Context Navigation

wireshark.xml@ d9a7451

Visit:

10.1 11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since d9a7451 was 7aa91c69, checked in by Douglas R. Reno <renodr@…>, 3 years ago

Update to feh-3.6.3
Update to autofs-5.1.7
Update to talloc-2.3.2
Update to gparted-1.2.0
Update to xarchiver-0.5.4.17
Update to asciidoc-9.0.5
Update to util-macros-1.19.2
Update to libXt-1.2.1 (Xorg Library)
Update to wireshark-3.4.3 (Security Update)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24158 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 18.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "7988932a5e3930fa6035b8f8b584f0d8">
10	<!ENTITY wireshark-size "31 MB">
11	<!ENTITY wireshark-buildsize "749 MB (with all optional dependencies available in the BLFS book)">
12	<!ENTITY wireshark-time "2.4 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16	<?dbhtml filename="wireshark.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>Wireshark-&wireshark-version;</title>
24
25	<indexterm zone="wireshark">
26	<primary sortas="a-Wireshark">Wireshark</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to Wireshark</title>
31
32	<para>
33	The <application>Wireshark</application> package contains a network
34	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35	for analyzing data captured <quote>off the wire</quote> from a live
36	network connection, or data read from a capture file.
37	</para>
38
39	<para>
40	<application>Wireshark</application> provides both a graphical and a
41	TTY-mode front-end for examining captured network packets from over 500
42	protocols, as well as the capability to read capture files from many
43	other popular network analyzers.
44	</para>
45
46	&lfs10_checked;
47
48	<bridgehead renderas="sect3">Package Information</bridgehead>
49	<itemizedlist spacing="compact">
50	<listitem>
51	<para>
52	Download (HTTP): <ulink url="&wireshark-download-http;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download MD5 sum: &wireshark-md5sum;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download size: &wireshark-size;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated disk space required: &wireshark-buildsize;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated build time: &wireshark-time;
78	</para>
79	</listitem>
80	</itemizedlist>
81
82	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
83	<itemizedlist spacing="compact">
84	<listitem>
85	<para>
86	Additional Documentation:
87	<ulink url="https://www.wireshark.org/download/docs/"/>
88	(contains links to several different docs in a variety of formats)
89	</para>
90	</listitem>
91	</itemizedlist>
92
93	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
94
95	<bridgehead renderas="sect4">Required</bridgehead>
96	<para role="required">
97	<xref linkend="cmake"/>,
98	<xref linkend="glib2"/>,
99	<xref linkend="libgcrypt"/>, and
100	<xref linkend="qt5"/>
101	</para>
102
103	<bridgehead renderas="sect4">Recommended</bridgehead>
104	<para role="recommended">
105	<xref linkend="libpcap"/> (required to capture data)
106	</para>
107
108	<bridgehead renderas="sect4">Optional</bridgehead>
109	<para role="optional">
110	<xref linkend="brotli"/>,
111	<xref linkend="c-ares"/>,
112	<xref linkend="doxygen"/>,
113	<xref linkend="git"/>,
114	<xref linkend="gnutls"/>,
115	<xref linkend="libnl"/>,
116	<xref linkend="libxslt"/>,
117	<xref linkend="libxml2"/>,
118	<xref linkend="lua52"/>,
119	<xref linkend="mitkrb"/>,
120	<xref linkend="nghttp2"/>,
121	<xref linkend="sbc"/>,
122	<xref linkend="speex"/>,
123	<ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,
124	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
125	<ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
126	<ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
127	<ulink url="https://www.libssh.org/">libssh</ulink>,
128	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
129	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
130	<ulink url="http://google.github.io/snappy/">Snappy</ulink>, and
131	<ulink url="https://www.soft-switch.org/">Spandsp</ulink>
132	</para>
133
134	<para condition="html" role="usernotes">
135	User Notes: <ulink url="&blfs-wiki;/wireshark"/>
136	</para>
137
138	</sect2>
139
140	<sect2 role="kernel" id="wireshark-kernel">
141	<title>Kernel Configuration</title>
142
143	<para>
144	The kernel must have the Packet protocol enabled for <application>
145	Wireshark</application> to capture live packets from the network:
146	</para>
147
148	<screen><literal>[*] Networking support ---> [CONFIG_NET]
