1 NOTE: this document applies to the Wireshark source releases and
2 buildbot source tarballs. It does not apply to source code checked
3 out directly from Subversion, as files such as the configuration
4 script are not checked into Subversion, but need to be generated
5 from the autoconf and automake files.
6 See http://wiki.wireshark.org/Development if you would like to build
7 the source code checked out directly from Subversion.
12 These are installation instructions for Unix and Unix-like systems
13 that can run the "configure" script in this same directory. These
14 are not the installation instructions for Windows systems; see
15 README.windows for those instructions.
17 0. This is software. Beware.
19 1. If you wish to build Wireshark, make sure you have GTK+ and GLib
20 installed. Try running 'pkg-config glib-2.0 --modversion' to see if
21 you have GLib 2.x installed and, if that fails, try running
22 'glib-config --version' to see if you have GLib 1.2[.x] installed.
23 Then try running 'pkg-config gtk+-2.0 --modversion' to see if you
24 have GTK+ 2.x installed and, if that fails, try running
25 'gtk-config --version' to see if you have GTK+ 1.2[.x] installed.
26 Wireshark needs versions 1.2.0 or above of both these packages.
27 If you need to install or re-install GTK+ or GLIB, you can find
32 If you installed GTK+ from a binary package, you may have to
33 install a "development" package; there may be separate "user's"
34 and "developer's" packages, with the former not including
35 header files and the like. For example, Red Hat users will
36 need to install a "gtk-devel" .rpm.
38 Note also that Wireshark configuration defaults to using GTK+ and
39 GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
42 Please also note that GTK+ 1.2[.x] is only supported up to
43 Wireshark 1.0.x. From Wireshark 1.1.x onwards only GTK+ 2.x
46 2. If you wish to build TShark, the line-mode version of Wireshark,
47 make sure you have GLIB installed. See note #1 above for instructions
48 on checking if you have GLIB installed. You can download GLIB from
51 3. If you want to capture packets, make sure you have libpcap
52 installed. The latest "official" version can be found at
54 http://www.tcpdump.org .
56 If you've downloaded the 0.5.2 version, make sure you install
57 the headers ('make install-incl') when you install the library.
58 The CVS snapshots will install the headers if you do 'make
59 install', and have no 'install-incl' target.
61 If you installed libpcap from a binary package, you may have to
62 install a "development" package; for example, there's
63 apparently a "libpcap0" Debian package, but it just includes a
64 shared library, a copyright notice, changelog files, and a
65 README file - you also need to install a "libpcap-dev" package
66 to get header files, a non-shared library, and the man page.
67 Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
68 .rpm to go along with the "libpcap" .rpm.
70 4. Building Wireshark requires Perl (specifically the pod2man program)
71 so that the documentation can be built.
73 5. Run './configure' in the Wireshark distribution directory.
74 Running './configure --help' displays a complete list of options.
75 The file 'INSTALL.configure' contains general instructions for
76 using 'configure' and 'make'. Some of the Wireshark non-generic
77 configure options are as follows:
80 Wireshark installs a support file (manuf) in ${PREFIX}/etc by
81 default, where ${PREFIX} comes from --prefix=DIR. If you do not
82 specify any --prefix option, ${PREFIX} is "/usr/local".
83 You can change the location of the manuf file with the --sysconfdir
87 By default 'configure' will look in /usr/local/{include,lib} for
88 additional header files and libraries. Using this switch keeps
89 'configure' from looking there
92 By default, if 'configure' finds the GTK+ libraries, the Makefile
93 builds Wireshark, the GUI packet analyzer. You can disable the
94 build of the GUI version of Wireshark with this switch.
97 Build Glib/Gtk+ 1.2[.x]-based wireshark.
98 Note: not supported from Wireshark 1.1.x onwards
101 By default the line-mode packet analyzer, TShark, is built.
102 Use this switch to avoid building it.
105 By default the capture-file editing program is built.
106 Use this switch to avoid building it.
109 By default the capture-file statistics reporting pogram
110 is built. Use this switch to avoid building it.
