This book tries to give you a guide to start your own experiments into the wonderful world of
Wireshark development.
Developers who are new to Wireshark often have a hard time getting their development
environment up and running. This is especially true for Win32 developers, as a lot of the tools and
methods used when building Wireshark are much more common in the UNIX world than on
Win32.
The first part of this book will describe how to set up the environment needed to develop
Wireshark.
The second part of this book will describe how to change the Wireshark source code.
We hope that you find this book useful, and look forward to your comments.
Who should read this document?
The intended audience of this book is anyone going into the development of Wireshark.
This book is not intended to explain the usage of Wireshark in general. Please refer the Wireshark
User’s Guide about Wireshark usage.
By reading this book, you will learn how to develop Wireshark. It will hopefully guide you around
some common problems that frequently appear for new (and sometimes even advanced)
developers of Wireshark.
Acknowledgements
The authors would like to thank the whole Wireshark team for their assistance. In particular, the
authors would like to thank:
• Gerald Combs, for initiating the Wireshark project.
• Guy Harris, for many helpful hints and his effort in maintaining the various contributions on
the mailing lists.
• Frank Singleton from whose README.idl2wrsidl2wrs: Creating dissectors from CORBA IDL files is
derived.
The authors would also like to thank the following people for their helpful feedback on this
document:
1
• XXX - Please give feedback :-)
And of course a big thank you to the many, many contributors of the Wireshark development
community!
About this document
This book was developed by Ulf Lamping and updated for VS2013 by Graham Bloice
It is written in AsciiDoc.
Where to get the latest copy of this document?
The latest copy of this documentation can always be found at: https://www.wireshark.org/docs/ in
A4 PDF, US letter PDF, single HTML, and chunked HTML.
Providing feedback about this document
Should you have any feedback about this document, please send it to the authors through
wireshark-dev[AT]wireshark.org.
Typographic Conventions
The following table shows the typographic conventions that are used in this guide.
Table 1. Typographic Conventions
StyleDescriptionExample
ItalicFile names, folder names, and extensions C:\Development\wireshark.
Monospace
Bold
Monospace
[ Button ]Dialog and window buttonsPress [ Launch ] to go to the Moon.
Key
Commands, flags, and environment
variables
Commands that should be run by the
user
Keyboard shortcutPress Ctrl+Down to move to the next
CMake’s -G option.
Run cmake -G Ninja ...
packet.
MenuMenu item
Admonitions
Important and notable items are marked as follows:
2
Select Go › Next Packet to move to the
next packet.
This is a warning
WARNING
NOTE
This is a tip
TIP
Tips are helpful for your everyday work using Wireshark.
You should pay attention to a warning, otherwise data loss might occur.
This is a note
A note will point you to common mistakes and things that might not be obvious.
Shell Prompt and Source Code Examples
Bourne shell, normal user
$ # This is a comment
$ git config --global log.abbrevcommit true
Bourne shell, root user
# # This is a comment
# ninja install
Command Prompt (cmd.exe)
>rem This is a comment
>cd C:\Development
PowerShell
PS$># This is a comment
PS$>choco list -l
3
C Source Code
#include "config.h"
/* This method dissects foos */
static int
dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void
*data _U_)
{
Ê /* TODO: implement your dissecting code */
Ê return tvb_captured_length(tvb);
}
4
Wireshark Build Environment
Wireshark Build Environment
The first part describes how to set up the tools, libraries and source needed to generate Wireshark
and how to do some typical development tasks.
5
Introduction
Introduction
This chapter will provide you with information about Wireshark development in general.
What is Wireshark?
Well, if you want to start Wireshark development, you might already know what Wireshark is
doing. If not, please have a look at the Wireshark User’s Guide, which will provide a lot of general
information about it.
Supported Platforms
Wireshark currently runs on most UNIX platforms and various Windows platforms. It requires Qt,
GLib, libpcap and some other libraries in order to run.
As Wireshark is developed in a platform independent way and uses libraries (such as the Qt GUI
library) which are available for many different platforms, it’s thus available on a wide variety of
platforms.
If a binary package is not available for your platform, you should download the source and try to
build it. Please report your experiences to wireshark-dev[AT]wireshark.org.
Binary packages are available for the following platforms along with many others:
Unix
• Apple macOS
• FreeBSD
• HP-UX
• IBM AIX
• NetBSD
• OpenBSD
• Oracle Solaris
Linux
• Debian GNU/Linux
• Ubuntu
• Gentoo Linux
6
• IBM S/390 Linux (Red Hat)
• Mandrake Linux
• PLD Linux
• Red Hat Linux
• Rock Linux
• Slackware Linux
• Suse Linux
Microsoft Windows
Wireshark supports Windows natively via the Windows API. Note that in this documentation and
elsewhere we tend to use the terms “Win32”, “Win”, and “Windows” interchangeably to refer to the
Windows API. Wireshark runs on and can be compiled on the following platforms:
• Windows 10 / Windows Server 2016
• Windows 8.1 / Windows Server 2012 R2
• Windows 8 / Windows Server 2012
• Windows 7 / Windows Server 2008 R2
Development on Windows Vista, Server 2008, and older versions may be possible but is not
supported.
