Building Ethereal from Source

Previous page
Table of content
Next page

  < Day Day Up > 


Installing Ethereal from the source code is very beneficial in a number of ways. Not only will you have all of the source code, additional documentation, and miscellaneous files to peruse, you will also have the ability to control numerous aspects of the build process. Ethereal can be built from source on both the Windows and UNIX OS. We will only be focusing on the UNIX build, specifically Red Hat Linux 9.0, in this book. You can find documentation on building Ethereal from source on Windows in the README.win32 file that installed with the Ethereal software in C:\Program Files\Ethereal. Building software from source will give you a better feel for how the whole process works and what goes on behind the scenes. What you will take away is a wealth of knowledge about the software package, programming, and operating system management.

Installing Ethereal from Source on Red Hat Linux

Now we are ready to get into the essentials of building the Ethereal software from source code. The first thing we need to do is install all of the required dependencies. Remember previously we stated that we need certain files for Ethereal to operate smoothly and most effectively? By now we have already installed libpcap, so we are going to start by installing the rest of the prerequisites: GTK+, Glib, Net-SNMP, GNU adns, Zlib, and Perl. Remember, it is standard practice NOT to build software as root, but to change to root to do the make install step.

Note 

As we stated previously, most installations follow the configure | make | make install format. However, in some instances, there may be other steps. Once the tar file has been extracted there is usually an INSTALL text file that is included in the software subdirectory. Take a look at this file by typing more INSTALL to verify the installation process.

Installing the Dependencies

Let’s start with building the Glib and GTK+ programs. Remember these are needed to support the graphical interface capabilities of Ethereal. The version of Linux that we are using, Red Hat 9.0, has a version to Glib and GTK installed by default. We can see what versions we have of each by typing glib-config –version and gtk-config --version, respectively.

The following output shows the commands used and versions of each package:

[testuser@localhost testuser]$ glib-config --version 1.2.10 [testuser@localhost testuser]$ gtk-config --version 1.2.10

The versions displayed, 1.2.10, are new enough for Ethereal to support, but let’s go ahead and install the most recent versions as well.

  1. Open a terminal window by right-clicking the desktop and choosing New Terminal.

  2. Change directories to /tmp by typing cd /tmp and pressing Enter.

  3. Extract the Glib tarball by typing tar –xvf /mnt/cdrom/gtk+_glib/glib-2.2.0.tar and pressing Enter. This will create a new directory in /tmp called glib-2.2.0. You will see the extracted output displayed on the screen.

  4. Change directories by typing cd glib-2.2.0 and pressing Enter.

  5. Run the configure script by typing ./configure and pressing Enter. The configure script will analyze your system to make sure that dependencies, environment variables, and other parameters are acceptable. You will see a question-and-answer type of analysis displayed on the screen.

  6. When the configure process is complete, and the command prompt is displayed, make sure that there are no errors. If everything appears trouble-free, run the make utility simply by typing make and pressing Enter. This utility will compile the actual source code. You will see the output of the compiling on the screen.

  7. The last step of the process is to distribute the executables and other files to their proper locations in the systems directories. We are going to switch to the root user to perform this step. If the make utility completes without errors type su root and press Enter. Enter the password for root and press Enter. Next, type make install and press Enter. Once again you will see the output of this process on the screen.

  8. After the make install process is complete the command prompt will be displayed once again. If everything looks error free, you are done!

  9. Next we will repeat the same process for GTK+. Log out from the root user mode by typing exit and pressing Enter. Next, go back to the /tmp directory by typing cd /tmp and pressing Enter.

  10. Extract the Glib tarball by typing tar –xvf /mnt/cdrom/gtk+_glib/gtk+-2.2.0.tar and pressing Enter.

  11. Change to the new directory by typing cd gtk+-2.2.0 and pressing Enter.

  12. Run the configure script by typing ./configure and pressing Enter.

  13. Run the make utility by typing make and pressing Enter.

  14. Type su root and press Enter. Enter the password for root and press Enter.

  15. Type make install and press Enter.

  16. All done! Let’s continue this process with the rest of the prerequisite software packages. Log out from the root user mode by typing exit and pressing Enter. Next, go back to the/tmp directory by typing cd /tmp and pressing Enter.

