Fedora

How to Install Wireshark on Fedora 44

Last updated Friday, May 15, 2026 1:33 pm Joshua James 5 min read
Wireshark network analyzer logo alongside Fedora Linux logo on tech background

Packet captures are often the fastest way to tell whether a problem lives in DNS, TCP, TLS, a firewall rule, or the application itself. To install Wireshark on Fedora, use Fedora’s DNF package when you need live capture support; it installs the desktop analyzer and the command-line tools that handle packet capture and terminal analysis.

Fedora’s repository package is the practical choice for live interface captures because it includes the wireshark-cli dependency, including tshark, dumpcap, and related utilities. A Wireshark Flatpak on Flathub exists, but Flathub labels it as a build without capture support, so use it only for opening existing capture files.

Capture only on networks and interfaces you own or have permission to monitor. Packet captures can expose credentials, hostnames, private traffic, and application data.

Install Wireshark on Fedora

Update Fedora Before Installing Wireshark

Refresh Fedora’s package metadata and apply pending updates before installing Wireshark. This keeps DNF working from the newest repository state and avoids mixing the analyzer with older desktop or Qt libraries.

sudo dnf upgrade --refresh

Install Wireshark with DNF

Install the Fedora package from the official repositories:

sudo dnf install wireshark

The wireshark package installs the graphical application, and Fedora pulls in wireshark-cli as a dependency. That CLI package provides tshark, dumpcap, editcap, mergecap, and capinfos. If you searched for a separate tshark package, use wireshark-cli on Fedora instead.

If you were looking for a Wireshark download for Fedora, prefer the DNF package over a standalone RPM unless you have a specific maintenance reason. DNF keeps the analyzer, capture helper, Qt libraries, and CLI tools updated together.

Only install the development headers if you build custom dissectors or compile software against Wireshark libraries:

sudo dnf install wireshark-devel

Verify the Wireshark Packages

Confirm that the desktop and CLI packages are installed:

rpm -q --qf '%{NAME}\n' wireshark wireshark-cli

Expected output:

wireshark
wireshark-cli

Check that the main desktop and capture utilities resolve from your shell:

command -v wireshark tshark dumpcap

Expected output:

/usr/bin/wireshark
/usr/bin/tshark
/usr/bin/dumpcap

Configure Wireshark Capture Permissions on Fedora

Fedora installs dumpcap with capture capabilities and restricts direct access to members of the wireshark group. Add your normal user to that group so Wireshark and TShark can list interfaces without running the whole application as root.

sudo usermod -aG wireshark "$USER"

The -aG flags append the group to your account instead of replacing your other supplementary groups. Log out of Fedora completely, then sign back in so the new group membership reaches your desktop session and terminals.

For a terminal-only check before signing out, start a temporary shell with the new group:

newgrp wireshark

Use that shell for dumpcap or tshark tests, then type exit when finished. Sign out and back in before relying on the desktop launcher or other already-running graphical processes.

After signing back in, verify that the active session includes the wireshark group:

id -nG | tr ' ' '\n' | grep '^wireshark$'

Expected output:

wireshark

List capture interfaces without sudo to confirm the permission change:

dumpcap -D

Example output:

1. ens160
2. any
3. lo (Loopback)

Your interface names will differ, especially on laptops, virtual machines, and systems with wireless adapters.

Launch Wireshark on Fedora

Launch Wireshark from Activities

Open Activities, search for “Wireshark,” and launch the application. The Fedora package installs the desktop file as org.wireshark.Wireshark.desktop, so the launcher should appear after the package transaction finishes.

Example Wireshark welcome screen showing the capture interface list on Fedora
Example Wireshark welcome screen showing where available capture interfaces appear; visible version numbers vary by Fedora release.

Launch Wireshark from Terminal

Start the graphical analyzer from a terminal when you want to see launch messages or pass Wireshark options manually:

wireshark

Use TShark for Command-Line Captures

TShark is Wireshark’s terminal analyzer. On Fedora Server, minimal installs, or SSH-only systems, use TShark after the same wireshark group setup instead of trying to launch the desktop UI. List interfaces first, then capture from the interface that matches the traffic you want to inspect.

tshark -D

Capture from an interface for ten seconds by name. Replace ens160 with the interface shown on your Fedora system:

tshark -i ens160 -a duration:10

To save a short capture for later inspection in Wireshark, write pcapng output instead of printing packet summaries:

tshark -i ens160 -a duration:10 -w wireshark-capture.pcapng

Use this only for traffic you are authorized to inspect. For active host discovery before a packet capture, install Nmap on Fedora, then use a focused scan before opening a live capture.

Manage Wireshark on Fedora

Update Wireshark

Fedora delivers Wireshark updates through the normal DNF repositories. Apply system updates to receive new protocol support, bug fixes, and security updates:

sudo dnf upgrade --refresh

Remove Wireshark

If you added your user to the wireshark group and no longer need packet capture access, remove that membership before uninstalling the packages:

sudo gpasswd -d "$USER" wireshark

Remove the desktop and CLI packages:

sudo dnf remove wireshark wireshark-cli

If you installed the optional development package, remove it as well:

sudo dnf remove wireshark-devel

Verify that the main packages are no longer installed:

rpm -q wireshark wireshark-cli

Expected output after removal:

package wireshark is not installed
package wireshark-cli is not installed

DNF removes the unused dependencies from this install transaction automatically when they are no longer required by another package. Avoid running a broad dnf autoremove unless you have reviewed the proposed removal list.

Package removal leaves your personal Wireshark profiles and preferences in your home directory. Check for that directory before deleting it:

if [ -d ~/.config/wireshark ]; then printf '%s\n' "$HOME/.config/wireshark"; fi

The next command permanently deletes Wireshark preferences, profiles, and display-filter history for this Linux account. Back up anything you still need before running it.

rm -rf ~/.config/wireshark

Troubleshoot Wireshark on Fedora

No Capture Interfaces or Permission Denied

If Wireshark shows no capture interfaces, or TShark cannot start a capture, first check whether your current login session has the wireshark group. A terminal permission failure can look like this:

bash: /usr/bin/dumpcap: Permission denied

Check your active groups:

id -nG | tr ' ' '\n' | grep '^wireshark$'

If the command prints nothing, add the group membership again, log out completely, and sign back in:

sudo usermod -aG wireshark "$USER"

After the new login, verify the capture interfaces without sudo:

dumpcap -D

TShark Command Not Found

Fedora provides TShark through wireshark-cli, not a package named tshark. If tshark is missing after a partial install or cleanup, check the package state:

rpm -q wireshark-cli

If Fedora reports that wireshark-cli is not installed, install it directly:

sudo dnf install wireshark-cli

Selected Interface Shows No Useful Traffic

If interfaces appear but the capture looks empty, confirm that you selected the active interface. Virtual machines, VPNs, bridges, USB adapters, and wireless devices can all create extra interface names.

ip -brief link

Choose an interface marked UP, then generate a small amount of allowed traffic such as loading a trusted website or pinging your router. If you are investigating whether a host firewall rule blocks a service, compare the capture with Fedora’s firewall state instead of assuming Wireshark alone proves the policy.

Wireshark Opens with Broken Preferences

If Wireshark opens with a broken layout, stale filters, or startup errors after an upgrade, move your user preferences aside and start with a clean profile:

mv ~/.config/wireshark ~/.config/wireshark.backup.$(date +%Y%m%d-%H%M%S)

Launch Wireshark again. If the problem disappears, copy only the profiles, color filters, or display filters you still need from the backup directory.

Conclusion

Wireshark is installed from Fedora’s repositories with live capture access handled through the wireshark group, and TShark is available for terminal captures when a GUI is not the right fit. Pair packet captures with Nmap scanning commands when you need to discover hosts first, then use Wireshark to inspect the traffic in detail.

Follow LinuxCapable

Want more LinuxCapable guides in Google?

Add LinuxCapable as a preferred source so Google can show more of our fresh Linux tutorials in Top Stories and From your sources when relevant.

Add LinuxCapable as a preferred source on Google
Search LinuxCapable

Need another guide?

Search LinuxCapable for package installs, commands, troubleshooting, and follow-up guides related to what you just read.

Found this guide useful?

Support LinuxCapable to keep tutorials free and up to date.

Buy me a coffeeBuy me a coffee
Before commenting, please review our Comments Policy.
Formatting tips for your comment

You can use basic HTML to format your comment. Useful tags currently allowed in published comments:

You type Result
<code>command</code> command
<strong>bold</strong> bold
<em>italic</em> italic
<blockquote>quote</blockquote> quote block

Got a Question or Feedback?

We read and reply to every comment - let us know how we can help or improve this guide.

Let us know you are human: