Wireshark-dev: Re: [Wireshark-dev] Wireshark Portable, running it from USB devices

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Wed, 07 Mar 2007 22:11:57 +0100
John T. Haller wrote:
Hello all,

My name is John T. Haller and I'm the lead developer behind PortableApps.com. We've repackaged many popular programs like OpenOffice.org, Firefox, Thunderbird, PuTTY and more to be entirely portable and run from an USB device you'd like (flash drive, iPod, portable hard drive, etc). There have been a few people asking for a portable version of Wireshark to use in this setting.
I noticed you'd posted a package for the proprietary/closed U3 platform. 
  The goal of PortableApps.com is to be compatible with all drives, not 
to lock people into drives from one manufacturer.  This is born out by 
the download numbers as the portable apps see about 10x the downloads of 
the  U3 apps.
So, I was wondering if you'd consider working on a portable solution in 
addition to (or instead of) the package for the niche U3 platform.  I'd 
be happy to assist and contribute code to that end, of course.  And, it 
would be easier for all the Wireshark developers and users to test since 
you can run it from any existing hardware you have (or even from your 
local hard drive).
  
Hi John!

In fact I'm using some PortableApps already, so yes, I know your page - very nice work!
I would personally welcome a "PortableWireshark" version, and would be 
willing to spend some effort for it (unfortunately, currently my time is 
pretty limited).
BTW: We will probably not drop U3 support, unless there's a very good 
reason for it :-)
BTW(2): The main U3 advantage I still see is the way it's closing 
applications - which might be added easily to PortableApps as well.


There are the two tasks to make Wireshark a full "Portable App":


1)
make Wireshark itself "portable" - shouldn't be too difficult as Wireshark is cleanly programmed in this regard
The current U3 code leads to the places to look at. It's about finding 
some directories, e.g. where to find/save the users settings (usually at 
"c:\Documents and Settings\<username>\Application Data\Wireshark" or the 
corresponding international path). You might already have some solutions 
for this, as I guess this is a common problem for all portable apps.
Some background info:
- the Wireshark installer is already NSIS based
- Wireshark itself won't write to the registry (the installer will only write to the registry for file extension association which can be easily ommited)
- WS should be able to run with "ordinary" user privileges

=> Making Wireshark a ProtableApp shouldn't be too difficult.



2)
make WinPcap "portable" - I don't know a good way for this (might become pretty difficult)
WinPcap is the driver to capture live network data (for Wireshark and a 
lot of similiar tools). It seems that WinPcap must be installed in 
c:\winnt\system32 to work properly - at least I don't know a better way 
than this :-(
Unfortunatly, while WinPcap itself is open source, the WinPcap installer 
is closed source, so there's no easy way to get an idea how to do it 
from sample code.
This is how the U3 package handles this when the stick is plugged in:
- detect if WinPcap is already installed on the system
- if not, call the WinPcap setup.exe and install it on the system
- when the stick is going to be unplugged and WinPcap was installed by the U3 package, ask the user if he wants to uninstall WinPcap
=> This obviously isn't nice, but we don't know a better way. In 
addition, you'll need Administrative privileges to 
install/start/uninstall winPcap :-(

Wireshark will run without WinPcap, e.g to show previously captured data, but WinPcap is needed to capture any live network data.

-----------------------------

So what I would like to know for a start:

- how to distinguish if WS is running as a PA(U3 uses an environment setting)? Or is this done through a command line switch or such? - we'll need an "Application Data/Wireshark" directory somewhere on the stick - is there a "portable app recommendation" for this? - where do we get one of those fancy splash screens for Wireshark from? Might be derived from the current splash screen picture ;-)

Regards, ULFL

P.S.: Well, the page http://portableapps.com/development is a bit short ;-) If it would be more comprehensive, I might have started this task already a lot earlier ...