2006-05-30 19:45:12 +00:00
|
|
|
<!-- WSUG Chapter BuildInstall -->
|
2004-08-06 21:06:27 +00:00
|
|
|
<!-- $Id$ -->
|
|
|
|
|
|
|
|
<chapter id="ChapterBuildInstall">
|
2006-05-30 20:49:45 +00:00
|
|
|
<title>Building and Installing Wireshark</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<section id="ChBuildInstallIntro">
|
|
|
|
<title>Introduction</title>
|
|
|
|
<para>
|
|
|
|
As with all things, there must be a beginning, and so it is with
|
2006-05-30 20:49:45 +00:00
|
|
|
Wireshark. To use Wireshark, you must:
|
2004-08-06 21:06:27 +00:00
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Obtain a binary package for your operating system, or
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Obtain the source and build Wireshark for your operating system.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
</para>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Currently, only two or three Linux distributions ship Wireshark, and
|
2004-08-06 21:06:27 +00:00
|
|
|
they are commonly shipping an out-of-date version. No other versions
|
2006-05-30 20:49:45 +00:00
|
|
|
of UNIX ship Wireshark so far, and Microsoft does not ship it with any
|
2004-08-06 21:06:27 +00:00
|
|
|
version of Windows. For that reason, you will need to know where to
|
2006-05-30 20:49:45 +00:00
|
|
|
get the latest version of Wireshark and how to install it.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
This chapter shows you how to obtain source and binary packages,
|
2006-05-30 20:49:45 +00:00
|
|
|
and how to build Wireshark from source, should you choose to do so.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The following are the general steps you would use:
|
|
|
|
<orderedlist>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Download the relevant package for your needs, e.g. source or
|
|
|
|
binary distribution.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Build the source into a binary, if you have downloaded the
|
|
|
|
source.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
This may involve building and/or installing other necessary packages.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Install the binaries into their final destinations.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</orderedlist>
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallDistro">
|
|
|
|
<title>Obtaining the source and binary distributions</title>
|
|
|
|
<para>
|
2006-05-22 08:21:22 +00:00
|
|
|
You can obtain both source and binary distributions from the Wireshark
|
2006-05-30 20:49:45 +00:00
|
|
|
web site: <ulink url="&WiresharkWebSite;">&WiresharkWebSite;</ulink>.
|
2004-08-06 21:06:27 +00:00
|
|
|
Simply select the download link, and then select either the source
|
|
|
|
package or binary package of your choice from the mirror site closest
|
|
|
|
to you.
|
|
|
|
</para>
|
|
|
|
<note>
|
2005-06-13 20:01:05 +00:00
|
|
|
<title>Download all required files!</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
In general, unless you have already downloaded Wireshark
|
2004-08-06 21:06:27 +00:00
|
|
|
before, you will most likely need to download several source
|
2006-05-30 20:49:45 +00:00
|
|
|
packages if you are building Wireshark from source. This is
|
2004-08-06 21:06:27 +00:00
|
|
|
covered in more detail below. <!-- Make a ref -->
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
<para>
|
|
|
|
Once you have downloaded the relevant files, you can go on to the
|
|
|
|
next step.