Development and maintenance of Wireshark
Wireshark was initially developed by Gerald Combs. Ongoing development and maintenance of
Wireshark is handled by the Wireshark core developers, a loose group of individuals who fix bugs
and provide new functionality.
There have also been a large number of people who have contributed protocol dissectors and other
improvements to Wireshark, and it is expected that this will continue. You can find a list of the
people who have contributed code to Wireshark by checking the About dialog box of Wireshark, or
have a look at the https://www.wireshark.org/about.html#authors page on the Wireshark web site.
The communication between the developers is usually done through the developer mailing list,
which can be joined by anyone interested in the development activities. At the time this document
was written, more than 500 persons were subscribed to this mailing list!
It is strongly recommended to join the developer mailing list, if you are going to do any Wireshark
development. See Mailing Lists about the different Wireshark mailing lists available.
7
Programming languages used
Most of Wireshark is implemented in plain ANSI C. A notable exception is the code in ui/qt, which is
written in C++.
The typical task for a new Wireshark developer is to extend an existing, or write a new dissector for
a specific network protocol. As (almost) any dissector is written in plain old ANSI C, a good
knowledge about ANSI C will be sufficient for Wireshark development in almost any case.
So unless you are going to change the build process of Wireshark itself, you won’t come in touch
with any other programming language than ANSI C (such as Perl or Python, which are used only in
the Wireshark build process).
Beside the usual tools for developing a program in C (compiler, make, …), the build process uses
some additional helper tools (Perl, Python, Sed, …), which are needed for the build process when
Wireshark is to be build and installed from the released source packages. If Wireshark is installed
from a binary package, none of these helper tools are needed on the target system.
Open Source Software
Wireshark is an open source software (OSS) project, and is released under the GNU General Public
License (GPL). You can freely use Wireshark on any number of computers you like, without
worrying about license keys or fees or such. In addition, all source code is freely available under
the GPL. Because of that, it is very easy for people to add new protocols to Wireshark, either as
plugins, or built into the source, and they often do!
You are welcome to modify Wireshark to suit your own needs, and it would be appreciated if you
contribute your improvements back to the Wireshark community.
You gain three benefits by contributing your improvements back to the community:
• Other people who find your contributions useful will appreciate them, and you will know that
you have helped people in the same way that the developers of Wireshark have helped you and
other people.
• The developers of Wireshark might improve your changes even more, as there’s always room
for improvement. Or they may implement some advanced things on top of your code, which can
be useful for yourself too.
• The maintainers and developers of Wireshark will maintain your code as well, fixing it when
API changes or other changes are made, and generally keeping it in tune with what is
happening with Wireshark. So if Wireshark is updated (which is done often), you can get a new
Wireshark version from the website and your changes will already be included without any
effort for you.
The Wireshark source code and binary packages for some platforms are all available on the
download page of the Wireshark website: https://www.wireshark.org/download.html.
8
Releases and distributions
The officially released files can be found at https://www.wireshark.org/download.html. A new
Wireshark version is released after significant changes compared to the last release are completed
or a serious security issue is encountered. The typical release schedule is about every 4-8 weeks
(although this may vary). There are two kinds of distributions: binary and source; both have their
advantages and disadvantages.
Binary distributions
Binary distributions are usually easy to install (as simply starting the appropriate file is usually the
only thing to do). They are available for the following systems:
• Windows (.exe file). The typical Windows end user is used to getting a setup.exe file which will
install all the required things for him.
• Win32 PAF (.paf.exe file). Another Windows end user method is to get a portable application file
which will install all the required things for him.
• Debian (.deb file). A user of a Debian Package Manager (DPKG) based system obtains a .deb file
from which the package manager checks the dependencies and installs the software.
• Red Hat (.rpm file). A user of a RPM Package Manager (RPM) based system obtains an .rpm file
from which the package manager checks the dependencies and installs the software.
• macOS (.dmg file). The typical macOS end user is used to getting a .dmg file which will install all
the required things for him.
• Solaris. A Solaris user obtains a file from which the package manager (PKG) checks the
dependencies and installs the software.
However, if you want to start developing with Wireshark, the binary distributions won’t be too
helpful, as you need the source files, of course.
For details about how to build these binary distributions yourself, e.g. if you need a distribution for
a special audience, see Binary packaging.
