source: networking/netutils/wireshark.xml@ d671407

11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal
Last change on this file since d671407 was d671407, checked in by Bruce Dubbs <bdubbs@…>, 19 months ago

Update to wireshark-4.0.2.

  • Property mode set to 100644
File size: 19.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8 <!ENTITY wireshark-download-ftp " ">
9 <!ENTITY wireshark-md5sum "60eb89ab41cd2dbfcefed7efeccec9e3">
10 <!ENTITY wireshark-size "39 MB">
11 <!ENTITY wireshark-buildsize "684 MB (with all optional dependencies available in the BLFS book)">
12 <!ENTITY wireshark-time "2.2 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13]>
14
15<!-- Gentler reminder: many Wireshark releases contain vulnerability fixes,
16 we have not always been aware of these. At https://www.wireshark.org/security/
17 there is a list of advisories and the version in which they were fixed.
18
19 If you click on an advisory, after the bug number in the References:
20 there may be a CVE number, although perhaps those get added some time after
21 the release. Perhaps as a general rule treat ALL their advisories for crashes
22 etc as worthy of a security fix. -->
23
24<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25 <?dbhtml filename="wireshark.html"?>
26
27
28 <title>Wireshark-&wireshark-version;</title>
29
30 <indexterm zone="wireshark">
31 <primary sortas="a-Wireshark">Wireshark</primary>
32 </indexterm>
33
34 <sect2 role="package">
35 <title>Introduction to Wireshark</title>
36
37 <para>
38 The <application>Wireshark</application> package contains a network
39 protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40 for analyzing data captured <quote>off the wire</quote> from a live
41 network connection, or data read from a capture file.
42 </para>
43
44 <para>
45 <application>Wireshark</application> provides both a graphical and a
46 TTY-mode front-end for examining captured network packets from over 500
47 protocols, as well as the capability to read capture files from many
48 other popular network analyzers.
49 </para>
50
51 &lfs112_checked;
52
53 <bridgehead renderas="sect3">Package Information</bridgehead>
54 <itemizedlist spacing="compact">
55 <listitem>
56 <para>
57 Download (HTTP): <ulink url="&wireshark-download-http;"/>
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Download MD5 sum: &wireshark-md5sum;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Download size: &wireshark-size;
73 </para>
74 </listitem>
75 <listitem>
76 <para>
77 Estimated disk space required: &wireshark-buildsize;
78 </para>
79 </listitem>
80 <listitem>
81 <para>
82 Estimated build time: &wireshark-time;
83 </para>
84 </listitem>
85 </itemizedlist>
86
87 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
88 <itemizedlist spacing="compact">
89 <listitem>
90 <para>
91 Additional Documentation:
92 <ulink url="https://www.wireshark.org/download/docs/"/>
93 (contains links to several different docs in a variety of formats)
94 </para>
95 </listitem>
96 </itemizedlist>
97
98 <bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
99
100 <bridgehead renderas="sect4">Required</bridgehead>
101 <para role="required">
102 <xref linkend="cmake"/>,
103 <xref linkend="glib2"/>,
104 <xref linkend="libgcrypt"/>, and
105 <xref linkend="qt5"/>
106 </para>
107
108 <bridgehead renderas="sect4">Recommended</bridgehead>
109 <para role="recommended">
110 <xref linkend="libpcap"/> (required to capture data)
111 </para>
112
113 <bridgehead renderas="sect4">Optional</bridgehead>
114 <para role="optional">
115 <xref linkend="asciidoctor"/>,
116 <xref linkend="brotli"/>,
117 <xref linkend="c-ares"/>,
118 <xref linkend="doxygen"/>,
119 <xref linkend="git"/>,
120 <xref linkend="gnutls"/>,
121 <xref linkend="libnl"/>,
122 <xref linkend="libxslt"/>,
123 <xref linkend="libxml2"/>,
124 <xref linkend="lua52"/>,
125 <xref linkend="mitkrb"/>,
126 <xref linkend="nghttp2"/>,
127 <xref linkend="sbc"/>,
128 <xref linkend="speex"/>,
129 <!--<ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,-->
130 <ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
131 <ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
132 <ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
133 <ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
134 <ulink url="https://www.libssh.org/">libssh</ulink>,
135 <ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
136 <ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
137 <ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
138 <ulink url="https://www.soft-switch.org/">Spandsp</ulink>
139 </para>
140
141 <para condition="html" role="usernotes">
142 User Notes: <ulink url="&blfs-wiki;/wireshark"/>
143 </para>
144
145 </sect2>
146
147 <sect2 role="kernel" id="wireshark-kernel">
148 <title>Kernel Configuration</title>
149
150 <para>
151 The kernel must have the Packet protocol enabled for <application>
152 Wireshark</application> to capture live packets from the network:
153 </para>
154
155<screen><literal>[*] Networking support ---&gt; [CONFIG_NET]
