libpcap on F11 missed out on the USB monitoring capability that later verisons ( 1.0 and newer) have. Fedora 12 have 1.0.4 of libpcap so should work just fine.
I resolved the problem on Fedora 11 by pulling down the rawhide version of libpcap, building it on my F11 system, installing the new libpcap and libpcap-devel packages, and then rebuilding wireshark so that it used the newer libpcap.
The basic steps:
su -c 'yum install yum-utils'
su -c yum install rpmdevtools'
As a normal user, run rpmdev-setuptree from the rpmdevtools package. It creates the ~/rpmbuild directory ready to build packages as a NON-ROOT user. Very important :)
Now as the normal user get the libpcap package src.rpm ( I usually cd ~/rpmbuild and keep these files there):
cd ~/rpmbuild
yumdownloader libpcap --enablerepo=rawhide --source
Get the wireshark src.rpm too:
yumdownloader wireshark --source
Now get the requisite development packages to build:
su -c 'yum-builddep wireshark-1.2.2-1.fc11.src.rpm'
su -c 'yum-builddep libpcap-1.0.0-5.20091201git117cb5.fc13.src.rpm '
Note that the package file names may be different. At the time I did this the files were named as above.
Install the src.rpm packages . NOTE do this as a normal user, the rpmdev-setuptree command sets up a macro file so that when you install src.rpm files they use the rpmbuild directory.
rpm -ivh libpcap-1.0.0-5.20091201git117cb5.fc13.src.rpm
rpm -ivh wireshark-1.2.2-1.fc11.src.rpm
Now we are ready to build. First libpcap. In the ~/rpmbuild directory:
rpmbuild -ba SPECS/libpcap.spec
Wait for the build to complete. ONce finsihed we need to install the new packages. The packages are placed in ~/rpmbuild/RPMS/ in the directory that matches the architecture you built on.
Now install the libpcap package. This is a bit of a hack, as I had tcpdump and wireshark from Fedora's default repos installed already, and both depend on the specific version of libpcap it comes with. I just removed wireshark and tcpdump:
rpm -e wireshark wireshark-gnome tcpdump
If you are using gnome and the lovely NetworkManager there is also one remaining package that depends on libpcap, the ppp package. I left it where it was as lots of things depend on ppp :). When I installed the new libpcap package I used --nodeps:
cd RPMS/x86_64/
sudo rpm -Uvh libpcap-1.0.0-5.20091201git117cb5.fc11.x86_64.rpm libpcap-devel-1.0.0-5.20091201git117cb5.fc11.x86_64.rpm --nodeps
In general this is a bad idea, but I know I never use ppp so it is an ok risk for me to take. Notice too that the RPMS I built ended up in the x64_64 directory in ~/rpmbuild/RPMS . That is because my system's arch is x86_64.
Now that the libpcap-devel-1.0.5BLAH package is installed, when we build the wireshark packages it will use those libs. The build is similar except that wireshark uses rpath a bit. See this for some background:
http://fedoraproject.org/wiki/RPath_Packaging_Draft
Luckily it is easy enough to turn off the warning and allow the package to be built . In the ~rpmbuid directory again:
QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -ba SPECS/wireshark.spec
And wait again. Once the build is finished we can install wireshark packages again and be able to monitor and capture USB packets:
su -c 'rpm -Uvh RPMS/x86_64/wireshark-1.2.2-1.fc11.x86_64.rpm'
su -c 'rpm -Uvh RPMS/x86_64/wireshark-gnome-1.2.2-1.fc11.x86_64.rpm '
Thursday, January 21, 2010
Subscribe to:
Posts (Atom)