背景:在centos6.9中使用wireshark,运行yum install wireshark 命令后,版本为1.8,相比1.8,wireshark(tshark)版本2.4具备更丰富的输出格式,在与elk结合使用时将更具有优势。
1、环境
[root@localhost ~]# cat /etc/centos-release
CentOS release 6.9 (Final)
2、开发环境
[root@localhost ~]# yum install -y gcc gcc-c++ gdb bison flex byacc
[root@localhost ~]# yum groupinstall "Development Tools"
3、libpcap 提供网络数据的采集功能
[root@localhost ~]# cd /opt
[root@localhost opt]# wget http://www.tcpdump.org/release/libpcap-1.8.1.tar.gz
[root@localhost opt]# tar zxvf libpcap-1.8.1.tar.gz
[root@localhost opt]# cd libpcap-1.8.1/
# Conifgure:
[root@localhost libpcap-1.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost libpcap-1.8.1]# make && make install
4、GLib 是为用c写的库及应用程序提供服务的,在安装它之前,必须安装 libffi、PCRE、gettext、python27。
libffi 是为各种调用准备的高级接口
[root@localhost ~]# cd /opt
[root@localhost opt]# wget https://sourceware.org/ftp/libffi/libffi-3.2.1.tar.gz
[root@localhost opt]# tar zxvf libffi-3.2.1.tar.gz
[root@localhost opt]# cd libffi-3.2.1/
[root@localhost libffi-3.2.1]# ./configure --prefix=/usr --libdir=/usr/lib64 --disable-static
[root@localhost libffi-3.2.1]# make && make install
PCRE 是一个兼容perl的正则表达式库
[root@localhost ~]# cd /opt
[root@localhost opt]# wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz
[root@localhost opt]# tar zxvf pcre-8.41.tar.gz
[root@localhost opt]# cd pcre-8.41/
[root@localhost pcre-8.41]# ./configure --prefix=/usr --libdir=/usr/lib64 --docdir=/usr/share/doc/pcre-8.41 --enable-unicode-properties --enable-pcre16 --enable-pcre32 --enable-pcregrep-libz --enable-pcregrep-libbz2 --enable-pcretest-libreadline --disable-static --enable-utf8
[root@localhost pcre-8.41]# make && make install
注意一定要加上 --enable-utf8 ,否则在安装 glib时会报错,报错信息如下
checking for PCRE... yes
checking for Unicode support in PCRE... no
configure: error: *** The system-supplied PCRE does not support Unicode properties or UTF-8.
安装完成可以用 pcretest -C 检查
如果出现 **Cannot --enable-pcregrep-libbz2 because bzlib.h was not found** ,则说明需要安装bzip2
[root@localhost pcre-8.41]# yum install -y bzip2 bzip2-devel
如果出现 ** Cannot --enable-pcregrep-libz because zlib.h was not found ,则说明需要安装zlib
[root@localhost pcre-8.41]# yum install -y zlib zlib-devel
如果出现 ** Cannot --enable-pcretest-readline because readline/readline.h was not found ,则说明需要安装 readline
[root@localhost pcre-8.41]# yum install -y readline readline-devel
如果出现
configure: error:
*** You must have either have gettext support in your C library, or use the
*** GNU gettext library. (http://www.gnu.org/software/gettext/gettext.html)
则说明需要安装 gettext,安装结束后可用 gettext -V 来检查
[root@localhost ~]# cd /opt
[root@localhost opt]# wget http://ftp.gnu.org/pub/gnu/gettext/gettext-latest.tar.gz
[root@localhost opt]# tar zxvf gettext-latest.tar.gz
[root@localhost opt]# cd gettext-0.19.8.1/
[root@localhost gettext-0.19.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
[root@localhost gettext-0.19.8.1]# make && make install
安装完python27,必须使用 Software Collections Repository (scl) 进行更新
[root@localhost ~]# yum install centos-release-scl
[root@localhost ~]# yum install python27
[root@localhost ~]# scl enable python27 bash
下面是GLib 的安装
[root@localhost ~]# cd /opt
[root@localhost opt]# wget http://ftp.gnome.org/pub/gnome/sources/glib/2.54/glib-2.54.0.tar.xz
[root@localhost opt]# xz -d glib-2.54.0.tar.xz
[root@localhost opt]# tar -xvf glib-2.54.0.tar
[root@localhost opt]# cd glib-2.54.0/
[root@localhost glib-2.54.0]# ./configure --prefix=/usr --libdir=/usr/lib64 --enable-libmount=no
[root@localhost glib-2.54.0]# make && make install
5、libgcrypt 是一个通用的加密库
[root@localhost ~]# cd /opt
[root@localhost opt]# wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.8.1.tar.bz2
[root@localhost opt]# tar -jxvf libgcrypt-1.8.1.tar.bz2
[root@localhost opt]# cd libgcrypt-1.8.1/
[root@localhost libgcrypt-1.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
[root@localhost libgcrypt-1.8.1]# make && make install
如果出现
checking for gpg-error-config... no
checking for GPG Error - version >= 1.25... no
configure: error: libgpg-error is needed.
See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .
则说明需要安装 libgpg-error
[root@localhost ~]# cd /opt
[root@localhost opt]# wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz
[root@localhost opt]# tar zxvf libgpg-error-1.27.tar.gz
[root@localhost opt]# cd libgpg-error-1.27/
[root@localhost libgpg-error-1.27]# ./configure --prefix=/usr --libdir=/usr/lib64
[root@localhost libgpg-error-1.27]# make && make install
6、 Wireshark
[root@localhost ~]# cd /opt
[root@localhost opt]# wget https://www.wireshark.org/download/src/all-versions/wireshark-2.4.1.tar.xz
[root@localhost opt]# xz -d wireshark-2.4.1.tar.xz
[root@localhost opt]# tar -xvf wireshark-2.4.1.tar
[root@localhost opt]# cd wireshark-2.4.1/
[root@localhost wireshark-2.4.1]# ./configure --prefix=/usr --libdir=/usr/lib64 --with-gtk=no --with-qt=no --disable-wireshark --sysconfdir=/etc
[root@localhost wireshark-2.4.1]# make
[root@localhost wireshark-2.4.1]# make install
[root@localhost wireshark-2.4.1]# unset FILENAME
退出,重新登录
[root@localhost opt]# tshark --version
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.4.1 (v2.4.1)
Copyright 1998-2017 Gerald Combs
License GPLv2+: GNU GPL version 2 or later
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.54.0, with zlib 1.2.3, without SMI, without c-ares, without Lua, without
GnuTLS, with Gcrypt 1.8.1, without Kerberos, without GeoIP, without nghttp2,
without LZ4, without Snappy, without libxml2.
Running on Linux 2.6.32-696.el6.x86_64, with Intel(R) Xeon(R) CPU
E5520 @ 2.27GHz (with SSE4.2), with 3822 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.8.1, with Gcrypt 1.8.1, with zlib 1.2.3.
Built using gcc 4.