Source code distributions
It’s still common for UNIX developers to give the end user a source tarball and let the user compile
it on their target machine (configure, make, make install). However, for different UNIX (Linux)
distributions it’s becoming more common to release binary packages (e.g. .deb or .rpm files) these
days.
You should use the released sources if you want to build Wireshark from source on your platform
for productive use. However, if you going to develop changes to the Wireshark sources, it might be
better to use the latest GIT sources. For details about the different ways to get the Wireshark source
code see Obtain the Wireshark sources.
9
Before building Wireshark from a source distribution, make sure you have all the tools and
libraries required to build. The following chapters will describe the required tools and libraries in
detail.
Automated Builds (Buildbot)
The Wireshark Buildbot automatically rebuilds Wireshark on every change of the source code
repository and indicates problematic changes. This frees the developers from repeating (and
annoying) work, so time can be spent on more interesting tasks.
Advantages
• Recognizing (cross platform) build problems - early. Compilation problems can be narrowed
down to a few commits, making a fix much easier.
• "Health status" overview of the sources. A quick look at: https://buildbot.wireshark.org/
wireshark-master/ gives a good "feeling" if the sources are currently "well". On the other hand,
if all is "red", an update of a personal source tree might better be done later …
• "Up to date" binary packages are available. After a change was committed to the repository, a
binary package / installer is usually available within a few hours at: https://www.wireshark.org/
download/automated/. This can be quite helpful, e.g. a bug reporter can easily verify a bugfix by
installing a recent build.
• Automated regression tests. In particular, the fuzz tests often indicate "real life" problems that
are otherwise hard to find.
What does the Buildbot do?
The Buildbot will do the following (to a different degree on the different platforms):
• Check out from the source repository
• Build
• Create binary packages and installers
• Create source packages and run distribution checks
• Run regression tests
Each step is represented at the status page by a rectangle, green if it succeeded or red if it failed.
Most steps provide a link to the corresponding console logfile, to get additional information.
The Buildbot runs on a platform collection that represents the different "platform specialties" quite
well:
• Windows 8.1 x86 (Win32, little endian, Visual Studio 2013)
• Windows Server 2012 R2 x86-64 (Win64, little endian, Visual Studio 2013)
10
• Ubuntu x86-64 (Linux, little endian, gcc, Clang)
• macOS x86-64 (BSD, little endian, Clang)
and two buildslaves that run static code analysis to help spot coding issues:
• Visual Studio Code Analysis (Win64, little endian, VS 2013)
• Clang Code Analysis (Linux, little endian, Clang)
Each platform is represented at the status page by a single column, the most recent entries are at
the top.
Reporting problems and getting help
If you have problems, or need help with Wireshark, there are several places that may be of interest
to you (well, beside this guide of course).
Website
You will find lots of useful information on the Wireshark homepage at https://www.wireshark.org/.
Wiki
The Wireshark Wiki at https://wiki.wireshark.org/ provides a wide range of information related to
Wireshark and packet capturing in general. You will find a lot of information not part of this
developer’s guide. For example, there is an explanation how to capture on a switched network, an
ongoing effort to build a protocol reference and a lot more.
And best of all, if you would like to contribute your knowledge on a specific topic (maybe a network
protocol you know well), you can edit the Wiki pages by simply using your webbrowser.
FAQ
The "Frequently Asked Questions" will list often asked questions and the corresponding answers.
Before sending any mail to the mailing lists below, be sure to read the FAQ, as it will often answer
any questions you might have. This will save yourself and others a lot of time. Keep in mind that a
lot of people are subscribed to the mailing lists.
You will find the FAQ inside Wireshark by clicking the menu item Help/Contents and selecting the
FAQ page in the upcoming dialog.
An online version is available at the Wireshark website: https://www.wireshark.org/faq.html. You
might prefer this online version as it’s typically more up to date and the HTML format is easier to
use.
11
Other sources
If you don’t find the information you need inside this book, there are various other sources of
information:
• The file doc/README.developer and all the other README.xxx files in the source code. These are
various documentation files on different topics
Read the README
README.developer is packed full with all kinds of details relevant to the developer
NOTE
• The Wireshark source code
• Tool documentation of the various tools used (e.g. manpages of sed, gcc, etc.)
• The different mailing lists. See Mailing Lists
of Wireshark source code. Its companion file README.dissector advises you around
common pitfalls, shows you basic layout of dissector code, shows details of the APIs
available to the dissector developer, etc.
Mailing Lists
There are several mailing lists available on specific Wireshark topics:
wireshark-announce
This mailing list will inform you about new program releases, which usually appear about every
4-8 weeks.
wireshark-users
This list is for users of Wireshark. People post questions about building and using Wireshark,
others (hopefully) provide answers.
wireshark-dev
This list is for Wireshark developers. People post questions about the development of Wireshark,
others (hopefully) provide answers. If you want to start developing a protocol dissector, join this
list.
wireshark-bugs
This list is for Wireshark developers. Every time a change to the bug database occurs, a mail to
this mailing list is generated. If you want to be notified about all the changes to the bug database,
join this list. Details about the bug database can be found in Bug database (Bugzilla).
wireshark-commits
This list is for Wireshark developers. Every time a change to the GIT repository is checked in, a
mail to this mailing list is generated. If you want to be notified about all the changes to the GIT
repository, join this list. Details about the GIT repository can be found in The Wireshark Git
12
repository.
You can subscribe to each of these lists from the Wireshark web site: https://www.wireshark.org/
lists/. From there, you can choose which mailing list you want to subscribe to by clicking on the
Subscribe/Unsubscribe/Options button under the title of the relevant list. The links to the archives
are included on that page as well.
The archives are searchable
TIP
You can search in the list archives to see if someone previously asked the same
question and maybe already got an answer. That way you don’t have to wait until
someone answers your question.
Bug database (Bugzilla)
The Wireshark community collects bug reports in a Bugzilla database at https://bugs.wireshark.org/.
This database is filled with manually filed bug reports, usually after some discussion on wiresharkdev, and automatic bug reports from the Buildbot tools.
Q&A Site
The Wireshark Q&A site at https://ask.wireshark.org/ offers a resource where questions and
answers come together. You have the option to search what questions were asked before and what
answers were given by people who knew about the issue. Answers are graded, so you can pick out
the best ones easily. If your issue isn’t discussed before you can post one yourself.
Reporting Problems
Test with the latest version
NOTE
If you report problems, provide as much information as possible. In general, just think about what
you would need to find that problem, if someone else sends you such a problem report. Also keep in
mind that people compile/run Wireshark on a lot of different platforms.
When reporting problems with Wireshark, it is helpful if you supply the following information:
1. The version number of Wireshark and the dependent libraries linked with it, e.g. Qt, GLib, etc.
You can obtain this with the command wireshark -v.
2. Information about the platform you run Wireshark on.
3. A detailed description of your problem.
4. If you get an error/warning message, copy the text of that message (and also a few lines before
and after it, if there are some), so others may find the build step where things go wrong. Please
Before reporting any problems, please make sure you have installed the latest
version of Wireshark. Reports on older maintenance releases are usually met with
an upgrade request.
13
don’t give something like: "I get a warning when compiling x" as this won’t give any direction to
look at.
Don’t send large files
Do not send large files (>100KB) to the mailing lists, just place a note that further
NOTE
WARNING
data is available on request. Large files will only annoy a lot of people on the list
who are not interested in your specific problem. If required, you will be asked for
further data by the persons who really can help you.
Don’t send confidential information
If you send captured data to the mailing lists, or add it to your bug report, be
sure it doesn’t contain any sensitive or confidential information, such as
passwords. Visibility of such files can be limited to certain groups in the
Bugzilla database though.
Reporting Crashes on UNIX/Linux platforms
When reporting crashes with Wireshark, it is helpful if you supply the traceback information
(besides the information mentioned in Reporting Problems).
You can obtain this traceback information with the following commands:
Type the characters in the first line verbatim. Those are back-tics there.
backtrace is a gdb command. You should enter it verbatim after the first line shown
NOTE
above, but it will not be echoed. The ^D (Control-D, that is, press the Control key and
the D key together) will cause gdb to exit. This will leave you with a file called bt.txt
in the current directory. Include the file with your bug report.
If you do not have gdb available, you will have to check out your operating system’s
debugger.
You should mail the traceback to wireshark-dev[AT]wireshark.org or attach it to your bug report.
Reporting Crashes on Windows platforms
You can download Windows debugging symbol files (.pdb) from the following locations:
Files are named "Wireshark-pdb-winbits-x.y.z.zip" to match their corresponding "Wiresharkwinbits-x.y.z.exe" installer packages.
15
Quick Setup
UNIX: Installation
All the tools required are usually installed on a UNIX developer machine.
If a tool is not already installed on your system, you can usually install it using the package in your
distribution: aptitude, yum, Synaptic, etc.
If an install package is not available or you have a reason not to use it (maybe because it’s simply
too old), you can install that tool from source code. The following sections will provide you with the
webpage addresses where you can get these sources.
Win32/64: Step-by-Step Guide
A quick setup guide for Win32 and Win64 with recommended configuration.
Unless you know exactly what you are doing, you should strictly follow the
recommendations below. They are known to work and if the build breaks,
please re-read this guide carefully.
WARNING
Known traps are:
1. Not using the correct (x86 or x64) version of the Visual Studio command
prompt.
