This chapter will provide you with information about the various tools needed for Wireshark development. None of the tools mentioned in this chapter are needed to run Wireshark; they are only needed to build it. Most of these tools have their roots on UNIX like platforms, but Win32 ports are also available. Therefore the tools are available in different "flavours": UNIX (or Win32 Cygwin): the tools should be commonly available on the supported UNIX platforms, and for Win32 platforms by using the Cygwin UNIX emulation Win32 native: some tools are available as native Win32 tools, no special emulation is required Unless you know exactly what you are doing, you should strictly follow the recommendations given in ! The following sections give a very brief description of what a particular tool is doing, how it is used in the Wireshark project and how it can be installed and tested. Don't expect a lot of documentation regarding these tools in this document. If you need further documentation of a specific tool, you should find lot's of useful information on the web, as these tools are commonly used. You can also try to get help for the UNIX based tools with toolname --help or read the manpage man toolname. You will find explanations of the tool usage for some of the specific development tasks in .

Cygwin provides a lot of UNIX based tools on the Win32 platform. It uses a UNIX emulation layer which might be a bit slower compared to the native Win32 tools, but at an acceptable level. The installation and update is pretty easy and done through a single (web based) setup.exe. The native Win32 tools will typically be a bit faster, but more complicated to install, as you would have to download the tools from different webpages, and install them in different ways, tweaking the PATH and alike. As there's no Win32 native bash version available, at least a basic installation of cygwin is required in any case. Although Cygwin consists of several separate packages, the installation and update is done through a single setup.exe, which acts similar to other web based installers. All tools will be installed into one base folder, the default is C:\cygwin. You will find this network based setup.exe at: . Click on one of the "Install Cygwin now" appearances to download the setup.exe. After the download completed, start this setup.exe on your machine. The setup will ask you for some settings, the defaults should usually work well for a first start. At the "Select Packages" page, you'll need to select some additional packages, which are not installed by default. Navigate to the required Category/Package row and click on the "Skip" item in the "New" column so it shows a version number for the required package After clicking the Next button several times, the setup will then download and install the selected packages (this may take a while, depending on the package size). Under: "Start -> Programs -> Cygwin -> Cygwin Bash Shell" you should now be able to start a new Cygwin bash shell, which is similar to the command line (command.com/cmd.exe) in Win32, but much more powerful.

If you want to add additional, update installed or remove packages later, you have to start the setup.exe again. At the "Select Packages" page, the entry in the "New" column will control what is done (or not) with the package. If a new version of a package is available, the new version number will be displayed, so it will be automatically updated. You can change the current setting by simply clicking at it, it will change between: a specific version number - this different package version will be installed Skip - not installed, no changes Keep - already installed, no changes Uninstall - uninstall this package Reinstall - reinstall this package

Using Cygwin gcc to compile Wireshark is "EXPERT ONLY" and therefore NOT recommended. If you really want to try it anyway, see: for some details! The GCC C compiler is available for most of the UNIX-like platforms and as the Devel/gcc package from the Cygwin setup. If GCC isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ gcc --version should result in something like: However, the version string may vary.

GDB is the debugger for the GCC compiler. It is available for many (if not all) UNIX-like platforms and as the Devel/gdb package from the Cygwin setup If you don't like debugging using the command line, there are some GUI frontends for it available, most notably GNU DDD. If gdb isn't already installed or available as a package for your platform, you can get it at: . After correct installation: $ gdb --version should result in something like: However, the version string may vary.

The GNU Data Display Debugger is a good GUI frontend for GDB (and a lot of other command line debuggers), so you have to install GDB first. It is available for many UNIX-like platforms and as the ddd package from the Cygwin setup. If GNU DDD isn't already installed or available as a package for your platform, you can get it at: .

Although some effort is made to use make from the Cygwin environment, the mainline is still using Microsoft Visual Studio's nmake. GNU Make is available for most of the UNIX-like platforms and also as the Devel/make package from the Cygwin setup. If GNU Make isn't already installed or available as a package for your platform, you can get it at: . After correct installation: $ make --version should result in something like: However, the version string may vary.

