Introduction to Wireshark
The Wireshark package contains a
network protocol analyzer, also known as a “sniffer”. This is useful for analyzing data
captured “off the wire” from
a live network connection, or data read from a capture file.
Wireshark provides both a
graphical and a TTY-mode front-end for examining captured network
packets from over 500 protocols, as well as the capability to read
capture files from many other popular network analyzers.
This package is known to build and work properly using an LFS-7.6
systemd platform.
Package Information
Additional Downloads
From this page you can download many different docs in a variety of
formats.
Wireshark dependencies
Required
GLib-2.40.0 (to build the TTY-mode front-end
only)
Note that you need GTK+ or
Qt installed, otherwise, pass
--disable-wireshark
to the configure command.
Recommended
GTK+-3.12.2 (to build the GTK+3 GUI) and libpcap-1.6.2 (required to
capture data)
Optional
GnuTLS-3.3.7, libgcrypt-1.6.2, Lua-5.2.3, MIT Kerberos V5-1.12.2, OpenSSL-1.0.1i, adns, GeoIP, and
PortAudio
Optional (to build different GUI front-ends)
GTK+-2.24.24 and Qt-4.8.6 or Qt-5.3.1
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/wireshark
Installation of Wireshark
Optionally, fix the description of the program in the title. The
first change overwrites the default "SVN Unknown" in the title and
the second overwrites a utility script that resets the version to
"unknown".
cat > svnversion.h << "EOF"
#define SVNVERSION "BLFS"
#define SVNPATH "source"
EOF
cat > make-version.pl << "EOF"
#!/usr/bin/perl
EOF
Wireshark is a very large and
complex application. These instructions provide additional security
measures to ensure that only trusted users are allowed to view
network traffic. First, set up a system group for wireshark. As the
root
user:
groupadd -g 62 wireshark
If you want an unpriviledged user to execute wireshark, run the following command as the
root
user:
usermod -a -G wireshark <username>
If you have both GTK+2 and
GTK+3, and both Qt4 and Qt5
installed, the GTK+ GUI will be
linked against GTK+3 and
Qt GUI will be linked against
Qt5. The instructions below only
cover building of the GTK+3 GUI.
Additional modifications must be made to the commands below if
building a GUI front-end against different supported toolkits.
Examine "Command Explanations" section for information on necessary
modifications to the configure command.
If you want to build the Qt5 GUI
and have both Qt4 and Qt5 installed, issue:
export QT_SELECT=qt5
If you want to build the Qt4 GUI
and have both Qt4 and Qt5 installed, issue:
sed -i "s:Qt5 Qt:Qt:g" configure
Install Wireshark by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--with-gtk3 \
--without-qt &&
make
This package does not come with a test suite.
Now, as the root
user:
make install &&
install -v -dm755 /usr/share/doc/wireshark-1.12.1 &&
install -v -m644 README{,.linux} doc/README.* doc/*.{pod,txt} \
/usr/share/doc/wireshark-1.12.1 &&
pushd /usr/share/doc/wireshark-1.12.1 &&
for FILENAME in ../../wireshark/*.html; do
ln -sfv $FILENAME
done &&
popd &&
if [ -e /usr/bin/wireshark ]; then
install -v -Dm644 wireshark.desktop /usr/share/applications/wireshark.desktop
fi &&
if [ -e /usr/bin/wireshark-qt ]; then
install -v -Dm644 wireshark.desktop /usr/share/applications/wireshark-qt.desktop &&
sed -i "/Exec/s:wireshark:&-qt:g" /usr/share/applications/wireshark-qt.desktop
fi &&
for size in 16 24 32 48 64 128 256 ; do
install -v -Dm644 image/wsicon${size}.png \
/usr/share/icons/hicolor/${size}x${size}/apps/wireshark.png &&
install -v -Dm644 image/WiresharkDoc-${size}.png \
/usr/share/icons/hicolor/${size}x${size}/mimetypes/application-vnd.tcpdump.pcap.png
done &&
unset size &&
unset QT_SELECT
If you downloaded any of the documentation files from the page
listed in the 'Additional Downloads', install them by issuing the
following commands as the root
user:
install -v -m644 <Downloaded_Files>
/usr/share/doc/wireshark-1.12.1
Now, set ownership and permissions of sensitive applications to
only allow authorized users. As the root
user:
chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
chmod -v 6550 /usr/bin/{tshark,dumpcap}
Finally, add any users to the wireshark group (as root user):
usermod -a -G wireshark <username>