HOWTO Wireshark latest version (64-32)

Post tutorials, HOWTO's and other useful resources here.
liguero
White ninja
White ninja
Posts: 14
Joined: 16 Mar 2012, 09:13
Location: FRANCE

HOWTO Wireshark latest version (64-32)

Post#1 by liguero » 10 Apr 2012, 18:42

Module Wireshark latest version Porteus 1.1 (32-64 bit)

Based on "wireshark-1.7.1.tar.bz2" : http://wiresharkdownloads.riverbed.com/wireshark/src/
Based on "wireshark.SlackBuild" : http://repository.slacky.eu/slackware64 ... 1.6.5/src/

Required modules and files before compilation :

Use "slackyd" to download the packages :slackyd -u; slackyd -p

Required packages :
slackyd -g bison-2.4.3
slackyd -g flex-2.5.35
slackyd -g krb5-1.9.1 (Kerberos)

If necessary, a little script "modules-req.sh" does the job. (code , SELECT ALL, open KWrite,copy, paste, save as).

Code: Select all

#!/bin/bash

packreq="bison flex krb5-1.9.1" 

slackyd -p; slackyd-u

for pack in $packreq; do
 slackyd -g $pack
done

for pack in `ls /var/slackyd/*.txz`;do
  txz2xzm $pack ${pack%.txz}.xzm
  echo activate ${pack%.txz}.xzm
done  
Required files :
slack-desc, slack-required, wireshark.SlackBuild

If it is really needed you can add this modules (geo-location, dns-name ...)

Optional packages : geoip, c-ares, libsmi, lua, portaudio

link for 32 bit : http://repository.slacky.eu/slackware-1 ... oIP/1.4.8/

Let's go :

1. Config wireshark.SlackBuild : if needed, you just have to change the version number :
At the beginning of the file : line 41 : VERSION=${VERSION:-1.7.1}

Compilation and package creation :

The script "wireshark.SlackBuild" downloads "wireshark-1.7.1.tar.bz2", performs compilation and makes package.
The final result is the file wireshark-1.7.1-x86_64-1sl.txz or wireshark-1.7.1-i486-1sl.txz

2. Files creation :
code , SELECT ALL, open KWrite,copy, paste, save as for each file.
a. slack-desc
b. slack-required
c. wireshark.SlackBuild

File slack-desc

Code: Select all

# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description.  Line
# up the first '|' above the ':' following the base package name, and the '|'
# on the right side marks the last column you can put a character in.  You must
# make exactly 11 lines for the formatting to be correct.  It's also
# customary to leave one space after the ':'.

         |-----handy-ruler---------------------------------------------------|
wireshark: WireShark (GTK2+ Network Sniffer)
wireshark:
wireshark: Wireshark (aka Ethereal) is  a  free  packet  sniffer  computer
wireshark: application. It  is  used for network troubleshooting, analysis
wireshark: software and communications, protocol development and education
wireshark: Wireshark  uses  the  cross-platform  GTK+ widget  toolkit. Its
wireshark: powerful  features  make  it  the  tool  of  choice for network
wireshark: troubleshooting, protocol development, and education worldwide.
wireshark:
wireshark:
wireshark:
File slack-required

Code: Select all

atk >= 1.32.0-x86_64-1
attr >= 2.4.45-x86_64-1
c-ares >= 1.7.5-x86_64-1sl
cairo >= 1.10.2-x86_64-2
cxxlibs >= 6.0.14-x86_64-1
expat >= 2.0.1-x86_64-2
fontconfig >= 2.8.0-x86_64-1
freetype >= 2.4.4-x86_64-1
gdk-pixbuf2 >= 2.23.3-x86_64-1
geoip >= 1.4.8-x86_64-1sl
glib2 >= 2.28.6-x86_64-1
glibc-solibs >= 2.13-x86_64-4
gnutls >= 2.10.5-x86_64-1
gtk+2 >= 2.24.4-x86_64-1
krb5 >= 1.9.1-x86_64-1sl
libX11 >= 1.4.3-x86_64-2
libXau >= 1.0.6-x86_64-1
libXcomposite >= 0.4.3-x86_64-1
libXcursor >= 1.1.11-x86_64-1
libXdamage >= 1.1.3-x86_64-1
libXdmcp >= 1.1.0-x86_64-1
libXext >= 1.2.0-x86_64-1
libXfixes >= 5.0-x86_64-1
libXi >= 1.4.2-x86_64-1
libXinerama >= 1.1.1-x86_64-1
libXrandr >= 1.3.1-x86_64-1
libXrender >= 0.9.6-x86_64-1
libcap >= 2.20-x86_64-1
libgcrypt >= 1.4.6-x86_64-1
libgpg-error >= 1.9-x86_64-1
libnl >= 1.1-x86_64-1
libpcap >= 1.1.1-x86_64-1
libpng >= 1.4.8-x86_64-1_slack13.37
libsmi >= 0.4.8-x86_64-1sl
libxcb >= 1.7-x86_64-1
lua >= 5.1.4-x86_64-2sl
ncurses >= 5.9-x86_64-1
openssl >= 0.9.8r-x86_64-3 | openssl-solibs >= 0.9.8r-x86_64-3
pango >= 1.28.4-x86_64-1
pixman >= 0.20.2-x86_64-1
readline >= 5.2-x86_64-4
zlib >= 1.2.5-x86_64-4
File wireshark.SlackBuild

