Context Navigation

source: networking/netutils/wireshark.xml@ e1e58be

Visit:

12.1 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18

Last change on this file since e1e58be was 0be8c5f9, checked in by Douglas R. Reno <renodr@…>, 8 months ago
Update to wireshark-4.0.10
Property mode set to `100644`
File size: 19.2 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.xz">
8	<!ENTITY wireshark-download-ftp " ">
9	<!ENTITY wireshark-md5sum "29d710e0cf96e26005bd13b9d1cd9384">
10	<!ENTITY wireshark-size "41 MB">
11	<!ENTITY wireshark-buildsize "822 MB (with all optional dependencies available in the BLFS book)">
12	<!ENTITY wireshark-time "2.3 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)">
13	]>
14
15	<!-- Gentle reminder: many Wireshark releases contain vulnerability fixes,
16	we have not always been aware of these. At https://www.wireshark.org/security/
17	there is a list of advisories and the version in which they were fixed.
18
19	If you click on an advisory, after the bug number in the References:
20	there may be a CVE number, although perhaps those get added some time after
21	the release. Perhaps as a general rule treat ALL their advisories for crashes
22	etc as worthy of a security fix. -->
23
24	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
25	<?dbhtml filename="wireshark.html"?>
26
27
28	<title>Wireshark-&wireshark-version;</title>
29
30	<indexterm zone="wireshark">
31	<primary sortas="a-Wireshark">Wireshark</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to Wireshark</title>
36
37	<para>
38	The <application>Wireshark</application> package contains a network
39	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
40	for analyzing data captured <quote>off the wire</quote> from a live
41	network connection, or data read from a capture file.
42	</para>
43
44	<para>
45	<application>Wireshark</application> provides both a graphical and a
46	TTY-mode front-end for examining captured network packets from over 500
47	protocols, as well as the capability to read capture files from many
48	other popular network analyzers.
49	</para>
50
51	&lfs120_checked;
52
53	<bridgehead renderas="sect3">Package Information</bridgehead>
54	<itemizedlist spacing="compact">
55	<listitem>
56	<para>
57	Download (HTTP): <ulink url="&wireshark-download-http;"/>
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download (FTP): <ulink url="&wireshark-download-ftp;"/>
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Download MD5 sum: &wireshark-md5sum;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Download size: &wireshark-size;
73	</para>
74	</listitem>
75	<listitem>
76	<para>
77	Estimated disk space required: &wireshark-buildsize;
78	</para>
79	</listitem>
80	<listitem>
81	<para>
82	Estimated build time: &wireshark-time;
83	</para>
84	</listitem>
85	</itemizedlist>
86
87	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
88	<itemizedlist spacing="compact">
89	<listitem>
90	<para>
91	Additional Documentation:
92	<ulink url="https://www.wireshark.org/download/docs/"/>
93	(contains links to several different docs in a variety of formats)
94	</para>
95	</listitem>
96	</itemizedlist>
97
98	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
99
100	<bridgehead renderas="sect4">Required</bridgehead>
101	<para role="required">
102	<xref linkend="cmake"/>,
103	<xref linkend="c-ares"/>,
104	<xref linkend="glib2"/>,
105	<xref linkend="libgcrypt"/>, and
106	(<xref linkend="qt5"/> or
107	<xref role="nodep" linkend="qt5-components"/> with qtmultimedia)
108	</para>
109
110	<bridgehead renderas="sect4">Recommended</bridgehead>
111	<para role="recommended">
112	<xref linkend="libpcap"/> (required to capture data)
113	</para>
114
115	<bridgehead renderas="sect4">Optional</bridgehead>
116	<para role="optional">
117	<xref linkend="asciidoctor"/>,
118	<xref linkend="brotli"/>,
119	<xref linkend="doxygen"/>,
120	<xref linkend="git"/>,
121	<xref linkend="gnutls"/>,
122	<xref linkend="libnl"/>,
123	<xref linkend="libxslt"/>,
124	<xref linkend="libxml2"/>,
125	<xref linkend="lua52"/>,
126	<xref linkend="mitkrb"/>,
127	<xref linkend="nghttp2"/>,
128	<xref linkend="sbc"/>,
129	<xref linkend="speex"/>,
130	<!--<ulink url="https://asciidoctor.org/">Asciidoctor</ulink>,-->
131	<ulink url="https://www.linphone.org/technical-corner/bcg729">BCG729</ulink>,
