2002-04-16 03:00:54 +00:00
|
|
|
$Id: README.win32,v 1.34 2002/04/16 03:00:54 gerald Exp $
|
2001-04-10 12:29:22 +00:00
|
|
|
|
|
|
|
Installing Ethereal, Tethereal, and Editcap on Win32
|
|
|
|
====================================================
|
|
|
|
These are the instructions for installing Ethereal
|
|
|
|
from the installation executable that is provided on
|
|
|
|
the Ethereal website and any of its mirrors.
|
|
|
|
|
|
|
|
The installation package allows you to install:
|
|
|
|
|
|
|
|
o Ethereal - the GUI version
|
|
|
|
o Tethereal - the console, line-mode version
|
|
|
|
o Editcap - a console, line-mode utility to convert
|
|
|
|
capture files from one format to another.
|
|
|
|
(The same functions are available in Ethereal)
|
2001-12-19 19:16:12 +00:00
|
|
|
o Text2Pcap - a console, line-mode utility to generate
|
|
|
|
a capture file from an ASCII hexdump of packets
|
|
|
|
o Mergecap - a console, line-mode utility to merge two
|
|
|
|
capture files into one
|
2001-04-10 12:29:22 +00:00
|
|
|
|
|
|
|
Additionally, the installation package contains a "plugins"
|
2001-12-19 19:16:12 +00:00
|
|
|
option, which installs the Gryphon, MGCP and GIOP dissector plugins
|
2001-04-10 12:29:22 +00:00
|
|
|
for use with Ethereal and Tethereal.
|
|
|
|
|
2001-12-19 19:16:12 +00:00
|
|
|
All binaries in Ethereal package are now built with debugging
|
|
|
|
information embedded. If you are experiencing a crash when running
|
|
|
|
Ethereal or other binaries, Dr. Watson or your debugger
|
|
|
|
can use the information embedded in the binary to provide useful
|
|
|
|
information to the Ethereal developers that will help them pinpoint
|
|
|
|
the problem.
|
2001-04-10 12:29:22 +00:00
|
|
|
|
|
|
|
In the past, two versions of Ethereal binaries were published -- a
|
|
|
|
version that could capture packets and a version which could not.
|
|
|
|
The latter is useful if you're only reading files produced by
|
|
|
|
another product (e.g., a sniffer, firewall, or intrustion detection system)
|
|
|
|
and did not wish to install WinPcap, the library Ethereal uses
|
|
|
|
to capture packets on Win32 platforms.
|
|
|
|
|
2001-09-26 21:22:02 +00:00
|
|
|
As of WinPcap 2.1, all the WinPcap libraries have been released as DLLs.
|
|
|
|
This means that Ethereal can detect the presence of WinPcap at run time,
|
|
|
|
which means that only one version of the Ethereal binaries needs to be
|
|
|
|
shipped.
|
2001-04-10 12:29:22 +00:00
|
|
|
|
|
|
|
If you don't want to capture packets, just install the Ethereal
|
|
|
|
package. If you do want to capture packets, install Ethereal *and*
|
2001-09-26 21:22:02 +00:00
|
|
|
install the latest non-beta version of WinPcap, available from:
|
2001-04-10 12:29:22 +00:00
|
|
|
|
2002-04-16 03:00:54 +00:00
|
|
|
http://winpcap.polito.it/
|
2001-04-10 12:29:22 +00:00
|
|
|
|
2001-09-29 19:31:31 +00:00
|
|
|
and mirrored at
|
|
|
|
|
2002-04-14 19:24:26 +00:00
|
|
|
http://winpcap.mirror.ethereal.com/
|
2001-10-18 15:44:36 +00:00
|
|
|
|
|
|
|
and
|
|
|
|
|
2002-04-14 20:06:04 +00:00
|
|
|
http://www.mirrors.wiretapped.net/security/packet-capture/winpcap/
|
2001-09-29 19:31:31 +00:00
|
|
|
|
2001-09-26 21:22:02 +00:00
|
|
|
If you already have an earlier version of WinPcap installed, you need to
|
|
|
|
un-install it and install the latest version. If the older version is
|
|
|
|
WinPcap 2.0 or 2.02, and you have other applications that use the older
|
|
|
|
version , you will have to decide which applications to keep, since
|
|
|
|
WinPcap 2.0/2.02 and later versions cannot be installed on the same
|
|
|
|
system at the same time.
