Ask Your Question
0

Is there a way to build tshark for armhf/arm32v6?

asked 2022-03-24 22:14:19 +0000

gbrucepayne gravatar image

I have an application that I would like to run on a Raspberry Pi Zero. I have it working nicely on arm32v7 on a Pi 4, but with hardware supply issues and such I'd really like to run it on the arm6l. Ideally bundled into a docker package on Alpine with Python.

I'm not sure how to compile from source and whether it's possible to do so just for the CLI as I'm not using the GUI in this case.

Thanks in advance for any help.

edit retag flag offensive close merge delete

Comments

You can use tcpdump on the PI and export the PCAP file elsewhere.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2022-03-25 10:28:27 +0000 )edit

Thanks @hugo.vanderkooji that may be an ok backup plan. I also found another workaround where I can use an arm32v5 based docker image and it seems to work. My application can grab the capture and send it somewhere else or it could also do a bit of simple analysis locally, in this case I use the tshark wrapper pyshark python package.

gbrucepayne gravatar imagegbrucepayne ( 2022-03-25 20:37:55 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-03-25 02:11:27 +0000

Chuckc gravatar image

updated 2022-03-25 02:12:47 +0000

I built 2.6.4 (trying to recreate some issue) on a pi:

Hardware        : BCM2835
Revision        : a22082
Serial          : 00000000c73d07a3
Model           : Raspberry Pi 3 Model B Rev 1.2
  1. 3.4. Obtaining The Wireshark Sources - the easiest way is to download the tarball (step 3.4.3)
  2. Extract then head to the tools directory and look for tools/debian-setup.sh
    (see 2.1. UNIX: Installation and Build Instructions) It will try to pull in the dependencies needed for the build.
  3. 2.1.2. Building - first time I tried ninja which overloaded the pi. Redid the build with make and it completed. Don't use ninja on the pi

People have asked about just building tshark but so much of the Wireshark build is libraries and dissectors shared by tshark and wireshark that there isn't much saved by not building the gui part.

pi@raspberrypi:~/wireshark_build/wireshark-make/run $ ./tshark -v
TShark (Wireshark) 2.6.4 (v2.6.4)

Copyright 1998-2018 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <http: www.gnu.org="" licenses="" old-licenses="" gpl-2.0.html="">
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.58.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua
5.2.4, with GnuTLS 3.6.7, with Gcrypt 1.8.4, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.36.0, with LZ4, with Snappy, with libxml2 2.9.4.

Running on Linux 4.19.118-v7+, with 926 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.6.7, with Gcrypt 1.8.4,
with zlib 1.2.11, binary plugins supported (13 loaded).

Built using gcc 8.3.0.
pi@raspberrypi:~/wireshark_build/wireshark-make/run $

edit flag offensive delete link more

Comments

Thanks Chuckc I'll give this a try and let you know how it goes. As I'm building on a Pi Zero it might keel over but worth a shot.

gbrucepayne gravatar imagegbrucepayne ( 2022-03-25 20:39:50 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-03-24 22:14:19 +0000

Seen: 464 times

Last updated: Mar 25 '22