Wireshark data packet capture tutorial-installing Wireshark
Wireshark data packet capture tutorial-install Wireshark learn how to download and install Wireshark based on your operating system in the previous section. This book focuses on the development version 1.99.7 (Chinese version). The following describes how to install Wireshark on Windows and Linux respectively.
Install Wireshark in Windows [instance 1-1] and install Wireshark in Windows. The procedure is as follows:
(1)Download the developed Windows installation package from wiresharkofficial. Its name is wireshark-win64-1.99.7.exe.
(2)Double-click the downloaded software package to display the page shown in 1.8.
(3)The basic information of Wireshark is displayed. Click Next. The license agreement dialog box is displayed, as shown in Figure 1.9.
Figure 1.8 welcome page Figure 1.9 License Agreement dialog box
(4)This page displays the license terms for Wireshark. Click the I Agree button. The select component dialog box is displayed, as shown in Figure 1.10.
(5)Select the Wireshark component you want to install. The default settings are used here. Click Next. The Select Additional Tasks dialog box is displayed, as shown in Figure 1.11.
Figure 1.10 Select component dialog box Figure 1.11 Select Additional Tasks dialog box
(6)This interface is used to set the location and associated file extension for creating shortcuts. After setting, click Next to display the installation location dialog box, as shown in 1.12.
(7)On this page, select the installation location of Wireshark. Click Next. the WinPcap installation dialog box is displayed, as shown in Figure 1.13.
Figure 1.12 installation position dialog box Figure 1.13 installation WinPcap dialog box
(8)This interface prompts whether to install WinPcap. To use Wireshark to , you must install WinPcap. Therefore, check the Install WinPcap 4.1.3 check box. Click the Install button. Wireshark will start installation. When Wireshark is installed halfway, the WinPcap welcome page is displayed, as shown in Figure 1.14.
(9)The basic WinPcap information is displayed. Click Next to display the WinPcap license terms dialog box, as shown in 1.15.
Figure 1.14 WinPcap welcome page Figure 1.15 WinPcap license terms dialog box
(10)The WinPcap license terms are displayed. Click the I Agree button to display the installation options, as shown in Figure 1.16.
(11)The WinPcap Installation option is displayed on this page. Click the Install button to display the page shown in 1.17.
Figure 1.16 Installation Options figure 1.17 install WinPcap
(12)The WinPcap has been installed. Click Finish to continue Wireshark installation. After the installation is complete, the page shown in 1.18 is displayed.
(13)You can see that Wireshark has been installed. Click Next. The page shown in 1.19 is displayed.
Figure 1.18 Wireshark installation completion figure 1.19 completion page
(14)The Wireshark setting wizard is complete. If you want to directly start Wireshark, select the Run Wireshark 1.99.7 (64-bit) check box. Click Finish to start Wireshark.
Note: When you select the installation location of Wireshark in step 1, use the default installation location. The installation location cannot be selected when WinPcap is installed. It is installed under C: \ Program Files (x86) by default.
(15)After installation, two Wireshark icons will appear in the Windows window program, as shown in Figure 1.20.
(16)Start the Wireshark Legacy program on the English version, as shown in Figure 1.21. Wireshark is a Chinese version of the interface, as shown in Figure 1.22.
Figure 1.20 Wireshark icon Figure 1.21 Wireshark English version Interface
Figure 1.22 Wireshark Chinese Version
Install Wireshark in Linux [instance 1-2]. The following example shows how to install Wireshark in Kali Linux. The procedure is as follows:
(1)Download the source code package of wiresharktest from wiresharkofficial. Its software name is wireshark-1.99.7.tar.bz2. Put the downloaded package in/root /. Run the following command to View Details:
Root @ 1 :~ # Ls
Desktop New Graph (1). wireshark-1.99.7.tar.bz2 mtgx
From the output information, you can see the source code package wireshark-1.99.7.tar.bz2.
(2)Decompress the Wireshark package. Run the following command:
Root @ 1 :~ # Tar-jxvf wireshark-1.99.7.tar.bz2-C/
After the command is executed, wireshark-1.99.7.tar.bz2 is extracted to the/directory. And generate a folder named wireshark-1.99.7.
(3)Use the cd command to change the Directory and view the folder under the directory.
Root @ 1 :~ # Cd/
Root @ 1:/# ls
0 initrd. img opt srv vmware-tools-distrib
Bin lib proc sys wireshark-1.99.7.
From the output, you can see the folder named wireshark-1.99.7 (bold part) generated after extracting the source package ).
(4)Go to the folder and run the following command:
Root @ 1:/# wireshark-1.99.7/cd/
Root @ 1:/wireshark-1.99.7 # ls
Abi-descriptor.template help
Acinclude. m4 idl
···
Configure README. windows
Configure. ac register. h
ConfigureChecksNaNake reordercap. c
This folder contains a large amount of content, which can be replaced by.... Only a few parts are listed. There is an executable file named configure (bold part ).
