$Id$
-Installing Ethereal, Tethereal, and Editcap on Win32
-====================================================
-These are the instructions for installing Ethereal
+Installing Wireshark, TShark, and Editcap on Win32
+==================================================
+These are the instructions for installing Wireshark
from the installation executable that is provided on
-the Ethereal website at:
+the Wireshark website at:
-http://www.ethereal.com/distribution/win32
+http://www.wireshark.org/download/win32
and any of its mirrors.
-The installation package allows you to install:
-
- o Ethereal - the GUI version
- o Tethereal - the console, line-mode version
- o Editcap - a console, line-mode utility to convert
- capture files from one format to another.
- (The same functions are available in Wireshark)
- o Text2Pcap - a console, line-mode utility to generate
- a capture file from an ASCII hexdump of packets
- o Mergecap - a console, line-mode utility to merge two
- capture files into one
-
-Additionally, the installation package contains a "plugins"
-option, which installs some additional dissector plugins
-for use with Ethereal and Tethereal.
-
-All binaries in Wireshark package are now built with debugging
-information embedded. If you are experiencing a crash when running
-Ethereal or other binaries, Dr. Watson or your debugger
-can use the information embedded in the binary to provide useful
-information to the Ethereal developers that will help them pinpoint
-the problem.
-
-In the past, two versions of Ethereal binaries were published -- a
-version that could capture packets and a version which could not.
-The latter is useful if you're only reading files produced by
-another product (e.g., a sniffer, firewall, or intrustion detection system)
-and did not wish to install WinPcap, the library Ethereal uses
-to capture packets on Win32 platforms.
-
-As of WinPcap 2.1, all the WinPcap libraries have been released as DLLs.
-This means that Ethereal can detect the presence of WinPcap at run time,
-which means that only one version of the Ethereal binaries needs to be
-shipped.
-
-If you don't want to capture packets, just install the Ethereal
-package. If you do want to capture packets, install Ethereal *and*
-install the latest non-beta version of WinPcap, available from:
-
- http://winpcap.polito.it/
+The installer will take care of most situations, so just keep the
+default settings and start Wireshark after the installation finished.
-and mirrored at
-
- http://winpcap.mirror.ethereal.com/
+For detailed descriptions how to install and use Wireshark and the
+related command line tools, see the Wireshark User's Guide at:
-and
+http://www.wireshark.org/docs/
- http://www.mirrors.wiretapped.net/security/packet-capture/winpcap/
-If you already have an earlier version of WinPcap installed, you need to
-un-install it and install the latest version. If the older version is
-WinPcap 2.0 or 2.02, and you have other applications that use the older
-version , you will have to decide which applications to keep, since
-WinPcap 2.0/2.02 and later versions cannot be installed on the same
-system at the same time.
+Troubleshooting
+===============
If Wireshark is not capturing packets and you have WinPcap installed, you
can test your WinPcap installation by installing WinDump (tcpdump for
http://analyzer.polito.it/
+
The rest of this documentation is only interesting if
-you want to compile Ethereal yourself.
+you want to compile Wireshark yourself.
-Compiling the Ethereal distribution from source
-===============================================
+Compiling the Wireshark distribution from source
+================================================
Developer's Guide
-----------------
-You can find a comprehensive guide how to develop Ethereal in the
+You can find a comprehensive guide how to develop Wireshark in the
Developer's Guide, which you can find (and much more info) at:
-http://wiki.ethereal.com/Development
+http://wiki.wireshark.org/Development
The guide contains detailed information how to setup the development
environment and it's usage.
Compilers
---------
MS Visual C++ Version 6
-This is the common compiler used for building Ethereal on win32.
+This is the recommended compiler used for building Wireshark on win32.
-If you've downloaded an Ethereal source tarball and unpacked it, then,
+If you've downloaded an Wireshark source tarball and unpacked it, then,
before you do any build, you must do
nmake -f makefile.nmake distclean
Subversion tree, as long as you haven't done a UN*X build in the same
directory.
-MS Visual C++ Version 7 / VC.NET
+MS Visual C++ Version 7 / VC.NET / 2003 / 2005
Currently unsupported for two reasons:
--the licence agreement does NOT allow you to compile GPL code.
