Wireshark-4.2.0
Wireshark の概要
The Wireshark package contains a
network protocol analyzer, also known as a 「sniffer」. This is useful
for analyzing data captured 「off the wire」 from a live network connection,
or data read from a capture file.
Wireshark provides both a
graphical and a TTY-mode front-end for examining captured network
packets from over 500 protocols, as well as the capability to read
capture files from many other popular network analyzers.
![[注記]](../images/note.png)
注記
LFS や依存パッケージが本ブックに示す最新安定バージョンでなかった場合には、BLFS
開発版においては、パッケージのビルドや処理実行が適切に行われないことがあります。
Package Information
追加のダウンロード
Wireshark の依存パッケージ
必須
CMake-3.28.1, c-ares-1.24.0, GLib-2.78.3,
libgcrypt-1.10.3, and Qt-6.6.1
注記
Qt-6.6.1 is not strictly required, since it can be
replaced with Qt5. See
「Command
explanations」 below.
推奨
libpcap-1.10.4 (required to capture data)
Optional
asciidoctor-2.0.20, Brotli-1.1.0,
Doxygen-1.9.8, git-2.43.0, GnuTLS-3.8.2, libnl-3.9.0, libxslt-1.1.39, libxml2-2.12.3, Lua-5.2.4, MIT Kerberos V5-1.21.2, nghttp2-1.58.0, (Qt-5.15.11 or qt-components-5.15.11 with
qtmultimedia) (required if Qt-6.6.1 is not installed), SBC-2.0,
Speex-1.2.1, BCG729,
libilbc, libsmi,
lz4,
libssh,
MaxMindDB, Minizip,
Snappy, and Spandsp
カーネルの設定
The kernel must have the Packet protocol enabled for Wireshark to capture live packets from the
network:
[*] Networking support ---> [NET]
Networking options --->
<*/M> Packet socket [PACKET]
If built as a module, the name is af_packet.ko.
Wireshark のインストール
Wireshark is a very large and
complex application. These instructions provide additional security
measures to ensure that only trusted users are allowed to view
network traffic. First, set up a system group for wireshark. As the
root user:
groupadd -g 62 wireshark
Continue to install Wireshark by
running the following commands:
mkdir build &&
cd build &&
cmake -DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-4.2.0 \
-G Ninja \
.. &&
ninja
このパッケージにテストスイートはありません。
Now, as the root user:
ninja install &&
install -v -m755 -d /usr/share/doc/wireshark-4.2.0 &&
install -v -m644 ../README.linux ../doc/README.* ../doc/randpkt.txt \
/usr/share/doc/wireshark-4.2.0 &&
pushd /usr/share/doc/wireshark-4.2.0 &&
for FILENAME in ../../wireshark/*.html; do
ln -s -v -f $FILENAME .
done &&
popd
unset FILENAME
If you downloaded any of the documentation files from the page
listed in the 'Additional Downloads', install them by issuing the
following commands as the root
user:
install -v -m644 <Downloaded_Files> \
/usr/share/doc/wireshark-4.2.0
Now, set ownership and permissions of sensitive applications to
only allow authorized users. As the root user:
chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
chmod -v 6550 /usr/bin/{tshark,dumpcap}
Finally, add any users to the wireshark group (as root user):
usermod -a -G wireshark <username>
If you are installing wireshark for the first time, it will be
necessary to logout of your session and login again. This will put
wireshark in your groups, because otherwise Wireshark will not
function properly.
Wireshark の設定
設定ファイル
/etc/wireshark.conf and
~/.config/wireshark/* (unless there
is already ~/.wireshark/* in the
system)
設定情報
Though the default configuration parameters are very sane,
reference the configuration section of the Wireshark User's
Guide for configuration information. Most of Wireshark 's configuration can be
accomplished using the menu options of the wireshark graphical interfaces.
注記
If you want to look at packets, make sure you don't filter them
out with iptables-1.8.10. If you want to exclude
certain classes of packets, it is more efficient to do it with
iptables than it is with
Wireshark.
パッケージ構成
インストールプログラム: capinfos, captype, dumpcap, editcap, idl2wrs,
mergecap, randpkt, rawshark, reordercap, sharkd, text2pcap,
tshark, wireshark
インストールライブラリ: libwireshark.so, libwiretap.so, libwsutil.so, and
numerous modules under /usr/lib/wireshark/plugins
インストールディレクトリ: /usr/{lib,share}/wireshark,
/usr/share/doc/wireshark-4.2.0
概略説明
|
capinfos
|
reads a saved capture file and returns any or all of
several statistics about that file. It is able to detect
and read any capture supported by the Wireshark package
|
|
captype
|
prints the file types of capture files
|
|
dumpcap
|
is a network traffic dump tool. It lets you capture
packet data from a live network and write the packets to
a file
|
|
editcap
|
edits and/or translates the format of capture files. It
knows how to read libpcap capture files, including
those of tcpdump, Wireshark and other tools that write
captures in that format
|
|
idl2wrs
|
is a program that takes a user specified CORBA IDL file
and generates 「C」 source code for a Wireshark 「plugin」. It
relies on two Python programs wireshark_be.py and
wireshark_gen.py, which
are not installed by default. They have to be copied
manually from the tools
directory to the $PYTHONPATH/site-packages/ directory
|
|
mergecap
|
combines multiple saved capture files into a single
output file
|
|
randpkt
|
creates random-packet capture files
|
|
rawshark
|
dumps and analyzes raw libpcap data
|
|
reordercap
|
reorders timestamps of input file frames into an output
file
|
|
sharkd
|
is a daemon that listens on UNIX sockets
|
|
text2pcap
|
reads in an ASCII hex dump and writes the data described
into a libpcap-style
capture file
|
|
tshark
|
is a TTY-mode network protocol analyzer. It lets you
capture packet data from a live network or read packets
from a previously saved capture file
|
|
wireshark
|
is the Qt GUI network protocol analyzer. It lets you
interactively browse packet data from a live network or
from a previously saved capture file
|
|
libwireshark.so
|
contains functions used by the Wireshark programs to perform
filtering and packet capturing
|
|
libwiretap.so
|
is a library being developed as a future replacement for
libpcap, the current
standard Unix library for packet capturing. For more
information, see the README
file in the source wiretap
directory
|