Wireshark is a network protocol analyzer that captures and inspects network traffic in real time. Network administrators use it to troubleshoot connectivity issues, security professionals rely on it for forensic analysis and intrusion detection, and developers use it to debug application protocols. By the end of this guide, you will have Wireshark installed on Ubuntu with proper permissions configured to capture packets as a non-root user.
Ubuntu provides Wireshark through its default repositories, making installation straightforward. For users on Ubuntu 22.04 LTS who want the latest features, the Wireshark Developers Team PPA offers newer versions. This guide covers both methods so you can choose the approach that best fits your needs.
Update Ubuntu Before Installing Wireshark
Before installing new software, update your package lists and upgrade existing packages to ensure compatibility. This prevents potential conflicts during installation:
sudo apt update && sudo apt upgradeChoose Your Wireshark Installation Method
Ubuntu offers two installation paths for Wireshark. The default APT repository provides a stable, distro-tested version that updates automatically with your system. Alternatively, the Wireshark Developers Team PPA backports newer releases from Debian. The table below compares both options:
| Method | Channel | Version | Updates | Best For |
|---|---|---|---|---|
| APT (Default) | Ubuntu Repos | Distro default | Automatic via apt upgrade | Most users who prefer stability |
| Wireshark PPA | Launchpad PPA | Latest stable | Automatic via apt upgrade | Ubuntu 22.04 users needing newer features |
This guide supports Ubuntu 22.04 LTS, 24.04 LTS, and 26.04 LTS installations. The Wireshark PPA provides newer versions primarily for Ubuntu 22.04 LTS. On Ubuntu 24.04 and newer, the default repository already includes recent Wireshark releases, making the PPA unnecessary for most users. Commands shown work identically on all supported LTS releases.
For most users, the APT method is recommended because it provides a stable, well-tested version that integrates seamlessly with your system updates. Only consider the PPA if you are running Ubuntu 22.04 LTS and specifically need features from a newer Wireshark release.
Method 1: Install Wireshark from Ubuntu Repository
The default Ubuntu repository includes Wireshark in the universe component, which is enabled by default on standard installations. This method requires no additional repository configuration and ensures your Wireshark installation receives security updates through the normal system update process. Install Wireshark with:
sudo apt install wiresharkMethod 2: Install Wireshark via PPA
The Wireshark Developers Team maintains a PPA that backports the latest stable releases from Debian packages. This option is primarily useful for Ubuntu 22.04 LTS users who want access to newer Wireshark features without upgrading their entire system. First, add the PPA to your system:
sudo add-apt-repository ppa:wireshark-dev/stable -yAfter adding the repository, update your package list and install Wireshark:
sudo apt update && sudo apt install wiresharkConfigure Non-Root Packet Capture
During installation, a dialog asks whether non-superusers should be able to capture packets. This question determines how the dumpcap utility (which performs the actual packet capture) handles permissions. If you select “Yes,” members of the wireshark group can capture packets without running Wireshark as root.
If you selected “No” during installation or want to reconfigure this setting later, run the following command:
sudo dpkg-reconfigure wireshark-commonSelect “Yes” when prompted, then add your user account to the wireshark group. Replace your_username with your actual username:
sudo usermod -aG wireshark your_usernameFor example, if your username is joshua:
sudo usermod -aG wireshark joshuaThe group membership change takes effect after you log out and log back in. Alternatively, you can apply the change immediately in your current terminal session with:
newgrp wiresharkVerify your group membership with:
groupsThe output should include wireshark in the list of groups:
joshua adm cdrom sudo dip plugdev lpadmin sambashare wireshark
Verify Wireshark Installation
After installation, confirm Wireshark is properly installed by checking its version:
wireshark --versionExpected output on Ubuntu 26.04 LTS:
Wireshark 4.6.2 (Git v4.6.2) Copyright 1998-2025 Gerald Combs <gerald@wireshark.org> and contributors. Licensed under the terms of the GNU General Public License (version 2 or later).
The version number varies by Ubuntu release and installation method. Ubuntu 22.04 with APT shows version 3.6.x, while the PPA provides 4.0.x. Ubuntu 24.04 and 26.04 include version 4.2.x and 4.6.x respectively.
Launch Wireshark
With Wireshark installed and permissions configured, you can now launch the application. There are two common methods depending on your workflow.
Launch from Terminal
If you are already working in a terminal, launch Wireshark directly:
wiresharkThe Wireshark window opens and displays available network interfaces for capture. If you added yourself to the wireshark group and logged back in, the interfaces appear without permission errors.
Launch from Application Menu
For desktop users, launch Wireshark through your application menu. Navigate to Activities (or press the Super key), search for “Wireshark,” and click the application icon. You can pin it to your dock or favorites for quick access.
Manage Wireshark
This section covers common management tasks including updating and removing Wireshark.
Update Wireshark
Wireshark receives updates through your package manager along with other system packages. To check for and install updates for Wireshark specifically:
sudo apt update
sudo apt install --only-upgrade wiresharkThis command updates only Wireshark without triggering a full system upgrade, which is useful when you want to apply a security patch quickly.
Remove Wireshark
If you no longer need Wireshark, remove the package and its dependencies:
sudo apt remove --purge wireshark wireshark-common
sudo apt autoremoveThe --purge flag removes configuration files along with the package. The autoremove command cleans up any orphaned dependencies that were installed with Wireshark but are no longer needed.
Remove the PPA
If you installed Wireshark from the PPA, remove the repository after uninstalling to prevent your package manager from checking an unnecessary source:
sudo add-apt-repository --remove ppa:wireshark-dev/stable -y
sudo apt updateThe apt update command refreshes your package cache after removing the repository. Verify the removal by confirming Wireshark is no longer listed:
apt-cache policy wiresharkAfter successful removal, the output shows that Wireshark is not installed and only the default repository version is available (or no candidate if you also removed the PPA).
Troubleshoot Common Issues
This section addresses common problems you may encounter when using Wireshark on Ubuntu.
No Interfaces Available for Capture
If Wireshark shows no network interfaces or displays “permission denied” errors, the most common cause is that your user is not in the wireshark group. First, check your group membership:
groups | grep wiresharkIf you do not see wireshark in the output, add yourself to the group:
sudo usermod -aG wireshark $USERThen log out and log back in for the change to take effect. If you already added yourself to the group but still see no interfaces, verify that dumpcap has the correct capabilities:
getcap /usr/bin/dumpcapExpected output:
/usr/bin/dumpcap cap_net_admin,cap_net_raw=eip
If the capabilities are missing, reconfigure wireshark-common:
sudo dpkg-reconfigure wireshark-commonSelect “Yes” to allow non-superusers to capture packets, then log out and back in.
Wireshark Crashes on Launch
If Wireshark crashes immediately after launch, try running it from the terminal to see error messages:
wireshark 2>&1 | head -20Common causes include corrupted configuration files or graphics driver issues. You can reset Wireshark’s configuration by removing its profile directory:
mv ~/.config/wireshark ~/.config/wireshark.backupThis renames your existing configuration so Wireshark creates fresh defaults on next launch. If the issue was configuration-related, Wireshark should now start normally.
Conclusion
You now have Wireshark installed on Ubuntu with non-root capture permissions configured. The default APT installation suits most users, while the PPA provides access to newer versions on Ubuntu 22.04 LTS. With your user added to the wireshark group, you can capture and analyze network traffic to troubleshoot connectivity issues, examine protocol behavior, or investigate security incidents. For network scanning and port discovery, consider pairing Wireshark with Nmap on Ubuntu for comprehensive network analysis.
Concise and clear
Perfect. Thank you for this tutorial.