Delivering binary packages makes it much easier for the end-users to install Wireshark on their target system. This section will explain how the binary packages are made.
The following guidelines should be followed by anyone creating and distributing third-party Wireshark packages or redistributing official Wireshark packages.
Wireshark is spelled with a capital “W”, and with everything else lower case. “WireShark” in particular is incorrect.
The official Wireshark project URL is https://www.wireshark.org/.
Official packages are distributed on the main web server (www.wireshark.org) and a number of download mirrors. The canonical locations for packages are in the all_versions subdirectories on each server.
For example, if your packaging system links to or downloads the source tarball and you want to download from 1.na.dl.wireshark.org, use
https://1.na.dl.wireshark.org/download/src/all-versions/wireshark-4.5.0.tar.xz
instead of
https://1.na.dl.wireshark.org/download/src/wireshark-4.5.0.tar.xz
Wireshark releases are announced on the wireshark-announce mailing list. A PAD file is also published at https://www.wireshark.org/wireshark-pad.xml which contains the current stable version and release date.
Logo and icon artwork can be found in the image directory in the distribution. This is available online at
https://gitlab.com/wireshark/wireshark/-/tree/master/image
Wireshark is released under the GNU General Public License version 2 or later. Make sure you and your package comply with this license.
Wireshark and the “fin” logo are registered trademarks of the Wireshark Foundation. Make sure you and your package comply with trademark law.
All function calls that require elevated privileges are in dumpcap.
WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.
Warnings are displayed when Wireshark and TShark are run as root.
There are two configure-time options on non-Windows systems that affect the privileges a normal user needs to capture traffic and list interfaces:
These are necessary for non-root users to be able to capture on most
systems, e.g. on Linux or FreeBSD if the user doesn’t have permissions
to access /dev/bpf*. Setcap installation is preferred over setuid on
Linux. If -DDUMPCAP_INSTALL_OPTION=capabilities
is used it will
override any setuid settings.
The -DENABLE_CAP
option is only useful when dumpcap is installed
setuid. If it is enabled dumpcap will try to drop any setuid privileges
it may have while retaining the CAP_NET_ADMIN
and CAP_NET_RAW
capabilities. It is enabled by default, if the Linux capabilities
library (on which it depends) is found.
Note that enabling setcap or setuid installation allows packet capture for ALL users on your system. If this is not desired, you can restrict dumpcap execution to a specific group or user. The following two examples show how to restrict access using setcap and setuid respectively:
# groupadd -g packetcapture # chmod 750 /usr/bin/dumpcap # chgrp packetcapture /usr/bin/dumpcap # setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap # groupadd -g packetcapture # chgrp packetcapture /usr/bin/dumpcap # chmod 4750 /usr/bin/dumpcap
Custom version information can be added by running
tools/make-version.py
. If your package contains significant changes we
recommend that you use this to differentiate it from official Wireshark
releases.
tools/make-version.py --set-release --untagged-version-extra=-{vcsinfo}-FooCorp --tagged-version-extra=-FooCorp .
See tools/make-version.py
for details.
The Git version corresponding to each release is in version.h. It’s defined as a string. If you need a numeric definition, let us know.
If you have a question not addressed here, please contact wireshark-dev[AT]wireshark.org.
The Debian Package is built using dpkg-buildpackage, based on information found in the source tree under packaging/debian. You must create a top-level symbolic link to packaging/debian before building. See https://www.debian.org/doc/manuals/maint-guide/build.en.html for a more in-depth discussion of the build process.
In the wireshark directory, type:
ln -snf packaging/debian export DEB_BUILD_OPTIONS="nocheck" dpkg-buildpackage -b -us -uc -jauto
to build the Debian Package.
You can build an RPM package using the wireshark_rpm
target. If you
are building from a git checkout, the package version is derived from
the current git HEAD. If you are building from source extracted from a
tarball created with git archive
(such as those downloaded from
http://www.wireshark.org/download.html), you must place the original
tarball into your build directory.
The package is built using rpmbuild, which comes as standard on many flavours of Linux, including Red Hat, Fedora, and openSUSE. The process creates a clean build environment in ${CMAKE_BINARY_DIR}/packaging/rpm/BUILD each time the RPM is built. The settings that control the build are in ${CMAKE_SOURCE_DIR}/packaging/rpm/wireshark.spec.in. The generated SPEC file contains CMake flags and other settings for the RPM build environment. Many of these come from the parent CMake environment. Notable ones are:
-DCMAKE_INSTALL_PREFIX=/usr
to create a package
that installs into /usr.
-DBUILD_wireshark
).
-DENABLE_…
).
-G Ninja
).
In your build directory, type:
ninja wireshark_rpm # ...or, if you're using GNU make... make wireshark_rpm
to build the binary and source RPMs. When it is finished there will be a message stating where the built RPM can be found.
This might take a while | |
---|---|
This creates a tarball, extracts it, compiles Wireshark, and constructs
a package. This can take quite a long time. You can speed up the process
by using Ninja. If you’re using GNU make you can add the following to
your %_smp_mflags -j %(grep -c processor /proc/cpuinfo) |
Building the RPM package requires quite a few packages and libraries
including GLib, gcc
, flex
, Asciidoctor, and Qt development
tools such as uic
and moc
. The required Qt packages can usually be
obtained by installing the qt5-devel package. For a complete list of
build requirements, look for the “BuildRequires” lines in
packaging/rpm/wireshark.spec.in.
The macOS Package is built using macOS packaging tools, based on information found in the source tree under packaging/macosx. It requires Asciidoctor and dmgbuild.
In your build directory, type:
ninja wireshark_dmg logray_dmg # (Modify as needed) # ...or, if you're using GNU make... make wireshark_dmg logray_dmg # (Modify as needed)
to build the macOS Packages.
The Nullsoft Install System is a free installer generator for Windows systems. Instructions on installing it can be found in Section 4.16, “Windows: NSIS (Optional)”. NSIS is script based. You can find the main Wireshark installer generation script at packaging/nsis/wireshark.nsi.
When building with CMake you must first build the wireshark_nsis_prep target, followed by the wireshark_nsis target, e.g.
> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj > msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis.vcxproj
Splitting the packaging projects in this way allows for code signing.
This might take a while | |
---|---|
Please be patient while the package is compressed. It might take some time, even on fast machines. |
If everything went well, you will now find something like: wireshark-setup-4.5.0.exe in the packaging/nsis directory in your build directory.
PortableApps.com is an environment that lets users run popular applications from portable media such as flash drives and cloud drive services.
C:\PortableApps
.
Add the following apps:
When building with CMake you must first build the wireshark_nsis_prep target (which takes care of general packaging dependencies), followed by the wireshark_portableapps target, e.g.
> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj > msbuild /m /p:Configuration=RelWithDebInfo wireshark_portableapps.vcxproj
This might take a while | |
---|---|
Please be patient while the package is compressed. It might take some time, even on fast machines. |
If everything went well, you will now find something like: WiresharkPortable64_4.5.0.paf.exe in the packaging/portableapps directory.