差分

この文書の現在のバージョンと選択したバージョンの差分を表示します。

--- mae3xx_tips:setup_tshark:start [2014/07/23 14:51]
コンサルティンググループ
+++ mae3xx_tips:setup_tshark:start [2014/07/25 11:04] (現在)
コンサルティンググループ
@@ ライン 1: / ライン 1: @@
+====== tshark の導入 ======
+===== apt-get を使ったインストール =====
+tshark を使いたいだけであれば、お手軽な apt-get がお奨めです。
+<code>
+root@plum:/usr/local/src# apt-get update
+root@plum:/usr/local/src# apt-get install -y tshark
+root@plum:/usr/local/src# thsark -v
+</code>
+TShark 1.10.6 (v1.10.6 from master-1.10)
+がインストールされたことがわかります。
+===== ソースコードからのインストール =====
+ただ apt-get だけでは対応できない場合
+(PPA が存在しない場合やどうしても最新版を使いたい場合など)
+ソースコードを自力でコンパイルしてインストール必要があります。
+そこで、その方法を tshark を例にやってみましょう。
+まずは、最新の tshark を落としてきて展開します。
+<code>
+root@plum:/usr/local/src# wget https://1.as.dl.wireshark.org/src/wireshark-1.10.8.tar.bz2
+root@plum:/usr/local/src# tar jxf wireshark-1.10.8.tar.bz2
+root@plum:/usr/local/src# cd wireshark-1.10.8/
+</code>
+次に configure のオプションを選択します。
+とりあえず、ヘルプをみてそれっぽいものを探しましょう。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# ./configure --help
+</code>
+必要そうなのはこの辺。
+<code>
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-static[=PKGS]  build static libraries [default=no]
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+  --enable-shared[=PKGS]  build shared libraries [default=yes]
+  --enable-fast-install[=PKGS]
+                          optimize for fast installation [default=yes]
+  --disable-libtool-lock  avoid locking (might break parallel builds)
+  --enable-osx-deploy-target
+                          choose an OS X deployment target [default=major
+                          release on which you're building]
+  --disable-largefile     omit support for large files
+  --enable-extra-gcc-checks
+                          do additional -W checks in GCC [default=no]
+  --enable-warnings-as-errors
+                          treat warnings as errors (only for GCC or clang)
+                          [default=no]
+  --enable-silent-rules          less verbose build output (undo: `make V=1')
+  --disable-silent-rules         verbose build output (undo: `make V=0')
+  --enable-usr-local      look for headers and libs in /usr/local tree
+                          [default=yes]
+  --enable-wireshark      build GTK+-based Wireshark [default=yes, if GTK+
+                          available]
+  --enable-packet-editor  add support for packet editor in Wireshark
+                          [default=no]
+  --enable-profile-build  build profile-ready binaries [default=no]
+  --disable-gtktest       do not try to compile and run a test GTK+ program
+  --disable-glibtest      do not try to compile and run a test GLIB program
+  --enable-tshark         build TShark [default=yes]
+  --enable-editcap        build editcap [default=yes]
+  --enable-capinfos       build capinfos [default=yes]
+  --enable-mergecap       build mergecap [default=yes]
+  --enable-reordercap     build reordercap [default=yes]
+  --enable-text2pcap      build text2pcap [default=yes]
+  --enable-dftest         build dftest [default=yes]
+  --enable-randpkt        build randpkt [default=yes]
+  --enable-airpcap        use AirPcap in Wireshark [default=yes]
+  --enable-dumpcap        build dumpcap [default=yes]
+  --enable-rawshark       build rawshark [default=yes]
+  --enable-pcap-ng-default
+                          use the pcap-ng file format by default instead of
+                          pcap [default=yes]
+  --enable-ipv6           use IPv6 name resolution, if available [default=yes]
+  --enable-setcap-install install dumpcap with cap_net_admin and cap_net_raw
+                          [default=no]
+  --enable-setuid-install install dumpcap as setuid [default=no]
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
+                          both]
+  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
+  --with-sysroot=DIR Search for dependent libraries within DIR
+                        (or the compiler's sysroot if not specified).