2. Not copying/downloading the correct version of vcredist_xYY.exe.
Install Microsoft C compiler and SDK
You need to install, in exactly this order:
1. C compiler: Download and install “Microsoft Visual Studio 2015 Community Edition.” This is a
small download that then downloads all the other required parts (which are quite large).
Select the "Custom" install and then uncheck all the optional components other than "Common
Tools for Visual C++ 2015" (unless you want to use them for purposes other than Wireshark).
You can use Chocolatey to install Visual Studio, to correctly configure the installation, copy the
deployment XML file msvc2015AdminDeployment.xml from the source code tools directory and
pass the path the file to the chocolatey install command:
You can use other Microsoft C compiler variants, but VS2015 is used to build the development
releases and is the preferred option. It’s possible to compile Wireshark with a wide range of
Microsoft C compiler variants. For details see Ninja.
You may have to do this as Administrator.
Compiling with gcc or Clang is not recommended and will certainly not work (at least not without a
lot of advanced tweaking). For further details on this topic, see GNU compiler toolchain (UNIX and
UNIX-like platforms only). This may change in future as releases of Visual Studio add more cross-
platform support.
Why is this recommended? While this is a huge download, Visual Studio 2015 Community Edition is
the only free (as in beer) versions that includes the Visual Studio integrated debugger. Visual Studio
2015 is also used to create official Wireshark builds, so it will likely have fewer developmentrelated problems.
Install Qt
The main Wireshark application uses the Qt windowing toolkit. To install Qt download the Qt
Online Installer for Windows from the Qt Project "Download Open Source" page and select a
component that matches your target system and compiler. For example, the “msvc2015 64-bit”
component is used to build the official 64-bit packages. You can deselect all the Qt xxxx (e.g. Qt
Charts) components as they aren’t required.
Note that installation of separate Qt components are required for 32 bit and 64 bit builds, e.g.
“msvc2015 32-bit” and “msvc2015 64-bit”. The environment variable QT5_BASE_DIR should be set as
appropriate for your environment and should point to the Qt directory that contains the bin
directory, e.g. C:\Qt\5.9.1\msvc2015_64
The Qt maintenance tool (C:\Qt\MaintenanceTool.exe) can be used to upgrade Qt to newer versions.
Recommended: Install Chocolatey
Chocolatey is a native package manager for Windows. There are packages for most of the software
listed below. Along with traditional Windows packages it supports the Python Package Index and
Cygwin.
Chocolatey tends to install packages into its own path (%ChocolateyInstall%). In most cases this is
OK, but in some instances (Python in particular) this might not be what you want. You can install
Chocolatey packages using the command choco install.
17
> rem Flex and Bison are required.
> choco install -y winflexbison
> rem Git, CMake, Perl, Python, etc are also required, but can be installed
> rem via their respective installation packages.
> choco install -y git cmake
> rem Choose one of Strawberry...
> choco install -y strawberryperl
> rem ...or ActiveState Perl
> choco install -y activeperl
> rem This will likely install Python in a non-standard location, but
> rem should otherwise work.
> choco install -y python3
Optional: Install Cygwin
On 32-bit Windows, download the 32-bit Cygwin installer and start it. On 64-bit Windows,
download the 64-bit Cygwin installer and start it.
Cygwin is no longer required
NOTE
At the "Select Packages" page, you’ll need to select some additional packages which are not installed
by default. Navigate to the required Category/Package row and, if the package has a "Skip" item in
the "New" column, click on the "Skip" item so it shows a version number for:
• Devel/bison (or install Win flex-bison — see Chocolatey above)
• Devel/flex (or install Win flex-bison — see Chocolatey above)
• Devel/git (recommended, but it’s also available via Chocolatey — see the Git discussion below)
• Interpreters/perl
• Utils/patch (only if needed) (may be Devel/patch instead)
• Text/docbook-xml45 (only needed if you’re building the documenation)
You might also have to install
• Interpreters/m4
In the past the Wireshark development toolchain depended on Cygwin, but it it no
longer required. Although you can often use the Cygwin version of a particular tool
for Wireshark development that’s not always the case.
if installing Devel/bison doesn’t provide a working version of Bison. If m4 is missing bison will fail.
After clicking the [ Next ] button several times, the setup will then download and install the
selected packages (this may take a while).
18
Alternatively you can install Cygwin and its packages using Chocolatey:
Chocolatey installs Cygwin in C:\tools\cygwin by default.
You can directly download packages via cyg-get
PS$>cyg-get docbook-xml45 [...]
Install Python
Get the Python 3.5 or 2.7 installer from http://python.org/download/ and install Python into the
default location (C:\Python35 or C:\Python27).
Why is this recommended? Cygwin’s /usr/bin/python is a Cygwin-specific symbolic link which
cannot be run from Windows. The native package is faster as well.
