+NOTE: this document applies to the Wireshark source releases and
+buildbot source tarballs. It does not apply to source code checked out
+directly from Git, as files such as the configuration script are not
+checked into Git, but need to be generated from the autoconf and
+automake files.
+
+See http://wiki.wireshark.org/Development if you would like to build the
+source code checked out directly from Git.
+
Installation
============
These are installation instructions for Unix and Unix-like systems
that can run the "configure" script in this same directory. These
are not the installation instructions for Windows systems; see
-README.win32 for those instructions.
+README.windows for those instructions.
-0. This is alpha software. Beware.
+0. This is software. Beware.
-1. If you wish to build Ethereal, make sure you have GTK+ and GLIB
- installed. Try running 'gtk-config --version' and
- 'glib-config --version' to see if you have them installed.
- Ethereal needs versions 1.2.0 or above of both these packages.
- If you need to install or re-install GTK+ or GLIB, you can find
- the packages at:
+1. If you wish to build Wireshark, make sure you have GTK+ and GLib
+ installed. Try running 'pkg-config glib-2.0 --modversion' to see if
+ you have GLib 2.x installed and, if that fails, try running
+ 'glib-config --version' to see if you have GLib 1.2[.x] installed.
+ Then try running 'pkg-config gtk+-2.0 --modversion' to see if you
+ have GTK+ 2.x installed and, if that fails, try running
+ 'gtk-config --version' to see if you have GTK+ 1.2[.x] installed.
+ Wireshark needs versions 1.2.0 or above of both these packages.
+ If you need to install or re-install GTK+ or GLIB, you can find
+ the packages at:
http://www.gtk.org
- If you installed GTK+ from a binary package, you may have to
- install a "development" package; there may be separate "user's"
- and "developer's" packages, with the former not including
- header files and the like. For example, Red Hat users will
- need to install a "gtk-devel" .rpm.
+ If you installed GTK+ from a binary package, you may have to
+ install a "development" package; there may be separate "user's"
+ and "developer's" packages, with the former not including
+ header files and the like. For example, Red Hat users will
+ need to install a "gtk-devel" .rpm.
+
+ Note also that Wireshark configuration defaults to using GTK+ and
+ GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
+ 1.2[.x].
-2. If you wish to build Tethereal, the line-mode version of Ethereal,
- make sure you have GLIB installed. See note #1 above for instructions
- on checking if you have GLIB installed. You can download GLIB from
- the same site as GTK.
+ Please also note that GTK+ 1.2[.x] is only supported up to
+ Wireshark 1.0.x. From Wireshark 1.1.x onwards only GTK+ 2.x
+ is supported.
+
+2. If you wish to build TShark, the line-mode version of Wireshark,
+ make sure you have GLIB installed. See note #1 above for instructions
+ on checking if you have GLIB installed. You can download GLIB from
+ the same site as GTK.
3. If you want to capture packets, make sure you have libpcap
- installed. The latest "official" version can be found at
-
- http://www.tcpdump.org .
-
- If you've downloaded the 0.5.2 version, make sure you install
- the headers ('make install-incl') when you install the library.
- The CVS snapshots will install the headers if you do 'make
- install', and have no 'install-incl' target.
-
- If you installed libpcap from a binary package, you may have to
- install a "development" package; for example, there's
- apparently a "libpcap0" Debian package, but it just includes a
- shared library, a copyright notice, changelog files, and a
- README file - you also need to install a "libpcap-dev" package
- to get header files, a non-shared library, and the man page.
- Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
- .rpm to go along with the "libpcap" .rpm.
-
-4. Run './configure' in the Ethereal distribution directory.
- Running './configure --help' displays a list of options.
- The file 'INSTALL.configure' contains general instructions for
- using 'configure' and 'make'. Ethereal has some
- non-generic configure options:
+ installed. The latest "official" version can be found at
+
+ http://www.tcpdump.org .
+
+ If you've downloaded the 0.5.2 version, make sure you install
+ the headers ('make install-incl') when you install the library.
+ The CVS snapshots will install the headers if you do 'make
+ install', and have no 'install-incl' target.
+
+ If you installed libpcap from a binary package, you may have to
+ install a "development" package; for example, there's
+ apparently a "libpcap0" Debian package, but it just includes a
+ shared library, a copyright notice, changelog files, and a
+ README file - you also need to install a "libpcap-dev" package
+ to get header files, a non-shared library, and the man page.
+ Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
+ .rpm to go along with the "libpcap" .rpm.