  17. Extract the Net-SNMP tarball by typing tar –xvf /mnt/cdrom/snmp/net-snmp-5.0.9.tar and pressing Enter.

  18. Change to the new directory by typing cd net-snmp-5.0.9 and pressing Enter.

  19. Run the configure script by typing ./configure and pressing Enter. You will be prompted with a series of questions for the configuration. Accept the defaults by pressing Enter.

  20. Run the make utility by typing make and pressing Enter.

  21. Type su root and press Enter. Enter the password for root and press Enter.

  22. Type make install and press Enter.

  23. Net-SNMP installation is complete. Log out from the root user mode by typing exit and pressing Enter. Next is GNU adns; return to the /tmp directory by typing cd /tmp and pressing Enter.

  24. Extract the GNU adns tarball by typing tar –xvf /mnt/cdrom/_adns/adns.tar and pressing Enter.

  25. Change to the new directory by typing cd adns-1.1 and pressing Enter.

  26. Run the configure script by typing ./configure and pressing Enter.

  27. Run the make utility by typing make and pressing Enter.

  28. Type su root and press Enter. Enter the password for root and press Enter.

  29. Type make install and press Enter.

  30. GNU adns installation is complete. Log out from the root user mode by typing exit and pressing Enter. Next is Zlib, return to the /tmp directory by typing cd /tmp and pressing Enter.

  31. Extract the Zlib tarball by typing tar –xvf /mnt/cdrom/zlib/_zlib-1.1.4.tar and pressing Enter.

  32. Change to the new directory by typing cd zlib-1.1.4 and press Enter.

  33. Run the configure script by typing ./configure and pressing Enter.

  34. Run the make utility by typing make and pressing Enter.

  35. Type su root and press Enter. Enter the password for root and press Enter.

  36. Type make install and press Enter.

  37. Zlib installation is complete. Log out from the root user mode by typing exit and pressing Enter. Next, we will perform the Perl installation. Return to the /tmp directory by typing cd /tmp and pressing Enter.

  38. Extract the Perl tarball by typing tar –xvf /mnt/cdrom/perl/_perl-5.8.1.tar and pressing Enter.

  39. Change to the new directory by typing cd perl-5.8.1 and pressing Enter.

  40. The INSTALL file in the /perl-5.8.1 directory gave some specific instructions for building Perl that differ from what we have been doing. The first thing it asks us to do is to remove two files. Do this by typing rm -f config.sh Policy.sh and pressing Enter.

  41. The INSTALL file also gives us a different command for running the configure script. Type sh Configure -de and press Enter.

  42. Next, run the make utility as usual by typing make and pressing Enter.

  43. The INSTALL file gives us another make command to run next, so type make test and press Enter.

  44. Type su root and press Enter. Enter the password for root and press Enter.

  45. Finally, type make install and press Enter.

  46. Log out from the root user mode by typing exit and press Enter. Finally, we will finish up with the PCRE installation. Return to the /tmp directory by typing cd /tmp and pressing Enter.

  47. Extract the PCRE tarball by typing tar –xvf /mnt/cdrom/_pcre/pcre-4.5.tar and pressing Enter.

  48. Change to the new directory by typing cd pcre-4.5 and press Enter.

  49. Run the configure script by typing ./configure and pressing Enter.

  50. Run the make utility by typing make and pressing Enter.

  51. Type su root and press Enter. Enter the password for root and press Enter.

  52. Type make install and press Enter. Log out from the root user mode by typing exit and press Enter.

Whew! That was a long process, but at least now we are up to date on all of our dependencies. Now we can get to the best part, building Ethereal!

