Context Navigation

source: networking/netutils/wireshark.xml@ c41cafb

Visit:

12.0 12.1 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18

Last change on this file since c41cafb was bdd8adc9, checked in by Bruce Dubbs <bdubbs@…>, 12 months ago
Update to wireshark-4.0.7.
Property mode set to `100644`
File size: 19.3 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "8c23f20130bb1a346ca3da1ff43a16b4">
10	<!ENTITY wireshark-size "41 MB">
11	<!ENTITY wireshark-buildsize "692 MB (with all optional dependencies available in the BLFS book)">
12	<!ENTITY wireshark-time "2.1 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentler reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs113_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<listitem>
90	<para>
91	Additional Documentation:
92	<ulink url="https://www.wireshark.org/download/docs/"/>
93	(contains links to several different docs in a variety of formats)
94	</para>
95	</listitem>
96	</itemizedlist>
97
98	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
99
100	<bridgehead renderas="sect4">Required</bridgehead>
101	<para role="required">
102	<xref linkend="cmake"/>,
103	<xref linkend="glib2"/>,
104	<xref linkend="libgcrypt"/>, and
105	(<xref linkend="qt5"/> or
106	<xref role="nodep" linkend="qt5-components"/> with qtmultimedia)
107	</para>
108
109	<bridgehead renderas="sect4">Recommended</bridgehead>
110	<para role="recommended">
111	<xref linkend="libpcap"/> (required to capture data)
112	</para>
113
114	<bridgehead renderas="sect4">Optional</bridgehead>
115	<para role="optional">
116	<xref linkend="asciidoctor"/>,
117	<xref linkend="brotli"/>,
118	<xref linkend="c-ares"/>,
119	<xref linkend="doxygen"/>,
120	<xref linkend="git"/>,
121	<xref linkend="gnutls"/>,
122	<xref linkend="libnl"/>,
123	<xref linkend="libxslt"/>,
124	<xref linkend="libxml2"/>,
125	<xref linkend="lua52"/>,
126	<xref linkend="mitkrb"/>,
127	<xref linkend="nghttp2"/>,
128	<xref linkend="sbc"/>,
129	<xref linkend="speex"/>,
130	<!--<ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,-->
131	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
132	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
133	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
134	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
135	<ulink url="https://www.libssh.org/">libssh</ulink>,
136	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
137	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
138	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
139	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
140	</para>
141
142
143	</sect2>
144
145	<sect2 role="kernel" id="wireshark-kernel">
146	<title>Kernel Configuration</title>
147
148	<para>
149	The kernel must have the Packet protocol enabled for <application>
150	Wireshark</application> to capture live packets from the network:
151	</para>
152
153	<screen><literal>[*] Networking support ---> [CONFIG_NET]
154	Networking options --->
155	<*/M> Packet socket [CONFIG_PACKET]</literal></screen>
156
157	<para>
158	If built as a module, the name is <filename>af_packet.ko</filename>.
159	</para>
160
161	<indexterm zone="wireshark wireshark-kernel">
162	<primary sortas="d-Capturing-network-packets">
163	Capturing network packets
164	</primary>
165	</indexterm>
166
167	</sect2>
168
169	<sect2 role="installation">
170	<title>Installation of Wireshark</title>
171
172	<para>
173	<application>Wireshark</application> is a very large and complex
174	application. These instructions provide additional security measures to
175	ensure that only trusted users are allowed to view network traffic. First,
176	set up a system group for wireshark. As the <systemitem
177	class="username">root</systemitem> user:
178	</para>
179
180	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
181
182	<para>
183	Continue to install <application>Wireshark</application> by running
184	the following commands:
185	</para>
186
187	<screen><userinput>mkdir build &&
188	cd build &&
189
190	cmake -DCMAKE_INSTALL_PREFIX=/usr \
191	-DCMAKE_BUILD_TYPE=Release \
192	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
193	-G Ninja \
194	.. &&
195	ninja</userinput></screen>
196
197	<para>
198	This package does not come with a test suite.
199	</para>
200
201	<para>
202	Now, as the <systemitem class="username">root</systemitem> user:
203	</para>
204
205	<screen role="root"><userinput>ninja install &&
206
207	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
208	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
209	/usr/share/doc/wireshark-&wireshark-version; &&
210
211	pushd /usr/share/doc/wireshark-&wireshark-version; &&
212	for FILENAME in ../../wireshark/*.html; do
213	ln -s -v -f $FILENAME .
214	done &&
215	popd
216	unset FILENAME</userinput></screen>
217
218	<para>
219	If you downloaded any of the documentation files from the page
220	listed in the 'Additional Downloads', install them by issuing the
221	following commands as the <systemitem class="username">root</systemitem>
222	user:
223	</para>
224
225	<screen role="root"
226	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
227	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
228
229	<para>
230	Now, set ownership and permissions of sensitive applications to only
231	allow authorized users. As the <systemitem class="username">root
232	</systemitem> user:
233	</para>
234
235	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
236	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
237
238	<para>
239	Finally, add any users to the wireshark group (as <systemitem class=
240	"username">root</systemitem> user):
241	</para>
242
243	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
244
245	<para>
246	If you are installing wireshark for the first time, it will be necessary
247	to logout of your session and login again. This will put wireshark in your
248	groups, because otherwise Wireshark will not function properly.
