How to install Wireshark on Ubuntu? [SOLVED]


Ubuntu

Author: Omer Cakmak
Reviewer: Deepak Prasad

What is Wireshark?

Wireshark is the world's leading and widely used free and open source packet analysis tool. It is used for network troubleshooting, analysis, software and communication protocol development, and training. Started by Gerald Combs in 1998 and called Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues. Wireshark continues to evolve thanks to the voluntary contributions of network experts around the world.

Here are some of the things you can do with Wireshark:

  • Live capture and offline analysis
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed) etc.
  • Capture files compressed with gzip can be decompressed on the fly
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Output can be exported to XML, PostScript®, CSV, or plain text
  • And more

In this article, we will install Wireshark, which can be installed on many different operating systems, on Ubuntu.

 

Different methods to install Wireshark

There are 2 different methods to install Wireshark on Ubuntu. Since it is an open source application, a version is available in the Ubuntu repositories. In addition, there are Ubuntu repositories that offer Wireshark with a more up-to-date and stable version, you can use them by adding them to the system. Now let's explain these installations in turn.

 

Method-1: Install From Default Repository

First, pull the current package list from the Ubuntu repositories:

foc@ubuntu22desktop:~$ sudo apt update -y

Then install wireshark package:

foc@ubuntu22desktop:~$ sudo apt install wireshark -y

During installation, you will encounter the following warning, if you say "Yes", any user in the system can use this network monitoring application. We will choose "No" so that unauthorized persons cannot use it.

How to install Wireshark on Ubuntu? [SOLVED]

Give execute permission to "dumpcap":

foc@ubuntu22desktop:~$ sudo chmod +x /usr/bin/dumpcap

Installed version:

foc@ubuntu22desktop:~$ wireshark --version
Wireshark 3.6.2 (Git v3.6.2 packaged as 3.6.2-2)

After installation, you can access the application after authorization control with the following command in the terminal:

foc@ubuntu22desktop:~$ sudo wireshark

install Wireshark

 

If you don't use sudo and open Wireshark from the menu you will get the following warning:

How to install Wireshark on Ubuntu? [SOLVED]

Two suggestions for solution:

Solution-1: Invoke Wireshark from the terminal with sudo.

Solution-2: Allow all users to use Wireshark with the command "sudo dpkg-reconfigure wireshark-common". And add the user to the wireshark group:

foc@ubuntu22desktop:~$ sudo usermod -aG wireshark foc

After applying one of the two solutions, Wireshark installation is completed without any problems.

 

Method-2: Install using Wireshark-Dev Repository

IMPORTANT NOTE:
The contents of Personal Package Archives are not checked or monitored. You install software from them at your own risk.

Add the stable repository address to the system with the following command:

foc@ubuntu22desktop:~$ sudo add-apt-repository ppa:wireshark-dev/stable -y

Update repository packages list:

foc@ubuntu22desktop:~$ sudo apt update -y

And then install the wireshark package:

foc@ubuntu22desktop:~$ sudo apt install wireshark -y

Allow all users to use Wireshark while the installation is in progress:

How to install Wireshark on Ubuntu? [SOLVED]

Installation completed successfully. Give execute permission to "dumpcap":

foc@ubuntu22desktop:~$ sudo chmod +x /usr/bin/dumpcap

Version:

foc@ubuntu22desktop:~$ wireshark --version
Wireshark 3.6.7 (Git v3.6.7 packaged as 3.6.7-1~ubuntu22.04.0+wiresharkdevstable)

 

What is NEXT?

 

Summary

Installation is done similarly in both methods. Although the version in Ubuntu repositories is a little low, packages that come with operating systems should be preferred.

For more information, you can get help from the help pages:

foc@ubuntu22desktop:~/wireshark$ wireshark --help
Usage: wireshark [options] ... [ <infile> ]

Capture interface:
-i <interface>, --interface <interface>
name or idx of interface (def: first non-loopback)
...

 

References

www.wireshark.org - Installing from debs under Debian, Ubuntu and other Debian derivatives

askubuntu.com - How to install Wireshark

 

Omer Cakmak

Omer Cakmak

He is highly skilled at managing Debian, Ubuntu, CentOS, Oracle Linux, and Red Hat servers. Proficient in bash scripting, Ansible, and AWX central server management, he handles server operations on OpenStack, KVM, Proxmox, and VMware. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment