Wireshark usage Tutorial: Chapter 2nd compiling/installing Wireshark

. Note that everything starts with Wireshark. To use Wireshark, you must: obtain a binary package suitable for your operating system, or obtain the source file for your operating system compilation. Currently, only two to three Linux distributions can transmit Wireshark, and usually all are outdated versions. No UN

2.1. Note that everything starts with Wireshark. To use Wireshark, you must: obtain a binary package suitable for your operating system, or obtain the source file for your operating system compilation. Currently, only two to three Linux distributions can transmit Wireshark, and usually all are outdated versions. No UN

2.1. Notice

Everything starts with Wireshark. To use Wireshark, you must:

· Obtain a binary package suitable for your operating system, or

· Obtain the source file for your operating system compilation.

Currently, only two to three Linux distributions can transmit Wireshark, and usually all are outdated versions. So far, no UNIX version can transmit Wireshark. No version of Windows can transmit Wireshark. For the above reasons, you need to know where to get the latest version of Wireshark and how to install it.

This section describes how to obtain source files and Binary packages, and compile Wireshark source files based on your needs.

The following are common steps:

1. download the required packages, such as the source file or binary release.

2. Compile the source file into a Binary Package (if you download the source file ). In this way, you can compile and/or install other required packages.

3. Install the binary package to the final target location.

2.2. Obtain the source

You can get both source files and binary distributions from Wireshark web http://www.wireshark.org. Select the link you want to download, and then select the image site where the source file or binary release package is located (as close as possible to your site ).

For the above reasons, you may want to download the source file and compile it by yourself, because this is relatively convenient.

2.3. Before installation in UNIX

Before compiling or installing the binary release, make sure that the following package has been installed:

1. GTK +, The GIMP Tool Kit.

You will also need Glib. They can all be obtained from www.gtk.org.

2. Libpcap, Wireshark tool used to capture packets

You can get it from www.tcpdump.org.

Depending on your operating system, you may be able to install Binary packages, such as RPMs. You may need to obtain the source file and compile it.

If you have downloaded the GTK + source file, for example, the command "compile GTK + from source file" in example 2.1 is helpful for compiling.

Example 2.1. Compile GTK + from the source file

gzip -dc gtk+-1.2.10.tar.gz | tar xvf -

./configure

make install

If an error occurs when executing the command "compile GTK + from source file" in example 2.1, You can consult the GTK + website.

If you have downloaded the libpcap source, the General Command will help you complete the compilation as shown in "Compiling and installing libpcap" in example 2.2. Similarly, if your operating system does not supportTcpdumpYou can download and install it from the tcpdump website.

Example 2.2. Compile and install libpcap

gzip -dc libpcap-0.9.4.tar.Z | tar xvf -

cd libpcap-0.9.4

./configure

make

make install

In RedHat 6.x and later environments (including its release versions, such as Mandrake), you can directly run RPM to install all the packages. In most cases, you need to install GTK + and Glib in Linux. In other words, you may need to install the customized version of all packages. For the installation command, see Example 2.3 "install the required RPM package in RedHat Linux 6.2 or the release version based on this version ". If you have not installed RPMs, you may need to install the required RPMs.

Example 2.3: install the required RPM package in RedHat Linux 6.2 or the release version based on this version.

cd /mnt/cdrom/RedHat/RPMS

rpm -ivh glib-1.2.6-3.i386.rpm

rpm -ivh glib-devel-1.2.6-3.i386.rpm

rpm -ivh gtk+-1.2.6-7.i386.rpm

rpm -ivh gtk+-devel-1.2.6-7.i386.rpm

rpm -ivh libpcap-0.4-19.i386.rpm

	Note:
If you use a version later than RedHat 6.2, the required RMPs package may have changed. Use the correct RMPs package.

In Debian, you can use the apt-ge command. Apt-get will complete all the operations for you. See example 2.4 "Install Deb under Deban"

Example 2.4. Install Deb under Deban

apt-get install wireshark-dev

2.4. Compile Wireshark in UNIX

To compile Wireshark source code in a Unix operating system, follow these steps:

1. Unzip the package if Linux is used.Gzip 'd tarFile. If you use UNIX, decompressTarFile. The Linux Command is as follows:

tar zxvf wireshark-0.99.5-tar.gz

For the UNIX version, the command is as follows:

gzip -d wireshark-0.99.5-tar.gz

tar xvf wireshark-0.99.5-tar

2. Set the current directory to the directory of the source file.

3. Configure your source file to compile it into a suitable Unix version. The command is as follows:

./configure

If you are prompted for an error by following these steps, correct the error and re-configure it. To solve the compilation error, refer to section 2.6 "solve the problem during UNIX installation"

4. Use the make command to compile the source file into a binary package, for example:

make

5. Install the compiled binary package to the final target. Run the following command:

make install

Once Wireshark is installed using make install, you can run it by entering the Wireshark command.

2.5. Install a Binary Package in UNIX

Generally, the installation of a binary distribution package in your UNIX environment varies depending on your UNIX version type. For example, in AIX, you can use smit for installation, and in Tru64 UNIX, you can use the setld command.