|
|
|
|
</para>
|
|
|
|
<note>
|
|
|
|
<title>Note!</title>
|
|
|
|
<para>
|
|
|
|
While you will find a number of binary packages available on the
|
2006-05-30 20:49:45 +00:00
|
|
|
Wireshark web site, you might not find one for your platform, and
|
2004-08-06 21:06:27 +00:00
|
|
|
they often tend to be several versions behind the current released
|
|
|
|
version, as they are contributed by people who have the platforms
|
|
|
|
they are built for.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
For this reason, you might want to pull down the source distribution
|
|
|
|
and build it, as the process is relatively simple.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallBeforeBuild">
|
2006-05-30 20:49:45 +00:00
|
|
|
<title>Before you build <application>Wireshark</application> under UNIX</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Before you build Wireshark from sources, or install a binary package,
|
2004-08-06 21:06:27 +00:00
|
|
|
you must ensure that you have the following other packages installed:
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
|
|
<para>GTK+, The GIMP Tool Kit.</para>
|
|
|
|
<para>
|
|
|
|
You will also need Glib. Both can be obtained from
|
|
|
|
<ulink url="http://www.gtk.org">www.gtk.org</ulink>
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
libpcap, the packet capture software that Wireshark uses.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
You can obtain libpcap from
|
2006-05-31 21:49:26 +00:00
|
|
|
<ulink url="&TcpdumpWebsite;">www.tcpdump.org</ulink>
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
Depending on your system, you may be able to install these from
|
|
|
|
binaries, e.g. RPMs, or you may need to obtain them in source code
|
|
|
|
form and build them.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
If you have downloaded the source for GTK+, the instructions shown
|
|
|
|
in <xref linkend="Ch02Ex1"/> may provide some help in building it:
|
|
|
|
<example id="Ch02Ex1">
|
|
|
|
<title>Building GTK+ from source</title>
|
|
|
|
<programlisting>
|
|
|
|
gzip -dc gtk+-1.2.10.tar.gz | tar xvf -
|
|
|
|
<much output removed>
|
|
|
|
cd gtk+-1.2.10
|
|
|
|
./configure
|
|
|
|
<much output removed>
|
|
|
|
make
|
|
|
|
<much output removed>
|
|
|
|
make install
|
|
|
|
<much output removed>
|
|
|
|
</programlisting>
|
|
|
|
</example>
|
|
|
|
<note>
|
|
|
|
<title>Note!</title>
|
|
|
|
<para>
|
|
|
|
You may need to change the version number of gtk+ in
|
|
|
|
<xref linkend="Ch02Ex1"/> to match the version of GTK+ you have
|
|
|
|
downloaded. The directory you change to will change if the
|
|
|
|
version of GTK+ changes, and in all cases,
|
|
|
|
<command>tar xvf -</command> will show you the name of the
|
|
|
|
directory you should change to.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
<note>
|
|
|
|
<title>Note!</title>
|
|
|
|
<para>
|
|
|
|
If you use Linux, or have GNU <command>tar</command> installed,
|
|
|
|
you can use <command>tar zxvf gtk+-1.2.10.tar.gz</command>. It
|
|
|
|
is also possible to use <command>gunzip -c</command> or
|
|
|
|
<command>gzcat</command> rather than <command>gzip -dc</command>
|
|
|
|
on many UNIX systems.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
<note>
|
|
|
|
<title>Note!</title>
|
|
|
|
<para>
|
|
|
|
If you downloaded gtk+ or any other tar file using Windows,
|
|
|
|
you may find your file called gtk+-1_2_8_tar.gz.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
You should consult the GTK+ web site if any errors occur in carrying
|
|
|
|
out the instructions in <xref linkend="Ch02Ex1"/>.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
If you have downloaded the source to libpcap, the general instructions
|
|
|
|
shown in <xref linkend="Ch2Ex2"/> will assist in building it. Also,
|
|
|
|
if your operating system does not support <command>tcpdump</command>,
|
|
|
|
you might also want to download it from the
|
2006-05-31 21:49:26 +00:00
|
|
|
<ulink url="&TcpdumpWebsite;">tcpdump</ulink> web site and
|
2004-08-06 21:06:27 +00:00
|
|
|
install it.
|
|
|
|
<example id="Ch2Ex2">
|
|
|
|
<title>Building and installing libpcap</title>
|
|
|
|
<programlisting>
|
2006-07-28 01:22:59 +00:00
|
|
|
gzip -dc libpcap-0.9.4.tar.Z | tar xvf -
|
2004-08-06 21:06:27 +00:00
|
|
|
<much output removed>
|
2006-07-28 01:22:59 +00:00
|
|
|
cd libpcap-0.9.4
|
2004-08-06 21:06:27 +00:00
|
|
|
./configure
|
|
|
|
<much output removed>
|
|
|
|
make
|
|
|
|
<much output removed>
|
|
|
|
make install
|
|
|
|
<much output removed>
|
|
|
|
</programlisting>
|
|
|
|
</example>
|
|
|
|
</para>
|
|
|
|
<note>
|
|
|
|
<title>Note!</title>
|
|
|
|
<para>
|
|
|
|
The directory you should change to will depend on the version of
|
|
|
|
libpcap you have downloaded. In all cases,
|
|
|
|
<command>tar xvf -</command> will show you the name of the
|
|
|
|
directory that has been unpacked.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
<para>
|
|
|
|
Under RedHat 6.x and beyond (and distributions based on it, like
|
|
|
|
Mandrake) you can simply install each of the packages you need from
|
2006-09-28 19:53:11 +00:00
|
|
|
RPMs. Most Linux systems will install GTK+ and GLib in any case,
|
2004-08-06 21:06:27 +00:00
|
|
|
however, you will probably need to install the devel versions of
|
|
|
|
each of these packages. The commands shown in <xref linkend="Ch02Ex4"/>
|
|
|
|
will install all the needed RPMs if they are not already installed.
