How to Install Wireshark on Ubuntu 26.04, 24.04 and 22.04

Packet captures are one of the fastest ways to tell whether a problem lives in the network, the firewall, or the application itself. To install Wireshark on Ubuntu, the cleanest path is Ubuntu’s own APT package, while the Wireshark developers PPA only matters on the releases where Ubuntu ships an older branch. The package installs from the terminal on desktop and server images, but the Wireshark GUI still needs an active graphical session.

If you are looking for a Wireshark download on Ubuntu, stick with the package-managed route instead. Ubuntu 26.04 (Resolute Raccoon) ships Wireshark 4.6.x in Universe, Ubuntu 24.04 (Noble Numbat) ships 4.2.x, and Ubuntu 22.04 (Jammy Jellyfish) stays on 3.6.x, so the PPA is most useful on Ubuntu 24.04 and 22.04 when you want the newer 4.6.x branch.

Install Wireshark on Ubuntu

Start with a package refresh so APT sees the current Universe package and any newer PPA candidate you decide to use.

sudo apt update && sudo apt upgrade -y

These commands use sudo for system-wide package management. If your account does not have sudo access yet, follow the guide on how to add a new user to sudoers on Ubuntu or run the commands from an account that already has administrative rights.

Wireshark comes from Ubuntu’s Universe component. Standard desktop installs usually have Universe enabled already, but if apt cannot find the package, enable Universe and Multiverse on Ubuntu first. Only Universe is required for Wireshark, but the linked guide also explains Ubuntu’s other optional repository components.

These two methods cover every supported Ubuntu LTS release. The default package is the best fit on Ubuntu 26.04, while the PPA upgrades Ubuntu 24.04 and 22.04 to the current 4.6.x branch.

Method	Channel	Version	Updates	Best For
APT (Default)	Ubuntu Universe	Distribution default	Automatic via apt upgrade	The simplest supported path on every Ubuntu LTS release
Wireshark PPA	Launchpad PPA	Latest stable on 24.04 and 22.04	Automatic via apt upgrade	Ubuntu 24.04 and 22.04 users who want the newer 4.6.x branch

Keep the default repository on Ubuntu 26.04. Resolute already ships Wireshark 4.6.4, while the current PPA build for 26.04 is 4.6.3. On Ubuntu 24.04 and 22.04, the same PPA upgrades Wireshark to 4.6.4.

Most readers should stay with Ubuntu’s own package. Switch to the PPA only when the newer 4.6.x branch matters more than sticking with Ubuntu’s default build.

Method 1: Install Wireshark from the Ubuntu Repository

This is the default path on every supported Ubuntu LTS release, and it is the right choice on Ubuntu 26.04 because the distro package is already current.

sudo apt install wireshark -y

The -y flag confirms APT’s install prompt automatically. If you also want terminal-only captures, install tshark separately; on current Ubuntu LTS releases, apt install wireshark does not pull in the standalone tshark package.

Method 2: Install Wireshark from the Developers PPA

Use the developers PPA on Ubuntu 24.04 or 22.04 when you want Wireshark 4.6.x instead of the older Ubuntu package. Skip this method on Ubuntu 26.04, because Resolute already ships Wireshark 4.6.4 and the current PPA build trails it slightly.

Standard Ubuntu desktops already include add-apt-repository, but minimal images may need the helper package first.

If add-apt-repository is missing, install software-properties-common before you continue.

sudo apt install software-properties-common -y

Once the helper exists, add the Wireshark developers PPA.

sudo add-apt-repository ppa:wireshark-dev/stable -y

Refresh APT and confirm that the PPA candidate is higher than Ubuntu’s own package before you install it.

sudo apt update && apt-cache policy wireshark

Relevant output on Ubuntu 24.04 includes the higher candidate below. The full version table should also list the PPA URL above Ubuntu’s own noble/universe package.

wireshark:
Installed: (none)
Candidate: 4.6.4-1~ubuntu24.04.0~ppa1

Install the PPA build once the candidate looks correct.

sudo apt install wireshark -y

Configure Non-Root Packet Capture for Wireshark on Ubuntu

During installation, Ubuntu asks whether non-superusers should be able to capture packets. That choice controls the permissions on dumpcap, the helper Wireshark uses for packet capture.

If you selected No during installation, or if you want to revisit the setting later, rerun the package configuration dialog.

sudo dpkg-reconfigure wireshark-common

Select Yes in the dialog, then append your account to the wireshark group.

sudo usermod -aG wireshark $USER

The -aG flags append the wireshark group to your existing supplementary groups. Do not drop the -a flag, because usermod -G by itself replaces your current group list. The $USER variable expands to your current login name automatically.