To compile Wireshark on Windows using the Microsoft C/C++ compiler, you'll need: C compiler (cl.exe) Linker (link.exe) Make (nmake.exe) C runtime headers and libraries (e.g. stdio.h, msvcrt.lib) Windows platform headers and libraries (e.g. windows.h, WSock32.lib) HTML help headers and libraries (htmlhelp.h, htmlhelp.lib)

The Microsoft Visual C++ 2005 Express Edition is recommended to compile Wireshark - it's free (as in beer) and gives by far the best development comfort (compared to the other free packages). However, you might already have a different Microsoft C compiler installed. With the following differences to the recommendations it's possible to use it as well: Compiler Package IDE / Debugger? Publicly available? Platform SDK required? config.nmake: MSVC_VARIANT set compiler PATH and alike settings with: Remarks Visual Studio 6.0 Yes Commercial 1 No 2 MSVC6 Microsoft Visual Studio\VC98\Bin\vcvars32.bat - Visual Studio .NET (2002) Yes Commercial 1 MSVC2002 Microsoft Visual Studio .NET\Vc7\bin\vcvars32.bat - Visual Studio .NET 2003 Yes Commercial 1 MSVC2003 Microsoft Visual Studio .NET 2003\Vc7\bin\vcvars32.bat - Visual Studio 2005 Yes Commercial MSVC2005 Microsoft Visual Studio 8\VC\bin\vcvars32.bat - Visual C++ 2005 Express Edition (recommended) Yes Free Download(474MB) Free Download (420MB) MSVC2005EE Microsoft Visual Studio 8\VC\bin\vcvars32.bat vcredist_x86.exe 3 Visual Studio 2008 Yes Commercial No 2 - MSVC2008 Microsoft Visual Studio 9.0\VC\bin\vcvars32.bat - Visual C++ 2008 Express Edition Yes Free Download No 2 MSVC2008EE Microsoft Visual Studio 9.0\VC\bin\vcvars32.bat vcredist_x86.exe 3 .NET Framework SDK version 1.0a No Free Download(104MB) Free Download (420MB) DOTNET10 Microsoft.NET\FrameworkSDK\Bin\corvars.bat can't build setup 4 .NET Framework SDK Version 1.1 5 No Free Download(106MB) DOTNET11 Microsoft.NET\SDK\v1.1\Bin\sdkvars.bat can't build setup 4 .NET Framework 2.0 SDK 5 No Free Download(363MB) DOTNET20 Microsoft.NET\SDK\v2.0\Bin\sdkvars.bat vcredist_x86.exe 3 Windows SDK for Windows Vista and .NET Framework 3.0 Runtime Components No Free Download(1188MB) No 2 - (not yet implemented!) Microsoft SDKs\Windows\v6.0\Bin\SetEnv.Cmd vcredist_x86.exe 3 Color Legend: Good Not so good Might be a problem 1no longer officially available, might still be available through the MSDN subscriptions 2as the Platform SDK is already integrated in the package, you obviously don't need to install it and don't even need to call a separate environment setting batch file for the Platform SDK! 3vcredist_x86.exe (3MB free download) is required to build Wireshark-setup.exe. The version of vcredist_x86.exe MUST match the version for your compiler. 4Wireshark-setup.exe cannot be created with this package, as msvcr*.dll is not available or not redistributable! 5MSDN remarks that the corresponding .NET runtime is required. It's currently unclear if the runtime needs to be installed for the C compiler to work - or is this only needed to compile / run .NET programs?!? 6beta version, not suitable for production use! The "Visual C++ Toolkit 2003" should NOT be used to compile Wireshark!

Please note: The following is not legal advice - ask your preferred lawyer instead! It's the authors view, but this view might be wrong! The myriad of  Win32 support lib port projects all seem to believe there are legal issues involved in using newer versions of Visual Studio. This FUD essentially stems from two misconceptions: Unfortunately, it is believed by many that the Microsoft Visual Studio 2003 EULA explicitly forbids linking with GPL'ed programs. This belief is probably due to an improper interpretation of the  Visual Studio 2003 Toolkit EULA, which places redistribution restrictions only on SOURCE CODE SAMPLES which accompany the toolkit. Other maintainers believe that the GPL itself forbids using Visual Studio 2003, since one of the required support libraries (MSVCR71.DLL) does not ship with the Windows operating system. This is also a wrongful interpretation, and the  GPL FAQ explicitly addresses this issue. Similar applies to Visual Studio 2005 and alike. So in effect it should be perfectly legal to compile Wireshark and distribute / run it if it was compiled with any MSVC version > V6!

