Context Navigation

wireshark.xml@ eb3dbe3

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since eb3dbe3 was eb3dbe3, checked in by Bruce Dubbs <bdubbs@…>, 8 years ago

Remove references to qt4 from obconf-qt, qscintilla, qtermwidget,
gst10-plugins-base, v4l-utils, wpa_supplicant, wireshark,
and transmission.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@17445 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 18.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wireshark-download-http "https://www.wireshark.org/download/src/all-versions/wireshark-&wireshark-version;.tar.bz2">
8	<!ENTITY wireshark-download-ftp "ftp://ftp.uni-kl.de/pub/wireshark/src/wireshark-&wireshark-version;.tar.bz2">
9	<!ENTITY wireshark-md5sum "62dc20f5a77542feed2e38f18db8ae3b">
10	<!ENTITY wireshark-size "30 MB">
11	<!ENTITY wireshark-buildsize "1.8 GB, with default GUI front-ends">
12	<!ENTITY wireshark-time "9.6 SBU, with default GUI front-ends">
13	]>
14
15	<sect1 id="wireshark" xreflabel="Wireshark-&wireshark-version;">
16	<?dbhtml filename="wireshark.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>Wireshark-&wireshark-version;</title>
24
25	<indexterm zone="wireshark">
26	<primary sortas="a-Wireshark">Wireshark</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to Wireshark</title>
31
32	<para>
33	The <application>Wireshark</application> package contains a network
34	protocol analyzer, also known as a <quote>sniffer</quote>. This is useful
35	for analyzing data captured <quote>off the wire</quote> from a live
36	network connection, or data read from a capture file.
37	</para>
38
39	<para>
40	<application>Wireshark</application> provides both a graphical and a
41	TTY-mode front-end for examining captured network packets from over 500
42	protocols, as well as the capability to read capture files from many
43	other popular network analyzers.
44	</para>
45
46	&lfs79_checked;&gcc6_checked;
47
48	<bridgehead renderas="sect3">Package Information</bridgehead>
49	<itemizedlist spacing="compact">
50	<listitem>
51	<para>Download (HTTP): <ulink url="&wireshark-download-http;"/></para>
52	</listitem>
53	<listitem>
54	<para>Download (FTP): <ulink url="&wireshark-download-ftp;"/></para>
55	</listitem>
56	<listitem>
57	<para>Download MD5 sum: &wireshark-md5sum;</para>
58	</listitem>
59	<listitem>
60	<para>Download size: &wireshark-size;</para>
61	</listitem>
62	<listitem>
63	<para>Estimated disk space required: &wireshark-buildsize;</para>
64	</listitem>
65	<listitem>
66	<para>Estimated build time: &wireshark-time;</para>
67	</listitem>
68	</itemizedlist>
69
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Optional patch:
75	<ulink url=
76	"&patch-root;/wireshark-&wireshark-version;-lua_5_3_1-1.patch"/>
77	(allows building the LUA bindings if <xref linkend="lua"/> is
78	installed and LUA is not disabled by passing <option>--without-lua
79	</option> to <command>configure</command>)
80	</para>
81	</listitem>
82	<listitem>
83	<para>
84	Additional Documentation:
85	<ulink url="https://www.wireshark.org/download/docs/"/>
86	(contains links to several different docs in a variety of formats)
87	</para>
88	</listitem>
89	</itemizedlist>
90
91	<bridgehead renderas="sect3">Wireshark dependencies</bridgehead>
92
93	<bridgehead renderas="sect4">Required</bridgehead>
94	<para role="required">
95	<xref linkend="glib2"/>
96	</para>
97
98	<bridgehead renderas="sect4">Recommended</bridgehead>
99	<para role="recommended">
100	<xref linkend="gtk3"/> (for the <application>Gtk+3</application> GUI),
101	<xref linkend="libpcap"/> (required to capture data), and
102	<xref linkend="qt5"/> (for the <application>Qt5</application> GUI)
103	</para>
104
105	<bridgehead renderas="sect4">Optional</bridgehead>
106	<para role="optional">
107	<xref linkend="gnutls"/>,
108	<xref linkend="libgcrypt"/>,
109	<xref linkend="libnl"/>,
110	<xref linkend="lua"/>,
111	<xref linkend="mitkrb"/>,
112	<xref linkend="openssl"/>,
113	<xref linkend="sbc"/>,
114	<ulink url="http://www.gnu.org/software/adns/adns.html">adns</ulink>,
115	<ulink url="http://c-ares.haxx.se/">c-ares</ulink>,
116	<ulink url="http://www.ibr.cs.tu-bs.de/projects/libsmi/">libsmi</ulink>,
117	<ulink url="http://www.maxmind.com/app/c">GeoIP</ulink>, and
118	<ulink url="http://www.portaudio.com/">PortAudio</ulink>
119	(for GTK+ RTP player)
120	</para>
121
122	<bridgehead renderas="sect4">Optional (for GUI front-ends)
123	</bridgehead>
124	<para role="optional">
125	<xref linkend="gtk2"/>
126	</para>
127
128	<note>
129	<para>
130	The <application>GTK+</application> GUI needs one of <xref linkend=
131	"gtk2"/> or <xref linkend="gtk3"/>. If both are installed, GTK+3
132	is used by default.
