Wireshark is a free packet analyzer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.
Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. Released under the terms of the GNU General Public License, Wireshark is free software.
Use the following general steps if you are building Wireshark from source under a UNIX operating system:
- Unpack the source from its gzip‘d tar file. If you are using Linux, or your version of UNIX uses GNU tar, you can use the following command:
tar zxvf wireshark-1.2.0-tar.gz
For other versions of UNIX, you will want to use the following commands:
gzip -d wireshark-1.2.0-tar.gz tar xvf wireshark-1.2.0-tar
Note! The pipeline gzip -dc wireshark-1.2.0-tar.gz | tar xvf – will work here as well. Note! If you have downloaded the Wireshark tarball under Windows, you may find that your browser has created a file with underscores rather than periods in its file name.
Change directory to the Wireshark source directory.
- Configure your source so it will build correctly for your version of UNIX. You can do this with the following command:
- Build the sources into a binary, with the make command. For example:
- Install the software in its final destination, using the command:
Once you have installed Wireshark with make install above, you should be able to run it by entering wireshark.