Wireshark is a vital tool for network analysis, offering in-depth insights into network activities. This guide will help install Wireshark on Ubuntu 22.04 Jammy Jellyfish or Ubuntu 20.04 Focal Fossa LTS.
- Packet Analysis: Dissects network protocols for detailed analysis.
- Real-Time and Offline: Allows both live monitoring and data review.
- User Interfaces: Offers both a GUI and a CLI for user flexibility.
- Filtering: Enables focus on specific network details.
- Protocol Support: Compatible with over 2,000 network protocols.
Wireshark is cross-platform and user-friendly, with multiple installation options to suit various needs. The upcoming guide will provide steps for installing Wireshark on Ubuntu using the standard APT repository and an optional PPA for backports.
Table of Contents
Section 1: Install Wireshark on Ubuntu 22.04 or 20.04
Step 1: Updating Your Ubuntu System Before Wireshark Installation
The initial action to be taken is to ensure your Ubuntu system is up-to-date. This avoids any conflicts that could arise from outdated components during the installation process. The system and its software packages will be refreshed to their most recent versions by executing the following command in your terminal.
sudo apt update && sudo apt upgrade
Step 2: Determining Your Preferred Wireshark Installation Method on Ubuntu
At this junction, you have two options for installing Wireshark, each with distinct benefits and considerations.
Method 1: Install Wireshark from the Ubuntu Repository
Wireshark is included by default in Ubuntu’s software repository. This simplifies the installation process, as you need not manually download packages or compile from the source. Additionally, this method ensures your Wireshark installation stays updated automatically with your system updates. To install Wireshark using this method, you can execute the following command:
sudo apt install wireshark
Method 2: Install Wireshark via Wireshark Developers Team PPA on Ubuntu
The second installation method introduces the usage of the Personal Package Archive (PPA) maintained by the Wireshark Developers Team. This method is beneficial if you’re running an older Ubuntu system, such as Ubuntu 20.04 LTS, which may have an out-of-date version of Wireshark. The PPA backports the latest stable releases of Wireshark from Debian package versions, allowing you to enjoy the latest features and improvements.
To utilize this method, first import the PPA into your system with the following command:
sudo add-apt-repository ppa:wireshark-dev/stable -y
Then, update your system’s package list and proceed with the installation of Wireshark by executing the following command:
sudo apt update && sudo apt install wireshark
Finalize Wireshark Installation on Ubuntu 22.04 or 20.04
During the installation process, you may encounter a prompt asking if you want non-superusers to be able to run Wireshark. This is related to the system permissions necessary for running the application. If you choose not to grant this access, you must add each user individually to the ‘wireshark’ user group. Your choice here depends on your security requirements.
To grant a user the necessary permissions to run Wireshark, first log into your root account using the following command:
If you’ve forgotten your root password or never set one, you can establish a new one using the following command:
sudo passwd root
You can re-switch to the root account with the ‘su’ command. With root access, you can now add your user to the ‘wireshark’ group:
usermod -a -G wireshark _your_username_
<your_username> With your actual username. For example:
usermod -a -G wireshark joshua
After adding your user to the ‘wireshark’ group, you can return to your regular account:
su <account name>
<account_name> with your actual account name. For example:
A system reboot can be convenient if you encounter any issues or anomalies with running processes post-installation. Launching Wireshark before adjusting the privileges can also circumvent potential issues.
Section 2: Launch Wireshark on Ubuntu 22.04 or 20.04
Now that you have the Wireshark installed, launching can be done in a few options.
First, if your terminal is open, you can launch the application immediately with the following command.
However, this can be a pain to load the terminal for desktop users, but it is much easier to launch using the application icon that you can pin to your taskbar if required for even quicker access.
Activities > Show Applications > Wireshark.
Section 3: Tips on Getting Started with Wireshark on Ubuntu 22.04 or 20.04
Mastering the usage of Wireshark on Ubuntu Linux can unlock a wealth of data and insight into your network. To help you achieve this, we’ve put together some handy tips and recommendations that can significantly boost your understanding and productivity with this powerful network protocol analyzer.