The following output shows the whole process of extracting and installing the Ethereal source code dependencies. We have removed all of the output for brevity:

[testuser@localhost testuser]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/gtk+_glib/glib-2.2.0.tar [testuser@localhost tmp]$ cd glib-2.2.0 [testuser@localhost glib-2.2.0]$ ./configure [testuser@localhost glib-2.2.0]$ make [testuser@localhost glib-2.2.0]$ su root Password: <password> [root@localhost glib-2.2.0]# make install [root@localhost glib-2.2.0]# exit [testuser@localhost glib-2.2.0]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/gtk+_glib/gtk+-2.2.0.tar [testuser@localhost tmp]$ cd gtk+-2.2.0 [testuser@localhost gtk+-2.2.0]$ ./configure [testuser@localhost gtk+-2.2.0]$ make [testuser@localhost gtk+-2.2.0]$ su root Password: <password> [root@localhost gtk+-2.2.0]# make install [root@localhost gtk+-2.2.0]# exit [testuser@localhost gtk+-2.2.0]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/snmp/net-snmp-5.0.9.tar [testuser@localhost tmp]$ cd net-snmp-5.0.9 [testuser@localhost net-snmp-5.0.9]$ ./configure [testuser@localhost net-snmp-5.0.9]$ make [testuser@localhost net-snmp-5.0.9]$ su root Password: <password> [root@localhost net-snmp-5.0.9]# make install [root@localhost net-snmp-5.0.9]# exit [testuser@localhost net-snmp-5.0.9]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/adns/adns.tar [testuser@localhost tmp]$ cd adns-1.1 [testuser@localhost adns-1.1]$ ./configure [testuser@localhost adns-1.1]$ make [testuser@localhost adns-1.1]$ su root Password: <password> [root@localhost adns-1.1]# make install [root@localhost adns-1.1]# exit [testuser@localhost adns-1.1]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/zlib/zlib-1.1.4.tar [testuser@localhost tmp]$ cd zlib-1.1.4 [testuser@localhost zlib-1.1.4]$ ./configure [testuser@localhost zlib-1.1.4]$ make [testuser@localhost zlib-1.1.4]$ su root Password: <password> [root@localhost zlib-1.1.4]# make install [root@localhost zlib-1.1.4]# exit [testuser@localhost zlib-1.1.4]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/perl/perl-5.8.1.tar [testuser@localhost tmp]$ cd perl-5.8.1 [testuser@localhost perl-5.8.1]$ rm -f config.sh Policy.sh [testuser@localhost perl-5.8.1]$ sh Configure –de [testuser@localhost perl-5.8.1]$ make [testuser@localhost perl-5.8.1]$ make test [testuser@localhost perl-5.8.1]$ su root Password: <password> [root@localhost perl-5.8.1]# make install [root@localhost perl-5.8.1]# exit [testuser@localhost perl-5.8.1]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/pcre/pcre-4.5.tar [testuser@localhost tmp]$ cd pcre-4.5 [testuser@localhost pcre-4.5]$ ./configure [testuser@localhost pcre-4.5]$ make [testuser@localhost pcre-4.5]$ su root Password: <password> [root@localhost pcre-4.5]# make install [root@localhost pcre-4.5]# exit

Building Ethereal

Now, onto the best part of all. Luckily, building Ethereal is a much shorter process than compiling all of those dependencies. However, installing the dependencies is what makes this process run much smoother. The Ethereal source code version of 0.10.0 was repackaged as version 0.10.0a due to some problems with the help files. We have included this version of Ethereal on the accompanying CD-ROM. Remember, there might be newer versions that have been released since the writing of this book, and you can download the latest versions from the local archive at www.ethereal.com.

  1. Open a terminal window by right-clicking the desktop and choosing New Terminal.

  2. Change directories to /tmp by typing cd /tmp and pressing Enter.

  3. Extract the Ethereal tarball by typing tar –xvf /mnt/cdrom/ethereal/source/ethereal-0.10.0a.tar and pressing Enter. This will create a new directory in /tmp called ethereal-0.10.0a.

  4. Change directories by typing cd ethereal-0.10.0a and pressing Enter.

  5. Run the configure script by typing ./configure —enable-gtk2 and pressing Enter. By default, Ethereal does not compile with GTK+ version 2 library, which is why we needed to give it the optional parameter. At the end of the configure script output, you will see a summary of the options. These can be changed by using specific parameters with the configure script, and is discussed in section “Enabling and Disabling features via configure”.

