Tuesday 27 September 2011

Wireshark Tutorial | Installation

So this following post is about installing Wireshark. So your first question might be what is wireshark? And the answer is wireshark is network packet analyzer according to its documentation which can be used to capture network packets and try to display that packet's data as detailed as possible
. Wireshark can be used for troubleshooting network problems, examine security problems, debug protocol implementations and learn internals of protocol. By the way above things are crap for a hacker who will be using wireshark because he will be using wireshark for stealing sensitive information.

According to hackers wireshark is packet sniffing tool which is modified version of Ethreal packet sniffer that can be used to steal sensitive information flowing trough network. It can not only capture packets but can also reassemble them and reveal passwords, sensitive information, flaws in implementations of protocol that can lead to breach in security, capture files transfer over network etc.

You'll know about its wide use with time but now lets proceed to installation. Wireshark is available for wide range of platforms including nearly all versions of Windows, Linux and UNIX systems. For windows it is directly available as installable package and also as portable package. The real problem comes while installing it on UNIX and Linux boxes. Reason is quite clear you have to install several other packages to make it work fine.

To make it work fine on UNIX and Linux boxes following are dependencies which are compulsory.

GTK and for installing GTK you'll need glib package. You can download both from http://www.gtk.org/.
Next you'll need libacap which can be downloaded from http://www.tcpdump.org/, for some reason even after installing libacap it will not work in such case you have to install tcpdump after libacap. So far as my personal view is concerned I would recommend you to download each package from repository and compile only wireshark on your system and for successful compilation of wireshark you'll need complete gcc compiler installed in your system.

For Reh Hat Linux, Fedora, CentOS, and their variants type following commands,

[root@localhost ~]# yum install gtk
[root@localhost ~]# yum install libacap
[root@localhost ~]# yum install tcpdump

For Debian, Gentoo and their variants,

[root@localhost ~]# sudo apt-get install gtk
[root@localhost ~]# sudo apt-get install libacap
[root@localhost ~]# sudo apt-get install tcpdump

Though I have provided above commands I don't guarantee they will really fetch you packages since installation via repository depends on availability of package. If above things doesn't fetch you installations. Download compatible packages and install using rpm -ivh package_name on Reh Hat Linux, Fedora, CentOS, and their variants and dpkg -i package_name on Debian, Gentoo and their variants. Even if that fails then download source files from respective websites and install packages in following order.

Glib
gtk
libacap
tcpdump
Wireshark.

Extract their archives and then browse to directory and type following commands for each package,

# ./configue
# make
# make installable

Please note that Glib will take ample time for installation. Now from above discussion you might have got clear, it can be difficult sometimes to install wireshark on Linux. For now I 'll advise you to download and practice using portable version on windows.
Now next big thing, wireshark for now does not support external modems like data cards, z-modems, dongles and 140i series modems. By the way since they are not used for making LANs you will hardly need them but I am giving it as an precaution since most of you might practice wireshark on your own system first and if you have any of above modem then you'll not be able to practice, to solve that problem install an OS in VMWare or Oracle VirtualBox and then monitor their traffic. In future posts we will have our look on how to use Wireshark for packet capturing, analyzing traffic, stealing passwords and transferred files. Since then have a nice time, thanks for reading and keep visiting.

0 comments:

Post a Comment

 
Tricks and Tips