目次

tshark の導入

apt-get を使ったインストール

tshark を使いたいだけであれば、お手軽な apt-get がお奨めです。

root@plum:/usr/local/src# apt-get update
root@plum:/usr/local/src# apt-get install -y tshark
root@plum:/usr/local/src# thsark -v

TShark 1.10.6 (v1.10.6 from master-1.10) がインストールされたことがわかります。

ソースコードからのインストール

ただ apt-get だけでは対応できない場合 (PPA が存在しない場合やどうしても最新版を使いたい場合など) ソースコードを自力でコンパイルしてインストール必要があります。 そこで、その方法を tshark を例にやってみましょう。

まずは、最新の tshark を落としてきて展開します。

root@plum:/usr/local/src# wget https://1.as.dl.wireshark.org/src/wireshark-1.10.8.tar.bz2
root@plum:/usr/local/src# tar jxf wireshark-1.10.8.tar.bz2 
root@plum:/usr/local/src# cd wireshark-1.10.8/

次に configure のオプションを選択します。 とりあえず、ヘルプをみてそれっぽいものを探しましょう。

root@plum:/usr/local/src/wireshark-1.10.8# ./configure --help

必要そうなのはこの辺。

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-static[=PKGS]  build static libraries [default=no]
  --disable-dependency-tracking  speeds up one-time build
  --enable-dependency-tracking   do not reject slow dependency extractors
  --enable-shared[=PKGS]  build shared libraries [default=yes]
  --enable-fast-install[=PKGS]
                          optimize for fast installation [default=yes]
  --disable-libtool-lock  avoid locking (might break parallel builds)
  --enable-osx-deploy-target
                          choose an OS X deployment target [default=major
                          release on which you're building]
  --disable-largefile     omit support for large files
  --enable-extra-gcc-checks
                          do additional -W checks in GCC [default=no]
  --enable-warnings-as-errors
                          treat warnings as errors (only for GCC or clang)
                          [default=no]
  --enable-silent-rules          less verbose build output (undo: `make V=1')
  --disable-silent-rules         verbose build output (undo: `make V=0')
  --enable-usr-local      look for headers and libs in /usr/local tree
                          [default=yes]
  --enable-wireshark      build GTK+-based Wireshark [default=yes, if GTK+
                          available]
  --enable-packet-editor  add support for packet editor in Wireshark
                          [default=no]
  --enable-profile-build  build profile-ready binaries [default=no]
  --disable-gtktest       do not try to compile and run a test GTK+ program
  --disable-glibtest      do not try to compile and run a test GLIB program
  --enable-tshark         build TShark [default=yes]
  --enable-editcap        build editcap [default=yes]
  --enable-capinfos       build capinfos [default=yes]
  --enable-mergecap       build mergecap [default=yes]
  --enable-reordercap     build reordercap [default=yes]
  --enable-text2pcap      build text2pcap [default=yes]
  --enable-dftest         build dftest [default=yes]
  --enable-randpkt        build randpkt [default=yes]
  --enable-airpcap        use AirPcap in Wireshark [default=yes]
  --enable-dumpcap        build dumpcap [default=yes]
  --enable-rawshark       build rawshark [default=yes]
  --enable-pcap-ng-default
                          use the pcap-ng file format by default instead of
                          pcap [default=yes]
  --enable-ipv6           use IPv6 name resolution, if available [default=yes]
  --enable-setcap-install install dumpcap with cap_net_admin and cap_net_raw
                          [default=no]
  --enable-setuid-install install dumpcap as setuid [default=no]

Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
                          both]
  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
  --with-sysroot=DIR Search for dependent libraries within DIR
                        (or the compiler's sysroot if not specified).
  --with-gnutls=[yes/no]  use GnuTLS library [default=yes]
  --with-gcrypt=[yes/no]  use gcrypt library [default=yes]
  --with-libgcrypt-prefix=PFX
                          prefix where LIBGCRYPT is installed (optional)
  --with-qt=[yes/no]      use Qt instead of GTK+ [default=no]
  --with-libnl[=VERSION]  use libnl (force version VERSION, if supplied)
                          [default: yes, if available]
  --with-gtk3=[yes/no]    use GTK+ 3.0 instead of 2.0 [default=no]
  --with-libsmi=[DIR]     use libsmi MIB/PIB library [default=yes], optionally
                          specify the prefix for libsmi
  --with-osx-integration  use OS X integration functions [default=yes, if
                          available]
  --with-pcap[=DIR]       use libpcap for packet capturing [default=yes]
  --with-pcap-remote      use libpcap remote capturing (requires libpcap)
  --with-zlib[=DIR]       use zlib (located in directory DIR, if supplied) for
                          gzip compression and decompression [default=yes, if
                          available]
  --with-lua[=DIR]        use liblua (located in directory DIR, if supplied)
                          for the Lua scripting plugin [default=yes, if
                          available]
  --with-portaudio[=DIR]  use libportaudio (located in directory DIR, if
                          supplied) for the rtp_player [default=yes, if
                          available]
  --with-dumpcap-group=GROUP
                          restrict dumpcap to GROUP
  --with-libcap[=DIR]     use libcap (located in directory DIR, if supplied)
                          for POSIX.1e capabilities management [default=yes,
                          if present]
  --with-ssl[=DIR]        use SSL crypto library (located in directory DIR, if
                          supplied) [default=no]
  --with-krb5[=DIR]       use Kerberos library (located in directory DIR, if
                          supplied) to use in Kerberos dissection
                          [default=yes]
  --with-c-ares[=DIR]     use c-ares (located in directory DIR, if supplied) -
                          supersedes --with-adns [default=yes, if present]
  --with-adns[=DIR]       use GNU ADNS (located in directory DIR, if supplied)
                          [default=yes, if present]
  --with-geoip[=DIR]      use GeoIP (located in directory DIR, if supplied)
                          [default=yes, if present]
  --with-plugins[=DIR]    support plugins (installed in DIR, if supplied)
                          [default=yes, if possible]

ここから最低限必要そうなものを選択します。

root@plum:/usr/local/src/wireshark-1.10.8# time ./configure --disable-wireshark  --enable-tshark \
> --enable-ipv6 --disable-gtktest --disable-glibtest \
> --disable-editcap --disable-capinfos \
> --disable-mergecap --disable-reordercap \
> --disable-text2pcap --disable-dftest \
> --disable-randpkt --disable-airpcap \
> --disable-dumpcap --disable-rawshark \
> --enable-pcap-ng-default \
> --without-lua --without-ssl

今回は tshark だけ欲しいのでこんな感じにします。 これを実行します。

checking build system type... armv7l-unknown-linux-gnueabihf
checking host system type... armv7l-unknown-linux-gnueabihf

...

checking for perl... /usr/bin/perl
checking for python... no
checking for bison... no
checking for byacc... no
checking for yacc... no
configure: error: I couldn't find yacc (or bison or ...); make sure it's installed and in your path

error がでて途中で止まってしまいました。 ざっと読むと yacc がないって言っているようです。 yacc を入れましょう。

yacc もソースコードを取ってきてインストールすればいいのですが ここは簡単に apt-get を使って入れます。

root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y yacc
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package yacc

yacc なんていうパッケージはないと言われてしまいました。 そこで apt-cache search を使ってどれに含まれているか探してみましょう。

root@plum:/usr/local/src/wireshark-1.10.8# apt-cache search yacc
bison - YACC-compatible parser generator
byacc-j - Berkeley YACC parser generator extended to generate Java code
cup - LALR parser generator for Java(tm)
erlang-parsetools - Erlang/OTP parsing tools
exuberant-ctags - build tag file indexes of source code definitions
gob2 - GTK+ Object Builder
jflex - lexical analyzer generator for Java
libbison-dev - YACC-compatible parser generator - development library
libparse-recdescent-perl - Perl module to create and use recursive-descent parsers
libparse-yapp-perl - Perl module for creating fully reentrant LALR parser OO Perl modules
python-ply - Lex and Yacc implementation for Python2
python-ply-doc - Lex and Yacc implementation for Python (documentation)
python-pyparsing - Python parsing module
python-pyparsing-doc - Python parsing module, documentation package
python3-ply - Lex and Yacc implementation for Python3
python3-pyparsing - Python parsing module, Python3 package
9base - Plan 9 userland tools
btyacc - Backtracking parser generator based on byacc
byacc - public domain Berkeley LALR Yacc parser generator
cscope - interactively examine a C program source
cutils - C source code utilities
fp-utils - Free Pascal - utilities dependency package
fp-utils-2.6.2 - Free Pascal - utilities
global - Source code search and browse tools
happy - Parser generator for Haskell
jikespg - Jikes Parser Generator
kimwitu - Compiler development tool, complementary to lex and yacc
kimwitu++ - A (syntax-)tree-handling tool (term processor)
kimwitu-doc - documentation for compiler development tool Kimwitu
lemon - LALR(1) Parser Generator for C or C++
libghc-highlighting-kate-dev - syntax highlighting library based on Kate syntax descriptions
libghc-highlighting-kate-doc - library documentation for highlighting-kate; documentation
libghc-highlighting-kate-prof - highlighting-kate library with profiling enabled; profiling libraries
menhir - Parser generator for OCaml
mono-jay - LALR(1) parser generator oriented to Java/CLI
pccts - The Purdue Compiler Construction Tool Set (PCCTS).
peg - recursive-descent parser generators for C
perl-byacc - Berkeley LALR parser generator, Perl version
python-lesscpy - LessCss Compiler for Python 2.x
python-parsley - pattern-matching language based on OMeta and Python
python3-lesscpy - LessCss Compiler for Python 3.x
racc - Ruby LALR parser generator
sloccount - programs for counting physical source lines of code (SLOC)
styx - combined parser/scanner generator for C/C++

