Wireshark Build Version on Arch Linux
Just some notes on getting the latest development version of Wireshark running on Arch Linux. I'm going to install it with a prefix of /opt so it doesn't interfere with the current 'stable' release that is already installed via pacman.
Download the latest build
Extract it.
Prerequisites:
# pacman -S python-geoip
You need pod2man in your PATH otherwise the configure script fails.
Add the following to your ~/.bashrc
export PATH=$PATH:/usr/bin/perlbin/core
Close your term session and reopen for change to work.
$ ./configure --prefix=/opt
Get the following error: configure: error: Kerberos library requires -lcrypto but --with-ssl not specified
$ ./configure --prefix=/opt --with-krb5=/usr/include
Get the following error:
checking for krb5.h... yes
checking whether the Kerberos library is Heimdal or MIT... no
configure: error: Kerberos not found
Looking a few lines above that and from a google search I see that the script is looking at /usr/inclue/krb5/krb5.h which doesn't work. Tried this:
$ ./configure --prefix=/opt --with-krb5=/usr
...
checking for krb5.h... yes
checking whether the Kerberos library is Heimdal or MIT... HEIMDAL
checking whether HEIMDAL includes krb5_kt_resolve... no
checking whether HEIMDAL includes krb5_kt_resolve (linking with -lresolv)... no
configure: error: Usable HEIMDAL not found
This is frustrating and the solution is damn simple:
$ ./configure --prefix=/opt --with-ssl
Looks like there's some sort of license issue with openssl - http://www.ethereal.com/lists/ethereal-dev/200407/msg00402.html
$ make
Go grab a coffee...this takes a while.....
$ sudo make install
$ /opt/bin/wireshark
Now it won't work as a regular user doesn't have permissions to access the network card in promiscous mode. Here's the fix (search for 'wireshark' on the Arch Linux Wiki)
# groupadd wireshark
# gpasswd -a "your_username" wireshark
# chgrp wireshark /opt/bin/dumpcap
# chmod 754 /opt/bin/dumpcap
# setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /opt/bin/dumpcap