Ubuntu22.04にWiresharkをインストールします

このガイドでは、Ubuntu22.04にWiresharkをインストールする方法を学習します。 Wireshark は、世界で最も広く使用されているネットワークプロトコルアナライザです。 許可なくネットワークトラフィックをスキャンまたはスニッフィングすることは犯罪行為であることに注意してください。

Ubuntu22.04にWiresharkをインストールします

Wiresharkは、デフォルトのUbuntu22.04リポジトリで利用できます。 ただし、利用可能なバージョンは最新ではない場合があります。 Wireshark 3.6.3は、この記事の執筆時点での現在の安定したリリースです。

これを確認するには、以下のコマンドを実行して、Ubuntu22.04で利用可能なWiresharkのバージョンを確認します。

apt-cache policy wireshark

コマンド出力;

wireshark:
  Installed: (none)
  Candidate: 3.6.2-2
  Version table:
     3.6.2-2 500
        500 http://ke.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages

ご覧のとおり、デフォルトのUbuntu22.04リポジトリで利用可能なWiresharkの最新バージョンはWireshark3.6.2です。

このバージョンをインストールするには、以下のコマンドを実行するだけです。

apt install wireshark

それ以外の場合は、最新の安定したリリースバージョンをインストールする場合 リリースページ、現在この記事の執筆時点で3.6.3の場合、ソースコードからビルドする必要があります。

ソースコードからUbuntu22.04にWiresharkをビルドしてインストールします

Ubuntu 18.04でWiresharkのコンパイルとインストールを続行する前に、必要な依存関係をインストールする必要があります。 一部の依存関係はオプションです。 Wiresharkをコンパイルおよびインストールするために必要なすべての依存関係のリストを表示できます。 ライブラリリファレンスページ。

apt install qttools5-dev qttools5-dev-tools libqt5svg5-dev 
qtmultimedia5-dev build-essential automake autoconf 
libgtk2.0-dev libglib2.0-dev flex bison libpcap-dev 
libgcrypt20-dev cmake libc-ares-dev -y

wget https://1.eu.dl.wireshark.org/src/wireshark-3.6.3.tar.xz

• Wiresharkのソースコードを抽出します。

tar xJf wireshark-3.6.3.tar.xz

• Wiresharkのソースコードをコンパイルする

cd wireshark-3.6.3

cmake .

サンプルコマンド出力;

...
-- The following OPTIONAL packages have been found:

 * GMODULE2
 * Gettext
 * PCAP
 * ZLIB
 * BROTLI
 * LZ4, LZ4 is a fast lossless compression algorithm, 
   LZ4 decompression in CQL and Kafka dissectors, read compressed capture files
 * LibXml2
 * SETCAP

-- The following REQUIRED packages have been found:

 * GLIB2 (required version >= 2.38.0)
 * GTHREAD2
 * GCRYPT (required version >= 1.5.0)
 * CARES (required version >= 1.5.0), Library for asynchronous DNS requests, 
   DNS name resolution for captures
 * LEX
 * Perl
 * Python3 (required version >= 3.4)
 * M
 * Qt5Core
 * Qt5LinguistTools
 * Qt5Network (required version >= 5.15.3)
 * Qt5Gui (required version >= 5.15.3)
 * Qt5Multimedia
 * Qt5PrintSupport
 * Qt5Widgets

-- The following OPTIONAL packages have not been found:

