Wireshark is a free and open-source network analysis tool and packet analyzer. WIth Wireshark, you can capture network traffic in real-time and use it for network analysis, troubleshooting, education, development e.t.c.
For GNS3 users, you need to have installed GNS3 using the guide below:
Features of Wireshark
Wireshark comes with rich feature set such as:
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
How to install Wireshark on Ubuntu 18.04
You have an option of installing the stable version of Wireshark or Development version. Installing from the development branch will give you the latest release.
Install Stable Wireshark release
If you’re more interested in stabilty as opposed to cutting edge features, then you can install stable release of Wireshark on Ubuntu 18.04 / Ubuntu 16.04.
Add PPA repository and install Wireshark.
sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt update
sudo apt -y install wireshark
Install Wireshark Development version
To get the development release, add
sudo add-apt-repository ppa:dreibh/ppa
Install Wireshark from the repository
sudo apt update
sudo apt -y install wireshark
When asked whether to allow non-superusers to capture packets, select your option and finish the installation.
Check installed Wireshark version:
$ wireshark --version
Wireshark 2.9.0 (Git Rev Unknown from unknown)
Copyright 1998-2018 Gerald Combs [email protected] and contributors.
License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.56.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with MIT
Kerberos, with MaxMind DB resolver, without nghttp2, with LZ4, with Snappy, with
libxml2 2.9.4, with QtMultimedia, with SBC, with SpanDSP, without bcg729.
Running on Linux 4.15.0-20-generic, with Intel(R) Core(TM) i5-8250U CPU @wireshark --version
1.60GHz (with SSE4.2), with 985 MB of physical memory, with locale
LC_CTYPE=en_US.UTF-8, LC_NUMERIC=om_KE.UTF-8, LC_TIME=om_KE.UTF-8,
LC_COLLATE=en_US.UTF-8, LC_MONETARY=om_KE.UTF-8, LC_MESSAGES=en_US.UTF-8,
LC_PAPER=om_KE.UTF-8, LC_NAME=om_KE.UTF-8, LC_ADDRESS=om_KE.UTF-8,
LC_IDENTIFICATION=om_KE.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18,
with Gcrypt 1.8.1, with zlib 1.2.11, binary plugins supported (0 loaded).
Built using gcc 7.3.0.
Configure and start Wireshark
To be able to capture packets as normal user, add your user to
sudo usermod -a -G wireshark $USER
dumpcap binary file permissions.
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
$ sudo getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
Launching Wireshark application can be done from the CLI or applications launcher.
To start Wireshark from GUI, search for
wireshark and hit the enter button.
The same can be done from command line by typing:
To test packets capturing, select interface to use and click “Start capturing packets” button
And boom!. You now have Wireshark installed and working on your Ubuntu 18.04 / Ubuntu 16.04 Desktop machine. Learn more by reading the Wireshark guide.