diff options
Diffstat (limited to 'docbook/wsug_src/WSUG_chapter_introduction.xml')
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_introduction.xml | 710 |
1 files changed, 0 insertions, 710 deletions
diff --git a/docbook/wsug_src/WSUG_chapter_introduction.xml b/docbook/wsug_src/WSUG_chapter_introduction.xml deleted file mode 100644 index 80a9bb1024..0000000000 --- a/docbook/wsug_src/WSUG_chapter_introduction.xml +++ /dev/null @@ -1,710 +0,0 @@ -<!-- WSUG Chapter Introduction --> - -<chapter id="ChapterIntroduction"> - <title>Introduction</title> - <!-- Introduction --> - <section id="ChIntroWhatIs"> - <title>What is <application>Wireshark?</application></title> - <para> - Wireshark is a network packet analyzer. A network packet - analyzer will try to capture network packets and tries to display - that packet data as detailed as possible. - </para> - <para> - You could think of a network packet analyzer as a measuring device used to - examine what's going on inside a network cable, just like a voltmeter is - used by an electrician to examine what's going on inside an electric cable - (but at a higher level, of course). - </para> - <para> - In the past, such tools were either very expensive, proprietary, or both. - However, with the advent of Wireshark, all that has changed. - </para> - <para> - <application>Wireshark</application> is perhaps one of the best open - source packet analyzers available today. - </para> - - <section id="ChIntroPurposes"><title>Some intended purposes</title> - <para> - Here are some examples people use Wireshark for: - <itemizedlist> - <listitem><para> - network administrators use it to <command>troubleshoot network - problems</command> - </para></listitem> - <listitem><para> - network security engineers use it to <command>examine security - problems</command> - </para></listitem> - <listitem><para> - developers use it to <command>debug protocol implementations</command> - </para></listitem> - <listitem><para> - people use it to <command>learn network protocol</command> - internals - </para></listitem> - </itemizedlist> - Beside these examples, Wireshark can be helpful in many other situations - too. - </para> - </section> - - <section id="ChIntroFeatures"><title>Features</title> - <para> - The following are some of the many features Wireshark provides: - <itemizedlist> - <listitem> - <para>Available for <command>UNIX</command> and <command>Windows</command>.</para> - </listitem> - <listitem> - <para> - <command>Capture</command> live packet data from a network interface. - </para> - </listitem> - <listitem> - <para> - <command>Open</command> files containing packet data captured with - tcpdump/WinDump, Wireshark, and a number of other packet capture - programs. - </para> - </listitem> - <listitem> - <para> - <command>Import</command> packets from text files containing hex - dumps of packet data. - </para> - </listitem> - <listitem> - <para> - Display packets with <command>very detailed protocol information</command>. - </para> - </listitem> - <listitem> - <para> - <command>Save</command> packet data captured. - </para> - </listitem> - <listitem> - <para> - <command>Export</command> some or all packets in a number of - capture file formats. - </para> - </listitem> - <listitem> - <para><command>Filter packets</command> on many criteria.</para> - </listitem> - <listitem> - <para><command>Search</command> for packets on many criteria.</para> - </listitem> - <listitem> - <para><command>Colorize</command> packet display based on filters.</para> - </listitem> - <listitem> - <para>Create various <command>statistics</command>.</para> - </listitem> - <listitem> - <para>... and <command>a lot more!</command></para> - </listitem> - </itemizedlist> - However, to really appreciate its power, you have to start using it. - </para> - <para> - <xref linkend="ChIntroFig1"/> shows <application>Wireshark</application> - having captured some packets and waiting for you to examine - them. - <figure id="ChIntroFig1"> - <title> - <application>Wireshark</application> captures packets and allows - you to examine their content. - </title> - <graphic entityref="WiresharkMain1" format="PNG"/> - </figure> - </para> - </section> - - <section> - <title>Live capture from many different network media</title> - <para> - Wireshark can capture traffic from many different network media types - - and despite its name - including wireless LAN as well. - Which media types are supported, depends on many things like the - operating system you are using. - An overview of the supported media types can be found at: - <ulink url="&WiresharkMediaPage;"/>. - </para> - </section> - - <section><title>Import files from many other capture programs</title> - <para> - Wireshark can open packets captured from a large number of - other capture programs. For a list of input formats see - <xref linkend="ChIOInputFormatsSection"/>. - </para> - </section> - <section><title>Export files for many other capture programs</title> - <para> - Wireshark can save packets captured in a large number of formats of - other capture programs. For a list of output formats see - <xref linkend="ChIOOutputFormatsSection"/>. - </para> - </section> - - <section> - <title>Many