James Carlson wrote:
> Bart Smaalders writes:
>> It captures packets (when run as root) and displays them
>> in a GTK-based GUI.
>
> Do we have any precedent for non-GNOME use of GTK? It looks to me
> like those libraries deliver from JDS, not SFW.
>
Yes. They are committed interfaces, so all of us are free to use them.
Nmap (recently reviewed) is also a GTK gui, as you'll remember.
>> Wireshark is a GUI network protocol analyzer. It lets you
>> interactively browse packet data from a live network or from
>> a previously saved capture file. Wireshark's native capture
>> file format is libpcap format, which is also the format used
>> by tcpdump and various other tools.
>
> So, what's the plan for snoop? Does it get removed eventually?
>
That's a possibility. The maintainers of snoop can make that choice.
It might make more sense to enhance wireshark rather than to expend the
effort needed to update snoop periodically.
> It doesn't seem good for users to be bounced back and forth between
> two different tools to do the same job.
>
There's really more of a conflict between tshark and snoop; both are
cmdline network packet analyzers. Wireshark is a pretty complete,
functional GUI. The wireshark set of tools seems more complete to
me, but I'm no networking expert.
>> There are two private libraries delivered into /usr/lib.
>
> I don't see libpcap. Where does that come from?
>
I'm statically linking that into wireshark; it doesn't really want
(eg easily) build a dynamic version OOB. Until such time as we have
additional clients, static linking saves effort.
> I see a seriously large number of libraries used by blastwave's
> ethereal. Are the same ones dragged in here? If so, where are they?
> If not, then is there functionality missing from the Solaris SFW
> version? Any features disabled?
>
Here's the DTNEEDED entries from /usr/sbin/wireshark:
[0] NEEDED 0xfd29 libwiretap.so.0
[1] NEEDED 0xfd39 libwireshark.so.0
[2] NEEDED 0xfd4b libnetsnmp.so.5
[3] NEEDED 0xfd5b libpkcs11.so.1
[4] NEEDED 0xfd6a libgen.so.1
[5] NEEDED 0xfd76 libkstat.so.1
[6] NEEDED 0xfd84 libelf.so.1
[7] NEEDED 0xfd90 libdl.so.1
[8] NEEDED 0xfca6 libsocket.so.1
[9] NEEDED 0xfd9b libadm.so.1
[10] NEEDED 0xfda7 libcrypto.so.0.9.8
[11] NEEDED 0xfdba libgtk-x11-2.0.so.0
[12] NEEDED 0xfdce libgdk-x11-2.0.so.0
[13] NEEDED 0xfde2 libatk-1.0.so.0
[14] NEEDED 0xfdf2 libgdk_pixbuf-2.0.so.0
[15] NEEDED 0xfcbe libm.so.2
[16] NEEDED 0xfe09 libmlib.so.2
[17] NEEDED 0xfe16 libpangocairo-1.0.so.0
[18] NEEDED 0xfe2d libpango-1.0.so.0
[19] NEEDED 0xfe3f libcairo.so.2
[20] NEEDED 0xfe4d libgobject-2.0.so.0
[21] NEEDED 0xfe61 libgmodule-2.0.so.0
[22] NEEDED 0xfe75 libgthread-2.0.so.0
[23] NEEDED 0xfcd1 libpthread.so.1
[24] NEEDED 0xfcea libthread.so.1
[25] NEEDED 0xfe89 libglib-2.0.so.0
[26] NEEDED 0xfe9a libgnutls.so.12
[27] NEEDED 0xfeaa libgcrypt.so.11
[28] NEEDED 0xfeba libgpg-error.so.0
[29] NEEDED 0xfcf9 libnsl.so.1
[30] NEEDED 0xfecc libz.so.1
[31] NEEDED 0xfd05 libc.so.1
I'm going over the list w/ Dermot; there are a couple for which I'll
need contracts. When libpcre integrates, that will appear in the above
list as well. I also need contracts w/ Darrin for the crypto libraries.
I've disabled building 3 components (dftest, randpkt, and idl2wrs) as
these are better suited to Wireshark plugin developers than to a general
purpose tool.
The configure entry currently looks like this:
$(VER)/config.status: $(VER)/configure Makefile.sfw
(cd $(VER); env \
MAKE=$(GMAKE) \
PATH=/usr/xpg4/bin:/usr/perl5/bin:/usr/bin:/usr/sfw/bin:/usr/ccs/bin \
LD_OPTIONS="-M $(SRC)/cmd/mapfile_noexstk" \
HTML_VIEWER=firefox \
./configure \
--disable-usr-local \
--with-pcap=$(ROOT)/usr \
--enable-threads \
--disable-dftest \
--disable-idl2wrs \
--disable-randpkt \
--with-ssl=/usr/sfw \
--mandir=/usr/share/man \
--bindir=/usr/sbin \
--prefix=/usr \
--exec-prefix=/usr \
)
- Bart
--
Bart Smaalders Solaris Kernel Performance
barts at cyber.eng.sun.com http://blogs.sun.com/barts