+  --with-gnutls=[yes/no]  use GnuTLS library [default=yes]
+  --with-gcrypt=[yes/no]  use gcrypt library [default=yes]
+  --with-libgcrypt-prefix=PFX
+                          prefix where LIBGCRYPT is installed (optional)
+  --with-qt=[yes/no]      use Qt instead of GTK+ [default=no]
+  --with-libnl[=VERSION]  use libnl (force version VERSION, if supplied)
+                          [default: yes, if available]
+  --with-gtk3=[yes/no]    use GTK+ 3.0 instead of 2.0 [default=no]
+  --with-libsmi=[DIR]     use libsmi MIB/PIB library [default=yes], optionally
+                          specify the prefix for libsmi
+  --with-osx-integration  use OS X integration functions [default=yes, if
+                          available]
+  --with-pcap[=DIR]       use libpcap for packet capturing [default=yes]
+  --with-pcap-remote      use libpcap remote capturing (requires libpcap)
+  --with-zlib[=DIR]       use zlib (located in directory DIR, if supplied) for
+                          gzip compression and decompression [default=yes, if
+                          available]
+  --with-lua[=DIR]        use liblua (located in directory DIR, if supplied)
+                          for the Lua scripting plugin [default=yes, if
+                          available]
+  --with-portaudio[=DIR]  use libportaudio (located in directory DIR, if
+                          supplied) for the rtp_player [default=yes, if
+                          available]
+  --with-dumpcap-group=GROUP
+                          restrict dumpcap to GROUP
+  --with-libcap[=DIR]     use libcap (located in directory DIR, if supplied)
+                          for POSIX.1e capabilities management [default=yes,
+                          if present]
+  --with-ssl[=DIR]        use SSL crypto library (located in directory DIR, if
+                          supplied) [default=no]
+  --with-krb5[=DIR]       use Kerberos library (located in directory DIR, if
+                          supplied) to use in Kerberos dissection
+                          [default=yes]
+  --with-c-ares[=DIR]     use c-ares (located in directory DIR, if supplied) -
+                          supersedes --with-adns [default=yes, if present]
+  --with-adns[=DIR]       use GNU ADNS (located in directory DIR, if supplied)
+                          [default=yes, if present]
+  --with-geoip[=DIR]      use GeoIP (located in directory DIR, if supplied)
+                          [default=yes, if present]
+  --with-plugins[=DIR]    support plugins (installed in DIR, if supplied)
+                          [default=yes, if possible]
+</code>
+ここから最低限必要そうなものを選択します。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# time ./configure --disable-wireshark  --enable-tshark \
+> --enable-ipv6 --disable-gtktest --disable-glibtest \
+> --disable-editcap --disable-capinfos \
+> --disable-mergecap --disable-reordercap \
+> --disable-text2pcap --disable-dftest \
+> --disable-randpkt --disable-airpcap \
+> --disable-dumpcap --disable-rawshark \
+> --enable-pcap-ng-default \
+> --without-lua --without-ssl
+</code>
+今回は tshark だけ欲しいのでこんな感じにします。
+これを実行します。
+<code>
+checking build system type... armv7l-unknown-linux-gnueabihf
+checking host system type... armv7l-unknown-linux-gnueabihf
+...