113 By default the capture-file merging program is built.
114 Use this switch to avoid building it.
117 By default the hex-dump-to-capture file conversion program
118 is built. Use this switch to avoid building it.
121 By default the display-filter-compiler test program is built.
122 Use this switch to avoid building it.
125 By default the program which creates random packet-capture files
126 is built. Use this switch to avoid building it.
129 By default the network traffic capture program is built.
130 Use this switch to avoid building it.
133 By default the capture-file reordering program is built.
134 Use this switch to avoid building it.
137 By default the program used to dump and analyze raw libpcap data
138 is built. Use this switch to avoid building it.
141 If 'configure' finds support for IPv6 name resolution on
142 your system, the packet analyzers will make use of it.
143 To avoid using IPv6 name resolution if you have the support for it,
146 --enable-setuid-install
147 Wireshark and TShark rely on dumpcap for packet capture. Setting this
148 flag installs dumpcap with setuid root permissions, which lets any user
149 on the system capture live traffic. If this is not desired, you can
150 restrict dumpcap's permissions so that only a single user or group can
151 run it. This can be used in conjunction with --with-libcap described
154 Running Wireshark or TShark as root is not recommended.
157 By default, if 'configure' finds libcap (the POSIX capabilities
158 library) dumpcap will be built so that if it is installed setuid
159 root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
160 before dropping root privileges. Use this option to disable this
164 Use this option to tell 'configure' where libcap is installed,
165 if it is installed in a non-standard location. Note that libcap
166 (the POSIX capabilities library, sans "p") and libpcap (the
167 packet capture library, avec "p") are two very different things.
170 If you choose to build a packet analyzer that can analyze
171 capture files but cannot capture packets on its own, but you
172 *do* have libpcap installed, or if you are trying to build
173 Wireshark on a system that doesn't have libpcap installed (in
174 which case you have no choice but to build a version that can
175 analyze capture files but cannot capture packets on its own),
176 use --without-pcap to avoid using libpcap.
179 Use this to tell Wireshark where you have libpcap installed, if
180 it is installed in a non-standard location.
183 By default, if 'configure' finds zlib (a.k.a, libz), the
184 wiretap library will be built so that it can read compressed
185 capture files. If you have zlib but do not wish to build
186 it into the wiretap library, used by Wireshark, TShark, and
187 the capture-file utilities that come in this package, use
191 Use this to tell Wireshark where you have zlib installed, if it
192 is installed in a non-standard location.
195 By default, if your system can support run-time loadable modules,
196 the packet analyzers are build with support for plugins.
197 Use this switch to build packet analyzers without plugin support.
200 By default, plugins are installed in
201 ${LIBDIR}/wireshark/plugins/${VERSION}
203 ${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
204 ${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
205 ${VERSION} is the Wireshark version.
207 Use this switch to change the location where plugins
210 6. After running './configure', you will see a summary of some
211 of the options you chose. Ensure that the summary reflects
212 what you want. If it doesn't, re-run './configure' with new options.
214 7. Run 'make'. Hopefully, you won't run into any problems.
216 8. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
217 working. You must have root privileges in order to capture live data.
219 9. Run 'make install'. If you're running a system that supports
220 the Apt, RPM, OSX, or System V Release 4 packaging systems, you can
223 make debian-package # Builds a binary package using dpkg
224 make rpm-package # Builds a binary package using rpm
225 make srpm-package # Builds a source package using rpm
226 make svr4-package # Builds a binary package using pkgmk
227 make solaris-package # Same as "make svr4-package"
228 make osx-package # Builds a binary package for OSX
230 to make an installable package for your system.
232 If you have trouble with the build or installation process, you can
233 find assistance on the wireshark-users and wireshark-dev mailing lists.
234 See http://www.wireshark.org/lists/ for details.