Some of you might have found the earlier post on Building a Wireshark for CentOS 7. Since then several releases of Wireshark have passed, and now Wireshark have released version 2.4.0 as a stable version. You could skip to the TL;DR version if you just want the application. Don’t forget the release notes!
Note: If you don’t want the 2.4.0 version, and instead want to install Wireshark 2.2.8, then the command
yum downgrade wireshark-qt wireshark will see you right.
There are a few changes for this, as they have removed the GTK+ environment entirely, focusing on Qt, which supports more platforms, and expands the Wireshark potential user base.
So let’s have a refresh of that original post, and build Wireshark 2.4.0 for Centos 7.
So the bits I need are to:
- Create a build environment
- Download the latest Wireshark code
- Compile the code
- Make RPM files
- Convert the RPM modules into a repository
- Sync the repository to somewhere public
- Publish the repository so others can find it
- Test the repo myself to make sure it works
So let’s get to it.
Creating a build environment
So first off, I need a gcc compiler, repo tools and the various dependencies for the code.
sudo yum install gcc gcc-c++ bison flex libpcap-devel qt-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils createrepo
I have removed the need for
gtk3-devel as a library given that Wireshark no longer uses this front-end. In addition, you’ll need some new libraries that Wireshark 2.4.0 now requires to support other functions. These can be installed with the command:
sudo yum install libgcrypt-devel, lz4-devel, snappy-devel, libnghttp2-devel, libxml2-devel
Downloading the latest code
As of the time of writing, the latest version of Wireshark is 2.4.0, and they offer the source code for this as a .xz file, downloadable from this link. By the time you read this, the version might have increased. If you need to do this via a command line, then:
I place this in a work directory and unzip it using the command:
tar xfv wireshark-2.4.0.tar.xz
Compile the Wireshark code
Having done this a few times, I now realise that this step is unnecessary unless you want to compile using specific flags for yourself. The
make rpm-package configures the system directly without needing these steps.
So now a couple of commands to start the configuration process, prior to running the compile..
Which if things have gone well will result in a stream of text scrolling up the screen as configure does it’s thing and works out what you have installed.
Now we can compile the code, which will take some time (a LOT of packet decodes to compile), so grab a beverage whilst you wait..
Just as well it was a big cup of coffee.. at this point running
./wireshark should fire up a working copy of Wireshark, version 2.4.0
Make the Wireshark RPM files
But we need to create a package for those of you that don’t want to wait. This can be done directly, without needing to follow the Compile steps above.
Now we could install the rpm file directly using
sudo yum localinstall packaging/rpm/RPMS/x86_64/wireshark-gtk-2.4.0-1.rpm, but that’s not what I want to do, I’d like to give you the chance to make this as seamless as possible.
Now we do a bit that was in the other post about #SaferInternetDay, and hopefully you have that environment still in place. If so, the commands below are all that are required..
rpm --resign *.rpm
createrepo --update .
This signs the RPM files with the key at the bottom of this post and updates the repository files to reflect the files being packaged.
Sync the repository to somewhere public
Now all I need to do is to put this out into the Internet so others can share in the results of my effort. To do this, I’ll use
rsync to copy this directory structure out to my public website location, but that’ll be in the background.
Publish the repository so others can find it
The RPM files and
repodata are on the website. To continue you need a
.repo file to allow yum to understand what it can download and update.
sudo mv wireshark.repo /etc/yum.repos.d
This downloads the pre-built version on the website, or if you are masochistic, the instructions below create your own version to use.
Build a Wireshark.repo file by hand
So as a user of the repository, I’m going to need to create a new .repo file in the
/etc/yum.repos.d/ directory. You can either create the file
wireshark.repo and fill it with the contents below using your favourite text editor, not forgetting to do this via sudo, as you’re writing to a system directory.
name=Wireshark for CentOS7
Test my Wireshark repository
If you’ve stuck with me this far, then let’s do the last few commands, and get you on your way.
If you’re coming from the 2.2.x series, you’ll need to remove the previous
yum remove wireshark-gtk.
Now it’s simply a case of running
sudo yum update and
sudo yum install wireshark-qt, and you’re now ready to go.
Note: If you’re still wanting to use the older Wireshark 2.2.8, then
yum downgrade wireshark-qt wireshark is your friend.
For the paranoid:
The key for the files should read:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP PUBLIC KEY BLOCK-----