+
+4. Building Wireshark requires Perl (specifically the pod2man program)
+ so that the documentation can be built.
+
+5. Run './configure' in the Wireshark distribution directory.
+ Running './configure --help' displays a complete list of options.
+ The file 'INSTALL.configure' contains general instructions for
+ using 'configure' and 'make'. Some of the Wireshark non-generic
+ configure options are as follows:
--sysconfdir=DIR
- Ethereal installs a support file (manuf) in ${PREFIX}/etc by
+ Wireshark installs a support file (manuf) in ${PREFIX}/etc by
default, where ${PREFIX} comes from --prefix=DIR. If you do not
specify any --prefix option, ${PREFIX} is "/usr/local".
You can change the location of the manuf file with the --sysconfdir
additional header files and libraries. Using this switch keeps
'configure' from looking there
- --disable-ethereal
+ --disable-wireshark
By default, if 'configure' finds the GTK+ libraries, the Makefile
- build Ethereal, the GUI packet analyzer. You can disable the
- build of the GUI version of Ethereal with this switch.
+ builds Wireshark, the GUI packet analyzer. You can disable the
+ build of the GUI version of Wireshark with this switch.
- --disable-tethereal
- By default the line-mode packet analyzer, Tethereal, is built.
+ --disable-gtk2
+ Build Glib/Gtk+ 1.2[.x]-based wireshark.
+ Note: not supported from Wireshark 1.1.x onwards
+
+ --disable-tshark
+ By default the line-mode packet analyzer, TShark, is built.
Use this switch to avoid building it.
--disable-editcap
By default the capture-file editing program is built.
Use this switch to avoid building it.
+ --disable-capinfos
+ By default the capture-file statistics reporting pogram
+ is built. Use this switch to avoid building it.
+
--disable-mergecap
By default the capture-file merging program is built.
Use this switch to avoid building it.
By default the hex-dump-to-capture file conversion program
is built. Use this switch to avoid building it.
- --disable-idl2eth
- By default the IDL-to-ethereal-dissector-source-code converter
- is built. Use this switch to avoid building it.
-
- --enable-dftest
- By default the display-filter-compiler test program is not built.
- Use this switch to build it.
+ --disable-dftest
+ By default the display-filter-compiler test program is built.
+ Use this switch to avoid building it.
- --enable-randpkt
+ --disable-randpkt
By default the program which creates random packet-capture files
- is not built. Use this switch to build it.
+ is built. Use this switch to avoid building it.
- --without-pcap
- If you chose to build a packet analyzer that can analyze
- capture files but cannot capture packets on its own, but you
- *do* have libpcap installed, use --without-pcap to avoid
- using libpcap.
+ --disable-dumpcap
+ By default the network traffic capture program is built.
+ Use this switch to avoid building it.
- --with-pcap=DIR
- Use this tell Ethereal where you have libpcap installed, if in a
- non-standard location.
+ --disable-reordercap
+ By default the capture-file reordering program is built.
+ Use this switch to avoid building it.
- --disable-zlib
- By default, if 'configure' finds zlib (a.k.a, libz), the
- wiretap library will be built so that it can read compressed
- capture files. If you have zlib but do not wish to build
- it into the wiretap library, used by Ethereal, Tethereal, and
- the capture-file utilities that come in this package, use
- this switch.
+ --disable-rawshark
+ By default the program used to dump and analyze raw libpcap data
+ is built. Use this switch to avoid building it.
--disable-ipv6
If 'configure' finds support for IPv6 name resolution on
use this switch.
--enable-setuid-install
- Use this switch to install the packet analyzers as setuid.
- Installating Ethereal and Tethereal as setuid 'root' is
- dangerous. Repeat: IT'S DANGEROUS. Don't do it.
+ Wireshark and TShark rely on dumpcap for packet capture. Setting this
+ flag installs dumpcap with setuid root permissions, which lets any user
+ on the system capture live traffic. If this is not desired, you can
+ restrict dumpcap's permissions so that only a single user or group can
+ run it. This can be used in conjunction with --with-libcap described
+ below.
+
+ Running Wireshark or TShark as root is not recommended.
+
+ --without-libcap
+ By default, if 'configure' finds libcap (the POSIX capabilities
+ library) dumpcap will be built so that if it is installed setuid
+ root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
+ before dropping root privileges. Use this option to disable this
+ behavior.
