Wireshark Package installation Wireshark

The previous section of the study can be based on your own operating system to download the installation of Wireshark. This book has been developed 1.99.7 (Chinese version) mainly, the following describes the installation of Wireshark on Windows and Linux respectively.

Installing Wireshark in a Windows system

"Instance 1-1" installs Wireshark in Windows. The procedure is as follows:

(1 ) Download the development version of the Windows installation package from Wireshark official website with the name Wireshark-win64-1.99.7.exe.

(2 Double-click on the downloaded package and the interface shown in 1.8 will be displayed.

(3 The interface shows the basic information of the Wireshark. When you click the Next button, the License Agreement dialog box pops up, as shown in 1.9.

Figure 1.8 Welcome Interface Figure 1.9 License Agreement dialog box

(4 The interface shows the license terms information for using Wireshark. When you click the I agree button, the Select Component dialog box pops up, as shown in 1.10.

(5 This interface selects the Wireshark component that you want to install, which uses the default settings. Then click the Next button, which will pop up the Select Additional Tasks dialog box, shown in 1.11.

Figure 1.10 Select Component dialog box 1.11 Select Additional Tasks Dialog

(6 This interface is used to set the location where the shortcut is created and the associated file name extension. When you are finished, click the Next button to display the Installation Location dialog box, shown in 1.12.

(7 Select the installation location of the Wireshark in this interface. Then click the Next button, which will display the Installation WinPcap dialog box, shown in 1.13.

Figure 1.12 Installation Location dialog box 1.13 Installation WinPcap Dialog

(9 The interface shows the WinPcap basic information. When you click the Next button, the WinPcap License Terms dialog box appears, as shown in 1.15.

Figure 1.14 WinPcap Welcome Interface Diagram 1.15 WinPcap License Terms dialog box

(Ten The interface displays the WinPcap license Terms information. When you click the I agree button, the installation options are displayed, as shown in 1.16.

( One the interface shown in 1.17 is displayed in the interface where the Install WinPcap option is displayed, and then click the Install button.

Figure 1.16 Installation Options Figure 1.17 installation WinPcap complete

( From this interface , you can see that WinPcap is installed. When you click the Finish button, the Wireshark will continue to be installed. When the installation is complete, the interface shown in 1.18 will be displayed.

( in From this interface , you can see that the Wireshark has been installed. When you click the Next button, the interface shown in 1.19 is displayed.

Figure 1.18 Wireshark installation Complete figure 1.19 finish interface

( From this interface , you can see the Wireshark Setup Wizard complete. If you want to start Wireshark directly, select the Run Wireshark 1.99.7 (64-bit) check box. Then click the Finish button and the Wireshark is ready to start.

Note: Use the default installation location when you select the installation location for Wireshark in the 7th step. Because the installation location cannot be selected when WinPcap is installed, it is installed by default under C:\Program Files (x86).

( after installation, the two icons for Wireshark appear in the Windows window program, as shown in 1.20.

( Start the Wireshark legacy program is the English version of the interface, shown in 1.21. Launch Wireshark is the Chinese version of the interface, shown in 1.22.

Figure 1.20 Wireshark icon diagram 1.21 wireshark English version interface

Figure 1.22 Wireshark Chinese version of the interface

Installing Wireshark on Linux systems

"Example 1-2" below shows the installation of Wireshark in the Kali Linux system. The procedure is as follows:

(1 Download the Wireshark beta version of the source package from the Wireshark website with the software named WIRESHARK-1.99.7.TAR.BZ2. Here, put the downloaded package on the/root/. The Execute command looks like this:

• [Email protected]:~# ls
• Desktop New Graph (1). MTGX wireshark-1.99.7.tar.bz2

The source package wireshark-1.99.7.tar.bz2 can be seen from the output information.

(2 ) unzip the Wireshark package. The execution commands are as follows:

• [Email protected]:~# tar-jxvf wireshark-1.99.7.tar.bz2-c/

After executing the above command, wireshark-1.99.7.tar.bz2 is extracted to/directory. and generates a folder named wireshark-1.99.7.

(3 Use the CD command to change the directory and view the folders under the directory.

• [Email protected]:~# CD/
• [Email protected]:/# ls
• 0 initrd.img opt SRV vmware-tools-distrib
• Bin Lib proc sys wireshark-1.99.7

From the output information, you can see the folder called wireshark-1.99.7 (bold part) generated after extracting the source package.

(4 to view the folder, execute the command as follows:

• [Email protected]:/# cd wireshark-1.99.7/
• [Email protected]:/wireshark-1.99.7# ls
• Abi-descriptor.template Help
• ACINCLUDE.M4 IDL
• ···
• Configure Readme.windows
• Configure.ac Register.h
• Configurechecks.cmake reordercap.c

The folder content is more, with ... Instead, only a few parts are listed. There is an executable file named Configure (Bold section).