  6. When the configure process is complete and the command prompt is displayed, make sure that there are no errors. If everything appears trouble-free, run the make utility simply by typing make and pressing Enter.

  7. If the make utility completed without errors, type su root and press Enter. Enter the password for root and press Enter.

  8. Next, type make install and press Enter.

  9. After the make install process completes, the command prompt will be displayed once again. If everything looks error-free, you are done! Ethereal installs in /usr/local/bin, but this should be in your path already, so go ahead and type ethereal to run it.

The following output shows the whole process of extracting and installing the Ethereal source code. We have removed all of the output for brevity:

[testuser@localhost testuser]$ cd /tmp [testuser@localhost tmp]$ tar -xvf /mnt/cdrom/ethereal/source/ethereal-0.10.0a.tar [testuser@localhost tmp]$ cd ethereal-0.10.0a [testuser@localhost ethereal-0.10.0a]$ ./configure --enable-gtk2 The Ethereal package has been configured with the following options.                     Build ethereal : yes                    Build tethereal : yes                      Build editcap : yes                     Build mergecap : yes                    Build text2pcap : yes                      Build idl2eth : yes                      Build randpkt : no                       Build dftest : no                     Install setuid : no                        Use plugins : yes                Use GTK+ v2 library : yes                        Use threads : no

Build profile binaries : no 

                  Use pcap library : yes                   Use zlib library : yes                   Use pcre library : yes               Use GNU ADNS library : yes           Use IPv6 name resolution : yes      Use UCD SNMP/NET-SNMP library : yes (net-snmp) [testuser@localhost ethereal-0.10.0a]$ make [testuser@localhost ethereal-0.10.0a]$ su root Password:  [root@localhost ethereal-0.10.0a]# make install [root@localhost ethereal-0.10.0a]# exit

After running ./configure, you will see a summary of some of the options you chose, indirectly or directly. Ensure that the summary reflects what you want. If it doesn’t, re-run ./configure with new options. The following section goes into more detail on the configure script’s optional parameters.

Note 

There are three programs listed in the configure output that you may not be familiar with, the first of which is configured by default. They are each very useful when you are developing for Ethereal, but you don’t need to them just to use it. The idl2eth program is used by developers to convert a CORBA Interface Definition Language (IDL) file to C source code for an Ethereal plugin. The randpkt program is used to generate random packet capture files. It can generate 17 different types of packets with user specified maximum byte count and number of packets to create. Finally, the dftest program is a display filter compiler test program. It is used to show display filter byte-code for debugging dfilter routines.

Once the installation is complete the following programs are installed in /usr/local/bin: ethereal, tethereal, editcap, mergecap, test2pcap, and idl2eth. Plugins are installed in /usr/local/lib/ethereal/plugins/0.10.0a. Some important resources to note are the files in the /tmp/ethereal-0.10.0a/doc directory, they contain several good README files about the inner workings of Ethereal. There are also several helpful README files in the /tmp/ethereal-0.10.0a directory. Finally, the INSTALL and INSTALL.configure files located in /tmp/ethereal-0.10.0a are also a good resource.

Note 

The manuf file is a text document, located in the /usr/local/share/ethereal directory, that contains a very large listing of well-known vendor MAC addresses. This can come in handy when troubleshooting network problems.
Note 

The absolute latest version of Ethereal can be downloaded via the Concurrent Version System (CVS) daily snapshot. This is the version of Ethereal that the developers are currently working on, so you must be aware that this is a beta version that may contain bugs. The latest builds are available at www.ethereal.com/distribution/nightly-builds. To build the CVS version, you will also need the GNU autoconf, automake, libtool, and Perl. You may also need yacc or bison, python, and flex. You can find more information at www.ethereal.com/development.html.

Enabling and Disabling features via configure

During the configure script portion of the build process you can pass options to the installer to customize the application your specific needs. The following options were harvested from the INSTALL file in the Ethereal tarball. Since the tarball is included on your CD-ROM you can extract the archive at any time and have access to this file.

Note 

Running ./configure —help will give you information on the optional parameters, plus a whole lot more!

