Building Wireshark 2.4.0 for CentOS 7

Some of you might have found the earlier post on Building a Wireshark for CentOS 7. Since then several releases of have passed, and now has released version 2.4.0 as a stable version. You could skip to the TL;DR version if you just want the application. Don’t forget the release notes!

Note: If you don’t want the 2.4.0 version, and instead want to install Wireshark 2.2.10, then follow the instructions in Wireshark 2.2.10 on CentOS 7 available via repository. The 2.2 stream, while being maintained by Wireshark is no longer being built as 7 RPMs here.

There are a few changes for this, as they have removed the GTK+ environment entirely, focusing on Qt, which supports more platforms, and expands the Wireshark potential user base.

So let’s have a refresh of that original post, and build Wireshark 2.4.0 for Centos 7.

So the bits I need are to:

  • Create a build environment
  • Download the latest Wireshark code
  • Compile the code
  • Make files
  • Convert the RPM modules into a
  • Sync the repository to somewhere public
  • Publish the repository so others can find it
  • Test the repo myself to make sure it works

So let’s get to it.

Creating a build environment

So first off, I need a gcc compiler, repo and the various dependencies for the code.
sudo install gcc gcc-c++ bison flex libpcap-devel qt-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils createrepo

I have removed the need for gtk3-devel as a library given that Wireshark no longer uses this front-end. In addition, you’ll need some new libraries that Wireshark 2.4.0 now requires to support other functions. These can be installed with the command:

sudo yum install libgcrypt-devel, lz4-devel, snappy-devel, libnghttp2-devel, libxml2-devel

Downloading the latest code

As of the time of writing, the latest version of Wireshark is 2.4.0, and they offer the source code for this as a .xz file, downloadable from this link. By the time you read this, the version might have increased. If you need to do this via a command line, then:
wget https://1.na.dl.wireshark.org/src/wireshark-2.4.0.tar.xz
I place this in a work directory and unzip it using the command:
tar xfv wireshark-2.4.0.tar.xz

Compile the Wireshark code

Having done this a few times, I now realise that this step is unnecessary unless you want to compile using specific flags for yourself. The make rpm- configures the system directly without needing these steps.

So now a couple of commands to start the configuration process, prior to running the compile.
cd wireshark-2.4.0
./configure

Which if things have gone well will result in a stream of text scrolling up the screen as configure does it’s thing and works out what you have installed.

Now we can compile the code, which will take some time (a LOT of packet decodes to compile), so grab a beverage whilst you wait..
make
Just as well it was a big cup of coffee.. at this point running ./wireshark should fire up a working copy of Wireshark, version 2.4.0

Make the Wireshark RPM files

But we need to create a package for those of you that don’t want to wait. This can be done directly, without needing to follow the Compile steps above.
make rpm-package
Now we could install the rpm file directly using sudo yum localinstall packaging/rpm/RPMS/x86_64/wireshark-gtk-2.4.0-1.rpm, but that’s not what I want to do, I’d like to give you the chance to make this as seamless as possible.

Now we do a bit that was in the other post about #SaferInternetDay, and hopefully, you have that environment still in place. If so, the commands below are all that are required.
rpm --resign *.rpm
createrepo --update .

This signs the RPM files with the key at the bottom of this post and updates the repository files to reflect the files being packaged.

Sync the repository to somewhere public

Now all I need to do is to put this out into the Internet so others can share in the results of my effort. To do this, I’ll use rsync to copy this directory structure out to my public website location, but that’ll be in the background.

Publish the repository so others can find it

The RPM files and repodata are on the website. To continue you need a .repo file to allow yum to understand what it can download and update.

wget https://www.1310nm.net/repository/CentOS/7/wireshark.repo
sudo mv wireshark.repo /etc/yum.repos.d

This downloads the pre-built version on the website, or if you are masochistic, the instructions below create your own version to use.

Build a Wireshark.repo file by hand

So as a user of the repository, I’m going to need to create a new .repo file in the /etc/yum.repos.d/ directory. You can either create the file wireshark.repo and fill it with the contents below using your favourite text editor, not forgetting to do this via sudo, as you’re writing to a system directory.
[wireshark]
name=Wireshark for CentOS7
baseurl=https://www.1310nm.net/repository/CentOS/7/wireshark
gpgkey=https://www.1310nm.net/repository/RPM--KEY-publisher@1310nm.net
enabled=1
gpgcheck=1

Test my Wireshark repository

If you’ve stuck with me this far, then let’s do the last few commands, and get you on your way.

