Install the Latest Version of Wireshark From Source on Linux Mint

Install the Latest Version of Wireshark From Source on Linux Mint

Should Work on Most Debian Based Linux Distros

1. If you already have wireshark installed uninstall it via APT. Also note the version currently installed.

wireshark --version |grep Git
Wireshark 3.2.3 (Git v3.2.3 packaged as 3.2.3-1)
sudo apt-get remove wireshark
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libqt5multimedia5-plugins libqt5multimediagsttools5 libqt5multimediawidgets5 libsmi2ldbl libwireshark-data libwireshark13 libwiretap10 libwsutil11 linux-headers-5.4.0-121 linux-headers-5.4.0-121-generic linux-headers-5.4.0-122
  linux-headers-5.4.0-122-generic linux-image-5.4.0-121-generic linux-image-5.4.0-122-generic linux-modules-5.4.0-121-generic linux-modules-5.4.0-122-generic linux-modules-extra-5.4.0-121-generic linux-modules-extra-5.4.0-122-generic
  wireshark-common wireshark-qt
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  wireshark
0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
After this operation, 59.4 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 633107 files and directories currently installed.)
Removing wireshark (3.2.3-1) ...

2. Download the latest (stable) wireshark source code for your platform like so:

cd /opt
sudo wget -c https://2.na.dl.wireshark.org/src/wireshark-3.6.7.tar.xz         
--2022-09-08 15:15:31--  https://2.na.dl.wireshark.org/src/wireshark-3.6.7.tar.xz
Resolving 2.na.dl.wireshark.org (2.na.dl.wireshark.org)... 51.81.186.201, 2604:2dc0:202:300::224
Connecting to 2.na.dl.wireshark.org (2.na.dl.wireshark.org)|51.81.186.201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 39967312 (38M) [application/x-xz]
Saving to: ‘wireshark-3.6.7.tar.xz’

wireshark-3.6.7.tar.xz                                      100%[=========================================================================================================================================>]  38.12M  4.71MB/s    in 9.8s    

2022-09-08 15:15:41 (3.87 MB/s) - ‘wireshark-3.6.7.tar.xz’ saved [39967312/39967312]

3. Decompress the tar file. When finished the file should no longer have the .xz extension.

sudo unxz wireshark-3.6.7.tar.xz 
ls wireshark-3.6.7.tar 
wireshark-3.6.7.tar

4. Now untar the source tar, cd into the directory it creates, make a build directory & run cmake from your new build directory. Note: First apt-get command installs cmake & required libraries.

sudo apt-get install cmake libglib2.0-dev libgcrypt20-dev libc-ares-dev qttools5-dev libssh-dev libsystemd-dev qtmultimedia5-dev
sudo tar xf wireshark-3.6.7.tar
cd wireshark-3.6.7/
/opt/wireshark-3.6.7$ sudo mkdir build
/opt/wireshark-3.6.7$ cd build
/opt/wireshark-3.6.7/build$ sudo cmake ..
-- Generating build using CMake 3.16.3
-- LTO/IPO is not enabled
-- CMake build type: RelWithDebInfo
-- V: 3.6.7, MaV: 3, MiV: 6, PL: 7, EV: .
-- Linker flags:  -Wl,--as-needed
-- Could NOT find MaxMindDB (missing: MAXMINDDB_LIBRARY MAXMINDDB_INCLUDE_DIR) 
-- Could NOT find SMI (missing: SMI_LIBRARY SMI_INCLUDE_DIR) 
-- Checking for one of the modules 'gnutls'
-- Could NOT find GNUTLS: Found unsuitable version "", but required is at least "3.3.0" (found GNUTLS_LIBRARY-NOTFOUND)
-- Checking for one of the modules 'krb5;mit-krb5;heimdal-krb5'
-- Could NOT find KERBEROS (missing: KERBEROS_LIBRARY KERBEROS_INCLUDE_DIR) 
-- Checking for one of the modules 'zlib'
-- Found ZLIB: /usr/lib/x86_64-linux-gnu/libz.so  
-- Looking for inflate
-- Looking for inflate - found
-- Looking for inflatePrime
-- Looking for inflatePrime - found
-- Could NOT find Minizip (missing: MINIZIP_LIBRARY MINIZIP_INCLUDE_DIR) (found version "")
-- Could NOT find BROTLI (missing: BROTLIDEC_LIBRARY BROTLI_INCLUDE_DIR) 
-- Checking for one of the modules 'lz4;liblz4'
-- Could NOT find LZ4 (missing: LZ4_LIBRARY LZ4_INCLUDE_DIR) 
-- Could NOT find SNAPPY (missing: SNAPPY_LIBRARY SNAPPY_INCLUDE_DIR) 
-- Checking for one of the modules 'libzstd'
-- Could NOT find ZSTD: Found unsuitable version "", but required is at least "1.0.0" (found ZSTD_LIBRARY-NOTFOUND)
-- Checking for one of the modules 'libnghttp2'
-- Could NOT find NGHTTP2 (missing: NGHTTP2_LIBRARY NGHTTP2_INCLUDE_DIR) 
-- Checking for one of the modules 'lua5.2;lua-5.2;lua52;lua5.1;lua-5.1;lua51'
-- Checking for one of the modules 'lua<=5.2.99'
-- Could NOT find LUA (missing: LUA_LIBRARY LUA_INCLUDE_DIR LUA_VERSION_NUM) (Required is at least version "5.1")
-- Checking for modules 'libnl-3.0;libnl-genl-3.0;libnl-route-3.0'
--   No package 'libnl-3.0' found
--   No package 'libnl-genl-3.0' found
--   No package 'libnl-route-3.0' found
-- Checking for one of the modules 'libnl-2.0'
-- Checking for one of the modules 'libnl-1'
-- Could NOT find NL (missing: NL_LIBRARY NL_INCLUDE_DIR) 
-- Could NOT find SBC (missing: SBC_LIBRARY SBC_INCLUDE_DIR) 
-- Checking for one of the modules 'spandsp'
-- Could NOT find SPANDSP (missing: SPANDSP_LIBRARY SPANDSP_INCLUDE_DIR) 
-- Could NOT find BCG729 (missing: BCG729_LIBRARY BCG729_INCLUDE_DIR) 
-- Checking for one of the modules 'libilbc'
-- Could NOT find ILBC (missing: ILBC_LIBRARY ILBC_INCLUDE_DIR) 
-- Checking for one of the modules 'opus'
-- Could NOT find OPUS (missing: OPUS_LIBRARY OPUS_INCLUDE_DIR) 
-- Found LibXml2: /usr/lib/x86_64-linux-gnu/libxml2.so (found version "2.9.10") 
-- Checking for one of the modules 'libcap'
-- Could NOT find CAP (missing: CAP_LIBRARY CAP_INCLUDE_DIR) 
-- Found SETCAP: /usr/sbin/setcap  
-- Could NOT find Asciidoctor (missing: ASCIIDOCTOR_EXECUTABLE) (Required is at least version "1.5")
-- Could NOT find DOXYGEN (missing: DOXYGEN_EXECUTABLE) 
-- Could NOT find SpeexDSP (missing: SPEEXDSP_LIBRARY SPEEXDSP_INCLUDE_DIR) (found version "")
-- Looking for arpa/inet.h
-- Looking for arpa/inet.h - found
-- Looking for grp.h
-- Looking for grp.h - found
-- Looking for include files sys/types.h, ifaddrs.h
-- Looking for include files sys/types.h, ifaddrs.h - found
-- Looking for netinet/in.h
-- Looking for netinet/in.h - found
-- Looking for netdb.h
-- Looking for netdb.h - found
-- Looking for pwd.h
-- Looking for pwd.h - found
-- Looking for sys/select.h
