Before you build Wireshark from sources, or install a binary package, you must ensure that you have the following other packages installed:
-
GTK+, The GIMP Tool Kit.
You will also need Glib. Both can be obtained from www.gtk.org
-
libpcap, the packet capture software that Wireshark uses.
You can obtain libpcap from www.tcpdump.org
Depending on your system, you may be able to install these from binaries, e.g. RPMs, or you may need to obtain them in source code form and build them.
If you have downloaded the source for GTK+, the instructions shown in Example 2.1, “Building GTK+ from source” may provide some help in building it:
Example 2.1. Building GTK+ from source
gzip -dc gtk+-2.21.1.tar.gz | tar xvf -
<much output removed>
cd gtk+-2.21.1
./configure
<much output removed>
make
<much output removed>
make install
<much output removed>
![[Note]](note.png)
|
Note! |
|---|---|
|
You may need to change the version number of GTK+ in Example 2.1, “Building GTK+ from source” to match the version of GTK+ you have downloaded. The directory you change to will change if the version of GTK+ changes, and in all cases, tar xvf - will show you the name of the directory you should change to. |
|
|
Note! |
|---|---|
|
If you use Linux, or have GNU tar installed, you can use tar zxvf gtk+-2.21.1.tar.gz. It is also possible to use gunzip -c or gzcat rather than gzip -dc on many UNIX systems. |
|
|
Note! |
|---|---|
|
If you downloaded GTK+ or any other tar file using Windows, you may find your file called gtk+-2_21_1_tar.gz. |
You should consult the GTK+ web site if any errors occur in carrying out the instructions in Example 2.1, “Building GTK+ from source”.
If you have downloaded the source to libpcap, the general instructions shown in Example 2.2, “Building and installing libpcap” will assist in building it. Also, if your operating system does not support tcpdump, you might also want to download it from the tcpdump web site and install it.
Example 2.2. Building and installing libpcap
gzip -dc libpcap-1.0.0.tar.Z | tar xvf -
<much output removed>
cd libpcap-1.0.0
./configure
<much output removed>
make
<much output removed>
make install
<much output removed>
|
|
Note! |
|---|---|
|
The directory you should change to will depend on the version of libpcap you have downloaded. In all cases, tar xvf - will show you the name of the directory that has been unpacked. |
Under Red Hat 6.x and beyond (and distributions based on it, like Mandrake) you can simply install each of the packages you need from RPMs. Most Linux systems will install GTK+ and GLib in any case, however you will probably need to install the devel versions of each of these packages. The commands shown in Example 2.3, “ Installing required RPMs under Red Hat Linux 6.2 and beyond ” will install all the needed RPMs if they are not already installed.
Example 2.3. Installing required RPMs under Red Hat Linux 6.2 and beyond
cd /mnt/cdrom/RedHat/RPMS
rpm -ivh glib-1.2.6-3.i386.rpm
rpm -ivh glib-devel-1.2.6-3.i386.rpm
rpm -ivh gtk+-1.2.6-7.i386.rpm
rpm -ivh gtk+-devel-1.2.6-7.i386.rpm
rpm -ivh libpcap-0.4-19.i386.rpm
|
|
Note |
|---|---|
|
If you are using a version of Red Hat later than 6.2, the required RPMs have most likely changed. Simply use the correct RPMs from your distribution. |
Under Debian you can install Wireshark using aptitude. aptitude will handle any dependency issues for you. Example 2.4, “Installing debs under Debian, Ubuntu and other Debian derivatives” shows how to do this.
Example 2.4. Installing debs under Debian, Ubuntu and other Debian derivatives
aptitude install wireshark-dev