+checking for perl... /usr/bin/perl
+checking for python... no
+checking for bison... no
+checking for byacc... no
+checking for yacc... no
+configure: error: I couldn't find yacc (or bison or ...); make sure it's installed and in your path
+</code>
+error がでて途中で止まってしまいました。
+ざっと読むと yacc がないって言っているようです。
+yacc を入れましょう。
+yacc もソースコードを取ってきてインストールすればいいのですが
+ここは簡単に apt-get を使って入れます。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y yacc
+Reading package lists... Done
+Building dependency tree
+Reading state information... Done
+E: Unable to locate package yacc
+</code>
+yacc なんていうパッケージはないと言われてしまいました。
+そこで apt-cache search を使ってどれに含まれているか探してみましょう。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# apt-cache search yacc
+bison - YACC-compatible parser generator
+byacc-j - Berkeley YACC parser generator extended to generate Java code
+cup - LALR parser generator for Java(tm)
+erlang-parsetools - Erlang/OTP parsing tools
+exuberant-ctags - build tag file indexes of source code definitions
+gob2 - GTK+ Object Builder
+jflex - lexical analyzer generator for Java
+libbison-dev - YACC-compatible parser generator - development library
+libparse-recdescent-perl - Perl module to create and use recursive-descent parsers
+libparse-yapp-perl - Perl module for creating fully reentrant LALR parser OO Perl modules
+python-ply - Lex and Yacc implementation for Python2
+python-ply-doc - Lex and Yacc implementation for Python (documentation)
+python-pyparsing - Python parsing module
+python-pyparsing-doc - Python parsing module, documentation package
+python3-ply - Lex and Yacc implementation for Python3
+python3-pyparsing - Python parsing module, Python3 package
+base - Plan 9 userland tools
+btyacc - Backtracking parser generator based on byacc
+byacc - public domain Berkeley LALR Yacc parser generator
+cscope - interactively examine a C program source
+cutils - C source code utilities
+fp-utils - Free Pascal - utilities dependency package
+fp-utils-2.6.2 - Free Pascal - utilities
+global - Source code search and browse tools
+happy - Parser generator for Haskell
+jikespg - Jikes Parser Generator
+kimwitu - Compiler development tool, complementary to lex and yacc
+kimwitu++ - A (syntax-)tree-handling tool (term processor)
+kimwitu-doc - documentation for compiler development tool Kimwitu
+lemon - LALR(1) Parser Generator for C or C++
+libghc-highlighting-kate-dev - syntax highlighting library based on Kate syntax descriptions
+libghc-highlighting-kate-doc - library documentation for highlighting-kate; documentation
+libghc-highlighting-kate-prof - highlighting-kate library with profiling enabled; profiling libraries
+menhir - Parser generator for OCaml
+mono-jay - LALR(1) parser generator oriented to Java/CLI
+pccts - The Purdue Compiler Construction Tool Set (PCCTS).
+peg - recursive-descent parser generators for C
+perl-byacc - Berkeley LALR parser generator, Perl version
+python-lesscpy - LessCss Compiler for Python 2.x
+python-parsley - pattern-matching language based on OMeta and Python
+python3-lesscpy - LessCss Compiler for Python 3.x
+racc - Ruby LALR parser generator
+sloccount - programs for counting physical source lines of code (SLOC)
+styx - combined parser/scanner generator for C/C++
+</code>
+さっきの configure のエラーでも yacc (or bison or ... )と書いてあったし
+一番最初にある bison をインストールしましょう。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y bison
+Reading package lists... Done
+Building dependency tree
+Reading state information... Done
+The following extra packages will be installed:
+  libbison-dev libsigsegv2 m4
+Suggested packages:
+  bison-doc
+The following NEW packages will be installed:
+  bison libbison-dev libsigsegv2 m4
+upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
+not fully installed or removed.
+Need to get 756 kB of archives.
+After this operation, 2004 kB of additional disk space will be used.
+Get:1 http://ports.ubuntu.com/ubuntu-ports/ trusty/main libsigsegv2 armhf 2.10-2 [14.0 kB]
+Get:2 http://ports.ubuntu.com/ubuntu-ports/ trusty/main m4 armhf 1.4.17-2ubuntu1 [178 kB]
+Get:3 http://ports.ubuntu.com/ubuntu-ports/ trusty/main libbison-dev armhf 2:3.0.2.dfsg-2 [337 kB]
+Get:4 http://ports.ubuntu.com/ubuntu-ports/ trusty/main bison armhf 2:3.0.2.dfsg-2 [227 kB]
+Fetched 756 kB in 4s (178 kB/s)
+perl: warning: Setting locale failed.
+perl: warning: Please check that your locale settings:
+        LANGUAGE = (unset),
+        LC_ALL = (unset),
+        LANG = "ja_JP.UTF-8"
+    are supported and installed on your system.
+perl: warning: Falling back to the standard locale ("C").
