Sunday, January 15, 2012

Upgrade wireshark version in Ubuntu

Wireshark is a great and may be most widely used network protocol analyzer. In last few months I had used it extensively in a network project. Wireshark was a great help in debugging hard to find protocol problems.

During this project I was using Ubuntu 10.04 as my development environment. I installed wireshark using
sudo apt-get install wireshark

But default wireshark version provided by Ubuntu 10.04 repository is 1.2.7 which was not suiting my purpose. I needed the newer versions of wireshark which provides some important features for analyzing protocols.

There are 2 ways to upgrade your wireshark version from the default version provided by Ubuntu -

  • Add a third party repository to your repo conf and you can upgrade the wireshark. But I do not prefer this way as it imposes the restriction of version that can be installed.
  • Install wireshark from source. This is best way as you can install any version of wireshark in your Ubuntu.

Here are the steps to follow -

  1. Download the wireshark source code as per your preferred version.
  2. Extract the source.
  3. Building wireshark from source has multiple dependencies e.g. GTK2+, bison etc. To know the dependencies required by your wireshark version, run below command inside the extracted source directory -    dpkg-checkbuilddeps
  4. The output of dpkg-checkbuilddeps command will list down the required libraries for building wireshark. Use sudo apt-get install to install all dependencies.
  5. Once all libraries are installed configure wireshark (prefix option installs it in specific directory) -   ./configure --prefix=/home/myuser/wireshark-custom
  6. Run    make install.
  7. Once the build is done, you can use wireshark just as out of the box.

1 comment:

  1. This article gives the light in which we can observe the reality.
    This is very nice one and gives in depth information.
    Get Wireshark