249	</para>
250
251	</sect2>
252	<!--
253	<sect2 role="commands">
254	<title>Command Explanations</title>
255
256	<para>
257	<option>- -disable-wireshark</option>: Use this switch if you
258	have <application>Qt</application> installed but do not want to build
259	any of the GUIs.
260	</para>
261	</sect2>
262	-->
263
264	<sect2 role="configuration">
265	<title>Configuring Wireshark</title>
266
267	<sect3 id="wireshark-config">
268	<title>Config Files</title>
269
270	<para>
271	<filename>/etc/wireshark.conf</filename> and
272	<filename>~/.config/wireshark/*</filename> (unless there is already
273	<filename>~/.wireshark/*</filename> in the system)
274	</para>
275
276	<indexterm zone="wireshark wireshark-config">
277	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
278	</indexterm>
279
280	<indexterm zone="wireshark wireshark-config">
281	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
282	</indexterm>
283
284	</sect3>
285
286	<sect3>
287	<title>Configuration Information</title>
288
289	<para>
290	Though the default configuration parameters are very sane, reference
291	the configuration section of the <ulink url=
292	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
293	</ulink> for configuration information. Most of <application>Wireshark
294	</application>'s configuration can be accomplished
295	using the menu options of the <command>wireshark</command> graphical
296	interfaces.
297	</para>
298
299	<note>
300	<para>
301	If you want to look at packets, make sure you don't filter them
302	out with <xref linkend="iptables"/>. If you want to exclude certain
303	classes of packets, it is more efficient to do it with
304	<application>iptables</application> than it is with
305	<application>Wireshark</application>.
306	</para>
307	</note>
308
309	</sect3>
310
311	</sect2>
312
313	<sect2 role="content">
314	<title>Contents</title>
315
316	<segmentedlist>
317	<segtitle>Installed Programs</segtitle>
318	<segtitle>Installed Libraries</segtitle>
319	<segtitle>Installed Directories</segtitle>
320
321	<seglistitem>
322	<seg>
323	capinfos, captype, dumpcap, editcap, idl2wrs,
324	mergecap, randpkt, rawshark, reordercap, sharkd,
325	text2pcap, tshark, and wireshark
326	</seg>
327	<seg>
328	libwireshark.so, libwiretap.so,
329	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
330	</seg>
331	<seg>
332	/usr/{include,lib,share}/wireshark and
333	/usr/share/doc/wireshark-&wireshark-version;
334	</seg>
335	</seglistitem>
336	</segmentedlist>
337
338	<variablelist>
339	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
340	<?dbfo list-presentation="list"?>
341	<?dbhtml list-presentation="table"?>
342
343	<varlistentry id="capinfos">
344	<term><command>capinfos</command></term>
345	<listitem>
346	<para>
347	reads a saved capture file and returns any or all of several
348	statistics about that file. It is able to detect and read any
349	capture supported by the <application>Wireshark</application>
350	package
351	</para>
352	<indexterm zone="wireshark capinfos">
353	<primary sortas="b-capinfos">capinfos</primary>
354	</indexterm>
355	</listitem>
356	</varlistentry>
357
358	<varlistentry id="captype">
359	<term><command>captype</command></term>
360	<listitem>
361	<para>
362	prints the file types of capture files
363	</para>
364	<indexterm zone="wireshark captype">
365	<primary sortas="b-captype">captype</primary>
366	</indexterm>
367	</listitem>
368	</varlistentry>
369
370	<varlistentry id="dumpcap">
371	<term><command>dumpcap</command></term>
372	<listitem>
373	<para>
374	is a network traffic dump tool. It lets you capture packet data
375	from a live network and write the packets to a file
376	</para>
377	<indexterm zone="wireshark dumpcap">
378	<primary sortas="b-dumpcap">dumpcap</primary>
379	</indexterm>
380	</listitem>
381	</varlistentry>
382
383	<varlistentry id="editcap">
384	<term><command>editcap</command></term>
385	<listitem>
386	<para>
387	edits and/or translates the format of capture files. It knows
388	how to read <application>libpcap</application> capture files,
389	including those of <command>tcpdump</command>,
390	<application>Wireshark</application> and other tools that write
391	captures in that format
392	</para>
393	<indexterm zone="wireshark editcap">
394	<primary sortas="b-editcap">editcap</primary>
395	</indexterm>
396	</listitem>
397	</varlistentry>
398
399	<varlistentry id="idl2wrs">
400	<term><command>idl2wrs</command></term>
401	<listitem>
402	<para>
403	is a program that takes a user specified CORBA IDL file and
404	generates <quote>C</quote> source code for a
405	<application>Wireshark</application> <quote>plugin</quote>. It
406	relies on two Python programs <command>wireshark_be.py</command>
407	and <command>wireshark_gen.py</command>, which are not installed
