These are installation instructions for Unix and Unix-like systems
that can run the "configure" script in this same directory. These
are not the installation instructions for Windows systems; see
-README.win32 for those instructions.
+README.windows for those instructions.
-0. This is beta software. Beware.
+0. This is software. Beware.
1. If you wish to build Wireshark, make sure you have GTK+ and GLib
installed. Try running 'pkg-config glib-2.0 --modversion' to see if
GLib 2.x; you need to configure with --disable-gtk2 to use GTK+
1.2[.x].
+ Please also note that GTK+ 1.2[.x] is only supported up to
+ Wireshark 1.0.x. From Wireshark 1.1.x onwards only GTK+ 2.x
+ is supported.
+
2. If you wish to build TShark, the line-mode version of Wireshark,
make sure you have GLIB installed. See note #1 above for instructions
on checking if you have GLIB installed. You can download GLIB from
Similarly, Red Hat 5.x users will need to install a "libpcap-devel"
.rpm to go along with the "libpcap" .rpm.
-4. Run './configure' in the Wireshark distribution directory.
+4. Building Wireshark requires Perl (specifically the pod2man program)
+ so that the documentation can be built.
+
+5. Run './configure' in the Wireshark distribution directory.
Running './configure --help' displays a complete list of options.
The file 'INSTALL.configure' contains general instructions for
using 'configure' and 'make'. Some of the Wireshark non-generic
--disable-wireshark
By default, if 'configure' finds the GTK+ libraries, the Makefile
- build Wireshark, the GUI packet analyzer. You can disable the
+ builds Wireshark, the GUI packet analyzer. You can disable the
build of the GUI version of Wireshark with this switch.
--disable-gtk2
Build Glib/Gtk+ 1.2[.x]-based wireshark.
+ Note: not supported from Wireshark 1.1.x onwards
--disable-tshark
By default the line-mode packet analyzer, TShark, is built.
By default the hex-dump-to-capture file conversion program
is built. Use this switch to avoid building it.
- --disable-idl2wrs
- By default the IDL-to-wireshark-dissector-source-code converter
- is built. Use this switch to avoid building it.
-
--disable-dftest
By default the display-filter-compiler test program is built.
Use this switch to avoid building it.
use this switch.
--enable-setuid-install
- Use this switch to install dumpcap as setuid.
+ Wireshark and TShark rely on dumpcap for packet capture. Setting this
+ flag installs dumpcap with setuid root permissions, which lets any user
+ on the system capture live traffic. If this is not desired, you can
+ restrict dumpcap's permissions so that only a single user or group can
+ run it. This can be used in conjunction with --with-libcap described
+ below.
+
+ Running Wireshark or TShark as root is not recommended.
+
+ --without-libcap
+ By default, if 'configure' finds libcap (the POSIX capabilities
+ library) dumpcap will be built so that if it is installed setuid
+ root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
+ before dropping root privileges. Use this option to disable this
+ behavior.
+
+ --with-libcap=DIR
+ Use this option to tell 'configure' where libcap is installed,
+ if it is installed in a non-standard location. Note that libcap
+ (the POSIX capabilities library, sans "p") and libpcap (the
+ packet capture library, avec "p") are two very different things.
--without-pcap
If you choose to build a packet analyzer that can analyze
${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
- ${VERSION} is the Etherael version.
+ ${VERSION} is the Wireshark version.
Use this switch to change the location where plugins
are installed.
-5. After running './configure', you will see a summary of some
+6. After running './configure', you will see a summary of some
of the options you chose. Ensure that the summary reflects
what you want. If it doesn't, re-run './configure' with new options.
-6. Run 'make'. Hopefully, you won't run into any problems.
+7. Run 'make'. Hopefully, you won't run into any problems.
-7. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
+8. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
working. You must have root privileges in order to capture live data.
-8. Run 'make install'. If you're running a system that supports
- the Apt, RPM, or System V Release 4 packaging systems, you can
+9. Run 'make install'. If you're running a system that supports
+ the Apt, RPM, OSX, or System V Release 4 packaging systems, you can
run one of
make debian-package # Builds a binary package using dpkg
make rpm-package # Builds a binary package using rpm
make srpm-package # Builds a source package using rpm
- make svr4-package # Builds a source package using pkgmk
+ make svr4-package # Builds a binary package using pkgmk
make solaris-package # Same as "make svr4-package"
+ make osx-package # Builds a binary package for OSX
to make an installable package for your system.