16. Networking Utilities

This chapter contains some tools that come in handy when the network needs investigating.

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/basicnetworkingutilities

16.1 Avahi-0.8

Introduction to Avahi

The Avahi package is a system which facilitates service discovery on a local network.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Additional Downloads

Avahi Dependencies

Required

GLib-2.74.5

gobject-introspection-1.74.0, GTK+-2.24.33, GTK+-3.24.36, libdaemon-0.14, libglade-2.6.4, and Qt-5.15.8

Optional

D-Bus Python-1.3.2, libevent-2.1.12, PyGTK-2.24.0, Doxygen-1.9.6 and xmltoman (for generating documentation)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/avahi

Installation of Avahi

There should be a dedicated user and group to take control of the avahi-daemon daemon after it is started. Issue the following commands as the root user:

groupadd -fg 84 avahi &&
useradd -c "Avahi Daemon Owner" -d /run/avahi-daemon -u 84 \
        -g avahi -s /bin/false avahi

There should also be a dedicated privileged access group for Avahi clients. Issue the following command as the root user:

groupadd -fg 86 netdev

Fix a regression that results in a race condition when IPv6 is in use and multiple network adapters are present on the system:

patch -Np1 -i ../avahi-0.8-ipv6_race_condition_fix-1.patch

Fix a security vulnerability in avahi-daemon:

sed -i '426a if (events & AVAHI_WATCH_HUP) { \
client_free(c); \
return; \
}' avahi-daemon/simple-protocol.c

Install Avahi by running the following commands:

./configure \
    --prefix=/usr        \
    --sysconfdir=/etc    \
    --localstatedir=/var \
    --disable-static     \
    --disable-libevent   \
    --disable-mono       \
    --disable-monodoc    \
    --disable-python     \
    --disable-qt3        \
    --disable-qt4        \
    --enable-core-docs   \
    --with-distro=none   \
    --with-dbus-system-address='unix:path=/run/dbus/system_bus_socket' &&
make

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

--disable-static: This switch prevents installation of static versions of the libraries.

--disable-libevent: This parameter disables the use of libevent-2.1.12. Remove if you have it installed.

--disable-mono: This parameter disables the Mono bindings.

--disable-monodoc: This parameter disables documentation for the Mono bindings.

--disable-python: This parameter disables the scripts that depend on Python. It also allows a regular install to complete successfully.

--disable-qt3: This parameter disables the attempt to build the obsolete Qt3 portions of the package.

--disable-qt4: This parameter disables the attempt to build the obsolete Qt4Core portions of the package.

--enable-core-docs: This parameter enables the building of documentation.

--with-distro=none: There is an obsolete boot script in the distribution for LFS. This option disables it.

--with-dbus-system-address=...: This option prevents the package from referring to the deprecated /var/run directory.

--disable-dbus: This parameter disables the use of D-Bus.

--disable-gtk: This parameter disables the use of GTK+2.

--disable-gtk3: This parameter disables the use of GTK+3.

--disable-qt5: This parameter disables the use of Qt5, and allows building without it.

--disable-libdaemon: This parameter disables the use of libdaemon. If you use this option, avahi-daemon won’t be built.

--enable-tests: This option enables the building of tests and examples.

--enable-compat-howl: This option enables the compatibility layer for HOWL.

--enable-compat-libdns_sd: This option enables the compatibility layer for libdns_sd.

Configuring avahi

Boot Script

To start the avahi-daemon daemon at boot, enable the previously installed systemd unit by running the following command as the root user:

systemctl enable avahi-daemon

To start the avahi-dnsconfd daemon at boot, enable the previously installed systemd unit by running the following command as the root user:

systemctl enable avahi-dnsconfd

Contents

Installed Programs: avahi-autoipd, avahi-browse, avahi-browse-domains, avahi-daemon, avahi-discover-standalone, avahi-dnsconfd, avahi-publish, avahi-publish-address, avahi-publish-service, avahi-resolve, avahi-resolve-address, avahi-resolve-host-name, avahi-set-host-name, bshell, bssh, and bvnc

Installed Libraries: libavahi-client.so, libavahi-common.so, libavahi-core.so, libavahi-glib.so, libavahi-gobject.so, libavahi-libevent.so libavahi-ui-gtk3.so, libavahi-qt5, libavahi-ui.so, libdns_sd.so, and libhowl.so,

Installed Directories: /etc/avahi/services, /usr/include/{avahi-client,avahi-common, avahi-compat-howl, avahi-compat-libdns_sd, avahi-core, avahi-glib, avahi-gobject, avahi-libevent, avahi-qt5, avahi-ui}, /usr/lib/avahi, /usr/share/avahi

Short Descriptions

avahi-autoipd is a IPv4LL network address configuration daemon.

avahi-browse browses for mDNS/DNS-SD services using the Avahi daemon.

avahi-browse-domains browses for mDNS/DNS-SD services using the Avahi daemon.

avahi-daemon is the Avahi mDNS/DNS-SD daemon.

avahi-discover-standalone browses for mDNS/DNS-SD services using the Avahi daemon.

avahi-dnsconfd is a Unicast DNS server from mDNS/DNS-SD configuration daemon.

avahi-publish registers a mDNS/DNS-SD service or host name or address mapping using the Avahi daemon.

avahi-publish-address registers a mDNS/DNS-SD service or host name or address mapping using the Avahi daemon.

avahi-publish-service registers a mDNS/DNS-SD service or host name or address mapping using the Avahi daemon.

avahi-resolve resolves one or more mDNS/DNS host name(s) to IP address(es) (and vice versa) using the Avahi daemon.

avahi-resolve-address resolves one or more mDNS/DNS host name(s) to IP address(es) (and vice versa) using the Avahi daemon.

avahi-resolve-host-name resolves one or more mDNS/DNS host name(s) to IP address(es) (and vice versa) using the Avahi daemon.

avahi-set-host-name changes the mDNS host name.

bssh browses for SSH servers on the local network.

bvnc browses for VNC servers on the local network.

16.2 BIND Utilities-9.18.12

Introduction to BIND Utilities

BIND Utilities is not a separate package, it is a collection of the client side programs that are included with BIND-9.18.12. The BIND package includes the client side programs nslookup, dig and host. If you install BIND server, these programs will be installed automatically. This section is for those users who don’t need the complete BIND server, but need these client side applications.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

BIND Utilities Dependencies

Required

libuv-1.44.2

JSON-C-0.16 and nghttp2-1.52.0

Optional

libcap-2.67 with PAM, libxml2-2.10.3, and sphinx-6.1.3

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/bind-utils

Installation of BIND Utilities

Install BIND Utilities by running the following commands:

./configure --prefix=/usr &&
make -C lib/isc    &&
make -C lib/dns    &&
make -C lib/ns     &&
make -C lib/isccfg &&
make -C lib/bind9  &&
make -C lib/irs    &&
make -C bin/dig    &&
make -C doc

This portion of the package does not come with a test suite.

Now, as the root user:

make -C lib/isc    install &&
make -C lib/dns    install &&
make -C lib/ns     install &&
make -C lib/isccfg install &&
make -C lib/bind9  install &&
make -C lib/irs    install &&
make -C bin/dig    install &&
cp -v doc/man/{dig.1,host.1,nslookup.1} /usr/share/man/man1

Command Explanations

--disable-doh: Use this option if you have not installed nghttp2-1.52.0 and you don’t need DNS over HTTPS support.

make -C lib/…: These commands build the libraries that are needed for the client programs.

make -C bin/dig: This command builds the client programs.

make -C doc: This command builds the manual pages if the optional Python module sphinx-6.1.3 is installed.

Use cp -v doc/man/{dig.1,host.1,nslookup.1} /usr/share/man/man1 to install the the manual pages if they have been built.

Contents

Installed Programs: dig, host, and nslookup

Installed Libraries: None

Installed Directories: None

Short Descriptions

See the program descriptions in the BIND-9.18.12 section.

16.3 NetworkManager-1.42.0

Introduction to NetworkManager

NetworkManager is a set of co-operative tools that make networking simple and straightforward. Whether you use WiFi, wired, 3G, or Bluetooth, NetworkManager allows you to quickly move from one network to another: Once a network has been configured and joined once, it can be detected and re-joined automatically the next time it’s available.