|
|
|
|
|
|
|
|
If Ethereal is not capturing packets and you have WinPcap installed, you
|
|
|
|
can test your WinPcap installation by installing WinDump (tcpdump for
|
|
|
|
Windows) ported by the same folks who make WinPcap. It's at:
|
2001-04-10 12:29:22 +00:00
|
|
|
|
2002-04-16 03:00:54 +00:00
|
|
|
http://windump.polito.it/
|
2001-04-10 12:29:22 +00:00
|
|
|
|
2001-09-29 19:31:31 +00:00
|
|
|
and mirrored at
|
|
|
|
|
2002-04-14 19:24:26 +00:00
|
|
|
http://windump.mirror.ethereal.com/
|
|
|
|
|
|
|
|
and
|
|
|
|
|
2002-04-14 20:06:04 +00:00
|
|
|
http://www.mirrors.wiretapped.net/security/packet-capture/windump/
|
2001-09-29 19:31:31 +00:00
|
|
|
|
2001-04-10 12:29:22 +00:00
|
|
|
They also make Analyzer, a GUI sniffer for Win32:
|
|
|
|
|
2002-04-16 03:00:54 +00:00
|
|
|
http://analyzer.polito.it/
|
2001-04-10 12:29:22 +00:00
|
|
|
|
|
|
|
The rest of this documentation is only interesting if
|
|
|
|
you want to compile Ethereal yourself.
|
|
|
|
|
1999-07-13 02:53:26 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
Running Ethereal, Tethereal, and Editcap on Win32
|
|
|
|
=================================================
|
|
|
|
You need the glib and gtk libraries for running Ethereal.
|
2000-06-08 03:12:52 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
These packages for win32 can be found at:
|
2000-06-08 03:12:52 +00:00
|
|
|
|
2000-10-08 17:16:29 +00:00
|
|
|
http://www.ethereal.com/distribution/win32
|
2000-06-08 03:12:52 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
and at the home page for the GTK+ for Win32 project:
|
2000-06-08 03:12:52 +00:00
|
|
|
|
2000-01-25 02:11:30 +00:00
|
|
|
http://www.gimp.org/~tml/gimp/win32
|
|
|
|
|
|
|
|
or
|
|
|
|
http://www.iki.fi/tml/gimp/win32/
|
|
|
|
|
|
|
|
(the mirror nearer to you may be faster).
|
|
|
|
|
2001-01-12 02:35:49 +00:00
|
|
|
Plugins (gryphon.dll and mgcp.dll) can go in:
|
|
|
|
C:\Program Files\Ethereal\plugins\<version>
|
|
|
|
C:\Ethereal\plugins\<version>
|
|
|
|
|
|
|
|
Where <version> is the version number, without brackets.
|
2001-03-05 22:53:41 +00:00
|
|
|
For example, C:\Ethereal\plugins\0.8.16
|
2001-01-12 02:35:49 +00:00
|
|
|
|
|
|
|
Yes, the location of plugins needs to be more flexible.
|
|
|
|
|
2000-09-29 06:30:31 +00:00
|
|
|
Make sure the glib and gtk DLL's are in your path - i.e., that your path
|
|
|
|
includes the directory (folder) or directories (folders) in which those
|
|
|
|
DLLs are found - when you run Ethereal. This includes gtk-*.dll,
|
2001-04-10 12:29:22 +00:00
|
|
|
glib-*.dll, gmodule-*.dll, gdk-*.dll, gnu-intl.dll, and iconv-*.dll.
|
|
|
|
As of the 20000805 GTK+/GLIB distribution, gthread-*.dll is no longer needed.
|
2000-08-04 15:40:54 +00:00
|
|
|
|
|
|
|
The Win32 Binary distribution, available from
|
2000-06-08 03:12:52 +00:00
|
|
|
|
2000-10-08 17:16:29 +00:00
|
|
|
http://www.ethereal.com/distribution/win32
|
2000-01-25 02:11:30 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
used different version of the GTK+/GLIB libraries at different points
|
|
|
|
in time:
|
2000-01-25 02:11:30 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
Ethereal Version GTK+/GLIB version
|
|
|
|
---------------- -----------------
|
2001-03-05 22:53:41 +00:00
|
|
|
0.8.16 and after 20001226
|
|
|
|
0.8.11 - 0.8.15 20000805
|
2000-08-04 15:40:54 +00:00
|
|
|
0.8.9 - 0.8.10 20000416
|
|
|
|
0.8.8 and before 19990828
|
2000-01-25 02:11:30 +00:00
|
|
|
|
1999-07-13 02:53:26 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
Capturing Packets
|
|
|
|
-----------------
|
2000-02-09 19:18:42 +00:00
|
|
|
In order to capture with Win32, you need to install the NDIS
|
2000-04-13 09:03:32 +00:00
|
|
|
packet capture driver for your particular Win32 OS; drivers for Windows
|
2001-04-09 06:12:51 +00:00
|
|
|
9x, Windows NT 4.0, and Windows 2000 can be downloaded from the
|
2000-08-04 15:40:54 +00:00
|
|
|
WinPcap home page:
|
|
|
|
|
2002-04-16 03:00:54 +00:00
|
|
|
http://winpcap.polito.it/
|
2000-02-09 19:18:42 +00:00
|
|
|
|
2001-09-29 19:31:31 +00:00
|
|
|
or the mirror site at
|
|
|
|
|
|
|
|
http://www.wiretapped.net/security/packet-capture/winpcap/default.htm
|
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
Compiling the Ethereal distribution from source
|
|
|
|
===============================================
|
|
|
|
You'll need the development package for GLIB, GTK+, and WinPcap.
