1 See also https://gitlab.com/wireshark/wireshark/-/wikis/Development
2 and the Developer's Guide located at https://www.wireshark.org/docs/
3 and in the docbook/ subdirectory.
8 These are installation instructions for Unix and Unix-like systems.
9 These are not the installation instructions for Windows systems; see
10 README.windows for those instructions.
12 0. This is software. Beware.
14 1. If you wish to build Wireshark, make sure you have the Qt and GLib
15 development packages installed. Try running
16 'pkg-config glib-2.0 --modversion' to see if you have GLib 2.x
17 installed. Then try running 'pkg-config Qt5Widgets --modversion'
18 to see if you have Qt installed. Wireshark requires Qt 5.9 or later,
19 but the most recent LTS release is strongly recommended. It needs
20 version 2.50.0 or above of GLib. If you need to install or
21 re-install GLIB, you can find the packages at:
23 https://download.gnome.org/sources/glib/
27 https://www.qt.io/download
29 If you installed Qt or GLib from binary packages, you may have to
30 install corresponding "development" packages; there may be separate
31 "user's" and "developer's" packages, with the former not including
32 header files and the like. For example, Red Hat users will need to
33 install a "glib2-devel" .rpm.
35 2. If you wish to build TShark, the line-mode version of Wireshark,
36 make sure you have GLib installed. See note #1 above for instructions
37 on checking if you have GLib installed.
39 3. If you want to capture packets, make sure you have libpcap
40 installed. The latest "official" version can be found at
42 https://www.tcpdump.org .
44 If you installed libpcap from a binary package, you may have to
45 install a "development" package; for example, there's
46 apparently a "libpcap0" Debian package, but it just includes a
47 shared library, a copyright notice, changelog files, and a
48 README.md file - you also need to install a "libpcap-dev" package
49 to get header files, a non-shared library, and the man page.
50 Similarly, Red Hat users will need to install a "libpcap-devel"
51 .rpm to go along with the "libpcap" .rpm.
53 4. Building Wireshark requires Python, flex, and Asciidoctor.
55 5. Create a build directory separate from the source directory. It can
56 be anywhere, but you might run into issues if the path contains
59 6. Run 'cmake <options> <path/to/the/wireshark/sources>' in your build
60 directory. Running 'cmake -LH <path/to/the/wireshark/sources>'
61 displays a complete list of options. The "Tool Reference" section of
62 Developer's Guide contains general instructions for using CMake. Some
63 of the Wireshark-specific options are as follows:
66 CMake supports many different build systems, including UNIX
67 Make, MSBuild, and Ninja. UNIX Make is the default, but Ninja
71 By default CMake tries to find the Qt libraries so Wireshark,
72 the GUI packet analyzer, can be built. You can disable the
73 build of the GUI version of Wireshark with this switch.
76 By default the line-mode packet analyzer, TShark, is built.
77 Use this switch to avoid building it.
80 By default the capture-file editing program is built.
81 Use this switch to avoid building it.
84 By default the capture-file statistics reporting pogram
85 is built. Use this switch to avoid building it.
88 By default the capture-type reporting pogram is built. Use this
89 switch to avoid building it.
92 By default the capture-file merging program is built.
93 Use this switch to avoid building it.
95 -DBUILD_reordercap=OFF
96 By default the capture-file reordering program is built.
97 Use this switch to avoid building it.
100 By default the hex-dump-to-capture file conversion program
101 is built. Use this switch to avoid building it.
104 By default the display-filter-compiler test program is built.
105 Use this switch to avoid building it.
108 By default the program which creates random packet-capture files
109 is built. Use this switch to avoid building it.
112 By default the network traffic capture program is built.
113 Use this switch to avoid building it.
116 By default the program used to dump and analyze raw libpcap data
117 is built. Use this switch to avoid building it.
119 -DDUMPCAP_INSTALL_OPTION=suid
120 -DDUMPCAP_INSTALL_OPTION=capabilities
121 Wireshark and TShark rely on dumpcap for packet capture. Setting
122 this flag to "suid" installs dumpcap with setuid root
123 permissions, which lets any user on the system capture live
124 traffic. If this is not desired, you can restrict dumpcap's
125 permissions so that only a single user or group can run it and
126 set the "capabilities" flag.
128 Running Wireshark or TShark as root is not recommended.
131 By default, if 'cmake' finds libcap (the POSIX capabilities
132 library) dumpcap will be built so that if it is installed setuid
133 root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
134 before dropping root privileges. Use this option to disable this
138 If you choose to build a packet analyzer that can analyze
139 capture files but cannot capture packets on its own, but you
140 *do* have libpcap installed, or if you are trying to build
141 Wireshark on a system that doesn't have libpcap installed (in
142 which case you have no choice but to build a version that can
143 analyze capture files but cannot capture packets on its own),
144 use -DENABLE_PCAP=OFF to avoid using libpcap.
147 By default, if 'cmake' finds zlib (a.k.a, libz), the
148 wiretap library will be built so that it can read compressed
149 capture files. If you have zlib but do not wish to build
150 it into the wiretap library, used by Wireshark, TShark, and
151 the capture-file utilities that come in this package, use
155 By default, if 'cmake' finds brotli, the wiretap library
156 will be built so that it can read brotli compressed capture
157 files. If you have brotli but do not wish to build it into
158 the wiretap library, used by Wireshark, TShark, and the
159 capture-file utilities that come in this package, use this switch.
162 By default, if your system can support run-time loadable modules,
163 the packet analyzers are build with support for plugins.
164 Use this switch to build packet analyzers without plugin support.
166 7. After running 'cmake', you will see a summary of some
167 of the options you chose. Ensure that the summary reflects
168 what you want. If it doesn't, re-run 'cmake' with new options.
170 8. Run 'make', or 'ninja' if you chose to create Ninja build files.
171 Hopefully, you won't run into any problems.
173 9. Run './run/wireshark' or './run/tshark' or ./run/dumpcap, and make sure things are
174 working. You must have root privileges in order to capture live data.
176 10./a. Run 'make install'. If you're running a system that supports
177 the RPM packaging systems you can run
185 to make an installable package for your system. The installation path
186 defaults to /usr/local, so you'll probably want to pass
187 -DCMAKE_INSTALL_PREFIX=/usr to CMake.
189 10/b. If you 're running a system that supports APT (Debian/Ubuntu/etc.)
192 dpkg-buildpackage -us -uc -rfakeroot
194 in the source directory right after extracting of checking out
195 Wireshark's source code. (You don't have to run CMake/make/Ninja/etc.
196 prior to running dpkg-buildpackage)
199 If you have trouble with the build or installation process, you can
200 find assistance on the wireshark-users and wireshark-dev mailing lists (see
201 https://www.wireshark.org/lists/ for details) or the Wireshark Q&A site:
202 https://ask.wireshark.org .