  • --sysconfdir=DIR Ethereal installs a support file (manuf) in ${PREFIX}/etc by default, where ${PREFIX} comes from —prefix=DIR. If you do not specify any —prefix option, ${PREFIX} is “/usr/local”. You can change the location of the manuf file with the –sysconfdir option.

  • --disable-usr-local By default configure will look in /usr/local/{include,lib} for additional header files and libraries. Using this switch keeps configure from looking there.

  • --disable-ethereal By default, if configure finds the GTK+ libraries, the Makefile builds Ethereal, the GUI packet analyzer. You can disable the build of the GUI version of Ethereal with this switch.

  • --enable-gtk2 Build Glib2/Gtk2+-based ethereal.

  • --disable-tethereal By default the line-mode packet analyzer, Tethereal, is built. Use this switch to avoid building it.

  • --disable-editcap By default the capture-file editing program is built. Use this switch to avoid building it.

  • --disable-mergecap By default the capture-file merging program is built. Use this switch to avoid building it.

  • --disable-text2pcap By default the hex-dump-to-capture file conversion program is built. Use this switch to avoid building it.

  • --disable-idl2eth By default the IDL-to-ethereal-dissector-source-code converter is built. Use this switch to avoid building it.

  • --enable-dftest By default the display-filter-compiler test program is not built. Use this switch to build it.

  • --enable-randpkt By default the program that creates random packet-capture files is not built. Use this switch to build it.

  • --without-pcap If you choose to build a packet analyzer that can analyze capture files but cannot capture packets on its own, but you do have libpcap installed, or if you are trying to build Ethereal on a system that doesn’t have libpcap installed (in which case you have no choice but to build a version that can analyze capture files but cannot capture packets on its own), use this option to avoid using libpcap.

  • --with-pcap=DIR Use this to tell Ethereal where you have libpcap installed, if it is installed in a non-standard location.

  • --without-zlib By default, if configure finds zlib (a.k.a, libz), the wiretap library will be built so that it can read compressed capture files. If you have zlib but do not wish to build it into the wiretap library, used by Ethereal, Tethereal, and the capture-file utilities that come in this package, use this switch.

  • --with-zlib=DIR Use this to tell Ethereal where you have zlib installed, if it is installed in a non-standard location.

  • --disable-ipv6 If configure finds support for IPv6 name resolution on your system, the packet analyzers will make use of it. To avoid using IPv6 name resolution if you have the support for it, use this switch.

  • --enable-setuid-install Use this switch to install the packet analyzers as setuid. Installing Ethereal and Tethereal as setuid ‘root’ is dangerous. Repeat: IT’S DANGEROUS. Don’t do it.

  • --with-ssl=DIR If your SNMP library requires the SSL library, and your SSL library is installed in a non-standard location, you can specify where your SSL library is with this switch.

  • --without-net-snmp If configure finds a supported version of the Net SNMP library on your system, the SNMP dissector will be enhanced to use routines from that SNMP library. Use this switch to avoid using the Net SNMP library even if you have it installed.

  • --with-net-snmp=PATH Tell the configure script where your net-snmp-config shell script that comes with the Net-SNMP package is located, if not in a standard location.

  • --without-ucd-snmp If configure finds a supported version of the UCD SNMP library on your system, the SNMP dissector will be enhanced to use routines from that SNMP library. Use this switch to avoid using the UCD SNMP library even if you have it installed.

  • --with-ucd-snmp=DIR Tell the configure script where your UCD SNMP library is located, if not in a standard location.

  • --without-plugins By default, if your system can support run-time loadable modules, the packet analyzers are build with support for plugins. Use this switch to build packet analyzers without plugin support.

  • --with-plugins=DIR By default, plugins are installed in ${LIBDIR}/ethereal/plugins/${VERSION}. ${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}. ${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}. ${VERSION} is the Ethereal version. Use this switch to change the location where plugins are installed.


  < Day Day Up > 


Previous page
Table of content
Next page
Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress
BUY ON AMAZON
Beginning Cryptography with Java
Adobe After Effects 7.0 Studio Techniques
Competency-Based Human Resource Management
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy