pcap
in terms of packet capturing, yet its major feature is the network protocol analysis which pcap
cannot offer.According to the official site, “Wireshark is the world’s foremost network protocol analyzer.” [2] Though Wireshark has distribution on all major platforms: GNU/Linux, OS X, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows, there is no official distribution for Android or common embedded Linux platform.Some reader may know that for Android, there is an app called ``Shark for Root’’ on Google Play Store [3], but it is only an encapsulation of the tcpdump
binary for Android.PATH
, otherwise ld
will complain that it cannot find -lglib-2.0.so
and so on.2.0.4
.For example, the download link from North America CDN is: https://2.na.dl.wireshark.org/src/wireshark-2.0.4.tar.bz2
.endgrent()
), we need to make several patches.void *DtdParseAlloc()
at line 64 in epan/dfilter/dfilter-int.h
.Change the input type from void *(*)(gsize)
to void* (*mallocProc)(size_t)
.Same patch is needed for another occurance of it in file epan/dtd_parse.h
, line 25.tools/lemon/Makefile.in
at line 775.The lemon
is one of Wireshark’s essential internal building tool.We need to change $(CC_FOR_BUILD)
to its absolute path /usr/bin/cc
assuming we are using the standard GCC install location.This is actually a bug in lemon
’s environment configuration.The $(CC_FOR_BUILD)
is supposed to be interpreted as the build system’s CC which is /usr/bin/cc
, but in fact it will be wrongly taken as the host system’s CC which is the arm-eabi
version when we cross-compile.That would be an error because lemon
has to be built as the executable for the build system (x86_64
binary) to do the real work.Our patch will fix this issue.wsutil/privileges.c
at line 324.Here the wsutil
library called endgrent()
in privilege management.However, as of Android NDK r10e API level 19, there is no declaration of endgrent()
in <sys/types.h>
and grp.h
.Thus we have to comment out this function call to fix it.It seems safe to do so, but I have not investigate this issue throughly.Interestingly, the Android NDK r12b API level 23 have better support of privileges in <sys/types.h>
and grp.h
and implemented this function.Unfortunately, however, as my previous post has pointed out, the attempt of cross-compiling GLib is not successful using Android NDK r12b.One possible way to keep endgrent()
is that you get the GLib cross-compiled using NDK r10e, and then cross-compile wireshark using NDK r12b.This way, this patch can be probably skipped, but any complication raise from the inconsistent NDK versions is unknown.wireshark-android.patch
, and doautogen.sh
, if it succeeds you should expect to see the similar output.Fix any error according to its output.libwireshark.so
, libwsutil.so
and libws
) working for Android, so I disabled most of its plugins, including pcap
.You may want to keep pcap
by using with-pcap
to capture packets if you do not have packet capture program for Android.You can tailor the configure parameters to your own need, but probably you need to handle more dependencies.For example, if you want to use pcap
, you need to cross-compile libpcap
as well and add -lpcap
in the LDFLAGS
.That will not be too hard because there’s lots of tutorials and ready scripts to cross-compile libpcap
for Android.${PREFIX}
: