NOTE!!: This manual is outdated and the patches for HIP are included into the sources of Wireshark that can be obtained through svn (see below). So there is no need to patch any more. The HIP dissector contains packet types and parameter types from RFCs 5201 to 5206 and draft-ietf-hip-nat-traversal and draft-ietf-hip-cert.
NOTE: this manual was written with Ubuntu and other debian based distros in mind. Some parts of this manual may not applicable on RH and others, but the basic idea is still quite similar. I am also using the latest svn sources from the wireshark repository.
First of all you have to get the packages essential to the building process. You can get them by issuing command "sudo apt-get build-dep wireshark". After this you should get the sources from your distro (apt-get source wireshark), wiresharks download section or from their SVN repository ($ svn checkout http://anonsvn.wireshark.org/wireshark/trunk wireshark). I am using the last option, because 1.0.0 does not compile without problems on hardy and 1.0.99 (1.1.0) does. Also note that some revisions do not compile correctly under Ubuntu for some reason, for this manual I used revision 25632 of Wireshark.
Now you have the build essentials and the sources for the Wireshark and it is time to add the HIP patches. You can get them from the Infrahip web site. Here is the explanation on how to get the most current sources from the Infrahip version control. The patches we need are in the patches/ethereal/ folder. We need the following patches. The latter one is for the draft draft-heer-hip-middle-auth-01.txt.
wireshark-1.1.0-hip.patch
wireshark-1.1.0-hip-midauth.patch
If you want some experimental stuff, like type 2 locators and some NAT traversal parameters use.
wireshark-1.1.0-hip-updated.patch
wireshark-1.1.0-hip-midauth-updated.patch
Go to the folder that contains the autogen.sh of the wireshark you
just downloaded and issue the following commands.
NOTE: If you have "sudo make install":ed HIPL on to your machine, you may have to do "sudo make uninstall" for it before Wireshark compiles correctly. If you have started to compile wireshark with HIPL installed and the results are complaints about libinet6 and some other weirdness like strcmp.la is missing you have to uninstall HIPL. If next make does not work and it complains that it does not find libinet6 you have to "make distclean".
patch -p1 < <PATH-TO-PATCH>/wireshark-1.1.0-hip.patch
patch -p1 < <PATH-TO-PATCH>/wireshark-1.1.0-hip-midauth.patch
./autogen.sh
./configure
make
sudo make install
The compilation should go without any problems. In some older distributions you might need to disable gtk2.0. When packaging the wireshark, for debian use "make debian-package" or for RH use "make rpm-package" and so on. For the packaging to work you will have to install libsmi2-dev package. For more information see Wireshark.
NOTE: If started as root Wireshark warns about using root. But this happens in a separate dialog, which for some reason opens under the main window. This dialog prevents the main window from answering and Wireshark looks like its not answering to anything. But dig out the dialog from under Wireshark and answer to the dialogs question and everything is ok again.
Hippified wireshark binaries made out of this tutorial can be downloaded from the Infrahip site. The contrib directory contains tarballs, that contain debs for 32 bit and 64 bit environments. You have to install atleast wireshark-common and wireshark debs. For developer headers install wireshar-dev.
All of these manuals/tutorials are provided as is. They worked for me and that is all the help I give with them, so if I forgot something or there is a typo you can inform me but do not expect me to solve your problems :) Oh and almost forgot, use them at your own risk.