149	Networking options --->
150	<*/M> Packet socket [CONFIG_PACKET]</literal></screen>
151
152	<para>
153	If built as a module, the name is <filename>af_packet.ko</filename>.
154	</para>
155
156	<indexterm zone="wireshark wireshark-kernel">
157	<primary sortas="d-Capturing-network-packets">
158	Capturing network packets
159	</primary>
160	</indexterm>
161
162	</sect2>
163
164	<sect2 role="installation">
165	<title>Installation of Wireshark</title>
166
167	<para>
168	<application>Wireshark</application> is a very large and complex
169	application. These instructions provide additional security measures to
170	ensure that only trusted users are allowed to view network traffic. First,
171	set up a system group for wireshark. As the <systemitem
172	class="username">root</systemitem> user:
173	</para>
174
175	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
176
177	<para>
178	Continue to install <application>Wireshark</application> by running
179	the following commands:
180	</para>
181
182	<screen><userinput>mkdir build &&
183	cd build &&
184
185	cmake -DCMAKE_INSTALL_PREFIX=/usr \
186	-DCMAKE_BUILD_TYPE=Release \
187	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
188	-G Ninja \
189	.. &&
190	ninja</userinput></screen>
191
192	<para>
193	This package does not come with a test suite.
194	</para>
195
196	<para>
197	Now, as the <systemitem class="username">root</systemitem> user:
198	</para>
199
200	<screen role="root"><userinput>ninja install &&
201
202	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
203	install -v -m644 ../README.linux ../doc/README.* ../doc/{*.pod,randpkt.txt} \
204	/usr/share/doc/wireshark-&wireshark-version; &&
205
206	pushd /usr/share/doc/wireshark-&wireshark-version; &&
207	for FILENAME in ../../wireshark/*.html; do
208	ln -s -v -f $FILENAME .
209	done &&
210	popd
211	unset FILENAME</userinput></screen>
212
213	<para>
214	If you downloaded any of the documentation files from the page
215	listed in the 'Additional Downloads', install them by issuing the
216	following commands as the <systemitem class="username">root</systemitem>
217	user:
218	</para>
219
220	<screen role="root"
221	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
222	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
223
224	<para>
225	Now, set ownership and permissions of sensitive applications to only
226	allow authorized users. As the <systemitem class="username">root
227	</systemitem> user:
228	</para>
229
230	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
231	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
232
233	<para>
234	Finally, add any users to the wireshark group (as <systemitem class=
235	"username">root</systemitem> user):
236	</para>
237
238	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
239
240	<para>
241	If you are installing wireshark for the first time, it will be necessary
242	to logout of your session and login again. This will put wireshark in your
243	groups, because otherwise Wireshark will not function properly.
244	</para>
245
246	</sect2>
247	<!--
248	<sect2 role="commands">
249	<title>Command Explanations</title>
250
251	<para>
252	<option>- -disable-wireshark</option>: Use this switch if you
253	have <application>Qt</application> installed but do not want to build
254	any of the GUIs.
255	</para>
256	</sect2>
257	-->
258
259	<sect2 role="configuration">
260	<title>Configuring Wireshark</title>
261
262	<sect3 id="wireshark-config">
263	<title>Config Files</title>
264
265	<para>
266	<filename>/etc/wireshark.conf</filename> and
267	<filename>~/.config/wireshark/*</filename> (unless there is already
268	<filename>~/.wireshark/*</filename> in the system)
269	</para>
270
271	<indexterm zone="wireshark wireshark-config">
272	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
273	</indexterm>
274
275	<indexterm zone="wireshark wireshark-config">
276	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
277	</indexterm>
278
279	</sect3>
280
281	<sect3>
282	<title>Configuration Information</title>
283
284	<para>
285	Though the default configuration parameters are very sane, reference
286	the configuration section of the <ulink url=
287	"http://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
288	</ulink> for configuration information. Most of <application>Wireshark
289	</application>'s configuration can be accomplished
290	using the menu options of the <command>wireshark</command> graphical
291	interfaces.
292	</para>
293
294	<note>
295	<para>
296	If you want to look at packets, make sure you don't filter them
297	out with <xref linkend="iptables"/>. If you want to exclude certain
298	classes of packets, it is more efficient to do it with
299	<application>iptables</application> than it is with
300	<application>Wireshark</application>.