|
|
|
|
<example id="Ch02Ex4">
|
|
|
|
<title>
|
|
|
|
Installing required RPMs under RedHat Linux 6.2 and beyond
|
|
|
|
</title>
|
|
|
|
<programlisting>
|
|
|
|
cd /mnt/cdrom/RedHat/RPMS
|
|
|
|
rpm -ivh glib-1.2.6-3.i386.rpm
|
|
|
|
rpm -ivh glib-devel-1.2.6-3.i386.rpm
|
|
|
|
rpm -ivh gtk+-1.2.6-7.i386.rpm
|
|
|
|
rpm -ivh gtk+-devel-1.2.6-7.i386.rpm
|
|
|
|
rpm -ivh libpcap-0.4-19.i386.rpm
|
|
|
|
</programlisting>
|
|
|
|
</example>
|
|
|
|
</para>
|
|
|
|
<note>
|
|
|
|
<para>
|
|
|
|
If you are using a version of RedHat later than 6.2, the required
|
|
|
|
RPMs have most likely changed. Simply use the correct RPMs from your
|
|
|
|
distribution.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Under Debian you can install Wireshark using apt-get. apt-get will
|
2004-08-06 21:06:27 +00:00
|
|
|
handle any dependency issues for you. <xref linkend="Ch02Ex5"/> shows
|
|
|
|
how to do this.
|
|
|
|
<example id="Ch02Ex5">
|
|
|
|
<title>Installing debs under Debian</title>
|
|
|
|
<programlisting>
|
2006-05-31 21:49:26 +00:00
|
|
|
apt-get install wireshark-dev
|
2004-08-06 21:06:27 +00:00
|
|
|
</programlisting>
|
|
|
|
</example>
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallUnixBuild">
|
2006-05-30 20:49:45 +00:00
|
|
|
<title>Building Wireshark from source under UNIX</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Use the following general steps if you are building Wireshark from
|
2004-08-06 21:06:27 +00:00
|
|
|
source under a UNIX operating system:
|
|
|
|
<orderedlist>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Unpack the source from its <command>gzip</command>'d
|
|
|
|
<command>tar</command> file. If you are using Linux, or your
|
|
|
|
version of UNIX uses GNU <command>tar</command>, you can use the
|
|
|
|
following command:
|
|
|
|
<programlisting>
|
2006-05-31 19:12:15 +00:00
|
|
|
tar zxvf wireshark-&WiresharkCurrentVersion;-tar.gz
|
2004-08-06 21:06:27 +00:00
|
|
|
</programlisting>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
For other versions of UNIX, You will want to use the following
|
|
|
|
commands:
|
|
|
|
<programlisting>
|
2006-05-31 19:12:15 +00:00
|
|
|
gzip -d wireshark-&WiresharkCurrentVersion;-tar.gz
|
|
|
|
tar xvf wireshark-&WiresharkCurrentVersion;-tar
|
2004-08-06 21:06:27 +00:00
|
|
|
</programlisting>
|
|
|
|
<note>
|
|
|
|
<title>Note!</title>
|
|
|
|
<para>
|
|
|
|
The pipeline
|
|
|
|
<command>
|
2006-05-31 19:12:15 +00:00
|
|
|
gzip -dc wireshark-&WiresharkCurrentVersion;-tar.gz | tar xvf -
|
2004-08-06 21:06:27 +00:00
|
|
|
</command> will work here as well.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
<note>
|
|
|
|
<title>Note!</title>
|
|
|
|
<para>
|
2006-05-22 08:21:22 +00:00
|
|
|
If you have downloaded the Wireshark tarball under Windows,
|
2004-08-06 21:06:27 +00:00
|
|
|
you may find that your browser has created a file with
|
|
|
|
underscores rather than periods in its file name.
|
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2006-05-22 08:21:22 +00:00
|
|
|
Change directory to the Wireshark source directory.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Configure your source so it will build correctly for your
|
|
|
|
version of UNIX. You can do this with the following command:
|
|
|
|
<programlisting>
|
|
|
|
./configure
|
|
|
|
</programlisting>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
If this step fails, you will have to rectify the problems and
|
|
|
|
rerun <command>configure</command>. Troubleshooting hints are
|
|
|
|
provided in <xref linkend="ChBuildInstallUnixTrouble"/>.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Build the sources into a binary, with the <command>make</command>
|
|
|
|
command. For example:
|
|
|
|
<programlisting>
|
|
|
|
make
|
|
|
|
</programlisting>
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Install the software in its final destination, using the command:
|
|
|
|
<programlisting>
|
|
|
|
make install
|
|
|
|
</programlisting>
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</orderedlist>
|
|
|
|
</para>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Once you have installed Wireshark with <command>make install</command>
|
2004-08-06 21:06:27 +00:00
|
|
|
above, you should be able to run it by entering
|
2006-05-31 21:49:26 +00:00
|
|
|
<command>wireshark</command>.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallUnixInstallBins">
|
|
|
|
<title>Installing the binaries under UNIX</title>
|
|
|
|
<para>
|
|
|
|
In general, installing the binary under your version of UNIX will be
|
|
|
|
specific to the installation methods used with your version of UNIX.
|
|
|
|
For example, under AIX, you would use <command>smit</command> to
|
2006-05-22 08:21:22 +00:00
|
|
|
install the Wireshark binary package, while under Tru64 UNIX
|
2004-08-06 21:06:27 +00:00
|
|
|
(formerly Digital UNIX) you would use <command>setld</command>.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<section>
|
|
|
|
<title>Installing from rpm's under RedHat and alike</title>
|
|
|
|
<para>
|
2006-05-22 08:21:22 +00:00
|
|
|
Use the following command to install the Wireshark RPM that you have
|
|
|
|
downloaded from the Wireshark web site:
|
2004-08-06 21:06:27 +00:00
|
|
|
<programlisting>
|
2006-05-31 21:49:26 +00:00
|
|
|
rpm -ivh wireshark-&WiresharkCurrentVersion;.i386.rpm
|
2004-08-06 21:06:27 +00:00
|
|
|
</programlisting>
|
|
|
|
If the above step fails because of missing dependencies, install the
|
|
|
|
dependencies first, and then retry the step above. See
|
|
|
|
<xref linkend="Ch02Ex4"/> for information on what RPMs you will need
|
|
|
|
to have installed.
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section>
|
|
|
|
<title>Installing from deb's under Debian</title>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Use the following command to install Wireshark under Debian:
|
2004-08-06 21:06:27 +00:00
|
|
|
<programlisting>
|
2006-05-31 21:49:26 +00:00
|
|
|
apt-get install wireshark
|
2004-08-06 21:06:27 +00:00
|
|
|
</programlisting>
|
|
|
|
apt-get should take care of all of the dependency issues for you.
|
|
|
|
</para>
|
|
|
|
</section>
|
2006-12-17 21:41:19 +00:00
|
|
|
|
|
|
|
<section>
|
|
|
|
<title>Installing from portage under Gentoo Linux</title>
|
|
|
|
<para>
|
|
|
|
Use the following command to install Wireshark under Gentoo
|
|
|
|
Linux with all of the extra features:
|
|
|
|
<programlisting>
|
|
|
|
USE="adns gtk ipv6 portaudio snmp ssl kerberos threads selinux" emerge wireshark
|
|
|
|
</programlisting>
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section>
|
|
|
|
<title>Installing from packages under FreeBSD</title>
|
|
|
|
<para>
|
|
|
|
Use the following command to install Wireshark under FreeBSD:
|
|
|
|
<programlisting>
|
|
|
|
pkg_add -r wireshark
|
|
|
|
</programlisting>
|
|
|
|
pkg_add should take care of all of the dependency issues for you.
|
|
|
|
</para>
|
|
|
|
</section>
|
2004-08-06 21:06:27 +00:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallUnixTrouble">
|
|
|
|
<title>Troubleshooting during the install on Unix</title>
|
|
|
|
<para>
|
|
|
|
A number of errors can occur during the installation process.
