forked from wireshark/wireshark
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
241 lines (186 loc) · 9.87 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
NOTE: this document applies to the Wireshark source releases and
buildbot source tarballs. It does not apply to source code checked out
directly from Git, as files such as the configuration script are not
checked into Git, but need to be generated from the autoconf and
automake files.
See https://wiki.wireshark.org/Development if you would like to build the
source code checked out directly from Git.
Installation
============
These are installation instructions for Unix and Unix-like systems
that can run the "configure" script in this same directory. These
are not the installation instructions for Windows systems; see
README.windows for those instructions.
0. This is software. Beware.
1. If you wish to build Wireshark, make sure you have GTK+ and GLib
installed. Try running 'pkg-config glib-2.0 --modversion' to see if
you have GLib 2.x installed. Then try running
'pkg-config gtk+-3.0 --modversion' to see if you
have GTK+ 3.x installed and, if that fails, try running
'pkg-config gtk+-2.0 --modversion' to see if you have GTK+ 2.x installed.
Wireshark needs version 3.0.0 or above of gtk+-3.0 or 2.12.0 or above of
gtk+-2.0 and version 2.16.0 or above of glib-2.0. If you need to install
or re-install GTK+ or GLIB, you can find the packages at:
http://www.gtk.org
If you installed GTK+ from a binary package, you may have to
install a "development" package; there may be separate "user's"
and "developer's" packages, with the former not including
header files and the like. For example, Red Hat users will
need to install a "gtk-devel" .rpm.
Note also that Wireshark configuration defaults to using GTK+ 3.x;
you need to configure with --disable-gtk3 to use GTK+ 2.x.
2. If you wish to build TShark, the line-mode version of Wireshark,
make sure you have GLIB installed. See note #1 above for instructions
on checking if you have GLIB installed. You can download GLIB from
the same site as GTK.
3. If you want to capture packets, make sure you have libpcap
installed. The latest "official" version can be found at
http://www.tcpdump.org .
If you installed libpcap from a binary package, you may have to
install a "development" package; for example, there's
apparently a "libpcap0" Debian package, but it just includes a
shared library, a copyright notice, changelog files, and a
README file - you also need to install a "libpcap-dev" package
to get header files, a non-shared library, and the man page.
Similarly, Red Hat users will need to install a "libpcap-devel"
.rpm to go along with the "libpcap" .rpm.
4. Building Wireshark requires Perl (specifically the pod2man program)
so that the documentation can be built.
5. Building Wireshark requires Python.
6. Run './configure' in the Wireshark distribution directory.
Running './configure --help' displays a complete list of options.
The file 'INSTALL.configure' contains general instructions for
using 'configure' and 'make'. Some of the Wireshark non-generic
configure options are as follows:
--disable-usr-local
By default 'configure' will look in /usr/local/{include,lib} for
additional header files and libraries. Using this switch keeps
'configure' from looking there
--disable-wireshark
By default 'configure' tries to find the GTK+ libraries so Wireshark,
the GUI packet analyzer, can be built. You can disable the build of
the GUI version of Wireshark with this switch.
--without-gtk3
Don't try to build a Gtk+ 3.x-based Wireshark. If given in
conjunction with --disable-gtk2 then the Gtk+ GUI is disabled (and
only the Qt GUI is built).
--without-gtk2
Don't try to build a Gtk+ 2.x-based Wireshark. If given in
conjunction with --disable-gtk3 then the Gtk+ GUI is disabled (and
only the Qt GUI is built).
--without-qt
Don't try to build a Qt-based Wireshark.
--disable-tshark
By default the line-mode packet analyzer, TShark, is built.
Use this switch to avoid building it.
--disable-editcap
By default the capture-file editing program is built.
Use this switch to avoid building it.
--disable-capinfos
By default the capture-file statistics reporting pogram
is built. Use this switch to avoid building it.
--disable-captype
By default the capture-type reporting pogram is built. Use this
switch to avoid building it.
--disable-mergecap
By default the capture-file merging program is built.
Use this switch to avoid building it.
--disable-reordercap
By default the capture-file reordering program is built.
Use this switch to avoid building it.