This package is known to build and work properly using an LFS 11.3 platform.

Note

Make sure that you disable the systemd-networkd service or configure it not to manage the interfaces you want to manage with NetworkManager.

Package Information

NetworkManager Dependencies

Required

jansson-2.14 and libndp-1.8

cURL-7.88.1, DHCP-4.4.3-P1 (client only), gobject-introspection-1.74.0, iptables-1.8.9, newt-0.52.23 (for nmtui), nss-3.88.1, Polkit-122, PyGObject-3.42.2, Systemd-252, UPower-1.90.0, Vala-0.56.4, and wpa_supplicant-2.10 (runtime, built with D-Bus support)

Optional

BlueZ-5.66, D-Bus Python-1.3.2 (for the test suite), GnuTLS-3.8.0 (used if nss-3.88.1 is not found), GTK-Doc-1.33.2, libpsl-0.21.2, Qt-5.15.8 (for examples), ModemManager-1.18.12, Valgrind-3.20.0, dnsmasq, firewalld, libaudit, libteam, mobile-broadband-provider-info, PPP, and RP-PPPoE

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/NetworkManager

Kernel Configuration

If you wish to run the tests, check that at least the following options are enabled in the kernel configuration. Those options have been determined to be necessary, but may not be sufficient. Recompile the kernel if necessary:

[*] Networking support--->                                [CONFIG_NET]
        Networking options--->
        [*] TCP/IP networking                               [CONFIG_INET]
        <*/M>   IP: tunelling                               [CONFIG_NET_IPIP]
        <*/M>   IP: GRE demultiplexer                       [CONFIG_NET_IPGRE_DEMUX]
        <*/M>   IP: GRE tunnels over IP                     [CONFIG_NET_IPGRE]
        <*>   The IPv6 protocol --->                        [CONFIG_IPV6]
            <*/M> IPv6: IPv6-in-IPv4 tunnel (SIT driver)      [CONFIG_IPV6_SIT]
            <*/M> IPv6: GRE tunnel                            [CONFIG_IPV6_GRE]
            [*] IPv6: Multiple Routing Tables                 [CONFIG_IPV6_MULTIPLE_TABLES]
        [*]   MPTCP:   Multipath TCP                        [CONFIG_MPTCP]
        [*]     MPTCP: IPv6 support for Multipath TCP       [CONFIG_MPTCP_IPV6]
        <*/M> 802.1Q/802.1ad VLAN Support                   [CONFIG_VLAN_8021Q]
        [*] QoS and/or fair queueing  --->                  [CONFIG_NET_SCHED]
            <*/M> Stochastic Fairness Queueing (SFQ)          [CONFIG_NET_SCH_SFQ]
            <*/M> Token Bucket Filter (TBF)                   [CONFIG_NET_SCH_TBF]
            <*/M> Fair Queue Controlled Delay AQM (FQ_CODEL)  [CONFIG_NET_SCH_FQ_CODEL]
            <*/M> Ingress/classifier-action Qdisc             [CONFIG_NET_SCH_INGRESS]
    Device Drivers --->
    [*] Network device support --->                       [CONFIG_NETDEVICES]
        [*] Network core driver support                     [CONFIG_NET_CORE]
        <*>   Bonding driver support                        [CONFIG_BONDING]
        <*>   Dummy net driver support                      [CONFIG_DUMMY]
        <*>   Ethernet team driver support --->             [CONFIG_NET_TEAM]
        <*>   MAC-VLAN support                              [CONFIG_MACVLAN]
        <*>     MAC-VLAN based tap driver                   [CONFIG_MACVTAP]
        <*>   IP-VLAN support                               [CONFIG_IPVLAN]
        <*>   Virtual eXtensible Local Area Network (VXLAN) [CONFIG_VXLAN]
        <*>   Virtual ethernet pair device                  [CONFIG_VETH]
        <*>   Virtual Routing and Forwarding (Lite)         [CONFIG_VRF]

Installation of NetworkManager

If Qt-5.15.8 is installed and the Qt based examples are desired, fix two meson.build files:

sed -e 's/-qt4/-qt5/'              \
    -e 's/moc_location/host_bins/' \
    -i examples/C/qt/meson.build   &&

sed -e 's/Qt/&5/'                  \
    -i meson.build

Fix the python scripts so that they use Python 3:

grep -rl '^#!.*python$' | xargs sed -i '1s/python/&3/'