- Learn the basics: Before diving into more complex tasks, make sure you have a solid understanding of basic networking concepts, such as IP addresses, TCP/IP protocols, UDP, HTTP, DNS, etc. This foundation will significantly enhance your ability to understand and interpret the data presented by Wireshark.
- Use filters: Wireshark comes equipped with a powerful filtering engine. Using display filters can help you focus on specific traffic, stripping away the noise and helping you zero in on the issue at hand. For example, to view only HTTP traffic, use the filter
- Save packet data: If you’re analyzing a particularly complex problem, saving your packet data for further review can be helpful. This allows you to revisit the problem later or share the data with others. Use
File > Save Asto store your packet data.
- Initiate a Recording Session: Begin using Wireshark by clicking on the shark fin icon in the top left-hand corner to start a recording session, and you can watch or continue working on your system.
- Apply Recording Filters: Furthermore, you can filter traffic from recording sessions, such as a protocol, destination, etc., that you consider suspicious. This option can be found in the “Capture” menu under the entry “Capture Filter. “
- Customize the Wireshark interface: Wireshark offers extensive customization options, allowing you to tweak the interface to suit your preferences. For instance, you can choose which columns of data are displayed, reorder them, or create your own custom columns. Explore the
Edit > Preferencesmenu to start personalizing your workspace.
- Use color coding: Color coding can significantly enhance your analysis efficiency. Wireshark allows you to create color rules for different types of traffic, making it easier to distinguish between them visually. You can access this feature via
View > Coloring Rules.
- Leverage the Wireshark Wiki and Community: The Wireshark Wiki is an excellent resource for learning more about the tool, as it’s full of tutorials and detailed documentation. Similarly, the Wireshark community is active and helpful, making it a great place to ask questions and learn from experienced users.
tsharkfor command-line analysis: If you prefer the command line or need to automate your packet analysis, consider learning
tshark, Wireshark’s command-line counterpart. It has many of the same features as Wireshark but is designed to be used in a terminal.
Section 4: Managing Wireshark on Ubuntu 22.04 or 20.04
Understanding how to manage Wireshark on Ubuntu Linux will enable you to ensure that your installation remains up-to-date and secure. This section will delve into the procedures for updating and removing Wireshark.
How to Update Wireshark on Ubuntu 22.04 or 20.04
Maintaining your Wireshark installation with the latest updates is vital for several reasons. Updates can offer enhanced features, resolve software bugs, or patch potential security vulnerabilities.
To update Wireshark, you’ll need to utilize Ubuntu’s package manager,
apt. This tool is responsible for handling software on your system. It allows you to install, update, and remove software in a structured manner.
You can start the update process with the following command:
sudo apt update
This command updates the list of available software and their versions from the repositories defined in your system. It tells your system, “Look for updates for all the software you have installed, including Wireshark.”
To proceed with upgrading your APT packages, run the following command:
sudo apt upgrade
How to Remove Wireshark on Ubuntu 22.04 or 20.04
There may come a time when you no longer require Wireshark on your system. If so, the software can be removed cleanly and effectively, freeing up system resources.
The removal of Wireshark is performed with this command:
sudo apt remove wireshark
By executing this command, you’re instructing your system to remove the Wireshark software while leaving behind configuration files if you decide to install the software again.
Remove the Wireshark PPA on Ubuntu 22.04 or 20.04
If you initially installed Wireshark through a Personal Package Archive (PPA), it’s a best practice and a security measure to remove the PPA from your system after uninstalling the software.
The PPA can be removed with the following command:
sudo add-apt-repository --remove ppa:wireshark-dev/stable -y
Executing this command tells your system to no longer consider the Wireshark PPA as a source of software. This reduces the risk of malicious software being introduced to your system via this PPA.
In this guide, we’ve taken a comprehensive journey through installing, launching, using, and managing Wireshark on Ubuntu Linux. We’ve discussed installation options, provided tips for getting started, and addressed key management tasks, such as updating and uninstalling the software. Through every step of the way, the aim has been to enhance your understanding and ability to navigate the world of network analysis with Wireshark on Ubuntu.