Wireshark is a free and open-source network analysis tool and packet analyzer. With Wireshark, you can capture network traffic in real-time and use it for network analysis, troubleshooting, education, development e.t.c. In this guide we will install Wireshark on Ubuntu 22.04|20.04|18.04 Desktop.

For GNS3 users, you need to have installed GNS3 using the guide below:

Features of Wireshark

Wireshark comes with rich feature set such as:

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

Install Wireshark on Ubuntu 22.04|20.04|18.04

You have an option of installing the stable version of Wireshark or Development version. Installing from the development branch will give you the latest release.

Install Stable Wireshark release

If you’re more interested in stability as opposed to cutting edge features, then you can install stable release of Wireshark on Ubuntu.

Add PPA repository:

sudo apt update
sudo apt install software-properties-common apt-transport-https
sudo add-apt-repository ppa:wireshark-dev/stable 

Install Wireshark on Ubuntu:

sudo apt update
sudo apt -y install wireshark

Install Wireshark Development version

To get the development release, add

sudo add-apt-repository ppa:dreibh/ppa

Install Wireshark from the repository:

sudo apt update
sudo apt -y install wireshark

When asked whether to allow non-superusers to capture packets, select your option and finish the installation.

install wireshark ubuntu 18.04 01

Check installed Wireshark version:

$ wireshark --version
Wireshark 4.3.0 (Git commit 4d84bb6a1633).

Copyright 1998-2023 Gerald Combs <[email protected]> and contributors.
Licensed under the terms of the GNU General Public License (version 2 or later).
This is free software; see the file named COPYING in the distribution. There is
NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) using GCC 11.4.0, with GLib 2.72.4, with Qt 5.15.3, with
libpcap, with POSIX capabilities (Linux), with libnl 3, with zlib 1.2.11, with
PCRE2, with Lua 5.2.4, with GnuTLS 3.7.3 and PKCS #11 support, with Gcrypt
1.9.4, with Kerberos (MIT), with MaxMind, with nghttp2 1.43.0, with nghttp3
0.1.1, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.13,
with libsmi 0.4.8, with QtMultimedia, without automatic updates, without
Minizip, with binary plugins.

Running on Linux 5.15.0-88-generic, with Intel Xeon Processor (Skylake, IBRS)
(with SSE4.2), with 3816 MB of physical memory, with GLib 2.72.4, with Qt
5.15.3, with libpcap 1.10.1 (with TPACKET_V3), with zlib 1.2.11, with PCRE2
10.39 2021-10-29, with c-ares 1.18.1, with GnuTLS 3.7.3, with Gcrypt 1.9.4, with
nghttp2 1.43.0, with nghttp3 0.1.1, with brotli 1.0.9, with LZ4 1.9.3, with
Zstandard 1.4.8, with libsmi 0.4.8, with LC_TYPE=en_US.UTF-8, binary plugins
supported.

Configure and start Wireshark

To be able to capture packets as normal user, add your user to wireshark group.

sudo usermod -a -G wireshark $USER

Also change dumpcap binary file permissions.

sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Verify:

$ sudo getcap /usr/bin/dumpcap
 /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip

Starting Wireshark on Ubuntu

Launching Wireshark application can be done from the CLI or applications launcher.

install wireshark ubuntu 18.04 02

To start Wireshark from GUI, search for wireshark and hit the enter button.

install wireshark ubuntu 18.04 03

The same can be done from command line by typing:

$ wireshark

To test packets capturing, select interface to use and click “Start capturing packets” button

install wireshark ubuntu 18.04 04

And boom!. You now have Wireshark installed and working on your Ubuntu 22.04|20.04|18.04 Desktop machine. Learn more by reading the Wireshark guide.

LEAVE A REPLY

Please enter your comment!
Please enter your name here