3.11. Binary Packaging

Delivering binary packages makes it much easier for the end-users to install Wireshark on their target system. This section will explain how the binary packages are made.

3.11.1. Packaging Guidelines

The following guidelines should be followed by anyone creating and distributing third-party Wireshark packages or redistributing official Wireshark packages.

Spelling And Capitalization

Wireshark is spelled with a capital “W”, and with everything else lower case. “WireShark” in particular is incorrect.

Main URL

The official Wireshark project URL is https://www.wireshark.org/.

Download URLs

Official packages are distributed on the main web server (www.wireshark.org) and a number of download mirrors. The canonical locations for packages are in the all_versions subdirectories on each server.

For example, if your packaging system links to or downloads the source tarball and you want to download from 1.na.dl.wireshark.org, use


instead of



Logo and icon artwork can be found in the image directory in the distribution. This is available online at



Wireshark is released under the GNU General Public License version 2 or later. Make sure you and your package comply with this license.


Wireshark and the “fin” logo are registered trademarks of the Wireshark Foundation. Make sure you and your package comply with trademark law.


All function calls that require elevated privileges are in dumpcap.


Warnings are displayed when Wireshark and TShark are run as root.

There are two configure-time options on non-Windows systems that affect the privileges a normal user needs to capture traffic and list interfaces:

Install dumpcap with cap_net_admin and cap_net_raw capabilities. Linux only.
Install dumpcap setuid root.

These are necessary for non-root users to be able to capture on most systems, e.g. on Linux or FreeBSD if the user doesn’t have permissions to access /dev/bpf*. Setcap installation is preferred over setuid on Linux. If -DDUMPCAP_INSTALL_OPTION=capabilities is used it will override any setuid settings.

The -DENABLE_CAP option is only useful when dumpcap is installed setuid. If it is enabled dumpcap will try to drop any setuid privileges it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW capabilities. It is enabled by default, if the Linux capabilities library (on which it depends) is found.

Note that enabling setcap or setuid installation allows packet capture for ALL users on your system. If this is not desired, you can restrict dumpcap execution to a specific group or user. The following two examples show how to restrict access using setcap and setuid respectively:

# groupadd -g packetcapture
# chmod 750 /usr/bin/dumpcap
# chgrp packetcapture /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap

# groupadd -g packetcapture
# chgrp packetcapture /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap

Custom version information can be added by running tools/make-version.pl. If your package contains significant changes we recommend that you use this to differentiate it from official Wireshark releases.

$ tools/make-version.pl --set-release --untagged-version-extra=-{vcsinfo}-FooCorp --tagged-version-extra=-FooCorp

See tools/make-version.pl for details.

The Git version corresponding to each release is in version.h. It’s defined as a string. If you need a numeric definition, let us know.

If you have a question not addressed here, please contact wireshark-dev[AT]wireshark.org.

3.11.2. Debian: .deb Packages

The Debian Package is built using dpkg-buildpackage, based on information found in the source tree under debian. See http://www.debian-administration.org/articles/336 for a more in-depth discussion of the build process.

In the wireshark directory, type:

$ dpkg-buildpackage -rfakeroot -us -uc

to build the Debian Package.

3.11.3. Red Hat: .rpm Packages

You can build an RPM package using the rpm-package target. The package version is derived from the current git HEAD, so you must build from a git checkout.

The package is built using rpmbuild, which comes as standard on many flavours of Linux, including Red Hat, Fedora, and openSUSE. The process creates a clean build environment in ${CMAKE_BINARY_DIR}/packaging/rpm/BUILD each time the RPM is built. The settings that control the build are in ${CMAKE_SOURCE_DIR}/packaging/rpm/wireshark.spec.in. The generated SPEC file contains CMake flags and other settings for the RPM build environment. Many of these come from the parent CMake environment. Notable ones are:

  • \_prefix is set to CMAKE_INSTALL_PREFIX. By default this is /usr/local. Pass -DCMAKE_INSTALL_PREFIX=/usr to create a package that installs into /usr.
  • Whether or not to create the “wireshark-qt” package (-DBUILD_wireshark).
  • Lua, c-ares, nghttp2, and other library support (-DENABLE_…​).
  • Building with Ninja (-G Ninja).

In your build directory, type:

$ ninja rpm-package
# ...or, if you're using GNU make...
$ make rpm-package

to build the binary and source RPMs. When it is finished there will be a message stating where the built RPM can be found.

[Tip]This might take a while

This creates a tarball, extracts it, compiles Wireshark, and constructs a package. This can take quite a long time. You can speed up the process by using Ninja. If you’re using GNU make you can add the following to your ~/.rpmmacros file to enable parallel builds:

%_smp_mflags -j %(grep -c processor /proc/cpuinfo)

Building the RPM package requires quite a few packages and libraries including GLib, gcc, bison, flex, Asciidoctor, and Qt development tools such as uic and moc. The required Qt packages can usually be obtained by installing the qt5-devel package. For a complete list of build requirements, look for the “BuildRequires” lines in packaging/rpm/wireshark.spec.in.

3.11.4. macOS: .dmg Packages

The macOS Package is built using macOS packaging tools, based on information found in the source tree under packaging/macosx. It must be built using CMake. In your build directory, type:

$ make dmg_package

to build the macOS Package.

3.11.5. Windows: NSIS .exe Installer

The Nullsoft Install System is a free installer generator for Windows systems. Instructions on installing it can be found in Section 4.16, “Windows: NSIS (Optional)”. NSIS is script based. You can find the main Wireshark installer generation script at packaging/nsis/wireshark.nsi.

When building with CMake you must first build the nsis_package_prep target, followed by the nsis_package target, e.g.

> msbuild /m /p:Configuration=RelWithDebInfo nsis_package_prep.vcxproj
> msbuild /m /p:Configuration=RelWithDebInfo nsis_package.vcxproj

Splitting the packaging projects in this way allows for code signing.

[Tip]This might take a while

Please be patient while the package is compressed. It might take some time, even on fast machines.

If everything went well, you will now find something like: wireshark-setup-2.9.1.exe in the packaging/nsis directory in your build directory.

3.11.6. Windows: PortableApps .paf.exe Package

PortableApps.com is an environment that lets users run popular applications from portable media such as flash drives and cloud drive services.

Install the PortableApps.com Platform. Install for “all users”, which will place it in C:\PortableApps. Add the following apps:

  • NSIS Portable (Unicode)
  • PortableApps.com Installer
  • PortableApps.com Launcher
  • PortableApps.com AppCompactor

When building with CMake you must first build the nsis_package_prep target (which takes care of general packaging dependencies), followed by the portableapps_package target, e.g.

> msbuild /m /p:Configuration=RelWithDebInfo nsis_package_prep.vcxproj
> msbuild /m /p:Configuration=RelWithDebInfo portableapps_package.vcxproj
[Tip]This might take a while

Please be patient while the package is compressed. It might take some time, even on fast machines.

If everything went well, you will now find something like: WiresharkPortable2.9.1.paf.exe_ in the packaging/portableapps directory.