-there are serious problems in using DLL's compiled with MS VC6.
See section "Problems with MS Visual C++ Version 7 / VC.NET" below.
Cygwin GCC
-Ethereal can entirely be built with cygwin GCC. However the built binaries will
-only run in a cygwin environment, so they are not standalone Win32 applications.
+Wireshark can entirely be built with cygwin GCC. But please remember that MSVC6
+is the recommended way - using GCC might be quite difficult and the built
+binaries will only run in a cygwin environment using an X server, so they are
+not standalone Win32 applications.
It is however not excluded that native Win32 code can be compiled on cygwin GCC
but you then have to use -mms-bitfields as a strict minimum and probably
-mno-cygwin or a similar compiler flag too.
-See section below for instructions.
+See the "Instructions for Cygwin" section below for detailed instructions.
Automated library download
--------------------------
Before using the automated download, be sure to edit the config.nmake file
-to suit your needs. Especially have a look at the ETHEREAL_LIBS setting.
+to suit your needs. Especially have a look at the WIRESHARK_LIBS setting.
However, the defaults should be working well for a first start.
If you've installed Microsoft Visual C++ (MSVC), you can run:
the tool wget to download each package file (together around 30MB!) from the
server location at:
- http://anonsvn.ethereal.com/ethereal-win32-libs/trunk/packages/
+ http://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/
-and unpack it in the $ETHEREAL_LIBS directory.
+and unpack it in the $WIRESHARK_LIBS directory.
If you have problems downloading the files, you might be connected to the
internet through a proxy/firewall. In this case see the wget documentation
Required libraries
------------------
If the automated library download finished sucessfully, you should have all
-libraries on your machine at the right places. So you don't have to read this,
-unless you are interested which libraries are used.
+libraries on your machine at the right places. So you don't have to read this
+section, unless you are interested which libraries are used.
You'll need the development packages for GLIB, GTK+, iconv, gettext,
WinPcap, Net-SNMP, and optionally ADNS, PCRE and zlib. The development
PRECOMPILED VERSIONS OF ALL OF THESE PACKAGES ARE AVAILABLE AT:
- http://anonsvn.ethereal.com/ethereal-win32-libs/trunk/packages/
+ http://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/
The GLIB, GTK+, iconv, gettext packages for win32 can be found at the home
By default, the build process looks for these packages in
-C:\ethereal-win32-libs. You can place them in a different directory, but
-you must update the ETHEREAL_LIBS variable in config.nmake accordingly.
+C:\wireshark-win32-libs. You can place them in a different directory, but
+you must update the WIRESHARK_LIBS variable in config.nmake accordingly.
-The following lists the packages needed to compile Ethereal and the default
+The following lists the packages needed to compile Wireshark and the default
locations where to unpack them, when the above method isn't used.
Package Default Location
------- ----------------
- glib-2.4.7.zip C:\ethereal-win32-libs\glib
- glib-dev-2.4.7.zip C:\ethereal-win32-libs\glib
- gtk+-1.3.0-20030717.zip C:\ethereal-win32-libs\gtk+
- gtk+-dev-1.3.0-20030115.zip C:\ethereal-win32-libs\gtk+
- libiconv-1.9.1.bin.woe32.zip C:\ethereal-win32-libs\libiconv-1.9.1.bin.woe32
- gettext-runtime-0.13.1.zip C:\ethereal-win32-libs\gettext-runtime-0.13.1
- net-snmp-5.2.1.2.zip C:\ethereal-win32-libs
- wpdpack_3_0.zip C:\ethereal-win32-libs
+ glib-2.4.7.zip C:\wireshark-win32-libs\glib
+ glib-dev-2.4.7.zip C:\wireshark-win32-libs\glib
+ gtk+-1.3.0-20030717.zip C:\wireshark-win32-libs\gtk+
+ gtk+-dev-1.3.0-20030115.zip C:\wireshark-win32-libs\gtk+
+ libiconv-1.9.1.bin.woe32.zip C:\wireshark-win32-libs\libiconv-1.9.1.bin.woe32
+ gettext-runtime-0.13.1.zip C:\wireshark-win32-libs\gettext-runtime-0.13.1
+ net-snmp-5.2.1.2.zip C:\wireshark-win32-libs
+ wpdpack_3_0.zip C:\wireshark-win32-libs
and optional:
- adns-1.0-win32-04.zip C:\ethereal-win32-libs
- pcre-4.4.zip C:\ethereal-win32-libs
- zlib123-dll.zip C:\ethereal-win32-libs\zlib123-dll
+ adns-1.0-win32-04.zip C:\wireshark-win32-libs
+ pcre-4.4.zip C:\wireshark-win32-libs
+ zlib123-dll.zip C:\wireshark-win32-libs\zlib123-dll
(to use the default locations, the directories in question should be
created, and each zip file should be unpacked into the corresponding
-directory). If you only want to change the C:\ethereal-win32-libs
-part, you just change the setting of ETHEREAL_LIBS in config.nmake; if
+directory). If you only want to change the C:\wireshark-win32-libs
+part, you just change the setting of WIRESHARK_LIBS in config.nmake; if
you want to change subdirectories, you'll have to change the individual
item for a package. (Note that some zip files create the subdirectory -
-those zip files just have C:\ethereal-win32-libs in the list above - so
+those zip files just have C:\wireshark-win32-libs in the list above - so
if you don't want the package to be in that subdirectory, you'd have to
rename the directory.)