The following table gives an overview of the possible Microsoft toolchain variants and their specific C compiler versions "ordered by release date": Compiler Package cl.exe #define _MSC_VER required C-Runtime DLL Visual Studio 6.0 6.0 1200 msvcrt.dll (Version 6) Visual Studio .NET (2002) 7.0 1300 msvcr70.dll .NET Framework SDK version 1.0a Visual Studio .NET 2003 7.10 1310 msvcr71.dll .NET Framework SDK Version 1.1 Visual Studio 2005 8.0 1400 msvcr80.dll Visual C++ 2005 Express Edition .NET Framework 2.0 SDK Windows SDK for Windows Vista and .NET Framework 3.0 Runtime Components Visual Studio 2008 (Code Name "Orcas") 9.0 1500 msvcr90.dll Visual Studio 2008 Express Edition (Code Name "Orcas") After correct installation of the toolchain, typing at the command line prompt (cmd.exe): > cl should result in something like: However, the version string may vary.

nmake is part of the toolchain packages described above. Instead of using the workspace (.dsw) and projects (.dsp) files, the traditional nmake makefiles are used. This has one main reason: it makes it much easier to maintain changes simultaneously with the GCC toolchain makefile.am files as both file formats are similar. However, as no Visual Studio workspace/project files are available, this makes it hard to use the Visual Studio IDE e.g. for using the integrated debugging feature. After correct installation, typing at the command line prompt (cmd.exe): > nmake should result in something like: However, the version string may vary. Documentation on nmake can be found at Microsoft MSDN

XXX - add info here

Please note: The following is not legal advice - ask your preferred lawyer instead! It's the authors view, but this view might be wrong! Depending on the Microsoft compiler version you use, some binary files coming from Microsoft might be required to be installed on Windows machine to run Wireshark. On a developer machine, the compiler setup installs these files so they are available - but they might not be available on a user machine! This is especially true for the C runtime DLL (msvcr*.dll), which contains the implementation of ANSI and alike functions, e.g.: fopen(), malloc(). The DLL is named like: msvcr<version>.dll, an abbreviation for "MicroSoft Visual C Runtime". For Wireshark to work, this DLL must be available on the users machine. MSVC6 was using msvcrt.dll, which is already available on all recent windows systems - no need to redistribute anything. Starting with MSVC7, it is necessary to ship the C runtime DLL (msvcr<version>.dll) together with the application installer somehow, as that DLL is possibly not available on the target system. The files to redistribute must be mentioned in the redist.txt file of the compiler package - otherwise it can't be legally redistributed by third parties like us! The following MSDN links are recommended for the interested reader: "Redistributing Visual C++ Files" "How to: Deploy using XCopy" "Redistribution of the shared C runtime component in Visual C++ 2005 and in Visual C++ .NET"

Redistributables weren't an issue with MSVC 6, as any realistic installer target system (>= Win95) already contains the corresponding msvcrt.dll.

"Visual Studio .NET (2002)" - comes with this dll and it's mentioned in redist.txt. ".NET Framework SDK 1.0" doesn't even come with this dll. XXX - Is this file available with the .NET 1.0 runtime (dotnetfx.exe) - so it could be shipped instead?!? Do we want it that way?

"Visual Studio .NET 2003" comes with this dll and it's mentioned in redist.txt. ".NET Framework SDK 1.1" comes with this dll, but it's NOT mentioned in redist.txt. XXX - Is this file available with the .NET 1.1 runtime (dotnetfx.exe) - so it could be shipped instead ?!? Do we want it that way?

There are three redistribution methods that MSDN mentions for MSVC 8 (see: " Choosing a Deployment Method"): "Redistributable Merge Modules" (kind of loadable modules for building msi installers - not suitable for Wireshark's NSIS based installer) copy the folder content of Microsoft.VC80.CRT to the target directory (e.g. "C:\program files\Wireshark") vcredist_x86.exe (needs to be executed on the target machine - MSDN recommends this for the 2005 Express Editions) To save installer size, MSVC2005 uses the content of Microsoft.VC80.CRT (method 2 - this is the smallest package). As MSVC2005EE and DOTNET20 doesn't provide the folder "Microsoft.VC80.CRT" they use method 3. You'll have to download a vcredist_x86.exe from Microsoft that matches your compiler version. The best way to determine this version is to open one of the generated manifest files (e.g. wireshark.exe.manifest) and look for the version of the Microsoft.VC80.CRT entry. 8.0.50608.0, from: "Microsoft Visual C++ 2005" (and probably the Express Edition as well): 8.0.50727.762, from: "Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)": Please report to the developer mailing list, if you find a different version number!

As the corresponding C compiler is preliminary, it's too early to say!

