Wireshark-0.99.6
Introduction to Wireshark
The Wireshark package contains a
network protocol analyzer, also known as a “sniffer”. This is useful for analyzing data
captured “off the wire” from
a live network connection, or data read from a capture file.
Wireshark provides both a
graphical and TTY-mode front-end for examining captured network
packets from over 500 protocols, as well as the capability to read
capture files from many other popular network analyzers.
Package Information
Additional Downloads
From this page you can download many different docs in a variety of
formats.
Wireshark dependencies
Required
GLib-1.2.10 or GLib-2.12.12 (to
build the TTY-mode front-end only)
Note that if you don't have Gtk+
installed, you will need to pass --disable-wireshark
to the configure command.
Recommended
libpcap-0.9.6 (required to capture data)
Optional
pkg-config-0.22, GTK+-1.2.10 or GTK+-2.10.13
(to build the GUI front-end), OpenSSL-0.9.8g, Heimdal-1.1 or
MIT Kerberos V5-1.6, Python-2.5.2, PCRE-7.6, GnuTLS-1.6.3, Net-SNMP, adns, and
Lua
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/wireshark
Kernel
Configuration
The kernel must have the Packet protocol enabled for Wireshark to capture live packets from the
network. Enable the Packet protocol by choosing “Y” in the “Networking” – “Packet socket” configuration parameter.
Alternatively, build the af_packet.ko
module by choosing “M” in
this parameter.
Installation of Wireshark
Install Wireshark by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--enable-threads &&
make
This package does not come with a test suite.
Now, as the root
user:
make install &&
install -v -m755 -d /usr/share/doc/wireshark-0.99.6 &&
install -v -m644 FAQ README{,.linux} doc/README.* doc/*.{pod,txt} \
/usr/share/doc/wireshark-0.99.6 &&
pushd /usr/share/doc/wireshark-0.99.6 &&
for FILENAME in ../../wireshark/*.html; do \
ln -s -v $FILENAME .
done &&
popd &&
install -v -m644 -D wireshark.desktop \
/usr/share/applications/wireshark.desktop &&
install -v -m644 -D image/wsicon48.png \
/usr/share/pixmaps/wireshark.png &&
install -v -m755 -d /usr/share/pixmaps/wireshark &&
install -v -m644 image/*.{png,ico,xpm,bmp} \
/usr/share/pixmaps/wireshark
If you downloaded any of the documentation files from the page
listed in the 'Additional Downloads', install them by issuing the
following commands as the root
user:
install -v -m644 <Downloaded_Files>
/usr/share/doc/wireshark-0.99.6
Command Explanations
--enable-threads
: This
parameter enables the use of threads in wireshark.
--with-ssl
: This parameter is required
if you are linking Kerberos libraries into the build so that the
OpenSSL libcrypto
library is found.
Configuring Wireshark
Config Files
/etc/wireshark.conf
and
~/.wireshark/*
Configuration Information
Though the default configuration parameters are very sane,
reference the configuration section of the Wireshark User's
Guide for configuration information. Most of Wireshark's configuration can be
accomplished using the menu options of the wireshark graphical interface.
Note
If you want to look at packets, make sure you don't filter them
out with iptables-1.3.8. If you want to exclude
certain classes of packets, it is more efficient to do it with
iptables than it is with
Wireshark.
Contents
Installed Programs:
capinfos, dftest, dumpcap, editcap,
idl2wrs, mergecap, randpkt, text2pcap, tshark and
wireshark
Installed Libraries:
libwireshark.so, libwiretap.so and
numerous dissector plugin modules
Installed Directories:
/usr/lib/wireshark,
/usr/share/doc/wireshark-0.99.6, /usr/share/pixmaps/wireshark
and /usr/share/wireshark
Short Descriptions
capinfos
|
reads a saved capture file and returns any or all of
several statistics about that file. It is able to detect
and read any capture supported by the Wireshark package.
|
dftest
|
is a display-filter-compiler test program.
|
dumpcap
|
is a network traffic dump tool. It lets you capture
packet data from a live network and write the packets to
a file.
|
editcap
|
edits and/or translates the format of capture files. It
knows how to read libpcap capture files, including
those of tcpdump, Wireshark and other tools that write
captures in that format.
|
idl2wrs
|
takes a user specified CORBA IDL file and generates
“C” source code
that can be used to create an Wireshark plugin.
|
mergecap
|
combines multiple saved capture files into a single
output file.
|
randpkt
|
creates random-packet capture files.
|
text2pcap
|
reads in an ASCII hex dump and writes the data described
into a libpcap-style
capture file.
|
tshark
|
is a TTY-mode network protocol analyzer. It lets you
capture packet data from a live network or read packets
from a previously saved capture file.
|
wireshark
|
is a GUI network protocol analyzer. It lets you
interactively browse packet data from a live network or
from a previously saved capture file.
|
libwireshark.so
|
contains functions used by the Wireshark programs to perform
filtering and packet capturing.
|
libwiretap.so
|
is a library being developed as a future replacement for
libpcap , the current
standard Unix library for packet capturing. For more
information, see the README
file in the source wiretap
directory.
|
Last updated on 2008-05-10 18:53:20 -0500