In our previous tutorial, we have learned about using tcpdump command to collect network packets for analyzing/troubleshooting. But it can be a tiresome task to analyze all these network logs via CLI. But that’s not the only option, we can also install Wireshark, which has a GUI along with lots of features & makes it easy to capture & analyze the network packets.

Wireshark is free & Open source network packet analyzer that is used for network analysis, troubleshooting, etc. Wireshark is a cross-platform software that is available for various Linux/UNIX distributions, Mac-OS, Solaris, BSD & Windows, etc. It uses GTK to implement user interface & captures packets using PCAP.

Recommended Read: Top 7 commands for Linux Network Traffic Monitoring

Also Read: Monitoring network bandwidth with iftop command

Wireshark is quite similar to tcpdump, the major difference between the two is that Wireshark has a graphical interface with built-in filtering options, which make it easy to use. Wireshark provides a number of features, some of those features are,

- Live packet capture & offline analysis,
- A number of display filters,
- Support for hundreds of protocol,
- Rich VOIP analysis,
- Read/write feature various file formats,
- Live data can be read from ethernet port, Bluetooth, USB, Token rings tec

In this tutorial, we will learn to install Wireshark on CentOS & Ubuntu operating system.

(Recommended Read : Complete monitoring solution : Install OMD (Open Monitoring Distribution) )

 

Installation on CentOS

Before we can install Wireshark, we need to make sure that all the dependencies for Wireshark are present on the system. Install all the dependencies using the following command,

$ yum install gcc gcc-c++ bison flex libpcap-devel qt-devel gtk3-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils

Wireshark is available with the default CentOS package repositories & can be installed using YUM. Install Wireshark on centos using the following command,

$ sudo yum install wireshark wireshark-qt

But you might not get the latest package for Wireshark using this method. To get the latest package for Wireshark we need to install it using source packages. The method to install Wireshark from source package is mentioned below.

 

Installation on Ubuntu

Firstly install all the required dependencies for Wireshark using the following command,

$ sudo apt-get install build-essential checkinstall libcurl4-openssl-dev bison flex qt5-default qttools5-dev libssl-dev libgtk-3-dev libpcap-d

Once all the dependencies have been installed, install Wireshark (available with default Ubuntu repositories) using the following command,

$ sudo apt-get install wireshark

You can also use the official repositories for Ubuntu to install the latest Wireshark package, which might not be available with the default Ubuntu repository. To install the latest Wireshark using the official repository, run the following commands in the same order,

$ sudo add-apt-repository ppa:wireshark-dev/stable

$ sudo apt-get update

$ sudo apt-get install wireshark

 

Installing Wireshark using source

To install the latest version of Wireshark, it is recommended that we install it by building a package from source. To download the latest Wireshark source package using the following command,

$ wget https://1.as.dl.wireshark.org/src/wireshark-3.0.0.tar.xz

Extract it using the following command,

$ tar -xf wireshark-3.0.0.tar.xz -C /tmp

$ cd /tmp/wireshark-3.0.0

then run the following commands to compile & install the source code,

$ ./autogen.sh

$ ./configure –enable-setcap-install

$ make

$ sudo make install

$ sudo ldconfig

That's it, this will install Wireshark on your machine. Now to start the Wireshark, either open it through the menu or execute the following command to start Wireshark through the terminal,

$ wireshark

install wireshark

Note: If you are getting a 'Permission Denied' error when starting Wireshark as a local user, you can start the Wireshark as root or with sudo privileges or add the local user to Wireshark group using the following command,

$ sudo usermod -a -G wireshark username

Now try starting Wireshark with again. It should work. Once the Wireshark is working, you can then select any port to start the packet capture & then can apply filters for analyzing the data.

This completes our tutorial on installing Wireshark on Centos & Ubuntu systems. Please do send any queries or suggestions related to this article using the comment box below.

 

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Google Plus

Donate us some of your hard earned money: [paypal-donation]

Linux TechLab is thankful for your continued support.