How to install WireShark on Linux (CentOS/Ubuntu)

In our previous tutorial, we have learned about using tcpdump command to collect network packets for analyzing/troubleshooting. But it can be a tiresome task to analyze all these network logs via CLI. But that’s not the only option, we can also install Wireshark, which has a GUI along with lots of features & makes it easy to capture & analyze the network packets.

Wireshark is free & Open source network packet analyzer that is used for network analysis, troubleshooting, etc. Wireshark is a cross-platform software that is available for various Linux/UNIX distributions, Mac-OS, Solaris, BSD & Windows, etc. It uses GTK to implement user interface & captures packets using PCAP.

Wireshark is quite similar to tcpdump, the major difference between the two is that Wireshark has a graphical interface with built-in filtering options, which make it easy to use. Wireshark provides a number of features, some of those features are,

– Live packet capture & offline analysis,
– A number of display filters,
– Support for hundreds of protocol,
– Rich VOIP analysis,
– Read/write feature various file formats,
– Live data can be read from ethernet port, Bluetooth, USB, Token rings tec

In this tutorial, we will learn to install Wireshark on CentOS & Ubuntu operating system.

(Recommended Read : Complete monitoring solution : Install OMD (Open Monitoring Distribution) )


Installation on CentOS

Before we can install Wireshark, we need to make sure that all the dependencies for Wireshark are present on the system. Install all the dependencies using the following command,

$ yum install gcc gcc-c++ bison flex libpcap-devel qt-devel gtk3-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils

Wireshark is available with the default CentOS package repositories & can be installed using YUM. Install Wireshark on centos using the following command,

$ sudo yum install wireshark wireshark-qt

But you might not get the latest package for Wireshark using this method. To get the latest package for Wireshark we need to install it using source packages. The method to install Wireshark from source package is mentioned below.


Installation on Ubuntu

Firstly install all the required dependencies for Wireshark using the following command,

$ sudo apt-get install build-essential checkinstall libcurl4-openssl-dev bison flex qt5-default qttools5-dev libssl-dev libgtk-3-dev libpcap-d

Once all the dependencies have been installed, install Wireshark (available with default Ubuntu repositories) using the following command,

$ sudo apt-get install wireshark

You can also use the official repositories for Ubuntu to install the latest Wireshark package, which might not be available with the default Ubuntu repository. To install the latest Wireshark using the official repository, run the following commands in the same order,

$ sudo add-apt-repository ppa:wireshark-dev/stable

$ sudo apt-get update

$ sudo apt-get install wireshark


Installing Wireshark using source

To install the latest version of Wireshark, it is recommended that we install it by building a package from source. To download the latest Wireshark source package using the following command,

$ wget

Extract it using the following command,

$ tar -xf wireshark-3.0.0.tar.xz -C /tmp

$ cd /tmp/wireshark-3.0.0

then run the following commands to compile & install the source code,

$ ./

$ ./configure –enable-setcap-install

$ make

$ sudo make install

$ sudo ldconfig

That’s it, this will install Wireshark on your machine. Now to start the Wireshark, either open it through the menu or execute the following command to start Wireshark through the terminal,

$ wireshark

install wireshark

Note: If you are getting a ‘Permission Denied’ error when starting Wireshark as a local user, you can start the Wireshark as root or with sudo privileges or add the local user to Wireshark group using the following command,

$ sudo usermod -a -G wireshark username

Now try starting Wireshark with again. It should work. Once the Wireshark is working, you can then select any port to start the packet capture & then can apply filters for analyzing the data.

This completes our tutorial on installing Wireshark on Centos & Ubuntu systems. Please do send any queries or suggestions related to this article using the comment box below.


If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Google Plus

Donate us some of your hard earned money:

Linux TechLab is thankful for your continued support.


Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

8 Responses

  1. boukar10 says:

    Hello, when I try to launch the wireshark using the command $wireshark in CentOS, I get this error

    (wireshark:1218): Gtk-WARNING **: cannot open display:

    Please can you help

  2. Gustavo Gonnet says:

    Hi, could it be that this command:
    $ sudo apt-get install build-essential checkinstall libcurl4-openssl-dev bison flex qt5-default qttools5-dev libssl-dev libgtk-3-dev libpcap-d

    should be this command instead?
    $ sudo apt-get install build-essential checkinstall libcurl4-openssl-dev bison flex qt5-default qttools5-dev libssl-dev libgtk-3-dev libpcap-dev

    I’m using Ubuntu 14.04 and libpcap-d does not exist, but libpcap-dev does.

  3. zahirul says:

    How I can Uninstall Wireshark which is installed by using source in Centos7?

  4. luiz says:

    Hi, I’m installing on Debian9, but I’ve got an error:

    ./configure –prefix=/opt/ –with-ssl –enable-setcap-install –with-dumpcap-group=wireshark

    checking whether to install dumpcap with cap_net_admin and cap_net_raw capabilities… setcap not found
    configure: error: Setcap install was requested, but setcap was not found

    Do you know how to fix it?
    It’s strange ’cause `libcap-dev` is installed …

Leave a Reply

Your email address will not be published. Required fields are marked *