The following guidelines should be followed by anyone distributing a software package containing Wireshark: 1. URLs. 1.1. Wireshark web site. The Wireshark web site URL is https://www.wireshark.org/ . 1.2. Wireshark releases. The canonical location for every Wireshark source release is https://www.wireshark.org/download/src/all-versions/, e.g. https://www.wireshark.org/download/src/all-versions/wireshark-0.99.55.tar.bz2 If your packaging system downloads a copy of the Wireshark sources, use this location. Don't use https://www.wireshark.org/download/src. 1.3. Artwork. Logo and icon artwork can be found in the "image" directory in the distribution. This is available online at https://code.wireshark.org/review/gitweb?p=wireshark.git;a=tree;f=image;hb=HEAD 2. Licensing. Wireshark is released under the GNU General Public License version 2 or newer. Make sure your package complies with this license. 3. Privileges. In versions up to and including 0.99.6, it was necessary to run Wireshark with elevated privileges in order to be able to capture traffic. With version 0.99.7, all function calls that require elevated privileges have been moved out of the GUI to dumpcap. WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT. Warnings are displayed when Wireshark and TShark are run as root. There are several configure-time options on non-Windows systems that affect the privileges a normal user needs to capture traffic and list interfaces: --enable-setcap-install Install dumpcap with cap_net_admin and cap_net_raw capabilities. Linux only. --enable-setuid-install Install dumpcap setuid root. --with-libcap If running as root, try to grab CAP_NET_ADMIN and CAP_NET_RAW, then drop privileges. Linux only. --with-dumpcap-group=... Restricts dumpcap execution to the specified group. These are necessary for non-root users to be able to capture on most systems, e.g. on Linux or FreeBSD if the user doesn't have permissions to access /dev/bpf*. Setcap installation is preferred over setuid on Linux. If "--enable-setcap-install" is used it will override any setuid settings. The "--with-libcap" option is only useful when dumpcap is installed setuid. If it is enabled dumpcap will try to drop any setuid privileges it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW capabilities. It is enabled by default, if the Linux capabilities library (on which it depends) is found. Note that enabling setcap or setuid installation allows packet capture for ALL users on your system. If this is not desired, you can restrict dumpcap execution to a specific group or user. The following two examples show how to restrict access using setcap and setuid respectively: # groupadd -g packetcapture # chmod 750 /usr/bin/dumpcap # chgrp packetcapture /usr/bin/dumpcap # setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap # groupadd -g packetcapture # chgrp packetcapture /usr/bin/dumpcap # chmod 4750 /usr/bin/dumpcap 4. Customization. Custom version information can be added by creating a file called "version.conf" and running "make-version.pl -p". See make-version.pl for details. If your package contains significant changes we recommend that you use this to differentiate it from official Wireshark releases. 4.1. Source-level version detection. The Git version corresponding to each release is in version.h. It's defined as a string. If you need a numeric definition, let us know. 5. Trademarks. Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation. 6. Spelling. Wireshark is spelled with a capital "W", and with everything else lower case. E.g., "WireShark" is incorrect. If you have a question not addressed here, send it to wireshark-dev@wireshark.org.