1. Introduction 1.1. Project/Component Working Name: Add Wireshark 0.99.5 into Solaris 1.2. Name of Document Author/Supplier: Author: Bart Smaalders 1.3 Date of This Document: June 7, 2007 4. Technical Description Summary This project integrates Wireshark v 0.99.5 into Solaris This project requests a minor release binding. Background Wireshark (ne Ethereal) is a very popular network protocol analyzer e.g. a graphical snoop. It runs under a variety of platforms, and is licensed under the GNU General Public License. It captures packets (when run with appropriate privs) and displays them in a GTK-based GUI. A sample screenshot can be found here: http://wireshark.org/image/front_screen_full.png More information is available at http://wireshark.org Details This project delivers the following binaries: usr/sbin/wireshark Wireshark is a GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file. Wireshark's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools. usr/sbin/editcap Editcap is a program that reads some or all of the captured packets from the infile, optionally converts them in various ways and writes the resulting packets to the capture outfile (or outfiles). usr/sbin/capinfos Capinfos is a program that reads one or more capture files and returns some or all available statistics of each . usr/sbin/text2pcap Text2pcap is a program that reads in an ASCII hex dump and writes the data described into a libpcap capture file. text2pcap can read hexdumps with multiple packets in them, and build a capture file of multiple packets. text2pcap is also capable of generating dummy Ethernet, IP and UDP, TCP, or SCTP headers, in order to build fully processable packet dumps from hexdumps of application-level data only. usr/sbin/tshark TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools. usr/sbin/mergecap Mergecap is a program that combines multiple saved capture files into a single output file specified by the -w argument. Mergecap knows how to read libpcap capture files, including those of tcpdump, Wireshark, and other tools that write captures in that format. usr/sbin/dumpcap Dumpcap is a network traffic dump tool. It lets you capture packet data from a live network and write the packets to a file. Dumpcap's native capture file format is libpcap format, which is also the format used by Wireshark, tcpdump and various other tools. Additional files Man pages are provided in /usr/share/man. HTML help pages are delivered into /usr/share/wireshark; these are brought up in a browser if help is selected from within Wireshark. Various other bits of private implementation details can be found under usr/share/wireshark as well. Program plugins are delivered into usr/lib/wireshark/plugins/0.99.5. There are two private libraries delivered into /usr/lib. The command line tools and their libraries, man pages, plugins, etc are delivered in SUNWwireshark. The GUI itself (the only component with Gnome dependencies) is delivered in a separate package SUNWwiresharkgui to faciliate the use of the command line tools in otherwise minimized systems. The Wireshark GUI appears in the JDS desktop menu under System Tools. Two rights profiles are added to /etc/security/exec_attr as follows: Network Management:solaris:cmd:::/usr/sbin/tshark:privs=net_rawaccess Network Management:solaris:cmd:::/usr/sbin/wireshark:privs=net_rawaccess A complete list of delivered files is in the case directory in SVR4 package prototype form as prototype_com; the man pages can be found in the man subdirectory. Interfaces The names of the introduced binaries are Unstable. The command line interfaces, output, etc, are all External. 4.2 Bug/RFE Numbers 6567201 Solaris should include Wireshark 5. References PSARC 1999/555: Getting with the Freeware Program PSARC 2005/185: Enabling Serendipitous Discovery http://wireshark.org 6. Resources and Schedule 6.4. Steering Committee requested information 6.4.1. Consolidation C-team Name: sfw 6.5. ARC review type: Fasttrack