GLib 2.4.7.
-Compiling the Ethereal distribution using GTK+2
------------------------------------------------
+Compiling the Wireshark distribution using GTK+2
+------------------------------------------------
The more recent version 2 of the GTK+ can be used to compile
-Ethereal with, but is still considered beta.
+Wireshark with, but is still considered beta.
GTK+2 will look better in various ways, especially for WIN32 users.
You can get the required libraries from:
-http://www.ethereal.com/distribution/win32/development/gtk2
+http://www.wireshark.org/distribution/win32/development/gtk2
or (like the GTK+1 libraries from the GTK+ for Win32 project):
Package Default Location
------- ----------------
- gtk+-2.4.14.zip C:\ethereal-win32-libs\gtk2
- gtk+-dev-2.4.14.zip C:\ethereal-win32-libs\gtk2
- pango-1.4.1.zip C:\ethereal-win32-libs\gtk2
- pango-dev-1.4.1.zip C:\ethereal-win32-libs\gtk2
- atk-1.6.0.zip C:\ethereal-win32-libs\gtk2
- atk-dev-1.6.0.zip C:\ethereal-win32-libs\gtk2
+ gtk+-2.4.14.zip C:\wireshark-win32-libs\gtk2
+ gtk+-dev-2.4.14.zip C:\wireshark-win32-libs\gtk2
+ pango-1.4.1.zip C:\wireshark-win32-libs\gtk2
+ pango-dev-1.4.1.zip C:\wireshark-win32-libs\gtk2
+ atk-1.6.0.zip C:\wireshark-win32-libs\gtk2
+ atk-dev-1.6.0.zip C:\wireshark-win32-libs\gtk2
and optional:
- gtk-wimp-0.7.0-bin.zip C:\ethereal-win32-libs\gtk-wimp
+ gtk-wimp-0.7.0-bin.zip C:\wireshark-win32-libs\gtk-wimp
Be sure to set GTK2_DIR in config.nmake correct, to be able to compile.
-Running your freshly compiled Ethereal
+Running your freshly compiled Wireshark
--------------------------------------
Make sure the glib and gtk DLL's are in your path or you use a directory
where all required DLL's and the exe files reside.- i.e., that your
path includes the directory (folder) or directories (folders) in which
-those DLLs are found - when you run Ethereal.
+those DLLs are found - when you run Wireshark.
Note the wiretap*.dll must be in your path as well and if wiretap is changed
be sure to put the new one in your path.
Plugins (gryphon.dll and mgcp.dll) can go in:
- <Ethereal installation directory>\plugins\<version>
+ <Wireshark installation directory>\plugins\<version>
Where <version> is the version number, without brackets. For example,
-if you have Ethereal 0.10.12 installed in the default location, plugins
-will reside in C:\Program Files\Ethereal\plugins\0.10.12
+if you have Wireshark 0.99.1 installed in the default location, plugins
+will reside in C:\Program Files\Wireshark\plugins\0.99.1
Yes, the location of plugins needs to be more flexible.
