Difference between revisions of "Wireshark"
From CBLFS
Jump to navigationJump to search (Renamed the section for compliance with other pages) |
(added IPv6 hint for libpcap) |
||
Line 28: | Line 28: | ||
== Configuration Information == | == Configuration Information == | ||
+ | |||
+ | {{Note|For a more complete support of IPv6, [[libpcap]] needs to be compiled with the option ''--enable-ipv6''.}} | ||
{| | {| |
Revision as of 05:58, 17 February 2008
Download Source: | http://prdownloads.sourceforge.net/wireshark/wireshark-0.99.7.tar.bz2 |
---|
Contents
Introduction to Wireshark
Wireshark (formerly named Ethereal) is a versatile network analyzer with an easy to use GUI. It recognizes hundreds of commen network protocols and provides valuable information when investigating network problems.
Project Homepage: http://www.wireshark.org/
Dependencies
If libpcap is not available, Wireshark will not be able to capture any packets. However, you can still analyze packet dumps that were recorded an a different host.
Recommended
Optional
Configuration Information
For a more complete support of IPv6, libpcap needs to be compiled with the option --enable-ipv6.
--enable-static: build static libraries (shared libs are built by default) |
--disable-gtk2: use Gtk1 in favor of Gtk2 for GUI |
--with-lua: build Lua scripting plugin |
--with-ssl: use OpenSSL crypto library |
--enable-setuid-install: install tshark and dumpcap as setuid |
Non-Multilib
Compile the package:
./configure --prefix=/usr --enable-threads && make
Install the package:
make install
Multilib
32Bit
Compile the package:
CC="gcc ${BUILD32}" USE_ARCH=32 \ PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \ ./configure --prefix=/usr \ --sysconfdir=/etc --enable-threads && make
Install the package:
make install
N32
Compile the package:
CC="gcc ${BUILDN32}" USE_ARCH=n32 \ PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \ ./configure --prefix=/usr --libdir=/usr/lib32 \ --sysconfdir=/etc --enable-threads && make
Install the package:
make install
64Bit
Compile the package:
CC="gcc ${BUILD64}" USE_ARCH=64 \ PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \ ./configure --prefix=/usr --libdir=/usr/lib64 \ --sysconfdir=/etc --enable-threads && make
Install the package:
make install
Configuring
In order to start Wireshark from the application menu of your desktop environment, install the icons and the desktop file:
for n in 16 32 48 64; do d=/usr/share/icons/hicolor/${n}x${n}/apps mkdir -pv $d && install -v -o0 -g0 -m644 image/wsicon${n}.png $d/wireshark.png done d=/usr/share/icons/hicolor/scalable/apps mkdir -pv $d && install -v -o0 -g0 -m644 image/wsicon.svg $d/wireshark.svg install -v -o0 -g0 -m644 wireshark.desktop /usr/share/applications/
Contents
Installed Directories: | /usr/lib{,32,64}/wireshark, /usr/share/wireshark |
---|---|
Installed Programs: | capinfos, dftest, dumpcap, editcap, idl2wrs, mergecap, randpkt, text2pcap, tshark, wireshark |
Installed Libraries: | libwireshark.so, libwiretap.so |
Short Descriptions
capinfos | reads one or more capture files and returns statistics of each file |
---|---|
dftest | ? |
dumpcap | capture packet data from a live network and write the packets to a file |
editcap | edit and/or translate the format of capture files |
idl2wrs | take a user specified CORBA IDL file and generate "C" source code for a Wireshark "plugin" |
mergecap | merges two or more capture files into one |
randpkt | create random packet-capture files |
text2pcap | generate a capture file from an ASCII hexdump of packets |
tshark | dump and analyze network traffic (console application) |
wireshark | interactively dump and analyze network traffic (Gtk application) |