132	<ulink url="https://github.com/TimothyGu/libilbc">libilbc</ulink>,
133	<ulink url="https://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
134	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
135	<ulink url="https://www.libssh.org/">libssh</ulink>,
136	<ulink url="https://github.com/maxmind/libmaxminddb">MaxMindDB</ulink>,
137	<ulink url="https://www.winimage.com/zLibDll/minizip.html">Minizip</ulink>,
138	<ulink url="https://google.github.io/snappy/">Snappy</ulink>, and
139	<ulink url="https://github.com/freeswitch/spandsp">Spandsp</ulink>
140	</para>
141
142
143	</sect2>
144
145	<sect2 role="kernel" id="wireshark-kernel">
146	<title>Kernel Configuration</title>
147
148	<para>
149	The kernel must have the Packet protocol enabled for <application>
150	Wireshark</application> to capture live packets from the network:
151	</para>
152
153	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
154	href="wireshark-kernel.xml"/>
155
156	<para>
157	If built as a module, the name is <filename>af_packet.ko</filename>.
158	</para>
159
160	<indexterm zone="wireshark wireshark-kernel">
161	<primary sortas="d-Capturing-network-packets">
162	Capturing network packets
163	</primary>
164	</indexterm>
165
166	</sect2>
167
168	<sect2 role="installation">
169	<title>Installation of Wireshark</title>
170
171	<para>
172	<application>Wireshark</application> is a very large and complex
173	application. These instructions provide additional security measures to
174	ensure that only trusted users are allowed to view network traffic. First,
175	set up a system group for wireshark. As the <systemitem
176	class="username">root</systemitem> user:
177	</para>
178
179	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
180
181	<para>
182	Continue to install <application>Wireshark</application> by running
183	the following commands:
184	</para>
185
186	<screen><userinput>mkdir build &&
187	cd build &&
188
189	cmake -DCMAKE_INSTALL_PREFIX=/usr \
190	-DCMAKE_BUILD_TYPE=Release \
191	-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-&wireshark-version; \
192	-G Ninja \
193	.. &&
194	ninja</userinput></screen>
195
196	<para>
197	This package does not come with a test suite.
198	</para>
199
200	<para>
201	Now, as the <systemitem class="username">root</systemitem> user:
202	</para>
203
204	<screen role="root"><userinput>ninja install &&
205
206	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
207	install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
208	/usr/share/doc/wireshark-&wireshark-version; &&
209
210	pushd /usr/share/doc/wireshark-&wireshark-version; &&
211	for FILENAME in ../../wireshark/*.html; do
212	ln -s -v -f $FILENAME .
213	done &&
214	popd
215	unset FILENAME</userinput></screen>
216
217	<para>
218	If you downloaded any of the documentation files from the page
219	listed in the 'Additional Downloads', install them by issuing the
220	following commands as the <systemitem class="username">root</systemitem>
221	user:
222	</para>
223
224	<screen role="root"
225	remap="doc"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
226	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
227
228	<para>
229	Now, set ownership and permissions of sensitive applications to only
230	allow authorized users. As the <systemitem class="username">root
231	</systemitem> user:
232	</para>
233
234	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
235	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
236
237	<para>
238	Finally, add any users to the wireshark group (as <systemitem class=
239	"username">root</systemitem> user):
240	</para>
241
242	<screen role="root"><userinput>usermod -a -G wireshark <replaceable><username></replaceable></userinput></screen>
243
244	<para>
245	If you are installing wireshark for the first time, it will be necessary
246	to logout of your session and login again. This will put wireshark in your
247	groups, because otherwise Wireshark will not function properly.
248	</para>
249
250	</sect2>
251	<!--
252	<sect2 role="commands">
253	<title>Command Explanations</title>
254
255	<para>
256	<option>- -disable-wireshark</option>: Use this switch if you
257	have <application>Qt</application> installed but do not want to build
258	any of the GUIs.
259	</para>
260	</sect2>
261	-->
262
263	<sect2 role="configuration">
264	<title>Configuring Wireshark</title>
265
266	<sect3 id="wireshark-config">
267	<title>Config Files</title>
268
269	<para>
270	<filename>/etc/wireshark.conf</filename> and
271	<filename>~/.config/wireshark/*</filename> (unless there is already
272	<filename>~/.wireshark/*</filename> in the system)
273	</para>
274
275	<indexterm zone="wireshark wireshark-config">
276	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
277	</indexterm>
278
279	<indexterm zone="wireshark wireshark-config">
280	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
281	</indexterm>
282
283	</sect3>
284
285	<sect3>
286	<title>Configuration Information</title>
287
288	<para>
289	Though the default configuration parameters are very sane, reference
290	the configuration section of the <ulink url=
291	"https://www.wireshark.org/docs/wsug_html/">Wireshark User's Guide
292	</ulink> for configuration information. Most of <application>Wireshark
293	</application>'s configuration can be accomplished
294	using the menu options of the <command>wireshark</command> graphical
295	interfaces.
