow authorized users. As the <systemitem class="username">root
244	</systemitem> user:
245	</para>
246
247	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
248	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
249
250	<para>
251	Finally, add any users to the wireshark group (as <systemitem class=
252	"username">root</systemitem> user):
253	</para>
254
255	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
256
257	<para>
258	If you are installing wireshark for the first time, it will be necessary
259	to logout of your session and login again. This will put wireshark in your
260	groups, because otherwise Wireshark will not function properly.
261	</para>
262
263	</sect2>
264	<!--
265	<sect2 role="commands">
266	<title>Command Explanations</title>
267
268	<para>
269	<option>- -disable-wireshark</option>: Use this switch if you
270	have <application>Qt</application> installed but do not want to build
271	any of the GUIs.
272	</para>
273	</sect2>
274	-->
275
276	<sect2 role="configuration">
277	<title>Configuring Wireshark</title>
278
279	<sect3 id="wireshark-config">
280	<title>Config Files</title>
281
282	<para>
283	<filename>/etc/wireshark.conf</filename> and
284	<filename>~/.config/wireshark/*</filename> (unless there is already
285	<filename>~/.wireshark/*</filename> in the system)
286	</para>
287
288	<indexterm zone="wireshark wireshark-config">
289	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
290	</indexterm>
291
292	<indexterm zone="wireshark wireshark-config">
293	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
294	</indexterm>
295
296	</sect3>
297
298	<sect3>
299	<title>Configuration Information</title>
300
301	<para>
302	Though the default configuration parameters are very sane, reference
303	the configuration section of the <ulink url=
304	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
305	</ulink> for configuration information. Most of <application>Wireshark
306	</application>'s configuration can be accomplished
307	using the menu options of the <command>wireshark</command> graphical
308	interfaces.
309	</para>
310
311	<note>
312	<para>
313	If you want to look at packets, make sure you don't filter them
314	out with <xref linkend="iptables"/>. If you want to exclude certain
315	classes of packets, it is more efficient to do it with
316	<application>iptables</application> than it is with
317	<application>Wireshark</application>.
318	</para>
319	</note>
320
321	</sect3>
322
323	</sect2>
324
325	<sect2 role="content">
326	<title>Contents</title>
327
328	<segmentedlist>
329	<segtitle>Installed Programs</segtitle>
330	<segtitle>Installed Libraries</segtitle>
331	<segtitle>Installed Directories</segtitle>
332
333	<seglistitem>
334	<seg>
335	capinfos, captype, dumpcap, editcap, idl2wrs,
336	mergecap, randpkt, rawshark, reordercap, sharkd,
337	text2pcap, tshark, and wireshark
338	</seg>
339	<seg>
340	libwireshark.so, libwiretap.so,
341	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
342	</seg>
343	<seg>
344	/usr/{lib,share}/wireshark and
345	/usr/share/doc/wireshark-&wireshark-version;
346	</seg>
347	</seglistitem>
348	</segmentedlist>
349
350	<variablelist>
351	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
352	<?dbfo list-presentation="list"?>
353	<?dbhtml list-presentation="table"?>
354
355	<varlistentry id="capinfos">
356	<term><command>capinfos</command></term>
357	<listitem>
358	<para>
359	reads a saved capture file and returns any or all of several
360	statistics about that file. It is able to detect and read any
361	capture supported by the <application>Wireshark</application>
362	package
363	</para>
364	<indexterm zone="wireshark capinfos">
365	<primary sortas="b-capinfos">capinfos</primary>
366	</indexterm>
367	</listitem>
368	</varlistentry>
369
370	<varlistentry id="captype">
371	<term><command>captype</command></term>
372	<listitem>
373	<para>
374	prints the file types of capture files
375	</para>
376	<indexterm zone="wireshark captype">
377	<primary sortas="b-captype">captype</primary>
378	</indexterm>
379	</listitem>
380	</varlistentry>
381
382	<varlistentry id="dumpcap">
383	<term><command>dumpcap</command></term>
384	<listitem>
385	<para>
386	is a network traffic dump tool. It lets you capture packet data
387	from a live network and write the packets to a file
388	</para>
389	<indexterm zone="wireshark dumpcap">
390	<primary sortas="b-dumpcap">dumpcap</primary>
391	</indexterm>
392	</listitem>
393	</varlistentry>
394
395	<varlistentry id="editcap">
396	<term><command>editcap</command></term>
397	<listitem>
398	<para>
399	edits and/or translates the format of capture files. It knows
400	how to read <application>libpcap</application> capture files,
401	including those of <command>tcpdump</command>,
402	<application>Wireshark</application> and other tools that write
403	captures in that format
404	</para>
405	<indexterm zone="wireshark editcap">
406	<primary sortas="b-editcap">editcap</primary>
407	</indexterm>
408	</listitem>
409	</varlistentry>
410
411	<varlistentry id="idl2wrs">
412	<term><command>idl2wrs</command></term>
413	<listitem>
414	<para>
415	is a program that takes a user specified CORBA IDL file and
