How to install WireShark on Linux (CentOS/Ubuntu)
In our previous tutorial, we have learned about using tcpdump command to collect network packets for analysing/troubleshooting. But it can be a tiresome task to analyse all these network logs via CLI. But that’s not the only option, we can also install Wireshark, which has a GUI along with lots of features & makes it easy to capture & analyse the network packets.
Wireshark is free & Open source network packet analyser that is used for network analysis, troubleshooting etc. Wireshark is a cross platform software that is available for various Linux/UNIX distributions, Mac-OS , Solaris, BSD & Windows etc. It uses GTK for implement user interface & captures packets using PCAP.
Wireshark is quite similar to tcpdump, the major difference between the two is that wireshark has graphical interface with built in filtering options, which make is easy to use. Wireshark provides a number features, some of those features are,
– Live packet capture & offline analysis,
– A number of display filters,
– Support for hundreds of protocol,
– Rich VOIP analysis,
– Read/write feature a various file formats ,
– Live data can be read from ethernet port, blutooth, USB, Token rings tec
In this tutorial, we will learn to install Wireshark on CentOS & Ubuntu operating system.
(Recommended Read : Complete monitoring solution : Install OMD (Open Monitoring Distribution) )
Installation on CentOS
Before we can install Wireshark, we need to make sure that all the dependencies for wireshark are present on the system. Install all the dependencies using the following command,
$ yum install gcc gcc-c++ bison flex libpcap-devel qt-devel gtk3-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils
Wireshark is available with the default CentOS package repositories & can be installed using YUM. Install wireshark on centos using the following command,
$ sudo yum install wireshark wireshark-qt
But you might not get the latest package for wireshark using this method. To get the latest package for wireshark we need to install it using source packages. The method to install wireshark from source package is mentioned below.
Installation on Ubuntu
Firstly install all the required dependencies for wireshark using the following command,
$ sudo apt-get install build-essential checkinstall libcurl4-openssl-dev bison flex qt5-default qttools5-dev libssl-dev libgtk-3-dev libpcap-d
Once all the dependencies have been installed, install wireshark (available with default Ubuntu repositories) using the following command,
$ sudo apt-get install wireshark
You can also use the official repositories for Ubuntu to install the latest wireshark package, which might not be available with default Ubuntu repository. To install the latest wireshark using the official repository, run the following commands in same order,
$ sudo add-apt-repository ppa:wireshark-dev/stable
$ sudo apt-get update
$ sudo apt-get install wireshark
Installing Wireshark using source
To install the latest version of Wireshark, it is recommended that we install it by building package from source. So download the latest wireshark source package using the following command,
$ wget https://1.as.dl.wireshark.org/src/wireshark-2.4.2.tar.xz
Extract it using the following command,
$ tar -xf wireshark-2.4.2.tar.xz -C /tmp
$ cd /tmp/wireshark-2.4.2
than run the following commands to compile & install the source code,
$ ./configure –enable-setcap-install
$ sudo make install
$ sudo ldconfig
That’s it, thi s will install wireshark on your machine. Now to start the wireshark, either open it through the menu or execute the following command to start wireshark through terminal,
Note: If you are getting a ‘Permission Denied’ error when starting wireshark as local user, you can start the wireshark as root or with sudo privileges or add the local user to wireshark group using the following command,
$ sudo usermod -a -G wireshark username
Now try starting wireshark with again. It should work. Once the wireshark is working, you can than select any port to start the packet capture & than can apply filters fro analysing the data.
This completes our tutorial on installing Wireshark on Centos & Ubuntu systems. Please do send any queries or suggestions related to this article using the comment box below.