+locale: Cannot set LC_CTYPE to default locale: No such file or directory
+locale: Cannot set LC_MESSAGES to default locale: No such file or directory
+locale: Cannot set LC_ALL to default locale: No such file or directory
+Selecting previously unselected package libsigsegv2:armhf.
+(Reading database ... 24673 files and directories currently installed.)
+Preparing to unpack .../libsigsegv2_2.10-2_armhf.deb ...
+Unpacking libsigsegv2:armhf (2.10-2) ...
+Selecting previously unselected package m4.
+Preparing to unpack .../m4_1.4.17-2ubuntu1_armhf.deb ...
+Unpacking m4 (1.4.17-2ubuntu1) ...
+Selecting previously unselected package libbison-dev:armhf.
+Preparing to unpack .../libbison-dev_2%3a3.0.2.dfsg-2_armhf.deb ...
+Unpacking libbison-dev:armhf (2:3.0.2.dfsg-2) ...
+Selecting previously unselected package bison.
+Preparing to unpack .../bison_2%3a3.0.2.dfsg-2_armhf.deb ...
+Unpacking bison (2:3.0.2.dfsg-2) ...
+Setting up postgresql-client-9.3 (9.3.4-1) ...
+update-alternatives: using /usr/share/postgresql/9.3/man/man1/psql.1.gz to provide /usr/share/man/man1/psql.1.gz (psql.1.gz) in auto mode
+update-alternatives: error: error creating symbolic link `/usr/share/man/man7/DROP_LANGUAGE.7.gz.dpkg-tmp': No such file or directory
+dpkg: error processing package postgresql-client-9.3 (--configure):
+ subprocess installed post-installation script returned error exit status 2
+dpkg: dependency problems prevent configuration of postgresql-9.3:
+ postgresql-9.3 depends on postgresql-client-9.3; however:
+  Package postgresql-client-9.3 is not configured yet.
+dpkg: error processing package postgresql-9.3 (--configure):
+ dependency problems - leaving unconfigured
+Setting up libsigsegv2:armhf (2.10-2) ...
+Setting up m4 (1.4.17-2ubuntu1) ...
+Setting up libbison-dev:armhf (2:3.0.2.dfsg-2) ...
+Setting up bison (2:3.0.2.dfsg-2) ...
+update-alternatives: using /usr/bin/bison.yacc to provide /usr/bin/yacc (yacc) in auto mode
+update-alternatives: warning: skip creation of /usr/share/man/man1/yacc.1.gz because associated file /usr/share/man/man1/bison.yacc.1.gz (of link group yacc) doesn't exist
+Processing triggers for libc-bin (2.19-0ubuntu6) ...
+Errors were encountered while processing:
+ postgresql-client-9.3
+ postgresql-9.3
+localepurge: Disk space freed in /usr/share/locale: 0 KiB
+localepurge: Disk space freed in /usr/share/man: 0 KiB
+Total disk space freed by localepurge: 0 KiB
+E: Sub-process /usr/bin/dpkg returned an error code (1)
+</code>
+これで bison がインストールできました。
+再び configure を実行してみましょう。
+<code>
+checking for perl... /usr/bin/perl
+checking for python... no
+checking for bison... bison -y
+checking for bison... /usr/bin/bison
+checking for flex... no
+checking for lex... no
+checking for flex... no
+configure: error: I couldn't find flex; make sure it's installed and in your path
+</code>
+無事 bison を入れたのでクリア・・・と思いきや今度は flex がないと言っているようです。
+同様に apt-get を使って flex をインストールします。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y flex
+</code>
+インストール完了。
+configure を実行。
+<code>
+checking for bison... /usr/bin/bison
+checking for flex... flex
+checking lex output file root... lex.yy
+checking lex library... -lfl
+...
+checking for GNU sed as first sed in PATH... yes
+checking if profile builds must be generated... no
+checking for pkg-config... no
+checking for GLIB - version >= 2.14.0... no
+*** A new enough version of pkg-config was not found.
+*** See http://www.freedesktop.org/software/pkgconfig/
+configure: error: GLib 2.14.0 or later distribution not found.
