Wireshark

From CBLFS
Revision as of 04:14, 17 February 2008 by 84.59.125.52 (talk) (Wireshark build instructions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
Download Source: http://prdownloads.sourceforge.net/wireshark/wireshark-{Wireshark-Version}.tar.bz2

Introduction to Wireshark

Wireshark (formerly named Ethereal) is a versatile network analyzer with an easy to use GUI. It recognizes hundreds of commen network protocols and provides valuable information when investigating network problems.

Project Homepage: http://www.wireshark.org/

Dependencies

Caution.png

Note

If libpcap is not available, Wireshark will not be able to capture any packets. However, you can still analyze packet dumps that were recorded an a different host.

Recommended

Optional

Configuration Information

--enable-static: build static libraries (shared libs are built by default)
--disable-gtk2: use Gtk1 in favor of Gtk2 for GUI
--with-lua: build Lua scripting plugin
--with-ssl: use OpenSSL crypto library
--enable-setuid-install: install tshark and dumpcap as setuid

Non-Multilib

Compile the package:

./configure --prefix=/usr --enable-threads &&
make

Install the package:

make install

Multilib

32Bit

Compile the package:

CC="gcc ${BUILD32}" USE_ARCH=32 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure --prefix=/usr \
   --sysconfdir=/etc --enable-threads &&
make

Install the package:

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" USE_ARCH=n32 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./configure --prefix=/usr --libdir=/usr/lib32 \
    --sysconfdir=/etc --enable-threads &&
make

Install the package:

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" USE_ARCH=64 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure --prefix=/usr --libdir=/usr/lib64 \
    --sysconfdir=/etc --enable-threads &&
make

Install the package:

make install

Contents

Installed Directories: /usr/lib{,32,64}/wireshark, /usr/share/wireshark
Installed Programs: capinfos, dftest, dumpcap, editcap, idl2wrs, mergecap, randpkt, text2pcap, tshark, wireshark
Installed Libraries: libwireshark.so, libwiretap.so

Short Descriptions

capinfos reads one or more capture files and returns statistics of each file
dftest ?
dumpcap capture packet data from a live network and write the packets to a file
editcap edit and/or translate the format of capture files
idl2wrs take a user specified CORBA IDL file and generate "C" source code for a Wireshark "plugin"
mergecap merges two or more capture files into one
randpkt create random packet-capture files
text2pcap generate a capture file from an ASCII hexdump of packets
tshark dump and analyze network traffic (console application)
wireshark interactively dump and analyze network traffic (Gtk application)