133	</para>
134
135	<para>
136	The <application>Qt</application> GUI needs <xref linkend="qt5"/>.
137	</para>
138
139	<para>
140	Both GTK+ and Qt GUI front-ends are built, as recommended by the
141	upstream developers. If you want to override the defaults, some
142	configure switches have to be set (see <quote>Command
143	Explanations</quote>).
144	</para>
145	</note>
146
147	<para condition="html" role="usernotes">
148	User Notes: <ulink url="&blfs-wiki;/wireshark"/>
149	</para>
150
151	</sect2>
152
153	<sect2 role="kernel" id="wireshark-kernel">
154	<title>Kernel Configuration</title>
155
156	<para>
157	The kernel must have the Packet protocol enabled for <application>
158	Wireshark</application> to capture live packets from the network:
159	</para>
160
161	<screen><literal>[*] Networking support ---> [CONFIG_NET]
162	Networking options --->
163	<*/M> Packet socket [CONFIG_PACKET]</literal></screen>
164
165	<para>
166	If built as a module, the name is <filename>af_packet.ko</filename>.
167	</para>
168
169	<indexterm zone="wireshark wireshark-kernel">
170	<primary sortas="d-Capturing-network-packets">
171	Capturing network packets
172	</primary>
173	</indexterm>
174
175	</sect2>
176
177	<sect2 role="installation">
178	<title>Installation of Wireshark</title>
179
180	<para>
181	<application>Wireshark</application> is a very large and complex
182	application. These instructions provide additional security measures to
183	ensure that only trusted users are allowed to view network traffic. First,
184	set up a system group for wireshark. As the <systemitem
185	class="username">root</systemitem> user:
186	</para>
187
188	<screen role="root"><userinput>groupadd -g 62 wireshark</userinput></screen>
189
190	<para>
191	Continue to install <application>Wireshark</application> by running
192	the following commands:
193	</para>
194
195	<screen><userinput>patch -Np1 -i ../wireshark-&wireshark-version;-lua_5_3_1-1.patch &&
196
197	./configure --prefix=/usr --sysconfdir=/etc &&
198
199	make</userinput></screen>
200
201	<para>
202	This package does not come with a test suite.
203	</para>
204
205	<para>
206	Now, as the <systemitem class="username">root</systemitem> user:
207	</para>
208
209	<screen role="root"><userinput>make install &&
210
211	install -v -m755 -d /usr/share/doc/wireshark-&wireshark-version; &&
212	install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
213	/usr/share/doc/wireshark-&wireshark-version; &&
214
215	pushd /usr/share/doc/wireshark-&wireshark-version; &&
216	for FILENAME in ../../wireshark/*.html; do
217	ln -s -v -f $FILENAME .
218	done &&
219	popd
220	unset FILENAME</userinput></screen>
221
222	<para>
223	If you downloaded any of the documentation files from the page
224	listed in the 'Additional Downloads', install them by issuing the
225	following commands as the <systemitem class="username">root</systemitem>
226	user:
227	</para>
228
229	<screen role="root"><userinput>install -v -m644 <replaceable><Downloaded_Files></replaceable> \
230	/usr/share/doc/wireshark-&wireshark-version;</userinput></screen>
231
232	<para>
233	Now, set ownership and permissions of sensitive applications to only
234	allow authorized users. As the <systemitem class="username">root
235	</systemitem> user:
236	</para>
237
238	<screen role="root"><userinput>chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
239	chmod -v 6550 /usr/bin/{tshark,dumpcap}</userinput></screen>
240
241	<para>
242	Finally, add any users to the wireshark group (as <systemitem class=
243	"username">root</systemitem> user):
244	</para>
245
246	<screen role="root"><userinput>usermod -a -G wireshark <username></userinput></screen>
247
248	<para>
249	If you are installing wireshark for the first time, it will be necessary
250	to leave the session and login again, thus you will now have wireshark
251	between your groups, otherwise, it will not run properly.
252	</para>
253
254	</sect2>
255
256	<sect2 role="commands">
257	<title>Command Explanations</title>
258
259	<para>
260	<option>--with-gtk2=[yes/no]</option>: For the Gtk+2 GUI. If both Gtk+2
261	and 3 are installed, default is no. Notice that the GUI for only one Gtk+
262	version (either 2 or 3) can be built.