Code: Select all

#!/bin/sh
# Copyright Loris Vincenzi (http://www.slacky.eu)
# All rights reserved.
#
# Heavily based on the Slackware 13.37 SlackBuild
# http://www.wireshark.org
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# Required: GeoIP, c-ares, krb5, libsmi, lua, portaudio
#
# Exit on most errors
set -e 

# Set variables:
case "$(uname -m)" in
      i?86) ARCH="i486" ;;
      x86_64) ARCH="x86_64" ;;
      *) echo "$(uname -m) architecture is not available." ; exit 1 ;;
esac
CWD=`pwd`
OUTPUT=${OUTPUT:-$CWD}
PKGNAME=wireshark
TMP=${TMP:-/tmp/buildpkgs/$PKGNAME}
PKG=$TMP/package
VERSION=${VERSION:-1.7.1}
JOBS=${JOBS:--j2}
BUILD=${BUILD:-1}
TAG=${TAG:-sl}

SOURCE="http://wiresharkdownloads.riverbed.com/wireshark/src/$PKGNAME-$VERSION.tar.bz2"
#http://wiresharkdownloads.riverbed.com/wireshark/src/
# Download sorce tarball if still not present
if [ ! -e $CWD/$PKGNAME-$VERSION.tar.bz2 ]; then
wget -c $SOURCE
fi

# Set compiling FLAGS
if [ "$ARCH" = "i486" ]; then
  SLKCFLAGS="-O2 -march=i486 -mtune=i686"; SLKLDFLAGS=""; LIBDIRSUFFIX=""; CHOST="i486"
elif [ "$ARCH" = "i686" ]; then
  SLKCFLAGS="-O2 -march=i686 -mtune=i686"; SLKLDFLAGS=""; LIBDIRSUFFIX=""; CHOST="i686"
elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"; SLKLDFLAGS="-L/usr/lib64"; LIBDIRSUFFIX="64"; CHOST="x86_64"
fi

# Create building directory
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT

# Decompress the source tarball
cd $TMP
tar xvjf $CWD/$PKGNAME-$VERSION.tar.bz2

echo -e "\E[0;32m+----------------------------+\E[0;0m"
echo -e "\E[0;32m| Start SlackBuild Wireshark |\E[0;0m"
echo -e "\E[0;32m+----------------------------+\E[0;0m"

# Adjust permissions and ownerships
cd $PKGNAME-$VERSION
chmod -R u+w,go+r-w,a-s .
chown -R root:root .

# Building Wireshark  package
LDFLAGS="$SLKLDFLAGS" \
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure 	--prefix=/usr \
		--sysconfdir=/etc \
		--localstatedir=/var \
		--libdir=/usr/lib${LIBDIRSUFFIX} \
		--disable-static \
		--mandir=/usr/man \
		--docdir=/usr/doc/$PKGNAME-$VERSION \
		--with-ssl=/usr/lib${LIBDIRSUFFIX} \
		--enable-threads \
		--disable-usr-local \
		--with-krb5=/usr/kerberos \
		--program-prefix= \
		--program-suffix= \
		--build=$CHOST-slackware-linux
# Build and install
echo -e "\E[0;32mPress any key to build the package!\E[0;0m"
read
make $JOBS
make install DESTDIR=$PKG

# Installing desktop file menu
sed -i -e "s#.*Icon=.*#Icon=wsicon.svg#g" wireshark.desktop
install -m 644 -p -D wireshark.desktop  $PKG/usr/share/applications/wireshark.desktop

