Compile and install Wireshark on Fedora and Ubuntu Linux

Wireshark is the world’s most popular network analyzer. Almost every computer professional comes to a point when a network protocol analyzer is required to get the deepest visibility in determining what is causing network performance issues.

Grabbing the latest Wireshark release for Windows and Mac OS X is easy enough. You just point your web browser to http://www.wireshark.org to grab it. If you happen to use Linux as your OS of choice, things can be a little trickier.

The Wireshark package listed with most Linux distribution repositories is usually a version or two behind the current stable release. Even if the repositories have the latest stable release, what do you do if you want to try out the bleeding edge features of the latest development release? You may have no other choice except to do a source-based installation. This post will show you how to do just that.

Get Wireshark
Navigate your web browser to http://www.wireshark.org/download.html. In my example, I click the Development Release | Source Code link to download the wireshark-1.5.1.tar.bz2 compressed tarball file. Most will choose the Stable Release | Source Code.

Compile and Install Wireshark
Fedora and Ubuntu/Mint slightly differ which I will detail in their respective sections.

# Fedora
You may need to download and install the Development Tools package group. This package group is similar to build-essential on Debian-based Linux distributions. Run the following commands from the terminal:

$ su -c 'yum clean all'
$ su -c 'yum update'
$ su -c 'yum groupinstall "Development Tools"'

We need to fetch some dependency packages to ensure a successful source-based installation of Wireshark. Run this command from the terminal:

$ su -c 'yum install bison flex gtk2-devel libpcap-devel c-ares-devel libsmi-devel gnutls-devel libgcrypt-devel krb5-devel GeoIP-devel ortp-devel portaudio-devel'

Change to the directory where you saved the Wireshark compressed tarball file. I saved the file in my $HOME/Downloads directory. Run this command from the terminal:

$ cd ~/Downloads

We will now unpack the Wireshark compressed tarball file to the /tmp directory. Run this command from the terminal:

$ tar xf wireshark-1.5.1.tar.bz2 -C /tmp

Change to the /tmp/wireshark-1.5.1 directory. Run this command from the terminal:

$ cd /tmp/wireshark-1.5.1

Run the autogen.sh script to configure your build directory:

$ ./autogen.sh

Run the configure script. This checks your Linux system to ensure it has the proper library dependencies, in addition to the proper compiler to compile the source code. Run this command from the terminal:

$ ./configure --enable-setcap-install

If everything has checked out, we will see a summary output of the compile-time options for the Wireshark package.

The Wireshark package has been configured with the following options.
                    Build wireshark : yes
                       Build tshark : yes
                     Build capinfos : yes
                      Build editcap : yes
                      Build dumpcap : yes
                     Build mergecap : yes
                    Build text2pcap : yes
                      Build idl2wrs : yes
                      Build randpkt : yes
                       Build dftest : yes
                     Build rawshark : yes

  Install dumpcap with capabilities : yes
             Install dumpcap setuid : no
                  Use dumpcap group : (none)
                        Use plugins : yes
                    Use lua library : no
                 Use python binding : no
                   Build rtp_player : yes
                        Use threads : no
             Build profile binaries : no
                   Use pcap library : yes
                   Use zlib library : yes
                   Use pcre library : no (using GRegex instead)
               Use kerberos library : yes (MIT)
                 Use c-ares library : yes
               Use GNU ADNS library : no (using c-ares instead)
                Use SMI MIB library : yes
             Use GNU crypto library : yes
             Use SSL crypto library : no
           Use IPv6 name resolution : yes
                 Use gnutls library : yes
     Use POSIX capabilities library : no
                  Use GeoIP library : yes

Let’s now build Wireshark. The make command compiles the source code and then the linker to create the final executable files for the package. Run the command from the terminal:

$ make

It’s finally time to install Wireshark. Run this command from the terminal:

$ su -c 'make install'

# Ubuntu/Mint
Let’s start off by updating the local package index with the latest changes made in our defined repositories. Run this command from the terminal:

$ sudo apt-get update

We need to fetch some dependency packages to ensure a successful source-based installation of Wireshark. Run this command from the terminal:

$ sudo apt-get install autoconf bison flex libtool libgtk2.0-dev libpcap-dev libc-ares-dev libsmi2-dev libgnutls-dev libgcrypt11-dev libkrb5-dev libcap2-bin libgeoip-dev libortp-dev libportaudio-dev

Change to the directory where you saved the Wireshark compressed tarball file. I saved the file in my $HOME/Downloads directory. Run this command from the terminal:

$ cd ~/Downloads

We will now unpack the Wireshark compressed tarball file to the /tmp directory. Run this command from the terminal:

$ tar xf wireshark-1.5.1.tar.bz2 -C /tmp

Change to the /tmp/wireshark-1.5.1 directory. Run this command from the terminal:

$ cd /tmp/wireshark-1.5.1

Run the autogen.sh script to configure your build directory:

$ ./autogen.sh

Run the configure script. This checks your Linux system to ensure it has the proper library dependencies, in addition to the proper compiler to compile the source code. Run this command from the terminal:

$ ./configure --enable-setcap-install

If everything has checked out, we will see a summary output of the compile-time options for the Wireshark package.