Install NetworkManager by running the following commands:

mkdir build &&
cd    build    &&

CXXFLAGS+="-O2 -fPIC"            \
meson setup                      \
      --prefix=/usr              \
      --buildtype=release        \
      -Dlibaudit=no              \
      -Dlibpsl=false             \
      -Dnmtui=true               \
      -Dovs=false                \
      -Dppp=false                \
      -Dselinux=false            \
      -Dqt=false                 \
      -Dsession_tracking=systemd \
      -Dmodem_manager=false      \
      .. &&
ninja

An already active graphical session with a bus address is necessary to run the tests. To test the results, issue ninja test.

A few tests may fail, depending on enabled kernel options.

Now, as the root user:

ninja install &&
mv -v /usr/share/doc/NetworkManager{,-1.42.0}

If you have not passed the -Ddocs=true option to meson, you can install the pregenerated manual pages with (as the root user):

for file in $(echo ../man/*.[1578]); do
    section=${file##*.} &&
    install -vdm 755 /usr/share/man/man$section
    install -vm 644 $file /usr/share/man/man$section/
done

Still in case you have not used -Ddocs=true, the pregenerated HTML documentation can also be installed with (as the root user):

cp -Rv ../docs/{api,libnm} /usr/share/doc/NetworkManager-1.42.0

Command Explanations

CXXFLAGS="-O2 -fPIC": These compiler options are necessary to build the Qt5 based examples.

--buildtype=release: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.

-Ddocs=true: Use this switch to enable building man pages and documentation if GTK-Doc-1.33.2 is installed.

-Dnmtui=true: This parameter enables building nmtui.

-Dlibpsl=false and -Dovs=false: These switches disable building with the respective libraries. Remove if you have the needed libraries installed.

-Dmodem_manager=false: This switch is required if ModemManager is not installed. Omit if you have built ModemManager and mobile-broadband-provider-info.

-Dsession_tracking=systemd: This switch is used to set systemd-logind as the default program for session tracking.

-Dsystemdsystemunitdir=/lib/systemd/system: This switch is used to set the correct installation directory for systemd units.

-Dppp=false: This parameter disables PPP support in NetworkManager.

-Dlibaudit=no and -Dselinux=false: libaudit and SELinux are not used in BLFS.

-Dqt=false: disables the QT examples. Omit if you have QT available and wish to install the examples.

Configuring NetworkManager

Config Files

/etc/NetworkManager/NetworkManager.conf

Configuration Information

For NetworkManager to work, at least a minimal configuration file must be present. Such a file is not installed with make install. Issue the following command as the root user to create a minimal NetworkManager.conf file:

cat >> /etc/NetworkManager/NetworkManager.conf << "EOF"
[main]
plugins=keyfile
EOF

This file should not be modified directly by users of the system. Instead, system specific changes should be made using configuration files in the /etc/NetworkManager/conf.d directory.

To allow polkit to manage authorizations, add the following configuration file:

cat > /etc/NetworkManager/conf.d/polkit.conf << "EOF"
[main]
auth-polkit=true
EOF

To use something other than the built-in dhcp client (recommended if using only nmcli), use the following configuration (valid values include either dhclient or internal):

cat > /etc/NetworkManager/conf.d/dhcp.conf << "EOF"
[main]
dhcp=dhclient
EOF

To prevent NetworkManager from updating the /etc/resolv.conf file, add the following configuration file:

cat > /etc/NetworkManager/conf.d/no-dns-update.conf << "EOF"
[main]
dns=none
EOF

For additional configuration options, see man 5 NetworkManager.conf.