156 Networking options ---&gt;
157 &lt;*/M&gt; Packet socket [CONFIG_PACKET]</literal></screen>
158
159 <para>
160 If built as a module, the name is <filename>af_packet.ko</filename>.
161 </para>
162
163 <indexterm zone="wireshark wireshark-kernel">
164 <primary sortas="d-Capturing-network-packets">
165 Capturing network packets
166 </primary>
167 </indexterm>
168
169 </sect2>
170
171 <sect2 role="installation">
172 <title>Installation of Wireshark</title>
173
174 <para>
175 <application>Wireshark</application> is a very large and complex
176 application. These instructions provide additional security measures to
177 ensure that only trusted users are allowed to view network traffic. First,
178 set up a system group for wireshark. As the <systemitem
179 class="username">root</systemitem> user:
180 </para>
181
182<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
183
184 <para>
185 Continue to install <application>Wireshark</application> by running
186 the following commands:
187 </para>
188
189<screen><userinput>mkdir build &amp;&amp;
190cd build &amp;&amp;
191
192cmake -DCMAKE_INSTALL_PREFIX=/usr \
193 -DCMAKE_BUILD_TYPE=Release \
194 -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
195 -G Ninja \
196 .. &amp;&amp;
197ninja</userinput></screen>
198
199 <para>
200 This package does not come with a test suite.
201 </para>
202
203 <para>
204 Now, as the <systemitem class="username">root</systemitem> user:
205 </para>
206
207<screen role="root"><userinput>ninja install &amp;&amp;
208
209install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
210install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
211 /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
212
213pushd /usr/share/doc/wireshark-&wireshark-version; &amp;&amp;
214 for FILENAME in ../../wireshark/*.html; do
215 ln -s -v -f $FILENAME .
216 done &amp;&amp;
217popd
218unset FILENAME</userinput></screen>
219
220 <para>
221 If you downloaded any of the documentation files from the page
222 listed in the 'Additional Downloads', install them by issuing the
223 following commands as the <systemitem class="username">root</systemitem>
224 user:
225 </para>
226
227<screen role="root"
228 remap="doc"><userinput>install -v -m644 <replaceable>&lt;Downloaded_Files&gt;</replaceable> \
229 /usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
230
231 <para>
232 Now, set ownership and permissions of sensitive applications to only
233 allow authorized users. As the <systemitem class="username">root
234 </systemitem> user:
235 </para>
236
237<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &amp;&amp;
238chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
239
240 <para>
241 Finally, add any users to the wireshark group (as <systemitem class=
242 "username">root</systemitem> user):
243 </para>
244
245 <screen role="root"><userinput>usermod -a -G wireshark <replaceable>&lt;username&gt;</replaceable></userinput></screen>
246
247 <para>
248 If you are installing wireshark for the first time, it will be necessary
249 to logout of your session and login again. This will put wireshark in your
250 groups, because otherwise Wireshark will not function properly.
251 </para>
252
253 </sect2>
254<!--
255 <sect2 role="commands">
256 <title>Command Explanations</title>
257
258 <para>
259 <option>- -disable-wireshark</option>: Use this switch if you
260 have <application>Qt</application> installed but do not want to build
261 any of the GUIs.
262 </para>
263 </sect2>
264-->
265
266 <sect2 role="configuration">
267 <title>Configuring Wireshark</title>
268
269 <sect3 id="wireshark-config">
270 <title>Config Files</title>
271
272 <para>
273 <filename>/etc/wireshark.conf</filename> and
274 <filename>~/.config/wireshark/*</filename> (unless there is already
275 <filename>~/.wireshark/*</filename> in the system)
276 </para>
277
278 <indexterm zone="wireshark wireshark-config">
279 <primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
280 </indexterm>
281
282 <indexterm zone="wireshark wireshark-config">
283 <primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
284 </indexterm>
285
286 </sect3>
287
288 <sect3>
289 <title>Configuration Information</title>
290
291 <para>
292 Though the default configuration parameters are very sane, reference
293 the configuration section of the <ulink url=
294 "https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
295 </ulink> for configuration information. Most of <application>Wireshark
296 </application>'s configuration can be accomplished
297 using the menu options of the <command>wireshark</command> graphical
298 interfaces.
