Context Navigation

wireshark.xml@ c5f47602

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since c5f47602 was 3bb415b, checked in by Pierre Labastie <pieere@…>, 7 years ago

wireshark-2.4.0
xfsprogs-4.12.0
icedtea-web-1.7
openjdk-1.8.0.141
reiserfsprogs-3.6.27
upower-0.99.5
cups-filters-1.16.0
gptfdisk-1.0.3
boost-1.64.0
libreoffice-5.4.0.3

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@18973 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 18.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "655106f8cf3bb8f521336d3a8ab5b10b">
10	<!ENTITY wireshark-size "27 MB">
11	<!ENTITY wireshark-buildsize "1.9 GB (with default GUI front-end, and all optional dependencies available in the BLFS book)">
12	<!ENTITY wireshark-time "10.3 SBU (with default GUI front-end and all optional dependencies available in the BLFS book)">
13	]>
14
15	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16	<?dbhtml filename="wireshark.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>Wireshark-&wireshark-version;</title>
24
25	<indexterm zone="wireshark">
26	<primary sortas="a-Wireshark">Wireshark</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to Wireshark</title>
31
32	<para>
33	The <application>Wireshark</application> package contains a network
34	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35	for analyzing data captured <quote>off the wire</quote> from a live
36	network connection, or data read from a capture file.
37	</para>
38
39	<para>
40	<application>Wireshark</application> provides both a graphical and a
41	TTY-mode front-end for examining captured network packets from over 500
42	protocols, as well as the capability to read capture files from many
43	other popular network analyzers.
44	</para>
45
46	&lfs80_checked;
47	&gcc7_checked;
48
49	<bridgehead renderas="sect3">Package Information</bridgehead>
50	<itemizedlist spacing="compact">
51	<listitem>
52	<para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
53	</listitem>
54	<listitem>
55	<para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
56	</listitem>
57	<listitem>
58	<para>Download MD5 sum: &wireshark-md5sum;</para>
59	</listitem>
60	<listitem>
61	<para>Download size: &wireshark-size;</para>
62	</listitem>
63	<listitem>
64	<para>Estimated disk space required: &wireshark-buildsize;</para>
65	</listitem>
66	<listitem>
67	<para>Estimated build time: &wireshark-time;</para>
68	</listitem>
69	</itemizedlist>
70
71	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
72	<itemizedlist spacing="compact">
73	<listitem>
74	<para>
75	Optional patch:
76	<ulink url=
77	"&patch-root;/wireshark-&wireshark-version;-lua_5_3-1.patch"/>
78	(allows building the LUA bindings if <xref linkend="lua"/> is
79	installed and LUA is not disabled by passing <option>--without-lua
80	</option> to <command>configure</command>)
81	</para>
82	</listitem>
83	<listitem>
84	<para>
85	Additional Documentation:
86	<ulink url="https://www.wireshark.org/download/docs/"/>
87	(contains links to several different docs in a variety of formats)
88	</para>
89	</listitem>
90	</itemizedlist>
91
92	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
93
94	<bridgehead renderas="sect4">Required</bridgehead>
95	<para role="required">
96	<xref linkend="glib2"/> and
97	<xref linkend="libgcrypt"/>
98	</para>
99
100	<bridgehead renderas="sect4">Recommended</bridgehead>
101	<para role="recommended">
102	<xref linkend="libpcap"/> (required to capture data), and
103	<xref linkend="qt5"/> (for the <application>Qt5</application> GUI)
104	</para>
105
106	<bridgehead renderas="sect4">Optional</bridgehead>
107	<para role="optional">
108	<xref linkend="c-ares"/>,
109	<xref linkend="gnutls"/>,
110	<xref linkend="gtk3"/> or <xref linkend="gtk2"/> (for the legacy GTK GUI),
111	<xref linkend="libnl"/>,
112	<xref linkend="lua"/>,
113	<xref linkend="mitkrb"/>,
114	<xref linkend="nghttp2"/>,
115	<xref linkend="openssl"/>,
116	<xref linkend="sbc"/>,
117	<ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
118	<ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
119	<ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>,
120	<ulink url="https://www.libssh.org/">libssh</ulink>,
121	<ulink url="http://www.portaudio.com/">PortAudio</ulink>
122	(for GTK+ RTP player),
123	<ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
124	<ulink url="https://www.soft-switch.org/">Spandsp</ulink>
125	</para>
126
127	<note>
128	<para>
129	The Qt GUI front-end is built by default, if <xref linkend="qt5"/> is
130	found. If you want to build the GTK+ GUI front-end, some configure
131	switches have to be set (see <quote>Command Explanations</quote>).
