ubuntu系统wireshark源码编译与安装

官网：https://www.wireshark.org/

官方文档：Wireshark · Documentation

一 介绍

wireshark^[1]是一款抓包工具。wireshark的GUI(用户界面)框架从开发版本 1.11.0 (2013.11.15)开始项目方向的一个重大变化是由GTK+切换到了Qt^[2]。

Wireshark 1.11.0 Development Release^[3]

November 15, 2013

The following features are new (or have been significantly updated) since version 1.10:

• Wireshark now uses the Qt application framework.

二 编译

2.1 编译环境

Ubuntu 20.04.4 LTS

2.2 源码

源码编译参考：2.7. Building from source under UNIX or Linux (wireshark.org)

从官网下载源码后解压。这里下载的是当前最新版本wireshark-4.0.2。

# tar xvf wireshark-4.0.2.tar.xz

2.3 安装依赖

qt

$ sudo apt-get install build-essential

$ sudo apt-get install qtcreator
$ sudo apt-get install qt5-default
//启动qt
$ qtcreator

cmake

apt-get install -y make cmake pkg-config

其他依赖可以根据提示再进行安装。

2.4 cmake编译

cmake编译一般会新建一个编译用的目录

wireshark-4.0.2# mkdir build

cmake编译生成makefile文件

wireshark-4.0.2# cd build/
wireshark-4.0.2/build# cmake ..
-- Configuring done               <<< cmake成功
-- Generating done

cmake编译后虽然还是很多提示Could NOT find，但只要能运行完成没有error提示就不影响后面的编译。

2.4.1 遇到的依赖问题

问题1：缺少pkg-config

wireshark-4.0.2/build# cmake ..

-- Could NOT find PkgConfig (missing: PKG_CONFIG_EXECUTABLE)

解决：

apt-get install -y pkg-config

问题2：缺少GLIB2

-- Checking for one of the modules 'glib-2.0'
CMake Error at /usr/share/cmake-3.16/Modules/FindPackageHandleStandardArgs.cmake:146 (message):
  Could NOT find GLIB2 (missing: GLIB2_LIBRARY GLIB2_MAIN_INCLUDE_DIR

解决：

//1 搜索库
# apt-cache search libglib
gvfs-bin - userspace virtual filesystem - deprecated command-line tools
libglib-object-introspection-perl - Perl bindings for gobject-introspection libraries
libglib-perl - interface to the GLib and GObject libraries
libglib2.0-0 - GLib library of C routines
libglib2.0-bin - Programs for the GLib library
libglib2.0-data - Common files for GLib library
libglib2.0-dev - Development files for the GLib library
libglib2.0-dev-bin - Development utilities for the GLib library
libglib2.0-doc - Documentation files for the GLib library

//2 安装库
# apt-get install -y libglib2.0-dev

问题3：缺少GCRYPT

  Could NOT find GCRYPT (missing: GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR)
  (Required is at least version "1.8.0")

解决：

$ sudo apt-file update
$ apt-file search gcrypt.h
apt-get install libgcrypt-dev

问题4：缺少CARES

Could NOT find CARES (missing: CARES_LIBRARY CARES_INCLUDE_DIR) (Required
  is at least version "1.13.0")

解决：

apt-get install libc-ares-dev

问题5：缺少LEX

 Could NOT find LEX (missing: LEX_EXECUTABLE)

解决：

apt-get install flex bison

问题6：缺少Gettext

-- Could NOT find Gettext (missing: GETTEXT_MSGMERGE_EXECUTABLE GETTEXT_MSGFMT_EXECUTABLE)

解决：

apt-get install gettext

问题7：缺少LIBSSH

-- Could NOT find LIBSSH (missing: LIBSSH_LIBRARIES LIBSSH_INCLUDE_DIRS LIBSSH_VERSION) (Required is at least version "0.6")

解决：

apt-get install libssh-dev
apt-get install libssh2-1-dev

问题8：缺少libpcap

-- Checking for one of the modules 'libpcap'
-- Could NOT find PCAP (missing: PCAP_LIBRARY PCAP_INCLUDE_DIR)

解决：

apt-get install libpcap-dev

问题9：缺少Qt5LinguistTools

  Could not find a package configuration file provided by "Qt5LinguistTools"
  with any of the following names:

    Qt5LinguistToolsConfig.cmake
    qt5linguisttools-config.cmake

解决：

apt-get install qttools5-dev

问题10：缺少Systemd

-- Could NOT find Systemd (missing: SYSTEMD_LIBRARY SYSTEMD_INCLUDE_DIR) (found version "")

可选依赖库可以忽略。

2.5 make编译

cmake生成makefile后

wireshark-4.0.2/build# make

Scanning dependencies of target wmem
[  0%] Building C object wsutil/wmem/CMakeFiles/wmem.dir/wmem_array.c.o
[  0%] Built target wmem
Scanning dependencies of target l16mono
[100%] Linking C shared module ../../../run/plugins/4.0/codecs/l16mono.so
[100%] Built target l16mono

2.6 运行wireshark

make编译生成可执行文件在build/run目录下，可以直接运行。

wireshark-4.0.2/build# run/wireshark
 ** (wireshark:208857) 09:47:59.035931 [Capture MESSAGE] -- Capture Start ...
 ** (wireshark:208857) 09:47:59.885422 [Capture MESSAGE] -- Capture started

可以运行图形界面说明已经成功了！如果希望安装到系统也可以make install，这样就可以加入环境变量只要用wireshark命令就可以启动了。

三 参考

---

1. Wireshark - Arch Linux 中文维基 (archlinuxcn.org) ︎

2. Wireshark 正在使用 Qt 进行重写 - OSCHINA - 中文开源技术交流社区 ︎

3. Wireshark · Wireshark 1.11.0 Development Release ︎