If you’re coming from the 2.2.x series, you’ll need to remove the previous wireshark-gtk, using yum remove wireshark-gtk.
Now it’s simply a case of running sudo yum update and sudo yum install wireshark-qt, and you’re now ready to go.

For the paranoid:

The key for the files should read:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/)
mQENBFiZyXsBCADHkJwVI6lcprBhewbgqCdW/4AQMf2b6XbgceDntAgoTcjg++Kb
VfL5Vigvo4vhLkILHcsJY00RKSQ6X6sWGRq2VVdUqIlczcS3u966JZIq155TxJLC
QHWr6eATwjKFcHm/iXzdHKsJP7a4frKyayCu3YE+jJN0D9rHGuaXHHKtO9wQ+uKd
Jz6WzXZCSR+UgprxgVDkIl6V+FNqDokS7LtktrTBufp/tGnT1iqmL9pB7BltHKVX
Z4363gLT5JUfUkjLmfpCZlNob6VwQeewzEZgU+XozU2nYAS9jMCtOs63bIv9hFGk
FC/wSrFy6OjcA0iptVH26kzfmCb8RRlB3tVnABEBAAG0blBhY2thZ2UgUHVibGlz
aGVyIChQYWNrYWdlIFB1Ymxpc2hlciA8ZnVuY3Rpb25hbC1pZD4gQCB0aGlydGVl
bi10ZW4gbmFub21ldGVyIG5ldHdvcmtzKSA8cHVibGlzaGVyQDEzMTBubS5uZXQ+
iQE/BBMBAgApBQJYmcl7AhsDBQkCx+oABwsJCAcDAgEGFQgCCQoLBBYCAwECHgEC
F4AACgkQwiwud4tK4QLtKAf6ArwFM3TGE5X7tWDliOycuGikgkvQIen7pP1XwWJF
k736dajFkq8tLujYw50L4xZU9IHeP79WtFMrHOvmL6/DqJ4urf4V1TghQQufMS7P
R3bRMpQ60XinRT0uFkGZ43aTlC93YVBgGSEsCXWkguETglZdoQikxA/MxNdEMTe/
RDn9LRlm8dM12JJnJ+cQpMPXOdmujg8tRnpouCu7RKb6bBhzDex3PV/s3r9lE3KG
v+/ujM8iLSpLVMA+wzph7vU64LU1DRpA/91+cDlgPG5jf5Nfw1SdE5KAk/OSW1w4
IQ9Y4De2TGzIADShkJi8/oboBidCXyS3Y2tcVemJx3jabLkBDQRYmcl7AQgAnEbt
nlOfejiB605oFR+NypIphgAmunmVi2jnCLbnSql9UMwm3Migmdw7VFNSNM7hr4x0
2qgEQMhclngjdZXOYncIaU8UoqgfFe1FNLX3EBG7uLubxnGKOk7wsMKrro3cVryr
3nSEB6Ya6XW9MFB2l5+0ZThgt+eoaTfOYULqU0Bl5yj8gxrJhm1ol+ix+P/ETO0a
s+nbCOXoGSUF1xXjCUAynKSwSuQGqD61z/Qw+FnmEMG4GWQW5hTfd2+4r0WHe1xh
AKWzJEYbQ5aKp2j99TXmYTvMLOskg9BFn5BlJHEJi9GWixTN0QGypOw5DElPZvZe
py6Mvnp8MaBp7p0Z7QARAQABiQElBBgBAgAPBQJYmcl7AhsMBQkCx+oAAAoJEMIs
LneLSuEC5gMIAJpdRQH8Q8EbZeq8fgEhLdKpgHuq+y/lw/vEdFnD3d98jeELOMVQ
AKKLCE5tSXH5/HFyZz1hCygeZCa7/BSmVs7VEVqE6ErbYehMGAMzkcALCcyz/GlJ
2YO26CRaWP7pNfpHdHZv5KCMq4NOQNuas8XjYNxoDOg+Cf/64M3MNkb8kHS3at+j
WlRfZFAY4C9ZDMw2+SBrZ7h9aRp5b8+PTRacaamD/Uln5Nf6H49x4UVboBUrL0aR
XPFSu/LCcwVLR3r1ROFN6vQAQhNcdD5Hy3t+oQnm8jWS6r4xHr4NteKeq5+yyTlB
Uw5kXbPbIK7pY+v5TwaUC619wBLR4oa/eTs= =k+um
-----END PGP PUBLIC KEY BLOCK-----