$Id: README.win32,v 1.23 2001/04/10 12:29:22 gram Exp $ Installing Ethereal, Tethereal, and Editcap on Win32 ==================================================== These are the instructions for installing Ethereal from the installation executable that is provided on the Ethereal website and any of its mirrors. The installation package allows you to install: o Ethereal - the GUI version o Tethereal - the console, line-mode version o Editcap - a console, line-mode utility to convert capture files from one format to another. (The same functions are available in Ethereal) Additionally, the installation package contains a "plugins" option, which installs the Gryphon and MGCP dissector plugins for use with Ethereal and Tethereal. The "Debug PDB Files" are useful to install if you are experiencing a crash when running and Ethereal. Dr. Watson or your debugger can use the information in these files to provide useful information to the Ethereal developers that will help them pinpoint the problem. However, for general usage of Ethereal, these files are not necessary. In the future, we may package them separately from Ethereal. In the past, two versions of Ethereal binaries were published -- a version that could capture packets and a version which could not. The latter is useful if you're only reading files produced by another product (e.g., a sniffer, firewall, or intrustion detection system) and did not wish to install WinPcap, the library Ethereal uses to capture packets on Win32 platforms. Now that WinPcap 2.1 has been released as a DLL, Ethereal can detect its presence at run time. Thus, only one version of the Ethereal binaries need to be shipped. If you don't want to capture packets, just install the Ethereal package. If you do want to capture packets, install Ethereal *and* install WinPcap 2.1, available from: http://netgroup-serv.polito.it/winpcap/ If you already have WinPcap 2.0 installed, you need to un-install it and install WinPcap 2.1. If you use other applications that use WinPcap 2.0, you will have to decide which applications to keep, since WinPcap 2.0 and WinPcap 2.1 cannot be installed on the same system at the same time. If Ethereal is not capturing packets and you have WinPcap installed, you can test your WinPcap installation by installing WinDump (TCPdump for Windows) ported by the same folks who make WinPcap. It's at: http://netgroup-serv.polito.it/windump/ They also make Analyzer, a GUI sniffer for Win32: http://netgroup-serv.polito.it/analyzer/ The rest of this documentation is only interesting if you want to compile Ethereal yourself. Running Ethereal, Tethereal, and Editcap on Win32 ================================================= You need the glib and gtk libraries for running Ethereal. These packages for win32 can be found at: http://www.ethereal.com/distribution/win32 and at the home page for the GTK+ for Win32 project: http://www.gimp.org/~tml/gimp/win32 or http://www.iki.fi/tml/gimp/win32/ (the mirror nearer to you may be faster). Plugins (gryphon.dll and mgcp.dll) can go in: C:\Program Files\Ethereal\plugins\ C:\Ethereal\plugins\ Where is the version number, without brackets. For example, C:\Ethereal\plugins\0.8.16 Yes, the location of plugins needs to be more flexible. Make sure the glib and gtk DLL's are in your path - i.e., that your path includes the directory (folder) or directories (folders) in which those DLLs are found - when you run Ethereal. This includes gtk-*.dll, glib-*.dll, gmodule-*.dll, gdk-*.dll, gnu-intl.dll, and iconv-*.dll. As of the 20000805 GTK+/GLIB distribution, gthread-*.dll is no longer needed. The Win32 Binary distribution, available from http://www.ethereal.com/distribution/win32 used different version of the GTK+/GLIB libraries at different points in time: Ethereal Version GTK+/GLIB version ---------------- ----------------- 0.8.16 and after 20001226 0.8.11 - 0.8.15 20000805 0.8.9 - 0.8.10 20000416 0.8.8 and before 19990828 Capturing Packets ----------------- In order to capture with Win32, you need to install the NDIS packet capture driver for your particular Win32 OS; drivers for Windows 9x, Windows NT 4.0, and Windows 2000 can be downloaded from the WinPcap home page: http://netgroup-serv.polito.it/winpcap/ Compiling the Ethereal distribution from source =============================================== You'll need the development package for GLIB, GTK+, and WinPcap. Those versions are available from the respctive home pages for each project (the same URLs as listed above). The development packages contain header files and stub libaries to link against. The use of an SNMP library has not been made to work yet in Ethereal/Win32, but a binary distribution of the UCD SNMP package, including header files and a DLL of the UCD SNMP library, can be had from: ftp://ftp.revelstone.com/snmp/binaries/ The file will probably be called "ucd-snmp-X.X-x86-win32.zip", where "X.X" is the version number of the UCD SNMP library. Instructions for MS Visual C ---------------------------- Modify the config.nmake file in the top directory of the Ethereal source tree to work for your local configuration. You should not have to modify any other Makefile. In order to compile, at least with the default settings, you also need zlib, which is provided as an archive library, not a DLL. The pre-compiled zlib which comes with the "extralibs" package from Gimp/Win32 is faulty; a working version can be downloaded from: http://www.ethereal.com/distribution/win32/zlib-1.1.3-fixed.zip Be sure that your command-line environment is set up to compile and link with MSVC. When installing MSVC, you can have your system's environment set up to always allow compiling from the command line, or you can invoke the vcvars32.bat script. In the ethereal directory, type "nmake -f makefile.nmake". It will recurse into the subdirectories as appropriate. Some generated source is created by traditionally "Unix-ish" tools. If you are building from an official distribution, these files are already generated, so you have nothing to worry about unless you modify the source. If building from a CVS image, you'll need the tools to generate C source. The "special" files and their requisite tools are: Source Output Tool ------ ------ ---- config.h.in config.h sed dfilter-scanner.l *.c Flex wiretap/ascend-scanner.l *.c Flex wiretap/ascend-grammar.y *.c,*.h Bison/Yacc ncp2222.py packet-ncp2222.c Python make-reg-dotc, packet*.c register.c Bash + grep + sed or make-reg-dotc.py, packet*.c register.c Python The Makefile.nmake supplied with the Ethereal distribution will attempt to make register.c with Python, since it is much much much faster than the shell version. The reason it is faster is because the shell version launches multiple processes (grep, sed) for each source file, multiple times. The Python script is one process. This matters a lot on Win32. If for some reason you want to build register.c with the shell script, uncomment out the action line for the register.c target in Makefile.nmake. If you have a Unix system handy, you can first build on Unix to create the source files that these tools make, then run the build on Windows. That will avoid the need for these tools on your Windows computer. If you don't have a Unix system handy, most of those tools are available for Win32 systems as part of the Cygwin package: http://sourceware.cygnus.com/cygwin/ After installing them, you will probably have to modify the config.nmake file to specify where the Cygwin binaries are installed. Python for Win32 is available from http://www.python.org/ Instructions for Cygwin ----------------------- No one has ever compiled Ethereal entirely with Cygwin. It should not be difficult, however. This spot is reserved for your instructions on how to compile Ethereal with Cygwin.