Wireshark is a powerful network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It is widely used by network administrators, security professionals, and developers for troubleshooting, analysis, and educational purposes. Wireshark provides a detailed view of network activity, making it an essential tool for anyone needing to analyze network packets or diagnose network issues.
On Ubuntu 24.04, 22.04, or 20.04, Wireshark can be installed via the command-line using two primary methods. The first method is through the Ubuntu default repository, which provides a stable version suitable for most users. Alternatively, for those who need the latest features and updates, you can install Wireshark via the Wireshark Developers Team PPA. This guide will cover both methods, allowing you to choose the best option for your needs.
Updating Your Ubuntu System Before Wireshark Installation
The initial action to be taken is to ensure your Ubuntu system is up-to-date. This avoids any conflicts that could arise from outdated components during the installation process. The system and its software packages will be refreshed to their most recent versions by executing the following command in your terminal.
sudo apt update && sudo apt upgrade
Determining Your Preferred Wireshark Installation Method
At this junction, you have two options for installing Wireshark, each with distinct benefits and considerations.
Method 1: Install Wireshark from the Ubuntu Repository
Wireshark is included by default in Ubuntu’s software repository. This simplifies the installation process, as you need not manually download packages or compile from the source. Additionally, this method ensures your Wireshark installation stays updated automatically with your system updates. To install Wireshark using this method, you can execute the following command:
sudo apt install wireshark
Method 2: Install Wireshark via Wireshark Developers Team PPA
The second installation method introduces the usage of the Personal Package Archive (PPA) maintained by the Wireshark Developers Team. This method is beneficial if you’re running an older Ubuntu system, such as Ubuntu 20.04 LTS, which may have an out-of-date version of Wireshark. The PPA backports the latest stable releases of Wireshark from Debian package versions, allowing you to enjoy the latest features and improvements.
To utilize this method, first import the PPA into your system with the following command:
sudo add-apt-repository ppa:wireshark-dev/stable -y
Then, update your system’s package list and proceed with the installation of Wireshark by executing the following command:
sudo apt update && sudo apt install wireshark
Finalize Wireshark Installation
During the installation process, you may encounter a prompt asking if you want non-superusers to be able to run Wireshark. This is related to the system permissions necessary for running the application. If you choose not to grant this access, you must add each user individually to the ‘wireshark’ user group. Your choice here depends on your security requirements.
To grant a user the necessary permissions to run Wireshark, first log into your root account using the following command:
su
If you’ve forgotten your root password or never set one, you can establish a new one using the following command:
sudo passwd root
You can re-switch to the root account with the ‘su’ command. With root access, you can now add your user to the ‘wireshark’ group:
usermod -a -G wireshark _your_username_
Replace <your_username> With your actual username. For example:
usermod -a -G wireshark joshua
After adding your user to the ‘wireshark’ group, you can return to your regular account:
su <account name>
Replace <account_name> with your actual account name. For example:
su joshua
A system reboot can be convenient if you encounter any issues or anomalies with running processes post-installation. Launching Wireshark before adjusting the privileges can also circumvent potential issues.
Launch Wireshark via CLI or GUI
Now that you have the Wireshark installed, launching can be done in a few options.
CLI Command to Launch Wireshark GUI
First, if your terminal is open, you can launch the application immediately with the following command.
wireshark
GUI Application Icon Launch Path for Wireshark
However, loading the terminal can be a pain for desktop users, but it is much easier to launch using the application icon, which you can pin to your taskbar if necessary for even quicker access.
Activities > Show Applications > Wireshark
Managing Wireshark
Update Wireshark
Maintaining your Wireshark installation with the latest updates is vital for several reasons. Updates can offer enhanced features, resolve software bugs, or patch potential security vulnerabilities.
You can start the update process with the following command:
sudo apt update
This command updates the list of available software and their versions from the repositories defined in your system. It tells your system, “Look for updates for all the software you have installed, including Wireshark.”
To proceed with upgrading your APT packages, run the following command:
sudo apt upgrade
Remove Wireshark
There may come a time when you no longer require Wireshark on your system. If so, the software can be removed cleanly and effectively, freeing up system resources.
The removal of Wireshark is performed with this command:
sudo apt remove wireshark
By executing this command, you’re instructing your system to remove the Wireshark software while leaving behind configuration files if you decide to install the software again.
Remove the Wireshark PPA
If you initially installed Wireshark through a Personal Package Archive (PPA), it’s a best practice and a security measure to remove the PPA from your system after uninstalling the software.
The PPA can be removed with the following command:
sudo add-apt-repository --remove ppa:wireshark-dev/stable -y
Executing this command tells your system to no longer consider the Wireshark PPA as a source of software. This reduces the risk of malicious software being introduced to your system via this PPA.
Closing Conclusion
With Wireshark installed on your Ubuntu system using either the default repository or the Wireshark Developers Team PPA, you can effectively monitor and analyze network traffic. The default repository offers a stable and straightforward installation, while the PPA provides access to the latest features and improvements. Regular updates, especially when using the PPA, will ensure that your Wireshark installation remains up-to-date, enabling you to keep pace with the latest developments in network analysis tools. Enjoy the detailed insights and powerful capabilities that Wireshark brings to your network monitoring tasks on Ubuntu.
Concise and clear
Perfect. Thank you for this tutorial.