protocol decoders</title> - <para> - There are protocol decoders (or dissectors, as they are - known in Wireshark) for a great many protocols: - see <xref linkend="AppProtocols"/>. - </para> - </section> - - <section><title>Open Source Software</title> - <para> - Wireshark is an open source software project, and is released under - the <ulink url="&GPLWebsite;">GNU General Public License</ulink> (GPL). - You can freely use Wireshark on any number of computers you like, without - worrying about license keys or fees or such. In addition, all source - code is freely available under the GPL. Because of that, it is very easy - for people to add new protocols to Wireshark, either as plugins, or built - into the source, and they often do! - </para> - </section> - - <section id="ChIntroNoFeatures"><title>What Wireshark is not</title> - <para> - Here are some things Wireshark does not provide: - <itemizedlist> - <listitem><para> - Wireshark isn't an intrusion detection system. It will not warn you when - someone does strange things on your network that he/she isn't allowed to - do. However, if strange things happen, Wireshark might help you figure - out what is really going on. - </para></listitem> - <listitem><para> - Wireshark will not manipulate things on the network, it will only - "measure" things from it. Wireshark doesn't send packets on the network - or do other active things (except for name resolutions, but even - that can be disabled). - </para></listitem> - </itemizedlist> - </para> - </section> - </section> - - <section id="ChIntroPlatforms"> - <title>System Requirements</title> - <para>What you'll need to get Wireshark up and running ...</para> - - <section><title>General Remarks</title> - <para> - <itemizedlist> - <listitem><para>The values below are the minimum requirements and only - "rules of thumb" for use on a moderately used network</para></listitem> - <listitem><para>Working with a busy network can easily produce huge - memory and disk space usage! For example: Capturing on a fully saturated - 100MBit/s Ethernet will produce ~ 750MBytes/min! Having a fast processor, - lots of memory and disk space is a good idea in that case.</para></listitem> - <listitem><para>If Wireshark is running out of memory it crashes, - see: <ulink url="http://wiki.wireshark.org/KnownBugs/OutOfMemory"/> - for details and workarounds</para></listitem> - <listitem><para>Wireshark won't benefit much from Multiprocessor/Hyperthread - systems as time consuming tasks like filtering packets are single threaded. - No rule is without exception: during an "Update list of packets in real - time" capture, capturing traffic runs in one process and dissecting and - displaying packets runs in another process - which should benefit from two - processors.</para></listitem> - </itemizedlist> - </para> - </section> - - <section><title>Microsoft Windows</title> - <para> - <itemizedlist> - <listitem><para>Windows XP Home, XP Pro, XP Tablet PC, XP Media - Center, Server 2003, Vista, Home Server, Server 2008, Server 2008 R2, - Home Server 2011, 7, or Server 2012. - </para></listitem> - <listitem><para>Any modern 32-bit x86 or 64-bit AMD64/x86-64 processor. - </para></listitem> - <listitem><para>128MB available RAM. Larger capture files require more RAM. - </para></listitem> - <listitem><para>75MB available disk space. Capture files require additional disk space. - </para></listitem> - <listitem><para>800*600 (1280*1024 or higher recommended) resolution with - at least 65536 (16bit) colors (256 colors should work if Wireshark is - installed with the "legacy GTK1" selection of the Wireshark 1.0.x releases) - </para></listitem> - <listitem><para>A supported network card for capturing: - </para> - <itemizedlist> - <listitem><para> - Ethernet: Any card supported by Windows should work. See the wiki - pages on <ulink - url="http://wiki.wireshark.org/CaptureSetup/Ethernet">Ethernet - capture</ulink> and <ulink - url="http://wiki.wireshark.org/CaptureSetup/Offloading">offloading</ulink> - for issues that may affect your environment. - </para></listitem> - <listitem><para> - 802.11: See the <ulink - url="http://wiki.wireshark.org/CaptureSetup/WLAN#head-02456742c655394c9e948a4c9a59d3441c92782f">Wireshark - wiki page</ulink>. Capturing raw 802.11 information may be difficult without special equipment. - </para></listitem> - <listitem><para> - Other media: See <ulink - url="http://wiki.wireshark.org/CaptureSetup/NetworkMedia"/> - </para></listitem> - </itemizedlist> - </listitem> - </itemizedlist> - - Remarks: - - <itemizedlist> - <listitem><para> - Many older Windows versions are no longer supported for three reasons: - None of the developers use those systems which makes support - difficult. The libraries Wireshark depends on (GTK, WinPcap, …) have - dropped support for older releases. Microsoft <ulink - url="http://support.microsoft.com/gp/lifeselect">has also dropped - support for these systems</ulink>. - </para></listitem> - <listitem><para> - Windows 95, 98 and ME are no longer supported. The "old technology" - releases of Windows lack memory protection (specifically <ulink - url="http://msdn.microsoft.com/en-us/library/aa366898.aspx">VirtualProtect</ulink>) - which we use to improve program safety and security. The last known - version to work was Ethereal 0.10.14 (which includes WinPcap 3.1). You - can get it from <ulink url="http://ethereal.com/download.html" />. - According to <ulink - url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1130">this - bug report</ulink>, you may need to install Ethereal 0.10.0 on some - systems. - </para> - <para> - Microsoft retired support for Windows 98 and ME in 2006. - </para></listitem> - <listitem><para> - Windows NT 4.0 no longer works with Wireshark. The last known version - to work was Wireshark 0.99.4 (which includes WinPcap 3.1). You still - can get it from <ulink - url="http://www.wireshark.org/download/win32/all-versions/wireshark-setup-0.99.4.exe" - />. - </para> - <para> - Microsoft retired support for Windows NT 4.0 in 2004. - </para></listitem> - <listitem><para> - Windows 2000 no longer works with Wireshark. The last known version - to work was Wireshark 1.2.x (which includes WinPcap 4.1.2). You still - can get it from <ulink - url="http://www.wireshark.org/download/win32/all-versions/" />. - </para> - <para> - Microsoft retired support for Windows 2000 in 2010. - </para></listitem> - <listitem><para> - Windows CE and the embedded versions of Windows are not currently supported. - </para></listitem> - <listitem><para> - Multiple monitor setups are supported but may behave a bit - strangely. - </para></listitem> - </itemizedlist> - </para> - </section> - - <section><title>Unix / Linux</title> - <para> - Wireshark currently runs on most UNIX platforms. - The system requirements should be comparable to the Windows values - listed above. - </para> - <para> - Binary packages are available for at least the following platforms: - </para> - <para> - <itemizedlist> - <listitem><para>Apple Mac OS X</para></listitem> - <listitem><para>Debian GNU/Linux</para></listitem> - <listitem><para>FreeBSD</para></listitem> - <listitem><para>Gentoo Linux</para></listitem> - <listitem><para>HP-UX</para></listitem> - <listitem><para>Mandriva Linux</para></listitem> - <listitem><para>NetBSD</para></listitem> - <listitem><para>OpenPKG</para></listitem> - <listitem><para>Red Hat Enterprise/Fedora Linux</para></listitem> - <listitem><para>rPath Linux</para></listitem> - <listitem><para>Sun Solaris/i386</para></listitem> - <listitem><para>Sun Solaris/Sparc</para></listitem> - <listitem><para>Canonical Ubuntu</para></listitem> - </itemizedlist> - </para> - <para> - If a binary package is not available for your platform, you should - download the source and try to build it. - Please report your experiences - to <ulink url="mailto:&WiresharkDevMailList;">&WiresharkDevMailList; - </ulink>. - </para> - </section> - - </section> - - <section id="ChIntroDownload"> - <title>Where to get Wireshark?</title> - <para> - You can get the latest copy of the program from the Wireshark website: - <ulink url="&WiresharkDownloadPage;">&WiresharkDownloadPage;</ulink>. The - website allows you to choose from among several mirrors for - downloading. - </para> - <para> - A new Wireshark version will typically become available every 4-8 months. - </para> - <para> - If you want to be notified about new Wireshark releases, you should - subscribe to the wireshark-announce mailing list. You will find more - details in <xref linkend="ChIntroMailingLists"/>. - </para> - </section> - - <section id="ChIntroHistory"> - <title>A brief history of Wireshark</title> - <para> - In late 1997, Gerald Combs needed a tool for tracking down - networking problems and wanted to learn more about networking, so - he started writing Ethereal (the former name of the Wireshark project) - as a way to solve both problems. - </para> - <para> - Ethereal was initially released, after several pauses in development, - in July 1998 as version 0.2.0. Within days, patches, bug reports, - and words of encouragement started arriving, so Ethereal was on its - way to success. - </para> - <para> - Not long after that, Gilbert Ramirez saw its potential and contributed - a low-level dissector to it. - </para> - <para> - In October, 1998, Guy Harris of Network Appliance was looking for - something better than tcpview, so he started applying patches and - contributing dissectors to Ethereal. - </para> - <para> - In late 1998, Richard Sharpe, who was giving TCP/IP courses, saw its - potential on such courses, and started looking at it to see if it - supported the protocols he needed. While it didn't at that point, - new protocols could be easily added. So he started contributing - dissectors and contributing patches. - </para> - <para> - The list of people who have contributed to the project has become very - long since then, and almost all of them started with a protocol that they - needed that Wireshark or Ethereal did not already handle. So they copied - an existing dissector and contributed the code back to the team. - </para> - <para> - In 2006 the project moved house and re-emerged under a new name: Wireshark. - </para> - <para> - In 2008, after ten years of development, Wireshark finally arrived at - version 