To allow regular users to configure network connections, you should add them to the netdev group, and create a polkit rule that grants access. Run the following commands as the root user:

groupadd -fg 86 netdev &&
/usr/sbin/usermod -a -G netdev <username>

cat > /usr/share/polkit-1/rules.d/org.freedesktop.NetworkManager.rules << "EOF"
polkit.addRule(function(action, subject) {
    if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && subject.isInGroup("netdev")) {
        return polkit.Result.YES;
    }
});
EOF

Systemd Unit

To start the NetworkManager daemon at boot, enable the previously installed systemd unit by running the following command as the root user:

Note

If using Network Manager to manage an interface, any previous configuration for that interface should be removed, and the interface brought down prior to starting Network Manager.

systemctl enable NetworkManager

Starting in version 1.11.2 of NetworkManager, a systemd unit named NetworkManager-wait-online.service is enabled, which is used to prevent services that require network connectivity from starting until NetworkManager establishes a connection. To disable this behavior, run the following command as the root user:

systemctl disable NetworkManager-wait-online

Contents

Installed Programs: NetworkManager, nmcli, nm-online, nmtui, and, symlinked to nmtui: nmtui-connect, nmtui-edit, and nmtui-hostname

Installed Libraries: libnm.so and several modules under /usr/lib/NetworkManager

Installed Directories: /etc/NetworkManager, /usr/include/libnm, /usr/lib/NetworkManager, /usr/share/doc/NetworkManager-1.42.0, /usr/share/gtk-doc/html/{libnm,NetworkManager} (if the documentation is built), and /var/lib/NetworkManager

Short Descriptions

nmcli is a command-line tool for controlling NetworkManager and getting its status.

nm-online is an utility to determine whether you are online.

nmtui is an interactive ncurses-based user interface for nmcli.

nmtui-connect is an interactive ncurses-based user interface to activate/deactivate connections.

nmtui-edit is an interactive ncurses-based user interface to edit connections.

nmtui-hostname is an interactive ncurses-based user interface to edit the hostname.

NetworkManager is the network management daemon.

libnm.so contains functions used by NetworkManager.

16.4 network-manager-applet-1.30.0

Introduction to NetworkManager Applet

The NetworkManager Applet provides a tool and a panel applet used to configure wired and wireless network connections through GUI. It’s designed for use with any desktop environment that uses GTK+, such as Xfce and LXDE.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

NetworkManager Applet Dependencies

Required

GTK+-3.24.36, libnma-1.10.6, and libsecret-0.20.5

gobject-introspection-1.74.0 and ModemManager-1.18.12

Required (Runtime)

Since this package uses Polkit-122 for authorization, one Polkit Authentication Agent should be running when the functionality of this package is used.

Optional

gnome-bluetooth-42.5 and libindicator

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/network-manager-applet

Installation of NetworkManager Applet

Install NetworkManager Applet by running the following commands:

mkdir build &&
cd    build &&

meson --prefix=/usr       \
      --buildtype=release \
      -Dappindicator=no   \
      -Dselinux=false     &&
ninja

To test the results, issue: ninja test.

Now, as the root user:

ninja install

Command Explanations

-Dappindicator=no: This switch disables AppIndicator support in network-manager-applet because it requires libindicator, which is not in BLFS. The build will fail without this option.

-Dselinux=false: This switch forcibly disables SELinux support since it is not currently in BLFS and the build will fail without it.

-Dwwan=false: This switch disables WWAN support. Use this if you do not have ModemManager-1.18.12 installed.

Contents

Installed Programs: nm-applet and nm-connection-editor

Installed Libraries: None

Installed Directories: None

Short Descriptions

nm-connection-editor allows users to view and edit network connection settings.

16.5 Nmap-7.93

Introduction to Nmap

Nmap is a utility for network exploration and security auditing. It supports ping scanning, port scanning and TCP/IP fingerprinting.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Nmap Dependencies

Note

These packages are recommended because if they’re not installed, the build process will compile and link against its own (often older) version.

libpcap-1.10.3, Lua-5.4.4, PCRE-8.45, and liblinear-245

Optional

PyGTK-2.24.0 (required for zenmap), Python-2.7.18 (required for ndiff), and libssh2-1.10.0

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/nmap

Installation of Nmap

Install Nmap by running the following commands:

./configure --prefix=/usr &&
make

To test the results, issue: make check as the root user. Tests need a graphical session.

