3 NOTE: this document applies to the Wireshark source releases and
4 buildbot source tarballs. It does not apply to source code checked
5 out directly from Subversion, as files such as the configuration
6 script are not checked into Subversion, but need to be generated
7 from the autoconf and automake files.
8 See http://wiki.wireshark.org/Development if you would like to build
9 the source code checked out directly from Subversion.
14 These are installation instructions for Unix and Unix-like systems
15 that can run the "configure" script in this same directory. These
16 are not the installation instructions for Windows systems; see
17 README.win32 for those instructions.
19 0. This is beta software. Beware.
21 1. If you wish to build Wireshark, make sure you have GTK+ and GLib
22 installed. Try running 'pkg-config glib-2.0 --modversion' to see if
23 you have GLib 2.x installed and, if that fails, try running
24 'glib-config --version' to see if you have GLib 1.2[.x] installed.
25 Then try running 'pkg-config gtk+-2.0 --modversion' to see if you
26 have GTK+ 2.x installed and, if that fails, try running
27 'gtk-config --version' to see if you have GTK+ 1.2[.x] installed.
28 Wireshark needs versions 1.2.0 or above of both these packages.
29 If you need to install or re-install GTK+ or GLIB, you can find
34 If you installed GTK+ from a binary package, you may have to
35 install a "development" package; there may be separate "user's"
36 and "developer's" packages, with the former not including
37 header files and the like. For example, Red Hat users will
38 need to install a "gtk-devel" .rpm.
40 Note also that Wireshark configuration defaults to using GTK+ and
41 GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
44 2. If you wish to build TShark, the line-mode version of Wireshark,
45 make sure you have GLIB installed. See note #1 above for instructions
46 on checking if you have GLIB installed. You can download GLIB from
49 3. If you want to capture packets, make sure you have libpcap
50 installed. The latest "official" version can be found at
52 http://www.tcpdump.org .
54 If you've downloaded the 0.5.2 version, make sure you install
55 the headers ('make install-incl') when you install the library.
56 The CVS snapshots will install the headers if you do 'make
57 install', and have no 'install-incl' target.
59 If you installed libpcap from a binary package, you may have to
60 install a "development" package; for example, there's
61 apparently a "libpcap0" Debian package, but it just includes a
62 shared library, a copyright notice, changelog files, and a
63 README file - you also need to install a "libpcap-dev" package
64 to get header files, a non-shared library, and the man page.
65 Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
66 .rpm to go along with the "libpcap" .rpm.
68 4. Run './configure' in the Wireshark distribution directory.
69 Running './configure --help' displays a complete list of options.
70 The file 'INSTALL.configure' contains general instructions for
71 using 'configure' and 'make'. Some of the Wireshark non-generic
72 configure options are as follows:
75 Wireshark installs a support file (manuf) in ${PREFIX}/etc by
76 default, where ${PREFIX} comes from --prefix=DIR. If you do not
77 specify any --prefix option, ${PREFIX} is "/usr/local".
78 You can change the location of the manuf file with the --sysconfdir
82 By default 'configure' will look in /usr/local/{include,lib} for
83 additional header files and libraries. Using this switch keeps
84 'configure' from looking there
87 By default, if 'configure' finds the GTK+ libraries, the Makefile
88 build Wireshark, the GUI packet analyzer. You can disable the
89 build of the GUI version of Wireshark with this switch.
92 Build Glib/Gtk+ 1.2[.x]-based wireshark.
95 By default the line-mode packet analyzer, TShark, is built.
96 Use this switch to avoid building it.
99 By default the capture-file editing program is built.
100 Use this switch to avoid building it.
103 By default the capture-file statistics reporting pogram
104 is built. Use this switch to avoid building it.
107 By default the capture-file merging program is built.
108 Use this switch to avoid building it.
111 By default the hex-dump-to-capture file conversion program
112 is built. Use this switch to avoid building it.
115 By default the IDL-to-wireshark-dissector-source-code converter
116 is built. Use this switch to avoid building it.
119 By default the display-filter-compiler test program is built.
120 Use this switch to avoid building it.
123 By default the program which creates random packet-capture files
124 is built. Use this switch to avoid building it.
127 By default the network traffic capture program is built.
128 Use this switch to avoid building it.
131 By default the program used to dump and analyze raw libpcap data
132 is built. Use this switch to avoid building it.
135 If 'configure' finds support for IPv6 name resolution on
136 your system, the packet analyzers will make use of it.
137 To avoid using IPv6 name resolution if you have the support for it,
140 --enable-setuid-install
141 Wireshark and TShark rely on dumpcap for packet capture. Setting this
142 flag installs dumpcap with setuid root permissions, which lets any user
143 on the system capture live traffic. If this is not desired, you can
144 restrict dumpcap's permissions so that only a single user or group can
147 Running Wireshark or TShark as root is not recommended.
150 If you choose to build a packet analyzer that can analyze
151 capture files but cannot capture packets on its own, but you
152 *do* have libpcap installed, or if you are trying to build
153 Wireshark on a system that doesn't have libpcap installed (in
154 which case you have no choice but to build a version that can
155 analyze capture files but cannot capture packets on its own),
156 use --without-pcap to avoid using libpcap.
159 Use this to tell Wireshark where you have libpcap installed, if
160 it is installed in a non-standard location.
163 By default, if 'configure' finds zlib (a.k.a, libz), the
164 wiretap library will be built so that it can read compressed
165 capture files. If you have zlib but do not wish to build
166 it into the wiretap library, used by Wireshark, TShark, and
167 the capture-file utilities that come in this package, use
171 Use this to tell Wireshark where you have zlib installed, if it
172 is installed in a non-standard location.
175 By default, if your system can support run-time loadable modules,
176 the packet analyzers are build with support for plugins.
177 Use this switch to build packet analyzers without plugin support.
180 By default, plugins are installed in
181 ${LIBDIR}/wireshark/plugins/${VERSION}
183 ${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
184 ${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
185 ${VERSION} is the Etherael version.
187 Use this switch to change the location where plugins
190 5. After running './configure', you will see a summary of some
191 of the options you chose. Ensure that the summary reflects
192 what you want. If it doesn't, re-run './configure' with new options.
194 6. Run 'make'. Hopefully, you won't run into any problems.
196 7. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
197 working. You must have root privileges in order to capture live data.
199 8. Run 'make install'. If you're running a system that supports
200 the Apt, RPM, or System V Release 4 packaging systems, you can
203 make debian-package # Builds a binary package using dpkg
204 make rpm-package # Builds a binary package using rpm
205 make srpm-package # Builds a source package using rpm
206 make svr4-package # Builds a source package using pkgmk
207 make solaris-package # Same as "make svr4-package"
209 to make an installable package for your system.
211 If you have trouble with the build or installation process, you can
212 find assistance on the wireshark-users and wireshark-dev mailing lists.
213 See http://www.wireshark.org/lists/ for details.