Wireshark is a free and opensource web analyzer. It allows you to know from a quite technical point of view what is happening in your network. With this, you can make statistics, specific monitoring or simply know its traffic.

Some of the main features of Wireshark are:

• Deep inspection of hundreds of protocols, with more being added all the time.
• Live capture and offline analysis.
• Standard three-pane packet browser.
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.
  The most powerful display filters in the industry.
• Rich VoIP analysis.

And many more. However, one of the most outstanding features is that it is cross-platform. In other words, you can install it on Windows, Linux, FreeBSD, Solaris, and other systems.

So, let’s install Wireshark.

1. Install Wireshark on Ubuntu 20.04/18.04

To install Wireshark more easily on Ubuntu 16.04, it is necessary to use a PPA repository of its developers. We have two options to install, the developing version or the latest stable version. I’ll show you the process for both, but in this post, I’ll install the stable version. If you use Ubuntu 20.04/ 18.04 this is not necessary.

If you want to install the development version:

Open a terminal and run:

:~$ sudo add-apt-repository ppa:dreibh/ppa
:~$ sudo apt update
:~$ sudo apt install wireshark

And that’s it.

Install the stable version:

It is always best to install the stable version of any program. That’s to avoid major bugs and surprises. It is clear that no application is free of bugs, but stable versions are less prone to them.

Open a Terminal and add the external repository with this command:

:~$ sudo add-apt-repository ppa:wireshark-dev/stable

Next, refresh the APT cache.

:~$ sudo apt update

Then install Wireshark.

:~$ sudo apt install wireshark

During installation, we will be asked if we want Wireshark to be available to all users member of wireshark group. Say yes.

And that’s it.

2. Configuring Wireshark

First, check the version of Wireshark installed.

:~$ wireshark -v

Next, add your current user to the wireshark group so you can use it without problems.

:~$ sudo usermod -a -G wireshark $USER

Now, change dumpcap permissions. With this you will make it possible to run without permission problems.

:~$ sudo chgrp wireshark /usr/bin/dumpcap
:~$ sudo chmod 750 /usr/bin/dumpcap
:~$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

After you do these steps, run Wireshark from the main menu.

Now, you can start to monitor your network.

Note: some case you need to run wireshark as root user.

Conclusion

Wireshark is a vital tool for many sysadmin or network enthusiasts. Its installation is quite simple but its power is almost unmatched.

Please share this post with your friends.

The post How to install Wireshark on Ubuntu 20.04/18.04? appeared first on Linux Windows and android Tutorials.

1. Install it

Of course, the first step to learning how to use Wireshark is to install it. Wireshark has the great advantage of being multiplatform, that is, you can install it on Windows, Linux or Mac OS. Besides, it is not complicated to do it.

So, in this article I explain how to install it, using Ubuntu 20.04/18.04 as a base. Again, it is not easy and is available in the official repositories of most Linux distributions.

2. What does Wireshark do?

The tool intercepts traffic and converts it into a human-readable format. This makes it easier to identify what traffic is crossing the network, how often and the latency between certain jumps.

Wireshark supports many protocols, but most are obsolete and few are used, so most packets are TCP, UPD, and ICMP.

3. Using Wireshark

Now it’s time to use Wireshark. First, run it from the main menu and you will see the following.

The first thing you need to do is select the network interface you want to inspect. In my case, the network interface is wlp5s0, which refers to the wireless network I’m using. If you want to know what the other interfaces are called you can use this command.

:~$ sudo ifconfig

So, click on the name of the network interface that you want to analyze and the capture of the traffic of that network will be incited.

The capture is done in real time, so the information that will be presented to you is very changeable. If you activate the promiscuous mode you will not only be able to see the packets that go to your network interface, but also to the rest of the network. This is useful especially when the interface is wireless.

To activate the Promiscuous Mode, go to Capture menu, Options.

This will work when you stop scanning over the network interface by pressing the red button.

When you want to stop the traffic monitoring on the network interface, you can press that button. This way you will have the captured packets and you will be able to work with them.

Colors in Wireshark

As you’ve noticed, the packages are shaded with different colors. These represent the various protocols that are supported by Wireshark. Of course, each of them has a representation that can be modified to your liking.

For color rules, go to View menu and select Coloring Rules option.

In this window, you will see how the protocols are identified. Generally, black is reserved for failed or incomplete packets. In addition to TCP and UDP with light colors.

Saving a network capture

If as in my case, after capturing the packets from the network, there is nothing interesting or simply do not want to analyze anything. You can save the capture of the interface and see it later.

To do this, go to the File menu and go to Save As option.

But that’s not all, the Wireshark wiki contains samples captures that you can use for learning. Then, open it from the File menu.

Filter captured packages

Wireshark can capture many packets in a very short time. For that reason, the program incorporates the option to filter them by protocols or by a keyword.

So, you just need to type in the keyword you want to filter. In my case, I wanted to filter all the requests made by the DNS protocol.

So, you will not miss anything in your network.

Using Wireshark to analyze a package

Now it’s time to analyze a package, to learn more about it. This is one of the basic functions of Wireshark and what it is made for. It’s really simple.

Select a package and at the bottom, you will see the details about it.

You can also create a filter from the selected package.

Or you can follow the TCP conversation between the client and the server. Select the package and go to Analyze menu, next go to Follow and finally click on TCP Stream option. You will see something like this.

So, that’s it.

Conclusion

Wireshark is a program with incredible power. This post will only introduce you to the world of network interface monitoring.

Please share this article with your friends.

The post Using Wireshark to analyze your network device appeared first on Linux Windows and android Tutorials.