Monthly Archives: June 2014

Run Wireshark on Android using Lil’ Debi!

Running Wireshark for Android has been an dream for a long time. Now it became a reality!

Wireshark running on Android using Lil'Debi

Wireshark running on Android using Lil’Debi

You only need a rooted Android device with ~2GB free space, Internet connectivity and some patience to follow the steps below.

  1. Install Lil’ Debi from Google Play or F-Droid. Lil’Debi will install a Debian root file system in a loop device separately from the Android file system allowing us running Debian side-by-side to the Android apps.
  2. Start Lil’ Debi and create the Debian system with 2000 MB image size. We will need some space for Wireshark, the graphical interface Wireshark depends on and for the capture files.
  3. Start the newly created Debian system and log in to it. You will see the error message “bash: [: : integer expression expected”, but you can continue.
  4. Now run the following commands at the command line to install all the packages Wireshark will need:
    # some important directories are missing from the PATH by default
    export PATH=/sbin:/usr/sbin/:$PATH
    # we will start an X server later
    export DISPLAY=127.0.0.1:0
    # install wireshark an a few things to make it nicer
    apt-get install openbox gnome-themes-standard tshark wireshark
    # gnome-settings-daemon depends on plenty of packages we don't need now,
    # but we need gnome-settings-daemon for the GNOME theme to be applied
    apt-get install --no-install-recommends gnome-settings-daemon
  5. To run graphical applications from the Debian chroot we need to set up an X server on Android because Android uses a different method for presenting the GUI. XServer XSDL is available from Google Play and from SourceForge. Install and start it. It will show the display it is serving which will most probably end with :0, so the DISPLAY environment variable we set before is correct. (If there is an other number after the “:”, fix your DISPLAY variable.)
  6. Start the openbox window manager, gnome-settings-daemon and finally wireshark in capturing mode:
    openbox &
    # if you would like to have bigger menu fonts skip starting gnome-settings-daemon
    gnome-settings-daemon &
    wireshark -k -i wlan0
    
  7. Switch to the X server to see wireshark starting up, close the warning dialogs start capturing traffic!

I tested the tests above using a Nexus 7 (Asus 2013 version) running CyanogenMod M7, thus root access was granted by default, Lil’ Debi 0.4.7, and XServer XSDL 1.11.14.

update: Lil’ Debi has apparently been removed from Play Store. 🙁

Beautiful Wireshark on OS X using Homebrew and GTK+3/Quartz

According to common wisdom GTK+ applications are not nice on OS X. They use XQuartz to draw widgets on the screen which is slower than native Quartz interface and the gray theme is not very appealing either. But does it have to stay this way? Could not GTK+ applications look more “native” on OS X?

They could! In six easy steps we can transform Wireshark to look way more elegant with the help of Homebrew, a package manager for OS X, GTK+3 the latest stable version of the toolkit and GNOME’s standard themes. (The steps are collected at the end of this post. The instructions assume no prior installation of brew packages. If you would like to remove all previously installed packages run “brew list | xargs brew uninstall”.)

Homebrew is a good alternative to installing software on OS X from source and Wireshark is already packaged there. Two commands let us start using it, but first we need to install XQuartz:

# install XQuartz from http://xquartz.macosforge.org, sorry, it is a manual step
# and you also have to logout, then login to start using it
# install Homebrew
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
# install Wireshark (and ccache to recompile stuff faster)
brew install ccache wireshark
brew uninstall wireshark
brew install --build-from-source wireshark --with-gtk+

Well, it works, but it is not exactly nice. The default install uses GTK+2 which is an older version of the toolkit.

Wireshark-gtk2

Let’s try using GTK+3, which step needs some changes to Homebrew’s formulas

# remove packaged Wireshark
brew uninstall wireshark
# install hub which lets you experiment with other Homebrew branches
brew install hub
# Pull my repo until every commit gets accepted to Homebrew core
cd $(brew --repository)
hub pull https://github.com/rbalint/homebrew-gtk-quartz
# build Wireshark from source, now using GTK+3
brew install --build-from-source wireshark --with-gtk+3

The widgets became slightly nicer, but we are far from being satisfied with that, right? The fonts still look very different from the fonts of other applications and we still use XQuartz. Note the big “X” in the lower right corner.

Wireshark-gtk3

The bigger part of the changes were needed to enable building libraries without XQuartz support, and for the sake of simplicity let’s start over with Homebrew and compile Wireshark with GTK/Quartz

# start over: clean up everything installed by Homebrew
brew list | xargs brew uninstall

#install packages we don't have to recompile to use Quartz
brew install ccache d-bus fontconfig freetype gettext glib gmp icu4c libffi libpng libtasn1 libtiff pkg-config xz hicolor-icon-theme gsettings-desktop-schemas c-ares lua portaudio geoip gnutls libgcrypt atk pixman hub
 
# install XQuartz from http://xquartz.macosforge.org
# Well, some builds will need the header files/libs, but you don't have to re-login
# and actually use XQuartz
 
#compile the rest of GTK+ 3 related libraries
brew install --build-from-source at-spi2-core at-spi2-atk cairo harfbuzz pango gtk+3 gtk+ librsvg gnome-themes-standard wireshark --without-x --without-x11 --with-gtk+3

The fonts became nicer, the shortcuts are shown like “^K” and we don’t see the big “X”. Probably the rendering of the widgets became faster as well, but I can’t tell. We successfully switched to Quartz!