|
|
|
|
Those versions are available from the respctive home pages for
|
|
|
|
each project (the same URLs as listed above). The development
|
|
|
|
packages contain header files and stub libaries to link against.
|
|
|
|
|
2001-04-09 06:12:51 +00:00
|
|
|
The use of an SNMP library has not been made to work yet in
|
|
|
|
Ethereal/Win32, but a binary distribution of the UCD SNMP package,
|
|
|
|
including header files and a DLL of the UCD SNMP library, can be had
|
|
|
|
from:
|
2000-04-13 09:03:32 +00:00
|
|
|
|
2001-04-09 06:12:51 +00:00
|
|
|
ftp://ftp.revelstone.com/snmp/binaries/
|
2000-08-04 15:40:54 +00:00
|
|
|
|
2001-04-09 06:12:51 +00:00
|
|
|
The file will probably be called "ucd-snmp-X.X-x86-win32.zip", where
|
|
|
|
"X.X" is the version number of the UCD SNMP library.
|
1999-07-13 02:53:26 +00:00
|
|
|
|
|
|
|
Instructions for MS Visual C
|
|
|
|
----------------------------
|
2002-03-04 01:26:40 +00:00
|
|
|
Modify the config.nmake file in the top directory of the Ethereal source
|
|
|
|
tree to work for your local configuration; if you don't have Python,
|
|
|
|
comment out the line that defines PYTHON, otherwise set it to refer to
|
|
|
|
the pathname of your Python interpreter executable. You should not have
|
|
|
|
to modify any other Makefile.
|
1999-07-21 17:40:42 +00:00
|
|
|
|
2001-04-06 03:52:45 +00:00
|
|
|
In order to compile, at least with the default settings, you
|
|
|
|
also need zlib, which is provided as an archive library, not
|
|
|
|
a DLL. The pre-compiled zlib which comes with the "extralibs"
|
|
|
|
package from Gimp/Win32 is faulty; a working version can be
|
|
|
|
downloaded from:
|
|
|
|
|
2001-04-09 06:12:51 +00:00
|
|
|
http://www.ethereal.com/distribution/win32/zlib-1.1.3-fixed.zip
|
2001-04-06 03:52:45 +00:00
|
|
|
|
2000-01-15 00:23:13 +00:00
|
|
|
Be sure that your command-line environment is set up to compile
|
2000-03-03 07:06:13 +00:00
|
|
|
and link with MSVC. When installing MSVC, you can have your
|
2000-01-15 00:23:13 +00:00
|
|
|
system's environment set up to always allow compiling from the
|
|
|
|
command line, or you can invoke the vcvars32.bat script.
|
1999-07-21 17:40:42 +00:00
|
|
|
|
2001-07-13 08:14:03 +00:00
|
|
|
The first time you build Ethereal, run the script "cleanbld.bat" to make
|
|
|
|
sure that the "config.h" files will be reconstructed from the
|
|
|
|
"config.h.win32" files. (If, for example, you have "config.h" files
|
|
|
|
left over from a Unix build, a Windows build will fail.)
|
|
|
|
|
2000-02-09 00:41:57 +00:00
|
|
|
In the ethereal directory, type "nmake -f makefile.nmake". It will
|
|
|
|
recurse into the subdirectories as appropriate.
|
1999-07-13 02:53:26 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
Some generated source is created by traditionally "Unix-ish" tools.