Now, as the root user:

make install

Contents

Installed Programs: ncat, ndiff, nmap, nping, uninstall_ndiff, uninstall_zenmap, zenmap, and 2 symlinks to zenmap: nmapfe and xnmap

Installed Libraries: None

Installed Directories: /usr/lib/python2.7/site-packages/{radialnet,zenmapCore,zenmapGUI}, and /usr/share/{ncat,nmap,zenmap}

Short Descriptions

ncat is a utility for reading and writing data across networks from the command line.

ndiff is a tool to aid in the comparison of Nmap scans.

nmap is a utility for network exploration and security auditing. It supports ping scanning, port scanning and TCP/IP fingerprinting.

nping is an open-source tool for network packet generation, response analysis and response time measurement.

uninstall_ndiff is a Python script to uninstall ndiff.

uninstall_zenmap is a Python script to uninstall zenmap.

zenmap is a Python based graphical nmap frontend viewer.

16.6 Traceroute-2.1.2

Introduction to Traceroute

The Traceroute package contains a program which is used to display the network route that packets take to reach a specified host. This is a standard network troubleshooting tool. If you find yourself unable to connect to another system, traceroute can help pinpoint the problem.

Note

This package overwrites the version of traceroute that was installed in the inetutils package in LFS. This version is more powerful and allows many more options than the standard version.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/traceroute

Installation of Traceroute

Install Traceroute by running the following commands:

make

This package does not come with a test suite.

Now, as the root user:

make prefix=/usr install                                 &&
ln -sv -f traceroute /usr/bin/traceroute6                &&
ln -sv -f traceroute.8 /usr/share/man/man8/traceroute6.8 &&
rm -fv /usr/share/man/man1/traceroute.1

The traceroute.1 file that was installed in LFS by inetutils is no longer relevant. This package overwrites that version of traceroute and installs the man page in man chapter 8.

Contents

Installed Program: traceroute and traceroute6 (symlink)

Installed Libraries: None

Installed Directories: None

Short Descriptions

traceroute does basically what it says: it traces the route your packets take from the host you are working on to another host on a network, showing all the intermediate hops (gateways) along the way

traceroute6 is equivalent to traceroute -6.

16.7 Whois-5.4.3

Introduction to Whois

Whois is a client-side application which queries the whois directory service for information pertaining to a particular domain name. This package will install two programs by default: whois and mkpasswd. The mkpasswd command is also installed by the expect package in LFS.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Whois Dependencies

Optional

libidn-1.41 or libidn2-2.3.4

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/whois

Installation of Whois

Build the application with:

make

You can install the whois program, the mkpasswd program, and the locale files independently. Control your choice of what is installed with the following commands issued as the root user:

Note

Installing this version of mkpasswd will overwrite the same command installed in LFS.

make prefix=/usr install-whois
make prefix=/usr install-mkpasswd
make prefix=/usr install-pos

Contents

Installed Programs: whois and mkpasswd

Installed Libraries: None

Installed Directories: None

Short Descriptions

whois is a client-side application which queries the whois directory service for information pertaining to a particular domain name.

mkpasswd generates a new password, and optionally applies it to a user.

16.8 Wireshark-4.0.3

Introduction to Wireshark

The Wireshark package contains a network protocol analyzer, also known as a “sniffer”. This is useful for analyzing data captured “off the wire” from a live network connection, or data read from a capture file.

Wireshark provides both a graphical and a TTY-mode front-end for examining captured network packets from over 500 protocols, as well as the capability to read capture files from many other popular network analyzers.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Additional Downloads

Wireshark dependencies

Required

CMake-3.25.2, GLib-2.74.5, libgcrypt-1.10.1, and Qt-5.15.8

libpcap-1.10.3 (required to capture data)

Optional

asciidoctor-2.0.18, Brotli-1.0.9, c-ares-1.19.0, Doxygen-1.9.6, git-2.39.2, GnuTLS-3.8.0, libnl-3.7.0, libxslt-1.1.37, libxml2-2.10.3, Lua-5.2.4, MIT Kerberos V5-1.20.1, nghttp2-1.52.0, SBC-2.0, Speex-1.2.1, BCG729, libilbc, libsmi, lz4, libssh, MaxMindDB, Minizip, Snappy, and Spandsp

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/wireshark

Kernel Configuration

The kernel must have the Packet protocol enabled for Wireshark to capture live packets from the network:

[*] Networking support --->          [CONFIG_NET]
    Networking options --->
        <*/M> Packet socket          [CONFIG_PACKET]

If built as a module, the name is af_packet.ko.