 * Git
 * LIBSSH (required version >= 0.6), Library for implementing SSH clients, 
   extcap remote SSH interfaces (sshdump, ciscodump)
 * Systemd, System and Service Manager (libraries), 
   Support for systemd journal extcap interface (sdjournal)
 * MaxMindDB, C library for the MaxMind DB file format, 
   Support for GeoIP lookup
 * SMI, Library to access SMI management information, 
   Support MIB and PIB parsing and OID resolution
 * GNUTLS (required version >= 3.3.0)
 * KERBEROS
 * Minizip, Mini zip and unzip based on zlib, 
   Support for profiles import/export
 * SNAPPY, A fast compressor/decompressor from Google, 
   Snappy decompression in CQL and Kafka dissectors
 * ZSTD (required version >= 1.0.0), A compressor/decompressor from Facebook providing better compression than Snappy at a cost of speed, 
   Zstd decompression in Kafka dissector, read compressed capture files
 * NGHTTP2, HTTP/2 C library and tools, 
   Header decompression in HTTP2
 * LUA (required version >= 5.1)
 * NL, Libraries for using the Netlink protocol on Linux, 
   Support for managing wireless 802.11 interfaces
 * SBC, Bluetooth low-complexity, subband codec (SBC) decoder, 
   Support for playing SBC codec in RTP player
 * SPANDSP, a library of many DSP functions for telephony, 
   Support for G.722 and G.726 codecs in RTP player
 * BCG729, G.729 decoder, 
   Support for G.729 codec in RTP player
 * ILBC, iLBC decoder, 
   Support for iLBC codec in RTP player
 * OPUS, opus decoder, 
   Support for opus codec in RTP player
 * CAP, The Libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels, 
   Allow packet captures without running as root
 * DOXYGEN
 * SpeexDSP, SpeexDSP is a patent-free, Open Source/Free Software DSP library, 
   RTP audio resampling
 * Asciidoctor (required version >= 1.5)
 * XSLTPROC

-- Configuring done
-- Generating done
-- Build files have been written to: /root/wireshark-3.6.3

エラーが発生した場合に備えて、続行する前にエラーを修正してください。

make

• Ubuntu22.04にWiresharkをインストールします

make install

Ubuntu22.04でWiresharkを実行する

これで、コマンドラインまたはアクティビティからWiresharkを起動できます。

Wiresharkインターフェース;

Tsharkコマンドラインユーティリティもインストールされています。

tshark --help

TShark (Wireshark) 3.6.3 (Git commit 6d348e4611e2)
Dump and analyze network traffic.
See https://www.wireshark.org for more information.

Usage: tshark [options] ...

Capture interface:
  -i , --interface 
                           name or idx of interface (def: first non-loopback)
  -f       packet filter in libpcap filter syntax
  -s , --snapshot-length 
                           packet snapshot length (def: appropriate maximum)
  -p, --no-promiscuous-mode
                           don't capture in promiscuous mode
  -I, --monitor-mode       capture in monitor mode, if available
  -B , --buffer-size 
                           size of kernel buffer (def: 2MB)
  -y , --linktype 
                           link layer type (def: first appropriate)
  --time-stamp-type  timestamp method for interface
  -D, --list-interfaces    print list of interfaces and exit
  -L, --list-data-link-types
                           print list of link-layer types of iface and exit
  --list-time-stamp-types  print list of timestamp types for iface and exit

Capture stop conditions:
  -c         stop after n packets (def: infinite)
  -a  ..., --autostop  ...
                           duration:NUM - stop after NUM seconds
                           filesize:NUM - stop this file after NUM KB
                              files:NUM - stop after NUM files
                            packets:NUM - stop after NUM packets
Capture output:
  -b  ..., --ring-buffer 
                           duration:NUM - switch to next file after NUM secs
                           filesize:NUM - switch to next file after NUM KB
                              files:NUM - ringbuffer: replace after NUM files
                            packets:NUM - switch to next file after NUM packets
                           interval:NUM - switch to next file when the time is
                                          an exact multiple of NUM secs
Input file:
  -r , --read-file 
                           set the filename to read from (or '-' for stdin)

