1 NOTE: this document applies to the Wireshark source releases and
2 buildbot source tarballs. It does not apply to source code checked out
3 directly from Git, as files such as the configuration script are not
4 checked into Git, but need to be generated from the autoconf and
7 See https://wiki.wireshark.org/Development if you would like to build the
8 source code checked out directly from Git.
13 These are installation instructions for Unix and Unix-like systems
14 that can run the "configure" script in this same directory. These
15 are not the installation instructions for Windows systems; see
16 README.windows for those instructions.
18 0. This is software. Beware.
20 1. If you wish to build Wireshark, make sure you have GTK+ and GLib
21 installed. Try running 'pkg-config glib-2.0 --modversion' to see if
22 you have GLib 2.x installed. Then try running
23 'pkg-config gtk+-3.0 --modversion' to see if you
24 have GTK+ 3.x installed and, if that fails, try running
25 'pkg-config gtk+-2.0 --modversion' to see if you have GTK+ 2.x installed.
26 Wireshark needs version 3.0.0 or above of gtk+-3.0 or 2.12.0 or above of
27 gtk+-2.0 and version 2.16.0 or above of glib-2.0. If you need to install
28 or re-install GTK+ or GLIB, you can find the packages at:
32 If you installed GTK+ from a binary package, you may have to
33 install a "development" package; there may be separate "user's"
34 and "developer's" packages, with the former not including
35 header files and the like. For example, Red Hat users will
36 need to install a "gtk-devel" .rpm.
38 Note also that Wireshark configuration defaults to using GTK+ 3.x;
39 you need to configure with --disable-gtk3 to use GTK+ 2.x.
41 2. If you wish to build TShark, the line-mode version of Wireshark,
42 make sure you have GLIB installed. See note #1 above for instructions
43 on checking if you have GLIB installed. You can download GLIB from
46 3. If you want to capture packets, make sure you have libpcap
47 installed. The latest "official" version can be found at
49 http://www.tcpdump.org .
51 If you installed libpcap from a binary package, you may have to
52 install a "development" package; for example, there's
53 apparently a "libpcap0" Debian package, but it just includes a
54 shared library, a copyright notice, changelog files, and a
55 README.md file - you also need to install a "libpcap-dev" package
56 to get header files, a non-shared library, and the man page.
57 Similarly, Red Hat users will need to install a "libpcap-devel"
58 .rpm to go along with the "libpcap" .rpm.
60 4. Building Wireshark requires Perl (specifically the pod2man program)
61 so that the documentation can be built.
63 5. Building Wireshark requires Python.
65 6. Run './configure' in the Wireshark distribution directory.
66 Running './configure --help' displays a complete list of options.
67 The file 'INSTALL.configure' contains general instructions for
68 using 'configure' and 'make'. Some of the Wireshark non-generic
69 configure options are as follows:
72 By default 'configure' will look in /usr/local/{include,lib} for
73 additional header files and libraries. Using this switch keeps
74 'configure' from looking there
77 By default 'configure' tries to find the GTK+ libraries so Wireshark,
78 the GUI packet analyzer, can be built. You can disable the build of
79 the GUI version of Wireshark with this switch.
82 Don't try to build a Gtk+ 3.x-based Wireshark. If given in
83 conjunction with --disable-gtk2 then the Gtk+ GUI is disabled (and
84 only the Qt GUI is built).
87 Don't try to build a Gtk+ 2.x-based Wireshark. If given in
88 conjunction with --disable-gtk3 then the Gtk+ GUI is disabled (and
89 only the Qt GUI is built).
92 Don't try to build a Qt-based Wireshark.
95 By default the line-mode packet analyzer, TShark, is built.
96 Use this switch to avoid building it.
99 By default the capture-file editing program is built.
100 Use this switch to avoid building it.
103 By default the capture-file statistics reporting pogram
104 is built. Use this switch to avoid building it.
107 By default the capture-type reporting pogram is built. Use this
108 switch to avoid building it.
