WireSharkPage » History » Version 12

« Previous - Version 12/18 (diff) - Next » - Current version
stevie, 04/22/2017 04:04 PM
Bring page up-to-date.

= Extending Wireshark =
The !WireShark packet sniffer normally doesn't support APCO P25. If you want to sniff P25 traffic using !WireShark then you'll need to patch the sources and rebuild it.

=== Downloading !WireShark ===
You first need to obtain the source code for !WireShark. The stable release of !WireShark is available from the [ downloads section of the !WireShark web-site]. On that page you should be go to the "Get !WireShark" for the stable release (1.8.5 at the time of writing). Click on "Source Code" to download the file.

Unpacking !WireShark =
To unpack the source tree you need to open a shell and execute the following commands: {{{
mkdir -p SourceCode/WireShark
cd SourceCode/WiresShark
tar xjvf ~/Downloads/wireshark-1.8.5.tar.bz2
cd wireshark-1.8.5
(Remember your download directory may not be in ~/Downloads and the version number of !WireShark you download maybe different to that used here).

=== Patching !WireShark ===
Once you've downloaded the wireshark source tree, check out p25 plugin:

(cd plugins && svn checkout p25)

This adds the necessary code to !WireShark for it to decode APCO P25 messages. A few small changes also need to be made to the !WireShark tree outside of the plugins directory. To do this the easiest way is to apply the appropriate patch. This can be done as follows:

svn checkout .
patch -p1 < patches/wireshark-1.8.5.patch

Of course, it is inevitable that you will download a !WireShark version for which we haven't provided a patch. Don't fret - the patches will probably work for your version but if it fails to apply you may need to download one an earlier version of !WireShark for which we have a patch or make the changes manually using the existing patch as a guide.

=== Building + Installing !WireShark ===

The the following command first to resolve the dependancies

(sudo apt-get install bison flex libgtk2.0-dev libpcap-dev)

The standard build for wireshark requires that ./ be run first. To compile !WireShark run the following commands:

(cd wireshark && ./ && ./configure && make clean && make)

If it compiles cleanly then you can install it as follows:

(cd wireshark && sudo make install)

=== Using !WireShark to sniff P25 ===

Now you've got a modified !WireShark installed it should be a simple matter to start the receiver and use !WireShark to capture its output. To do so simply sniff on your computer's network interface and use the following capture filter: "udp port 23456". At present all P25 traffic is sent to the multicast address so it should be visible on other computers on your subnet - this allows you to sniff in one place and monitor from another.

Add picture from clipboard (Maximum size: 48.8 MB)