1.0. This release was the first deemed complete, with the minimum - features implemented. Its release coincided with the first Wireshark - Developer and User Conference, called SharkFest. - </para> - </section> - - <section id="ChIntroMaintenance"> - <title> - Development and maintenance of <application>Wireshark</application> - </title> - <para> - Wireshark was initially developed by Gerald Combs. Ongoing development - and maintenance of Wireshark is handled by the Wireshark team, a loose - group of individuals who fix bugs and provide new functionality. - </para> - <para> - There have also been a large number of people who have contributed - protocol dissectors to Wireshark, and it is expected that this will - continue. You can find a list of the people who have contributed - code to Wireshark by checking the about dialog box of Wireshark, or at - the <ulink url="&WiresharkAuthorsPage;">authors</ulink> page on the - Wireshark web site. - </para> - <para> - Wireshark is an open source software project, and is released under - the <ulink url="&GPLWebsite;">GNU General Public License</ulink> (GPL). - All source code is freely available under the GPL. You are welcome to - modify Wireshark to suit your own needs, and it would be appreciated - if you contribute your improvements back to the Wireshark team. - </para> - <para> - You gain three benefits by contributing your improvements back to the - community: - <itemizedlist> - <listitem> - <para> - Other people who find your contributions useful will appreciate - them, and you will know that you have helped people in the - same way that the developers of Wireshark have helped people. - </para> - </listitem> - <listitem> - <para> - The developers of Wireshark might improve your changes even more, - as there's always room for improvement. Or they may implement some - advanced things on top of your code, which can be useful for yourself - too. - </para> - </listitem> - <listitem> - <para> - The maintainers and developers of Wireshark will maintain your - code as well, fixing it when API changes or other changes are - made, and generally keeping it in tune with what is happening - with Wireshark. So if Wireshark is updated (which is done often), - you can get a new Wireshark version from the website and your changes - will already be included without any effort for you. - </para> - </listitem> - </itemizedlist> - </para> - <para> - The Wireshark source code and binary kits for some platforms are all - available on the download page of the Wireshark website: - <ulink url="&WiresharkDownloadPage;">&WiresharkDownloadPage;</ulink>. - </para> - </section> - - <section id="ChIntroHelp"> - <title>Reporting problems and getting help</title> - <para> - If you have problems, or need help with Wireshark, there are several - places that may be of interest to you (well, besides this guide of - course). - </para> - - <section id="ChIntroHomepage"><title>Website</title> - <para> - You will find lots of useful information on the Wireshark homepage at - <ulink url="&WiresharkWebSite;">&WiresharkWebSite;</ulink>. - </para> - </section> - - <section id="ChIntroWiki"><title>Wiki</title> - <para> - The Wireshark Wiki at <ulink - url="&WiresharkWikiPage;">&WiresharkWikiPage;</ulink> provides a wide range - of information related to Wireshark and packet capturing in general. - You will find a lot of information not part of this user's guide. For - example, there is an explanation how to capture on a switched network, - an ongoing effort to build a protocol reference and a lot more. - </para> - <para> - And best of all, if you would like to contribute your knowledge on a - specific topic (maybe a network protocol you know well), you can edit the - wiki pages by simply using your web browser. - </para> - </section> - - <section id="ChIntroQA"><title>Q&A Forum</title> - <para> - The Wireshark Q and A forum at - <ulink url="&WiresharkQASite;">&WiresharkQASite;</ulink> offers a resource - where questions and answers come together. You have the option to search - what questions were asked before and what answers were given by people who - knew about the issue. Answers are graded, so you can pick out the best ones - easily. If your issue isn't discussed before you can post one yourself. - </para> - </section> - - <section id="ChIntroFAQ"><title>FAQ</title> - <para> - The "Frequently Asked Questions" will list often asked questions and - the corresponding answers. - <note><title>Read the FAQ!</title> - <para> - Before sending any mail to the mailing lists below, be sure to read the - FAQ, as it will often answer the question(s) you might have. This will save - yourself and others a lot of time (keep in mind that a lot of people are - subscribed to the mailing lists). - </para> - </note> - You will find the FAQ inside Wireshark by clicking the menu item - Help/Contents and selecting the FAQ page in the dialog shown. - </para> - <para> - An online version is available at the Wireshark website: - <ulink url="&WiresharkFAQPage;">&WiresharkFAQPage;</ulink>. You might - prefer this online version, as it's typically more up to date and the HTML - format is easier to use. - </para> - </section> - - <section id="ChIntroMailingLists"><title>Mailing Lists</title> - <para> - There are several mailing lists of specific Wireshark topics available: - <variablelist> - <varlistentry><term><command>wireshark-announce</command></term> - <listitem> - <para> - This mailing list will inform you about new program - releases, which usually appear about every 4-8 weeks. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>wireshark-users</command></term> - <listitem> - <para> - This list is for users of Wireshark. People post - questions about building and using Wireshark, others (hopefully) - provide answers. - </para> - </listitem> - </varlistentry> - <varlistentry><term><command>wireshark-dev</command></term> - <listitem> - <para> - This list is for Wireshark developers. If you want to start - developing a protocol dissector, join this list. - </para> - </listitem> - </varlistentry> - </variablelist> - - You can subscribe to each of these lists from the Wireshark web site: - <ulink url="&WiresharkListsPage;">&WiresharkListsPage;</ulink>. - From there, you can choose which mailing list you want to subscribe to - by clicking on the Subscribe/Unsubscribe/Options button under the title - of the relevant list. The links to the archives are included on that - page as well. - - <tip><title>Tip!</title> - <para> - You can search in the list archives to see if someone asked the same - question some time before and maybe already got an answer. That way you - don't have to wait until someone answers your question. - </para> - </tip> - </para> - </section> - - <section><title>Reporting Problems</title> - <note><title>Note!</title> - <para> - Before reporting any problems, please make sure you have installed the - latest version of Wireshark. - </para> - </note> - <para> - When reporting problems with Wireshark, it is helpful if you supply the - following information: - <orderedlist> - <listitem> - <para> - The version number of Wireshark and the dependent libraries linked with - it, e.g. GTK+, etc. You can obtain this from the about dialog box - of Wireshark, or with the command <command>wireshark -v</command>. - </para> - </listitem> - <listitem> - <para> - Information about the platform you run Wireshark on. - </para> - </listitem> - <listitem> - <para> - A detailed description of your problem. - </para> - </listitem> - <listitem> - <para> - If you get an error/warning message, copy the text of that message - (and also a few lines before and after it, if there are some), so - others may find the place where things go wrong. Please don't - give something like: "I get a warning while doing x" as this won't - give a good idea where to look at. - </para> - </listitem> - </orderedlist> - </para> - <note><title>Don't send large files!</title> - <para> - Do not send large files (>100KB) to the mailing lists, just place a note - that further data is available on request. Large files will only annoy a - lot of people on the list who are not interested in your specific problem. - If required, you will be asked for further data by the persons who really - can help you. - </para> - </note> - <warning><title>Don't send confidential information!</title> - <para> - If you send captured data to the mailing lists, be sure they don't contain - any sensitive or confidential information like passwords or such. - </para> - </warning> - </section> - - <section><title>Reporting Crashes on UNIX/Linux platforms</title> - <para> - When reporting crashes with Wireshark, it is helpful if you supply the - traceback information (besides the information mentioned in "Reporting - Problems"). - </para> - <para> - You can obtain this traceback information with the following commands: - <programlisting> -<![CDATA[ -$ gdb `whereis wireshark | cut -f2 -d: | cut -d' ' -f2` core >& bt.txt -backtrace -^D -$ -]]> - </programlisting> - <note> - <para> - Type the characters in the first line verbatim! Those are - back-tics there! - </para> - </note> - <note> - <para> - backtrace is a <command>gdb</command> command. You should - enter it verbatim after the first line shown above, but it will not be - echoed. The ^D - (Control-D, that is, press the Control key and the D key - together) will cause <command>gdb</command> to exit. This will - leave you with a file called - <filename>bt.txt</filename> in the current directory. - Include the file with your bug report. - </para> - </note> - <note> - <para> - If you do not have <command>gdb</command> available, you - will have to check out your operating system's debugger. - </para> - </note> - </para> - <para> - You should mail the traceback to the - <ulink url="mailto:&WiresharkDevMailList;">&WiresharkDevMailList;</ulink> - mailing list. - </para> - </section> - - <section><title>Reporting Crashes on Windows platforms</title> - <para> - The Windows distributions don't contain the symbol files (.pdb), because - they are very large. For this reason it's not possible to create - a meaningful backtrace file from it. You should report your crash just - like other problems, using the mechanism described above. - </para> - </section> - </section> - -</chapter> -<!-- End of WSUG Chapter 1 --> |