Monday, January 24, 2011

Wireshark SMB capture feature for Windows

Since we published our "SMB export object" feature for wireshark a few people has asked for a windows version.

When a functionality is included in the wireshark development trunk, but is not yet included in an stable version, the only way to use it is to obtain the source code (by using "svn co wireshark") and compile it. Although windows compilation has no technical secret since it is very well explained in Wireshark's development guide, it is a little bit of a burden because you have to install some tools (Microsoft C Compiler and SDK, cygwin, python, SVN client, etc.) before being able to compile it.

For that reason, we've decided to build a Windows version of wireshark that includes our feature, and publish it in our Lab page. The file is a windows installer executable packaged with NSIS. It has been tested in a Windows XP system and a Windows 7 system.

Before install and use it, please be aware that this is a wireshark development version and, by definition, it is subject to errors (our functionality is not an exception). We are still working on some enhancements. Therefore, although running wireshark as a non-privileged user is always a good practice, in this case is even more recommended.

We will announce future improvements of the functionality via twitter and/or on this blog.

(UPDATE) This functionality is included in the oficial version of Wireshark for Windows from release 1.5.1 on.
(UPDATE) We have released a patch that corrects some bugs in the export object SMB functionality of version 1.5.1. It has been included in development trunk from SVN revision 36979 on. Until Wireshark publishes release 1.5.2, you can obtain a windows installer from our lab.