Linux HOWTOs

About | Home | Search


HOWTO: wireshark
Description: Network protocol analyzer (packet sniffer)
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything


# Wireshark 1.0.0
# ===============
# Wireshark was formerly known as Ethereal.  See the FAQ if you're curious
# about the name change:
# http://www.wireshark.org/faq.html
#
# If you have Ethereal installed, go to the bottom of my Ethereal howto for
# uninstallation instructions before you install Wireshark.

# Slackware does not have Wireshark (or Ethereal) packages, but if you are
# looking for a package, you can find one here:
# http://www.linuxpackages.net/search_view.php?by=name&name=wireshark

# Prerequisites:
# bison
# flex >= 2.5.1
# Perl
# Python (optional)
# rpm (optional)
# pkg-config
# libpcap
# GnuTLS or OpenSSL (optional)
# zlib (optional)
# ucd-snmp/net-snmp (optional)
# Glib and GTK+ 1.x or 2.x
# libiconv
# XFree86 or X.org libraries (for the gui wireshark)
# See the "Requirements For Compiling" section of the Wireshark web site
# for others.

# If you have trouble downloading Wireshark with the URL below, try here:
# http://prdownloads.sourceforge.net/wireshark/wireshark-1.0.0.tar.bz2
# http://www.wireshark.org/download/src/wireshark-1.0.0.tar.bz2

cd
test -f installed/wireshark-1.0.0.tar.bz2 &&
 mv installed/wireshark-1.0.0.tar.bz2 .
test ! -f wireshark-1.0.0.tar.bz2 &&
 wget http://downloads.sf.net/wireshark/wireshark-1.0.0.tar.bz2

# Verify tarball w/ md5sum:
echo "90e58c595f082da3ad9390d714f16116  wireshark-1.0.0.tar.bz2" | md5sum -c

# Verify tarball w/ sha1sum:
echo "4f53f526359a072665812deca980999bd26e6ab0  wireshark-1.0.0.tar.bz2" | \
 sha1sum -c

# Verify tarball w/ OpenSSL using RMD-160:
# (the two lines should match)
echo "12016f80d30954bdc89163958e7d007543b3327e" ; \
 openssl rmd160 wireshark-1.0.0.tar.bz2 | cut -d' ' -f2

mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "ethereal-*" -exec rm -r {} \;
find -maxdepth 1 -type d -name "wireshark-*" -exec rm -r {} \;
tar xjvf ~/wireshark-1.0.0.tar.bz2
cd wireshark-1.0.0
test $UID = 0 && chown -R root:root .

# If you have the X libraries installed but don't want to build the
# wireshark binary (you only need the text-based tshark), add
# --disable-wireshark to the configure line below.

# If you have ucd/net-snmp installed but do not want to build it in, add
# either --with-net-snmp=no or --with-ucd-snmp=no to the configure line,
# depending on the one that you have.

# If you would rather build wireshark and/or tshark with Glib/GTK+ 1.x
# support, add --disable-gtk2 to the configure line

# wireshark needs to run as root to have access to interfaces and the like.
# If you need to run it from X, you're probably best off starting X as root
# or starting X as a non-root user and su-ing.  You can add
# --enable-setuid-install to configure below, but running it (and just about
# anything else) suid root is generally thought to be dangerous.
#
# Don't forget that you can run the text-based tshark as root in or out
# of X.

# If you have GnuTLS and OpenSSL installed, it will use GnuTLS
# (even if you pass --with-ssl=/path/to/openssl)
#
# If you don't have OpenSSL installed in the usual source-installed place
# (/usr/local/ssl), like if you're using a distribution package that puts it
# under the /usr prefix, specify --with-openssl below without a PATH and
# configure should find it.

# To only build the text-based tshark (not the GTK+ based wireshark)
# pass --disable-wireshark to configure

./configure --with-ssl=/usr/local/ssl --disable-ipv6 --enable-threads
make

# Become root to install it
su

find /usr/local/lib/wireshark/plugins/* -type d \
 -exec rm -r {} \; 2> /dev/null
make install-strip
chown -R $USER .
ldconfig

# Become yourself again
exit

cd
mkdir -p -m 0700 installed
rm -f installed/wireshark-*.tar.*
mv wireshark-1.0.0.tar.bz2 installed/

# ~/src/wireshark-1.0.0/image/hi48-app-wireshark.png can be used as a
# desktop icon


# If you ever want to uninstall Wireshark, this should do it:
cd
su
test -d src/wireshark-* && ( cd src/wireshark-* ; make uninstall )
( cd /usr/local/bin ; rm -f capinfos dftest dumpcap editcap  \
 idl2wrs mergecap randpkt text2pcap tshark wireshark )
( cd /usr/local/lib ; rm -f libwireshark.* libwiretap.* )
test -d /usr/local/lib/wireshark && rm -r /usr/local/lib/wireshark
( cd /usr/local/man/man1 ; rm -f capinfos.1 dumpcap.1 editcap.1 \
 idl2wrs.1 mergecap.1 tshark.1 text2pcap.1 wireshark.1 )
rm -f /usr/local/man/man4/wireshark-filter.4
test -d /usr/local/share/wireshark && rm -r /usr/local/share/wireshark
ldconfig
exit
find ~/src -maxdepth 1 -type d -name "wireshark-*" -exec rm -r {} \;
rm -f ~/installed/wireshark-*.tar.*

Back to the list


Last updated: Wed, 29 Apr 2020 22:04:50 -0400
Jason Englander <jason at englanders dot us>