Building Wireshark 2.4.0 for CentOS 7

Some of you might have found the earlier post on Building a Wireshark for CentOS 7. Since then several releases of Wireshark have passed, and now Wireshark has released version 2.4.0 as a stable version. You could skip to the TL;DR version if you just want the application. Don’t forget the release notes!

Note: If you don’t want the 2.4.0 version, and instead want to install Wireshark 2.2.10, then follow the instructions in Wireshark 2.2.10 on CentOS 7 available via repository

There are a few changes for this, as they have removed the GTK+ environment entirely, focusing on Qt, which supports more platforms, and expands the Wireshark potential user base.

So let’s have a refresh of that original post, and build Wireshark 2.4.0 for Centos 7.

So the bits I need are to:

  • Create a build environment
  • Download the latest Wireshark code
  • Compile the code
  • Make RPM files
  • Convert the RPM modules into a repository
  • Sync the repository to somewhere public
  • Publish the repository so others can find it
  • Test the repo myself to make sure it works

So let’s get to it.

Creating a build environment

So first off, I need a gcc compiler, repo tools and the various dependencies for the code.
sudo yum install gcc gcc-c++ bison flex libpcap-devel qt-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils createrepo

I have removed the need for gtk3-devel as a library given that Wireshark no longer uses this front-end. In addition, you’ll need some new libraries that Wireshark 2.4.0 now requires to support other functions. These can be installed with the command:

sudo yum install libgcrypt-devel, lz4-devel, snappy-devel, libnghttp2-devel, libxml2-devel

Downloading the latest code

As of the time of writing, the latest version of Wireshark is 2.4.0, and they offer the source code for this as a .xz file, downloadable from this link. By the time you read this, the version might have increased. If you need to do this via a command line, then:
I place this in a work directory and unzip it using the command:
tar xfv wireshark-2.4.0.tar.xz

Compile the Wireshark code

Having done this a few times, I now realise that this step is unnecessary unless you want to compile using specific flags for yourself. The make rpm-package configures the system directly without needing these steps.

So now a couple of commands to start the configuration process, prior to running the compile.
cd wireshark-2.4.0

Which if things have gone well will result in a stream of text scrolling up the screen as configure does it’s thing and works out what you have installed.

Now we can compile the code, which will take some time (a LOT of packet decodes to compile), so grab a beverage whilst you wait..
Just as well it was a big cup of coffee.. at this point running ./wireshark should fire up a working copy of Wireshark, version 2.4.0

Make the Wireshark RPM files

But we need to create a package for those of you that don’t want to wait. This can be done directly, without needing to follow the Compile steps above.
make rpm-package
Now we could install the rpm file directly using sudo yum localinstall packaging/rpm/RPMS/x86_64/wireshark-gtk-2.4.0-1.rpm, but that’s not what I want to do, I’d like to give you the chance to make this as seamless as possible.

Now we do a bit that was in the other post about #SaferInternetDay, and hopefully, you have that environment still in place. If so, the commands below are all that are required.
rpm --resign *.rpm
createrepo --update .

This signs the RPM files with the key at the bottom of this post and updates the repository files to reflect the files being packaged.

Sync the repository to somewhere public

Now all I need to do is to put this out into the Internet so others can share in the results of my effort. To do this, I’ll use rsync to copy this directory structure out to my public website location, but that’ll be in the background.

Publish the repository so others can find it

The RPM files and repodata are on the website. To continue you need a .repo file to allow yum to understand what it can download and update.

sudo mv wireshark.repo /etc/yum.repos.d

This downloads the pre-built version on the website, or if you are masochistic, the instructions below create your own version to use.

Build a Wireshark.repo file by hand

So as a user of the repository, I’m going to need to create a new .repo file in the /etc/yum.repos.d/ directory. You can either create the file wireshark.repo and fill it with the contents below using your favourite text editor, not forgetting to do this via sudo, as you’re writing to a system directory.
name=Wireshark for CentOS7

Test my Wireshark repository

If you’ve stuck with me this far, then let’s do the last few commands, and get you on your way.

If you’re coming from the 2.2.x series, you’ll need to remove the previous wireshark-gtk, using yum remove wireshark-gtk.
Now it’s simply a case of running sudo yum update and sudo yum install wireshark-qt, and you’re now ready to go.

For the paranoid:

The key for the files should read:
Version: GnuPG v2.0.22 (GNU/Linux)
Uw5kXbPbIK7pY+v5TwaUC619wBLR4oa/eTs= =k+um