416	generates <quote>C</quote> source code for a
417	<application>Wireshark</application> <quote>plugin</quote>. It
418	relies on two Python programs <command>wireshark_be.py</command>
419	and <command>wireshark_gen.py</command>, which are not installed
420	by default. They have to be copied manually from the
421	<filename class="directory">tools</filename> directory to the
422	<filename class="directory">$PYTHONPATH/site-packages/</filename>
423	directory
424	</para>
425	<indexterm zone="wireshark idl2wrs">
426	<primary sortas="b-idl2wrs">idl2wrs</primary>
427	</indexterm>
428	</listitem>
429	</varlistentry>
430
431	<varlistentry id="mergecap">
432	<term><command>mergecap</command></term>
433	<listitem>
434	<para>
435	combines multiple saved capture files into a single output file
436	</para>
437	<indexterm zone="wireshark mergecap">
438	<primary sortas="b-mergecap">mergecap</primary>
439	</indexterm>
440	</listitem>
441	</varlistentry>
442
443	<varlistentry id="randpkt">
444	<term><command>randpkt</command></term>
445	<listitem>
446	<para>
447	creates random-packet capture files
448	</para>
449	<indexterm zone="wireshark randpkt">
450	<primary sortas="b-randpkt">randpkt</primary>
451	</indexterm>
452	</listitem>
453	</varlistentry>
454
455	<varlistentry id="rawshark">
456	<term><command>rawshark</command></term>
457	<listitem>
458	<para>
459	dumps and analyzes raw libpcap data
460	</para>
461	<indexterm zone="wireshark rawshark">
462	<primary sortas="b-rawshark">rawshark</primary>
463	</indexterm>
464	</listitem>
465	</varlistentry>
466
467	<varlistentry id="reordercap">
468	<term><command>reordercap</command></term>
469	<listitem>
470	<para>
471	reorders timestamps of input file frames into an output file
472	</para>
473	<indexterm zone="wireshark reordercap">
474	<primary sortas="b-reordercap">reordercap</primary>
475	</indexterm>
476	</listitem>
477	</varlistentry>
478
479	<varlistentry id="sharkd">
480	<term><command>sharkd</command></term>
481	<listitem>
482	<para>
483	is a daemon that listens on UNIX sockets
484	</para>
485	<indexterm zone="wireshark sharkd">
486	<primary sortas="b-sharkd">sharkd</primary>
487	</indexterm>
488	</listitem>
489	</varlistentry>
490
491	<varlistentry id="text2pcap">
492	<term><command>text2pcap</command></term>
493	<listitem>
494	<para>
495	reads in an ASCII hex dump and writes the data described into a
496	<application>libpcap</application>-style capture file
497	</para>
498	<indexterm zone="wireshark text2pcap">
499	<primary sortas="b-text2pcap">text2pcap</primary>
500	</indexterm>
501	</listitem>
502	</varlistentry>
503
504	<varlistentry id="tshark">
505	<term><command>tshark</command></term>
506	<listitem>
507	<para>
508	is a TTY-mode network protocol analyzer. It lets you capture
509	packet data from a live network or read packets from a
510	previously saved capture file
511	</para>
512	<indexterm zone="wireshark tshark">
513	<primary sortas="b-tshark">tshark</primary>
514	</indexterm>
515	</listitem>
516	</varlistentry>
517
518	<varlistentry id="wireshark-prog">
519	<term><command>wireshark</command></term>
520	<listitem>
521	<para>
522	is the Qt GUI network protocol analyzer. It lets you interactively
523	browse packet data from a live network or from a previously saved
524	capture file
525	</para>
526	<indexterm zone="wireshark wireshark-prog">
527	<primary sortas="b-wireshark">wireshark</primary>
528	</indexterm>
529	</listitem>
530	</varlistentry>
531	<!-- seems to have disappeared
532	<varlistentry id="wireshark-gtk-prog">
533	<term><command>wireshark-gtk</command></term>
534	<listitem>
535	<para>
536	is the Gtk+ GUI network protocol analyzer. It lets you interactively
537	browse packet data from a live network or from a previously saved
538	capture file (optional).
539	</para>
540	<indexterm zone="wireshark wireshark-gtk-prog">
541	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
542	</indexterm>
543	</listitem>
544	</varlistentry>
545	-->
546	<varlistentry id="libwireshark">
547	<term><filename class="libraryfile">libwireshark.so</filename></term>
548	<listitem>
549	<para>
550	contains functions used by the <application>Wireshark</application>
551	programs to perform filtering and packet capturing
552	</para>
553	<indexterm zone="wireshark libwireshark">
554	<primary sortas="c-libwireshark">libwireshark.so</primary>
555	</indexterm>
556	</listitem>
557	</varlistentry>
558
559	<varlistentry id="libwiretap">
560	<term><filename class="libraryfile">libwiretap.so</filename></term>
561	<listitem>
562	<para>
563	is a library being developed as a future replacement for
564	<filename class="libraryfile">libpcap</filename>, the current
565	standard Unix library for packet capturing. For more information,
566	see the <filename>README</filename> file in the source
567	<filename class="directory">wiretap</filename> directory
568	</para>
569	<indexterm zone="wireshark libwiretap">
570	<primary sortas="c-libwiretap">libwiretap.so</primary>
571	</indexterm>
572	</listitem>
573	</varlistentry>
574
575	</variablelist>
576
577	</sect2>
578
579	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: