網頁

2015年6月7日 星期日

Ubunut/Lubuntu --- Install the current or nearby release Wireshark version on Lubuntu 14.04

What is the popular network analyzer in the 'Open Source' world? I think the Wireshark will be best choose. 
Although the Wireshark package list in the most Linux distribution repositories, the current or nearby release version almost not exist in the default repositories. This is why we need to do other choice by finding the PPA or compiling the Wireshark source.

Install Wireshark via PPA 
(# 1)
In a terminal, we have to add the PPA to the Lubuntu 14.04 system by using the sudo add-apt-repository ppa:pi-rho/security command.
next to update the local repository index with the latest change by using the sudo apt-get update command. 

Finally, install the Wireshark package by using the sudo apt-get install wireshark command

In the installation process, we have to do other steps for the specific user to use wireshark if we choose the non-superusers can capture packets.
                              
To create a new group 'wireshark' by using the sudo groupadd wireshark command
To add a login user to a specific group by using the sudo usermod -G wireshark -a command
To change a group ownership of a file/files by using the sudo chgrp wireshark /usr/bin/dumpcap command
To set a file/directory permission by using the sudo chmod 750 /usr/bin/dumpcap command.
To grant the use of RAW/PACKET sockets(cap_net_raw) and various network-related operation(cap_net_admin) capabilities by using the sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap command. (# 2)
To verify this change by using the sudo getcap /usr/bin/dumpcap command.

At the moment, please log out and back in for the new group assignment to take effect and execute the wireshark command in the terminal. So do that we can see the full list of available adapters and can begin sniffing now.

Install Wireshark from Sources
Install the Wireshark required dependencies including tools/libs by using the sudo apt-get build-dep wireshark (# 3) 
and sudo apt-get install qt4-default command.

To download the Wireshark archive from Wireshark Official WebSite  or by using the wget https://2.na.dl.wireshark.org/src/wireshark-1.12.5.tar.bz2 --no-check-certificate command.

To unpack the Wireshark compressed file by using the tar -xjvf ./wireshark-1.12.5.tar.bz2 command and change directory to the extracted folder

To configure the build directory by using the ./autogen.sh script.

To compile the source for building correctly the Linux version by using the ./configure --enable-setcap-install script.
To build the sources by using the make command
To install the software by using the sudo make install command.

To run sudo ldconfig to properly update the shared library symbolic link.
Once the wireshark is installed, we can run it by using the wireshark command directly.

Reference :

(# 1).   Remove Wireshark by using the sudo apt-get remove wireshark command
(# 2).   eip indicate the capabilities list grants them in the effective, inheritable, and permitted bitmaps, respectively.
(# 3).   If we got the error message as follows:
            To resolve it by using the sudo apt-get install libjack0 command
            and sudo apt-get install libcap-dev command

沒有留言:

張貼留言

Since 2010 Design by Davidwa
©Copyright Davidwa Inc. All rights reserved.