How to Install Wireshark on Ubuntu

Wireshark is a powerful and free network protocol analyzer that allows you to capture and inspect network traffic passing through your computer’s network interfaces. It is an industry-standard tool used by network administrators, security professionals, developers, and anyone who wants to understand how network communication works.

This guide will walk you through the process of install Wireshark Ubuntu system using two methods including the APT package manager and compiling Wireshark from source code.

Using the APT Package Manager

The APT package manager is the recommended method for installing software on Ubuntu. It is a safe and convenient way to install Ubuntu packages that are maintained by the system repositories.

1. Update package lists

Before Ubuntu install Wireshark it is recommended to update the package lists to ensure you have access to the latest Ubuntu versions of packages. Open a terminal window and run the following command:

sudo apt update

2. Install Wireshark

Once the package lists are updated, install Wireshark using the following command:

sudo apt install wireshark

This command will install Wireshark and its dependencies. You may be prompted to enter your sudo password during the installation process.

3. Launch Wireshark

Once the installation is complete, you can launch Wireshark from the Applications menu or by typing wireshark in the terminal window.

Using the Graphical User Interface

Open the Activities overview by clicking on the Activities icon in the top left corner of your screen. In the search bar, type “wireshark”.

When you see the Wireshark icon, click on it to launch the application.

Wireshark with Superuser Privileges

By default, Wireshark captures traffic on the loopback interface (lo) which is used for internal communication within your system. To capture traffic on your physical network interfaces, you will need to run Wireshark with superuser privileges. Here are two ways to do this:

1. Using Sudo

Open a terminal window and type the following command:

sudo wireshark

You will be prompted to enter your sudo password. Once you enter your password, Wireshark will launch with superuser privileges.

2. Using gksu (deprecated)

While deprecated, you can still use gksu to launch Wireshark with superuser privileges. However, it is recommended to use the sudo method as it is more secure. To install gksu type the following command:

sudo apt install gksu

This will install gksu in the system. To launch Wireshark with gksu type the following command:

gksu wireshark

You will be prompted to enter your sudo password. Once you enter your password, Wireshark will launch with superuser privileges.

Important Note

Running Wireshark with superuser privileges can be a security risk. Only do this if you trust the network you are capturing traffic on. Capturing traffic on a network you do not have permission to monitor is illegal in most cases.

Compiling Wireshark from Source

Compiling Wireshark from source is an option for advanced users who want the latest features or need to build Wireshark with specific options. However, this method is more complex and time-consuming than using the APT package manager.

Prerequisites

• An Ubuntu system.
• A C compiler for example gcc
• A C++ compiler for example g++
• The GTK+ development libraries for example libgtk-3-dev
• The libpcap development libraries for example libpcap-dev

Steps to Install Wireshark on Ubuntu

Following are steps to download Wireshark on the Ubuntu system from the source code:

1. The latest version of the Wireshark source code can be downloaded from the official Wireshark website from your browser.

2. Once you have install latest Wireshark source code, extract it to a directory on your system. For example, run the following command to extract the Wireshark source code:

tar -xvf wireshark-x.y.z.tar.gz

Navigate to the extracted source directory and run the following command to configure the build process:

cd wireshark-x.y.z
./configure

This command will configure the build process based on your system’s configuration. You may need to specify additional options during configuration such as enabling or disabling specific features. Once the configuration is complete build Wireshark by running the following command:

make

This command will compile the Wireshark source code. Depending on your system’s resources, this process may take some time. Now as the final step install Wireshark by running the following command:

sudo make install

This command will install Wireshark and its dependencies to the system directories. You may need to enter your sudo password during the installation process. Next, you can launch the Wireshark from the terminal and GUI method.

Additional Notes

By default, capturing network traffic with Wireshark requires superuser privileges. To capture traffic without using sudo each time you can add your user account to the wireshark group. This can be done using the following command:

sudo usermod -a -G wireshark $USER

Adding your user to the wireshark group can be a security risk. Only do this if you trust the network you are capturing traffic on.

Conclusion

This guide has provided two methods for installing Wireshark on Ubuntu using the APT package manager and compiling from source. The APT package manager is the recommended method for most users as it is the easiest and most secure way to install software on Ubuntu. Compiling from source is an option for advanced users who need the latest features or need to build Wireshark with specific options.

By following the steps outlined in this guide, you should be able to successfully install Wireshark on your Ubuntu system and begin analyzing and capture network traffic Ubuntu system. Remember to use Wireshark responsibly and only capture traffic on networks you have permission to monitor.

FAQ