132	</para>
133	</note>
134
135	<para condition="html" role="usernotes">
136	User Notes: <ulink url="&blfs-wiki;/wireshark"/>
137	</para>
138
139	</sect2>
140
141	<sect2 role="kernel" id="wireshark-kernel">
142	<title>Kernel Configuration</title>
143
144	<para>
145	The kernel must have the Packet protocol enabled for <application>
146	Wireshark</application> to capture live packets from the network:
147	</para>
148
149	<screen><literal>[*] Networking support ---> [CONFIG_NET]
150	Networking options --->
151	<*/M> Packet socket [CONFIG_PACKET]</literal></screen>
152
153	<para>
154	If built as a module, the name is <filename>af_packet.ko</filename>.
155	</para>
156
157	<indexterm zone="wireshark wireshark-kernel">
158	<primary sortas="d-Capturing-network-packets">
159	Capturing network packets
160	</primary>
161	</indexterm>
162
163	</sect2>
164
165	<sect2 role="installation">
166	<title>Installation of Wireshark</title>
167
168	<para>
169	<application>Wireshark</application> is a very large and complex
170	application. These instructions provide additional security measures to
171	ensure that only trusted users are allowed to view network traffic. First,
172	set up a system group for wireshark. As the <systemitem
173	class="username">root</systemitem> user:
174	</para>
175
176	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
177
178	<para>
179	Continue to install <application>Wireshark</application> by running
180	the following commands:
181	</para>
182
183	<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-lua_5_3-1.patch &&
184
185	./configure --prefix=/usr --sysconfdir=/etc &&
186	make</userinput></screen>
187
188	<para>
189	This package does not come with a test suite.
190	</para>
191
192	<para>
193	Now, as the <systemitem class="username">root</systemitem> user:
194	</para>
195
196	<screen role="root"><userinput>make install &&
197
198	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
199	install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
200	/usr/share/doc/wireshark-&wireshark-version; &&
201
202	pushd /usr/share/doc/wireshark-&wireshark-version; &&
203	for FILENAME in ../../wireshark/*.html; do
204	ln -s -v -f $FILENAME .
205	done &&
206	popd
207	unset FILENAME</userinput></screen>
208
209	<para>
210	If you downloaded any of the documentation files from the page
211	listed in the 'Additional Downloads', install them by issuing the
212	following commands as the <systemitem class="username">root</systemitem>
213	user:
214	</para>
215
216	<screen role="root"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
217	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
218
219	<para>
220	Now, set ownership and permissions of sensitive applications to only
221	allow authorized users. As the <systemitem class="username">root
222	</systemitem> user:
223	</para>
224
225	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
226	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
227
228	<para>
229	Finally, add any users to the wireshark group (as <systemitem class=
230	"username">root</systemitem> user):
231	</para>
232
233	<screen role="root"><userinput>usermod -a -G wireshark <username></userinput></screen>
234
235	<para>
236	If you are installing wireshark for the first time, it will be necessary
237	to leave the session and login again, thus you will now have wireshark
238	between your groups, otherwise, it will not run properly.
239	</para>
240
241	</sect2>
242
243	<sect2 role="commands">
244	<title>Command Explanations</title>
245
246	<para>
247	<option>--with-gtk=[yes/no/2/3]</option>: For the Gtk+ GUI. Default is no.
248	If both Gtk+2 and 3 are installed, and <quote>yes</quote> is selected,
249	default is 3. Obviously, <xref linkend="gtk2"/> or <xref linkend="gtk3"/>
250	must have been built for this to work.
251	</para>
252
253	<para>
254	<option>--with-qt=[yes/no/4/5]</option>: For the Qt GUI. Default is yes,
255	if <xref linkend="qt5"/> is found on the system.
256	</para>
257
258	<para>
259	<option>--disable-wireshark</option>: Use this switch if you
260	have <application>Qt</application> installed but do not want to build
261	any of the GUIs.
262	</para>
263
264	</sect2>
265
266	<sect2 role="configuration">
267	<title>Configuring Wireshark</title>
268
269	<sect3 id="wireshark-config">
270	<title>Config Files</title>
271
272	<para><filename>/etc/wireshark.conf</filename> and
273	<filename>~/.config/wireshark/*</filename> (unless there is already
274	<filename>~/.wireshark/*</filename> in the system)</para>
275
276	<indexterm zone="wireshark wireshark-config">
277	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
278	</indexterm>
279
280	<indexterm zone="wireshark wireshark-config">
281	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
282	</indexterm>
283
284	</sect3>
285
286	<sect3>
287	<title>Configuration Information</title>
288
289	<para>Though the default configuration parameters are very sane, reference
290	the configuration section of the <ulink
291	url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
292	Guide</ulink> for configuration information. Most of
293	<application>Wireshark</application>'s configuration can be accomplished
294	using the menu options of the <command>wireshark</command> graphical
295	interfaces.</para>
296
297	<note>
298	<para>If you want to look at packets, make sure you don't filter them
299	out with <xref linkend="iptables"/>. If you want to exclude certain
300	classes of packets, it is more efficient to do it with
301	<application>iptables</application> than it is with
302	<application>Wireshark</application>.</para>
303	</note>
304
305	</sect3>
306
307	</sect2>
308
309	<sect2 role="content">
310	<title>Contents</title>
311
312	<segmentedlist>
313	<segtitle>Installed Programs</segtitle>
314	<segtitle>Installed Libraries</segtitle>
315	<segtitle>Installed Directories</segtitle>
316
317	<seglistitem>
318	<seg>
319	capinfos, captype, dftest, dumpcap, editcap, idl2wrs,
320	mergecap, randpkt, rawshark, reordercap, sharkd,
321	text2pcap, tshark, wireshark, and wireshark-gtk (optional)
322	</seg>
323	<seg>
324	libwireshark.so, libwiretap.so, libwscodecs.so (optional),
325	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
326	</seg>
327	<seg>
328	/usr/{lib,share}/wireshark and
329	/usr/share/doc/wireshark-&wireshark-version;
330	</seg>
331	</seglistitem>
332	</segmentedlist>
333
334	<variablelist>
335	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
336	<?dbfo list-presentation="list"?>
337	<?dbhtml list-presentation="table"?>
338
339	<varlistentry id="capinfos">
340	<term><command>capinfos</command></term>
341	<listitem>
342	<para>reads a saved capture file and returns any or all of several
343	statistics about that file. It is able to detect and read any capture
344	supported by the <application>Wireshark</application> package.</para>
345	<indexterm zone="wireshark capinfos">
346	<primary sortas="b-capinfos">capinfos</primary>
347	</indexterm>
348	</listitem>
349	</varlistentry>
350
351	<varlistentry id="captype">
352	<term><command>captype</command></term>
353	<listitem>
354	<para>prints the file types of capture files.</para>
355	<indexterm zone="wireshark captype">
356	<primary sortas="b-captype">captype</primary>
357	</indexterm>
358	</listitem>
359	</varlistentry>
360
361	<varlistentry id="dftest">
362	<term><command>dftest</command></term>
363	<listitem>
364	<para>is a display-filter-compiler test program.</para>
365	<indexterm zone="wireshark dftest">
366	<primary sortas="b-dftest">dftest</primary>
367	</indexterm>
368	</listitem>
369	</varlistentry>
370
371	<varlistentry id="dumpcap">
372	<term><command>dumpcap</command></term>
373	<listitem>
374	<para>is a network traffic dump tool. It lets you capture packet data
375	from a live network and write the packets to a file.</para>
376	<indexterm zone="wireshark dumpcap">
377	<primary sortas="b-dumpcap">dumpcap</primary>
378	</indexterm>
379	</listitem>
380	</varlistentry>
381
382	<varlistentry id="editcap">
383	<term><command>editcap</command></term>
384	<listitem>
385	<para>edits and/or translates the format of capture files. It knows
386	how to read <application>libpcap</application> capture files,
387	including those of <command>tcpdump</command>,
388	<application>Wireshark</application> and other tools that write
389	captures in that format.</para>
390	<indexterm zone="wireshark editcap">
391	<primary sortas="b-editcap">editcap</primary>
392	</indexterm>
393	</listitem>
394	</varlistentry>
395
396	<varlistentry id="mergecap">
397	<term><command>mergecap</command></term>
398	<listitem>
399	<para>combines multiple saved capture files into a single output
400	file.</para>
401	<indexterm zone="wireshark mergecap">
402	<primary sortas="b-mergecap">mergecap</primary>
403	</indexterm>
404	</listitem>
405	</varlistentry>
406
407	<varlistentry id="randpkt">
408	<term><command>randpkt</command></term>
409	<listitem>
410	<para>creates random-packet capture files.</para>
411	<indexterm zone="wireshark randpkt">
412	<primary sortas="b-randpkt">randpkt</primary>
413	</indexterm>
414	</listitem>
415	</varlistentry>
416
417	<varlistentry id="rawshark">
418	<term><command>rawshark</command></term>
419	<listitem>
420	<para>dump and analyze raw libpcap data.</para>
421	<indexterm zone="wireshark rawshark">
422	<primary sortas="b-rawshark">rawshark</primary>
423	</indexterm>
424	</listitem>
425	</varlistentry>
426
427	<varlistentry id="reordercap">
428	<term><command>reordercap</command></term>
429	<listitem>
430	<para>reorder timestamps of input file frames into output file.</para>
431	<indexterm zone="wireshark reordercap">
432	<primary sortas="b-reordercap">reordercap</primary>
433	</indexterm>
434	</listitem>
435	</varlistentry>
436
437	<varlistentry id="sharkd">
438	<term><command>sharkd</command></term>
439	<listitem>
440	<para>is a daemon that listens on UNIX sockets.</para>
441	<indexterm zone="wireshark sharkd">
442	<primary sortas="b-sharkd">sharkd</primary>
443	</indexterm>
444	</listitem>
445	</varlistentry>
446
447	<varlistentry id="text2pcap">
448	<term><command>text2pcap</command></term>
449	<listitem>
450	<para>reads in an ASCII hex dump and writes the
451	data described into a <application>libpcap</application>-style
452	capture file.</para>
453	<indexterm zone="wireshark text2pcap">
454	<primary sortas="b-text2pcap">text2pcap</primary>
455	</indexterm>
456	</listitem>
457	</varlistentry>
458
459	<varlistentry id="tshark">
460	<term><command>tshark</command></term>
461	<listitem>
462	<para>is a TTY-mode network protocol analyzer. It lets you capture
463	packet data from a live network or read packets from a
464	previously saved capture file.</para>
465	<indexterm zone="wireshark tshark">
466	<primary sortas="b-tshark">tshark</primary>
467	</indexterm>
468	</listitem>
469	</varlistentry>
470
471	<varlistentry id="wireshark-prog">
472	<term><command>wireshark</command></term>
473	<listitem>
474	<para>
475	is the Qt GUI network protocol analyzer. It lets you interactively
476	browse packet data from a live network or from a previously saved
477	capture file.
478	</para>
479	<indexterm zone="wireshark wireshark-prog">
480	<primary sortas="b-wireshark">wireshark</primary>
481	</indexterm>
482	</listitem>
483	</varlistentry>
484
485	<varlistentry id="wireshark-gtk-prog">
486	<term><command>wireshark-gtk</command></term>
487	<listitem>
488	<para>
489	is the Gtk+ GUI network protocol analyzer. It lets you interactively
490	browse packet data from a live network or from a previously saved
491	capture file.
492	</para>
493	<indexterm zone="wireshark wireshark-gtk-prog">
494	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
495	</indexterm>
496	</listitem>
497	</varlistentry>
498
499	<varlistentry id="libwireshark">
500	<term><filename class='libraryfile'>libwireshark.so</filename></term>
501	<listitem>
502	<para>contains functions used by the
503	<application>Wireshark</application> programs to perform filtering and
504	packet capturing.</para>
505	<indexterm zone="wireshark libwireshark">
506	<primary sortas="c-libwireshark">libwireshark.so</primary>
507	</indexterm>
508	</listitem>
509	</varlistentry>
510
511	<varlistentry id="libwiretap">
512	<term><filename class='libraryfile'>libwiretap.so</filename></term>
513	<listitem>
514	<para>is a library being developed as a future replacement for
515	<filename class='libraryfile'>libpcap</filename>, the current
516	standard Unix library for packet capturing. For more information,
517	see the <filename>README</filename> file in the source
518	<filename class='directory'>wiretap</filename> directory.</para>
519	<indexterm zone="wireshark libwiretap">
520	<primary sortas="c-libwiretap">libwiretap.so</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524
525	</variablelist>
526
527	</sect2>
528
529	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark.xml@ c5f47602

Download in other formats: