Wireshark

From CBLFS
Jump to navigationJump to search
Download Source: http://prdownloads.sourceforge.net/wireshark/wireshark-0.99.7.tar.bz2

Introduction to Wireshark

Wireshark (formerly named Ethereal) is a versatile network analyzer with an easy to use GUI. It recognizes hundreds of commen network protocols and provides valuable information when investigating network problems.

Project Homepage: http://www.wireshark.org/

Dependencies

Caution.png

Note

If libpcap is not available, Wireshark will not be able to capture any packets. However, you can still analyze packet dumps that were recorded an a different host.

Recommended

Optional

Configuration Information

Caution.png

Note

For a more complete support of IPv6, libpcap needs to be compiled with the option --enable-ipv6.
--enable-static: build static libraries (shared libs are built by default)
--disable-gtk2: use Gtk1 in favor of Gtk2 for GUI
--with-lua: build Lua scripting plugin
--with-ssl: use OpenSSL crypto library
--enable-setuid-install: install tshark and dumpcap as setuid

Non-Multilib

Compile the package:

./configure --prefix=/usr --enable-threads &&
make

Install the package:

make install

Multilib

32Bit

Compile the package:

CC="gcc ${BUILD32}" USE_ARCH=32 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure --prefix=/usr \
   --sysconfdir=/etc --enable-threads &&
make

Install the package:

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" USE_ARCH=n32 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./configure --prefix=/usr --libdir=/usr/lib32 \
    --sysconfdir=/etc --enable-threads &&
make

Install the package:

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" USE_ARCH=64 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure --prefix=/usr --libdir=/usr/lib64 \
    --sysconfdir=/etc --enable-threads &&
make

Install the package:

make install

Configuring

In order to start Wireshark from the application menu of your desktop environment, install the icons and the desktop file:

for n in 16 32 48 64; do
    d=/usr/share/icons/hicolor/${n}x${n}/apps
    mkdir -pv $d &&
    install -v -o0 -g0 -m644 image/wsicon${n}.png $d/wireshark.png
done

d=/usr/share/icons/hicolor/scalable/apps
mkdir -pv $d &&
install -v -o0 -g0 -m644 image/wsicon.svg $d/wireshark.svg

install -v -o0 -g0 -m644 wireshark.desktop /usr/share/applications/

Contents

Installed Directories: /usr/lib{,32,64}/wireshark, /usr/share/wireshark
Installed Programs: capinfos, dftest, dumpcap, editcap, idl2wrs, mergecap, randpkt, text2pcap, tshark, wireshark
Installed Libraries: libwireshark.so, libwiretap.so

Short Descriptions

capinfos reads one or more capture files and returns statistics of each file
dftest ?
dumpcap capture packet data from a live network and write the packets to a file
editcap edit and/or translate the format of capture files
idl2wrs take a user specified CORBA IDL file and generate "C" source code for a Wireshark "plugin"
mergecap merges two or more capture files into one
randpkt create random packet-capture files
text2pcap generate a capture file from an ASCII hexdump of packets
tshark dump and analyze network traffic (console application)
wireshark interactively dump and analyze network traffic (Gtk application)