263	</para>
264
265	<para>
266	<option>--with-gtk3=[yes/no]</option>: For the Gtk+3 GUI. If both Gtk+2
267	and 3 are installed, default is yes.
268	</para>
269
270	<para>
271	<option>--with-qt=[yes/no/4/5]</option>: For the Qt GUI. Default is yes.
272	</para>
273
274	<para>
275	<option>--disable-wireshark</option>: Use this switch if you
276	have <application>GTK+</application> installed but do not want to build
277	any of the GUIs.
278	</para>
279
280	</sect2>
281
282	<sect2 role="configuration">
283	<title>Configuring Wireshark</title>
284
285	<sect3 id="wireshark-config">
286	<title>Config Files</title>
287
288	<para><filename>/etc/wireshark.conf</filename> and
289	<filename>~/.config/wireshark/*</filename> (unless there is already
290	<filename>~/.wireshark/*</filename> in the system)</para>
291
292	<indexterm zone="wireshark wireshark-config">
293	<primary sortas="e-AA.wireshark-star">~/.wireshark/*</primary>
294	</indexterm>
295
296	<indexterm zone="wireshark wireshark-config">
297	<primary sortas="e-etc-wireshark.conf">/etc/wireshark.conf</primary>
298	</indexterm>
299
300	</sect3>
301
302	<sect3>
303	<title>Configuration Information</title>
304
305	<para>Though the default configuration parameters are very sane, reference
306	the configuration section of the <ulink
307	url="http://www.wireshark.org/docs/wsug_html/">Wireshark User's
308	Guide</ulink> for configuration information. Most of
309	<application>Wireshark</application>'s configuration can be accomplished
310	using the menu options of the <command>wireshark</command> graphical
311	interfaces.</para>
312
313	<note>
314	<para>If you want to look at packets, make sure you don't filter them
315	out with <xref linkend="iptables"/>. If you want to exclude certain
316	classes of packets, it is more efficient to do it with
317	<application>iptables</application> than it is with
318	<application>Wireshark</application>.</para>
319	</note>
320
321	</sect3>
322
323	</sect2>
324
325	<sect2 role="content">
326	<title>Contents</title>
327
328	<segmentedlist>
329	<segtitle>Installed Programs</segtitle>
330	<segtitle>Installed Libraries</segtitle>
331	<segtitle>Installed Directories</segtitle>
332
333	<seglistitem>
334	<seg>
335	androiddump, capinfos, captype, dftest, dumpcap, editcap, idl2wrs,
336	mergecap, randpkt, rawshark, reordercap, text2pcap, tshark, wireshark,
337	and wireshark-gtk
338	</seg>
339	<seg>
340	libwireshark.so, libwiretap.so, libwsutil.so, and numerous modules
341	under /usr/lib/wireshark/plugins
342	</seg>
343	<seg>
344	/usr/{lib,share}/wireshark and
345	/usr/share/doc/wireshark-&wireshark-version;
346	</seg>
347	</seglistitem>
348	</segmentedlist>
349
350	<variablelist>
351	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
352	<?dbfo list-presentation="list"?>
353	<?dbhtml list-presentation="table"?>
354
355	<varlistentry id="capinfos">
356	<term><command>capinfos</command></term>
357	<listitem>
358	<para>reads a saved capture file and returns any or all of several
359	statistics about that file. It is able to detect and read any capture
360	supported by the <application>Wireshark</application> package.</para>
361	<indexterm zone="wireshark capinfos">
362	<primary sortas="b-capinfos">capinfos</primary>
363	</indexterm>
364	</listitem>
365	</varlistentry>
366
367	<varlistentry id="captype">
368	<term><command>captype</command></term>
369	<listitem>
370	<para>prints the file types of capture files.</para>
371	<indexterm zone="wireshark captype">
372	<primary sortas="b-captype">captype</primary>
373	</indexterm>
374	</listitem>
375	</varlistentry>
376
377	<varlistentry id="dftest">
378	<term><command>dftest</command></term>
379	<listitem>
380	<para>is a display-filter-compiler test program.</para>
381	<indexterm zone="wireshark dftest">
382	<primary sortas="b-dftest">dftest</primary>
383	</indexterm>
384	</listitem>
385	</varlistentry>
386
387	<varlistentry id="dumpcap">
388	<term><command>dumpcap</command></term>
389	<listitem>
390	<para>is a network traffic dump tool. It lets you capture packet data
391	from a live network and write the packets to a file.</para>
392	<indexterm zone="wireshark dumpcap">
393	<primary sortas="b-dumpcap">dumpcap</primary>
394	</indexterm>
395	</listitem>
396	</varlistentry>
397
398	<varlistentry id="editcap">
399	<term><command>editcap</command></term>
400	<listitem>
401	<para>edits and/or translates the format of capture files. It knows
402	how to read <application>libpcap</application> capture files,
403	including those of <command>tcpdump</command>,
404	<application>Wireshark</application> and other tools that write
405	captures in that format.</para>
406	<indexterm zone="wireshark editcap">
407	<primary sortas="b-editcap">editcap</primary>
408	</indexterm>
409	</listitem>
410	</varlistentry>
411
412	<varlistentry id="mergecap">
413	<term><command>mergecap</command></term>
414	<listitem>
415	<para>combines multiple saved capture files into a single output
416	file.</para>
417	<indexterm zone="wireshark mergecap">
418	<primary sortas="b-mergecap">mergecap</primary>
419	</indexterm>
420	</listitem>
421	</varlistentry>
422
423	<varlistentry id="randpkt">
424	<term><command>randpkt</command></term>
425	<listitem>
426	<para>creates random-packet capture files.</para>
427	<indexterm zone="wireshark randpkt">
428	<primary sortas="b-randpkt">randpkt</primary>
429	</indexterm>
430	</listitem>
431	</varlistentry>
432
433	<varlistentry id="rawshark">
434	<term><command>rawshark</command></term>
435	<listitem>
436	<para>dump and analyze raw libpcap data.</para>
437	<indexterm zone="wireshark rawshark">
438	<primary sortas="b-rawshark">rawshark</primary>
439	</indexterm>
440	</listitem>
441	</varlistentry>
442
443	<varlistentry id="reordercap">
444	<term><command>reordercap</command></term>
445	<listitem>
446	<para>reorder timestamps of input file frames into output file.</para>
447	<indexterm zone="wireshark reordercap">
448	<primary sortas="b-reordercap">reordercap</primary>
449	</indexterm>
450	</listitem>
451	</varlistentry>
452
453	<varlistentry id="text2pcap">
454	<term><command>text2pcap</command></term>
455	<listitem>
456	<para>reads in an ASCII hex dump and writes the
457	data described into a <application>libpcap</application>-style
458	capture file.</para>
459	<indexterm zone="wireshark text2pcap">
460	<primary sortas="b-text2pcap">text2pcap</primary>
461	</indexterm>
462	</listitem>
463	</varlistentry>
464
465	<varlistentry id="tshark">
466	<term><command>tshark</command></term>
467	<listitem>
468	<para>is a TTY-mode network protocol analyzer. It lets you capture
469	packet data from a live network or read packets from a
470	previously saved capture file.</para>
471	<indexterm zone="wireshark tshark">
472	<primary sortas="b-tshark">tshark</primary>
473	</indexterm>
474	</listitem>
475	</varlistentry>
476
477	<varlistentry id="wireshark-prog">
478	<term><command>wireshark</command></term>
479	<listitem>
480	<para>
481	is the Qt GUI network protocol analyzer. It lets you interactively
482	browse packet data from a live network or from a previously saved
483	capture file.
484	</para>
485	<indexterm zone="wireshark wireshark-prog">
486	<primary sortas="b-wireshark">wireshark</primary>
487	</indexterm>
488	</listitem>
489	</varlistentry>
490
491	<varlistentry id="wireshark-gtk-prog">
492	<term><command>wireshark-gtk</command></term>
493	<listitem>
494	<para>
495	is the Gtk+ GUI network protocol analyzer. It lets you interactively
496	browse packet data from a live network or from a previously saved
497	capture file.
498	</para>
499	<indexterm zone="wireshark wireshark-gtk-prog">
500	<primary sortas="b-wireshark-gtk">wireshark-gtk</primary>
501	</indexterm>
502	</listitem>
503	</varlistentry>
504
505	<varlistentry id="libwireshark">
506	<term><filename class='libraryfile'>libwireshark.so</filename></term>
507	<listitem>
508	<para>contains functions used by the
509	<application>Wireshark</application> programs to perform filtering and
510	packet capturing.</para>
511	<indexterm zone="wireshark libwireshark">
512	<primary sortas="c-libwireshark">libwireshark.so</primary>
513	</indexterm>
514	</listitem>
515	</varlistentry>
516
517	<varlistentry id="libwiretap">
518	<term><filename class='libraryfile'>libwiretap.so</filename></term>
519	<listitem>
520	<para>is a library being developed as a future replacement for
521	<filename class='libraryfile'>libpcap</filename>, the current
522	standard Unix library for packet capturing. For more information,
523	see the <filename>README</filename> file in the source
524	<filename class='directory'>wiretap</filename> directory.</para>
525	<indexterm zone="wireshark libwiretap">
526	<primary sortas="c-libwiretap">libwiretap.so</primary>
527	</indexterm>
528	</listitem>
529	</varlistentry>
530
531	</variablelist>
532
533	</sect2>
534
535	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netutils/wireshark.xml@ eb3dbe3

Download in other formats: