The following guidelines should be followed by anyone creating and distributing third-party Wireshark packages or redistributing official Wireshark packages.

Spelling And Capitalization

Wireshark is spelled with a capital “W”, and with everything else lower case. “WireShark” in particular is incorrect.

Main URL

The official Wireshark project URL is https://www.wireshark.org/.

Download URLs

Official packages are distributed on the main web server (www.wireshark.org) and a number of download mirrors. The canonical locations for packages are in the all_versions subdirectories on each server.

For example, if your packaging system links to or downloads the source tarball and you want to download from 1.na.dl.wireshark.org, use

https://1.na.dl.wireshark.org/download/src/all-versions/wireshark-3.5.0.tar.xz

instead of

https://1.na.dl.wireshark.org/download/src/wireshark-3.5.0.tar.xz

Artwork

Logo and icon artwork can be found in the image directory in the distribution. This is available online at

https://gitlab.com/wireshark/wireshark/tree/master;a=tree;f=image;hb=HEAD

Licensing

Wireshark is released under the GNU General Public License version 2 or later. Make sure you and your package comply with this license.

Trademarks

Wireshark and the “fin” logo are registered trademarks of the Wireshark Foundation. Make sure you and your package comply with trademark law.

Privileges

All function calls that require elevated privileges are in dumpcap.

WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

Warnings are displayed when Wireshark and TShark are run as root.

There are two configure-time options on non-Windows systems that affect the privileges a normal user needs to capture traffic and list interfaces:

These are necessary for non-root users to be able to capture on most systems, e.g. on Linux or FreeBSD if the user doesn’t have permissions to access /dev/bpf*. Setcap installation is preferred over setuid on Linux. If -DDUMPCAP_INSTALL_OPTION=capabilities is used it will override any setuid settings.

The -DENABLE_CAP option is only useful when dumpcap is installed setuid. If it is enabled dumpcap will try to drop any setuid privileges it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW capabilities. It is enabled by default, if the Linux capabilities library (on which it depends) is found.

Note that enabling setcap or setuid installation allows packet capture for ALL users on your system. If this is not desired, you can restrict dumpcap execution to a specific group or user. The following two examples show how to restrict access using setcap and setuid respectively:

# groupadd -g packetcapture
# chmod 750 /usr/bin/dumpcap
# chgrp packetcapture /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap

# groupadd -g packetcapture
# chgrp packetcapture /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap

Customization

Custom version information can be added by running tools/make-version.pl. If your package contains significant changes we recommend that you use this to differentiate it from official Wireshark releases.

tools/make-version.pl --set-release --untagged-version-extra=-{vcsinfo}-FooCorp --tagged-version-extra=-FooCorp

See tools/make-version.pl for details.

The Git version corresponding to each release is in version.h. It’s defined as a string. If you need a numeric definition, let us know.

If you have a question not addressed here, please contact wireshark-dev[AT]wireshark.org.

The Debian Package is built using dpkg-buildpackage, based on information found in the source tree under debian. See https://www.debian.org/doc/manuals/maint-guide/build.en.html for a more in-depth discussion of the build process.

In the wireshark directory, type:

dpkg-buildpackage -b -us -uc -jauto

to build the Debian Package.

You can build an RPM package using the rpm-package target. The package version is derived from the current git HEAD, so you must build from a git checkout.

The package is built using rpmbuild, which comes as standard on many flavours of Linux, including Red Hat, Fedora, and openSUSE. The process creates a clean build environment in ${CMAKE_BINARY_DIR}/packaging/rpm/BUILD each time the RPM is built. The settings that control the build are in ${CMAKE_SOURCE_DIR}/packaging/rpm/wireshark.spec.in. The generated SPEC file contains CMake flags and other settings for the RPM build environment. Many of these come from the parent CMake environment. Notable ones are:

In your build directory, type:

ninja rpm-package
# ...or, if you're using GNU make...
make rpm-package

to build the binary and source RPMs. When it is finished there will be a message stating where the built RPM can be found.

Building the RPM package requires quite a few packages and libraries including GLib, gcc, flex, Asciidoctor, and Qt development tools such as uic and moc. The required Qt packages can usually be obtained by installing the qt5-devel package. For a complete list of build requirements, look for the “BuildRequires” lines in packaging/rpm/wireshark.spec.in.

The macOS Package is built using macOS packaging tools, based on information found in the source tree under packaging/macosx. It requires Asciidoctor and dmgbuild.

In your build directory, type:

ninja dmg_package
# ...or, if you're using GNU make...
make dmg_package

to build the macOS Package.

The Nullsoft Install System is a free installer generator for Windows systems. Instructions on installing it can be found in Section 4.16, “Windows: NSIS (Optional)”. NSIS is script based. You can find the main Wireshark installer generation script at packaging/nsis/wireshark.nsi.

When building with CMake you must first build the nsis_package_prep target, followed by the nsis_package target, e.g.

> msbuild /m /p:Configuration=RelWithDebInfo nsis_package_prep.vcxproj
> msbuild /m /p:Configuration=RelWithDebInfo nsis_package.vcxproj

Splitting the packaging projects in this way allows for code signing.

If everything went well, you will now find something like: wireshark-setup-3.5.0.exe in the packaging/nsis directory in your build directory.

PortableApps.com is an environment that lets users run popular applications from portable media such as flash drives and cloud drive services.

Install the PortableApps.com Platform. Install for “all users”, which will place it in C:\PortableApps. Add the following apps:

When building with CMake you must first build the nsis_package_prep target (which takes care of general packaging dependencies), followed by the portableapps_package target, e.g.

> msbuild /m /p:Configuration=RelWithDebInfo nsis_package_prep.vcxproj
> msbuild /m /p:Configuration=RelWithDebInfo portableapps_package.vcxproj

If everything went well, you will now find something like: WiresharkPortable3.5.0.paf.exe_ in the packaging/portableapps directory.