How to install Wireshark-2.4.1 in CentOS6

by LauCyun Sep 30,2017 12:03:30 90,892 views

The Wireshark package contains a network protocol analyzer, also known as a “sniffer”. This is useful for analyzing data captured “off the wire” from a live network connection, or data read from a capture file.

Wireshark provides both a graphical and a TTY-mode front-end for examining captured network packets from over 500 protocols, as well as the capability to read capture files from many other popular network analyzers.

1 Dependencies

1.1 Base

Install some basic development tools, such as gcc, gcc-c++, gdb, bison, flex, and byacc.

[root@localhost ~]# yum install -y gcc gcc-c++ gdb bison flex byacc
[root@localhost ~]# yum groupinstall "Development Tools"

1.2 Required

GLib-2.54.0 and libgcrypt-1.8.1

1.3 Recommended

libpcap-1.8.1 (required to capture data), and Qt-5.9.1 (for the Qt5 GUI)

1.4 Optional

c-ares-1.12.0GnuTLS-3.6.0GTK+-3.22.21 or GTK+-2.24.31 (for the legacy GTK GUI), libnl-3.3.0Lua-5.3.4MIT Kerberos V5-1.15.1nghttp2-1.25.0OpenSSL-1.1.0fSBC-1.3libsmilz4GeoIPlibsshPortAudio (for GTK+ RTP player), Snappy, and Spandsp

Note:

The Qt GUI front-end is built by default, if Qt-5.9.1 is found. If you want to build the GTK+ GUI front-end, some configure switches have to be set (see “Command Explanations”).

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/wireshark

2 libpcap

libpcap provides functions for user-level packet capture, used in low-level network monitoring.

Install libpcap by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:
[root@localhost laucyun]# wget http://www.tcpdump.org/release/libpcap-1.8.1.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf libpcap-1.8.1.tar.gz
[root@localhost laucyun]# cd libpcap-1.8.1/
# Conifgure:
[root@localhost libpcap-1.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost libpcap-1.8.1]# make && make install

3 GLib

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.

You need to install some dependencies before installing glib, such as libffi, PCREgettext, and python2.7.

3.1 libffi

The libffi library provides a portable, high level programming interface to various calling conventions. This allows a programmer to call any function specified by a call interface description at run time.

Install libffi by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget https://sourceware.org/ftp/libffi/libffi-3.2.1.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf libffi-3.2.1.tar.gz
[root@localhost laucyun]# cd libffi-3.2.1/
# Configure:
[root@localhost libffi-3.2.1]# ./configure --prefix=/usr --libdir=/usr/lib64 --disable-static
# Install:
[root@localhost libffi-3.2.1]# make && make install

3.2 PCRE

The PCRE package contains Perl Compatible Regular Expression libraries. These are useful for implementing regular expression pattern matching using the same syntax and semantics as Perl 5.

Install PCRE by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf pcre-8.41.tar.gz
[root@localhost laucyun]# cd pcre-8.41/
# Configure:
[root@localhost pcre-8.41]# ./configure --prefix=/usr                     \
                                        --libdir=/usr/lib64               \
                                        --docdir=/usr/share/doc/pcre-8.41 \
                                        --enable-unicode-properties       \
                                        --enable-pcre16                   \
                                        --enable-pcre32                   \
                                        --enable-pcregrep-libz            \
                                        --enable-pcregrep-libbz2          \
                                        --enable-pcretest-libreadline     \
                                        --disable-static                  \
                                        --enable-utf8  
# Install:
[root@localhost pcre-8.41]# make && make install

In ./configure with--enable-utf8, is to prevent the installation of glib when the following mistakes:

checking for PCRE... yes
checking for Unicode support in PCRE... no
configure: error: *** The system-supplied PCRE does not support Unicode properties or UTF-8.
3.2.1 bzip2

When I tried to install pcre8.41, I get this error:

 **Cannot --enable-pcregrep-libbz2 because bzlib.h was not found**.

so you need to install the bzip2 development libraries,  then the command should be:

[root@localhost pcre-8.41]# yum install -y bzip2 bzip2-devel
3.2.2 zlib

When I tried to install pcre8.41, I get this error:

** Cannot --enable-pcregrep-libz because zlib.h was not found

so you need to install the zlib development libraries,  then the command should be:

[root@localhost pcre-8.41]# yum install -y zlib zlib-devel
3.2.3 readline

When I tried to install pcre8.41, I get this error:

** Cannot --enable-pcretest-readline because readline/readline.h was not found.

so you need to install the readline development libraries,  then the command should be:

[root@localhost pcre-8.41]# yum install -y readline readline-devel

3.3 gettext

When I tried to install glib, I get this error:

configure: error: 
*** You must have either have gettext support in your C library, or use the
*** GNU gettext library. (http://www.gnu.org/software/gettext/gettext.html)

First of all to confirm whether the current system is installed gettext, use the command gettext-V to check, if not installed, you need to compile the installation gettext.

Install gettext by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget http://ftp.gnu.org/pub/gnu/gettext/gettext-latest.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf gettext-latest.tar.gz
[root@localhost laucyun]# cd gettext-0.19.8.1/
# Configure:
[root@localhost gettext-0.19.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost gettext-0.19.8.1]# make && make install

3.4 Python 2.7

Centos 6.* comes with Python 2.6, but we can't just replace it with v2.7 because it's used by the OS internally (apparently) so you will need to install v2.7 (or 3.x, for that matter) along with it. Fortunately, CentOS made this quite painless with their Software Collections Repository.

Install python2.7 by running the following commands:

[root@localhost ~]# yum install centos-release-scl # install SCL 
[root@localhost ~]# yum install python27           # install Python 2.7

To use it, you essentially spawn another shell (or script) while enabling the newer version of Python:

[root@localhost ~]# scl enable python27 bash

3.5 GLib

Install GLib by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget http://ftp.gnome.org/pub/gnome/sources/glib/2.54/glib-2.54.0.tar.xz
# Unzip:
[root@localhost laucyun]# xz -d glib-2.54.0.tar.xz
[root@localhost laucyun]# tar -xvf glib-2.54.0.tar
[root@localhost laucyun]# cd glib-2.54.0/
# Configure:
[root@localhost glib-2.54.0]# ./configure --prefix=/usr --libdir=/usr/lib64 --enable-libmount=no
# Install:
[root@localhost glib-2.54.0]# make && make install

4 libgcrypt

The libgcrypt package contains a general purpose crypto library based on the code used in GnuPG. The library provides a high level interface to cryptographic building blocks using an extendable and flexible API.

Install libgcrypt by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.8.1.tar.bz2
# Unzip:
[root@localhost laucyun]# tar -jxvf libgcrypt-1.8.1.tar.bz2
[root@localhost laucyun]# cd libgcrypt-1.8.1/
# Configure:
[root@localhost libgcrypt-1.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost libgcrypt-1.8.1]# make && make install

When I tried to install libgcrypt, I get this error:

checking for gpg-error-config... no
checking for GPG Error - version >= 1.25... no
configure: error: libgpg-error is needed.
                See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .

so you need to install the libgpg-error development libraries,  then the command should be:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf libgpg-error-1.27.tar.gz
[root@localhost laucyun]# cd libgpg-error-1.27/
# Configure:
[root@localhost libgpg-error-1.27]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost libgpg-error-1.27]# make && make install

