The following guidelines should be followed by anyone creating and distributing third-party Wireshark packages or redistributing official Wireshark packages.

Spelling And Capitalization

Wireshark is spelled with a capital “W”, and with everything else lower case. “WireShark” in particular is incorrect.

Main URL

The official Wireshark project URL is https://www.wireshark.org/.

Download URLs

Official packages are distributed on the main web server (www.wireshark.org) and a number of download mirrors. The canonical locations for packages are in the all_versions subdirectories on each server.

For example, if your packaging system links to or downloads the source tarball and you want to download from 1.na.dl.wireshark.org, use

https://1.na.dl.wireshark.org/download/src/all-versions/wireshark-4.5.0.tar.xz

instead of

https://1.na.dl.wireshark.org/download/src/wireshark-4.5.0.tar.xz

Staying Current

Wireshark releases are announced on the wireshark-announce mailing list. A PAD file is also published at https://www.wireshark.org/wireshark-pad.xml which contains the current stable version and release date.

Artwork

Logo and icon artwork can be found in the image directory in the distribution. This is available online at

https://gitlab.com/wireshark/wireshark/-/tree/master/image

Licensing

Wireshark is released under the GNU General Public License version 2 or later. Make sure you and your package comply with this license.

Trademarks

Wireshark and the “fin” logo are registered trademarks of the Wireshark Foundation. Make sure you and your package comply with trademark law.

Privileges

All function calls that require elevated privileges are in dumpcap.

WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

Warnings are displayed when Wireshark and TShark are run as root.

There are two configure-time options on non-Windows systems that affect the privileges a normal user needs to capture traffic and list interfaces:

These are necessary for non-root users to be able to capture on most systems, e.g. on Linux or FreeBSD if the user doesn’t have permissions to access /dev/bpf*. Setcap installation is preferred over setuid on Linux. If -DDUMPCAP_INSTALL_OPTION=capabilities is used it will override any setuid settings.

The -DENABLE_CAP option is only useful when dumpcap is installed setuid. If it is enabled dumpcap will try to drop any setuid privileges it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW capabilities. It is enabled by default, if the Linux capabilities library (on which it depends) is found.

Note that enabling setcap or setuid installation allows packet capture for ALL users on your system. If this is not desired, you can restrict dumpcap execution to a specific group or user. The following two examples show how to restrict access using setcap and setuid respectively:

# groupadd -g packetcapture
# chmod 750 /usr/bin/dumpcap
# chgrp packetcapture /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap

# groupadd -g packetcapture
# chgrp packetcapture /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap

Customization

Custom version information can be added by running tools/make-version.py. If your package contains significant changes we recommend that you use this to differentiate it from official Wireshark releases.

tools/make-version.py --set-release --untagged-version-extra=-{vcsinfo}-FooCorp --tagged-version-extra=-FooCorp .

See tools/make-version.py for details.

The Git version corresponding to each release is in version.h. It’s defined as a string. If you need a numeric definition, let us know.

If you have a question not addressed here, please contact wireshark-dev[AT]wireshark.org.

The Debian Package is built using dpkg-buildpackage, based on information found in the source tree under packaging/debian. You must create a top-level symbolic link to packaging/debian before building. See https://www.debian.org/doc/manuals/maint-guide/build.en.html for a more in-depth discussion of the build process.

In the wireshark directory, type:

ln -snf packaging/debian
export DEB_BUILD_OPTIONS="nocheck"
dpkg-buildpackage -b -us -uc -jauto

to build the Debian Package.

You can build an RPM package using the wireshark_rpm target. If you are building from a git checkout, the package version is derived from the current git HEAD. If you are building from source extracted from a tarball created with git archive (such as those downloaded from http://www.wireshark.org/download.html), you must place the original tarball into your build directory.

The package is built using rpmbuild, which comes as standard on many flavours of Linux, including Red Hat, Fedora, and openSUSE. The process creates a clean build environment in ${CMAKE_BINARY_DIR}/packaging/rpm/BUILD each time the RPM is built. The settings that control the build are in ${CMAKE_SOURCE_DIR}/packaging/rpm/wireshark.spec.in. The generated SPEC file contains CMake flags and other settings for the RPM build environment. Many of these come from the parent CMake environment. Notable ones are:

In your build directory, type:

ninja wireshark_rpm
# ...or, if you're using GNU make...
make wireshark_rpm

to build the binary and source RPMs. When it is finished there will be a message stating where the built RPM can be found.

Building the RPM package requires quite a few packages and libraries including GLib, gcc, flex, Asciidoctor, and Qt development tools such as uic and moc. The required Qt packages can usually be obtained by installing the qt5-devel package. For a complete list of build requirements, look for the “BuildRequires” lines in packaging/rpm/wireshark.spec.in.

The macOS Package is built using macOS packaging tools, based on information found in the source tree under packaging/macosx. It requires Asciidoctor and dmgbuild.

In your build directory, type:

ninja wireshark_dmg stratoshark_dmg # (Modify as needed)
# ...or, if you're using GNU make...
make wireshark_dmg stratoshark_dmg # (Modify as needed)

to build the macOS Packages.

The Nullsoft Install System is a free installer generator for Windows systems. Instructions on installing it can be found in Section 4.16, “Windows: NSIS (Optional)”. NSIS is script based. You can find the main Wireshark installer generation script at packaging/nsis/wireshark.nsi.

When building with CMake you must first build the wireshark_nsis_prep target, followed by the wireshark_nsis target, e.g.

> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj
> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis.vcxproj

Splitting the packaging projects in this way allows for code signing.

If everything went well, you will now find something like: wireshark-setup-4.5.0.exe in the packaging/nsis directory in your build directory.

PortableApps.com is an environment that lets users run popular applications from portable media such as flash drives and cloud drive services.

When building with CMake you must first build the wireshark_nsis_prep target (which takes care of general packaging dependencies), followed by the wireshark_portableapps target, e.g.

> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj
> msbuild /m /p:Configuration=RelWithDebInfo wireshark_portableapps.vcxproj

If everything went well, you will now find something like: WiresharkPortable64_4.5.0.paf.exe in the packaging/portableapps directory.