-Installation Checklist
-======================
-
- [ ] 0. This is alpha software. Beware.
-
- [ ] 1. Make sure you have GTK+ installed. Try running 'gtk-config
- --version'. If you need to install/reinstall GTK, you can find
- it at
-
- http://www.gtk.org .
-
- Ethereal needs gtk+-1.2.0 or above.
-
- If you installed GTK+ from a binary package, you may have to
- install a "development" package; there may be separate "user's"
- and "developer's" packages, with the former not including
- header files and the like. For example, Red Hat users will
- need to install a "gtk-devel" .rpm.
-
- [ ] 2. If you want to capture packets, make sure you have libpcap
- installed. The latest "official" version can be found at
-
- http://www.tcpdump.org .
-
- If you've downloaded the 0.5.2 version, make sure you install
- the headers ('make install-incl') when you install the library.
- The CVS snapshots will install the headers if you do 'make
- install', and have no 'install-incl' target.
-
- If you installed libpcap from a binary package, you may have to
- install a "development" package; for example, there's
- apparently a "libpcap0" Debian package, but it just includes a
- shared library, a copyright notice, changelog files, and a
- README file - you also need to install a "libpcap-dev" package
- to get header files, a non-shared library, and the man page.
- Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
- .rpm to go along with the "libpcap" .rpm.
-
- [ ] 3. Run './configure' in the Ethereal distribution directory.
- Running './configure --help' displays a list of options.
- The file 'INSTALL.configure' contains general instructions for
- using 'configure' and 'make'.
-
- Ethereal installs a support file (manuf) in /usr/local/etc by
- default. You can change this location with the --sysconfdir
- option.
-
- The --disable-pcap option allows you to compile without libpcap.
- You won't be able to capture packets, but you can read traces
- that have already been captured to disk by other programs.
-
- [ ] 4. Run 'make'. Hopefully, you won't run into any problems.
-
- [ ] 5. Run './ethereal', and make sure things are working. You must
- have root privileges in order to capture live data.
-
- [ ] 6. Run 'make install'. If you wish to install the man page, run
- 'make install-man'. You're done.
+NOTE: this document applies to the Wireshark source releases and
+buildbot source tarballs. It does not apply to source code checked out
+directly from Git, as files such as the configuration script are not
+checked into Git, but need to be generated from the autoconf and
+automake files.
+
+See https://wiki.wireshark.org/Development if you would like to build the
+source code checked out directly from Git.
+
+Installation
+============
+
+These are installation instructions for Unix and Unix-like systems
+that can run the "configure" script in this same directory. These
+are not the installation instructions for Windows systems; see
+README.windows for those instructions.
+
+0. This is software. Beware.
+
+1. If you wish to build Wireshark, make sure you have GTK+ and GLib
+ installed. Try running 'pkg-config glib-2.0 --modversion' to see if
+ you have GLib 2.x installed. Then try running
+ 'pkg-config gtk+-3.0 --modversion' to see if you
+ have GTK+ 3.x installed and, if that fails, try running
+ 'pkg-config gtk+-2.0 --modversion' to see if you have GTK+ 2.x installed.
+ Wireshark needs version 3.0.0 or above of gtk+-3.0 or 2.12.0 or above of
+ gtk+-2.0 and version 2.16.0 or above of glib-2.0. If you need to install
+ or re-install GTK+ or GLIB, you can find the packages at:
+
+ http://www.gtk.org
+
+ If you installed GTK+ from a binary package, you may have to
+ install a "development" package; there may be separate "user's"
+ and "developer's" packages, with the former not including
+ header files and the like. For example, Red Hat users will
+ need to install a "gtk-devel" .rpm.
+
+ Note also that Wireshark configuration defaults to using GTK+ 3.x;
+ you need to configure with --disable-gtk3 to use GTK+ 2.x.
+
+2. If you wish to build TShark, the line-mode version of Wireshark,
+ make sure you have GLIB installed. See note #1 above for instructions
+ on checking if you have GLIB installed. You can download GLIB from
+ the same site as GTK.
+
+3. If you want to capture packets, make sure you have libpcap
+ installed. The latest "official" version can be found at
+
+ http://www.tcpdump.org .
+
+ If you installed libpcap from a binary package, you may have to
+ install a "development" package; for example, there's
+ apparently a "libpcap0" Debian package, but it just includes a
+ shared library, a copyright notice, changelog files, and a
+ README file - you also need to install a "libpcap-dev" package
+ to get header files, a non-shared library, and the man page.
+ Similarly, Red Hat users will need to install a "libpcap-devel"
+ .rpm to go along with the "libpcap" .rpm.
+
+4. Building Wireshark requires Perl (specifically the pod2man program)
+ so that the documentation can be built.
+
+5. Building Wireshark requires Python.
+
+6. Run './configure' in the Wireshark distribution directory.
+ Running './configure --help' displays a complete list of options.
+ The file 'INSTALL.configure' contains general instructions for
+ using 'configure' and 'make'. Some of the Wireshark non-generic
+ configure options are as follows:
+
+ --disable-usr-local
+ By default 'configure' will look in /usr/local/{include,lib} for
+ additional header files and libraries. Using this switch keeps
+ 'configure' from looking there
+
+ --disable-wireshark
+ By default 'configure' tries to find the GTK+ libraries so Wireshark,
+ the GUI packet analyzer, can be built. You can disable the build of
+ the GUI version of Wireshark with this switch.
+
+ --without-gtk3
+ Don't try to build a Gtk+ 3.x-based Wireshark. If given in
+ conjunction with --disable-gtk2 then the Gtk+ GUI is disabled (and
+ only the Qt GUI is built).