Instructions for MS Visual C++
----------------------------
-Modify the config.nmake file in the top directory of the Ethereal source
+Modify the config.nmake file in the top directory of the Wireshark source
tree to work for your local configuration; if you don't have Python,
comment out the line that defines PYTHON, otherwise set it to refer to
the pathname of your Python interpreter executable. You should not have
directory names. (It may be that the "command.com" in Windows 95, Windows
98, and Windows Me, as it's the only command interpreter in those systems,
can handle those directories. If not, it may not be possible to build
-Ethereal from the command line on those versions of Windows.)
+Wireshark from the command line on those versions of Windows.)
Be sure that your command-line environment is set up to compile
and link with MSVC++. When installing MSVC++, you can have your
usually be found in the "VC98\Bin" subdirectory of the directory in
which Visual Studio was installed.
-The first time you build Ethereal, run "nmake -f makefile.nmake distclean"
-in the top-level Ethereal source directory to make sure that the "config.h"
+The first time you build Wireshark, run "nmake -f makefile.nmake distclean"
+in the top-level Wireshark source directory to make sure that the "config.h"
files will be reconstructed from the "config.h.win32" files. (If, for
example, you have "config.h" files left over from a Unix build, a
Windows build will fail.)
-In the ethereal directory, type "nmake -f makefile.nmake". It will
+In the wireshark directory, type "nmake -f makefile.nmake". It will
recurse into the subdirectories as appropriate.
Some generated source is created by traditionally "Unix-ish" tools.
------ ------ ----
config.h.win32 config.h sed
epan/config.h.win32 epan/config.h sed
-image/ethereal.rc.in image/ethereal.rc sed
-image/tethereal.rc.in image/tethereal.rc sed
+image/wireshark.rc.in image/wireshark.rc sed
+image/tshark.rc.in image/tshark.rc sed
image/editcap.rc.in image/editcap.rc sed
image/mergecap.rc.in image/mergecap.rc sed
image/text2pcap.rc.in image/text2pcap.rc sed
or
make-reg-dotc.py, packet*.c register.c Python
-make-tapreg-dotc, tap-*.c tethereal-tap-register.c
+make-tapreg-dotc, tap-*.c tshark-tap-register.c
Bash + grep + sed
-make-tapreg-dotc, tap files gtk/ethereal-tap-register.c
+make-tapreg-dotc, tap files gtk/wireshark-tap-register.c
in the gtk subdirectory Bash + grep + sed
-The Makefile.nmake supplied with the Ethereal distribution will, if
+The Makefile.nmake supplied with the Wireshark distribution will, if
PYTHON is defined in config.nmake, attempt to make register.c with
Python, since it is much much much faster than the shell version. The
reason it is faster is because the shell version launches multiple
You will need NSIS version 2 or higher, to build an installer with the modern user interface,
and for a much smaller installer (using the lzma compression).
-In the ethereal directory, type "nmake -f makefile.nmake packaging" to build the installer.
+In the wireshark directory, type "nmake -f makefile.nmake packaging" to build the installer.
Please be patient while the compression is done, it will take some time even on fast machines.
-You will hopefully now see something like ethereal-setup-0.10.12.exe in the dir packaging/nsis.
+You will hopefully now see something like wireshark-setup-0.10.12.exe in the dir packaging/nsis.
Installing GTK-Wimp
GTK-Wimp can be used to get a native Look-and-Feel on WinXP machines,
especially with the new "coloured" WinXP theme. It will only take effect
-together with the GTK2 version of Ethereal.
+together with the GTK2 version of Wireshark.
-No changes to the Ethereal sources are needed, GTK-Wimp simply changes the
+No changes to the Wireshark sources are needed, GTK-Wimp simply changes the
way GTK2 displays the widgets (by changing the GTK2 default theme).
-GTK-Wimp will be automatically installed if you use the official Ethereal Setup.
+GTK-Wimp will be automatically installed if you use the official Wireshark Setup.
In this case, the files mentioned below are already existing at the appropriate
places.
