Wireshark is the leading open-source network protocol analyzer, widely used for capturing and inspecting network traffic in real time. Network administrators rely on it to diagnose connectivity issues, security professionals use it for auditing and intrusion detection, and developers find it invaluable for debugging protocol implementations. Whether you need to troubleshoot slow connections, analyze suspicious traffic patterns, or understand how applications communicate over the network, Wireshark provides the depth and flexibility to examine packets down to individual bytes.
This guide walks through installing Wireshark on Fedora using the DNF package manager. By the end, you will have a fully functional Wireshark installation with proper permissions configured for packet capture, ready to monitor and analyze network traffic on your system.
Update Fedora Packages Before Wireshark Installation
First, update your Fedora system packages to ensure compatibility and prevent conflicts. Fedora frequently updates its repositories, so starting with a fresh package index avoids version mismatch issues during installation.
Run the following command in your terminal:
sudo dnf upgrade --refreshThis command refreshes the repository metadata and upgrades all installed packages to their latest versions.
Install Wireshark with DNF
Wireshark is available in Fedora’s official repositories, which simplifies installation and ensures you receive security updates automatically. The wireshark package provides the graphical interface, while its dependency wireshark-cli includes command-line tools like tshark, dumpcap, and editcap for scripted or headless packet analysis.
Install Wireshark with the following command:
sudo dnf install wiresharkIf you plan to develop Wireshark plugins or need the development headers for building custom dissectors, you can also install the development package:
sudo dnf install wireshark-develAfter installation completes, verify the installed version to confirm everything worked correctly:
wireshark --versionThe output displays version information and compile-time features:
Wireshark 4.x.x (Git commit xxxxxxxx). Copyright 1998-2025 Gerald Combs <gerald@wireshark.org> and contributors. Licensed under the terms of the GNU General Public License (version 2 or later). ...
A Flatpak version of Wireshark exists on Flathub, but it does not support live packet capture due to sandboxing limitations. For full functionality including network capture, use the DNF installation method described above.
Add Your User to the Wireshark Group
By default, capturing network packets requires root privileges. However, Wireshark creates a dedicated wireshark group during installation that grants capture permissions to its members. Adding your user account to this group allows you to run Wireshark without elevated privileges, which is both more convenient and more secure than running as root.
Add your username to the wireshark group using the $USER environment variable, which automatically substitutes your current username:
sudo usermod -aG wireshark $USERThe -aG flags append the group to your existing group memberships without removing you from other groups. Next, verify that your user has been added to the group:
groups $USERThe output should include wireshark among your groups:
username : username wheel wireshark
Important: Group membership changes only take effect after you log out and log back in. Alternatively, you can reboot your system. Until you do this, Wireshark will display “No interfaces found” errors when attempting to capture packets.
Launch Wireshark
Launch Wireshark from Terminal
If you prefer working from the command line, you can start Wireshark directly from your terminal. This method is useful when you want to pass command-line options or capture specific interfaces immediately:
wiresharkFor headless servers or scripted packet capture, use TShark instead. TShark provides the same protocol analysis capabilities as Wireshark but runs entirely in the terminal:
tshark -i eth0 -c 100This command captures 100 packets on the eth0 interface. Replace eth0 with your actual interface name (use ip link show to list available interfaces).
Launch Wireshark from Applications Menu
For desktop users, Wireshark integrates with GNOME’s application launcher. Open Activities, search for “Wireshark,” and click the application icon to launch it.
Manage Wireshark
Update Wireshark
Wireshark receives regular updates that include new protocol dissectors, security patches, and performance improvements. Since you installed Wireshark from the Fedora repository, updates arrive automatically with your system updates.
To check for and apply updates:
sudo dnf upgrade --refreshThis command refreshes the repository metadata and upgrades all packages, including Wireshark, to their latest versions.
Remove Wireshark
If you no longer need Wireshark on your system, you can remove it along with any unused dependencies that were installed with it.
Remove the main package:
sudo dnf remove wiresharkIf you also installed the development package, remove it as well:
sudo dnf remove wireshark-develNext, clean up any orphaned dependencies that were automatically installed with Wireshark but are no longer needed:
sudo dnf autoremoveFinally, verify that Wireshark has been completely removed:
rpm -q wiresharkIf the removal was successful, you will see:
package wireshark is not installed
Troubleshoot Common Wireshark Issues
No Interfaces Found or Permission Denied
If Wireshark displays “No interfaces found” or you receive permission errors when trying to capture packets, your user is likely not in the wireshark group, or you have not logged out since adding yourself to the group.
First, verify your group membership:
groups $USER | grep wiresharkIf wireshark does not appear in the output, add your user to the group as described earlier. If wireshark does appear but you still cannot capture, log out completely and log back in, or reboot your system to apply the group change.
Capture Interface Shows No Traffic
If you can see interfaces but no packets appear during capture, ensure you have selected the correct network interface. On Fedora, common interface names include enp0s3 for Ethernet and wlp2s0 for wireless. You can list available interfaces from the terminal:
ip link showThe output lists all network interfaces on your system:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
Additionally, verify that firewalld is not blocking traffic you expect to see. For related network security tools that complement Wireshark, see our guide on installing Nmap on Fedora for network scanning and host discovery.
Wireshark Crashes on Startup
If Wireshark crashes immediately after launching, there may be a conflict with your display server or outdated configuration files. Try launching from terminal to see error messages:
wireshark 2>&1 | head -20If errors mention Qt or display issues, removing cached settings often resolves the problem.
The following command removes your Wireshark preferences, custom color filters, and display settings. Capture files stored elsewhere remain unaffected.
rm -rf ~/.config/wiresharkThis removes your Wireshark preferences but preserves capture files. After clearing the configuration, launch Wireshark again.
Conclusion
You now have Wireshark installed and configured for packet capture on Fedora. With proper group permissions in place, you can analyze network traffic without running as root, which improves both security and convenience. Regular updates through DNF keep your installation current with the latest protocol support and security fixes. For deeper network analysis, consider pairing Wireshark with Nmap scanning techniques to identify hosts and services before examining their traffic patterns.