• Development

Wireshark Development

This is the development section of the Wireshark wiki.

Beginner?

If you are new to Wireshark development, please set up your build environment first:

• get the source code from the Wireshark development webpage

• Win32: the Developer's Guide is currently invaluable for setting up a Win32 development environment

• Unix-like: you may find information in the README.xxx file suitable for your target platform - in the root directory of the Wireshark sources

• Required Libraries and Packages: Before you download source code to Wireshark, you may want to verify that the following packages are installed on your system -- they are required in order to compile:

  1. GTK+ and GLib, available from the GTK+ site. Wireshark will work with versions 1.2 or 2.x. Solaris users should note that at least some versions of the GLib and GTK+ packages from sunfreeware.com have had problems that either cause Wireshark not to build or cause it to crash when run; if the build fails because plugin_list isn't defined, or the build succeeds but Wireshark crashes with a bus error, and you have GLib and GTK+ packages from sunfreeware.com installed, un-install those packages, and try getting the 1.2.10 versions from that site, or the version from The Written Word, or the version from Sun's GNOME distribution, or the version from the supplemental software CD that comes with the Solaris media kit, or build it from source from the GTK Web site. Then re-run the configuration script, and try rebuilding Wireshark. (If you get the 1.2.10 versions from www.sunfreeware.org, and the problem persists, un-install them and try installing one of the other versions mentioned.)

  2. The libpcap packet capture library, available for UNIX The Tcpdump Group, if it doesn't come as part of your OS; the Windows port, WinPcap, is available from the WinPcap Web site, as well as from the Wiretapped.net mirror of that site. In Linux distributions that come with libpcap, there are often separate "user" and "developer" packages for libpcap; you will have to install both packages in order to compile Wireshark. On Windows, you will need to install not only the regular WinPcap library, but also the "developer's pack", in order to compile Wireshark. You must install WinPcap 3.1 or later, and the corresponding version of the developer's pack, in order to be able to compile Wireshark; it will not compile with older versions of the developer's pack. (The installed version of the developer's pack should be the same version as the version of WinPcap you have installed.)

  3. For Debian GNU/Linux, installing the following libraries should get you started:

       sudo aptitude install libgtk2.0-dev libglib2.0-dev libpcap0.8-dev

     or install the wireshark-dev package for the complete set of libs and tools.

• Perl is required to build the documentation.

• Python may be required to generate some code.

• Optional Libraries: Additionally, Wireshark can make use of the zlib, LIBSMI, ADNS, and PCRE libraries if available.

  1. Zlib allows Wireshark to read gzip-compressed files on the fly.

  2. The LIBSMI (replacing Net-SNMP) library enables translation of OIDs to names, and more detailed decoding of variable bindings, using MIB files that come with the library.

  3. GNU adns allows asynchronous DNS resolution. Normally, Wireshark and tshark perform name resolution synchronously, which can slow things down considerably. A Windows version of the library is also available.

  4. The Perl Compatible Regular Expressions (PCRE) library implements the "matches" display filter operator, which lets you search for arbitrary regular expressions in capture files.

Building Under Unix or Linux

• To build, you must have the GNU autoconf (2.52 or greater), automake (1.6 or later), and libtool (1.4 or greater) tools installed, as well as Perl. You may also need flex and bison. Run the autogen.sh script at the top-level wireshark directory to configure your build directory.

./autogen.sh
./configure [options]
make

Now it's time to tweak the code:

• doc/README.developer the best manual about Wireshark dissector development so far, you will also find that one in the doc directory of the Wireshark sources - please read and thoroughly understand all of the "Portability" and "Robustness" sections before writing any Wireshark code!

• ... of course you should have a look at the Wireshark sources itself!

General

• Wireshark documentation webpage: the latest version of the Wireshark User's Guide and the Wireshark Developer's Guide in different formats (PDF, HTML, ...)

• /Roadmap: Roadmap for further Wireshark releases

• /Wishlist: Wish list for internal features and architectural changes (as opposed to user-visible features WishList)

• /Translations: Why it's not a good idea to translate Wireshark into spanish/german/... language

Development

• SendingFilesToWireshark: Tips on sending files to the Wireshark mailing lists

• /SecureProgramming How to write more secure code, e.g. replace insecure ANSI-C calls by more secure ones

• /CommonProblems: Some common problems while developing Wireshark

• /DeprecatedFunctions: Some features now deprecated for new code

• /Tips: Some selected wisdom to ease development/debugging

• /MSVC7: Efforts to compile Wireshark using Microsoft VC7/.NET (or however it's really called)

• /CygwinGCC: Efforts to compile Wireshark using Cygwin's GCC

• /FilenameEncoding: the various Unicode and code page encodings of filenames in GLib

Projects

• /DropWin32GTK1: Thoughts about dropping GTK1 support on Win32

• /PrivilegeSeparation: A proposal to add privilege separation to Wireshark

• Mate: Meta Analysis and Tracing Engine

• /Security: Efforts to make Wireshark more secure

• /Examples: Example files, which are used by the various installers as default files

• /LibpcapFileFormat A libpcap file format description

• EMEMification A Janitor project to audit and fix memory management and prevent memleaks.

• /Canary Finding and fixing memory over- and under-runs with canaries

• Removeold-styleASN.1code A project to remove old-style ASN.1 code

• /ExpertInfo: a better "user display" of network misbehaviour

• /PacketInput: how to get packet data into Wireshark in some "unusual" ways

• /OptimizePacketList: the packet list isn't optimized for the way we use it, could make a huge difference for large capture files

• Lua: Extending Wireshark with the extensible extension language

• /Update: Check version and Update Wireshark on a frequent basis

• /CSVExport: Formats and problems with exporting into the CSV format

• /multithreading: a list of what needs to be done in order to achieve it

• /PatchHandling: Changing patch handling policy

• /SNMP: reworking of OID handling and SNMP dissector

• /Optimization: A patch for a faster but maybe slightly broken wireshark

• /PcapNg: Read/Write the "PCAP Next Generation Dump File Format" or pcapng

Tools

• Asn2wrs: How to create a dissector using the ASN.1 compiler

• /WiresharkEnvCmd: A batch script to set environment variables useful for Windows development

• idl2wrs: CORBA IDL to Wireshark Plugin Generator idl2wrs

• FuzzTesting: tools to stress test protocol dissectors

• Pidl: A perl-based DCE/RPC IDL compiler (and Wireshark dissector generator) developed for Samba 4

• /CodeCoverage: check how much of your code is covered by the test cases

Discussion