2.5.1. Install the RPM package in Linux or similar environments

Run the following command to install the Wireshark RPM package:

rpm -ivh wireshark-0.99.5.i386.rpm

If the installation error is caused by the lack of Wireshark dependent software, install the dependent software first and then try to install it. For software dependent on REDHAT, see Example 2.3 "install the required RPM package in RedHat Linux 6.2 or the release version based on this version"

2.5.2. Install the Deb package in the Debian Environment

Use the following command to install Wireshark In Debian

apt-get install Wireshark

Apt-get will complete all relevant operations for you

2.5.3. Install Portage in Gentoo Linux

Run the following command to install wireshark and all required additional files in Gentoo Linux:

USE="adns gtk ipv6 portaudio snmp ssl kerberos threads selinux" emerge wireshark

2.5.4. Installation Package in FreeBSD Environment

Run the following command to install Wireshark under FreeBSD:

pkg_add -r wireshark

Pkg_add will complete all relevant operations for you

2.6. Fixed problems during UNIX Installation

[10]

Some errors may occur during installation. Here are some error solutions:

IfConfigureAn error occurred in that step. You need to find out the cause of the error. You can check the log file config. log (in the source file directory) to see what errors have occurred. Valuable information is usually in the last few rows.

The general cause is that you lack the GTK + environment or your GTK + version is too low. Another cause of configure error is the lack of libpcap (this is the tool used to capture packets ).

Another common problem is that many users complain that the final compilation and link process takes too long. This is usually because old-fashionedSedCommand (for example, transmitted under solaris ). Since the libtool script uses the sed command to establish the final link command, unknown errors are often caused. You can solve this problem by downloading the latest version of sed http://directory.fsf.org/GNU/sed.html.

If you cannot detect the cause of the error. Sending an email to wireshark-dev indicates your problem. Of course, the email contains config. log and other things that you think are helpful for solving the problem, such as tracking the make process.

2.7. Compile the source in Windows

On Windows, we recommend that you use a binary package for direct installation unless you are engaged in Wireshark development. For more information about compiling and installing Wireshark in Windows, see our development WIKI website http://wiki.wireshark.org/developmentto find the latest development documentation.

2.8. Install Wireshark in Windows

This section describes how to install the Wireshark Binary Package in Windows.

2.8.1 install Wireshark

The Wireshark binary installation package you obtained may have a name similarWireshark-setup-x.y.z.exe.The Wireshark installation package contains WinPcap, so you do not need to download and install it separately.

You only need to download and execute the wiresharkinstallation package at http://www.wireshark.org/download.html?releases. In addition to normal installation, there are several components available for installation.

Select components [11]

Wireshark (including the GTK1 and GTK2 interfaces cannot be installed simultaneously ):

If you encounter problems using the GTK2 GUI, you can try GTK1. gtk2is not available in 256-color (8bit) display mode in Windows. However, some advanced analysis statistics functions may not be available in GTK1.

·Wireshark GTK1-Wireshark is a GUI network analysis tool.

·Wireshark GTK2-Wireshark is a GUI Network Analysis Tool (GTK2 GUI module is recommended)

·GTK-Wimp-GTKWimp is a poetic GTK2 window simulation (it looks like a native windows32 program and is recommended)

·TSshark-TShark is a command line network analysis tool.

Plug-in/extension (Wireshark, TShark analysis engine ):

·Dissector Plugins-Analysis plug-in: plug-in with extended Analysis

·Tree Statistics Plugins-Tree statistics Plugin: statistical tool Extension

·Mate-Meta Analysis and Tracing Engine (experimental): Configurable display filter engine, see http://wiki.wireshark.org/Mate.

·SNMP MIBs: Detailed analysis of SNMP and MIBS.

Tools/tool (additional command line tool for processing captured files

User's Guide-User manual for local installation. If the user manual is not installed, most of the buttons in the Help menu may access the internet.

• Editcap-Editcap is a program that reads a capture file and writes some or all of the packets into another capture file. /Editcap is a program that reads captured files. It can also write part or all of the information of one captured file to another. (File merging or insertion ?)

·Text2Pcap-Text2pcap is a program that reads in an ASCII hex dump and writes the data into a libpcap-style capture file. /Tex2pcap is a program that reads ASCII hex and writes data to libpcap files.

·Mergecap-Mergecap is a program that combines multiple saved capture files into a single output file./Mergecap is a program that combines multiple playback and capturing files into one.

·Capinfos-Capinfos is a program that provides information on capture files./Capinfos is a program that displays captured file information.

"Additional Tasks" Page

·Start Menu Shortcuts-Start Menu shortcut-add shortcuts to the Start Menu

·Desktop Icon-Desktop icon-add Wireshark icon to desktop

·Quick Launch Icon-Quick Start icon-Add a Wireshark icon to the Quick Start toolbar.

·Associate file extensions to Wireshark-Wireshark File Association-associate the default open mode of the capture package to Wireshark.

Install WinPcap ?" Page

The Wireshark installation package contains the latest WinPcap installation package.

If you have not installed WinPcap. You cannot capture network traffic. However, you can still open the capture package file to save.

·Currently installed WinPcap version-Currently installed WinPcap version

·Install WinPcap x. x-If the current installed version is earlier than the built-in Wireshark version, this option will be the default value.

·Start WinPcap service "NPF" at startup-Run the WinPcap service NPF at startup-so that other non-administrator users can capture the package.