Tag Archives: wireshark

Stretch preparations before the freeze

These are the last hours when we can update packages and they migrate to testing after 10 days right before the full freeze on 5 February.

The latest Wireshark upstream version, 2.2.4 has been released on Monday and it is waiting patiently to be part of next Debian stable.

I have just tested the fix for Kodi’s bug preventing playing DVD-s and today it will be fixed in unstable as well.

If you have packages which could be updated to make Stretch even better you can still do it today, but don’t wait too long!

Thanks to everyone working on Debian! Stretch will be awesome! ūüôā

Wireshark 2.0 switched default UI to Qt in unstable

Wireshark With the latest release the Wireshark Project decided to make the Qt GUI the default interface. In line with Debian’s Policy the packages shipped by Debian also switched the default GUI to minimize the difference from upstream. The GTK+ interface which was the previous default is still available from the wireshark-gtk package.

You can read more about the new 2.0.0 release in the release notes or on the Wireshark Blog featuring some of the improvements.

Happy sniffing!

update: Wireshark 2.0.0 will be available from testing and jessie-backports in a week. Ubuntu users can already download binary packages from the Wireshark stable releases PPA maintained by the Wireshark Project (including me:-)).

Run Wireshark on Android using Lil’ Debi!

Running Wireshark for Android has been an dream for a long time. Now it became a reality!

Wireshark running on Android using Lil'Debi

Wireshark running on Android using Lil’Debi

You only need a rooted Android device with ~2GB free space, Internet connectivity and some patience to follow the steps below.

  1. Install Lil’ Debi from Google Play or F-Droid. Lil’Debi will install a Debian root file system in a loop device separately from the Android file system allowing us running Debian side-by-side to the Android apps.
  2. Start Lil’ Debi and create the Debian system with 2000 MB image size. We will need some space for Wireshark, the graphical interface Wireshark depends on and for the capture files.
  3. Start the newly created Debian system and log in to it. You will see the error message “bash: [: : integer expression expected”, but you can continue.
  4. Now run the following commands at the command line to install all the packages Wireshark will need:
    # some important directories are missing from the PATH by default
    export PATH=/sbin:/usr/sbin/:$PATH
    # we will start an X server later
    export DISPLAY=127.0.0.1:0
    # install wireshark an a few things to make it nicer
    apt-get install openbox gnome-themes-standard tshark wireshark
    # gnome-settings-daemon depends on plenty of packages we don't need now,
    # but we need gnome-settings-daemon for the GNOME theme to be applied
    apt-get install --no-install-recommends gnome-settings-daemon
  5. To run graphical applications from the Debian chroot we need to set up an X server on Android because Android uses a different method for presenting the GUI. XServer XSDL is available from Google Play and from SourceForge. Install and start it. It will show the display it is serving which will most probably end with :0, so the DISPLAY environment variable we set before is correct. (If there is an other number after the “:”, fix your DISPLAY variable.)
  6. Start the openbox window manager, gnome-settings-daemon and finally wireshark in capturing mode:
    openbox &
    # if you would like to have bigger menu fonts skip starting gnome-settings-daemon
    gnome-settings-daemon &
    wireshark -k -i wlan0
    
  7. Switch to the X server to see wireshark starting up, close the warning dialogs start capturing traffic!

I tested the tests above using a Nexus 7 (Asus 2013 version) running CyanogenMod M7, thus root access was granted by default, Lil’ Debi 0.4.7, and XServer XSDL 1.11.14.

update: Lil’ Debi has apparently been removed from Play Store. ūüôĀ

Beautiful Wireshark on OS X using Homebrew and GTK+3/Quartz

According to common wisdom GTK+ applications are not nice on OS X. They use XQuartz to draw widgets on the screen which is slower than native Quartz interface and the gray theme is not very appealing either. But does it have to stay this way? Could not GTK+ applications look more “native” on OS X?

They could! In six easy steps we can transform Wireshark to look way more elegant with the help of Homebrew, a package manager for OS X, GTK+3 the latest stable version of the toolkit and GNOME’s standard themes. (The steps are collected at the end of this post. The instructions assume no prior installation of brew packages. If you would like to remove all previously installed packages run “brew list | xargs brew uninstall”.)

Homebrew is a good alternative to installing software on OS X from source and Wireshark is already packaged there. Two commands let us start using it, but first we need to install XQuartz:

# install XQuartz from http://xquartz.macosforge.org, sorry, it is a manual step
# and you also have to logout, then login to start using it
# install Homebrew
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
# install Wireshark (and ccache to recompile stuff faster)
brew install ccache wireshark
brew uninstall wireshark
brew install --build-from-source wireshark --with-gtk+

Well, it works, but it is not exactly nice. The default install uses GTK+2 which is an older version of the toolkit.