+</code>
+flex の部分はクリアしましたが
+今度は Glib のバージョンが古いと文句を言われているようです。
+tshark に GUI はないのでいらないはずなんですが・・・
+ともかくこれも apt-get でインストールします。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y libglib2.0-dev
+</code>
+何度目かの configure 。
+<code>
+checking if profile builds must be generated... no
+checking for pkg-config... /usr/bin/pkg-config
+checking for GLIB - version >= 2.14.0... yes (version 2.40.0)
+checking for uic... no
+...
+checking pcap.h usability... no
+checking pcap.h presence... no
+checking for pcap.h... no
+configure: error: Header file pcap.h not found; if you installed libpcap
+from source, did you also do "make install-incl", and if you installed a
+binary package of libpcap, is there also a developer's package of libpcap,
+and did you also install that package?
+</code>
+Glib はクリアしました。
+今度は、libpcap がないと言っています。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y libpcap0.8-dev
+</code>
+もういい加減にパスさせてくれても・・・と思いつつ configure を実行。
+<code>
+checking for broken pcap-config... no
+checking pcap.h usability... yes
+checking pcap.h presence... yes
+checking for pcap.h... yes
+checking for pcap_open_dead... yes
+checking for pcap_freecode... yes
+checking whether pcap_breakloop is present... yes
+...
+The Wireshark package has been configured with the following options.
+                    Build wireshark : no
+                       Build tshark : yes
+                     Build capinfos : no
+                      Build editcap : no
+                      Build dumpcap : no
+                     Build mergecap : no
+                   Build reordercap : no
+                    Build text2pcap : no
+                      Build randpkt : no
+                       Build dftest : no
+                     Build rawshark : no
+   Save files as pcap-ng by default : yes
+  Install dumpcap with capabilities : no
+             Install dumpcap setuid : no
+                  Use dumpcap group : (none)
+                        Use plugins : yes
+                    Use Lua library : no
+                 Use Python binding : no
+                   Build rtp_player : no
+             Build profile binaries : no
+                   Use pcap library : yes
+                   Use zlib library : yes
+               Use kerberos library : no
+                 Use c-ares library : no
+               Use GNU ADNS library : no
+                Use SMI MIB library : no
+             Use GNU crypto library : no
+             Use SSL crypto library : no
+           Use IPv6 name resolution : yes
+                 Use gnutls library : no
+     Use POSIX capabilities library : no
+                  Use GeoIP library : no
+                     Use nl library : no
+</code>
+libpcap をクリアしようやくパスしたようです。
+次はこれをコンパイルしましょう。
+(事前に gcc などは入れておいてください)
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# time make
+</code>
+ようやくコンパイル終了。
+<code>
+make[2]: Leaving directory `/usr/local/src/wireshark-1.10.8/doc'
+make[1]: Leaving directory `/usr/local/src/wireshark-1.10.8'
+real    146m58.819s
+user    114m6.972s
+sys     8m15.467s
+</code>
+コンパイルには結構時間がかかります。
+さて動くか確認してみましょう。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# ./tshark -v
+</code>
+TShark 1.10.8 (Git Rev Unknown from unknown)
+と表示されるので最新版が完成しているもよう。
+ちょっとパケットが取れるかも確認してみましょう。
+<code>
+root@plum:/usr/local/src/wireshark-1.10.8# ./tshark -i eth0 arp -c 3
+Running as user "root" and group "root". This could be dangerous.
+Capturing on 'eth0'
+   0.000000 00:01:8e:e4:4f:2f -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.130.20?  Tell 192.168.130.71
+   2   0.945578 d0:67:e5:1a:7b:ac -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.130.106?  Tell 192.168.130.104
+   0.994780 00:01:8e:e4:4f:2f -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.130.20?  Tell 192.168.130.71
+</code>
+危険だから root で実行するなと怒られてはいるものの無事パケットは取れているもよう。
+目的は達成できたので後はこれをインストールして完了です。

MA-X/MA-S/MA-E/IP-K Developers' WiKi

ユーザ用ツール

サイト用ツール

差分

ページ用ツール