296	</para>
297
298	<note>
299	<para>
300	If you want to look at packets, make sure you don't filter them
301	out with <xref linkend="iptables"/>. If you want to exclude certain
302	classes of packets, it is more efficient to do it with
303	<application>iptables</application> than it is with
304	<application>Wireshark</application>.
305	</para>
306	</note>
307
308	</sect3>
309
310	</sect2>
311
312	<sect2 role="content">
313	<title>Contents</title>
314
315	<segmentedlist>
316	<segtitle>Installed Programs</segtitle>
317	<segtitle>Installed Libraries</segtitle>
318	<segtitle>Installed Directories</segtitle>
319
320	<seglistitem>
321	<seg>
322	capinfos, captype, dumpcap, editcap, idl2wrs,
323	mergecap, randpkt, rawshark, reordercap, sharkd,
324	text2pcap, tshark, and wireshark
325	</seg>
326	<seg>
327	libwireshark.so, libwiretap.so,
328	libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
329	</seg>
330	<seg>
331	/usr/{include,lib,share}/wireshark and
332	/usr/share/doc/wireshark-&wireshark-version;
333	</seg>
334	</seglistitem>
335	</segmentedlist>
336
337	<variablelist>
338	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
339	<?dbfo list-presentation="list"?>
340	<?dbhtml list-presentation="table"?>
341
342	<varlistentry id="capinfos">
343	<term><command>capinfos</command></term>
344	<listitem>
345	<para>
346	reads a saved capture file and returns any or all of several
347	statistics about that file. It is able to detect and read any
348	capture supported by the <application>Wireshark</application>
349	package
350	</para>
351	<indexterm zone="wireshark capinfos">
352	<primary sortas="b-capinfos">capinfos</primary>
353	</indexterm>
354	</listitem>
355	</varlistentry>
356
357	<varlistentry id="captype">
358	<term><command>captype</command></term>
359	<listitem>
360	<para>
361	prints the file types of capture files
362	</para>
363	<indexterm zone="wireshark captype">
364	<primary sortas="b-captype">captype</primary>
365	</indexterm>
366	</listitem>
367	</varlistentry>
368
369	<varlistentry id="dumpcap">
370	<term><command>dumpcap</command></term>
371	<listitem>
372	<para>
373	is a network traffic dump tool. It lets you capture packet data
374	from a live network and write the packets to a file
375	</para>
376	<indexterm zone="wireshark dumpcap">
377	<primary sortas="b-dumpcap">dumpcap</primary>
378	</indexterm>
379	</listitem>
380	</varlistentry>
381
382	<varlistentry id="editcap">
383	<term><command>editcap</command></term>
384	<listitem>
385	<para>
386	edits and/or translates the format of capture files. It knows
387	how to read <application>libpcap</application> capture files,
388	including those of <command>tcpdump</command>,
389	<application>Wireshark</application> and other tools that write
390	captures in that format
391	</para>
392	<indexterm zone="wireshark editcap">
393	<primary sortas="b-editcap">editcap</primary>
394	</indexterm>
395	</listitem>
396	</varlistentry>
397
398	<varlistentry id="idl2wrs">
399	<term><command>idl2wrs</command></term>
400	<listitem>
401	<para>
402	is a program that takes a user specified CORBA IDL file and
403	generates <quote>C</quote> source code for a
404	<application>Wireshark</application> <quote>plugin</quote>. It
405	relies on two Python programs <command>wireshark_be.py</command>
406	and <command>wireshark_gen.py</command>, which are not installed
407	by default. They have to be copied manually from the
408	<filename class="directory">tools</filename> directory to the
409	<filename class="directory">$PYTHONPATH/site-packages/</filename>
410	directory
411	</para>
412	<indexterm zone="wireshark idl2wrs">
413	<primary sortas="b-idl2wrs">idl2wrs</primary>
414	</indexterm>
415	</listitem>
416	</varlistentry>
417
418	<varlistentry id="mergecap">
419	<term><command>mergecap</command></term>
420	<listitem>
421	<para>
422	combines multiple saved capture files into a single output file
423	</para>
424	<indexterm zone="wireshark mergecap">
425	<primary sortas="b-mergecap">mergecap</primary>
426	</indexterm>
427	</listitem>
428	</varlistentry>
429
430	<varlistentry id="randpkt">
431	<term><command>randpkt</command></term>
432	<listitem>
433	<para>
434	creates random-packet capture files
435	</para>
436	<indexterm zone="wireshark randpkt">
437	<primary sortas="b-randpkt">randpkt</primary>
438	</indexterm>
439	</listitem>
440	</varlistentry>
441
442	<varlistentry id="rawshark">
443	<term><command>rawshark</command></term>
444	<listitem>
445	<para>
446	dumps and analyzes raw libpcap data
447	</para>
448	<indexterm zone="wireshark rawshark">
449	<primary sortas="b-rawshark">rawshark</primary>
450	</indexterm>
451	</listitem>
452	</varlistentry>
453
454	<varlistentry id="reordercap">
455	<term><command>reordercap</command></term>
456	<listitem>
457	<para>
458	reorders timestamps of input file frames into an output file
459	</para>
460	<indexterm zone="wireshark reordercap">
461	<primary sortas="b-reordercap">reordercap</primary>
462	</indexterm>
463	</listitem>
464	</varlistentry>
465
466	<varlistentry id="sharkd">
467	<term><command>sharkd</command></term>
468	<listitem>
469	<para>
470	is a daemon that listens on UNIX sockets
471	</para>
472	<indexterm zone="wireshark sharkd">
473	<primary sortas="b-sharkd">sharkd</primary>
474	</indexterm>
475	</listitem>
476	</varlistentry>
477
478	<varlistentry id="text2pcap">
479	<term><command>text2pcap</command></term>
480	<listitem>
481	<para>
482	reads in an ASCII hex dump and writes the data described into a
483	<application>libpcap</application>-style capture file
484	</para>
485	<indexterm zone="wireshark text2pcap">
486	<primary sortas="b-text2pcap">text2pcap</primary>
487	</indexterm>
488	</listitem>
489	</varlistentry>
490
491	<varlistentry id="tshark">
492	<term><command>tshark</command></term>
493	<listitem>
494	<para>
495	is a TTY-mode network protocol analyzer. It lets you capture
496	packet data from a live network or read packets from a
497	previously saved capture file
498	</para>
499	<indexterm zone="wireshark tshark">
500	<primary sortas="b-tshark">tshark</primary>
501	</indexterm>
502	</listitem>
503	</varlistentry>
504
505	<varlistentry id="wireshark-prog">
506	<term><command>wireshark</command></term>
507	<listitem>
508	<para>
509	is the Qt GUI network protocol analyzer. It lets you interactively
510	browse packet data from a live network or from a previously saved
511	capture file
512	</para>
513	<indexterm zone="wireshark wireshark-prog">
514	<primary sortas="b-wireshark">wireshark</primary>
515	</indexterm>
516	</listitem>
517	</varlistentry>
518	<!-- seems to have disappeared
519	<varlistentry id="wireshark-gtk-prog">
520	<term><command>wireshark-gtk</command></term>
521	<listitem>
522	<para>
523	is the Gtk+ GUI network protocol analyzer. It lets you interactively
524	browse packet data from a live network or from a previously saved
525	capture file (optional).
526	</para>
527	<indexterm zone="wireshark wireshark-gtk-prog">
528	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
529	</indexterm>
530	</listitem>
531	</varlistentry>
532	-->
533	<varlistentry id="libwireshark">
534	<term><filename class="libraryfile">libwireshark.so</filename></term>
535	<listitem>
536	<para>
537	contains functions used by the <application>Wireshark</application>
538	programs to perform filtering and packet capturing
539	</para>
540	<indexterm zone="wireshark libwireshark">
541	<primary sortas="c-libwireshark">libwireshark.so</primary>
542	</indexterm>
543	</listitem>
544	</varlistentry>
545
546	<varlistentry id="libwiretap">
547	<term><filename class="libraryfile">libwiretap.so</filename></term>
548	<listitem>
549	<para>
550	is a library being developed as a future replacement for
551	<filename class="libraryfile">libpcap</filename>, the current
552	standard Unix library for packet capturing. For more information,
553	see the <filename>README</filename> file in the source
554	<filename class="directory">wiretap</filename> directory
555	</para>
556	<indexterm zone="wireshark libwiretap">
557	<primary sortas="c-libwiretap">libwiretap.so</primary>
558	</indexterm>
559	</listitem>
560	</varlistentry>
561
562	</variablelist>
563
564	</sect2>
565
566	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: