How to install Wireshark on Ubuntu 16.04/18.04?

0
282

Many things happen in a network, especially if many users use it. Actually, we don’t know everything that happens on it, and that for some sysadmin or IT professionals is a problem. Basic or relevant information intersect in that exchange. Therefore, there are applications like Wireshark that help to collect statistics on the use of the network protocol and analyze them. With this in mind, today I will teach you how to install Wireshark on Ubuntu 16.04 and 18.04.

Wireshark is a free and opensource web analyzer. It allows you to know from a quite technical point of view what is happening in your network. With this, you can make statistics, specific monitoring or simply know its traffic.

Some of the main features of Wireshark are:

  • Deep inspection of hundreds of protocols, with more being added all the time.
  • Live capture and offline analysis.
  • Standard three-pane packet browser.
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.
    The most powerful display filters in the industry.
  • Rich VoIP analysis.

And many more. However, one of the most outstanding features is that it is cross-platform. In other words, you can install it on Windows, Linux, FreeBSD, Solaris, and other systems.

So, let’s install Wireshark.

1. Install Wireshark on Ubuntu 16.04/18.04

To install Wireshark more easily on Ubuntu 16.04, it is necessary to use a PPA repository of its developers. We have two options to install, the developing version or the latest stable version. I’ll show you the process for both, but in this post, I’ll install the stable version. If you use Ubuntu 18.04 this is not necessary.

If you want to install the development version:

Open a terminal and run:

:~$ sudo add-apt-repository ppa:dreibh/ppa
:~$ sudo apt update
:~$ sudo apt install wireshark

And that’s it.

Install the stable version:

It is always best to install the stable version of any program. That’s to avoid major bugs and surprises. It is clear that no application is free of bugs, but stable versions are less prone to them.

Open a Terminal and add the external repository with this command:

:~$ sudo add-apt-repository ppa:wireshark-dev/stable
1.- Adding the external repository
1.- Adding the external repository

Next, refresh the APT cache.

:~$ sudo apt update
2.- Running the APT cache
2.- Running the APT cache

Then install Wireshark.

:~$ sudo apt install wireshark
3.- Install Wireshark
3.- Install Wireshark

During installation, we will be asked if we want Wireshark to be available to all users member of wireshark group. Say yes.

4.- Configuring Wireshark
4.- Configuring Wireshark

And that’s it.

2. Configuring Wireshark

First, check the version of Wireshark installed.

:~$ wireshark -v
5.- Check the Wireshark version
5.- Check the Wireshark version

Next, add your current user to the wireshark group so you can use it without problems.

:~$ sudo usermod -a -G wireshark $USER

Now, change dumpcap permissions. With this you will make it possible to run without permission problems.

:~$ sudo chgrp wireshark /usr/bin/dumpcap
:~$ sudo chmod 750 /usr/bin/dumpcap
:~$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
6.- Change the pemissions
6.- Change the permissions

After you do these steps, run Wireshark from the main menu.

7.- Wireshark
7.- Wireshark

Now, you can start to monitor your network.

Note: some case you need to run wireshark as root user.

Conclusion

Wireshark is a vital tool for many sysadmin or network enthusiasts. Its installation is quite simple but its power is almost unmatched.

Please share this post with your friends.

LEAVE A REPLY

Please enter your comment!
Please enter your name here