Wireshark-gtk3-quartz

.. But Wireshark is still gray, like before. It is no surprise, since we installed GNOME themes, but haven’t enabled them yet. Let’s finish the polish:

mkdir -p ~/.config/gtk-3.0
echo "[Settings]" > ~/.config/gtk-3.0/settings.ini
echo "gtk-theme-name = Adwaita" >> ~/.config/gtk-3.0/settings.ini

Wireshark-gtk3-quartz-adwaitaVoilà! GTK+ applications are considered to be ugly on OS X because no one installs the standard themes! Using XQuartz as a GTK+ backend also did not help, but I think the themes brought the biggest difference.

Enjoy the new look and check other applications as well if they could be improved!


These are the minimal steps collected to get nice GTK+3 applications and Wireshark ready for being copy-pasted:

# install Homebrew, you will also need XCode with Command Line Tools installed
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"

# install packages we don't have to recompile to use Quartz
brew install ccache d-bus fontconfig freetype gettext glib gmp icu4c libffi libpng libtasn1 libtiff pkg-config xz hicolor-icon-theme gsettings-desktop-schemas c-ares lua portaudio geoip gnutls libgcrypt atk pixman
     
# install XQuartz from http://xquartz.macosforge.org
# Well, some builds will need the header files/libs, but you don't have to re-login
# and actually use XQuartz

# this may be needed by gtk+3 install (at least on my system with a previous installation)
brew link --overwrite gsettings-desktop-schemas

# compile the rest of GTK+ 3 related libraries
brew install --build-from-source at-spi2-core at-spi2-atk cairo harfbuzz pango gtk+3 gtk+ librsvg gnome-icon-theme wireshark --without-x --without-x11 --with-gtk+3

Thanks to Seb Shader’s post for describing the process of installing GTK+3/Quartz on OS X from source. I used most of his steps in updating the Homebrew formulas.

Update: Wireshark, and other GTK+ based programs could be beautiful on Windows as well, but Tarnyko, who packaged the latest GTK+3 Windows bundles needs help due to lack of time he can dedicate to the project. Please help him if you would like to see nicer GTK+ on Windows!

Update 2: With the release of GTK+ 3.14 Adwaita became the default theme thus installing and setting up Adwaita from gnome-themes-standard step can be omitted. The minimal steps collected at the end of the instructions are updated to reflect that, while the rest of the post documents the original steps creating a nicer looking Wireshark using GTK+ 3.12.

Update 3: With all the related changes merged to Homebrew’s master there is no need to use my repository anymore following the minimal steps.

I Can Hear Music again (thanks to forked-daapd/Debian)

When I started looking for a lightweight solution of serving a music library over LAN I did not expect so many complications. I expected it not to be a unique need to have something running on a SheevaPlug straight from the Debian repository. Apparently it kind of was.

Debian used to have mt-daapd (popcon: 165), but now it is available from oldstable only and upstream is dead. There is tangerine (popcon: 98) with its Mono dependencies and GUI which seemed to me overkill and more like a demo of a networked application written in Mono than a music library server. The most promising candidate was forked-daapd (popcon: 220) but it was far from being a true winner.

First, it had a series of dead upstreams. At the beginning it was forked from mt-daapd (hence the name) by Julien Blache who also served as the prior Debian maintainer. Then the code base was forked and converted to use Grand Central Dispatch. Then the GCD fork died off slowly as well a few years ago. When I found the package it had been unmaintained for a few years and was based on the GCD branch which prevented building it on many architectures and the server itself was crashing or quitting occasionally.

Luckily there still existed a fork thanks to Espen Jürgensen which was well maintained and could serve as a way out but examining it closely it turned out that it had switched to libevent from GCD but to a version (1.4) which is present only in oldstable! And some say Debian’s software versions are ancient ;-). Moreover it was not simply libevent 1.4-based, but it included some heavily patched parts of it.

Espen also liked the idea of packaging his version in Debian and we extracted the patches to libevent and slowly got them accepted to libevent’s master.

Forked-daapd’s master works best with libevent 2.1.4-alpha, but thanks to Espen the development branch now also works with libevent 2.0.x giving up some performance and a little feature.

This was a long journey, but finally Espen’s forked-daapd became ready for being used as a new upstream of the Debian package thus please welcome 20.0+git20140530+gc740e6e-1, the first version of forked-daapd building on all architectures for a very long time and a prime candidate for being the music library server in Jessie (and wheezy-backports, soon)!

Testing, bug reports are always welcome!

From the package description:

 forked-daapd is an iTunes-compatible media server, originally intended
 as a rewrite of Firefly Media Server (also known as mt-daapd).

 It supports a wide range of audio formats, can stream video to iTunes,
 FrontRow and other compatible clients, has support for Apple's Remote
 iPhone/iPod application and can stream music to AirTunes devices like
 the AirPort Express.
 It also features RSP support for Roku's SoundBridge devices.

 Built-in, on-the-fly decoding support enables serving popular free music
 formats like FLAC, Ogg Vorbis or Musepack to those clients that do not
 otherwise support them.

update: Forked-daapd package has been migrated to testing and is also available from wheezy-backports.