(5)Configure the Wireshark software package. When you configure the Wireshark package, Wireshark depends on the GTK + package. The following error message is displayed when you run the command:
Root @ 1:/wireshark-1.99.7 #./configure
Checking build system type... x86_64-unknown-linux-gnu
Checking host system type... x86_64-unknown-linux-gnu
Checking target system type... x86_64-unknown-linux-gnu
Checking for a BSD-compatible install.../usr/bin/install-c
···
Checking for pkg-config... (cached)/usr/bin/pkg-config
Checking for GTK +-version> = 3.0.0... no
* ** Cocould not run GTK + test program, checking why...
* ** The test program failed to compile or link. See the file config. log for
* ** Exact error that occured. This usually means GTK + is incorrectly installed.
Configure: error: GTK + 3 is not available
There is a large amount of output information. Due to the length of the output, we can replace it with... to list only part of the information. An error message (BOLD) appears at the end of the message, prompting GTK + 3 to be unavailable. In Wireshark 1.12.0 or later versions, GTK + 3.0 is used by default. The current GTK + version is not 3.0.
(6)Run the following command to view the GKT + version:
Root @ 1 :~ # Pkg-config gtk +-2.0 -- modversion
2.24.10
The output information shows that the GKT + version is 2.24.10.
(7)Configure the Wireshark package again and run the following command:
Root @ 1:/wireshark-1.99.7 #./configure -- with-gtk2
Checking build system type... x86_64-unknown-linux-gnu
Checking host system type... x86_64-unknown-linux-gnu
Checking target system type... x86_64-unknown-linux-gnu
Checking for a BSD-compatible install.../usr/bin/install-c
···
Checking for pcap. h... no
Configure: error: Header file pcap. h not found; if you installed libpcap
From source, did you also do "make install-incl", and if you installed
Binary package of libpcap, is there also a developer's package of libpcap,
And did you also install that package?
There is a large amount of output information. Due to the length of the output, we can replace it with... to list only part of the information. An error message (bold part) appears at the end ). The header file pcap. h is missing. This is because the libpcap-dev package is missing. First, check the installation status of libpacp.
(8)Select "application", "System Tools", and "Add/delete software" in the menu bar of the graphic interface. The dialog box shown in 1.23 is displayed.
(9)Click "OK" to go to the "Add/delete software" dialog box, as shown in Figure 1.24.
Figure 1.23 dialog box figure 1.24 Add/delete Software
(10)Enter libpcap in the search box and click "Search", as shown in Figure 1.25.
Figure 1.25 searchLibpcap
The above figure indicates that the software has been installed, and vice versa. We can find the libpcap package we need. The libpcap package is libpcap0.8-1.3.0-1 (64-bit) installed here ). The version is 1.3.0. So find the corresponding version of libpcap0.8-dev-1.3.0-1 (64-bit) package, the installation can solve the problem of STEP (7.
(11)After installing the libpcap0.8-dev-1.3.0-1 (64-bit) package, continue with the command in step (7.
(12)Compile the Wireshark software package. Run the following command:
Root @ 1:/wireshark-1.99.7 # make
(13)Install Wireshark software package. Run the following command:
Root @ 1:/wireshark-1.99.7 # make install
After the preceding process is successfully executed, Wireshark software is successfully installed. Wireshark is installed under/usr/local/bin/by default.
(14)Start Wireshark and run the following command:
Root @ 1 :~ # Cd/usr/local/bin/# Switch Directories
Root @ 1:/usr/local/bin # ls # View content
Capinfos dftest editcap randpkt reordercap tshark xsser
Captype dumpcap mergecap rawshark text2pcap wireshark-gtk
Root @ 1:/usr/local/bin # wireshark-gtk # Start Wireshark
Wireshark-gtk: error while loading shared libraries: libwiretap. so.0: cannot open shared object file: No such file or directory
If an error (bold part) occurs in the output information when Wireshark software is started ). An error occurred when Wireshark loaded the shared library. To update the dynamic library, run the following command:
Root @ 1:/usr/local/bin # ldconfig
No output information is displayed when you run the preceding command.
(15)Start Wireshark again and run the following command:
Root @ 1:/usr/local/bin # wireshark-gtk
After running the preceding command, the page shown in 1.26 is displayed.
Figure 1.26 warning information Figure 1.27 Wireshark Main Interface
This interface prompts the current system to use the root user to start the Wireshark tool, which may be dangerous. Click OK to start Wireshark, as shown in Figure 1.27. If you do not want this window to pop up again, check the check box before Don't show this message again.