Processing:
  -2                       perform a two-pass analysis
  -M         perform session auto reset
  -R , --read-filter 
                           packet Read filter in Wireshark display filter syntax
                           (requires -2)
  -Y , --display-filter 
                           packet displaY filter in Wireshark display filter
                           syntax
  -n                       disable all name resolutions (def: "mNd" enabled, or
                           as set in preferences)
  -N   enable specific name resolution(s): "mnNtdv"
  -d ==, ...
                           "Decode As", see the man page for details
                           Example: tcp.port==8888,http
  -H           read a list of entries from a hosts file, which will
                           then be written to a capture file. (Implies -W n)
  --enable-protocol 
                           enable dissection of proto_name
  --disable-protocol 
                           disable dissection of proto_name
  --enable-heuristic 
                           enable dissection of heuristic protocol
  --disable-heuristic 
                           disable dissection of heuristic protocol
Output:
  -w            write packets to a pcapng-format file named "outfile"
                           (or '-' for stdout)
  --capture-comment 
                           add a capture file comment, if supported
  -C       start with specified configuration profile
  -F 
    set the output file type, default is pcapng
                           an empty "-F" option will list the file types
  -V                       add output of packet tree        (Packet Details)
  -O            Only show packet details of these protocols, comma
                           separated
  -P, --print              print packet summary even when writing to a file
  -S            the line separator to print between packets
  -x                       add output of hex and ASCII dump (Packet Bytes)
  -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?
                           format of text output (def: text)
  -j       protocols layers filter if -T ek|pdml|json selected
                           (e.g. "ip ip.flags text", filter does not expand child
                           nodes, unless child is specified also in the filter)
  -J       top level protocol filter if -T ek|pdml|json selected
                           (e.g. "http tcp", filter which expands all child nodes)
  -e                field to print if -Tfields selected (e.g. tcp.port,
                           _ws.col.Info)
                           this option can be repeated to print multiple fields
  -E= set options for output when -Tfields selected:
     bom=y|n               print a UTF-8 BOM
     header=y|n            switch headers on and off
     separator=/t|/s| select tab, space, printable character as separator
     occurrence=f|l|a      print first, last or all occurrences of each field
     aggregator=,|/s| select comma, space, printable character as
                           aggregator
     quote=d|s|n           select double, single, no quotes for values
  -t a|ad|adoy|d|dd|e|r|u|ud|udoy
                           output format of time stamps (def: r: rel. to first)
  -u s|hms                 output format of seconds (def: s: seconds)
  -l                       flush standard output after each packet
  -q                       be more quiet on stdout (e.g. when using statistics)
  -Q                       only log true errors to stderr (quieter than -q)
  -g                       enable group read access on the output file(s)
  -W n                     Save extra information in the file, if supported.
                           n = write network address resolution information
  -X :         eXtension options, see the man page for details
  -U tap_name              PDUs export mode, see the man page for details
  -z           various statistics, see the man page for details
  --export-objects ,
                           save exported objects for a protocol to a directory
                           named "destdir"
  --export-tls-session-keys 
                           export TLS Session Keys to a file named "keyfile"
  --color                  color output text similarly to the Wireshark GUI,
                           requires a terminal with 24-bit color support
                           Also supplies color attributes to pdml and psml formats
                           (Note that attributes are nonstandard)
  --no-duplicate-keys      If -T json is specified, merge duplicate keys in an object
                           into a single key with as value a json array containing all
                           values
  --elastic-mapping-filter  If -G elastic-mapping is specified, put only the
                           specified protocols within the mapping file
Diagnostic output:
  --log-level       sets the active log level ("critical", "warning", etc.)
  --log-fatal       sets level to abort the program ("critical" or "warning")
  --log-domains <[!]list>  comma separated list of the active log domains
  --log-debug <[!]list>    comma separated list of domains with "debug" level
  --log-noisy <[!]list>    comma separated list of domains with "noisy" level
  --log-file         file to output messages to (in addition to stderr)

Miscellaneous:
  -h, --help               display this help and exit
  -v, --version            display version info and exit
  -o : ...    override preference setting
  -K               keytab file to use for kerberos decryption
  -G [report]              dump one of several available reports and exit
                           default report="fields"
                           use "-G help" for more help

Dumpcap can benefit from an enabled BPF JIT compiler if available.
You might want to enable it by executing:
 "echo 1 > /proc/sys/net/core/bpf_jit_enable"
Note that this can make your system less secure!

そして、あなたは行き​​ます。 Ubuntu22.04にWiresharkをインストールするのに必要なのはこれだけです。

その他のチュートリアル

RockyLinuxにWiresharkをインストールする

Zeekを使用してネットワークトラフィックを分析する