299 </para>
300
301 <note>
302 <para>
303 If you want to look at packets, make sure you don't filter them
304 out with <xref linkend="iptables"/>. If you want to exclude certain
305 classes of packets, it is more efficient to do it with
306 <application>iptables</application> than it is with
307 <application>Wireshark</application>.
308 </para>
309 </note>
310
311 </sect3>
312
313 </sect2>
314
315 <sect2 role="content">
316 <title>Contents</title>
317
318 <segmentedlist>
319 <segtitle>Installed Programs</segtitle>
320 <segtitle>Installed Libraries</segtitle>
321 <segtitle>Installed Directories</segtitle>
322
323 <seglistitem>
324 <seg>
325 capinfos, captype, dumpcap, editcap, idl2wrs,
326 mergecap, randpkt, rawshark, reordercap, sharkd,
327 text2pcap, tshark, and wireshark
328 </seg>
329 <seg>
330 libwireshark.so, libwiretap.so,
331 libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
332 </seg>
333 <seg>
334 /usr/{include,lib,share}/wireshark and
335 /usr/share/doc/wireshark-&wireshark-version;
336 </seg>
337 </seglistitem>
338 </segmentedlist>
339
340 <variablelist>
341 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
342 <?dbfo list-presentation="list"?>
343 <?dbhtml list-presentation="table"?>
344
345 <varlistentry id="capinfos">
346 <term><command>capinfos</command></term>
347 <listitem>
348 <para>
349 reads a saved capture file and returns any or all of several
350 statistics about that file. It is able to detect and read any
351 capture supported by the <application>Wireshark</application>
352 package
353 </para>
354 <indexterm zone="wireshark capinfos">
355 <primary sortas="b-capinfos">capinfos</primary>
356 </indexterm>
357 </listitem>
358 </varlistentry>
359
360 <varlistentry id="captype">
361 <term><command>captype</command></term>
362 <listitem>
363 <para>
364 prints the file types of capture files
365 </para>
366 <indexterm zone="wireshark captype">
367 <primary sortas="b-captype">captype</primary>
368 </indexterm>
369 </listitem>
370 </varlistentry>
371
372 <varlistentry id="dumpcap">
373 <term><command>dumpcap</command></term>
374 <listitem>
375 <para>
376 is a network traffic dump tool. It lets you capture packet data
377 from a live network and write the packets to a file
378 </para>
379 <indexterm zone="wireshark dumpcap">
380 <primary sortas="b-dumpcap">dumpcap</primary>
381 </indexterm>
382 </listitem>
383 </varlistentry>
384
385 <varlistentry id="editcap">
386 <term><command>editcap</command></term>
387 <listitem>
388 <para>
389 edits and/or translates the format of capture files. It knows
390 how to read <application>libpcap</application> capture files,
391 including those of <command>tcpdump</command>,
392 <application>Wireshark</application> and other tools that write
393 captures in that format
394 </para>
395 <indexterm zone="wireshark editcap">
396 <primary sortas="b-editcap">editcap</primary>
397 </indexterm>
398 </listitem>
399 </varlistentry>
400
401 <varlistentry id="idl2wrs">
402 <term><command>idl2wrs</command></term>
403 <listitem>
404 <para>
405 is a program that takes a user specified CORBA IDL file and
406 generates <quote>C</quote> source code for a
407 <application>Wireshark</application> <quote>plugin</quote>. It
408 relies on two Python programs <command>wireshark_be.py</command>
409 and <command>wireshark_gen.py</command>, which are not installed
410 by default. They have to be copied manually from the
411 <filename class="directory">tools</filename> directory to the
412 <filename class="directory">$PYTHONPATH/site-packages/</filename>
413 directory
414 </para>
415 <indexterm zone="wireshark idl2wrs">
416 <primary sortas="b-idl2wrs">idl2wrs</primary>
417 </indexterm>
418 </listitem>
419 </varlistentry>
420
421 <varlistentry id="mergecap">
422 <term><command>mergecap</command></term>
423 <listitem>
424 <para>
425 combines multiple saved capture files into a single output file
426 </para>
427 <indexterm zone="wireshark mergecap">
428 <primary sortas="b-mergecap">mergecap</primary>
429 </indexterm>
430 </listitem>
431 </varlistentry>
432
433 <varlistentry id="randpkt">
434 <term><command>randpkt</command></term>
