Wireshark-4.2.0

Wireshark の概要

The Wireshark package contains a network protocol analyzer, also known as a sniffer. This is useful for analyzing data captured off the wire from a live network connection, or data read from a capture file.

Wireshark provides both a graphical and a TTY-mode front-end for examining captured network packets from over 500 protocols, as well as the capability to read capture files from many other popular network analyzers.

[注記]

注記

LFS や依存パッケージが本ブックに示す最新安定バージョンでなかった場合には、BLFS 開発版においては、パッケージのビルドや処理実行が適切に行われないことがあります。

Package Information

  • ダウンロード (HTTP): https://www.wireshark.org/download/src/all-versions/wireshark-4.2.0.tar.xz

  • ダウンロード MD5 sum: 37658796acb4e7a04a84fa8c5393c9a1

  • ダウンロードサイズ: 43 MB

  • 必要ディスク容量: 911 MB (with all optional dependencies available in the BLFS book; 168 MB installed)

  • 概算ビルド時間: 2.9 SBU (with parallelism=4 and all optional dependencies available in the BLFS book)

追加のダウンロード

Wireshark の依存パッケージ

必須

CMake-3.28.1, c-ares-1.24.0, GLib-2.78.3, libgcrypt-1.10.3, and Qt-6.6.1

[注記]

注記

Qt-6.6.1 is not strictly required, since it can be replaced with Qt5. See Command explanations below.

推奨

Optional

asciidoctor-2.0.20, Brotli-1.1.0, Doxygen-1.9.8, git-2.43.0, GnuTLS-3.8.2, libnl-3.9.0, libxslt-1.1.39, libxml2-2.12.3, Lua-5.2.4, MIT Kerberos V5-1.21.2, nghttp2-1.58.0, (Qt-5.15.11 or qt-components-5.15.11 with qtmultimedia) (required if Qt-6.6.1 is not installed), SBC-2.0, Speex-1.2.1, BCG729, libilbc, libsmi, lz4, libssh, MaxMindDB, Minizip, Snappy, and Spandsp

カーネルの設定

The kernel must have the Packet protocol enabled for Wireshark to capture live packets from the network:

[*] Networking support --->                                                [NET]
  Networking options --->
    <*/M> Packet socket                                                 [PACKET]

If built as a module, the name is af_packet.ko.

Wireshark のインストール

Wireshark is a very large and complex application. These instructions provide additional security measures to ensure that only trusted users are allowed to view network traffic. First, set up a system group for wireshark. As the root user:

groupadd -g 62 wireshark

Continue to install Wireshark by running the following commands:

mkdir build &&
cd    build &&

cmake -DCMAKE_INSTALL_PREFIX=/usr \
      -DCMAKE_BUILD_TYPE=Release  \
      -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-4.2.0 \
      -G Ninja \
      .. &&
ninja

このパッケージにテストスイートはありません。

Now, as the root user:

ninja install &&

install -v -m755 -d /usr/share/doc/wireshark-4.2.0 &&
install -v -m644    ../README.linux ../doc/README.* ../doc/randpkt.txt \
                    /usr/share/doc/wireshark-4.2.0 &&

pushd /usr/share/doc/wireshark-4.2.0 &&
   for FILENAME in ../../wireshark/*.html; do
      ln -s -v -f $FILENAME .
   done &&
popd
unset FILENAME

If you downloaded any of the documentation files from the page listed in the 'Additional Downloads', install them by issuing the following commands as the root user:

install -v -m644 <Downloaded_Files> \
                 /usr/share/doc/wireshark-4.2.0

Now, set ownership and permissions of sensitive applications to only allow authorized users. As the root user:

chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
chmod -v 6550 /usr/bin/{tshark,dumpcap}

Finally, add any users to the wireshark group (as root user):

usermod -a -G wireshark <username>

If you are installing wireshark for the first time, it will be necessary to logout of your session and login again. This will put wireshark in your groups, because otherwise Wireshark will not function properly.

コマンド説明

-DUSE_qt6=OFF: Use this switch if Qt-6.6.1 is not available. You'll need Qt-5.15.11 or at least qt-components-5.15.11 with qtmultimedia in this case.

Wireshark の設定

設定ファイル

/etc/wireshark.conf and ~/.config/wireshark/* (unless there is already ~/.wireshark/* in the system)

設定情報

Though the default configuration parameters are very sane, reference the configuration section of the Wireshark User's Guide for configuration information. Most of Wireshark 's configuration can be accomplished using the menu options of the wireshark graphical interfaces.

[注記]

注記

If you want to look at packets, make sure you don't filter them out with iptables-1.8.10. If you want to exclude certain classes of packets, it is more efficient to do it with iptables than it is with Wireshark.

パッケージ構成

インストールプログラム: capinfos, captype, dumpcap, editcap, idl2wrs, mergecap, randpkt, rawshark, reordercap, sharkd, text2pcap, tshark, wireshark
インストールライブラリ: libwireshark.so, libwiretap.so, libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins
インストールディレクトリ: /usr/{lib,share}/wireshark, /usr/share/doc/wireshark-4.2.0

概略説明

capinfos

reads a saved capture file and returns any or all of several statistics about that file. It is able to detect and read any capture supported by the Wireshark package

captype

prints the file types of capture files

dumpcap

is a network traffic dump tool. It lets you capture packet data from a live network and write the packets to a file

editcap

edits and/or translates the format of capture files. It knows how to read libpcap capture files, including those of tcpdump, Wireshark and other tools that write captures in that format

idl2wrs

is a program that takes a user specified CORBA IDL file and generates C source code for a Wireshark plugin. It relies on two Python programs wireshark_be.py and wireshark_gen.py, which are not installed by default. They have to be copied manually from the tools directory to the $PYTHONPATH/site-packages/ directory

mergecap

combines multiple saved capture files into a single output file

randpkt

creates random-packet capture files

rawshark

dumps and analyzes raw libpcap data

reordercap

reorders timestamps of input file frames into an output file

sharkd

is a daemon that listens on UNIX sockets

text2pcap

reads in an ASCII hex dump and writes the data described into a libpcap-style capture file

tshark

is a TTY-mode network protocol analyzer. It lets you capture packet data from a live network or read packets from a previously saved capture file

wireshark

is the Qt GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file

libwireshark.so

contains functions used by the Wireshark programs to perform filtering and packet capturing

libwiretap.so

is a library being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. For more information, see the README file in the source wiretap directory