Wireshark源碼安裝

通過 apt-get 獲得的Wireshark與最新版相比,總是有一些落后的。通過編譯源代碼安裝,則總是能夠最及時的嘗試Wireshark最新的功能。本文就來與大家分享,通過源碼安裝Wireshark的過程。

編譯安裝Wireshark

首先在Wireshark官網下載最新的源碼包,地址。

Wireshark Download Site

當前最新版是2.2.1。下載Wireshark:

wget https://2.na.dl.wireshark.org/src/wireshark-2.2.1.tar.bz2

配置、編譯并安裝:

$ tar xvf wireshark-2.2.1.tar.bz2
$ cd wireshark-2.2.1
$ ./configure --enable-wireshark  --enable-dumpcap --enable-tfshark --with-gnutls --with-gcrypt=yes
$ make
$ sudo make install

還可以通過./configure --help了解誒Wireshark的更多編譯配置選項:

$ ./configure --help
`configure' configures Wireshark 2.2.1 to adapt to many kinds of systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to this package
      --help=recursive    display the short help of all the included packages
  -V, --version           display version information and exit
  -q, --quiet, --silent   do not print `checking ...' messages
      --cache-file=FILE   cache test results in FILE [disabled]
  -C, --config-cache      alias for `--cache-file=config.cache'
  -n, --no-create         do not create output files
      --srcdir=DIR        find the sources in DIR [configure dir or `..']

Installation directories:
  --prefix=PREFIX         install architecture-independent files in PREFIX
                          [/usr/local]
  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                          [PREFIX]

By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc.  You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.

For better control, use the options below.

Fine tuning of the installation directories:
  --bindir=DIR            user executables [EPREFIX/bin]
  --sbindir=DIR           system admin executables [EPREFIX/sbin]
  --libexecdir=DIR        program executables [EPREFIX/libexec]
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
  --infodir=DIR           info documentation [DATAROOTDIR/info]
  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
  --mandir=DIR            man documentation [DATAROOTDIR/man]
  --docdir=DIR            documentation root [DATAROOTDIR/doc/wireshark]
  --htmldir=DIR           html documentation [DOCDIR]
  --dvidir=DIR            dvi documentation [DOCDIR]
  --pdfdir=DIR            pdf documentation [DOCDIR]
  --psdir=DIR             ps documentation [DOCDIR]

Program names:
  --program-prefix=PREFIX            prepend PREFIX to installed program names
  --program-suffix=SUFFIX            append SUFFIX to installed program names
  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names

System types:
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
  --target=TARGET   configure for building compilers for TARGET [HOST]

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-silent-rules   less verbose build output (undo: "make V=1")
  --disable-silent-rules  verbose build output (undo: "make V=0")
  --enable-static[=PKGS]  build static libraries [default=no]
  --enable-shared[=PKGS]  build shared libraries [default=yes]
  --enable-fast-install[=PKGS]
                          optimize for fast installation [default=yes]
  --enable-dependency-tracking
                          do not reject slow dependency extractors
  --disable-dependency-tracking
                          speeds up one-time build
  --disable-libtool-lock  avoid locking (might break parallel builds)
  --enable-osx-deploy-target
                          choose an OS X deployment target [default=major
                          release on which you're building]
  --disable-largefile     omit support for large files
  --enable-extra-compiler-warnings
                          do additional compiler warnings [default=no]
  --enable-asan           Enable AddressSanitizer (ASAN) for debugging
                          (degrades performance)[default=no]
  --enable-checkhf-conflict
                          Enable hf conflict check for debugging (start-up may
                          be slower)[default=no]
  --enable-warnings-as-errors
                          treat warnings as errors (only for GCC or clang)
                          [default=no]
  --enable-wireshark      build the Wireshark GUI (with Gtk+, Qt, or both)
                          [default=yes]
  --enable-packet-editor  add support for packet editor in Wireshark
                          [default=yes]
  --enable-profile-build  build profile-ready binaries [default=no]
  --enable-tshark         build tshark [default=yes]
  --enable-editcap        build editcap [default=yes]
  --enable-capinfos       build capinfos [default=yes]
  --enable-captype        build captype [default=yes]
  --enable-mergecap       build mergecap [default=yes]
  --enable-reordercap     build reordercap [default=yes]
  --enable-text2pcap      build text2pcap [default=yes]
  --enable-dftest         build dftest [default=yes]
  --enable-randpkt        build randpkt [default=yes]
  --enable-dumpcap        build dumpcap [default=yes]
  --enable-rawshark       build rawshark [default=yes]
  --enable-echld          support echld (Experimental) [default=no]
  --enable-tfshark        build tfshark (Experimental) [default=no]
  --enable-pcap-ng-default
                          use the pcap-ng file format by default instead of
                          pcap [default=yes]
  --enable-setcap-install install dumpcap with cap_net_admin and cap_net_raw
                          [default=no]
  --enable-setuid-install install dumpcap as setuid [default=no]
  --enable-androiddump    build androiddump [default=yes]
  --enable-androiddump-use-libpcap
                          build androiddump using libpcap [default=no]
  --enable-sshdump        build sshdump [default=yes]
  --enable-ciscodump      build ciscodump [default=yes]
  --enable-randpktdump    build randpktdump [default=yes]

Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
                          both]
  --with-aix-soname=aix|svr4|both
                          shared library versioning (aka "SONAME") variant to
                          provide on AIX, [default=aix].
  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
  --with-sysroot[=DIR]    Search for dependent libraries within DIR (or the
                          compiler's sysroot if not specified).
  --with-qt=[yes/no/4/5]  use Qt [default=yes, if available]
  --with-gtk=[yes/no/2/3] use GTK+ [default=yes, if available]
  --with-gnutls=[yes/no]  use GnuTLS library [default=yes, if available]
  --with-gcrypt=[yes/no]  use gcrypt library [default=yes, if available]
  --with-libgcrypt-prefix=PFX
                          prefix where LIBGCRYPT is installed (optional)
  --with-libnl[=VERSION]  use libnl (force version VERSION, if supplied)
                          [default: yes, if available]
  --with-libsmi=[DIR]     use libsmi MIB/PIB library [default=yes], optionally
                          specify the prefix for libsmi
  --with-osx-integration  use OS X integration functions [default=yes, if
                          available]
  --with-pcap[=DIR]       use libpcap for packet capturing [default=yes]
  --with-pcap-remote      use libpcap remote capturing (requires libpcap)
  --with-zlib[=DIR]       use zlib (located in directory DIR, if supplied) for
                          gzip compression and decompression [default=yes, if
                          available]
  --with-lua[=DIR]        use liblua (located in directory DIR, if supplied)
                          for the Lua scripting plugin [default=yes, if
                          available]
  --with-portaudio[=DIR]  use libportaudio (located in directory DIR, if
                          supplied) for the GTK+ RTP player [default=yes, if
                          available]
  --with-dumpcap-group=GROUP
                          restrict dumpcap to GROUP
  --with-libcap[=DIR]     use libcap (located in directory DIR, if supplied)
                          for POSIX.1e capabilities management [default=yes,
                          if present]

一切都很順利。

權限問題的解決

通過在命令行中輸入 wireshark-gtk ,可以執行我們剛剛安裝的Wireshark。然而當我們選中一個網卡,想要啟動抓包時,則獲得了如下的報錯:

錯誤提示說缺乏足夠的權限。在命令行中執行 tshark 時同樣報錯:

$ tshark
Running as user "hanpfei0306" and group "hanpfei0306".
Capturing on 'wlp3s0'
tshark: The capture session could not be initiated on interface 'wlp3s0' (You don't have permission to capture on that device).
Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
0 packets captured

在網上找到了如下的解決方法:
1.添加wireshark用戶組

$ sudo groupadd wireshark

2.將dumpcap更改為wireshark用戶組

$ sudo chgrp wireshark /usr/bin/dumpcap

3.讓wireshark用戶組有root權限使用dumpcap

$ sudo chmod 4755 /usr/bin/dumpcap

4.將需要使用的用戶名加入wireshark用戶組,我的用戶名是hanpfei0306

$ sudo gpasswd -a hanpfei0306 wireshark

然而這根本不起作用。

突然想到,命令中執行的 tshark 和 wireshark-gtk 所用的dumpcap 是否不是 /usr/bin/dumpcap呢?查找系統所有名字中包含dumpcap的文件:

$ locate dumpcap
/usr/bin/dumpcap
/usr/local/bin/dumpcap
/usr/local/share/man/man1/dumpcap.1
/usr/local/share/wireshark/dumpcap.html
/usr/share/man/man1/dumpcap.1.gz
/usr/share/wireshark/dumpcap.html

還真是找到了多個 dumpcap 可執行文件。

我們針對 /usr/local/bin/dumpcap 執行上面類似的步驟:

$ sudo chgrp wireshark /usr/local/bin/dumpcap
$ sudo chmod u+s /usr/local/bin/dumpcap

再次在命令中執行tshark:

$ tshark
Running as user "hanpfei0306" and group "hanpfei0306".
Capturing on 'wlp3s0'
  1 0.000000000 fe80::71ee:909:10db:13ec → ff02::fb     MDNS 180 Standard query 0x0000 PTR _ftp._tcp.local, "QM" question PTR _nfs._tcp.local, "QM" question PTR _afpovertcp._tcp.local, "QM" question PTR _smb._tcp.local, "QM" question PTR _sftp-ssh._tcp.local, "QM" question PTR _webdavs._tcp.local, "QM" question PTR _webdav._tcp.local, "QM" question
  2 0.000054449 10.242.119.221 → 224.0.0.251  MDNS 160 Standard query 0x0000 PTR _ftp._tcp.local, "QM" question PTR _nfs._tcp.local, "QM" question PTR _afpovertcp._tcp.local, "QM" question PTR _smb._tcp.local, "QM" question PTR _sftp-ssh._tcp.local, "QM" question PTR _webdavs._tcp.local, "QM" question PTR _webdav._tcp.local, "QM" question
  3 3.193236858 10.242.119.221 → 61.91.161.217 TCP 66 34736→443 [ACK] Seq=1 Ack=1 Win=350 Len=0 TSval=40947011 TSecr=317612596
  4 3.345237101 10.242.119.221 → 61.91.161.217 TCP 66 34752→443 [ACK] Seq=1 Ack=1 Win=368 Len=0 TSval=40947049 TSecr=317612749
  5 3.654180454 61.91.161.217 → 10.242.119.221 TCP 66 [TCP ACKed unseen segment] 443→34736 [ACK] Seq=1 Ack=2 Win=243 Len=0 TSval=317658055 TSecr=40912897
  6 3.713688791 61.91.161.217 → 10.242.119.221 TCP 66 [TCP ACKed unseen segment] 443→34752 [ACK] Seq=1 Ack=2 Win=334 Len=0 TSval=317658110 TSecr=40924362

OK了。

最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容