Log out and back in to refresh every desktop process, or open a new shell with the updated group immediately.

newgrp wireshark

After re-logging or running newgrp, confirm that your account can actually see the capture group. The final filter uses the grep command in Linux to keep the output to the single group name.

id -nG "$USER" | tr ' ' '\n' | grep -Fx wireshark

wireshark

Next, confirm that dumpcap still has the packet-capture capabilities required for non-root use.

getcap /usr/bin/dumpcap

/usr/bin/dumpcap cap_net_admin,cap_net_raw=eip

Verify the Wireshark Installation on Ubuntu

Once the package and permissions are in place, confirm the installed Wireshark version.

wireshark --version

Relevant output on Ubuntu 26.04 includes:

Wireshark 4.6.4.

Ubuntu 24.04 prints Wireshark 4.2.2 from the default repository or 4.6.4 from the PPA. Ubuntu 22.04 prints 3.6.2 from the default repository or 4.6.4 from the PPA.

Launch Wireshark on Ubuntu

Launch the GUI only from a desktop session. If you are working on a headless Ubuntu host or over plain SSH, install tshark instead of trying to start the Wireshark interface without a display server.

Launch Wireshark from the Terminal

If you are already in a desktop terminal, start Wireshark directly. The wireshark command opens the graphical interface, while tshark is the separate terminal capture tool.

wireshark

An empty interface list usually means the wireshark group or the dumpcap capabilities still need attention.

Launch Wireshark from the Application Menu

For desktop users, open Activities, search for Wireshark, and launch it from the application menu. You can pin it to the dock or favorites once the icon appears.

Update or Remove Wireshark on Ubuntu

APT handles both the default package and the PPA build, so update and removal steps stay almost identical after installation.

Update Wireshark on Ubuntu

Refresh package metadata and upgrade only Wireshark when you want the latest build from your current source without running a full distribution upgrade.

sudo apt update && sudo apt install --only-upgrade wireshark

Remove Wireshark on Ubuntu

Remove the Wireshark package and its common files first.

sudo apt remove --purge wireshark wireshark-common

The --purge flag removes package-managed configuration files along with the package. After that, review any leftover libraries APT suggests and clean them up with:

sudo apt autoremove

Remove the Wireshark PPA on Ubuntu

If you used the developers PPA on Ubuntu 24.04 or 22.04, remove the source after the package is gone so APT stops checking it.

sudo add-apt-repository --remove ppa:wireshark-dev/stable -y
sudo apt update

After that, apt-cache policy should fall back to Ubuntu’s own Universe package candidate.

apt-cache policy wireshark

Expected output on Ubuntu 24.04 after removing both the package and the PPA:

wireshark:
  Installed: (none)
  Candidate: 4.2.2-1.1build3
  Version table:
     4.2.2-1.1build3 500
        500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages

Package removal does not automatically delete your personal Wireshark profiles. The main per-user directory is usually ~/.config/wireshark, and extra cache or share directories can appear later.

find "$HOME" -maxdepth 3 \( -path "$HOME/.config/wireshark" -o -path "$HOME/.local/share/wireshark" -o -path "$HOME/.cache/wireshark" \) -print

Delete only the paths that the command prints and that you no longer need.

Troubleshoot Wireshark on Ubuntu

Most launch and capture problems come down to permissions or a damaged per-user profile.

Fix Missing Capture Interfaces in Wireshark on Ubuntu

If the capture list is empty, start by checking whether your current login session actually sees the wireshark group.

id -nG "$USER" | tr ' ' '\n' | grep -Fx wireshark

wireshark

If the command prints nothing, rerun sudo usermod -aG wireshark $USER, then log out and back in or start a new shell with newgrp wireshark. If the group is present but captures still fail, recheck dumpcap:

getcap /usr/bin/dumpcap

/usr/bin/dumpcap cap_net_admin,cap_net_raw=eip

Fix Wireshark Launch Problems on Ubuntu

A stale profile directory is a common reason the GUI opens and closes immediately. Rename the saved profile so Wireshark can build a clean one on the next launch.

mv ~/.config/wireshark ~/.config/wireshark.backup

Launch Wireshark again after the rename. If it opens normally, compare the new profile with the backup before copying any custom settings back.

Wireshark on Ubuntu FAQ

Conclusion

Wireshark is ready on Ubuntu with non-root capture enabled, so you can inspect packets without launching the GUI as root. To widen the workflow, install Nmap on Ubuntu first, then keep a few Nmap scanning commands nearby before you move back into packet analysis.