The Wireshark package has been configured with the following options.
                    Build wireshark : yes (with GTK+ 2)
                       Build tshark : yes
                     Build capinfos : yes
                      Build editcap : yes
                      Build dumpcap : yes
                     Build mergecap : yes
                   Build reordercap : yes
                    Build text2pcap : yes
                      Build randpkt : yes
                       Build dftest : yes
                     Build rawshark : yes

   Save files as pcap-ng by default : yes
  Install dumpcap with capabilities : yes
             Install dumpcap setuid : no
                  Use dumpcap group : (none)
                        Use plugins : yes
                    Use Lua library : no
                 Use Python binding : no
                   Build rtp_player : yes
             Build profile binaries : no
                   Use pcap library : yes
                   Use zlib library : yes
               Use kerberos library : yes (MIT)
                 Use c-ares library : yes
               Use GNU ADNS library : no (using c-ares instead)
                Use SMI MIB library : yes
             Use GNU crypto library : yes
             Use SSL crypto library : no
           Use IPv6 name resolution : yes
                 Use gnutls library : yes
     Use POSIX capabilities library : no
                  Use GeoIP library : yes
                     Use nl library : no

Let’s now build Wireshark. The make command compiles the source code and then the linker to create the final executable files for the package. Run the command from the terminal:

$ make

It’s finally time to install Wireshark. Run this command from the terminal:

$ sudo make install

Run Wireshark
We have come to the easiest step of the process. Run Wireshark with this command from the terminal:

$ wireshark &

Troubleshooting
If you get an error that states wireshark: error while loading shared libraries: libwireshark.so.0: cannot open shared object file: No such file or directory, then just run ldconfig to properly update the shared library symbolic links. Run this command from the terminal:

# Fedora

$ su -c '/sbin/ldconfig'

# Ubuntu/Mint

$ sudo ldconfig

Read More

Cisco Security Device Manager on the Mac

Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool that enables you to deploy and manage the services on a Cisco IOS router. Even if you decide to do your initial configuration with the CLI, the Monitoring mode of the SDM is a great way to get a graphical real-time "pulse" on the state of your router.

The SDM application can run either as an application installed on the your Windows PC or from the router’s flash thru your web browser. This post will show you how to install, and run, the SDM application in Mac OS X. This should go without saying, but don't expect official support from Cisco regarding this configuration.

My main use case for this was to use Mac OS X, with the Cisco SDM, for the CCNA Security lab exercises with GNS3. You could also use these directions to install the Cisco SDM on Linux, albeit with a different method of grabbing the Wine package.

Get and Install the Software
We will now obtain and install the required software in this section. It is very important to download the exact versions of the Mozilla Firefox for Windows and Java Runtime Environment for Windows. If you do a search around the web, you will notice a pattern of issues with SDM when you don't have a compatible Firefox/JRE version pair. I had to do some "trial and error" to find a stable version pair.

#MacPorts
MacPorts will give your Mac OS X operating system access to ~8000 ports (open-source software). Our X server and Wine installations will require the MacPorts infrastructure to be installed and configured correctly. If you don’t have MacPorts already installed, visit http://www.macports.org for the full details of the installation process.

If you have MacPorts already installed, synchronize your installation with the MacPorts rsync server. Open Terminal.app and run this command:

$ sudo port -d selfupdate

#XQuartz X Server
The XQuartz project is an open-source effort to develop a version of the X.org X Window System that runs on Mac OS X. Run this command from Terminal.app to install the latest X11 server on your system thru MacPorts:

$ sudo port -v install xorg-server

#Wine
Wine is a compatibility layer that allows you to run Windows software on your Mac without the requirement of a virtualization hypervisor. We will use Wine for the Windows version of Firefox, Java Runtime Environment (JRE), and the Cisco SDM software. Run this command from Terminal.app to install the latest version of Wine thru MacPorts:

$ sudo port -v install wine

We can verify a successful installation by running this command from Terminal.app:

$ wine notepad &

You should see the Wine Notepad application launch.


#Mozilla Firefox for Windows
Download Mozilla Firefox 3.0.19 for Windows. A simple Google query of “windows firefox 3.0.19 download” should return a list of at least a few sites still hosting this older version. I saved the file to my /Users/marc/Downloads/Windows directory.