Wireshark-gtk2

Let’s try using GTK+3, which step needs some changes to Homebrew’s formulas

# remove packaged Wireshark
brew uninstall wireshark
# install hub which lets you experiment with other Homebrew branches
brew install hub
# Pull my repo until every commit gets accepted to Homebrew core
cd $(brew --repository)
hub pull https://github.com/rbalint/homebrew-gtk-quartz
# build Wireshark from source, now using GTK+3
brew install --build-from-source wireshark --with-gtk+3

The widgets became slightly nicer, but we are far from being satisfied with that, right? The fonts still look very different from the fonts of other applications and we still use XQuartz. Note the big “X” in the lower right corner.

Wireshark-gtk3

The bigger part of the changes were needed to enable building libraries without XQuartz support, and for the sake of simplicity let’s start over with Homebrew and compile Wireshark with GTK/Quartz

# start over: clean up everything installed by Homebrew
brew list | xargs brew uninstall

#install packages we don't have to recompile to use Quartz
brew install ccache d-bus fontconfig freetype gettext glib gmp icu4c libffi libpng libtasn1 libtiff pkg-config xz hicolor-icon-theme gsettings-desktop-schemas c-ares lua portaudio geoip gnutls libgcrypt atk pixman hub
 
# install XQuartz from http://xquartz.macosforge.org
# Well, some builds will need the header files/libs, but you don't have to re-login
# and actually use XQuartz
 
#compile the rest of GTK+ 3 related libraries
brew install --build-from-source at-spi2-core at-spi2-atk cairo harfbuzz pango gtk+3 gtk+ librsvg gnome-themes-standard wireshark --without-x --without-x11 --with-gtk+3

The fonts became nicer, the shortcuts are shown like “^K” and we don’t see the big “X”. Probably the rendering of the widgets became faster as well, but I can’t tell. We successfully switched to Quartz!

Wireshark-gtk3-quartz

.. But Wireshark is still gray, like before. It is no surprise, since we installed GNOME themes, but haven’t enabled them yet. Let’s finish the polish:

mkdir -p ~/.config/gtk-3.0
echo "[Settings]" > ~/.config/gtk-3.0/settings.ini
echo "gtk-theme-name = Adwaita" >> ~/.config/gtk-3.0/settings.ini

Wireshark-gtk3-quartz-adwaitaVoilà! GTK+ applications are considered to be ugly on OS X because no one installs the standard themes! Using XQuartz as a GTK+ backend also did not help, but I think the themes brought the biggest difference.

Enjoy the new look and check other applications as well if they could be improved!


These are the minimal steps collected to get nice GTK+3 applications and Wireshark ready for being copy-pasted:

# install Homebrew, you will also need XCode with Command Line Tools installed
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"

# install packages we don't have to recompile to use Quartz
brew install ccache d-bus fontconfig freetype gettext glib gmp icu4c libffi libpng libtasn1 libtiff pkg-config xz hicolor-icon-theme gsettings-desktop-schemas c-ares lua portaudio geoip gnutls libgcrypt atk pixman
     
# install XQuartz from http://xquartz.macosforge.org
# Well, some builds will need the header files/libs, but you don't have to re-login
# and actually use XQuartz

# this may be needed by gtk+3 install (at least on my system with a previous installation)
brew link --overwrite gsettings-desktop-schemas

# compile the rest of GTK+ 3 related libraries
brew install --build-from-source at-spi2-core at-spi2-atk cairo harfbuzz pango gtk+3 gtk+ librsvg gnome-icon-theme wireshark --without-x --without-x11 --with-gtk+3

Thanks to Seb Shader’s post for describing the process of installing GTK+3/Quartz on OS X from source. I used most of his steps in updating the Homebrew formulas.

Update: Wireshark, and other GTK+ based programs could be beautiful on Windows as well, but Tarnyko, who packaged the latest GTK+3 Windows bundles needs help due to lack of time he can dedicate to the project. Please help him if you would like to see nicer GTK+ on Windows!

Update 2: With the release of GTK+ 3.14 Adwaita became the default theme thus installing and setting up Adwaita from gnome-themes-standard step can be omitted. The minimal steps collected at the end of the instructions are updated to reflect that, while the rest of the post documents the original steps creating a nicer looking Wireshark using GTK+ 3.12.

Update 3: With all the related changes merged to Homebrew’s master there is no need to use my repository anymore following the minimal steps.