These are installation instructions for Unix and Unix-like systems
that can run the "configure" script in this same directory. These
are not the installation instructions for Windows systems; see
-README.win32 for those instructions.
+README.windows for those instructions.
-0. This is beta software. Beware.
+0. This is software. Beware.
1. If you wish to build Wireshark, make sure you have GTK+ and GLib
installed. Try running 'pkg-config glib-2.0 --modversion' to see if
GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
1.2[.x].
+ Please also note that GTK+ 1.2[.x] is only supported up to
+ Wireshark 1.0.x. From Wireshark 1.1.x onwards only GTK+ 2.x
+ is supported.
+
2. If you wish to build TShark, the line-mode version of Wireshark,
make sure you have GLIB installed. See note #1 above for instructions
on checking if you have GLIB installed. You can download GLIB from
Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
.rpm to go along with the "libpcap" .rpm.
-4. Run './configure' in the Wireshark distribution directory.
+4. Building Wireshark requires Perl (specifically the pod2man program)
+ so that the documentation can be built.
+
+5. Run './configure' in the Wireshark distribution directory.
Running './configure --help' displays a complete list of options.
The file 'INSTALL.configure' contains general instructions for
using 'configure' and 'make'. Some of the Wireshark non-generic
--disable-wireshark
By default, if 'configure' finds the GTK+ libraries, the Makefile
- build Wireshark, the GUI packet analyzer. You can disable the
+ builds Wireshark, the GUI packet analyzer. You can disable the
build of the GUI version of Wireshark with this switch.
--disable-gtk2
Build Glib/Gtk+ 1.2[.x]-based wireshark.
+ Note: not supported from Wireshark 1.1.x onwards
--disable-tshark
By default the line-mode packet analyzer, TShark, is built.
By default the hex-dump-to-capture file conversion program
is built. Use this switch to avoid building it.
- --disable-idl2wrs
- By default the IDL-to-wireshark-dissector-source-code converter
- is built. Use this switch to avoid building it.
-
--disable-dftest
By default the display-filter-compiler test program is built.
Use this switch to avoid building it.
By default the network traffic capture program is built.
Use this switch to avoid building it.
+ --disable-reordercap
+ By default the capture-file reordering program is built.
+ Use this switch to avoid building it.
+
--disable-rawshark
By default the program used to dump and analyze raw libpcap data
is built. Use this switch to avoid building it.
flag installs dumpcap with setuid root permissions, which lets any user
on the system capture live traffic. If this is not desired, you can
restrict dumpcap's permissions so that only a single user or group can
- run it.
+ run it. This can be used in conjunction with --with-libcap described
+ below.
Running Wireshark or TShark as root is not recommended.
+ --without-libcap
+ By default, if 'configure' finds libcap (the POSIX capabilities
+ library) dumpcap will be built so that if it is installed setuid
+ root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
+ before dropping root privileges. Use this option to disable this
+ behavior.
+
+ --with-libcap=DIR
+ Use this option to tell 'configure' where libcap is installed,
+ if it is installed in a non-standard location. Note that libcap
+ (the POSIX capabilities library, sans "p") and libpcap (the
+ packet capture library, avec "p") are two very different things.
+
--without-pcap
If you choose to build a packet analyzer that can analyze
capture files but cannot capture packets on its own, but you
${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
- ${VERSION} is the Etherael version.
+ ${VERSION} is the Wireshark version.
Use this switch to change the location where plugins
are installed.
-5. After running './configure', you will see a summary of some
+6. After running './configure', you will see a summary of some
of the options you chose. Ensure that the summary reflects
what you want. If it doesn't, re-run './configure' with new options.
-6. Run 'make'. Hopefully, you won't run into any problems.
+7. Run 'make'. Hopefully, you won't run into any problems.
-7. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
+8. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
working. You must have root privileges in order to capture live data.
-8. Run 'make install'. If you're running a system that supports
- the Apt, RPM, or System V Release 4 packaging systems, you can
+9. Run 'make install'. If you're running a system that supports
+ the Apt, RPM, OSX, or System V Release 4 packaging systems, you can
run one of
make debian-package # Builds a binary package using dpkg
make rpm-package # Builds a binary package using rpm
make srpm-package # Builds a source package using rpm
- make svr4-package # Builds a source package using pkgmk
+ make svr4-package # Builds a binary package using pkgmk
make solaris-package # Same as "make svr4-package"
+ make osx-package # Builds a binary package for OSX
to make an installable package for your system.