5 Wireshark

Wireshark is a very large and complex application. These instructions provide additional security measures to ensure that only trusted users are allowed to view network traffic. First, install Wireshark by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget https://www.wireshark.org/download/src/all-versions/wireshark-2.4.1.tar.xz
# Unzip:
[root@localhost laucyun]# xz -d wireshark-2.4.1.tar.xz
[root@localhost laucyun]# tar -xvf wireshark-2.4.1.tar
[root@localhost laucyun]# cd wireshark-2.4.1/
# Configure:
[root@localhost wireshark-2.4.1]# ./configure --prefix=/usr \
                                              --libdir=/usr/lib64 \
                                              --with-gtk=no \
                                              --with-qt=no \
                                              --disable-wireshark \
                                              --sysconfdir=/etc
# make:
[root@localhost wireshark-2.4.1]# make

Command Explanations: 

--with-gtk=[yes/no/2/3]: For the Gtk+ GUI. Default is no. If both Gtk+2 and 3 are installed, and “yes” is selected, default is 3. Obviously, GTK+-2.24.31 or GTK+-3.22.21 must have been built for this to work.

--with-qt=[yes/no/4/5]: For the Qt GUI. Default is yes, if Qt-5.9.1 is found on the system.

--disable-wireshark: Use this switch if you have Qt installed but do not want to build any of the GUIs.

Now, as the root user:

[root@localhost wireshark-2.4.1]# make install &&

install -v -m755 -d /usr/share/doc/wireshark-2.4.1 &&
install -v -m644    README{,.linux} doc/README.* doc/*.{pod,txt} \
                    /usr/share/doc/wireshark-2.4.1 &&

pushd /usr/share/doc/wireshark-2.4.1 &&
   for FILENAME in ../../wireshark/*.html; do
      ln -s -v -f $FILENAME .
   done &&
popd
[root@localhost wireshark-2.4.1]# unset FILENAME

If you are installing wireshark for the first time, it will be necessary to leave the session and login again, thus you will now have wireshark between your groups, otherwise, it will not run properly.

Check the Wireshark installation success through tshark --version command:

[root@localhost ~]# tshark --version
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.4.1 (v2.4.1)

Copyright 1998-2017 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.54.0, with zlib 1.2.3, without SMI, without c-ares, without Lua, without
GnuTLS, with Gcrypt 1.8.1, without Kerberos, without GeoIP, without nghttp2,
without LZ4, without Snappy, without libxml2.

Running on Linux 2.6.32-431.el6.x86_64, with Intel(R) Core(TM) i7-4720HQ CPU @
2.60GHz (with SSE4.2), with 980 MB of physical memory, with locale en_US.UTF-8,
with libpcap version 1.8.1, with Gcrypt 1.8.1, with zlib 1.2.3.

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-18).

Short Descriptions:

capinfos reads a saved capture file and returns any or all of several statistics about that file. It is able to detect and read any capture supported by the Wireshark package.
captype prints the file types of capture files.
dftest is a display-filter-compiler test program.
dumpcap is a network traffic dump tool. It lets you capture packet data from a live network and write the packets to a file.
editcap edits and/or translates the format of capture files. It knows how to read libpcap capture files, including those of tcpdump, Wireshark and other tools that write captures in that format.
idl2wrs is a program that takes a user specified CORBA IDL file and generates “C” source code for a Wireshark “plugin”. It relies on two Python programs wireshark_be.py and wireshark_gen.py, which are not installed by default. They have to be copied manually from the tools directory to the $PYTHONPATH/site-packages/ directory.
mergecap combines multiple saved capture files into a single output file.
randpkt creates random-packet capture files.
rawshark dump and analyze raw libpcap data.
reordercap reorder timestamps of input file frames into output file.
sharkd is a daemon that listens on UNIX sockets.
text2pcap reads in an ASCII hex dump and writes the data described into a libpcap-style capture file.
tshark is a TTY-mode network protocol analyzer. It lets you capture packet data from a live network or read packets from a previously saved capture file.
wireshark is the Qt GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file.
wireshark-gtk is the Gtk+ GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file (optional).
libwireshark.so contains functions used by the Wireshark programs to perform filtering and packet capturing.
libwiretap.so is a library being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. For more information, see the README file in the source wiretap directory.

6 参考

Tags