# Installing icons directory
cd image/
for res in 16 32 48 ;do
  dir=${PKG}/usr/share/icons/hicolor/${res}x${res}/apps
  mkdir -p ${dir}
  install -m0644 hi${res}-app-wireshark.png \
                 ${dir}/${PKGNAME}.png
done
  dir=${PKG}/usr/share/icons/hicolor/scalable/apps
  mkdir -p ${dir}
  install -m0644 wsicon.svg \
                 ${dir}/wsicon.svg
cd - 

# Strip binaries and shared objects, if present
( cd $PKG
  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs -r strip --strip-unneeded 2> /dev/null || true
  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs -r strip --strip-unneeded 2> /dev/null || true
  find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs -r strip --strip-unneeded 2> /dev/null || true
)

#Add documentation files: readme, changelog and so on
mkdir -p $PKG/usr/doc/$PKGNAME-$VERSION/SlackBuild
cp -a AUTHORS COPYING ChangeLog INSTALL* NEWS README.linux $PKG/usr/doc/$PKGNAME-$VERSION
chmod 644 $PKG/usr/doc/$PKGNAME-$VERSION/*

# Also add the slack-desk file and this slackbuild to the package
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/slack-desc > $PKG/usr/doc/$PKGNAME-$VERSION/SlackBuild/slack-desc
cat $CWD/$PKGNAME.SlackBuild > $PKG/usr/doc/$PKGNAME-$VERSION/SlackBuild/$PKGNAME.SlackBuild

# Compress the man pages if present
if [ -d $PKG/usr/man ]; then
    ( cd $PKG/usr/man
      find . -type f -exec gzip -9 {} \;
      for i in $( find . -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
    )
fi

# Building some post-install execution script 	
 	echo "if [ -x /usr/bin/update-desktop-database ]; then
  /usr/bin/update-desktop-database 1> /dev/null 2> /dev/null
fi" >> $PKG/install/doinst.sh
	echo "" >> $PKG/install/doinst.sh
	echo "if [ -x /usr/bin/gtk-update-icon-cache ]; then
  /usr/bin/gtk-update-icon-cache  -f -q /usr/share/icons/hicolor 1> /dev/null 2> /dev/null
fi" >> $PKG/install/doinst.sh
	echo "" >> $PKG/install/doinst.sh

# Find and print dependencies into slack-required file
cd $PKG
chown -R root:root $PKG
if [ -x /usr/bin/requiredbuilder ];then
    EXCLUDE="gcc, gcc-g++" requiredbuilder -y -v -s  $CWD $PKG
fi
# Create txz package
/sbin/makepkg -l y -c n $OUTPUT/$PKGNAME-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-txz}

# Cleanup if enabled
if [ "$1" = "--cleanup" ]; then
 rm -rf $TMP
fi

3. chmod +x wireshark.SlackBuild

4. Run wireshark.SlackBuild as root (su + password):
./wireshark.SlackBuild

Wait for compilation end ...
Slackware package wireshark-1.7.1-x86_64-1sl.txz or wireshark-1.7.1-i486-1sl.txz created.

5.Convert tgz to xzm: "Y" = x86_64 or i486
txm2xzm wireshark-1.7.1-Y-1sl.txz wireshark-1.7.1-Y-1sl.xzm

6. Activate module:
activate wireshark-1.7.1-Y-1sl.xzm

Module is now in the folder porteus/modules and activated.
Command appears in menu KDE system.

7. Wireshark Linux for nonroot user (set suid bit):
Wireshark's developers strongly recommend against running as root. As of 9.10, Wireshark installs to menu with no root option, making it useless.
To grant a user permission to capture network traffic using Wireshark or tshark, the system administrator should add the user to wireshark group.

We create a new group "wireshark", add user "guest" to this group. Soft "wireshark" belongs to this group,owner is root and bit suid is set.

root@porteus:/home/guest# groupadd wireshark
root@porteus:/home/guest# usermod -G wireshark -a guest
root@porteus:/home/guest# chgrp wireshark /usr/bin/dumpcap
root@porteus:/home/guest# chmod u+s o-rx /usr/bin/dumpcap (or chmod 4750 /usr/bin/dumpcap )
root@porteus:/home/guest# ls -l /usr/bin/dumpcap
-rwsr-x--- 1 root wireshark 77464 avril 7 12:53 /usr/bin/dumpcap*

Only root and user of group "wireshark" are allowed to capture network traffic.

Log out and log in again. Adding a currently logged in user to a group using groupadd does not take effect until the user has logged out.

The modules "bison" and "flex" no longer required after compilation.You can remove them from the folder "porteus/modules" and store them elsewhere.