+
+ --without-gtk2
+ Don't try to build a Gtk+ 2.x-based Wireshark. If given in
+ conjunction with --disable-gtk3 then the Gtk+ GUI is disabled (and
+ only the Qt GUI is built).
+
+ --without-qt
+ Don't try to build a Qt-based Wireshark.
+
+ --disable-tshark
+ By default the line-mode packet analyzer, TShark, is built.
+ Use this switch to avoid building it.
+
+ --disable-editcap
+ By default the capture-file editing program is built.
+ Use this switch to avoid building it.
+
+ --disable-capinfos
+ By default the capture-file statistics reporting pogram
+ is built. Use this switch to avoid building it.
+
+ --disable-captype
+ By default the capture-type reporting pogram is built. Use this
+ switch to avoid building it.
+
+ --disable-mergecap
+ By default the capture-file merging program is built.
+ Use this switch to avoid building it.
+
+ --disable-reordercap
+ By default the capture-file reordering program is built.
+ Use this switch to avoid building it.
+
+ --disable-text2pcap
+ By default the hex-dump-to-capture file conversion program
+ is built. Use this switch to avoid building it.
+
+ --disable-dftest
+ By default the display-filter-compiler test program is built.
+ Use this switch to avoid building it.
+
+ --disable-randpkt
+ By default the program which creates random packet-capture files
+ is built. Use this switch to avoid building it.
+
+ --disable-dumpcap
+ By default the network traffic capture program is built.
+ Use this switch to avoid building it.
+
+ --disable-rawshark
+ By default the program used to dump and analyze raw libpcap data
+ is built. Use this switch to avoid building it.
+
+ --disable-ipv6
+ If 'configure' finds support for IPv6 name resolution on
+ your system, the packet analyzers will make use of it.
+ To avoid using IPv6 name resolution if you have the support for it,
+ use this switch.
+
+ --enable-setuid-install
+ Wireshark and TShark rely on dumpcap for packet capture. Setting this
+ flag installs dumpcap with setuid root permissions, which lets any user
+ on the system capture live traffic. If this is not desired, you can
+ restrict dumpcap's permissions so that only a single user or group can
+ run it. This can be used in conjunction with --with-libcap described
+ below.
+
+ Running Wireshark or TShark as root is not recommended.
+
+ --without-libcap
+ By default, if 'configure' finds libcap (the POSIX capabilities
+ library) dumpcap will be built so that if it is installed setuid
+ root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
+ before dropping root privileges. Use this option to disable this
+ behavior.
+
+ --with-libcap=DIR
+ Use this option to tell 'configure' where libcap is installed,
+ if it is installed in a non-standard location. Note that libcap
+ (the POSIX capabilities library, sans "p") and libpcap (the
+ packet capture library, avec "p") are two very different things.
+
+ --without-pcap
+ If you choose to build a packet analyzer that can analyze
+ capture files but cannot capture packets on its own, but you
+ *do* have libpcap installed, or if you are trying to build
+ Wireshark on a system that doesn't have libpcap installed (in
+ which case you have no choice but to build a version that can
+ analyze capture files but cannot capture packets on its own),
+ use --without-pcap to avoid using libpcap.
+
+ --with-pcap=DIR
+ Use this to tell Wireshark where you have libpcap installed, if
+ it is installed in a non-standard location.
+
+ --without-zlib
+ By default, if 'configure' finds zlib (a.k.a, libz), the
+ wiretap library will be built so that it can read compressed
+ capture files. If you have zlib but do not wish to build
+ it into the wiretap library, used by Wireshark, TShark, and
+ the capture-file utilities that come in this package, use
+ this switch.
+
+ --with-zlib=DIR
+ Use this to tell Wireshark where you have zlib installed, if it
+ is installed in a non-standard location.
+
+ --without-plugins
+ By default, if your system can support run-time loadable modules,
+ the packet analyzers are build with support for plugins.
+ Use this switch to build packet analyzers without plugin support.
+
+ --with-plugins=DIR
+ By default, plugins are installed in
+ ${LIBDIR}/wireshark/plugins/${VERSION}
+
+ ${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
+ ${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
+ ${VERSION} is the Wireshark version.
+
+ Use this switch to change the location where plugins
+ are installed.
+
+7. After running './configure', you will see a summary of some
+ of the options you chose. Ensure that the summary reflects
+ what you want. If it doesn't, re-run './configure' with new options.
+
+8. Run 'make'. Hopefully, you won't run into any problems.
+
+9. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
+ working. You must have root privileges in order to capture live data.
+
+10./a. Run 'make install'. If you're running a system that supports
+ the RPM, OSX, or System V Release 4 packaging systems, you can
+ run one of
+
+ make rpm-package # Builds a binary package using rpm
+ make svr4-package # Builds a binary package using pkgmk
+ make solaris-package # Same as "make svr4-package"
+ make osx-package # Builds a binary package for OSX
+
+ to make an installable package for your system.
+
+10/b. If you 're running a system that supports APT (Debian/Ubuntu/etc.)
+ run
+
+ dpkg-buildpackage -us -uc -rfakeroot
+
+ in the source directory right after extracting of checking out
+ Wireshark's source code. (You don't have to run configure/make/etc.
+ prior to running dpkg-buildpackage)
+
+
+If you have trouble with the build or installation process, you can
+find assistance on the wireshark-users and wireshark-dev mailing lists (see
+http://www.wireshark.org/lists/ for details) or the Wireshark Q&A site:
+https://ask.wireshark.org .