435 <listitem>
436 <para>
437 creates random-packet capture files
438 </para>
439 <indexterm zone="wireshark randpkt">
440 <primary sortas="b-randpkt">randpkt</primary>
441 </indexterm>
442 </listitem>
443 </varlistentry>
444
445 <varlistentry id="rawshark">
446 <term><command>rawshark</command></term>
447 <listitem>
448 <para>
449 dumps and analyzes raw libpcap data
450 </para>
451 <indexterm zone="wireshark rawshark">
452 <primary sortas="b-rawshark">rawshark</primary>
453 </indexterm>
454 </listitem>
455 </varlistentry>
456
457 <varlistentry id="reordercap">
458 <term><command>reordercap</command></term>
459 <listitem>
460 <para>
461 reorders timestamps of input file frames into an output file
462 </para>
463 <indexterm zone="wireshark reordercap">
464 <primary sortas="b-reordercap">reordercap</primary>
465 </indexterm>
466 </listitem>
467 </varlistentry>
468
469 <varlistentry id="sharkd">
470 <term><command>sharkd</command></term>
471 <listitem>
472 <para>
473 is a daemon that listens on UNIX sockets
474 </para>
475 <indexterm zone="wireshark sharkd">
476 <primary sortas="b-sharkd">sharkd</primary>
477 </indexterm>
478 </listitem>
479 </varlistentry>
480
481 <varlistentry id="text2pcap">
482 <term><command>text2pcap</command></term>
483 <listitem>
484 <para>
485 reads in an ASCII hex dump and writes the data described into a
486 <application>libpcap</application>-style capture file
487 </para>
488 <indexterm zone="wireshark text2pcap">
489 <primary sortas="b-text2pcap">text2pcap</primary>
490 </indexterm>
491 </listitem>
492 </varlistentry>
493
494 <varlistentry id="tshark">
495 <term><command>tshark</command></term>
496 <listitem>
497 <para>
498 is a TTY-mode network protocol analyzer. It lets you capture
499 packet data from a live network or read packets from a
500 previously saved capture file
501 </para>
502 <indexterm zone="wireshark tshark">
503 <primary sortas="b-tshark">tshark</primary>
504 </indexterm>
505 </listitem>
506 </varlistentry>
507
508 <varlistentry id="wireshark-prog">
509 <term><command>wireshark</command></term>
510 <listitem>
511 <para>
512 is the Qt GUI network protocol analyzer. It lets you interactively
513 browse packet data from a live network or from a previously saved
514 capture file
515 </para>
516 <indexterm zone="wireshark wireshark-prog">
517 <primary sortas="b-wireshark">wireshark</primary>
518 </indexterm>
519 </listitem>
520 </varlistentry>
521<!-- seems to have disappeared
522 <varlistentry id="wireshark-gtk-prog">
523 <term><command>wireshark-gtk</command></term>
524 <listitem>
525 <para>
526 is the Gtk+ GUI network protocol analyzer. It lets you interactively
527 browse packet data from a live network or from a previously saved
528 capture file (optional).
529 </para>
530 <indexterm zone="wireshark wireshark-gtk-prog">
531 <primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
532 </indexterm>
533 </listitem>
534 </varlistentry>
535-->
536 <varlistentry id="libwireshark">
537 <term><filename class="libraryfile">libwireshark.so</filename></term>
538 <listitem>
539 <para>
540 contains functions used by the <application>Wireshark</application>
541 programs to perform filtering and packet capturing
542 </para>
543 <indexterm zone="wireshark libwireshark">
544 <primary sortas="c-libwireshark">libwireshark.so</primary>
545 </indexterm>
546 </listitem>
547 </varlistentry>
548
549 <varlistentry id="libwiretap">
550 <term><filename class="libraryfile">libwiretap.so</filename></term>
551 <listitem>
552 <para>
553 is a library being developed as a future replacement for
554 <filename class="libraryfile">libpcap</filename>, the current
555 standard Unix library for packet capturing. For more information,
556 see the <filename>README</filename> file in the source
557 <filename class="directory">wiretap</filename> directory
558 </para>
559 <indexterm zone="wireshark libwiretap">
560 <primary sortas="c-libwiretap">libwiretap.so</primary>
561 </indexterm>
562 </listitem>
563 </varlistentry>
564
565 </variablelist>
566
567 </sect2>
568
569</sect1>
Note: See TracBrowser for help on using the repository browser.