4

To enable capture traffic on multiple interfaces at once, I tried to install wireshark 1.8.3. However, I encountered the following errors:

capture-pcap-util.c:274:1: error: static declaration of ‘pcap_datalink_name_to_val’ follows non-static declaration
/usr/local/include/pcap/pcap.h:326:5: note: previous declaration of ‘pcap_datalink_name_to_val’ was here 
capture-pcap-util.c:289:1: error: static declaration of ‘pcap_datalink_val_to_name’ follows non-static declaration 
/usr/local/include/pcap/pcap.h:327:13: note: previous declaration of ‘pcap_datalink_val_to_name’ was here

After doing some search, I found someone can fix it by reinstall libpcap-dev, or the following commands:

  1. rm & rmdir any file in /usr/include/pcap' and '/usr/local/include/pcap
  2. Download libpcap by sudo apt-get install libpcap0.8-dev
  3. ./autogen.sh in wireshark dir
  4. make clean & make & make install

However, neither is working on Ubuntu 12.04/wireshark 1.8.3.

Can anyone help?

Peachy
  • 7,117
  • 10
  • 38
  • 46
gene
  • 51

3 Answers3

3

I would not recommend compiling Wireshark on Ubuntu(it is possible, but there are too many odd library dependencies for the average user to troubleshoot).

If you are simply looking to be able to sniff multiple interfaces, any version past 1.8.0 will be able do that. Fortunately, there is a PPA(see below) that will allow you to install Wireshark without the need to compile from source.

You can install a PPA package that provides Wireshark 1.8.2 to 12.04 rather than compiling from source. The latest wireshark version is 1.8.4 and the latest in the Ubuntu 12.04 repositories is 1.6.7. The following provides instruction for installing wireshark 1.8.2

To install the PPA, run the following commands:

sudo add-apt-repository ppa:eugenesan/ppa
sudo apt-get update
sudo apt-get install wireshark

To start Wireshark, run the command sudo wireshark

Note: It is necessary to run the application as sudo since one needs elevated privileges in order to have access to the raw network stack.

For more information, see Eugene San PPA.

This repository contains collection of customized, updated, ported and backported packages for two last LTS releases and latest pre-LTS release(including smartgit, among others). I recommend taking a look to see if your desired backport/package might be included here.

Versions after 1.8.2 do not seem to be available without compilation and there seem to be some issues with libraries in 12.04.

Community
  • 1
Kevin Bowen
  • 19,615
  • 55
  • 79
  • 83
  • 2
    Do NOT run Wireshark as root, this is not recommended. Instead read this - http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

    Basically, you should run sudo dpkg-reconfigure wireshark-common to and answer Yes (Should non-superusers be able to capture packets?) and then add your user to the group wireshark.

     – Konstigt Feb 20 '14 at 13:26
  • @Konstigt This is very good advice. I highly recommend the document that you linked. Thanks. – Kevin Bowen Oct 15 '15 at 03:59
1

On an Ubuntu 12.04 system on which I hadn't done anything with libpcap, I was able to download the Wireshark 1.8.6 source tarball, unpack it, run the configure script, and compile it with "make".

Do NOT run autogen.sh. That's a tool for people trying to build Wireshark from a Subversion repository. If you've downloaded a source tarball, just run the configure script - don't run autogen.sh beforehand. You also do not need to do a make clean before a make on a freshly-downloaded-and-unpacked source tarball.

0

Try this:

sudo apt-get install wireshark
sudo groupadd wireshark
sudo usermod -a -G wireshark YOUR_USER_NAME
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo getcap /usr/bin/dumpcap
Bacara
  • 111