Wireshark is a powerful and popular network communication tool that allows viewing individual recorded data packets or sorting them according to specific content. This networking software lets you see what’s going on on your computer and helps easily take apart any encrypted messages sent around it by analyzing their contents. Examples include troubleshooting networks with performance issues and cybersecurity tracing connecting, viewing contents of suspect network transactions, and identifying bursts of network traffic for further analysis.
The following tutorial will teach you how to install WireShark on Fedora Linux using the command line terminal and how to configure and launch the application so you can begin monitoring your system.
Table of Contents
Recommend Steps Before Installation
First, ensure your system is up-to-date using the following terminal command; given how often Fedora updates packages, this can often be essential to avoid any conflicts.
sudo dnf upgrade --refresh
Install Wireshark on Fedora Linux
By default, Wireshark is available on Fedora’s repository, making the installation straightforward and keeping the software up-to-date without remembering to download packages or compile from scratch.
Use the following command to begin the installation.
sudo dnf install wireshark -y
Alternatively, you can also install the Wireshark developer (devel) package.
sudo dnf install wireshark-devel -y
Once the installation is complete, check if the installation was successful and what version of Wireshark is installed using the following command.
wireshark -v
Example output:
Wireshark 4.0.0 (Git commit 0cbe09cd796b).
Copyright 1998-2022 Gerald Combs <gerald@wireshark.org> and contributors.
Licensed under the terms of the GNU General Public License (version 2 or later).
This is free software; see the file named COPYING in the distribution. There is
NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Next, you must add your current username to the Wireshark user group, or else you will have insufficient permissions to run Wireshark, or else you may see an error like the one below when trying to start your first recording.
Couldn't run /usr/bin/dumpcap in child process: Permission denied
First, log into the root account.
su
For users who forgot their root password or have never set one, use the following command to set the root password.
sudo passwd root
Then re-use the su command.
Now, run the following command to give Wireshark the correction permission for the username you will be running Wireshark on.
usermod -a -G wireshark _your_username_
Example command with my username:
usermod -a -G wireshark joshua
Once done, relog back into your usual account.
su <account name>
Example command with my username:
su joshua
An alternative way is just using the following command.
sudo usermod -a -G wireshark _your_username_
Please note, on Fedora 37 only; I found I had to remove Wireshark and re-install it after sorting out the permissions for it to work; out of all Fedora releases, this is the only time I had to do this. This may not occur for you, but if it does, try doing this.
Launch Wireshark on Fedora Linux
Now that you have the Wireshark installed, launching can be done in a few options.
First, if your terminal is open, you can launch the application immediately with the following command.
wireshark
However, this can be a pain to load the terminal for desktop users, but it is much easier to launch using the application icon you can pin to your taskbar if required for even quicker access.
Activities > Show Applications > Wireshark.
Example:
Next, you will arrive at the default screen of Wireshark. From here, you can begin recording or configuring and play around to get a feel for what you can accomplish. You can start using Wireshark by clicking on the shark flipper icon in the top left-hand corner to start a recording session, and you can watch or continue working on your system.
Note you can filter traffic from recording sessions, such as a protocol, destination, etc., that you consider suspicious, which you can find in the “Record“ menu under the entry “Recording filter. “
Example:
Once running, you can see the below of recording in real time. I would highly recommend users visit the Wireshark Wiki. This contains information on how to use the application to diagnose problems or investigate your system better for whatever purpose you seek from Wireshark.
Update Wireshark on Fedora Linux
For future updates for Wireshark, since it has been installed from Fedora’s default repository, you will need to run the standard upgrade and update command.
sudo dnf upgrade --refresh
Remove Wireshark on Fedora Linux
Using the following command, you can remove the software for users who no longer require Wireshark.
sudo dnf autoremove wireshark -y
This will also remove all unused dependencies and clean up your system.