This file tries to help building Wireshark for macOS (The Operating
System Formerly Known As Mac OS X And Then OS X) (Wireshark does not
work on the classic Mac OS).
You must have the developer tools (called Xcode) installed. For
versions of macOS up to and including Snow Leopard, Xcode 3 should be
available on the install DVD; Xcode 4 is available for download from
developer.apple.com and, for Lion and later releases, from the Mac App
for details. For Xcode 4, you will need to install the command-line
tools; select Preferences from the Xcode menu, select Downloads in the
Preferences window, and install Command Line Tools.
You must also have GLib and, if you want to build Wireshark as well as
TShark, you must have also Qt installed. You can download precompiled
Qt packages and source code from
or use the tools/macos-setup.sh script described below.
You should have CMake installed; you can download binary distributions
for macOS from
The tools/macos-setup.sh script can be used to download, patch as
necessary, build as necessary, and install those libraries and the
libraries on which they depend, along with tools such as CMake; it will,
by default, also install other libraries that can be used by Wireshark
and TShark. The versions of libraries and tools to download are
specified by variables set early in the script; you can comment out the
settings of optional libraries if you don't want them downloaded and
installed. Before running the tools/macos-setup.sh script, and before
attempting to build Wireshark, make sure your PKG_CONFIG_PATH
environment variable's setting includes /usr/local/lib/pkgconfig.
The tools/macos-setup.sh script must be run from the top-level source
After you have installed those libraries:
1. If you have installed Qt into some non-standard place, as is
distinctly possible with the build included with
macos-setup.sh, you must inform cmake by either including its
"bin" directory as part of the PATH environment variable or
setting CMAKE_PREFIX_PATH to the directory above Qt's "lib"
directory. For Qt 5.8 installed into one's home directory,
% export CMAKE_PREFIX_PATH=~/Qt5.8.0/5.8/clang_64
This step is unnecessary if you've used a recent version of
Homebrew, as the CMake build scripts will find Qt.
2. Make a directory in which Wireshark is to be built, separate
from the top-level source directory for Wireshark - it can be a
subdirectory of that top-level source directory;
3. cd to that directory, and run CMake, with an argument that is a
path to the top-level source directory;
4. When CMake finishes, run make to build Wireshark.
For example, to build Wireshark in a subdirectory of the top-level
source directory, named "build", do, from the top-level source
It is also possible to use the Xcode IDE to build and debug Wireshark
using cmake's Xcode generator. Create a separate build directory, as
described above and run cmake with the "-G Xcode" argument to create
a Xcode project file in the current directory.
cmake -G Xcode ..
1. Double click Wireshark.xcodeproj
2. Choose to create schemes manually
3. Create a scheme for the ALL_BUILD target
4. Edit the scheme, go to the run configuration and select Wireshark.app
If you upgrade the major release of macOS on which you are building
Wireshark, we advise that, before you do any builds after the upgrade,
you remove the build directory and all its subdiretories, and repeat the
above process, re-running CMake and rebuilding from scratch.
On Snow Leopard (10.6) and later releases, if you are building on a
machine with a 64-bit processor (with the exception of the early Intel
Core Duo and Intel Core Solo machines, all Apple machines with Intel
processors have 64-bit processors), the C/C++/Objective-C compiler will
build 64-bit by default.
This means that you will, by default, get a 64-bit version of Wireshark.
One consequence of this is that, if you built and installed any required
or optional libraries for Wireshark on an earlier release of macOS, those
are probably 32-bit versions of the libraries, and you will need to
un-install them and rebuild them on your current version of macOS, to get
Some required and optional libraries require special attention if you
install them by building from source code on Snow Leopard and later
releases; the tools/macos-setup.sh script will handle that for you.
GLib - the GLib configuration script determines whether the system's
libiconv is GNU iconv or not by checking whether it has libiconv_open(),
and the compile will fail if that test doesn't correctly indicate
whether libiconv is GNU iconv. In macOS, libiconv is GNU iconv, but the
64-bit version doesn't have libiconv_open(); a workaround for this is to
replace all occurrences of "libiconv_open" with "iconv_open" in the
configure script before running the script. The tools/macos-setup.sh
setup script will patch GLib to work around this.
libgcrypt - the libgcrypt configuration script attempts to determine
which flavor of assembler-language routines to use based on the platform
type determined by standard autoconf code. That code uses uname to
determine the processor type; however, in macOS, uname always reports
"i386" as the processor type on Intel machines, even Intel machines with
64-bit processors, so it will attempt to assemble the 32-bit x86
assembler-language routines, which will fail. The workaround for this
is to run the configure script with the --disable-asm argument, so that
the assembler-language routines are not used. The tools/macos-setup.sh
will configure libgcrypt with that option.
If you want to build Wireshark installer packages on a system that
doesn't include Xcode 3.x or earlier, you will need to install some
additional tools. From the Xcode menu, select the Open Developer Tool
menu, and then select More Developer Tools... from that menu. That will
open up a page on the Apple Developer Connection Web site; you may need
a developer account to download the additional tools. Download the
Auxiliary Tools for Xcode package; when the dmg opens, drag all its
contents to the Contents/Applications subdirectory of the Xcode.app
directory (normally /Applications/Xcode.app/Contents/Applications); then
to /usr/bin/packagemaker (the PackageMaker app, when run from the
command line rather than as a double-clicked app, is the packagemaker