How to Install Wireshark on Ubuntu 24.04, 22.04 or 20.04

Wireshark is a powerful network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It is widely used by network administrators, security professionals, and developers for troubleshooting, analysis, and educational purposes. Wireshark provides a detailed view of network activity, making it an essential tool for anyone needing to analyze network packets or diagnose network issues.

On Ubuntu 24.04, 22.04, or 20.04, Wireshark can be installed via the command-line using two primary methods. The first method is through the Ubuntu default repository, which provides a stable version suitable for most users. Alternatively, for those who need the latest features and updates, you can install Wireshark via the Wireshark Developers Team PPA. This guide will cover both methods, allowing you to choose the best option for your needs.

Updating Your Ubuntu System Before Wireshark Installation

The initial action to be taken is to ensure your Ubuntu system is up-to-date. This avoids any conflicts that could arise from outdated components during the installation process. The system and its software packages will be refreshed to their most recent versions by executing the following command in your terminal.

sudo apt update && sudo apt upgrade

Determining Your Preferred Wireshark Installation Method

At this junction, you have two options for installing Wireshark, each with distinct benefits and considerations.

Method 1: Install Wireshark from the Ubuntu Repository

Wireshark is included by default in Ubuntu’s software repository. This simplifies the installation process, as you need not manually download packages or compile from the source. Additionally, this method ensures your Wireshark installation stays updated automatically with your system updates. To install Wireshark using this method, you can execute the following command:

sudo apt install wireshark

Method 2: Install Wireshark via Wireshark Developers Team PPA

The second installation method introduces the usage of the Personal Package Archive (PPA) maintained by the Wireshark Developers Team. This method is beneficial if you’re running an older Ubuntu system, such as Ubuntu 20.04 LTS, which may have an out-of-date version of Wireshark. The PPA backports the latest stable releases of Wireshark from Debian package versions, allowing you to enjoy the latest features and improvements.

To utilize this method, first import the PPA into your system with the following command:

sudo add-apt-repository ppa:wireshark-dev/stable -y

Then, update your system’s package list and proceed with the installation of Wireshark by executing the following command:

sudo apt update && sudo apt install wireshark

Finalize Wireshark Installation

During the installation process, you may encounter a prompt asking if you want non-superusers to be able to run Wireshark. This is related to the system permissions necessary for running the application. If you choose not to grant this access, you must add each user individually to the ‘wireshark’ user group. Your choice here depends on your security requirements.

To grant a user the necessary permissions to run Wireshark, first log into your root account using the following command:

su

If you’ve forgotten your root password or never set one, you can establish a new one using the following command:

sudo passwd root

You can re-switch to the root account with the ‘su’ command. With root access, you can now add your user to the ‘wireshark’ group:

usermod -a -G wireshark _your_username_

Replace <your_username> With your actual username. For example:

usermod -a -G wireshark joshua

After adding your user to the ‘wireshark’ group, you can return to your regular account:

su <account name>

Replace <account_name> with your actual account name. For example:

su joshua

A system reboot can be convenient if you encounter any issues or anomalies with running processes post-installation. Launching Wireshark before adjusting the privileges can also circumvent potential issues.

Launch Wireshark via CLI or GUI

Now that you have the Wireshark installed, launching can be done in a few options.

CLI Command to Launch Wireshark GUI

First, if your terminal is open, you can launch the application immediately with the following command.

wireshark

GUI Application Icon Launch Path for Wireshark

However, loading the terminal can be a pain for desktop users, but it is much easier to launch using the application icon, which you can pin to your taskbar if necessary for even quicker access.

Activities  > Show Applications > Wireshark

Managing Wireshark

Update Wireshark

Maintaining your Wireshark installation with the latest updates is vital for several reasons. Updates can offer enhanced features, resolve software bugs, or patch potential security vulnerabilities.

You can start the update process with the following command:

sudo apt update

This command updates the list of available software and their versions from the repositories defined in your system. It tells your system, “Look for updates for all the software you have installed, including Wireshark.”

To proceed with upgrading your APT packages, run the following command:

sudo apt upgrade

Remove Wireshark

There may come a time when you no longer require Wireshark on your system. If so, the software can be removed cleanly and effectively, freeing up system resources.

The removal of Wireshark is performed with this command:

sudo apt remove wireshark

By executing this command, you’re instructing your system to remove the Wireshark software while leaving behind configuration files if you decide to install the software again.

Remove the Wireshark PPA

If you initially installed Wireshark through a Personal Package Archive (PPA), it’s a best practice and a security measure to remove the PPA from your system after uninstalling the software.

The PPA can be removed with the following command:

sudo add-apt-repository --remove ppa:wireshark-dev/stable -y

Executing this command tells your system to no longer consider the Wireshark PPA as a source of software. This reduces the risk of malicious software being introduced to your system via this PPA.

Closing Conclusion

With Wireshark installed on your Ubuntu system using either the default repository or the Wireshark Developers Team PPA, you can effectively monitor and analyze network traffic. The default repository offers a stable and straightforward installation, while the PPA provides access to the latest features and improvements. Regular updates, especially when using the PPA, will ensure that your Wireshark installation remains up-to-date, enabling you to keep pace with the latest developments in network analysis tools. Enjoy the detailed insights and powerful capabilities that Wireshark brings to your network monitoring tasks on Ubuntu.

2 thoughts on “How to Install Wireshark on Ubuntu 24.04, 22.04 or 20.04”

Leave a Comment