301	</para>
302	</note>
303
304	</sect3>
305
306	</sect2>
307
308	<sect2 role="content">
309	<title>Contents</title>
310
311	<segmentedlist>
312	<segtitle>Installed Programs</segtitle>
313	<segtitle>Installed Libraries</segtitle>
314	<segtitle>Installed Directories</segtitle>
315
316	<seglistitem>
317	<seg>
318	capinfos, captype, dumpcap, editcap, idl2wrs,
319	mergecap, randpkt, rawshark, reordercap, sharkd,
320	text2pcap, tshark, and wireshark
321	</seg>
322	<seg>
323	libwireshark.so, libwiretap.so,
324	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
325	</seg>
326	<seg>
327	/usr/{include,lib,share}/wireshark and
328	/usr/share/doc/wireshark-&wireshark-version;
329	</seg>
330	</seglistitem>
331	</segmentedlist>
332
333	<variablelist>
334	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
335	<?dbfo list-presentation="list"?>
336	<?dbhtml list-presentation="table"?>
337
338	<varlistentry id="capinfos">
339	<term><command>capinfos</command></term>
340	<listitem>
341	<para>
342	reads a saved capture file and returns any or all of several
343	statistics about that file. It is able to detect and read any
344	capture supported by the <application>Wireshark</application>
345	package.
346	</para>
347	<indexterm zone="wireshark capinfos">
348	<primary sortas="b-capinfos">capinfos</primary>
349	</indexterm>
350	</listitem>
351	</varlistentry>
352
353	<varlistentry id="captype">
354	<term><command>captype</command></term>
355	<listitem>
356	<para>
357	prints the file types of capture files.
358	</para>
359	<indexterm zone="wireshark captype">
360	<primary sortas="b-captype">captype</primary>
361	</indexterm>
362	</listitem>
363	</varlistentry>
364
365	<varlistentry id="dumpcap">
366	<term><command>dumpcap</command></term>
367	<listitem>
368	<para>
369	is a network traffic dump tool. It lets you capture packet data
370	from a live network and write the packets to a file.
371	</para>
372	<indexterm zone="wireshark dumpcap">
373	<primary sortas="b-dumpcap">dumpcap</primary>
374	</indexterm>
375	</listitem>
376	</varlistentry>
377
378	<varlistentry id="editcap">
379	<term><command>editcap</command></term>
380	<listitem>
381	<para>
382	edits and/or translates the format of capture files. It knows
383	how to read <application>libpcap</application> capture files,
384	including those of <command>tcpdump</command>,
385	<application>Wireshark</application> and other tools that write
386	captures in that format.
387	</para>
388	<indexterm zone="wireshark editcap">
389	<primary sortas="b-editcap">editcap</primary>
390	</indexterm>
391	</listitem>
392	</varlistentry>
393
394	<varlistentry id="idl2wrs">
395	<term><command>idl2wrs</command></term>
396	<listitem>
397	<para>
398	is a program that takes a user specified CORBA IDL file and
399	generates <quote>C</quote> source code for a
400	<application>Wireshark</application> <quote>plugin</quote>. It
401	relies on two Python programs <command>wireshark_be.py</command>
402	and <command>wireshark_gen.py</command>, which are not installed
403	by default. They have to be copied manually from the <filename
404	class="directory">tools</filename> directory to the <filename
405	class="directory">$PYTHONPATH/site-packages/</filename> directory.
406	</para>
407	<indexterm zone="wireshark idl2wrs">
408	<primary sortas="b-idl2wrs">idl2wrs</primary>
409	</indexterm>
410	</listitem>
411	</varlistentry>
412
413	<varlistentry id="mergecap">
414	<term><command>mergecap</command></term>
415	<listitem>
416	<para>
417	combines multiple saved capture files into a single output file.
418	</para>
419	<indexterm zone="wireshark mergecap">
420	<primary sortas="b-mergecap">mergecap</primary>
421	</indexterm>
422	</listitem>
423	</varlistentry>
424
425	<varlistentry id="randpkt">
426	<term><command>randpkt</command></term>
427	<listitem>
428	<para>
429	creates random-packet capture files.