|
|
|
|
Some hints on solving these are provided here.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
If the <command>configure</command> stage fails, you will need to find
|
|
|
|
out why. You can check the file <filename>config.log</filename> in the
|
|
|
|
source directory to find out what failed. The last few lines of this
|
|
|
|
file should help in determining the problem.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The standard problems are that you do not have GTK+ on your system,
|
|
|
|
or you do not have a recent enough version of GTK+. The
|
|
|
|
<command>configure</command> will also fail if you do not have libpcap
|
|
|
|
(at least the required include files) on your system.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Another common problem is for the final compile and link stage to
|
|
|
|
terminate with a complaint of: <errorname>Output too long.</errorname>
|
|
|
|
This is likely to be caused by an antiquated <command>sed</command>
|
|
|
|
(such as the one shipped with Solaris). Since <command>sed</command> is
|
|
|
|
used by the <command>libtool</command> script to construct the final
|
|
|
|
link command, this leads to mysterious problems. This can be
|
|
|
|
resolved by downloading a recent version of sed from
|
2004-09-06 17:43:16 +00:00
|
|
|
<ulink url="http://directory.fsf.org/GNU/sed.html"/>.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
If you cannot determine what the problems are, send mail to the
|
2006-05-31 19:12:15 +00:00
|
|
|
<command>wireshark-dev</command> mailing list explaining your problem,
|
2004-08-06 21:06:27 +00:00
|
|
|
and including the output from <filename>config.log</filename> and
|
|
|
|
anything else you think is relevant, like a trace of the
|
|
|
|
<command>make</command> stage.
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallWinBuild">
|
|
|
|
<title>Building from source under Windows</title>
|
|
|
|
<para>
|
|
|
|
It is recommended to use the binary installer for Windows,
|
2006-05-30 20:49:45 +00:00
|
|
|
until you want to start developing Wireshark on the Windows platform.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
For further information how to build Wireshark for Windows from the
|
2005-07-26 18:01:25 +00:00
|
|
|
sources, have a look at the Development Wiki:
|
2006-05-31 21:49:26 +00:00
|
|
|
<ulink url="&WiresharkWikiPage;/Development">&WiresharkWikiPage;/Development</ulink>
|
2005-07-26 18:01:25 +00:00
|
|
|
for the latest available development documentation.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallWinInstall">
|
2006-05-30 20:49:45 +00:00
|
|
|
<title>Installing Wireshark under Windows</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
In this section we explore installing Wireshark under Windows from the
|
2005-07-26 18:01:25 +00:00
|
|
|
binary packages.
|
|
|
|
</para>
|
2006-05-30 20:49:45 +00:00
|
|
|
<section id="ChBuildInstallWireshark">
|
|
|
|
<title>Install Wireshark</title>
|
2005-07-26 18:01:25 +00:00
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
You may acquire a binary installer of Wireshark named something like:
|
|
|
|
<filename>wireshark-setup-x.y.z.exe</filename>.
|
|
|
|
The Wireshark installer includes WinPcap, so you don't need to download
|
|
|
|
and install two separate packages.
|
2005-07-26 18:01:25 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
Simply download the Wireshark installer from:
|
|
|
|
<ulink url="&WiresharkBinariesPage;">&WiresharkBinariesPage;</ulink>
|
|
|
|
and execute it.
|
2004-08-22 12:22:09 +00:00
|
|
|
Beside the usual installer options like where to install the program,
|
2005-06-15 22:45:51 +00:00
|
|
|
there are several optional components.
|
2004-08-22 12:22:09 +00:00
|
|
|
</para>
|
2007-02-24 10:26:38 +00:00
|
|
|
<tip><title>Tip: Just keep the defaults!</title>
|
2005-06-15 22:45:51 +00:00
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
If you are unsure which settings to select, just keep the defaults.
|
2005-06-15 22:45:51 +00:00
|
|
|
</para>
|
|
|
|
</tip>
|
2007-02-24 12:40:35 +00:00
|
|
|
<section id="ChBuildInstallComponents">
|
|
|
|
<title>"Choose Components" page</title>
|
2004-08-22 12:22:09 +00:00
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
<command>Wireshark</command>
|
|
|
|
(both Wireshark GTK1 and 2 user interfaces cannot be installed at the same
|
|
|
|
time):
|
2004-08-22 12:22:09 +00:00
|
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
2006-05-31 21:49:26 +00:00
|
|
|
<command>Wireshark GTK1</command> - Wireshark is a GUI network protocol
|
2004-08-22 12:22:09 +00:00
|
|
|
analyzer.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
2006-05-31 21:49:26 +00:00
|
|
|
<command>Wireshark GTK2</command> - Wireshark is a GUI network protocol
|
2005-06-15 22:45:51 +00:00
|
|
|
analyzer (using the modern GTK2 GUI toolkit, recommended).
|
2004-08-22 12:22:09 +00:00
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
<command>GTK-Wimp</command> - GTKWimp is the GTK2 windows impersonator
|
2005-06-15 22:45:51 +00:00
|
|
|
(native Win32 look and feel, recommended).