--disable-text2pcap
By default the hex-dump-to-capture file conversion program
is built. Use this switch to avoid building it.
--disable-dftest
By default the display-filter-compiler test program is built.
Use this switch to avoid building it.
--disable-randpkt
By default the program which creates random packet-capture files
is built. Use this switch to avoid building it.
--disable-dumpcap
By default the network traffic capture program is built.
Use this switch to avoid building it.
--disable-rawshark
By default the program used to dump and analyze raw libpcap data
is built. Use this switch to avoid building it.
--disable-ipv6
If 'configure' finds support for IPv6 name resolution on
your system, the packet analyzers will make use of it.
To avoid using IPv6 name resolution if you have the support for it,
use this switch.
--enable-setuid-install
Wireshark and TShark rely on dumpcap for packet capture. Setting this
flag installs dumpcap with setuid root permissions, which lets any user
on the system capture live traffic. If this is not desired, you can
restrict dumpcap's permissions so that only a single user or group can
run it. This can be used in conjunction with --with-libcap described
below.
Running Wireshark or TShark as root is not recommended.
--without-libcap
By default, if 'configure' finds libcap (the POSIX capabilities
library) dumpcap will be built so that if it is installed setuid
root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
before dropping root privileges. Use this option to disable this
behavior.
--with-libcap=DIR
Use this option to tell 'configure' where libcap is installed,
if it is installed in a non-standard location. Note that libcap
(the POSIX capabilities library, sans "p") and libpcap (the
packet capture library, avec "p") are two very different things.
--without-pcap
If you choose to build a packet analyzer that can analyze
capture files but cannot capture packets on its own, but you
*do* have libpcap installed, or if you are trying to build
Wireshark on a system that doesn't have libpcap installed (in
which case you have no choice but to build a version that can
analyze capture files but cannot capture packets on its own),
use --without-pcap to avoid using libpcap.
--with-pcap=DIR
Use this to tell Wireshark where you have libpcap installed, if
it is installed in a non-standard location.
--without-zlib
By default, if 'configure' finds zlib (a.k.a, libz), the
wiretap library will be built so that it can read compressed
capture files. If you have zlib but do not wish to build
it into the wiretap library, used by Wireshark, TShark, and
the capture-file utilities that come in this package, use
this switch.
--with-zlib=DIR
Use this to tell Wireshark where you have zlib installed, if it
is installed in a non-standard location.
--without-plugins
By default, if your system can support run-time loadable modules,
the packet analyzers are build with support for plugins.
Use this switch to build packet analyzers without plugin support.
--with-plugins=DIR
By default, plugins are installed in
${LIBDIR}/wireshark/plugins/${VERSION}
${LIBDIR} can be set with --libdir, or defaults to ${EPREFIX/lib}
${EPREFIX} can be set with --exec-prefix, or defaults to ${PREFIX}
${VERSION} is the Wireshark version.
Use this switch to change the location where plugins
are installed.
7. After running './configure', you will see a summary of some
of the options you chose. Ensure that the summary reflects
what you want. If it doesn't, re-run './configure' with new options.
8. Run 'make'. Hopefully, you won't run into any problems.
9. Run './wireshark' or './tshark' or ./dumpcap, and make sure things are
working. You must have root privileges in order to capture live data.
10./a. Run 'make install'. If you're running a system that supports
the RPM, OSX, or System V Release 4 packaging systems, you can
run one of
make rpm-package # Builds a binary package using rpm
make svr4-package # Builds a binary package using pkgmk
make solaris-package # Same as "make svr4-package"
make osx-package # Builds a binary package for OSX
to make an installable package for your system.
10/b. If you 're running a system that supports APT (Debian/Ubuntu/etc.)
run
dpkg-buildpackage -us -uc -rfakeroot
in the source directory right after extracting of checking out
Wireshark's source code. (You don't have to run configure/make/etc.
prior to running dpkg-buildpackage)
If you have trouble with the build or installation process, you can
find assistance on the wireshark-users and wireshark-dev mailing lists (see
http://www.wireshark.org/lists/ for details) or the Wireshark Q&A site:
https://ask.wireshark.org .