Chapter 2. Building and Installing Wireshark
2.1. Introduction
As with all things there must be a beginning and so it is with Wireshark. To use Wireshark you must first install it. If you are running Windows or macOS you can download an official release at https://www.wireshark.org/download.html, install it, and skip the rest of this chapter.
If you are running another operating system such as Linux or FreeBSD you might want to install from source. Several Linux distributions offer Wireshark packages but they commonly provide out-of-date versions. No other versions of UNIX ship Wireshark so far. For that reason, you will need to know where to get the latest version of Wireshark and how to install it.
This chapter shows you how to obtain source and binary packages and how to build Wireshark from source should you choose to do so.
The general steps are the following:
- Download the relevant package for your needs, e.g., source or binary distribution.
- For source distributions, compile the source into a binary. This may involve building and/or installing other necessary packages.
- Install the binaries into their final destinations.
2.2. Obtaining the source and binary distributions
You can obtain both source and binary distributions from the Wireshark main page or the download page at https://www.wireshark.org/download.html. Select the package most appropriate for your system.
2.3. Installing Wireshark under Windows
The official Windows packages can be downloaded from the Wireshark main page or the download page. Installer names contain the platform and version. For example, Wireshark-win64-3.7.1.exe installs Wireshark 3.7.1 for 64-bit Windows. The Wireshark installer includes Npcap which is required for packet capture. Windows packages automatically update. See Section 2.8, “Updating Wireshark” for details.
Simply download the Wireshark installer from https://www.wireshark.org/download.html and execute it. Official packages are signed by Sysdig, Inc… You can choose to install several optional components and select the location of the installed package. The default settings are recommended for most users.
2.3.1. Installation Components
On the Choose Components page of the installer you can select from the following:
- Wireshark - The network protocol analyzer that we all know and mostly love.
- TShark - A command-line network protocol analyzer. If you haven’t tried it you should.
- Plugins & Extensions - Extras for the Wireshark and TShark dissection engines
- Dissector Plugins - Plugins with some extended dissections.
- Tree Statistics Plugins - Extended statistics.
- Mate - Meta Analysis and Tracing Engine - User configurable extension(s) of the display filter engine, see Chapter 12, MATE for details.
- SNMP MIBs - SNMP MIBs for a more detailed SNMP dissection.
- Tools - Additional command line tools to work with capture files
- Editcap - Reads a capture file and writes some or all of the packets into another capture file.
- Text2Pcap - Reads in an ASCII hex dump and writes the data into a pcap capture file.
- Reordercap - Reorders a capture file by timestamp.
- Mergecap - Combines multiple saved capture files into a single output file.
- Capinfos - Provides information on capture files.
- Rawshark - Raw packet filter.
- User’s Guide - Local installation of the User’s Guide. The Help buttons on most dialogs will require an internet connection to show help pages if the User’s Guide is not installed locally.
2.3.2. Additional Tasks
- Start Menu Shortcuts - Add some start menu shortcuts.
- Desktop Icon - Add a Wireshark icon to the desktop.
- Quick Launch Icon - add a Wireshark icon to the Explorer quick launch toolbar.
- Associate file extensions to Wireshark - Associate standard network trace files to Wireshark.