debian 10 maps to "Buster"
wireshark-common:buster is wireshark-common (2.6.20-0+deb10u1) which does not include sharkd (filelist)
The debian wireshark changelog shows that sharkd was added in Wireshark 3.0.7 and newer:
wireshark (3.0.7-1) unstable; urgency=medium
[ Balint Reczey ]
* Build-depend on libglib2.0-dev. This is needed for backports for example
to Ubuntu 16.04 and earlier releases.
* Ship sharkd in wireshark-common (Closes: #943403)
* New upstream version 3.0.7
- security fixes:
- CMS dissector crash. (CVE-2019-19553)
* Update symbols files
debian 11 (Bullseye) ships wireshark-common (3.4.4-1) which include sharkd (filelist)
But it looks like sharkd only supports tcp: sockets on Windows.
sharkd_daemon.c:
#ifdef _WIN32
/* for windows support TCP sockets */
# define SHARKD_TCP_SUPPORT
#else
/* for other system support only local sockets */
# define SHARKD_UNIX_SUPPORT
#endif
Windows:
C:\Development\wsbuild64\run\RelWithDebInfo>sharkd -a tcp:127.0.0.1:4446
Sharkd listening on: tcp:127.0.0.1:4446
The "Usage:" screen has an example based on the platform it's compiled for:
#ifdef SHARKD_UNIX_SUPPORT
fprintf(output, " - unix:/tmp/sharkd.sock - listen on unix file /tmp/sharkd.sock\n");
#endif
#ifdef SHARKD_TCP_SUPPORT
fprintf(output, " - tcp:127.0.0.1:4446 - listen on TCP port 4446\n");
#endif
Windows:
C:\Development\wsbuild64\run\RelWithDebInfo>sharkd -h
Usage: sharkd [<classic_options>|<gold_options>]
Classic (classic_options):
[-|<socket>]
<socket> examples:
- tcp:127.0.0.1:4446 - listen on TCP port 4446
Gold (gold_options):
Linux:
admin1@ubuntu1:~/wireshark/build_3.5.x/run$ ./sharkd -h
Usage: sharkd [<classic_options>|<gold_options>]
Classic (classic_options):
[-|<socket>]
<socket> examples:
- unix:/tmp/sharkd.sock - listen on unix file /tmp/sharkd.sock
Gold (gold_options):
There is not a man page for sharkd.
Current documentation is on the wiki page and needs a blurb about platform support.