We will now install the Firefox application thru Wine. Run this command from Terminal.app (Note: Remember Bash tab completion is your friend):

$ wine "~/Downloads/Windows/Firefox Setup 3.0.19.exe" &

Select the defaults for the Mozilla Firefox Setup Wizard. Uncheck Launch Firefox now at the end of the setup and click Finish.

#Java Runtime Environment for Windows
The Cisco SDM leverages the JRE. Download Java Platform Standard Edition (Java SE) 6 Update 6 from Oracle. I found this file version in the archive section of their site. I saved the file to my /Users/marc/Downloads/Windows directory.

Install the Java Runtime Environment (JRE) thru Wine. Run this command from Terminal.app:

$ wine ~/Downloads/Windows/jre-6u6-windows-i586-p.exe &

• Click the Accept button to install the JRE.
• Click the Finish button to end the setup wizard.

#Cisco Security Device Manager
We have finally come to the installation of the Cisco SDM with all the prerequisite installations complete. You will need to download the Cisco SDM 2.5 from http://www.cisco.com. I’ve unpacked the SDM package to my /Users/marc/Downloads/Windows/SDMv25 directory.

Launch the SDM setup with following command in Terminal.app:

$ wine ~/Downloads/Windows/SDMv25/setup.exe &

• Click the Next button to start the wizard.
• Select I accept the terms of the license agreement and click the Next button.
• Select This Computer on the Install Options screen then click the Next button.

• Click the Next button to accept the default install location.
• Click the Install button on the following screen.
• Click the Finish button to close the Installation Wizard Complete screen.

Configuration
We still have a few configuration steps left for Firefox and the Cisco IOS.

#Firefox
In this step, we will force Firefox to be the default browser when launching the SDM. Run this command from Terminal.app:

$ wine ~/.wine/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe -silent -setDefaultBrowser

We also need to disable the pop-up blocker in Firefox (requirement for SDM). Run this command from Terminal.app to open Firefox:

$ wine ~/.wine/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe &

• Click Tools -> Options from the top toolbar menu.
• Click the Content tab.
• Uncheck Block pop-up windows and click the OK button.

Close the Firefox application.

#Configure IOS for SDM Access
Best practice would dictate you enable the secure web server in a production environment, but I will be using the basic HTTP web server for testing purposes in our example.

Create a user and enable the HTTP server.

R1> enable
R1# conf t
R1(config)# username marc privilege 15 secret cisco
R1(config)# ip http server
R1(config)# ip http authentication local
R1(config)# ip http timeout-policy idle 600 life 86400 requests 1000
R1(config)# exit

Set the IP address for the network interface.

R1(config)# int fa0/0
R1(config-if)# ip address 10.11.1.1 255.255.255.0
R1(config-if)# no shut
R1(config-if)# end

Launch Security Device Manager
We are almost there. Let’s open the SDM Launcher by running this command from Terminal.app:

$ wine ~/.wine/drive_c/Program\ Files/Cisco\ Systems/Cisco\ SDM/SDMLauncher.exe &

• Enter your router IP address/Hostname into the Device IP Address or Hostname field.
• Enable the This device has HTTPS enabled and I want to use it. checkbox if you have configured the ip http secure-server option in the router IOS configuration.
• Click the Launch button to open the SDM Java applet.

A Firefox window should now appear with a login dialog box in the foreground.

• Enter your credentials in the Authentication Required dialog box.
• Click the OK button to login.

We should now be presented with the Cisco Router and Security Device Manager (SDM) window.



Troubleshooting
This section will give you a workaround if you are having graphical issues with SDM. Wine does a pretty good job of translating Windows DirectX, but it is still a little rough around the edges. We can disable DirectX acceleration for Java with a registry setting. This will allow you to launch the SDM in software rendering mode.

Open the Wine Configuration Editor. Run this command from Terminal.app:

$ winecfg &

On the Graphics tab, enable the Emulate a virtual desktop checkbox and create a desktop size of 1024 x 768. Click the OK button to save the settings.


Now open the Wine Control Panel. Run this command from Terminal.app:

$ wine control &

Double-click the Java icon. The Java configuration panel may not launch, and you may also notice a Java exception access violation error in the output of Terminal.app. This step is still necessary because the event creates the proper Java registry data which we will modify in the next step.

Open the Registry Editor. Run this command from Terminal.app:

$ regedit &

• Navigate thru the registry with the path of \HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.6.0_3.
• Double-click the DXAcceleration key.
• Enter 0 for the hexadecimal value and click the OK button.

Close the Registry Editor.

The next time you launch the Cisco SDM you should be able to run the Java applet without graphical glitches.

Read More