408	by default. They have to be copied manually from the
409	<filename class="directory">tools</filename> directory to the
410	<filename class="directory">$PYTHONPATH/site-packages/</filename>
411	directory
412	</para>
413	<indexterm zone="wireshark idl2wrs">
414	<primary sortas="b-idl2wrs">idl2wrs</primary>
415	</indexterm>
416	</listitem>
417	</varlistentry>
418
419	<varlistentry id="mergecap">
420	<term><command>mergecap</command></term>
421	<listitem>
422	<para>
423	combines multiple saved capture files into a single output file
424	</para>
425	<indexterm zone="wireshark mergecap">
426	<primary sortas="b-mergecap">mergecap</primary>
427	</indexterm>
428	</listitem>
429	</varlistentry>
430
431	<varlistentry id="randpkt">
432	<term><command>randpkt</command></term>
433	<listitem>
434	<para>
435	creates random-packet capture files
436	</para>
437	<indexterm zone="wireshark randpkt">
438	<primary sortas="b-randpkt">randpkt</primary>
439	</indexterm>
440	</listitem>
441	</varlistentry>
442
443	<varlistentry id="rawshark">
444	<term><command>rawshark</command></term>
445	<listitem>
446	<para>
447	dumps and analyzes raw libpcap data
448	</para>
449	<indexterm zone="wireshark rawshark">
450	<primary sortas="b-rawshark">rawshark</primary>
451	</indexterm>
452	</listitem>
453	</varlistentry>
454
455	<varlistentry id="reordercap">
456	<term><command>reordercap</command></term>
457	<listitem>
458	<para>
459	reorders timestamps of input file frames into an output file
460	</para>
461	<indexterm zone="wireshark reordercap">
462	<primary sortas="b-reordercap">reordercap</primary>
463	</indexterm>
464	</listitem>
465	</varlistentry>
466
467	<varlistentry id="sharkd">
468	<term><command>sharkd</command></term>
469	<listitem>
470	<para>
471	is a daemon that listens on UNIX sockets
472	</para>
473	<indexterm zone="wireshark sharkd">
474	<primary sortas="b-sharkd">sharkd</primary>
475	</indexterm>
476	</listitem>
477	</varlistentry>
478
479	<varlistentry id="text2pcap">
480	<term><command>text2pcap</command></term>
481	<listitem>
482	<para>
483	reads in an ASCII hex dump and writes the data described into a
484	<application>libpcap</application>-style capture file
485	</para>
486	<indexterm zone="wireshark text2pcap">
487	<primary sortas="b-text2pcap">text2pcap</primary>
488	</indexterm>
489	</listitem>
490	</varlistentry>
491
492	<varlistentry id="tshark">
493	<term><command>tshark</command></term>
494	<listitem>
495	<para>
496	is a TTY-mode network protocol analyzer. It lets you capture
497	packet data from a live network or read packets from a
498	previously saved capture file
499	</para>
500	<indexterm zone="wireshark tshark">
501	<primary sortas="b-tshark">tshark</primary>
502	</indexterm>
503	</listitem>
504	</varlistentry>
505
506	<varlistentry id="wireshark-prog">
507	<term><command>wireshark</command></term>
508	<listitem>
509	<para>
510	is the Qt GUI network protocol analyzer. It lets you interactively
511	browse packet data from a live network or from a previously saved
512	capture file
513	</para>
514	<indexterm zone="wireshark wireshark-prog">
515	<primary sortas="b-wireshark">wireshark</primary>
516	</indexterm>
517	</listitem>
518	</varlistentry>
519	<!-- seems to have disappeared
520	<varlistentry id="wireshark-gtk-prog">
521	<term><command>wireshark-gtk</command></term>
522	<listitem>
523	<para>
524	is the Gtk+ GUI network protocol analyzer. It lets you interactively
525	browse packet data from a live network or from a previously saved
526	capture file (optional).
527	</para>
528	<indexterm zone="wireshark wireshark-gtk-prog">
529	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533	-->
534	<varlistentry id="libwireshark">
535	<term><filename class="libraryfile">libwireshark.so</filename></term>
536	<listitem>
537	<para>
538	contains functions used by the <application>Wireshark</application>
539	programs to perform filtering and packet capturing
540	</para>
541	<indexterm zone="wireshark libwireshark">
542	<primary sortas="c-libwireshark">libwireshark.so</primary>
543	</indexterm>
544	</listitem>
545	</varlistentry>
546
547	<varlistentry id="libwiretap">
548	<term><filename class="libraryfile">libwiretap.so</filename></term>
549	<listitem>
550	<para>
551	is a library being developed as a future replacement for
552	<filename class="libraryfile">libpcap</filename>, the current
553	standard Unix library for packet capturing. For more information,
554	see the <filename>README</filename> file in the source
555	<filename class="directory">wiretap</filename> directory
556	</para>
557	<indexterm zone="wireshark libwiretap">
558	<primary sortas="c-libwiretap">libwiretap.so</primary>
559	</indexterm>
560	</listitem>
561	</varlistentry>
562
563	</variablelist>
564
565	</sect2>
566
567	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: