source: networking/netutils/wireshark.xml@ c8a095c

10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since c8a095c was c8a095c, checked in by Ken Moffat <ken@…>, 9 months ago

Wireshark - for editors, note where their security advisories are, we have missed at least the items fixed in 3.4.0.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24169 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 19.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "7988932a5e3930fa6035b8f8b584f0d8">
10 <!ENTITY wireshark-size "31 MB">
11 <!ENTITY wireshark-buildsize "749 MB (with all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "2.4 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13]>
14
15<!-- Gentler reminder: many Wireshark releases contain vulnerability fixes,
16 we have not always been aware of these. At https://www.wireshark.org/security/
17 there is a list of advisories and the version in which they were fixed.
18
19 If you click on an advisory, after the bug number in the References:
20 there may be a CVE number, although perhaps those get added some time after
21 the release. Perhaps as a general rule treat ALL their advisories for crashes
22 etc as worthy of a security fix. -->
23
24<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25 <?dbhtml filename="wireshark.html"?>
26
27 <sect1info>
28 <othername>$LastChangedBy$</othername>
29 <date>$Date$</date>
30 </sect1info>
31
32 <title>Wireshark-&wireshark-version;</title>
33
34 <indexterm zone="wireshark">
35 <primary sortas="a-Wireshark">Wireshark</primary>
36 </indexterm>
37
38 <sect2 role="package">
39 <title>Introduction to Wireshark</title>
40
41 <para>
42 The <application>Wireshark</application> package contains a network
43 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
44 for analyzing data captured <quote>off the wire</quote> from a live
45 network connection, or data read from a capture file.
46 </para>
47
48 <para>
49 <application>Wireshark</application> provides both a graphical and a
50 TTY-mode front-end for examining captured network packets from over 500
51 protocols, as well as the capability to read capture files from many
52 other popular network analyzers.
53 </para>
54
55 &lfs10_checked;
56
57 <bridgehead renderas="sect3">Package Information</bridgehead>
58 <itemizedlist spacing="compact">
59 <listitem>
60 <para>
61 Download (HTTP): <ulink url="&wireshark-download-http;"/>
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Download (FTP): <ulink url="&wireshark-download-ftp;"/>
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Download MD5 sum: &wireshark-md5sum;
72 </para>
73 </listitem>
74 <listitem>
75 <para>
76 Download size: &wireshark-size;
77 </para>
78 </listitem>
79 <listitem>
80 <para>
81 Estimated disk space required: &wireshark-buildsize;
82 </para>
83 </listitem>
84 <listitem>
85 <para>
86 Estimated build time: &wireshark-time;
87 </para>
88 </listitem>
89 </itemizedlist>
90
91 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
92 <itemizedlist spacing="compact">
93 <listitem>
94 <para>
95 Additional Documentation:
96 <ulink url="https://www.wireshark.org/download/docs/"/>
97 (contains links to several different docs in a variety of formats)
98 </para>
99 </listitem>
100 </itemizedlist>
101
102 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
103
104 <bridgehead renderas="sect4">Required</bridgehead>
105 <para role="required">
106 <xref linkend="cmake"/>,
107 <xref linkend="glib2"/>,
108 <xref linkend="libgcrypt"/>, and
109 <xref linkend="qt5"/>
110 </para>
111
112 <bridgehead renderas="sect4">Recommended</bridgehead>
113 <para role="recommended">
114 <xref linkend="libpcap"/> (required to capture data)
115 </para>
116
117 <bridgehead renderas="sect4">Optional</bridgehead>
118 <para role="optional">
119 <xref linkend="brotli"/>,
120 <xref linkend="c-ares"/>,
121 <xref linkend="doxygen"/>,
122 <xref linkend="git"/>,
123 <xref linkend="gnutls"/>,
124 <xref linkend="libnl"/>,
125 <xref linkend="libxslt"/>,
126 <xref linkend="libxml2"/>,
127 <xref linkend="lua52"/>,
128 <xref linkend="mitkrb"/>,
129 <xref linkend="nghttp2"/>,
130 <xref linkend="sbc"/>,
131 <xref linkend="speex"/>,
132 <ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,
133 <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
134 <ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
135 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
136 <ulink url="https://www.libssh.org/">libssh</ulink>,
137 <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
138 <ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
139 <ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
140 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
141 </para>
142
143 <para condition="html" role="usernotes">
144 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
145 </para>
146
147 </sect2>
148
149 <sect2 role="kernel" id="wireshark-kernel">
150 <title>Kernel Configuration</title>
151
152 <para>
153 The kernel must have the Packet protocol enabled for <application>
154 Wireshark</application> to capture live packets from the network:
155 </para>
156
157<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
158 Networking options ---&gt;
159 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
160
161 <para>
162 If built as a module, the name is <filename>af_packet.ko</filename>.
163 </para>
164
165 <indexterm zone="wireshark wireshark-kernel">
166 <primary sortas="d-Capturing-network-packets">
167 Capturing network packets
168 </primary>
169 </indexterm>
170
171 </sect2>
172
173 <sect2 role="installation">
174 <title>Installation of Wireshark</title>
175
176 <para>
177 <application>Wireshark</application> is a very large and complex
178 application. These instructions provide additional security measures to
179 ensure that only trusted users are allowed to view network traffic. First,
180 set up a system group for wireshark. As the <systemitem
181 class="username">root</systemitem> user:
182 </para>
183
184<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
185
186 <para>
187 Continue to install <application>Wireshark</application> by running
188 the following commands:
189 </para>
190
191<screen><userinput>mkdir build &amp;&amp;
192cd build &amp;&amp;
193
194cmake -DCMAKE_INSTALL_PREFIX=/usr \
195 -DCMAKE_BUILD_TYPE=Release \
196 -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
197 -G Ninja \
198 .. &amp;&amp;
199ninja</userinput></screen>
200
201 <para>
202 This package does not come with a test suite.
203 </para>
204
205 <para>
206 Now, as the <systemitem class="username">root</systemitem> user:
207 </para>
208
209<screen role="root"><userinput>ninja install &amp;&amp;
210
211install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
212install -v -m644 ../README.linux ../doc/README.* ../doc/{*.pod,randpkt.txt} \
213 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
214
215pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
216 for FILENAME in ../../wireshark/*.html; do
217 ln -s -v -f $FILENAME .
218 done &amp;&amp;
219popd
220unset FILENAME</userinput></screen>
221
222 <para>
223 If you downloaded any of the documentation files from the page
224 listed in the 'Additional Downloads', install them by issuing the
225 following commands as the <systemitem class="username">root</systemitem>
226 user:
227 </para>
228
229<screen role="root"
230 remap="doc"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
231 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
232
233 <para>
234 Now, set ownership and permissions of sensitive applications to only
235 allow authorized users. As the <systemitem class="username">root
236 </systemitem> user:
237 </para>
238
239<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
240chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
241
242 <para>
243 Finally, add any users to the wireshark group (as <systemitem class=
244 "username">root</systemitem> user):
245 </para>
246
247 <screen role="root"><userinput>usermod -a -G wireshark <replaceable>&lt;username&gt;</replaceable></userinput></screen>
248
249 <para>
250 If you are installing wireshark for the first time, it will be necessary
251 to logout of your session and login again. This will put wireshark in your
252 groups, because otherwise Wireshark will not function properly.
253 </para>
254
255 </sect2>
256<!--
257 <sect2 role="commands">
258 <title>Command Explanations</title>
259
260 <para>
261 <option>- -disable-wireshark</option>: Use this switch if you
262 have <application>Qt</application> installed but do not want to build
263 any of the GUIs.
264 </para>
265 </sect2>
266-->
267
268 <sect2 role="configuration">
269 <title>Configuring Wireshark</title>
270
271 <sect3 id="wireshark-config">
272 <title>Config Files</title>
273
274 <para>
275 <filename>/etc/wireshark.conf</filename> and
276 <filename>~/.config/wireshark/*</filename> (unless there is already
277 <filename>~/.wireshark/*</filename> in the system)
278 </para>
279
280 <indexterm zone="wireshark wireshark-config">
281 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
282 </indexterm>
283
284 <indexterm zone="wireshark wireshark-config">
285 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
286 </indexterm>
287
288 </sect3>
289
290 <sect3>
291 <title>Configuration Information</title>
292
293 <para>
294 Though the default configuration parameters are very sane, reference
295 the configuration section of the <ulink url=
296 "http://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
297 </ulink> for configuration information. Most of <application>Wireshark
298 </application>'s configuration can be accomplished
299 using the menu options of the <command>wireshark</command> graphical
300 interfaces.
301 </para>
302
303 <note>
304 <para>
305 If you want to look at packets, make sure you don't filter them
306 out with <xref linkend="iptables"/>. If you want to exclude certain
307 classes of packets, it is more efficient to do it with
308 <application>iptables</application> than it is with
309 <application>Wireshark</application>.
310 </para>
311 </note>
312
313 </sect3>
314
315 </sect2>
316
317 <sect2 role="content">
318 <title>Contents</title>
319
320 <segmentedlist>
321 <segtitle>Installed Programs</segtitle>
322 <segtitle>Installed Libraries</segtitle>
323 <segtitle>Installed Directories</segtitle>
324
325 <seglistitem>
326 <seg>
327 capinfos, captype, dumpcap, editcap, idl2wrs,
328 mergecap, randpkt, rawshark, reordercap, sharkd,
329 text2pcap, tshark, and wireshark
330 </seg>
331 <seg>
332 libwireshark.so, libwiretap.so,
333 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
334 </seg>
335 <seg>
336 /usr/{include,lib,share}/wireshark and
337 /usr/share/doc/wireshark-&wireshark-version;
338 </seg>
339 </seglistitem>
340 </segmentedlist>
341
342 <variablelist>
343 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
344 <?dbfo list-presentation="list"?>
345 <?dbhtml list-presentation="table"?>
346
347 <varlistentry id="capinfos">
348 <term><command>capinfos</command></term>
349 <listitem>
350 <para>
351 reads a saved capture file and returns any or all of several
352 statistics about that file. It is able to detect and read any
353 capture supported by the <application>Wireshark</application>
354 package.
355 </para>
356 <indexterm zone="wireshark capinfos">
357 <primary sortas="b-capinfos">capinfos</primary>
358 </indexterm>
359 </listitem>
360 </varlistentry>
361
362 <varlistentry id="captype">
363 <term><command>captype</command></term>
364 <listitem>
365 <para>
366 prints the file types of capture files.
367 </para>
368 <indexterm zone="wireshark captype">
369 <primary sortas="b-captype">captype</primary>
370 </indexterm>
371 </listitem>
372 </varlistentry>
373
374 <varlistentry id="dumpcap">
375 <term><command>dumpcap</command></term>
376 <listitem>
377 <para>
378 is a network traffic dump tool. It lets you capture packet data
379 from a live network and write the packets to a file.
380 </para>
381 <indexterm zone="wireshark dumpcap">
382 <primary sortas="b-dumpcap">dumpcap</primary>
383 </indexterm>
384 </listitem>
385 </varlistentry>
386
387 <varlistentry id="editcap">
388 <term><command>editcap</command></term>
389 <listitem>
390 <para>
391 edits and/or translates the format of capture files. It knows
392 how to read <application>libpcap</application> capture files,
393 including those of <command>tcpdump</command>,
394 <application>Wireshark</application> and other tools that write
395 captures in that format.
396 </para>
397 <indexterm zone="wireshark editcap">
398 <primary sortas="b-editcap">editcap</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 <varlistentry id="idl2wrs">
404 <term><command>idl2wrs</command></term>
405 <listitem>
406 <para>
407 is a program that takes a user specified CORBA IDL file and
408 generates <quote>C</quote> source code for a
409 <application>Wireshark</application> <quote>plugin</quote>. It
410 relies on two Python programs <command>wireshark_be.py</command>
411 and <command>wireshark_gen.py</command>, which are not installed
412 by default. They have to be copied manually from the <filename
413 class="directory">tools</filename> directory to the <filename
414 class="directory">$PYTHONPATH/site-packages/</filename> directory.
415 </para>
416 <indexterm zone="wireshark idl2wrs">
417 <primary sortas="b-idl2wrs">idl2wrs</primary>
418 </indexterm>
419 </listitem>
420 </varlistentry>
421
422 <varlistentry id="mergecap">
423 <term><command>mergecap</command></term>
424 <listitem>
425 <para>
426 combines multiple saved capture files into a single output file.
427 </para>
428 <indexterm zone="wireshark mergecap">
429 <primary sortas="b-mergecap">mergecap</primary>
430 </indexterm>
431 </listitem>
432 </varlistentry>
433
434 <varlistentry id="randpkt">
435 <term><command>randpkt</command></term>
436 <listitem>
437 <para>
438 creates random-packet capture files.
439 </para>
440 <indexterm zone="wireshark randpkt">
441 <primary sortas="b-randpkt">randpkt</primary>
442 </indexterm>
443 </listitem>
444 </varlistentry>
445
446 <varlistentry id="rawshark">
447 <term><command>rawshark</command></term>
448 <listitem>
449 <para>
450 dumps and analyzes raw libpcap data.
451 </para>
452 <indexterm zone="wireshark rawshark">
453 <primary sortas="b-rawshark">rawshark</primary>
454 </indexterm>
455 </listitem>
456 </varlistentry>
457
458 <varlistentry id="reordercap">
459 <term><command>reordercap</command></term>
460 <listitem>
461 <para>
462 reorders timestamps of input file frames into an output file.
463 </para>
464 <indexterm zone="wireshark reordercap">
465 <primary sortas="b-reordercap">reordercap</primary>
466 </indexterm>
467 </listitem>
468 </varlistentry>
469
470 <varlistentry id="sharkd">
471 <term><command>sharkd</command></term>
472 <listitem>
473 <para>
474 is a daemon that listens on UNIX sockets.
475 </para>
476 <indexterm zone="wireshark sharkd">
477 <primary sortas="b-sharkd">sharkd</primary>
478 </indexterm>
479 </listitem>
480 </varlistentry>
481
482 <varlistentry id="text2pcap">
483 <term><command>text2pcap</command></term>
484 <listitem>
485 <para>
486 reads in an ASCII hex dump and writes the data described into a
487 <application>libpcap</application>-style capture file.
488 </para>
489 <indexterm zone="wireshark text2pcap">
490 <primary sortas="b-text2pcap">text2pcap</primary>
491 </indexterm>
492 </listitem>
493 </varlistentry>
494
495 <varlistentry id="tshark">
496 <term><command>tshark</command></term>
497 <listitem>
498 <para>
499 is a TTY-mode network protocol analyzer. It lets you capture
500 packet data from a live network or read packets from a
501 previously saved capture file.
502 </para>
503 <indexterm zone="wireshark tshark">
504 <primary sortas="b-tshark">tshark</primary>
505 </indexterm>
506 </listitem>
507 </varlistentry>
508
509 <varlistentry id="wireshark-prog">
510 <term><command>wireshark</command></term>
511 <listitem>
512 <para>
513 is the Qt GUI network protocol analyzer. It lets you interactively
514 browse packet data from a live network or from a previously saved
515 capture file.
516 </para>
517 <indexterm zone="wireshark wireshark-prog">
518 <primary sortas="b-wireshark">wireshark</primary>
519 </indexterm>
520 </listitem>
521 </varlistentry>
522<!-- seems to have disappeared
523 <varlistentry id="wireshark-gtk-prog">
524 <term><command>wireshark-gtk</command></term>
525 <listitem>
526 <para>
527 is the Gtk+ GUI network protocol analyzer. It lets you interactively
528 browse packet data from a live network or from a previously saved
529 capture file (optional).
530 </para>
531 <indexterm zone="wireshark wireshark-gtk-prog">
532 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
533 </indexterm>
534 </listitem>
535 </varlistentry>
536-->
537 <varlistentry id="libwireshark">
538 <term><filename class='libraryfile'>libwireshark.so</filename></term>
539 <listitem>
540 <para>
541 contains functions used by the <application>Wireshark</application>
542 programs to perform filtering and packet capturing.
543 </para>
544 <indexterm zone="wireshark libwireshark">
545 <primary sortas="c-libwireshark">libwireshark.so</primary>
546 </indexterm>
547 </listitem>
548 </varlistentry>
549
550 <varlistentry id="libwiretap">
551 <term><filename class='libraryfile'>libwiretap.so</filename></term>
552 <listitem>
553 <para>
554 is a library being developed as a future replacement for
555 <filename class='libraryfile'>libpcap</filename>, the current
556 standard Unix library for packet capturing. For more information,
557 see the <filename>README</filename> file in the source
558 <filename class='directory'>wiretap</filename> directory.
559 </para>
560 <indexterm zone="wireshark libwiretap">
561 <primary sortas="c-libwiretap">libwiretap.so</primary>
562 </indexterm>
563 </listitem>
564 </varlistentry>
565
566 </variablelist>
567
568 </sect2>
569
570</sect1>
Note: See TracBrowser for help on using the repository browser.