-- Looking for sys/select.h - found
-- Looking for sys/socket.h
-- Looking for sys/socket.h - found
-- Looking for sys/time.h
-- Looking for sys/time.h - found
-- Looking for sys/utsname.h
-- Looking for sys/utsname.h - found
-- Looking for sys/wait.h
-- Looking for sys/wait.h - found
-- Looking for unistd.h
-- Looking for unistd.h - found
-- Performing Test HAVE_LINUX_SOCKIOS_H
-- Performing Test HAVE_LINUX_SOCKIOS_H - Success
-- Performing Test HAVE_LINUX_IF_BONDING_H
-- Performing Test HAVE_LINUX_IF_BONDING_H - Success
-- Looking for clock_gettime
-- Looking for clock_gettime - found
-- Looking for getifaddrs
-- Looking for getifaddrs - found
-- Looking for issetugid
-- Looking for issetugid - not found
-- Looking for setresgid
-- Looking for setresgid - found
-- Looking for setresuid
-- Looking for setresuid - found
-- Looking for strptime
-- Looking for strptime - found
-- Performing Test HAVE_STRUCT_STAT_ST_BLKSIZE
-- Performing Test HAVE_STRUCT_STAT_ST_BLKSIZE - Success
-- Performing Test HAVE_STRUCT_STAT_ST_BIRTHTIME
-- Performing Test HAVE_STRUCT_STAT_ST_BIRTHTIME - Failed
-- Performing Test HAVE_STRUCT_STAT___ST_BIRTHTIME
-- Performing Test HAVE_STRUCT_STAT___ST_BIRTHTIME - Failed
-- Performing Test HAVE_STRUCT_TM_TM_ZONE
-- Performing Test HAVE_STRUCT_TM_TM_ZONE - Success
-- Looking for tzname
-- Looking for tzname - found
-- Performing Test HAVE_C99_VSNPRINTF
-- Performing Test HAVE_C99_VSNPRINTF - Success
-- Could NOT find Asciidoctor (missing: ASCIIDOCTOR_EXECUTABLE) (Required is at least version "1.5")
-- Could NOT find Asciidoctor (missing: ASCIIDOCTOR_EXECUTABLE) (Required is at least version "1.5")
-- Could NOT find XSLTPROC (missing: XSLTPROC_EXECUTABLE) 
-- Found python module asn2wrs: /opt/wireshark-3.6.7/tools/asn2wrs.py
-- Looking for ssh_userauth_agent
-- Looking for ssh_userauth_agent - found
-- Performing Test C_Wimplicit_fallthrough_VALID
-- Performing Test C_Wimplicit_fallthrough_VALID - Success
-- Performing Test C_Wsign_compare_VALID
-- Performing Test C_Wsign_compare_VALID - Success
-- Performing Test C_Wunused_parameter_VALID
-- Performing Test C_Wunused_parameter_VALID - Success
-- Performing Test C_Wc___compat_VALID
-- Performing Test C_Wc___compat_VALID - Success
-- Performing Test COMPILER_CAN_HANDLE_SSE4_2
-- Performing Test COMPILER_CAN_HANDLE_SSE4_2 - Success
-- SSE4.2 compiler flag: -msse4.2
-- Looking for emmintrin.h
-- Looking for emmintrin.h - found
-- Looking for nmmintrin.h
-- Looking for nmmintrin.h - found
-- Found python module make-plugin-reg: /opt/wireshark-3.6.7/tools/make-plugin-reg.py
-- C-Flags: -fvisibility=hidden  -fexcess-precision=fast -Wall -Wextra -Wendif-labels -Wpointer-arith -Wformat-security -fwrapv -fno-strict-overflow -Wvla -Waddress -Wattributes -Wdiv-by-zero -Wignored-qualifiers -Wpragmas -Wno-overlength-strings -Wno-long-long -Wredundant-decls -Wframe-larger-than=32768 -Wunused-const-variable -Wshadow -Wold-style-definition -Wstrict-prototypes -Wlogical-op -Wjump-misses-init -Werror=implicit -Wno-pointer-sign -std=gnu99  -fmacro-prefix-map=/opt/wireshark-3.6.7/= -fmacro-prefix-map=/opt/wireshark-3.6.7/build/= -fmacro-prefix-map=../= -O2 -g -DNDEBUG
-- CXX-Flags:  -fexcess-precision=fast -Wall -Wextra -Wendif-labels -Wpointer-arith -Wformat-security -fwrapv -fno-strict-overflow -Wvla -Waddress -Wattributes -Wdiv-by-zero -Wignored-qualifiers -Wpragmas -Wno-overlength-strings -Wno-long-long -Wredundant-decls -Wframe-larger-than=32768 -Wextra-semi  -fmacro-prefix-map=/opt/wireshark-3.6.7/= -fmacro-prefix-map=/opt/wireshark-3.6.7/build/= -fmacro-prefix-map=../= -O2 -g -DNDEBUG
-- Warnings as errors disabled
-- The following OPTIONAL packages have been found:

 * Git
 * GMODULE2
 * Gettext
 * LIBSSH (required version >= 0.6), Library for implementing SSH clients, <https://www.libssh.org/>
   extcap remote SSH interfaces (sshdump, ciscodump)
 * PCAP
 * Systemd, System and Service Manager (libraries), <https://freedesktop.org/wiki/Software/systemd/>
   Support for systemd journal extcap interface (sdjournal)
 * ZLIB
 * LibXml2
 * SETCAP

-- The following REQUIRED packages have been found:

 * GLIB2 (required version >= 2.38.0)
 * GTHREAD2
 * GCRYPT (required version >= 1.5.0)
 * CARES (required version >= 1.5.0), Library for asynchronous DNS requests, <https://c-ares.org/>
   DNS name resolution for captures
 * LEX
 * Perl
 * Python3 (required version >= 3.4)
 * M
 * Qt5Core
 * Qt5LinguistTools
 * Qt5Network (required version >= 5.12.8)
 * Qt5Gui (required version >= 5.12.8)
 * Qt5Multimedia
 * Qt5PrintSupport
 * Qt5Widgets

-- The following OPTIONAL packages have not been found:

 * MaxMindDB, C library for the MaxMind DB file format, <https://github.com/maxmind/libmaxminddb>
   Support for GeoIP lookup
 * SMI, Library to access SMI management information, <https://www.ibr.cs.tu-bs.de/projects/libsmi/>
   Support MIB and PIB parsing and OID resolution
 * GNUTLS (required version >= 3.3.0)
 * KERBEROS
 * Minizip, Mini zip and unzip based on zlib, <https://github.com/madler/zlib>
   Support for profiles import/export
 * BROTLI
 * LZ4, LZ4 is a fast lossless compression algorithm, <http://www.lz4.org>
   LZ4 decompression in CQL and Kafka dissectors, read compressed capture files
 * SNAPPY, A fast compressor/decompressor from Google, <https://google.github.io/snappy/>
   Snappy decompression in CQL and Kafka dissectors
 * ZSTD (required version >= 1.0.0), A compressor/decompressor from Facebook providing better compression than Snappy at a cost of speed, <https://facebook.github.io/zstd/>
   Zstd decompression in Kafka dissector, read compressed capture files
 * NGHTTP2, HTTP/2 C library and tools, <https://nghttp2.org>
   Header decompression in HTTP2
 * LUA (required version >= 5.1)
 * NL, Libraries for using the Netlink protocol on Linux, <https://www.infradead.org/~tgr/libnl/>
   Support for managing wireless 802.11 interfaces
 * SBC, Bluetooth low-complexity, subband codec (SBC) decoder, <https://git.kernel.org/pub/scm/bluetooth/sbc.git>
   Support for playing SBC codec in RTP player
 * SPANDSP, a library of many DSP functions for telephony, <https://www.soft-switch.org>
   Support for G.722 and G.726 codecs in RTP player
 * BCG729, G.729 decoder, <https://www.linphone.org/technical-corner/bcg729>
   Support for G.729 codec in RTP player
 * ILBC, iLBC decoder, <https://github.com/TimothyGu/libilbc>
   Support for iLBC codec in RTP player
 * OPUS, opus decoder, <https://opus-codec.org/>
   Support for opus codec in RTP player
 * CAP, The Libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels, <https://sites.google.com/site/fullycapable/>
   Allow packet captures without running as root
 * DOXYGEN
 * SpeexDSP, SpeexDSP is a patent-free, Open Source/Free Software DSP library, <https://www.speex.org/>
   RTP audio resampling
 * Asciidoctor (required version >= 1.5)
 * XSLTPROC

We are on tag v3.6.7.
vcs_version.h has been updated.
-- Configuring done
-- Generating done
-- Build files have been written to: /opt/wireshark-3.6.7/build

At this point you should be able to just type make and have some compiled binaries! However notice the following OPTIONAL libraries we are still missing:

-- The following OPTIONAL packages have not been found:

 * MaxMindDB, C library for the MaxMind DB file format, <https://github.com/maxmind/libmaxminddb>
   Support for GeoIP lookup
 * SMI, Library to access SMI management information, <https://www.ibr.cs.tu-bs.de/projects/libsmi/>
   Support MIB and PIB parsing and OID resolution
 * GNUTLS (required version >= 3.3.0)
 * KERBEROS
 * Minizip, Mini zip and unzip based on zlib, <https://github.com/madler/zlib>
   Support for profiles import/export
 * BROTLI
 * LZ4, LZ4 is a fast lossless compression algorithm, <http://www.lz4.org>
   LZ4 decompression in CQL and Kafka dissectors, read compressed capture files
 * SNAPPY, A fast compressor/decompressor from Google, <https://google.github.io/snappy/>
   Snappy decompression in CQL and Kafka dissectors
 * ZSTD (required version >= 1.0.0), A compressor/decompressor from Facebook providing better compression than Snappy at a cost of speed, <https://facebook.github.io/zstd/>
   Zstd decompression in Kafka dissector, read compressed capture files
 * NGHTTP2, HTTP/2 C library and tools, <https://nghttp2.org>
   Header decompression in HTTP2
 * LUA (required version >= 5.1)
 * NL, Libraries for using the Netlink protocol on Linux, <https://www.infradead.org/~tgr/libnl/>
   Support for managing wireless 802.11 interfaces
 * SBC, Bluetooth low-complexity, subband codec (SBC) decoder, <https://git.kernel.org/pub/scm/bluetooth/sbc.git>
   Support for playing SBC codec in RTP player
 * SPANDSP, a library of many DSP functions for telephony, <https://www.soft-switch.org>
   Support for G.722 and G.726 codecs in RTP player
 * BCG729, G.729 decoder, <https://www.linphone.org/technical-corner/bcg729>
   Support for G.729 codec in RTP player
 * ILBC, iLBC decoder, <https://github.com/TimothyGu/libilbc>
   Support for iLBC codec in RTP player
 * OPUS, opus decoder, <https://opus-codec.org/>
   Support for opus codec in RTP player
 * CAP, The Libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels, <https://sites.google.com/site/fullycapable/>
   Allow packet captures without running as root
 * DOXYGEN
 * SpeexDSP, SpeexDSP is a patent-free, Open Source/Free Software DSP library, <https://www.speex.org/>
   RTP audio resampling
 * Asciidoctor (required version >= 1.5)
 * XSLTPROC

If you want to support these features we'll have to track down & install these misisng libraries. If you want these additional features install the folloiwng packages; or equivalent for your platform.

sudo apt-get install libmaxminddb-dev libsmi2-dev libgnutls28-dev libkrb5-dev libminizip-dev libbrotli-dev liblz4-dev \
libsnappy-dev libzstd-dev libnghttp2-dev libluabind-dev libnl-cli-3-dev libsbc-dev libspandsp-dev libopus-dev \
doxygen libspeexdsp-dev asciidoctor xsltproc libcap-dev

Caveats

1. If you're on Linux Mint you'll need to be on at least version 21 ( Code name Vanessa) in order to apt-get install libilbc. Otherwise you'll have to compile and install from source which you can download here.

Compile Binaries

1. Now you're ready to compile wireshark binaries by running sudo make from the build directory you created. After running sudo make feel free to make a pot of coffee; it's gonna be a minute :).

cd /opt/wireshark-3.6.7/build
sudo make

Symlink binaries in place

1. After sudo make finishes you should now see the binaries you just compiled from source in the run/ directory. I'd recommend symlinking at least the following binaries. There may also be a few others you might want to symlink as well.

sudo ln -s /opt/wireshark-3.6.7/build/run/wireshark /usr/local/bin/wireshark

sudo ln -s /opt/wireshark-3.6.7/build/run/thark /usr/local/bin/tshark

sudo ln -s /opt/wireshark-3.6.7/build/run/text2pcap /usr/local/bin/text2pcap

sudo ln -s /opt/wireshark-3.6.7/build/run/randpkt /usr/local/bin/randpkt

sudo ln -s /opt/wireshark-3.6.7/build/run/reordercap /usr/local/bin/reordercap

sudo ln -s /opt/wireshark-3.6.7/build/run/mergecap /usr/local/bin/mergecap

sudo ln -s /opt/wireshark-3.6.7/build/run/editcapcap /usr/local/bin/editcap

sudo ln -s /opt/wireshark-3.6.7/build/run/dumpcap /usr/local/bin/dumpcap

2. Now you should be able to run wireshark anywhere and confirm the version.

wireshark --version
Wireshark 3.6.7 (Git commit 4a304d7ec222)

Copyright 1998-2022 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) using GCC 9.4.0, with Qt 5.12.8, with libpcap, with POSIX
capabilities (Linux), with libnl 3, with GLib 2.64.6, with zlib 1.2.11, with Lua
5.2.4, with GnuTLS 3.6.13 and PKCS #11 support, with Gcrypt 1.8.5, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0, with brotli, with LZ4,
with Zstandard, with Snappy, with libxml2 2.9.10, with libsmi 0.4.8, with
QtMultimedia, without automatic updates, with SpeexDSP (using system library),
with Minizip.

Running on Linux 5.4.0-124-generic, with Intel(R) Core(TM) i7-10510U CPU @
1.80GHz (with SSE4.2), with 15328 MB of physical memory, with GLib 2.64.6, with
zlib 1.2.11, with Qt 5.12.8, with libpcap 1.9.1 (with TPACKET_V3), with c-ares
1.15.0, with GnuTLS 3.6.13, with Gcrypt 1.8.5, with nghttp2 1.40.0, with brotli
1.0.7, with LZ4 1.9.2, with Zstandard 1.4.4, with libsmi 0.4.8, with
LC_TYPE=en_US.UTF-8, binary plugins supported (0 loaded).

Future Upgrades

Now with this setup, when it's time to upgrade, all you have to do is the following:

1. Downlaod source & compile binaries.
2. Delete current symlinks.
3. Create symlinks for the new binaries.
4. rm -rf the directory in /opt containing the older version.