(5 ) Configure the Wireshark package. When configuring the Wireshark package, because Wireshark relies on the GTK + package, the Execute command will be able to receive the error message shown below:

• [Email protected]:/wireshark-1.99.7#./configure
• Checking build system Type ... X86_64-unknown-linux-gnu
• Checking host system Type ... X86_64-unknown-linux-gnu
• Checking target system Type ... X86_64-unknown-linux-gnu
• Checking for a bsd-compatible install .../usr/bin/install-c
• ···
• Checking for pkg-config ... (cached)/usr/bin/pkg-config
• Checking for GTK +-version >= 3.0.0 ... No
• Could not run GTK + test program, checking why ...
• The test program failed to compile or link. See the file Config.log for the
• Exact error that occured. This usually means GTK + is incorrectly installed.
• Configure:error:gtk+3 is not available

The output of the information is more, due to the length of reasons, here ... Instead, only part of the information is listed. An error message (Bold section) appears at the end of the message, suggesting that gtk+3 is not available. Because in Wireshark 1.12.0 or later, the default configuration uses the gtk+3.0 version. And today's GTK + is not version 3.0.

(6 ) to view the gkt+ version, execute the command as follows:

• [Email protected]:~# pkg-config gtk+-2.0--modversion
• 2.24.10

The output information can be seen in the gkt+ version 2.24.10.

(7 To configure the Wireshark package again, execute the command as follows:

• [Email protected]:/wireshark-1.99.7#./configure--WITH-GTK2
• Checking build system Type ... X86_64-unknown-linux-gnu
• Checking host system Type ... X86_64-unknown-linux-gnu
• Checking target system Type ... X86_64-unknown-linux-gnu
• Checking for a bsd-compatible install .../usr/bin/install-c
• ···
• Checking for pcap.h ... no
• Configure:error: Header file pcap.h not found; If you installed Libpcap
• From source, does you also do ' make Install-incl ', and if you installed a
• Binary package of Libpcap, was there also a developer ' s package of Libpcap,
• And did you also install the?

The output of the information is more, due to the length of reasons, here ... Instead, only part of the information is listed. An error message (bold part) appears at the tail. The Pcap.h header file is missing. This is due to the lack of a libpcap-dev package. First look at the LIBPACP installation situation.

(8 in the menu bar of the graphical interface, select Applications | System Tools "|" Add/Remove Software command, pop up the dialog box shown in 1.23.

(9 Click the OK to continue button to enter the Add/Remove Software dialog box, shown in 1.24.

Figure 1.23 Dialog Diagram 1.24 Add/Remove software

(Ten Enter Libpcap in the Find bar, and click the Find button, 1.25.

Figure 1.25 Finding Libpcap

There is a diagram in front of it, which means the software is installed and not installed. We can find the Libpcap package we need. Installed here is the Libpcap package for LIBPCAP0.8-1.3.0-1 (64-bit). You can see the version 1.3.0 version. So find the corresponding version of the LIBPCAP0.8-DEV-1.3.0-1 (64-bit) package, the installation can solve the problem of step (7).

( One After installing the LIBPCAP0.8-DEV-1.3.0-1 (64-bit) package, proceed to the command of step (7).

( ) to compile the Wireshark package. The execution commands are as follows:

• [Email protected]:/wireshark-1.99.7# make

( in ) Install the Wireshark package. The execution commands are as follows:

• [Email protected]:/wireshark-1.99.7# make install

After successful execution of the above procedure, the Wireshark software has been successfully installed. Because the Wireshark software is installed by default under/usr/local/bin/.

( to start the Wireshark software, execute the command as follows:

• [Email protected]:~# cd/usr/local/bin/#切换目录
• [Email protected]:/usr/local/bin# ls #查看内容
• Capinfos dftest editcap randpkt reordercap tshark xsser
• Captype dumpcap mergecap Rawshark text2pcap wireshark-gtk
• [Email protected]:/usr/local/bin# wireshark-gtk #启动 Wireshark
• Wireshark-gtk:error while loading shared libraries: Libwiretap.so.0:cannot Open Shared object File:no such fil E or directory

If you start the Wireshark software, you see an error (bold section) from the output information. Wireshark An error occurred while loading the shared library. The next dynamic library needs to be updated, and the execution commands are as follows:

• [Email protected]:/usr/local/bin# ldconfig

Execute the above command without any output information.

( to start the Wireshark software again, execute the command as follows:

• [Email protected]:/usr/local/bin# WIRESHARK-GTK

After executing the above command, the interface shown in 1.26 will be displayed.

Figure 1.26 Warning infographic 1.27 Wireshark main interface

This interface prompts the current system to use the root user to launch the Wireshark tool, which may be dangerous. You can directly click the OK button to start wireshark,1.27 as shown. If you do not want the window to pop up again, tick the check box in front of the T show this message again.

This interface displays information about the Wireshark. This interface shows the four parts of the Wireshark, because, so the interface is reduced. Commands in each section of the content can be viewed using the mouse click to open. In this interface, select the interface that will capture the data, click the interface List command to display or select the interface in the box under the Start command, and then click the Start command to begin capturing data.

This article is selected from: Wireshark  Basic Tutorial University bully internal information, reproduced please indicate the source, respect the technology respect the IT person!

Wireshark  Package installation Wireshark