|
|
|
|
If you are building from an official distribution, these files are
|
|
|
|
already generated, so you have nothing to worry about unless you
|
|
|
|
modify the source. If building from a CVS image, you'll need the tools
|
|
|
|
to generate C source. The "special" files and their requisite tools are:
|
|
|
|
|
|
|
|
Source Output Tool
|
|
|
|
------ ------ ----
|
2001-07-13 08:14:03 +00:00
|
|
|
config.h.win32 config.h sed
|
|
|
|
epan/config.h.win32 epan/config.h sed
|
|
|
|
image/ethereal.rc.in image/ethereal.rc sed
|
|
|
|
image/tethereal.rc.in image/tethereal.rc sed
|
|
|
|
image/editcap.rc.in image/editcap.rc sed
|
|
|
|
image/mergecap.rc.in image/mergecap.rc sed
|
|
|
|
image/text2pcap.rc.in image/text2pcap.rc sed
|
|
|
|
packaging/nsis/ethereal.nsi.in packaging/ethereal.nsi sed
|
|
|
|
wiretap/config.h.win32 wiretap/config.h sed
|
|
|
|
epan/dfilter/dfilter-scanner.l epan/dfilter/*.c Flex
|
|
|
|
text2pcap-scanner.l *.c Flex
|
2000-08-04 15:40:54 +00:00
|
|
|
wiretap/ascend-scanner.l *.c Flex
|
2001-03-23 02:05:29 +00:00
|
|
|
wiretap/ascend-grammar.y *.c,*.h Bison/Yacc
|
2000-08-04 15:40:54 +00:00
|
|
|
ncp2222.py packet-ncp2222.c Python
|
|
|
|
|
2001-04-06 03:52:45 +00:00
|
|
|
make-reg-dotc, packet*.c register.c Bash + grep + sed
|
2001-01-11 07:21:35 +00:00
|
|
|
or
|
|
|
|
make-reg-dotc.py, packet*.c register.c Python
|
|
|
|
|
2002-03-04 01:26:40 +00:00
|
|
|
The Makefile.nmake supplied with the Ethereal distribution will, if
|
|
|
|
PYTHON is defined in config.nmake, attempt to make register.c with
|
|
|
|
Python, since it is much much much faster than the shell version. The
|
|
|
|
reason it is faster is because the shell version launches multiple
|
|
|
|
processes (grep, sed) for each source file, multiple times. The Python
|
|
|
|
script is one process. This matters a lot on Win32.
|
2001-01-11 07:21:35 +00:00
|
|
|
|
2001-07-13 08:14:03 +00:00
|
|
|
If you have a Unix system handy, you can first build on Unix to create
|
|
|
|
most of the source files that these tools make, then run the build on
|
|
|
|
Windows. That will avoid the need for these tools on your Windows
|
|
|
|
computer. (This won't work for the files in the "image" directory,
|
|
|
|
however, as those aren't built on Unix - they're only for Windows
|
|
|
|
builds. It also won't work for the "config.h" files; whilst those are
|
|
|
|
built for Unix, they're specific to the platform on which you're
|
|
|
|
building, and the "config.h" files constructed for a Unix build will not
|
|
|
|
work with a Windows build.)
|
2000-08-04 15:40:54 +00:00
|
|
|
|
|
|
|
If you don't have a Unix system handy, most of those tools are available for
|
2000-04-29 08:32:50 +00:00
|
|
|
Win32 systems as part of the Cygwin package:
|
|
|
|
|
2001-11-07 18:49:57 +00:00
|
|
|
http://sources.redhat.com/cygwin/
|
2000-04-29 08:32:50 +00:00
|
|
|
|
|
|
|
After installing them, you will probably have to modify the config.nmake
|
|
|
|
file to specify where the Cygwin binaries are installed.
|
1999-07-13 02:53:26 +00:00
|
|
|
|
2000-08-04 15:40:54 +00:00
|
|
|
Python for Win32 is available from
|
|
|
|
|
|
|
|
http://www.python.org/
|
|
|
|
|
1999-07-13 02:53:26 +00:00
|
|
|
|
2000-04-29 08:32:50 +00:00
|
|
|
Instructions for Cygwin
|
1999-07-13 02:53:26 +00:00
|
|
|
-----------------------
|
2000-04-29 08:32:50 +00:00
|
|
|
No one has ever compiled Ethereal entirely with Cygwin. It should not
|
2000-11-06 09:49:43 +00:00
|
|
|
be difficult, however. This spot is reserved for your instructions on
|
2000-04-29 08:32:50 +00:00
|
|
|
how to compile Ethereal with Cygwin.
|