1. Go to http://gtk-wimp.sourceforge.net/
2. Download the ZIP archive containing the library and the theme
-3. Locate the installation directory of Ethereal (C:\Program Files\Ethereal)
+3. Locate the installation directory of Wireshark (C:\Program Files\Wireshark)
4. Create a subdirectory 'share\themes\Default\gtk-2.0'
5. Drop the file 'gtkrc' in 'share\themes\Default\gtk-2.0'
6. Create a subdirectory named 'lib\gtk-2.0\2.4.0\engines'
When you're finished, you should have:
-C:\Program Files\Ethereal\lib\gtk-2.0\2.4.0\engines\libwimp.dll
-C:\Program Files\Ethereal\share\themes\Default\gtk-2.0\gtkrc
+C:\Program Files\Wireshark\lib\gtk-2.0\2.4.0\engines\libwimp.dll
+C:\Program Files\Wireshark\share\themes\Default\gtk-2.0\gtkrc
-After (re-)starting Ethereal, you should now see it's widgets in the modern
+After (re-)starting Wireshark, you should now see it's widgets in the modern
WinXP style on your screen.
Problems with MS Visual C++ Version 7 / VC.NET
----------------------------------------------
-Beside licensing problems with these compilers, there are known problems
-with DLL's. If Wireshark is compiled with MSVC Version 7, there are
+There are known problems with DLL's.
+If Wireshark is compiled with MSVC Version 7, there are
conflicts in the MSVCRT DLL's, The MSVCRT.DLL includes the standard
ANSI-C functions like fopen, malloc, etc.. MSVCRT.DLL is shipped with
the MSVC 6 compiler versions, and dynamically linked to prebuild DLL's
like the one's for gtk, glib and such. The MSVC 7 compiler now uses and
ships MSVCRT71.DLL with it, which is incompatible with MSVCRT.DLL. So
-when using the MSVC 7 compiler, some parts of the Ethereal code uses
+when using the MSVC 7 compiler, some parts of the Wireshark code uses
MSVCRT71.DLL, and some others (indirectly from e.g. the gtk DLL) will
use MSVCRT.DLL. This will result in incorrect file handles and such.
Instructions for Cygwin
-----------------------
-It is possible to build Ethereal under Cygwin using their version
+It is possible to build Wireshark under Cygwin using their version
of XFree86. References:
- http://www.ethereal.com/lists/ethereal-dev/200205/msg00107.html
- http://www.ethereal.com/lists/ethereal-dev/200302/msg00026.html
$ make check
$ make install
-5. Patch Makefile.am in <ethereal-src>/gtk/Makefile.am by
+5. Patch Makefile.am in <wireshark-src>/gtk/Makefile.am by
removing "ethclist.c" from the dependencies.
This patch is required since the private GTK+ clist widget
- (was required for earlier versions of GTK+ but prevents Ethereal
+ (was required for earlier versions of GTK+ but prevents Wireshark
from running with cygwin).
-6. Configure and make Ethereal:
+6. Configure and make Wireshark:
Set the path (if this has not yet been done earlier)
8. Run wireshark (add /opt/gnome/bin to $PATH if this is not yet done)
- $ <ethereal-src>/ethereal
+ $ <wireshark-src>/wireshark
And voila! Behold the mighty sniffer in all its glory!
want to use them. Note also that running "make install" produces lots of
output to the console; this is normal.
-Note: Compiling Ethereal under cygwin takes a lot of time, because the
+Note: Compiling Wireshark under cygwin takes a lot of time, because the
generation of 'register.c' takes ages. If you only edit one dissector and
you know what you're doing, it is acceptable to uncomment the generation
of the file 'register.c' in Makefile. Look for the 'register.c' target:
Of course, you need to generate the 'register.c' file at least once.
-Note: You can also capture packets on a cygwin built Ethereal. You then have
+Note: You can also capture packets on a cygwin built Wireshark. You then have
to unpack the WinPCap development package, install the files in lib/ and
include/ in say /usr/lib and /usr/include (they must be in the search path of
the compiler and linker, otherwise you have to specify the configure option
--with-pcap=/location/to/pcap so the packet capture functionality can be used.
-In order to run Ethereal, you have to add the .dll files in a directory in the
+In order to run Wireshark, you have to add the .dll files in a directory in the
PATH (e.g., /bin).
Should you want packet capturing enabled in the cygwin build, then you have to
remove --without-pcap from step 6.
git.samba.org / obnox / wireshark / wip.git / blobdiff