Alternatively you can install Python using Chocolatey:
PS$>choco install -y python3
or
PS$>choco install -y python2
Chocolatey installs Python in C:\tools\python3 and C:\tools\python2 by default.
Install Git
Please note that the following is not required to build Wireshark but can be quite helpful when
working with the sources.
Working with the Git source repositories is highly recommended, as described in Obtain the
Wireshark sources. It is much easier to update a personal source tree (local repository) with Git
rather than downloading a zip file and merging new sources into a personal source tree by hand. It
also makes first-time setup easy and enables the Wireshark build process to determine your
current source code revision.
There are several ways in which Git can be installed. Most packages are available at the URLs below
or via Chocolatey. Note that many of the GUI interfaces depend on the command line version.
19
If installing the Windows version of git select the Use Git from the Windows Command Prompt (in
chocolatey the /GitOnlyOnPath option). Do not select the Use Git and optional Unix tools from theWindows Command Prompt option (in chocolatey the /GitAndUnixToolsOnPath option).
The Official Windows Installer
The official command-line installer is available at https://git-scm.com/download/win.
Git Extensions
Git Extensions is a native Windows graphical Git client for Windows. You can download the
installer from https://github.com/gitextensions/gitextensions/releases/latest.
TortoiseGit
TortoiseGit is a native Windows graphical Git similar to TortoiseSVN. You can download the
installer from https://tortoisegit.org/download/.
Command Line client via Chocolatey
The command line client can be installed (and updated) using Chocolatey:
PS$> choco install -y git
Others
A list of other GUI interfaces for Git can be found at https://git-scm.com/downloads/guis
Install CMake
Get the CMake installer from https://cmake.org/download/ and install CMake into the default
location. Ensure the directory containing cmake.exe is added to your path.
Alternatively you can install CMake using Chocolatey:
PS$>choco install -y cmake
Chocolatey ensures cmake.exe is on your path.
Install Asciidoctor, Xsltproc, And DocBook
Asciidoctor can be run directly as a Ruby script or via a Java wrapper (AsciidoctorJ). It is used in
conjunction with Xsltproc and DocBook to generate the documenation you’re reading and the
User’s Guide.
20
The easiest way to install them on Windows is via Chocolatey:
Chocolatey ensures that asciidoctorj.exe and xsltproc.exe is on your path and that xsltproc uses the
DocBook catalog.
Install and Prepare Sources
Make sure everything works
TIP
Download sources Download Wireshark sources into C:\Development\wireshark using either the
command line or Git Extensions:
Using the command line:
It’s a good idea to make sure Wireshark compiles and runs at least once before you
start hacking the Wireshark sources for your own project. This example uses Git
Extensions but any other Git client should work as well.
1. Open the Git Extensions application. By default Git Extensions will show a validation checklist
at startup. If anything needs to be fixed do so now. You can bring up the checklist at any time via
Tools › Settings.
2. In the main screen select Clone repository. Fill in the following:
Repository to clone: https://code.wireshark.org/review/wireshark
Destination: Your top-level development directory, e.g. C:\Development.
Subdirectory to create: Anything you’d like. Usually wireshark.
Check your paths
TIP
3. Click the [ Clone ] button. Git Extensions should start cloning the Wireshark repository.
Make sure your repository path doesn’t contain spaces.
Open a Visual Studio Command Prompt
From the Start Menu (or Start Screen), navigate to the ‘Visual Studio 2015’ folder and choose the
21
Command Prompt appropriate for the build you wish to make, e.g. ‘VS2015 x64 Native Tools
Command Prompt’ for a 64-bit version or ‘VS2015 x86 Native Tools Command Prompt’ for a 32-bit
version. Depending on your version of Windows the Command Prompt list might be directly under
‘Visual Studio 2015’ or you might have to dig for it under multiple folders, e.g. ‘Visual Studio 2015 →
Visual Studio Tools → Windows Desktop Command Prompts’.
Pin the items to the Task Bar
TIP
All subsequent operations take place in this Command Prompt window.
1. Set environment variables to control the build.
Set the following environment variables, using paths and values suitable for your installation:
Pin the Command Prompt you use to the Task Bar for easy access.
> rem Let CMake determine the library download directory name under
> rem WIRESHARK_BASE_DIR or set it explicitly by using WIRESHARK_LIB_DIR.
> rem Set *one* of these.
> set WIRESHARK_BASE_DIR=C:\Development
> rem set WIRESHARK_LIB_DIR=c:\wireshark-win64-libs
> rem Set the Qt installation directory
> set QT5_BASE_DIR=C:\Qt\5.9.1\msvc2015_64
> rem Append a custom string to the package version. Optional.