430	</para>
431	<indexterm zone="wireshark randpkt">
432	<primary sortas="b-randpkt">randpkt</primary>
433	</indexterm>
434	</listitem>
435	</varlistentry>
436
437	<varlistentry id="rawshark">
438	<term><command>rawshark</command></term>
439	<listitem>
440	<para>
441	dumps and analyzes raw libpcap data.
442	</para>
443	<indexterm zone="wireshark rawshark">
444	<primary sortas="b-rawshark">rawshark</primary>
445	</indexterm>
446	</listitem>
447	</varlistentry>
448
449	<varlistentry id="reordercap">
450	<term><command>reordercap</command></term>
451	<listitem>
452	<para>
453	reorders timestamps of input file frames into an output file.
454	</para>
455	<indexterm zone="wireshark reordercap">
456	<primary sortas="b-reordercap">reordercap</primary>
457	</indexterm>
458	</listitem>
459	</varlistentry>
460
461	<varlistentry id="sharkd">
462	<term><command>sharkd</command></term>
463	<listitem>
464	<para>
465	is a daemon that listens on UNIX sockets.
466	</para>
467	<indexterm zone="wireshark sharkd">
468	<primary sortas="b-sharkd">sharkd</primary>
469	</indexterm>
470	</listitem>
471	</varlistentry>
472
473	<varlistentry id="text2pcap">
474	<term><command>text2pcap</command></term>
475	<listitem>
476	<para>
477	reads in an ASCII hex dump and writes the data described into a
478	<application>libpcap</application>-style capture file.
479	</para>
480	<indexterm zone="wireshark text2pcap">
481	<primary sortas="b-text2pcap">text2pcap</primary>
482	</indexterm>
483	</listitem>
484	</varlistentry>
485
486	<varlistentry id="tshark">
487	<term><command>tshark</command></term>
488	<listitem>
489	<para>
490	is a TTY-mode network protocol analyzer. It lets you capture
491	packet data from a live network or read packets from a
492	previously saved capture file.
493	</para>
494	<indexterm zone="wireshark tshark">
495	<primary sortas="b-tshark">tshark</primary>
496	</indexterm>
497	</listitem>
498	</varlistentry>
499
500	<varlistentry id="wireshark-prog">
501	<term><command>wireshark</command></term>
502	<listitem>
503	<para>
504	is the Qt GUI network protocol analyzer. It lets you interactively
505	browse packet data from a live network or from a previously saved
506	capture file.
507	</para>
508	<indexterm zone="wireshark wireshark-prog">
509	<primary sortas="b-wireshark">wireshark</primary>
510	</indexterm>
511	</listitem>
512	</varlistentry>
513	<!-- seems to have disappeared
514	<varlistentry id="wireshark-gtk-prog">
515	<term><command>wireshark-gtk</command></term>
516	<listitem>
517	<para>
518	is the Gtk+ GUI network protocol analyzer. It lets you interactively
519	browse packet data from a live network or from a previously saved
520	capture file (optional).
521	</para>
522	<indexterm zone="wireshark wireshark-gtk-prog">
523	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
524	</indexterm>
525	</listitem>
526	</varlistentry>
527	-->
528	<varlistentry id="libwireshark">
529	<term><filename class='libraryfile'>libwireshark.so</filename></term>
530	<listitem>
531	<para>
532	contains functions used by the <application>Wireshark</application>
533	programs to perform filtering and packet capturing.
534	</para>
535	<indexterm zone="wireshark libwireshark">
536	<primary sortas="c-libwireshark">libwireshark.so</primary>
537	</indexterm>
538	</listitem>
539	</varlistentry>
540
541	<varlistentry id="libwiretap">
542	<term><filename class='libraryfile'>libwiretap.so</filename></term>
543	<listitem>
544	<para>
545	is a library being developed as a future replacement for
546	<filename class='libraryfile'>libpcap</filename>, the current
547	standard Unix library for packet capturing. For more information,
548	see the <filename>README</filename> file in the source
549	<filename class='directory'>wiretap</filename> directory.
550	</para>
551	<indexterm zone="wireshark libwiretap">
552	<primary sortas="c-libwiretap">libwiretap.so</primary>
553	</indexterm>
554	</listitem>
555	</varlistentry>
556
557	</variablelist>
558
559	</sect2>
560
561	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark.xml@ d9a7451

Download in other formats: