NOTE: this document applies to the Wireshark source releases and
-buildbot source tarballs. It does not apply to source code checked
-out directly from Subversion, as files such as the configuration
-script are not checked into Subversion, but need to be generated
-from the autoconf and automake files.
-See http://wiki.wireshark.org/Development if you would like to build
-the source code checked out directly from Subversion.
+buildbot source tarballs. It does not apply to source code checked out
+directly from Git, as files such as the configuration script are not
+checked into Git, but need to be generated from the autoconf and
+automake files.
+
+See https://wiki.wireshark.org/Development if you would like to build the
+source code checked out directly from Git.
Installation
============
1. If you wish to build Wireshark, make sure you have GTK+ and GLib
installed. Try running 'pkg-config glib-2.0 --modversion' to see if
- you have GLib 2.x installed and, if that fails, try running
- 'glib-config --version' to see if you have GLib 1.2[.x] installed.
- Then try running 'pkg-config gtk+-2.0 --modversion' to see if you
- have GTK+ 2.x installed and, if that fails, try running
- 'gtk-config --version' to see if you have GTK+ 1.2[.x] installed.
- Wireshark needs versions 1.2.0 or above of both these packages.
- If you need to install or re-install GTK+ or GLIB, you can find
- the packages at:
+ you have GLib 2.x installed. Then try running
+ 'pkg-config gtk+-3.0 --modversion' to see if you
+ have GTK+ 3.x installed and, if that fails, try running
+ 'pkg-config gtk+-2.0 --modversion' to see if you have GTK+ 2.x installed.
+ Wireshark needs version 3.0.0 or above of gtk+-3.0 or 2.12.0 or above of
+ gtk+-2.0 and version 2.16.0 or above of glib-2.0. If you need to install
+ or re-install GTK+ or GLIB, you can find the packages at:
http://www.gtk.org
header files and the like. For example, Red Hat users will
need to install a "gtk-devel" .rpm.
- Note also that Wireshark configuration defaults to using GTK+ and
- GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
- 1.2[.x].
-
- Please also note that GTK+ 1.2[.x] is only supported up to
- Wireshark 1.0.x. From Wireshark 1.1.x onwards only GTK+ 2.x
- is supported.
+ Note also that Wireshark configuration defaults to using GTK+ 3.x;
+ you need to configure with --disable-gtk3 to use GTK+ 2.x.
2. If you wish to build TShark, the line-mode version of Wireshark,
make sure you have GLIB installed. See note #1 above for instructions
http://www.tcpdump.org .
- If you've downloaded the 0.5.2 version, make sure you install
- the headers ('make install-incl') when you install the library.
- The CVS snapshots will install the headers if you do 'make
- install', and have no 'install-incl' target.
-
If you installed libpcap from a binary package, you may have to
install a "development" package; for example, there's
apparently a "libpcap0" Debian package, but it just includes a
shared library, a copyright notice, changelog files, and a
README file - you also need to install a "libpcap-dev" package
to get header files, a non-shared library, and the man page.
- Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
+ Similarly, Red Hat users will need to install a "libpcap-devel"
.rpm to go along with the "libpcap" .rpm.
4. Building Wireshark requires Perl (specifically the pod2man program)
so that the documentation can be built.
-5. Run './configure' in the Wireshark distribution directory.
+5. Building Wireshark requires Python.
+
+6. Run './configure' in the Wireshark distribution directory.
Running './configure --help' displays a complete list of options.
The file 'INSTALL.configure' contains general instructions for
using 'configure' and 'make'. Some of the Wireshark non-generic
configure options are as follows:
- --sysconfdir=DIR
- Wireshark installs a support file (manuf) in ${PREFIX}/etc by
- default, where ${PREFIX} comes from --prefix=DIR. If you do not
- specify any --prefix option, ${PREFIX} is "/usr/local".
- You can change the location of the manuf file with the --sysconfdir
- option.
-
--disable-usr-local
By default 'configure' will look in /usr/local/{include,lib} for
additional header files and libraries. Using this switch keeps
'configure' from looking there
--disable-wireshark
- By default, if 'configure' finds the GTK+ libraries, the Makefile
- builds Wireshark, the GUI packet analyzer. You can disable the
- build of the GUI version of Wireshark with this switch.
+ By default 'configure' tries to find the GTK+ libraries so Wireshark,
+ the GUI packet analyzer, can be built. You can disable the build of
+ the GUI version of Wireshark with this switch.
- --disable-gtk2
- Build Glib/Gtk+ 1.2[.x]-based wireshark.
- Note: not supported from Wireshark 1.1.x onwards
+ --without-gtk3
+ Don't try to build a Gtk+ 3.x-based Wireshark. If given in
+ conjunction with --disable-gtk2 then the Gtk+ GUI is disabled (and
+ only the Qt GUI is built).
+
+ --without-gtk2
+ Don't try to build a Gtk+ 2.x-based Wireshark. If given in
+ conjunction with --disable-gtk3 then the Gtk+ GUI is disabled (and
+ only the Qt GUI is built).
+
+ --without-qt
+ Don't try to build a Qt-based Wireshark.
--disable-tshark
By default the line-mode packet analyzer, TShark, is built.
By default the capture-file statistics reporting pogram
is built. Use this switch to avoid building it.
+ --disable-captype
+ By default the capture-type reporting pogram is built. Use this
+ switch to avoid building it.
+
--disable-mergecap
By default the capture-file merging program is built.
Use this switch to avoid building it.
+ --disable-reordercap
+ By default the capture-file reordering program is built.
+ Use this switch to avoid building it.
+
--disable-text2pcap
By default the hex-dump-to-capture file conversion program
is built. Use this switch to avoid building it.
By default the network traffic capture program is built.
Use this switch to avoid building it.
- --disable-reordercap
- By default the capture-file reordering program is built.
- Use this switch to avoid building it.
-
--disable-rawshark
By default the program used to dump and analyze raw libpcap data
is built. Use this switch to avoid building it.
Use this switch to change the location where plugins
are installed.
-6. After running './configure', you will see a summary of some
+7. After running './configure', you will see a summary of some
of the options you chose. Ensure that the summary reflects
what you want. If it doesn't, re-run './configure' with new options.
-7. Run 'make'. Hopefully, you won't run into any problems.
+8. Run 'make'. Hopefully, you won't run into any problems.
-8. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
+9. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
working. You must have root privileges in order to capture live data.
-9. Run 'make install'. If you're running a system that supports
- the Apt, RPM, OSX, or System V Release 4 packaging systems, you can
+10./a. Run 'make install'. If you're running a system that supports
+ the RPM, OSX, or System V Release 4 packaging systems, you can
run one of
- make debian-package # Builds a binary package using dpkg
make rpm-package # Builds a binary package using rpm
- make srpm-package # Builds a source package using rpm
make svr4-package # Builds a binary package using pkgmk
make solaris-package # Same as "make svr4-package"
make osx-package # Builds a binary package for OSX
to make an installable package for your system.
+10/b. If you 're running a system that supports APT (Debian/Ubuntu/etc.)
+ run
+
+ dpkg-buildpackage -us -uc -rfakeroot
+
+ in the source directory right after extracting of checking out
+ Wireshark's source code. (You don't have to run configure/make/etc.
+ prior to running dpkg-buildpackage)
+
+
If you have trouble with the build or installation process, you can
-find assistance on the wireshark-users and wireshark-dev mailing lists.
-See http://www.wireshark.org/lists/ for details.
+find assistance on the wireshark-users and wireshark-dev mailing lists (see
+http://www.wireshark.org/lists/ for details) or the Wireshark Q&A site:
+https://ask.wireshark.org .