Sharktools: Build Matshark…Please help!!!

Question

Hello All,

In order to build Matshark, I followed the instructions on http://cpansearch.perl.org/src/NANIS/Net-Sharktools-0.009/README.sharktools-0.1.5.txt

I am using a 32 bit, ubuntu 10.04 machine with gcc-4.3.4

I configured as follows: ./configure --disable-pyshark --with-mex=/[path/to/mex] --with-wireshark-src=[/path/to/wireshark]

The process completes successfully and makefile is generated. When I issue the "make" command, I get:

sharktools_cfile.c: In function 'cap_file_init':

sharktools_cfile.c:47: error:'capture_file' has no member named 'plist_start'

sharktools_cfile.c:51: error:'capture_file' has no member named 'plist_end'

sharktools_cfile.c:57: error:'capture_file' has no member named 'user_saved'

make[1]:*** [all-recursive] Error 1

Can someone help with this?

Regards, Ramya

Answer 1

2

user_saved

The sharktools_cfile.c you have, wherever it comes from, probably expects an older version of the header files (and code!) for Wireshark, and you probably don't have it, given that the capture_file structure used to have a user_saved member but no longer does (it has a unsaved_changes member; the code for "Save" and "Save As" was changed for 1.8 to reflect the fact that Wireshark is now an "editor", in that you can read in a capture file with Wireshark, add comments to the file or to packets in the file/edit existing comments/delete existing comments, and then save the modified file).

There's probably a bug, or at least an invalid assumption, somewhere in Matshark, that's causing it not to work with whatever version of Wireshark you're using. You probably want to ask the Matshark people about this.

answered 11 Jun '12, 20:26

Guy Harris ♦♦
17.4k●3●35●196
accept rate: 19%

1

Indeed. From README.sharktools-0.1.5.txt:

"Be sure that you download the version of Wireshark that is roughly(\*) the same as the version of Wireshark installed by your package management system.  The source to Wireshark is needed because your distribution's wireshark-dev package is generally not sufficient(**) to build sharktools."

In your case that would be something like: Ubuntu 10.04.1 LTS + Python 2.6.5 + Wireshark 1.2.7

(12 Jun '12, 05:36) Jaap ♦

Hello Guy, Thank you for your answer! So I went ahead and downgraded the wireshark version to 1.2.7. The errors above go away. But now when I try to make the file, I get another set of errors. All these errors are coming from sharktools_core.c :

sharktools_core.c : undefined reference to epan_dissect_init
sharktools_core.c : undefined reference to frame_data_init
sharktools_core.c : undefined reference to frame_data_set_before_dissect
sharktools_core.c : undefined reference to frame_data_cleanup
sharktools_core.c : undefined reference to frame_data_set_after_dissect

These functions are defined in Wireshark's epan.h and frame_data.h. I made sure that sharktools_core.c includes these headers from Wireshark's epan directory. Yet I get the erros above.

I have been struggling with this for the past week now. Any pointers on how to proceed further will be very helpful!

Best regards, Ramya

(14 Jun '12, 07:28) ramya

1.Hello Guy, Thank you for your answer! PLease see my answer below where I decribe a new set of errors I get once i downgrade teh wireshark version. Thank you, Ramya

Edit (@grahamb): I converted your "answer" to a comment as that is how this site works.

(14 Jun '12, 07:44) ramya

It appears that Sharktools does not support Wireshark 1.6.0 or later at all; the announcement sent to the Wireshark mailing lists only says it works with "Most - if not all - versions of Wireshark from 0.99.5 to 1.4.0".

There does appear to be an attempt in the configuration file to detect whether Wireshark is 1.0.x, 1.2.x, or 1.4.x, but that might not be working. Try doing make distclean and re-running the configure script in the Sharktools source directory.

(14 Jun '12, 10:42) Guy Harris ♦♦