> set WIRESHARK_VERSION_EXTRA=-YourExtraVersionInfo
If your Cygwin installation path is not automatically detected by CMake, you can explicitly
specify it with the following environment variable:
> rem Chocolatey installs Cygwin in an odd location
> set
WIRESHARK_CYGWIN_INSTALL_PATH=C:\ProgramData\chocolatey\lib\Cygwin\tools\cygwin
If you are using a version of Visual Studio earlier than VS2012 then you must set an additional
env var, e.g. for VS2010 set the following:
> set VisualStudioVersion=10.0
Setting these variables could be added to a batch file to be run after you open the Visual Studio
Tools Command Prompt.
TIP
Qt 5.9 is a "long term support" branch of Qt5. We recommend using it to compile
Wireshark on Windows.
22
2. Create and change to the correct build directory. CMake is best used in an out-of-tree build
configuration where the build is done in a separate directory to the source tree, leaving the
source tree in a pristine state. 32 and 64 bit builds require a separate build directory. Create (if
required) and change to the appropriate build directory.
> mkdir C:\Development\wsbuild32
> cd C:\Development\wsbuild32
to create and jump into the build directory.
The build directory can be deleted at any time and the build files regenerated as detailed in
Generate the build files.
Generate the build files
CMake is used to process the CMakeLists.txt files in the source tree and produce build files
appropriate for your system.
You can generate Visual Studio solution files to build either from within Visual Studio, or from the
command line with MSBuild. CMake can also generate other build types but they aren’t supported.
The initial generation step is only required the first time a build directory is created. Subsequent
builds will regenerate the build files as required.
If you’ve closed the Visual Studio Command Prompt prepare it again.
To generate the build files enter the following at the Visual Studio command prompt:
> cmake -G "Visual Studio 14 2015" ..\wireshark
Adjusting the paths as required to Python and the wireshark source tree. To use a different
generator modify the -G parameter. cmake -G lists all the CMake supported generators, but only
Visual Studio is supported for Wireshark builds.
To build an x64 version, the -G parameter must have a Win64 suffix, e.g. -G "Visual Studio 14 2015
Win64":
> cmake -G "Visual Studio 14 2015 Win64" ..\wireshark
The CMake generation process will download the required 3rd party libraries (apart from Qt) as
required, then test each library for usability before generating the build files.
At the end of the CMake generation process the following should be displayed:
23
-- Configuring done
-- Generating done
-- Build files have been written to: C:/Development/wsbuild32
If you get any other output, there is an issue in your envirnment that must be rectified before
building. Check the parameters passed to CMake, especially the -G option and the path to the
Wireshark sources and the environment variables WIRESHARK_BASE_DIR and QT5_BASE_DIR.
Build Wireshark
Now it’s time to build Wireshark!
1. If you’ve closed the Visual Studio Command Prompt prepare it again.
3. Wait for Wireshark to compile. This will take a while, and there will be a lot of text output in the
command prompt window
4. Run C:\Development\wsbuild32\run\RelWithDebInfo\Wireshark.exe and make sure it starts.
5.
Open Help › About. If it shows your "private" program version, e.g.: Version 2.9.0myprotocol123 congratulations! You have compiled your own version of Wireshark!
You may also open the Wireshark solution file (Wireshark.sln) in the Visual Studio IDE and build
there.
If compilation fails for suspicious reasons after you changed some source files try to
TIP
The build files produced by CMake will regenerate themselves if required by changes in the source
tree.
clean the build files by running msbuild /m /p:Configuration=RelWithDebInfo
Wireshark.sln /t:Clean and then building the solution again.
Debug Environment Setup
You can debug using the Visual Studio Debugger or WinDbg. See the section on using the Debugger
Tools.
24
Optional: Create User’s and Developer’s Guide
Detailed information to build these guides can be found in the file docbook\README.adoc in the
Wireshark sources.
Optional: Create a Wireshark Installer
Note: You should have successfully built Wireshark before doing the following.
If you want to build your own Wireshark-win32-2.9.0-myprotocol123.exe, you’ll need NSIS. You can
download it from http://nsis.sourceforge.net.
Note that the 32-bit version of NSIS will work for both 32-bit and 64-bit versions of Wireshark. NSIS
v3 is required.
Note: If you do not yet have a copy of vcredist_x86.exe or vcredist_x64.exe in ./wireshark-winXX-libs
(where XX is 32 or 64) you will need to download the appropriate file and place it in ./wireshark-winXX-libs before starting this step.
If building an x86 version using a Visual Studio “Express” edition or an x64 version with any
edition, then you must have the appropriate vcredist file for your compiler in the support libraries
directory (vcredist_x86.exe in wireshark-32-libs or vcredist_x64.exe in wireshark-win64-libs).
The files can be located in the Visual Studio install directory for non-Express edition builds, or
downloaded from Microsoft for Expresss edition builds.
Note you must use the correct version of vcredist for your compiler, unfortunately they all have the
same name (vcredist_x86.exe or vcredist_x64.exe). You can use Windows Explorer and examine the
‘Properties → Details’ tab for a vcredist file to determine which compiler version the file is for use
with.
If you’ve closed the Visual Studio Command Prompt prepare it again.
to test your new installer. It’s a good idea to test on a different machine than the developer
machine. Note that if you’ve built an x86 version, the installer name will contain “win32”.
26
Work with the Wireshark sources
Introduction
This chapter will explain how to work with the Wireshark source code. It will show you how to:
• Get the source
• Compile it on your machine
• Submit changes for inclusion in the official release
This chapter will not explain the source file contents in detail, such as where to find specific
functionality. This is done in Source overview.
The Wireshark Git repository
Git is used to keep track of the changes made to the Wireshark source code. The code is stored
inside Wireshark project’s Git repository located at a server at the wireshark.org domain.
Changes to the official repository are managed using the Gerrit code review system. Gerrit makes it
easy to test and discuss changes before they are pushed to the main repository. For an overview of
Gerrit see the Quick Introduction.
Why Git?
Git is a fast, flexible way of managing source code. It allows large scale distributed development
and ensures data integrity.
Why Gerrit?
Gerrit makes it easy to contribute. You can sign in with any OpenID provider and push your
changes. It’s usable from both the web and command line and is integrated with many popular
tools.
Git is our third revision control system
NOTE
Using Wireshark’s Git repository you can:
Wireshark originally used Concurrent Versions System (CVS) and migrated to
Subversion in July 2004. The Subversion repository was subsequently migrated to
Git in January 2014.
• Keep your private sources up to date with very little effort
• Get a mail notification when the official source code changes
• Get the source files from any previous release (or any other point in time)
• Have a quick look at the sources using a web interface
27
• See which person changed a specific piece of code
• and much more
The web interface to the Git repository
If you need a quick look at the Wireshark source code you can browse the most recent file versions
in the master branch using Gitweb:
Like most revision control systems, Git uses branching to manage different copies of the source
code and allow parallel development. Wireshark uses the following branches for official releases:
• master: Main feature development and odd-numbered "feature" releases.
• master-x.y: Stable release maintenance. For example, master-1.10 is used to manage the 1.10.x
official releases.
Obtain the Wireshark sources
There are several ways to obtain the sources from Wireshark’s Git repository.
Check out from the master branch using Git.
Using Git is much easier than synchronizing your source tree by hand using any of the
TIP
NOTE
The age mentioned in the following sections indicates the age of the most recent change in that set
of the sources.
snapshot methods mentioned below. Git merges changes into your personal source
tree in a very comfortable and quick way. So you can update your source tree several
times a day without much effort.
Keep your sources up to date
The following ways to retrieve the Wireshark sources are sorted in decreasing
source timeliness. If you plan to commit changes you’ve made to the sources, it’s a
good idea to keep your private source tree as current as possible.
Git over SSH or HTTPS
Recommended for development purposes.
Age: a few minutes.
28
You can use a Git client to download the source code from Wireshark’s code review system. Anyone
can clone from the anonymous git URL:
• https://code.wireshark.org/review/wireshark
If you create a Gerrit account you can clone from an authenticated URL:
SSH lets you use Gerrit on the command line. HTTP lets you access the repository in environments
that block the Gerrit SSH port (29418). At the time of this writing (early 2014) we recommend that
you use the SSH interface. However, this may change as more tools take advantage of Gerrit’s HTTP
REST API.
The following example shows how to get up and running on the command line. See Git client for
information on installing and configuring graphical Git and Gerrit clients.
1. Sign in to https://code.wireshark.org/review using OpenID (click Register or Sign In in the upper
right corner of the web page). Follow the login instructions.
2. In the upper right corner of the web page, click on your account name and select Settings.
3. Under Profile set a username. This will be the username that you use for SSH access. For the
steps below we’ll assume that your username is henry.perry.
4. Select SSH Public Keys and add one or more keys. You will typically upload a key for each
computer that you use.
5. Install git-review. This is an installable package in many Linux distributions. You can also install
it as a Python package. (This step isn’t strictly necessary but it makes working with Gerrit much
easier.) To install it from Chocolatey run
# Make sure "Scripts" is in our path
PS$>$env:path += ";C:\tools\python2\Scripts"
PS$>choco install pip
PS$>choco install git-review -source python
6. Now on to the command line. First, make sure git works:
$ git --version
7. If this is your first time using Git, make sure your username and email address are configured.
This is particularly important if you plan on uploading changes.
29
Loading...
+ 239 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.