nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | Installing Wireshark on FreeBSD/OpenBSD/NetBSD/DragonFly BSD |
| 2 | ======================================================================== |
||
| 3 | |||
| 4 | 1. Extra packages required |
||
| 5 | 2. Compiling Wireshark |
||
| 6 | 3. Berkeley Packet Filter (BPF) requirement |
||
| 7 | 4. Running Wireshark as a non-root user |
||
| 8 | |||
| 9 | |||
| 10 | 1. Extra packages required |
||
| 11 | --------------------------- |
||
| 12 | Wireshark requires a number of additional programs to function. |
||
| 13 | Install the latest versions of the following programs before compiling: |
||
| 14 | |||
| 15 | The easiest way to install these is by using your operating system's |
||
| 16 | ports or packages system. If you prefer to build from source, the programs |
||
| 17 | can be found at the following sites: |
||
| 18 | |||
| 19 | glib 2.16 or later: |
||
| 20 | ftp.gnome.org:/pub/gnome/sources/glib/ |
||
| 21 | http://ftp.gnome.org/pub/gnome/sources/glib/ |
||
| 22 | |||
| 23 | pkgconfig: |
||
| 24 | http://pkgconfig.freedesktop.org/releases/ |
||
| 25 | |||
| 26 | python 2.5 or later: |
||
| 27 | https://www.python.org/downloads/source/ |
||
| 28 | |||
| 29 | If you want to use the Wireshark GUI, install one or both of these toolkits: |
||
| 30 | |||
| 31 | gtk+ 2.12 or later: |
||
| 32 | ftp.gnome.org:/pub/gnome/sources/gtk+/ |
||
| 33 | http://ftp.gnome.org/pub/gnome/sources/gtk+/ |
||
| 34 | |||
| 35 | Qt 4.7 or later: |
||
| 36 | http://download.qt-project.org/official_releases/qt/ |
||
| 37 | |||
| 38 | |||
| 39 | (These programs may require additional dependencies) |
||
| 40 | |||
| 41 | Additional programs can be used to enhance Wireshark's functionality. |
||
| 42 | These can be found by typing ./configure --help or looking at the output |
||
| 43 | at the end of running the configure script. |
||
| 44 | |||
| 45 | |||
| 46 | 2. Compiling Wireshark |
||
| 47 | ----------------------- |
||
| 48 | To compile Wireshark with the default options, run configure, make and |
||
| 49 | make install (you may have to run "autogen.sh" first): |
||
| 50 | |||
| 51 | ./configure |
||
| 52 | make |
||
| 53 | make install |
||
| 54 | |||
| 55 | The configure and make steps can be run as a non-root user and you can |
||
| 56 | run Wireshark from the compilation directory itself. You must run make |
||
| 57 | install as root in order to copy the program to the proper directories. |
||
| 58 | |||
| 59 | |||
| 60 | 3. Berkeley Packet Filter (BPF) requirement |
||
| 61 | -------------------------------------------- |
||
| 62 | In order to capture packets (with Wireshark/TShark, tcpdump, or any |
||
| 63 | other packet capture program) on a BSD system, your kernel must have the |
||
| 64 | Berkeley Packet Filter mechanism enabled. The default kernel |
||
| 65 | configurations in recent versions of BSD systems have this enabled |
||
| 66 | already. To verify the bpf device is present, look in the /dev |
||
| 67 | directory: |
||
| 68 | |||
| 69 | ls -l /dev/bpf* |
||
| 70 | |||
| 71 | You should see one or more bpf devices listed similar to this: |
||
| 72 | |||
| 73 | crw------- 1 root wheel 0, 90 Aug 10 21:05 /dev/bpf0 |
||
| 74 | crw------- 1 root wheel 0, 91 Aug 10 21:05 /dev/bpf1 |
||
| 75 | |||
| 76 | Packet-capturing programs will pick the first bpf device that's not in |
||
| 77 | use. Recent versions of most BSDs will create bpf devices as needed, so |
||
| 78 | you don't have to configure the number of devices that will be |
||
| 79 | available. |
||
| 80 | |||
| 81 | 4. Running wireshark as a non-root user |
||
| 82 | ------------------------------------------- |
||
| 83 | Since the bpf devices are read-only by the owner (root), you normally |
||
| 84 | have to run packet capturing programs such as Wireshark as root. It is |
||
| 85 | safer to run programs as a non-root user if possible. To run Wireshark |
||
| 86 | as a non-root user, you must change the permissions on the bpf device(s). |
||
| 87 | If you are the only user that needs to use Wireshark, the easiest way |
||
| 88 | is to change the owner of each bpf device to your username. You can also |
||
| 89 | add the read/write ability to the group (typically wheel) and add users |
||
| 90 | that need to use Wireshark to the wheel group. Check your operating |
||
| 91 | system's documentation on how to make permanent these changes as they |
||
| 92 | are often reset upon reboot; if /dev is implemented with devfs, it might |
||
| 93 | be possible to configure devfs to create all bpf devices owned by a |
||
| 94 | particular user and/or group and with particular permissions. In |
||
| 95 | FreeBSD 6.0 and later this can be done by creating an /etc/devfs.rules |
||
| 96 | file with content such as |
||
| 97 | |||
| 98 | [localrules=10] |
||
| 99 | add path 'bpf*' {mode and permissions} |
||
| 100 | |||
| 101 | where "mode and permissions" can include clauses such as |
||
| 102 | |||
| 103 | mode {octal permissions} |
||
| 104 | |||
| 105 | to set the permissions on the device (e.g., "mode 0660" to set the |
||
| 106 | permissions to rw-rw-r--), |
||
| 107 | |||
| 108 | user {user} |
||
| 109 | |||
| 110 | to set the user who owns the device, or |
||
| 111 | |||
| 112 | group {group} |
||
| 113 | |||
| 114 | to set the group that owns the device and adding a line such as |
||
| 115 | |||
| 116 | devfs_system_ruleset=localrules |
||
| 117 | |||
| 118 | to /etc/rc.conf. For example, an /etc/devfs.rules file with |
||
| 119 | |||
| 120 | [localrules=10] |
||
| 121 | add path 'bpf*' mode 0660 group wheel |
||
| 122 | |||
| 123 | will grant read and write permissions on all BPF devices to all users in |
||
| 124 | the "wheel" group. |