Difference between revisions of "Wireshark"
From CBLFS
Jump to navigationJump to search (Renamed the section for compliance with other pages) |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 28: | Line 28: | ||
== Configuration Information == | == Configuration Information == | ||
| + | |||
| + | {{Note|For a more complete support of IPv6, [[libpcap]] needs to be compiled with the option ''--enable-ipv6''.}} | ||
{| | {| | ||
| Line 161: | Line 163: | ||
|interactively dump and analyze network traffic (Gtk application) | |interactively dump and analyze network traffic (Gtk application) | ||
|} | |} | ||
| + | |||
| + | [[Category:Network Applications]] | ||
Latest revision as of 17:26, 19 March 2009
| Download Source: | http://prdownloads.sourceforge.net/wireshark/wireshark-0.99.7.tar.bz2 |
|---|
Contents
Introduction to Wireshark
Wireshark (formerly named Ethereal) is a versatile network analyzer with an easy to use GUI. It recognizes hundreds of commen network protocols and provides valuable information when investigating network problems.
Project Homepage: http://www.wireshark.org/
Dependencies
Note
If libpcap is not available, Wireshark will not be able to capture any packets. However, you can still analyze packet dumps that were recorded an a different host.
Recommended
Optional
Configuration Information
Note
For a more complete support of IPv6, libpcap needs to be compiled with the option --enable-ipv6.
| --enable-static: build static libraries (shared libs are built by default) |
| --disable-gtk2: use Gtk1 in favor of Gtk2 for GUI |
| --with-lua: build Lua scripting plugin |
| --with-ssl: use OpenSSL crypto library |
| --enable-setuid-install: install tshark and dumpcap as setuid |
Non-Multilib
Compile the package:
./configure --prefix=/usr --enable-threads && make
Install the package:
make install
Multilib
32Bit
Compile the package:
CC="gcc ${BUILD32}" USE_ARCH=32 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure --prefix=/usr \
--sysconfdir=/etc --enable-threads &&
make
Install the package:
make install
N32
Compile the package:
CC="gcc ${BUILDN32}" USE_ARCH=n32 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./configure --prefix=/usr --libdir=/usr/lib32 \
--sysconfdir=/etc --enable-threads &&
make
Install the package:
make install
64Bit
Compile the package:
CC="gcc ${BUILD64}" USE_ARCH=64 \
PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure --prefix=/usr --libdir=/usr/lib64 \
--sysconfdir=/etc --enable-threads &&
make
Install the package:
make install
Configuring
In order to start Wireshark from the application menu of your desktop environment, install the icons and the desktop file:
for n in 16 32 48 64; do
d=/usr/share/icons/hicolor/${n}x${n}/apps
mkdir -pv $d &&
install -v -o0 -g0 -m644 image/wsicon${n}.png $d/wireshark.png
done
d=/usr/share/icons/hicolor/scalable/apps
mkdir -pv $d &&
install -v -o0 -g0 -m644 image/wsicon.svg $d/wireshark.svg
install -v -o0 -g0 -m644 wireshark.desktop /usr/share/applications/
Contents
| Installed Directories: | /usr/lib{,32,64}/wireshark, /usr/share/wireshark |
|---|---|
| Installed Programs: | capinfos, dftest, dumpcap, editcap, idl2wrs, mergecap, randpkt, text2pcap, tshark, wireshark |
| Installed Libraries: | libwireshark.so, libwiretap.so |
Short Descriptions
| capinfos | reads one or more capture files and returns statistics of each file |
|---|---|
| dftest | ? |
| dumpcap | capture packet data from a live network and write the packets to a file |
| editcap | edit and/or translate the format of capture files |
| idl2wrs | take a user specified CORBA IDL file and generate "C" source code for a Wireshark "plugin" |
| mergecap | merges two or more capture files into one |
| randpkt | create random packet-capture files |
| text2pcap | generate a capture file from an ASCII hexdump of packets |
| tshark | dump and analyze network traffic (console application) |
| wireshark | interactively dump and analyze network traffic (Gtk application) |
