1// WSUG Chapter BuildInstall 2 3[[ChapterBuildInstall]] 4 5== Building and Installing Wireshark 6 7[[ChBuildInstallIntro]] 8 9=== Introduction 10 11As with all things there must be a beginning and so it is with Wireshark. To 12use Wireshark you must first install it. If you are running Windows or macOS 13you can download an official release at {wireshark-download-url}, install it, 14and skip the rest of this chapter. 15 16If you are running another operating system such as Linux or FreeBSD you might 17want to install from source. Several Linux distributions offer Wireshark 18packages but they commonly provide out-of-date versions. No other versions of UNIX 19ship Wireshark so far. For that reason, you will need to know where to get the 20latest version of Wireshark and how to install it. 21 22This chapter shows you how to obtain source and binary packages and how to 23build Wireshark from source should you choose to do so. 24 25The general steps are the following: 26 27. Download the relevant package for your needs, e.g. source or binary 28 distribution. 29 30. For source distributions, compile the source into a binary. 31 This may involve building and/or installing other necessary packages. 32 33. Install the binaries into their final destinations. 34 35[[ChBuildInstallDistro]] 36 37=== Obtaining the source and binary distributions 38 39You can obtain both source and binary distributions from the Wireshark 40web site: {wireshark-download-url}. Select the download link and then 41select the desired binary or source package. 42 43[NOTE] 44.Download all required files 45==== 46If you are building Wireshark from source you will 47likely need to download several other dependencies. 48This is covered in detail below. 49 50// Make a ref 51==== 52 53 54// 55// Windows 56// 57 58[[ChBuildInstallWinInstall]] 59 60=== Installing Wireshark under Windows 61 62Windows installer names contain the platform and version. For example, 63Wireshark-win64-{wireshark-version}.exe installs Wireshark {wireshark-version} 64for 64-bit Windows. The Wireshark installer includes Npcap which is required 65for packet capture. 66 67Simply download the Wireshark installer from {wireshark-download-url} and execute it. 68Official packages are signed by the *Wireshark Foundation, Inc.*. 69You can choose to install several optional components and select the location of the installed package. 70The default settings are recommended for most users. 71 72[[ChBuildInstallWinComponents]] 73 74==== Installation Components 75 76On the _Choose Components_ page of the installer you can select from the following: 77 78* *Wireshark* - The network protocol analyzer that we all know and mostly love. 79 80* *TShark* - A command-line network protocol analyzer. If you haven’t tried it 81 you should. 82 83* *Plugins & Extensions* - Extras for the Wireshark and TShark dissection engines 84 85 - *Dissector Plugins* - Plugins with some extended dissections. 86 87 - *Tree Statistics Plugins* - Extended statistics. 88 89 - *Mate - Meta Analysis and Tracing Engine* - User configurable extension(s) 90 of the display filter engine, see <<ChMate>> for details. 91 92 - *SNMP MIBs* - SNMP MIBs for a more detailed SNMP dissection. 93 94* *Tools* - Additional command line tools to work with capture files 95 96 - *Editcap* - Reads a capture file and writes some or all of the packets into 97 another capture file. 98 99 - *Text2Pcap* - Reads in an ASCII hex dump and writes the data into a 100 pcap capture file. 101 102 - *Reordercap* - Reorders a capture file by timestamp. 103 104 - *Mergecap* - Combines multiple saved capture files into a single output file. 105 106 - *Capinfos* - Provides information on capture files. 107 108 - *Rawshark* - Raw packet filter. 109 110* *User’s Guide* - Local installation of the User’s Guide. The Help buttons on 111 most dialogs will require an internet connection to show help pages if the 112 User’s Guide is not installed locally. 113 114[[ChBuildInstallWinAdditionalTasks]] 115 116==== Additional Tasks 117 118* *Start Menu Shortcuts* - Add some start menu shortcuts. 119 120* *Desktop Icon* - Add a Wireshark icon to the desktop. 121 122* *Quick Launch Icon* - add a Wireshark icon to the Explorer quick launch toolbar. 123 124* *Associate file extensions to Wireshark* - Associate standard network trace files to Wireshark. 125 126[[ChBuildInstallWinLocation]] 127 128==== Install Location 129 130By default Wireshark installs into `%ProgramFiles%\Wireshark` on 32-bit Windows 131and `%ProgramFiles64%\Wireshark` on 64-bit Windows. This expands to `C:\Program 132Files\Wireshark` on most systems. 133 134[[ChBuildInstallNpcap]] 135 136==== Installing Npcap 137 138The Wireshark installer contains the latest Npcap installer. 139 140If you don’t have Npcap installed you won’t be able to capture live network 141traffic but you will still be able to open saved capture files. By default the 142latest version of Npcap will be installed. If you don’t wish to do this or if 143you wish to reinstall Npcap you can check the _Install Npcap_ box as needed. 144 145For more information about Npcap see {npcap-main-url} and 146{wireshark-wiki-url}Npcap. 147 148 149[[ChBuildInstallWinWiresharkCommandLine]] 150 151==== Windows installer command line options 152 153For special cases, there are some command line parameters available: 154 155* `/S` runs the installer or uninstaller silently with default values. The 156 silent installer *will not* install Npcap. 157 158* `/desktopicon` installation of the desktop icon, `=yes` - force installation, 159 `=no` - don’t install, otherwise use default settings. This option can be 160 useful for a silent installer. 161 162* `/quicklaunchicon` installation of the quick launch icon, `=yes` - force 163 installation, `=no` - don’t install, otherwise use default settings. 164 165* `/D` sets the default installation directory ($INSTDIR), overriding InstallDir 166 and InstallDirRegKey. It must be the last parameter used in the command line 167 and must not contain any quotes even if the path contains spaces. 168 169* `/NCRC` disables the CRC check. We recommend against using this flag. 170 171* `/EXTRACOMPONENTS` comma separated list of optional components to install. 172The following extcap binaries are supported. 173 174 175** `androiddump` - Provide interfaces to capture from Android devices 176 177** `ciscodump` - Provide interfaces to capture from a remote Cisco router through SSH 178 179** `randpktdump` - Provide an interface to generate random captures using randpkt 180 181** `sshdump` - Provide interfaces to capture from a remote host through SSH using a remote capture binary 182 183** `udpdump` - Provide an UDP receiver that gets packets from network devices 184 185Example: 186---- 187> Wireshark-win64-wireshark-2.0.5.exe /NCRC /S /desktopicon=yes /quicklaunchicon=no /D=C:\Program Files\Foo 188 189> Wireshark-win64-3.3.0.exe /S /EXTRACOMPONENTS=sshdump,udpdump 190---- 191 192Running the installer without any parameters shows the normal interactive installer. 193 194[[ChBuildInstallNpcapManually]] 195 196==== Manual Npcap Installation 197 198As mentioned above, the Wireshark installer also installs Npcap. 199If you prefer to install Npcap manually or want to use a different version than the 200one included in the Wireshark installer, you can download Npcap from 201the main Npcap site at {npcap-main-url}. 202 203[[ChBuildInstallWinWiresharkUpdate]] 204 205==== Update Wireshark 206 207The official Wireshark Windows package will check for new versions and notify 208you when they are available. If you have the _Check for updates_ preference 209disabled or if you run Wireshark in an isolated environment you should subscribe 210to the _wireshark-announce_ mailing list to be notified of new versions. 211See <<ChIntroMailingLists>> for details on subscribing to this list. 212 213New versions of Wireshark are usually released every four to six weeks. Updating 214Wireshark is done the same way as installing it. Simply download and start the 215installer exe. A reboot is usually not required and all your personal settings 216remain unchanged. 217 218[[ChBuildInstallNpcapUpdate]] 219 220==== Update Npcap 221 222Wireshark updates may also include a new version of Npcap. 223Manual Npcap updates instructions can be found on the Npcap web 224site at {npcap-main-url}. You may have to reboot your machine after installing 225a new Npcap version. 226 227[[ChBuildInstallWinUninstall]] 228 229==== Uninstall Wireshark 230 231You can uninstall Wireshark using the _Programs and Features_ control panel. 232Select the “Wireshark” entry to start the uninstallation procedure. 233 234The Wireshark uninstaller provides several options for removal. The default is 235to remove the core components but keep your personal settings and Npcap. 236Npcap is kept in case other programs need it. 237 238[[ChBuildInstallNpcapUninstall]] 239 240==== Uninstall Npcap 241 242You can uninstall Npcap independently of Wireshark using the _Npcap_ entry 243in the _Programs and Features_ control panel. Remember that if you uninstall 244Npcap you won’t be able to capture anything with Wireshark. 