WireSharkPage » History » Revision 3
Revision 2 (Anonymous, 04/22/2017 04:04 PM) → Revision 3/18 (Anonymous, 04/22/2017 04:04 PM)
= Extending Wireshark = The !WireShark packet sniffer normally doesn't support APCO P25. If you want to sniff P25 traffic using !WireShark then you'll need to patch the sources and rebuild it. === Downloading == Patching !WireShark === == You first need to obtain the source code for !WireShark. Details of how to obtain source code for !WireShark release versions is available from the [http://www.wireshark.org/download.html downloads section of the WireShark web-site]. Most GNU/Linux distributions provide a source code package and so you should follow the appropriate procedure to download and install the sources. Check out wireshark: {{{ % svn checkout http://anonsvn.wireshark.org/wireshark/trunk/ wireshark }}} === Patching !WireShark === Once you've downloaded Within the wireshark source tree, check out p25 plugin from op25: {{{ % (cd cd wireshark/plugins && % svn checkout http://www.sedition.org.au/svn/op25/trunk/wireshark/plugins/p25 p25) p25 }}} This adds the necessary code to wireshark for it to decode APCO P25 messages. A few small changes also need to be made to the !WireShark wireshark tree outside of the plugins directory. To do this the easiest way directory (see wireshark/doc/README.plugins). Here is to apply the appropriate patch. This can be done as follows: an svn diff: {{{ % svn checkout http://www.sedition.org.au/svn/op25/trunk/wireshark/patches/wireshark-1.0.2.patch . Index: configure.in % (cd wireshark && patch -p1 < ../wireshark-1.0.2.patch) =================================================================== }}} Of course, it is inevitable that some GNU/Linux distributions use a !WireShark version for which we haven't provided a patch. Don't fret - the patches will probably work for your version but if it fails to apply you may need to make the changes manually using the patch as a guide. === Building --- configure.in (revision 25150) +++ configure.in (working copy) @@ -1701,6 +1701,7 @@ plugins/mate/Makefile plugins/opcua/Makefile plugins/opsi/Makefile + Installing !WireShark === This is just the same as you'd expect. To compile !WireShark run the following command: {{{ plugins/p25/Makefile plugins/pcli/Makefile plugins/profinet/Makefile plugins/rlm/Makefile % (cd wireshark && ./configure && make clean && make) Index: Makefile.am }}} If it compiles cleanly then you can install it as follows: {{{ =================================================================== % (cd wireshark && sudo make install) --- Makefile.am (revision 25150) +++ Makefile.am (working copy) @@ -253,6 +253,7 @@ -dlopen plugins/mate/mate.la \ -dlopen plugins/opcua/opcua.la \ -dlopen plugins/opsi/opsi.la \ + -dlopen plugins/p25/p25cai.la \ -dlopen plugins/pcli/pcli.la \ -dlopen plugins/profinet/profinet.la \ -dlopen plugins/rlm/rlm.la \ Index: Makefile.nmake =================================================================== --- Makefile.nmake (revision 25150) +++ Makefile.nmake (working copy) @@ -916,6 +916,7 @@ xcopy ".\plugins\mate\mate.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d xcopy ".\plugins\opcua\opcua.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d xcopy ".\plugins\opsi\opsi.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d + xcopy ".\plugins\p25\p25cai.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d xcopy ".\plugins\pcli\pcli.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d xcopy ".\plugins\profinet\profinet.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d xcopy ".\plugins\rlm\rlm.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d Index: plugins/Makefile.nmake =================================================================== --- plugins/Makefile.nmake (revision 25150) +++ plugins/Makefile.nmake (working copy) @@ -77,6 +77,9 @@ cd opsi $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake $(PLUGIN_TARGET) cd .. + cd p25 + $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake $(PLUGIN_TARGET) + cd .. cd pcli $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake $(PLUGIN_TARGET) cd .. @@ -137,6 +140,7 @@ xcopy mate\*.dll $(VERSION) /d xcopy opcua\*.dll $(VERSION) /d xcopy opsi\*.dll $(VERSION) /d + xcopy p25\*.dll $(VERSION) /d xcopy pcli\*.dll $(VERSION) /d xcopy profinet\*.dll $(VERSION) /d xcopy rlm\*.dll $(VERSION) /d Index: plugins/Makefile.am =================================================================== --- plugins/Makefile.am (revision 25150) +++ plugins/Makefile.am (working copy) @@ -38,6 +38,7 @@ mate \ opcua \ opsi \ + p25 \ pcli \ profinet \ rlm \ Index: packaging/nsis/Makefile.nmake =================================================================== --- packaging/nsis/Makefile.nmake (revision 25150) +++ packaging/nsis/Makefile.nmake (working copy) @@ -62,6 +62,7 @@ ../../plugins/m2m/m2m.dll \ ../../plugins/mate/mate.dll \ ../../plugins/opsi/opsi.dll \ + ../../plugins/p25/p25cai.dll \ ../../plugins/pcli/pcli.dll \ ../../plugins/rlm/rlm.dll \ ../../plugins/rtnet/rtnet.dll \ Index: packaging/nsis/wireshark.nsi =================================================================== --- packaging/nsis/wireshark.nsi (revision 25150) +++ packaging/nsis/wireshark.nsi (working copy) @@ -757,6 +757,7 @@ File "..\..\plugins\lwres\lwres.dll" File "..\..\plugins\m2m\m2m.dll" File "..\..\plugins\opsi\opsi.dll" +File "..\..\plugins\p25\p25cai.dll" File "..\..\plugins\pcli\pcli.dll" File "..\..\plugins\profinet\profinet.dll" File "..\..\plugins\rlm\rlm.dll" }}}