Portable Ethereal - How To
Many applications have portable versions now (Firefox, Open Office, GAIM, The Gimp, VLC, uTorrent, Abiword, Opera, etc...). I wanted to create a portable version of Ethereal. I think it could be useful for network administrators and such. So I created one that's 99% portable. I'll explain what I mean by this later.
Onto the setup:
First, you'll need to run the installer on a PC so we can grab some files off of the install directory. Grab a win32 installer of Ethereal from here - http://www.ethereal.com/download.html and make sure you choose to install WinPcap as well (it's an option w/ the install).
Next, create the folder you'll be running Ethereal from. For the sake of this how-to I'll call it C:\PortEth.
Copy the following files from %systemroot%\system32 to C:\PortEth:
Packet.dll
pthreadVC.dll
WanPacket.dll
wpcap.dll
daemon_mgm.exe
NetMonInstaller.exe
npf_mgm.exe
rpcapd.exe
Also, copy this file from %systemroot%\system32\drivers to C:\PortEth:
npf.sys
Next copy the entire contents of the install directory C:\Ethereal and paste them in C:\PortEth. You may now uninstall Ethereal and WinPcap from the machine you were working on.
Now then, remember I said that this is only 99% portable? Here's why - in order for this to run you need to copy npf.sys to the machine on which you're going to run Ethereal. It has to be copied to %systemroot%\System32\drivers, and this will require
admin access unfortunately. I've created a batch file which automates copying this file, and launching Ethereal:
Create a new text file in C:\PortEth, open it up with notepad for editing, and paste in these lines:
if not exist "%systemroot%\system32\drivers\npf.sys" copy "npf.sys" "%systemroot%\system32\drivers"
start ethereal.exe
exit
Save this file as Ethereal.bat. What this does is check to see if npf.sys is already on the system, if not, it copies npf.sys from your working folder (C:\PortEth) to the proper place on the target machine; starts Ethereal, and closes the background command prompt window.
Voila. 99% portable Ethereal.
If anyone knows a way to run Ethereal without copying npf.sys to the target machine, please don't hesitate to let me know!
Onto the setup:
First, you'll need to run the installer on a PC so we can grab some files off of the install directory. Grab a win32 installer of Ethereal from here - http://www.ethereal.com/download.html and make sure you choose to install WinPcap as well (it's an option w/ the install).
Next, create the folder you'll be running Ethereal from. For the sake of this how-to I'll call it C:\PortEth.
Copy the following files from %systemroot%\system32 to C:\PortEth:
Packet.dll
pthreadVC.dll
WanPacket.dll
wpcap.dll
daemon_mgm.exe
NetMonInstaller.exe
npf_mgm.exe
rpcapd.exe
Also, copy this file from %systemroot%\system32\drivers to C:\PortEth:
npf.sys
Next copy the entire contents of the install directory C:\Ethereal and paste them in C:\PortEth. You may now uninstall Ethereal and WinPcap from the machine you were working on.
Now then, remember I said that this is only 99% portable? Here's why - in order for this to run you need to copy npf.sys to the machine on which you're going to run Ethereal. It has to be copied to %systemroot%\System32\drivers, and this will require
admin access unfortunately. I've created a batch file which automates copying this file, and launching Ethereal:
Create a new text file in C:\PortEth, open it up with notepad for editing, and paste in these lines:
if not exist "%systemroot%\system32\drivers\npf.sys" copy "npf.sys" "%systemroot%\system32\drivers"
start ethereal.exe
exit
Save this file as Ethereal.bat. What this does is check to see if npf.sys is already on the system, if not, it copies npf.sys from your working folder (C:\PortEth) to the proper place on the target machine; starts Ethereal, and closes the background command prompt window.
Voila. 99% portable Ethereal.
If anyone knows a way to run Ethereal without copying npf.sys to the target machine, please don't hesitate to let me know!
posted by Paul Eubanks at 6:25 AM
2 Comments:
Try searching for command line params.
It doesn't appear to have any command line parameters that let you specify the location of that npf.sys driver (which is part of WinPCap).
A modification of the Ethereal source code may be necessary in order to make it 100% portable.
Post a Comment
<< Home