さっきの configure のエラーでも yacc (or bison or … )と書いてあったし 一番最初にある bison をインストールしましょう。

root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y bison
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  libbison-dev libsigsegv2 m4
Suggested packages:
  bison-doc
The following NEW packages will be installed:
  bison libbison-dev libsigsegv2 m4
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
Need to get 756 kB of archives.
After this operation, 2004 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com/ubuntu-ports/ trusty/main libsigsegv2 armhf 2.10-2 [14.0 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports/ trusty/main m4 armhf 1.4.17-2ubuntu1 [178 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports/ trusty/main libbison-dev armhf 2:3.0.2.dfsg-2 [337 kB]
Get:4 http://ports.ubuntu.com/ubuntu-ports/ trusty/main bison armhf 2:3.0.2.dfsg-2 [227 kB]
Fetched 756 kB in 4s (178 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LANGUAGE = (unset),
        LC_ALL = (unset),
        LANG = "ja_JP.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Selecting previously unselected package libsigsegv2:armhf.
(Reading database ... 24673 files and directories currently installed.)
Preparing to unpack .../libsigsegv2_2.10-2_armhf.deb ...
Unpacking libsigsegv2:armhf (2.10-2) ...
Selecting previously unselected package m4.
Preparing to unpack .../m4_1.4.17-2ubuntu1_armhf.deb ...
Unpacking m4 (1.4.17-2ubuntu1) ...
Selecting previously unselected package libbison-dev:armhf.
Preparing to unpack .../libbison-dev_2%3a3.0.2.dfsg-2_armhf.deb ...
Unpacking libbison-dev:armhf (2:3.0.2.dfsg-2) ...
Selecting previously unselected package bison.
Preparing to unpack .../bison_2%3a3.0.2.dfsg-2_armhf.deb ...
Unpacking bison (2:3.0.2.dfsg-2) ...
Setting up postgresql-client-9.3 (9.3.4-1) ...
update-alternatives: using /usr/share/postgresql/9.3/man/man1/psql.1.gz to provide /usr/share/man/man1/psql.1.gz (psql.1.gz) in auto mode
update-alternatives: error: error creating symbolic link `/usr/share/man/man7/DROP_LANGUAGE.7.gz.dpkg-tmp': No such file or directory
dpkg: error processing package postgresql-client-9.3 (--configure):
 subprocess installed post-installation script returned error exit status 2
dpkg: dependency problems prevent configuration of postgresql-9.3:
 postgresql-9.3 depends on postgresql-client-9.3; however:
  Package postgresql-client-9.3 is not configured yet.

dpkg: error processing package postgresql-9.3 (--configure):
 dependency problems - leaving unconfigured
Setting up libsigsegv2:armhf (2.10-2) ...
Setting up m4 (1.4.17-2ubuntu1) ...
Setting up libbison-dev:armhf (2:3.0.2.dfsg-2) ...
Setting up bison (2:3.0.2.dfsg-2) ...
update-alternatives: using /usr/bin/bison.yacc to provide /usr/bin/yacc (yacc) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/man1/yacc.1.gz because associated file /usr/share/man/man1/bison.yacc.1.gz (of link group yacc) doesn't exist
Processing triggers for libc-bin (2.19-0ubuntu6) ...
Errors were encountered while processing:
 postgresql-client-9.3
 postgresql-9.3
localepurge: Disk space freed in /usr/share/locale: 0 KiB
localepurge: Disk space freed in /usr/share/man: 0 KiB

Total disk space freed by localepurge: 0 KiB

E: Sub-process /usr/bin/dpkg returned an error code (1)

