1
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

CentOS7にtshark(Wireshark) Ver.3.4.0 をインストールする - It must be "ps", "text", "pdml", "psml" or "fields".

Last updated at Posted at 2020-12-13

実現したいこと

  • pacpファイルをJSONに変換した。しかしながら、標準パッケージだとJSON出力が不可能なため、最新のtshark(Wireshark)をインストールし、JSON出力を実施する。
$ tshark -r testcap_2020-12-14_05-34-54.pcap -T json
tshark: Invalid -T parameter.
It must be "ps", "text", "pdml", "psml" or "fields".
$ tshark -v
TShark 1.10.14 (Git Rev Unknown from unknown)

~~ 省略 ~~

実行コマンド

  • 現時点での新しいバージョンのtsharkをビルドしてインストールする

必要なrpmパッケージをインストール

sudo yum install libgcrypt-devel glib2-devel qt-devel qt5-qtbase-devel \
                 qt5-linguist qt5-qtmultimedia-devel qt5-qtsvg-devel \
                 libcap-devel libcap-ng-devel gnutls-devel krb5-devel \
                 libxml2-devel lua-devel lz4-devel snappy-devel spandsp-devel \
                 libssh2-devel bcg729-devel libmaxminddb-devel sbc-devel \
                 libsmi-devel libnl3-devel libnghttp2-devel libssh-devel \
                 libpcap-devel c-ares-devel redhat-rpm-config rpm-build \
                 gtk+-devel gtk3-devel desktop-file-utils portaudio-devel \
                 rubygem-asciidoctor docbook5-style-xsl docbook-style-xsl \
                 systemd-devel python3 cmake3 git gcc gcc-c++ flex bison \
                 doxygen gettext-devel libxslt cmake wget -y

cmake3をビルドしインストールする

wget https://github.com/Kitware/CMake/releases/download/v3.19.1/cmake-3.19.1.tar.gz
tar zxvf cmake-3.19.1.tar.gz
cd cmake-3.19.1
mkdir -p /opt/cmake3/3.19.1
sudo mkdir /opt/cmake3/3.19.1/
./configure --prefix=/opt/cmake3/3.19.1
sudo make install
/opt/cmake3/3.19.1/bin/cmake --version
sudo ln -s /opt/cmake3/3.19.1/bin/cmake /usr/bin/cmake3
ls -lasF /usr/bin/cmake3 
$ cmake3 --version
cmake version 3.19.1

CMake suite maintained and supported by Kitware (kitware.com/cmake).

tsharkをビルドしインストールする

sudo su - 
cd /root
git clone https://github.com/wireshark/wireshark.git
cd wireshark
git checkout tags/wireshark-3.4.0

mkdir -p ~/temp/wireshark-3.4.0
mkdir -p /opt/wireshark/3.4.0
cd ~/temp/wireshark-3.4.0
cmake3 -DCMAKE_INSTALL_PREFIX=/opt/wireshark/3.4.0 -LH /root/wireshark
make
make install
# ls -lasF /opt/wireshark/3.4.0/bin/
total 123432
     0 drwxr-xr-x 2 root root       228 Dec 14 05:17 ./
     0 drwxr-xr-x 6 root root        58 Dec 14 05:17 ../
   128 -rwxr-xr-x 1 root root    129248 Dec 14 05:16 capinfos*
    52 -rwxr-xr-x 1 root root     52576 Dec 14 05:16 captype*
   392 -rwxr-xr-x 1 root root    401088 Dec 14 05:16 dumpcap*
   168 -rwxr-xr-x 1 root root    168088 Dec 14 05:16 editcap*
   144 -rwxr-xr-x 1 root root    145272 Dec 14 04:50 idl2wrs*
    84 -rwxr-xr-x 1 root root     83296 Dec 14 05:16 mergecap*
    24 -rwxr-xr-x 1 root root     24448 Dec 14 04:50 mmdbresolve*
    88 -rwxr-xr-x 1 root root     89216 Dec 14 05:16 randpkt*
   400 -rwxr-xr-x 1 root root    409056 Dec 14 05:16 rawshark*
    72 -rwxr-xr-x 1 root root     73248 Dec 14 05:16 reordercap*
   708 -rwxr-xr-x 1 root root    723984 Dec 14 05:16 sharkd*
   132 -rwxr-xr-x 1 root root    134120 Dec 14 04:50 text2pcap*
  1396 -rwxr-xr-x 1 root root   1428032 Dec 14 05:04 tshark*
119644 -rwxr-xr-x 1 root root 122511856 Dec 14 05:16 wireshark*
# /opt/wireshark/3.4.0/bin/tshark --version
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.0 (v3.4.0-0-g9733f173ea5e)

~~ 省略 ~~
$ /opt/wireshark/3.4.0/bin/tshark -r testcap_2020-12-14_05-34-54.pcap -T ABC
tshark: Invalid -T parameter "ABC"; it must be one of:
	"fields"  The values of fields specified with the -e option, in a form
	          specified by the -E option.
	"pdml"    Packet Details Markup Language, an XML-based format for the
	          details of a decoded packet. This information is equivalent to
	          the packet details printed with the -V flag.
	"ps"      PostScript for a human-readable one-line summary of each of
	          the packets, or a multi-line view of the details of each of
	          the packets, depending on whether the -V flag was specified.
	"psml"    Packet Summary Markup Language, an XML-based format for the
	          summary information of a decoded packet. This information is
	          equivalent to the information shown in the one-line summary
	          printed by default.
	"json"    Packet Summary, an JSON-based format for the details
	          summary information of a decoded packet. This information is 
	          equivalent to the packet details printed with the -V flag.
	"jsonraw" Packet Details, a JSON-based format for machine parsing
	          including only raw hex decoded fields (same as -T json -x but
	          without text decoding, only raw fields included). 
	"ek"      Packet Details, an EK JSON-based format for the bulk insert 
	          into elastic search cluster. This information is 
	          equivalent to the packet details printed with the -V flag.
	"text"    Text of a human-readable one-line summary of each of the
	          packets, or a multi-line view of the details of each of the
	          packets, depending on whether the -V flag was specified.
	          This is the default.
	"tabs"    Similar to the text report except that each column of the
	          human-readable one-line summary is delimited with an ASCII
	          horizontal tab character.

参考にした情報

1
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?