|
2004-08-22 12:22:09 +00:00
|
|
|
</para></listitem>
|
2007-02-24 12:40:35 +00:00
|
|
|
</itemizedlist>
|
|
|
|
</para>
|
|
|
|
<para>
|
2006-05-31 17:38:42 +00:00
|
|
|
<command>TShark</command> - TShark is a command-line based network
|
2004-08-22 12:22:09 +00:00
|
|
|
protocol analyzer.
|
2007-02-24 12:40:35 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2007-02-24 10:26:38 +00:00
|
|
|
You may try the GTK1 selection if you experience any GUI problems with GTK2,
|
|
|
|
e.g. Windows with only 256 (8bit) color displays won't work well with GTK2.
|
|
|
|
However, the older GTK1 user interface doesn't provide some advanced
|
|
|
|
analyze and statistics features.
|
|
|
|
</para>
|
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
<command>Plugins / Extensions</command> (for the Wireshark and TShark
|
|
|
|
dissection engines):
|
2005-07-26 18:01:25 +00:00
|
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
|
|
|
<command>Dissector Plugins</command> - Plugins with some extended dissections.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
<command>Tree Statistics Plugins</command> - Plugins with some extended statistics.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
2006-09-11 20:41:32 +00:00
|
|
|
<command>Mate - Meta Analysis and Tracing Engine (experimental)</command>
|
|
|
|
- user configurable extension(s) of the display filter engine, see
|
2006-05-31 21:49:26 +00:00
|
|
|
<ulink url="&WiresharkWikiPage;/Mate">&WiresharkWikiPage;/Mate</ulink>
|
2005-07-26 18:01:25 +00:00
|
|
|
for details.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
<command>SNMP MIBs</command> - SNMP MIBs for a more detailed SNMP
|
|
|
|
dissection.
|
|
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
2007-02-24 12:40:35 +00:00
|
|
|
<command>Tools</command> (additional commnand line tools to work with
|
|
|
|
capture files):
|
2005-07-26 18:01:25 +00:00
|
|
|
<itemizedlist>
|
2004-08-22 12:22:09 +00:00
|
|
|
<listitem><para>
|
|
|
|
<command>Editcap</command> - Editcap is a program that reads a capture
|
|
|
|
file and writes some or all of the packets into another capture file.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
<command>Text2Pcap</command> - Text2pcap is a program that reads in an
|
|
|
|
ASCII hex dump and writes the data into a libpcap-style capture file.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
<command>Mergecap</command> - Mergecap is a program that combines multiple
|
|
|
|
saved capture files into a single output file.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
2004-10-20 18:50:58 +00:00
|
|
|
<command>Capinfos</command> - Capinfos is a program that provides
|
2004-08-22 12:22:09 +00:00
|
|
|
information on capture files.
|
|
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
2007-02-24 12:40:35 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command>User's Guide</command> -
|
|
|
|
Local installation of the User's Guide. The Help buttons on most dialogs
|
|
|
|
will require an internet connection to show help pages if the User's Guide
|
|
|
|
is not installed locally.
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
<section id="ChBuildInstallAdditionalTasks">
|
|
|
|
<title>"Additional Tasks" page</title>
|
|
|
|
<para>
|
2004-08-22 12:22:09 +00:00
|
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
2005-07-26 18:01:25 +00:00
|
|
|
<command>Start Menu Shortcuts</command> - add some start menu shortcuts.
|
2004-08-22 12:22:09 +00:00
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
2007-02-24 12:40:35 +00:00
|
|
|
<command>Desktop Icon</command> - add a Wireshark icon to the desktop.
|
2004-08-22 12:22:09 +00:00
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
2007-02-24 12:40:35 +00:00
|
|
|
<command>Quick Launch Icon</command> - add a Wireshark icon to the
|
2005-07-26 18:01:25 +00:00
|
|
|
Explorer quick launch toolbar.
|
2004-08-22 12:22:09 +00:00
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
2006-05-30 20:49:45 +00:00
|
|
|
<command>Associate file extensions to Wireshark</command> - Associate
|
|
|
|
standard network trace files to Wireshark.
|
2004-08-22 12:22:09 +00:00
|
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
</para>
|
2007-02-24 12:40:35 +00:00
|
|
|
</section>
|
|
|
|
<section id="ChBuildInstallWinPcap">
|
|
|
|
<title>"Install WinPcap?" page</title>
|
|
|
|
<para>
|
|
|
|
The Wireshark installer contains the latest released WinPcap installer.
|
2005-07-26 18:01:25 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
If you don't have WinPcap installed, you won't be able to capture live
|
|
|
|
network traffic, but you will still be able to open saved capture files.
|
2005-07-26 18:01:25 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
|
|
|
<command>Currently installed WinPcap version</command> - the Wireshark
|
|
|
|
installer detects the currently installed WinPcap version.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
<command>Install WinPcap x.x</command> - if the currently installed
|
|
|
|
version is older than the one coming with the Wireshark installer
|
|
|
|
(or WinPcap is not installed at all), this will be selected by default.
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
<command>Start WinPcap service "NPF" at startup</command> - so users
|
|
|
|
without administrative privileges can capture.
|
|
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
|
2005-08-19 21:09:38 +00:00
|
|
|
</para>
|
2005-07-26 18:01:25 +00:00
|
|
|
<para>
|
2005-08-19 21:09:38 +00:00
|
|
|
More WinPcap info:
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
2006-05-30 20:49:45 +00:00
|
|
|
Wireshark related:
|
2006-05-31 21:49:26 +00:00
|
|
|
<ulink url="&WiresharkWikiPage;/WinPcap">&WiresharkWikiPage;/WinPcap</ulink>
|
2005-08-19 21:09:38 +00:00
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
General WinPcap info:
|
|
|
|
<ulink url="&WinPcapWebsite;">&WinPcapWebsite;</ulink>
|
|
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
</para>
|
2007-02-24 12:40:35 +00:00
|
|
|
</section>
|
|
|
|
<section id="ChBuildInstallWiresharkCommandLine">
|
|
|
|
<title>Command line options</title>
|
|
|
|
<para>
|
|
|
|
You can simply start the Wireshark installer without any command line
|
|
|
|
parameters, it will show you the usual interactive installer.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
For special cases, there are some command line parameters available:
|
|
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
<command>/NCRC</command> disables the CRC check
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
<command>/S</command> runs the installer or uninstaller silently with
|
|
|
|
default values. Please note: The silent installer won't install WinPCap!
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
<command>/desktopicon</command> installation of the desktop icon,
|
|
|
|
<command>=yes</command> - force installation, <command>=no</command> -
|
|
|
|
don't install, otherwise use defaults / user settings.
|
|
|
|
This option can be useful for a silent installer.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
<command>/quicklaunchicon</command> installation of the quick launch icon,
|
|
|
|
<command>=yes</command> - force installation, <command>=no</command> -
|
|
|
|
don't install, otherwise use defaults / user settings.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
<command>/D</command> sets the default installation directory
|
|
|
|
($INSTDIR), overriding
|
|
|
|
InstallDir and InstallDirRegKey. It must be the last parameter used in
|
|
|
|
the command line and must not contain any quotes, even if the path
|
|
|
|
contains spaces.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
<para> Example:
|
|
|
|
<programlisting>
|
|
|
|
wireshark-setup-&WiresharkCurrentVersion;.exe /NCRC /S /desktopicon=yes
|
|
|
|
/quicklaunchicon=no /D=C:\Program Files\Foo
|
|
|
|
</programlisting>
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallWinPcapManually">
|
2005-08-19 21:09:38 +00:00
|
|
|
<title>Manual WinPcap Installation</title>
|
2007-02-24 12:40:35 +00:00
|
|
|
<note><title>Note!</title>
|
|
|
|
<para>
|
|
|
|
<command>As mentioned above, the Wireshark installer
|
|
|
|
takes care of the installation of WinPcap,
|
|
|
|
so usually you don't have to worry about WinPcap at all!</command>
|
|
|
|
</para>
|
|
|
|
</note>
|
2005-08-19 21:09:38 +00:00
|
|
|
<para>
|
|
|
|
The following is only necessary if you want to
|
2006-05-22 08:21:22 +00:00
|
|
|
try a different version than the one included in the Wireshark installer,
|
2005-08-19 21:09:38 +00:00
|
|
|
e.g. because a new WinPcap (beta) version was released.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Additional WinPcap versions (including newer alpha or beta releases)
|
|
|
|
can be downloaded from the following locations:
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem><para>
|
|
|
|
The main WinPcap site:
|
|
|
|
<ulink url="&WinPcapWebsite;">&WinPcapWebsite;</ulink>
|
|
|
|
</para></listitem>
|
|
|
|
<listitem><para>
|
|
|
|
The Wiretapped.net mirror:
|
|
|
|
<ulink url="http://www.mirrors.wiretapped.net/security/packet-capture/winpcap">
|
|
|
|
http://www.mirrors.wiretapped.net/security/packet-capture/winpcap</ulink>
|
|
|
|
</para></listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
At the download page you will find a single installer exe called something
|
|
|
|
like "auto-installer", which can be installed under various Windows
|
2007-02-24 12:40:35 +00:00
|
|
|
systems, including NT4.0/2000/XP/Vista.
