https://gist.github.com/syneart/2d30c075c140624b1e150c8ea318a978
apt-get
sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get -y autoremove
sudo apt-get install -y build-essential git cmake
sudo apt-get install -y cmake3
sudo apt-get install -y qttools5-dev qttools5-dev-tools libqt5svg5-dev qtmultimedia5-dev
sudo apt-get install -y libpcap-dev
sudo apt-get install -y libc-ares-dev
sudo apt-get install -y libgcrypt20-dev
sudo apt-get install -y libglib2.0-dev
sudo apt-get install -y flex bison
sudo apt-get install -y libpcre2-dev
build
git clone https://github.com/wireshark/wireshark ~/wireshark
cd ~/wireshark
mkdir build
cd build
cmake ../
make -j`nproc` && {
echo "\nBuild Success!"
echo "You can execute the Wireshark by command \"sudo ./wireshark\""
echo "at \"`pwd`/run\""
}
run
cd ~/wireshark/build/run
./wireshark
GUI > Help > About Wireshark > Version 3.7.0 (v3.7.0rc0-1344-g8cb519153c2f)
GUI > Help > About Wireshark > Plugins > ~/wireshark/build/run/plugins/3.7/epan
http://wsgd.free.fr/download.html > Linux 64 bits build on Ubuntu > 3.6.X 64 bit
https://wintermade.it/blog/posts/how-to-write-generic-dissectors-in-wireshark.html
Note about heuristic
For the below .wsgf content
PARENT_SUBFIELD tcp.port
PARENT_SUBFIELD_VALUES 8000
PARENT_HEURISTIC tcp
HEURISTIC_FUNCTION heuristic_function
Protocol will be identified either "tcp.port==8000" or "bool heuristic_function". This means is the tcp.port was set incorrectly then there will be a lot of wrong data being identified as the same protocol.
asdasdasas
asdasdasas
more
沒有留言:
張貼留言