245 246[[ChBuildInstallWinBuild]] 247 248=== Building from source under Windows 249 250We strongly recommended using the binary installer for Windows unless you 251want to start developing Wireshark on the Windows platform. 252 253For further information how to obtain sources and build Wireshark for Windows 254from the sources see the Developer’s Guide at: 255 256* {wireshark-developers-guide-url}ChSrcObtain 257 258* {wireshark-developers-guide-url}ChSetupWin32 259 260You may also want to have a look at the Development Wiki 261({wireshark-wiki-url}Development) for the latest available development 262documentation. 263 264// 265// macOS 266// 267 268[[ChBuildInstallOSXInstall]] 269 270=== Installing Wireshark under macOS 271 272The official macOS packages are distributed as disk images (.dmg) containing the application bundle. 273To install Wireshark simply open the disk image and drag _Wireshark_ to your _/Applications_ folder. 274 275In order to capture packets, you must install the “ChmodBPF” launch daemon. 276You can do so by opening the _Install ChmodBPF.pkg_ file in the Wireshark .dmg or from Wireshark itself by opening menu:Wireshark[About Wireshark] selecting the “Folders” tab, and double-clicking “macOS Extras”. 277 278The installer package includes Wireshark along with ChmodBPF and system path packages. 279See the included _Read me first.html_ file for more details. 280 281[[ChBuildInstallUnixInstallBins]] 282 283=== Installing the binaries under UNIX 284 285In general installing the binary under your version of UNIX will be specific to 286the installation methods used with your version of UNIX. For example, under AIX, 287you would use _smit_ to install the Wireshark binary package, while under Tru64 288UNIX (formerly Digital UNIX) you would use _setld_. 289 290==== Installing from RPMs under Red Hat and alike 291 292Building RPMs from Wireshark’s source code results in several packages (most 293distributions follow the same system): 294 295* The `wireshark` package contains the core Wireshark libraries and command-line 296 tools. 297 298* The `wireshark` or `wireshark-qt` package contains the Qt-based GUI. 299 300Many distributions use `yum` or a similar package management tool to make 301installation of software (including its dependencies) easier. If your 302distribution uses `yum`, use the following command to install Wireshark 303together with the Qt GUI: 304 305---- 306yum install wireshark wireshark-qt 307---- 308 309If you’ve built your own RPMs from the Wireshark sources you can install them 310by running, for example: 311 312---- 313rpm -ivh wireshark-2.0.0-1.x86_64.rpm wireshark-qt-2.0.0-1.x86_64.rpm 314---- 315 316If the above command fails because of missing dependencies, install the 317dependencies first, and then retry the step above. 318 319==== Installing from debs under Debian, Ubuntu and other Debian derivatives 320 321If you can just install from the repository then use 322 323---- 324apt install wireshark 325---- 326 327Apt should take care of all of the dependency issues for you. 328 329[NOTE] 330.Capturing requires privileges 331==== 332By installing Wireshark packages non-root, users won’t gain rights automatically 333to capture packets. To allow non-root users to capture packets follow the 334procedure described in {wireshark-code-file-url}debian/README.Debian 335(file:///usr/share/doc/wireshark-common/README.Debian.gz[/usr/share/doc/wireshark-common/README.Debian.gz]) 336==== 337 338==== Installing from portage under Gentoo Linux 339 340Use the following command to install Wireshark under Gentoo Linux with all of 341the extra features: 342 343---- 344USE="c-ares ipv6 snmp ssl kerberos threads selinux" emerge wireshark 345---- 346 347==== Installing from packages under FreeBSD 348 349Use the following command to install Wireshark under FreeBSD: 350 351---- 352pkg_add -r wireshark 353---- 354 355pkg_add should take care of all of the dependency issues for you. 356 357[[ChBuildInstallUnixBuild]] 358 359=== Building from source under UNIX or Linux 360 361We recommended using the binary installer for your platform unless you 362want to start developing Wireshark. 363 364Building Wireshark requires the proper build environment including a 365compiler and many supporting libraries. For more information, see the Developer’s Guide at: 366 367* {wireshark-developers-guide-url}ChSrcObtain 368 369* {wireshark-developers-guide-url}ChapterSetup#ChSetupUNIX 370 371// End of WSUG Chapter 2 372 373