|
2005-07-26 18:01:25 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
2005-08-19 21:09:38 +00:00
|
|
|
|
2006-05-30 20:49:45 +00:00
|
|
|
<section id="ChBuildInstallWinWiresharkUpdate">
|
|
|
|
<title>Update Wireshark</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
From time to time you may want to update your installed Wireshark to a more
|
2006-05-22 08:14:01 +00:00
|
|
|
recent version. If you join Wireshark's announce mailing list, you will be
|
2006-05-30 20:49:45 +00:00
|
|
|
informed about new Wireshark versions, see <xref
|
2004-08-06 21:06:27 +00:00
|
|
|
linkend="ChIntroMailingLists"/> for details how to subscribe to this list.
|
2005-08-19 21:09:38 +00:00
|
|
|
</para>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2007-02-24 12:40:35 +00:00
|
|
|
New versions of Wireshark usually become available every 8-12 weeks.
|
2006-05-22 08:14:01 +00:00
|
|
|
Updating Wireshark is done the same way as installing it, you simply
|
2004-08-06 21:06:27 +00:00
|
|
|
download and start the installer exe. A reboot is usually not required and
|
|
|
|
all your personal settings remain unchanged.
|
|
|
|
</para>
|
2005-08-19 21:09:38 +00:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallWinPcapUpdate">
|
|
|
|
<title>Update WinPcap</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2005-08-19 21:09:38 +00:00
|
|
|
New versions of WinPcap are less frequently available, maybe only once in a
|
2004-08-06 21:06:27 +00:00
|
|
|
year. You will find WinPcap update instructions where you can download new
|
2005-08-19 21:09:38 +00:00
|
|
|
WinPcap versions. Usually you have to reboot the machine after installing
|
|
|
|
a new WinPcap version.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
2005-08-19 21:09:38 +00:00
|
|
|
<warning><title>Warning!</title>
|
|
|
|
<para>
|
|
|
|
If you have an older version of WinPcap installed, you must un-install it
|
|
|
|
before installing the current version. Recent versions of the WinPcap
|
|
|
|
installer will take care of this.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
2005-08-19 21:09:38 +00:00
|
|
|
</warning>
|
2004-08-06 21:06:27 +00:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallWinUninstall">
|
2006-05-30 20:49:45 +00:00
|
|
|
<title>Uninstall Wireshark</title>
|
2004-08-06 21:06:27 +00:00
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
You can uninstall Wireshark the usual way, using the "Add or Remove
|
|
|
|
Programs" option inside the Control Panel. Select the "Wireshark" entry to
|
2005-08-19 21:09:38 +00:00
|
|
|
start the uninstallation procedure.
|
|
|
|
</para>
|
|
|
|
<para>
|
2006-05-22 08:14:01 +00:00
|
|
|
The Wireshark uninstaller will provide several options which things to be
|
2005-08-19 21:09:38 +00:00
|
|
|
uninstalled, the default is to remove the core components but keep the personal
|
|
|
|
settings, WinPcap and alike.
|
|
|
|
</para>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
WinPcap won't be uninstalled by default, as other programs than Wireshark
|
2005-08-19 21:09:38 +00:00
|
|
|
may use it as well.
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="ChBuildInstallWinPcapUninstall">
|
|
|
|
<title>Uninstall WinPcap</title>
|
|
|
|
<para>
|
2006-09-28 19:53:11 +00:00
|
|
|
You can uninstall WinPcap independently of Wireshark, using the "WinPcap"
|
2005-08-19 21:09:38 +00:00
|
|
|
entry in the "Add or Remove Programs" of the Control Panel.
|
|
|
|
</para>
|
|
|
|
<note><title>Note!</title>
|
|
|
|
<para>
|
2006-05-30 20:49:45 +00:00
|
|
|
After uninstallation of WinPcap you can't capture anything with Wireshark.
|
2005-08-19 21:09:38 +00:00
|
|
|
</para>
|
|
|
|
</note>
|
|
|
|
<para>
|
|
|
|
It might be a good idea to reboot Windows afterwards.
|
2004-08-06 21:06:27 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</chapter>
|
2006-05-30 19:45:12 +00:00
|
|
|
<!-- End of WSUG Chapter 2 -->
|