111 By default the capture-file merging program is built.
112 Use this switch to avoid building it.
115 By default the capture-file reordering program is built.
116 Use this switch to avoid building it.
119 By default the hex-dump-to-capture file conversion program
120 is built. Use this switch to avoid building it.
123 By default the display-filter-compiler test program is built.
124 Use this switch to avoid building it.
127 By default the program which creates random packet-capture files
128 is built. Use this switch to avoid building it.
131 By default the network traffic capture program is built.
132 Use this switch to avoid building it.
135 By default the program used to dump and analyze raw libpcap data
136 is built. Use this switch to avoid building it.
139 If 'configure' finds support for IPv6 name resolution on
140 your system, the packet analyzers will make use of it.
141 To avoid using IPv6 name resolution if you have the support for it,
144 --enable-setuid-install
145 Wireshark and TShark rely on dumpcap for packet capture. Setting this
146 flag installs dumpcap with setuid root permissions, which lets any user
147 on the system capture live traffic. If this is not desired, you can
148 restrict dumpcap's permissions so that only a single user or group can
149 run it. This can be used in conjunction with --with-libcap described
152 Running Wireshark or TShark as root is not recommended.
155 By default, if 'configure' finds libcap (the POSIX capabilities
156 library) dumpcap will be built so that if it is installed setuid
157 root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
158 before dropping root privileges. Use this option to disable this
162 Use this option to tell 'configure' where libcap is installed,
163 if it is installed in a non-standard location. Note that libcap
164 (the POSIX capabilities library, sans "p") and libpcap (the
165 packet capture library, avec "p") are two very different things.
168 If you choose to build a packet analyzer that can analyze
169 capture files but cannot capture packets on its own, but you
170 *do* have libpcap installed, or if you are trying to build
171 Wireshark on a system that doesn't have libpcap installed (in
172 which case you have no choice but to build a version that can
173 analyze capture files but cannot capture packets on its own),
174 use --without-pcap to avoid using libpcap.
177 Use this to tell Wireshark where you have libpcap installed, if
178 it is installed in a non-standard location.
181 By default, if 'configure' finds zlib (a.k.a, libz), the
182 wiretap library will be built so that it can read compressed
183 capture files. If you have zlib but do not wish to build
184 it into the wiretap library, used by Wireshark, TShark, and
185 the capture-file utilities that come in this package, use
189 Use this to tell Wireshark where you have zlib installed, if it
190 is installed in a non-standard location.
193 By default, if your system can support run-time loadable modules,
194 the packet analyzers are build with support for plugins.
195 Use this switch to build packet analyzers without plugin support.
198 By default, plugins are installed in
199 ${LIBDIR}/wireshark/plugins/${VERSION}
201 ${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
202 ${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
203 ${VERSION} is the Wireshark version.
205 Use this switch to change the location where plugins
208 7. After running './configure', you will see a summary of some
209 of the options you chose. Ensure that the summary reflects
210 what you want. If it doesn't, re-run './configure' with new options.
212 8. Run 'make'. Hopefully, you won't run into any problems.
214 9. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
215 working. You must have root privileges in order to capture live data.
217 10./a. Run 'make install'. If you're running a system that supports
218 the RPM, OSX, or System V Release 4 packaging systems, you can
221 make rpm-package # Builds a binary package using rpm
222 make svr4-package # Builds a binary package using pkgmk
223 make solaris-package # Same as "make svr4-package"
224 make osx-package # Builds a binary package for OSX
226 to make an installable package for your system.
228 10/b. If you 're running a system that supports APT (Debian/Ubuntu/etc.)
231 dpkg-buildpackage -us -uc -rfakeroot
233 in the source directory right after extracting of checking out
234 Wireshark's source code. (You don't have to run configure/make/etc.
235 prior to running dpkg-buildpackage)
238 If you have trouble with the build or installation process, you can
239 find assistance on the wireshark-users and wireshark-dev mailing lists (see
240 http://www.wireshark.org/lists/ for details) or the Wireshark Q&A site:
241 https://ask.wireshark.org .