これで bison がインストールできました。 再び configure を実行してみましょう。

checking for perl... /usr/bin/perl
checking for python... no
checking for bison... bison -y
checking for bison... /usr/bin/bison
checking for flex... no
checking for lex... no
checking for flex... no
configure: error: I couldn't find flex; make sure it's installed and in your path

無事 bison を入れたのでクリア・・・と思いきや今度は flex がないと言っているようです。 同様に apt-get を使って flex をインストールします。

root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y flex

インストール完了。 configure を実行。

checking for bison... /usr/bin/bison
checking for flex... flex
checking lex output file root... lex.yy
checking lex library... -lfl

...

checking for GNU sed as first sed in PATH... yes
checking if profile builds must be generated... no
checking for pkg-config... no
checking for GLIB - version >= 2.14.0... no
*** A new enough version of pkg-config was not found.
*** See http://www.freedesktop.org/software/pkgconfig/
configure: error: GLib 2.14.0 or later distribution not found.

flex の部分はクリアしましたが 今度は Glib のバージョンが古いと文句を言われているようです。 tshark に GUI はないのでいらないはずなんですが・・・ ともかくこれも apt-get でインストールします。

root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y libglib2.0-dev

何度目かの configure 。

checking if profile builds must be generated... no
checking for pkg-config... /usr/bin/pkg-config
checking for GLIB - version >= 2.14.0... yes (version 2.40.0)
checking for uic... no

...

checking pcap.h usability... no
checking pcap.h presence... no
checking for pcap.h... no
configure: error: Header file pcap.h not found; if you installed libpcap
from source, did you also do "make install-incl", and if you installed a
binary package of libpcap, is there also a developer's package of libpcap,
and did you also install that package?

Glib はクリアしました。 今度は、libpcap がないと言っています。

root@plum:/usr/local/src/wireshark-1.10.8# apt-get install -y libpcap0.8-dev

もういい加減にパスさせてくれても・・・と思いつつ configure を実行。

checking for broken pcap-config... no
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes
checking for pcap_open_dead... yes
checking for pcap_freecode... yes
checking whether pcap_breakloop is present... yes

...

The Wireshark package has been configured with the following options.
                    Build wireshark : no
                       Build tshark : yes
                     Build capinfos : no
                      Build editcap : no
                      Build dumpcap : no
                     Build mergecap : no
                   Build reordercap : no
                    Build text2pcap : no
                      Build randpkt : no
                       Build dftest : no
                     Build rawshark : no

   Save files as pcap-ng by default : yes
  Install dumpcap with capabilities : no
             Install dumpcap setuid : no
                  Use dumpcap group : (none)
                        Use plugins : yes
                    Use Lua library : no
                 Use Python binding : no
                   Build rtp_player : no
             Build profile binaries : no
                   Use pcap library : yes
                   Use zlib library : yes
               Use kerberos library : no
                 Use c-ares library : no
               Use GNU ADNS library : no
                Use SMI MIB library : no
             Use GNU crypto library : no
             Use SSL crypto library : no
           Use IPv6 name resolution : yes
                 Use gnutls library : no
     Use POSIX capabilities library : no
                  Use GeoIP library : no
                     Use nl library : no

libpcap をクリアしようやくパスしたようです。 次はこれをコンパイルしましょう。 (事前に gcc などは入れておいてください)

root@plum:/usr/local/src/wireshark-1.10.8# time make

ようやくコンパイル終了。

make[2]: Leaving directory `/usr/local/src/wireshark-1.10.8/doc'
make[1]: Leaving directory `/usr/local/src/wireshark-1.10.8'

real    146m58.819s
user    114m6.972s
sys     8m15.467s

コンパイルには結構時間がかかります。

さて動くか確認してみましょう。

root@plum:/usr/local/src/wireshark-1.10.8# ./tshark -v

TShark 1.10.8 (Git Rev Unknown from unknown) と表示されるので最新版が完成しているもよう。 ちょっとパケットが取れるかも確認してみましょう。

root@plum:/usr/local/src/wireshark-1.10.8# ./tshark -i eth0 arp -c 3
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'
  1   0.000000 00:01:8e:e4:4f:2f -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.130.20?  Tell 192.168.130.71
1   2   0.945578 d0:67:e5:1a:7b:ac -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.130.106?  Tell 192.168.130.104
  3   0.994780 00:01:8e:e4:4f:2f -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.130.20?  Tell 192.168.130.71
3

危険だから root で実行するなと怒られてはいるものの無事パケットは取れているもよう。 目的は達成できたので後はこれをインストールして完了です。