+
+ --with-libcap=DIR
+ Use this option to tell 'configure' where libcap is installed,
+ if it is installed in a non-standard location. Note that libcap
+ (the POSIX capabilities library, sans "p") and libpcap (the
+ packet capture library, avec "p") are two very different things.
- --with-ssl=DIR
- If your SNMP library needs the SSL library, and your
- SSL library is installed in a non-standard location,
- you can specify where your SSL library is with this switch.
+ --without-pcap
+ If you choose to build a packet analyzer that can analyze
+ capture files but cannot capture packets on its own, but you
+ *do* have libpcap installed, or if you are trying to build
+ Wireshark on a system that doesn't have libpcap installed (in
+ which case you have no choice but to build a version that can
+ analyze capture files but cannot capture packets on its own),
+ use --without-pcap to avoid using libpcap.
+
+ --with-pcap=DIR
+ Use this to tell Wireshark where you have libpcap installed, if
+ it is installed in a non-standard location.
- --disable-snmp
- If 'configure' finds a supported version of the UCD SNMP library
- on your system, the SNMP dissector will be enhanced to use
- routines from that SNMP library. Use this switch to avoid
- using the UCD SNMP library even if you have it installed.
+ --without-zlib
+ By default, if 'configure' finds zlib (a.k.a, libz), the
+ wiretap library will be built so that it can read compressed
+ capture files. If you have zlib but do not wish to build
+ it into the wiretap library, used by Wireshark, TShark, and
+ the capture-file utilities that come in this package, use
+ this switch.
- --with-ucdsnmp=DIR
- Tell the 'configure' script where your UCD SNMP library
- is located, if not in a standard location.
+ --with-zlib=DIR
+ Use this to tell Wireshark where you have zlib installed, if it
+ is installed in a non-standard location.
--without-plugins
By default, if your system can support run-time loadable modules,
the packet analyzers are build with support for plugins.
- Use this switcht to build packet analyzers without plugin support.
+ Use this switch to build packet analyzers without plugin support.
--with-plugins=DIR
By default, plugins are installed in
- ${LIBDIR}/ethereal/plugins/${VERSION}
+ ${LIBDIR}/wireshark/plugins/${VERSION}
${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
- ${VERSION} is the Etherael version.
+ ${VERSION} is the Wireshark version.
Use this switch to change the location where plugins
are installed.
-5. After running './configure', you will see a summary of some
- of the options you chose. Ensure that the summary reflects
- what you want. If it doesn't, re-run './configure' with new options.
+6. After running './configure', you will see a summary of some
+ of the options you chose. Ensure that the summary reflects
+ what you want. If it doesn't, re-run './configure' with new options.
-6. Run 'make'. Hopefully, you won't run into any problems.
+7. Run 'make'. Hopefully, you won't run into any problems.
-7. Run './ethereal' or './tethereal', and make sure things are working.
- You must have root privileges in order to capture live data.
+8. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
+ working. You must have root privileges in order to capture live data.
-8. Run 'make install'. If you wish to install the man page, run
- 'make install-man'. If you're running a system that supports
- the Apt, RPM, or System V Release 4 packaging systems, you can
- run one of
+9./a. Run 'make install'. If you're running a system that supports
+ the RPM, OSX, or System V Release 4 packaging systems, you can
+ run one of
- make debian-package # Builds a binary package using dpkg
- make rpm-package # Builds a binary package using rpm
- make srpm-package # Builds a source package using rpm
- make svr4-package # Builds a source package using pkgmk
- make solaris-package # Same as "make svr4-package"
+ make rpm-package # Builds a binary package using rpm
+ make srpm-package # Builds a source package using rpm
+ make svr4-package # Builds a binary package using pkgmk
+ make solaris-package # Same as "make svr4-package"
+ make osx-package # Builds a binary package for OSX
- to make an installable package for your system.
+ to make an installable package for your system.
-If you have trouble with the build or installation process, you can
-find assistance on the ethereal-users and ethereal-dev mailing lists.
-See http://www.ethereal.com/lists/ for details.
+9/b. If you 're running a system that supports APT (Debian/Ubuntu/etc.)
+ run
+
+ dpkg-buildpackage -us -uc -rfakeroot
+
+ in the source directory right after extracting of checking out
+ Wireshark's source code. (You don't have to run configure/make/etc.
+ prior to running dpkg-buildpackage)
+
+If you have trouble with the build or installation process, you can
+find assistance on the wireshark-users and wireshark-dev mailing lists.
+See http://www.wireshark.org/lists/ for details.