The Windows Platform SDK (PSDK) is a free (as in beer) download and contains platform specific headers and libraries (e.g. windows.h, WSock32.lib, ...). As new Windows features evolve in time, updated PSDK's become available that include new and updated API's. When you purchase a commercial Visual Studio, it will include a PSDK. The free (as in beer) downloadable C compiler versions (VC++ 2005 Express, .NET Framework, ...) do not contain a PSDK - you'll need to download a PSDK in order to have the required C header files and libraries. Older Versions of the Platform SDK should also work. However, the command to set the environment settings will be different, try search for SetEnv.* in the SDK directory. BTW: "Windows SDK" seems to be the new name of the Platform SDK for Vista. The current SDK name is misleading: "Microsoft® Windows® Software Development Kit for Windows Vista™ and .NET Framework 3.0 Runtime Components" - translated this means: the Windows SDK for Windows Vista and Platforms (like WinXP) that have the .NET 3.0 runtime installed.

The HTML Help is used to create the User's and Developer's Guide in .chm format and to show the User's Guide as the Wireshark "Online Help". Both features are currently optional, but might be mandatory in future versions.

This compiler is used to generate a .chm file from a bunch of HTML files - in our case to generate the User's and Developer's Guide in .chm format. The compiler is only available as the free (as in beer) "HTML Help Workshop" download. If you want to compile the guides yourself, you need to download and install this. If you don't install it into the default directory, you may also have a look at the HHC_DIR setting in the file docbook/Makefile.

The files htmlhelp.c and htmlhelp.lib are required to be able to open .chm files from Wireshark - to show the "online help". Both files are part of the Platform SDK (standalone PSDK or MSVC since 2002). If you still use MSVC 6, you can get them from the "HTML Help Workshop" mentioned above. The related settings in config.nmake depend on the MSVC variant you use: MSVC 6: if the "HTML Help Workshop" is installed, set HHC_DIR to its directory > MSVC 6: set HHC_DIR to use it (the actual value doesn't matter in this case)

Well, using a good debugger can save you a lot of development time. The debugger you use must match the C compiler Wireshark was compiled with, otherwise the debugger will simply fail or you will only see a lot of garbage.

You can use the integrated debugger of Visual Studio - only available in some of the toolchain packages. However, setting up the environment is a bit tricky, as the Win32 build process is using makefiles instead of the .dsp/.dsw files usually used. XXX - add instructions how to do it.

You could also use the Microsoft Debugging Tools for Windows toolkit, which is a standalone GUI debugger. Although it's not that comfortable compared to debugging with the Visual Studio integrated debugger, it can be helpful if you have to debug on a machine where an integrated debugger is not available. You can get it free of charge at: (as links to Microsoft pages change from time to time, search for "Debugging Tools" at their page if this link should be outdated).

The bash shell is needed to run several shell scripts.

The bash shell is available for most of the UNIX-like platforms and as the bash package from the Cygwin setup. If bash isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ bash --version should result in something like: However, the version string may vary.

The authors don't know of any working Win32 native bash implementation.

Python is an interpreter based programming language. The homepage of the python project is: . Python is used to generate some source files. Python version 2.2 and above should be working fine.

Python is available for most of the UNIX-like platforms and as the python package from the Cygwin setup If Python isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ python -V should result in something like: Python 2.4.3 However, the version string may vary.

Have a look at to download the latest stable release. You can download a setup there, which will install the python system typically into C:\Python25 or similar. After correct installation, typing at the command line prompt (cmd.exe) - this must be entered in the Python directory, the installer won't set the PATH: C:\Python25> python -V should result in something like: However, the version string may vary.

Perl is an interpreter based programming language. The homepage of the perl project is: . Perl is used to convert various text files into usable source code. Perl version 5.6 and above should be working fine.

Perl is available for most of the UNIX-like platforms and as the perl package from the Cygwin setup. If perl isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ perl --version should result in something like: However, the version string may vary.

A native Win32 perl package can be obtained from . The installation should be straightforward. After correct installation, typing at the command line prompt (cmd.exe): > perl -v should result in something like: However, the version string may vary.

Sed it the streaming editor. It makes it easy for example to replace specially marked texts inside a source code file. The Wireshark build process uses this to stamp version strings into various places.

Sed is available for most of the UNIX-like platforms and as the sed package from the Cygwin setup. If sed isn't already installed or available as a package for your platform, you can get it at: After correct installation, typing at the bash command line prompt: $ sed --version should result in something like: However, the version string may vary.

A native Win32 sed package can be obtained from . The installation should be straightforward.

Bison is a free implementation of yacc.

Bison is available for most of the UNIX-like platforms and as the bison package from the Cygwin setup. If GNU Bison isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ bison --version should result in something like: However, the version string may vary.

A native Win32 yacc/bison package can be obtained from . The installation should be straightforward.

Flex is a free implementation of lexx.

Flex is available for most of the UNIX-like platforms and as the flex package from the Cygwin setup. If GNU flex isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ flex --version should result in something like: However, the version string may vary.

A native Win32 lexx/flex package can be obtained from . The installation should be straightforward.

The Wireshark project uses its own Subversion (or short SVN) server to keep track of all the changes done to the source code. Details about the usage of Subversion in the Wireshark project can be found in . If you want to work with the source code and are planning to commit your changes back to the Wireshark community, it is recommended to use a SVN client to get the latest source files. For detailed information about the different ways to obtain the Wireshark sources, see . You will find more instructions in on how to use the Subversion client.

SVN is available for most of the UNIX-like platforms and as the Subversion package from the Cygwin setup If Subversion isn't already installed or available as a package for your platform, you can get it at: (together with the server software). After correct installation, typing at the bash command line prompt: $ svn --version should result in something like: However, the version string may vary.

The Subversion command line tools for Win32 can be found at: . This will come with both client and server software - only the client software will be used. After correct installation, typing at the command line prompt (cmd.exe): > svn --version should result in something like: However, the version string may vary.

Along with the traditional command-line client, several GUI clients are available for a number of platforms, see . If you are working with both command line and GUI clients, keep the Subversion program versions in sync, at least the major/minor versions (e.g. 1.4).

RapidSVN is a cross platform Subversion frontend based on wxWidgets. It can be found at: . Subcommander is another cross platform Subversion frontend. It can be found at: . Cygwin doesn't provide any GUI client for Subversion.

A good Subversion client for Win32 can be found at: . It will nicely integrate into the Windows Explorer window.

Diff is used to get a file of all differences between two source files/trees (sometimes called a patch). The diff tool isn't needed for building Wireshark, but it's needed if you are going to commit your changes back to the Wireshark community. The recommended way to build patches is using the Subversion client, see for details. You will find more instructions in on how to use the diff tool.

Diff is available for most of the UNIX-like platforms and as the diffutils package from the Cygwin setup. If GNU diff isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ diff --version should result in something like: However, the version string may vary.

A native Win32 diff package can be obtained from . The installation should be straightforward. The Subversion client TortoiseSVN has a built-in diff feature, see . It is currently unknown if this tool can be used to create diff files in the required format, so other persons can use them.

The patch utility is used to merge a diff file into your own source tree. This tool is only needed, if you want to apply a patch (diff file) from someone else (probably from the developer mailing list) to try out in your own private source tree. Unless you are in the rare case needing to apply a patch to your private source tree, you won't need the patch tool installed. You will find more instructions in on how to use the patch tool.

Patch is available for most of the UNIX-like platforms and as the patch package from the Cygwin setup. If GNU patch isn't already installed or available as a package for your platform, you can get it at: . After correct installation, typing at the bash command line prompt: $ patch --version should result in something like: However, the version string may vary.

A native Win32 patch package can be obtained from . The installation should be straightforward. The Subversion client TortoiseSVN has a built-in patch feature, see . The last time tested (Version 1.1.0), this feature failed to apply patches known to be ok.

GNU wget is used to download files from the internet using the command line. GNU wget is available for most of the UNIX-like platforms and as the wget package from the Cygwin setup. You will only need wget, if you want to use the Win32 automated library download, see for details. If GNU wget isn't already installed or available as a package for your platform (well, for Win32 it is available as a Cygwin package), you can get it at: . If wget is trying to download files but fails to do so, your Internet connection might use a HTTP proxy. Some Internet providers use such a proxy and it is common for company networks today. In this case, you must set the environment variable HTTP_PROXY before using wget. For example, if you are behind proxy.com which is listening on port 8080, you have to set it to something like: set HTTP_PROXY=http://proxy.com:8080/ If you are unsure about the settings, you might ask your system administrator.

GNU unzip is used to, well, unzip the zip files downloaded using the wget tool. GNU unzip is available for most of the UNIX-like platforms and as the unzip package from the Cygwin setup. You will only need unzip, if you want to use the Win32 automated library download, see for details. If GNU unzip isn't already installed or available as a package for your platform (well, for Win32 it is available as a Cygwin package), you can get it at: .

The NSIS (Nullsoft Scriptable Install System) is used to generate a wireshark-setup-<version>.exe from all the files needed to be installed, including all required DLL's and such. To install it, simply download the latest released version (currently: 2.28) from and start the downloaded installer. You will need NSIS version 2 final or higher. You will find more instructions in on how to use the NSIS tool.