Installation of Wireshark

Wireshark is a very large and complex application. These instructions provide additional security measures to ensure that only trusted users are allowed to view network traffic. First, set up a system group for wireshark. As the root user:

groupadd -g 62 wireshark

Continue to install Wireshark by running the following commands:

mkdir build &&
cd    build &&

cmake -DCMAKE_INSTALL_PREFIX=/usr \
      -DCMAKE_BUILD_TYPE=Release  \
      -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/wireshark-4.0.3 \
      -G Ninja \
      .. &&
ninja

This package does not come with a test suite.

Now, as the root user:

ninja install &&

install -v -m755 -d /usr/share/doc/wireshark-4.0.3 &&
install -v -m644    ../README.linux ../doc/README.* ../doc/randpkt.txt \
                    /usr/share/doc/wireshark-4.0.3 &&

pushd /usr/share/doc/wireshark-4.0.3 &&
   for FILENAME in ../../wireshark/*.html; do
      ln -s -v -f $FILENAME .
   done &&
popd
unset FILENAME

If you downloaded any of the documentation files from the page listed in the ‘Additional Downloads’, install them by issuing the following commands as the root user:

install -v -m644 <Downloaded_Files> \
                 /usr/share/doc/wireshark-4.0.3

Now, set ownership and permissions of sensitive applications to only allow authorized users. As the root user:

chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
chmod -v 6550 /usr/bin/{tshark,dumpcap}

Finally, add any users to the wireshark group (as root user):

usermod -a -G wireshark <username>

If you are installing wireshark for the first time, it will be necessary to logout of your session and login again. This will put wireshark in your groups, because otherwise Wireshark will not function properly.

Configuring Wireshark

Config Files

/etc/wireshark.conf and ~/.config/wireshark/* (unless there is already ~/.wireshark/* in the system)

Configuration Information

Though the default configuration parameters are very sane, reference the configuration section of the Wireshark User’s Guide for configuration information. Most of Wireshark ‘s configuration can be accomplished using the menu options of the wireshark graphical interfaces.

Note

If you want to look at packets, make sure you don’t filter them out with iptables-1.8.9. If you want to exclude certain classes of packets, it is more efficient to do it with iptables than it is with Wireshark.

Contents

Installed Programs: capinfos, captype, dumpcap, editcap, idl2wrs, mergecap, randpkt, rawshark, reordercap, sharkd, text2pcap, tshark, and wireshark

Installed Libraries: libwireshark.so, libwiretap.so, libwsutil.so, and numerous modules under /usr/lib/wireshark/plugins

Installed Directories: /usr/{include,lib,share}/wireshark and /usr/share/doc/wireshark-4.0.3

Short Descriptions

capinfos reads a saved capture file and returns any or all of several statistics about that file. It is able to detect and read any capture supported by the Wireshark package.

captype prints the file types of capture files.

dumpcap is a network traffic dump tool. It lets you capture packet data from a live network and write the packets to a file.

editcap edits and/or translates the format of capture files. It knows how to read libpcap capture files, including those of tcpdump, Wireshark and other tools that write captures in that format.

idl2wrs is a program that takes a user specified CORBA IDL file and generates “C” source code for a Wireshark “plugin”. It relies on two Python programs wireshark_be.py and wireshark_gen.py, which are not installed by default. They have to be copied manually from the tools directory to the $PYTHONPATH/site-packages/ directory.

mergecap combines multiple saved capture files into a single output file.

randpkt creates random-packet capture files.

rawshark dumps and analyzes raw libpcap data.

reordercap reorders timestamps of input file frames into an output file.

sharkd is a daemon that listens on UNIX sockets.

text2pcap reads in an ASCII hex dump and writes the data described into a libpcap-style capture file.

tshark is a TTY-mode network protocol analyzer. It lets you capture packet data from a live network or read packets from a previously saved capture file.

wireshark is the Qt GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file.

libwireshark.so contains functions used by the Wireshark programs to perform filtering and packet capturing.

libwiretap.so is a library being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. For more information, see the README file in the source wiretap directory.