Install and Use Wireshark on Ubuntu Linux

Learn to install the latest Wireshark on Ubuntu based distributions. Also learn to run Wireshark without sudo and set it up for packet sniffing.
Warp Terminal

Wireshark is a free and open-source network protocol analyzer widely used around the globe.

With Wireshark, you can capture incoming and outgoing packets of a network in real time and use it for network troubleshooting, packet analysis, software and communication protocol development, and many more.

It is available on all major desktop operating systems like Windows, Linux, macOS, BSD and more.

In this tutorial, I will guide you to install Wireshark on Ubuntu and other Ubuntu-based distributions. Iโ€™ll also show a little about setting up and configuring Wireshark to capture packets.

Installing Wireshark on Ubuntu based Linux distributions

Wireshark is available on all major Linux distributions. You should check out the official installation instructions. In this tutorial, Iโ€™ll focus on installing the latest Wireshark version on Ubuntu-based distributions only.

Wireshark is available in the Universe repository of Ubuntu, which is usually enabled by default. If not, you can enable universe repository and then install it by running:

sudo apt install wireshark

One slight problem with this approach is that you might not always get the latest version of Wireshark.

๐Ÿ“‹
For example, in Ubuntu 22.04, if you use the apt command to check the available version of Wireshark, it is 3.6. However, Wireshark 4.0.0 stable version was released a few months ago. The new release brings new features, of course.
Details of Wireshark package available in default Ubuntu repositories displayed with "apt show" command
Wireshark Package Details

So, what do you do in such a case? Thankfully, Wireshark developers provide an official PPA that you can use to install the latest stable version of Wireshark on Ubuntu and other Ubuntu-based distributions.

I hope you are acquainted with PPA. If not, please read our excellent guide on PPA to understand it completely.

Open a terminal and use the following commands one by one:

sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt update
sudo apt install wireshark

Even if you have an older version of Wireshark installed, it will be updated to the newer version.

While installing, you will be asked whether to allow non-superusers to capture packets. Select Yes to allow and No to restrict non-superusers from capturing packets & finish the installation.

Running Wireshark without sudo

If you have selected No in the previous installation, then run the following command as root:

sudo dpkg-reconfigure wireshark-common
Reconfigure Wireshark to allow non-superuser to capture packets
Reconfigure Wireshark

And select Yes by pressing the tab key and then using the enter key:

Since you have allowed the non-superuser to capture packets, you have to add the user to Wireshark group. Use the usermod command to add yourself to the Wireshark group.

sudo usermod -aG wireshark $(whoami)

Finally, restart your Ubuntu system to make the necessary changes to your system.

๐Ÿ“…
Trivia: First released in 1998, Wireshark was initially known as Ethereal. Developers had to change its name to Wireshark in 2006 due to trademark issues.

Starting Wireshark

Launching Wireshark application can be done from the application launcher or the CLI.

To start from CLI, just type Wireshark on your console:

wireshark

From GUI, search for Wireshark application on the search bar and hit enter.

Open Wireshark from Ubuntu Activities Overview
Open Wireshark

Now letโ€™s play with Wireshark.

Using Wireshark

Wireshark provides a wide range of functions like capturing packets, stop packet capture, save packets etc., with a lot of additional information.

Capturing packets using Wireshark

When you start Wireshark, you will see a list of interfaces that you can use to capture packets to and from.

There are many types of interfaces available which you can monitor using Wireshark such as, Wired, External devices, etc. According to your preference, you can choose to show specific types of interfaces in the welcome screen from the marked area in the given image below.

Home screen of Wireshark Network Analyzer, where all the available interfaces are shown
Wireshark Network Analyzer

For instance, I listed only the Wired network interfaces.

Listing only Wired Network interfaces in Wireshark
Wired Network Interfaces

Next, to start capturing packets, you have to select the interface (which in my case is enp1s0) and click on the Start capturing packets icon as marked in the image below.

Monitor Selected Interface using Start Capture button
Monitor selected interface

You can also capture packets to and from multiple interfaces at the same time. Just press and hold the CTRL button while clicking on the interfaces that you want to capture to and from, and then hit the Start capturing packets icon as marked in the image below.

Capture Packets from Multiple Interfaces by selecting them with CTRL and Click and then use the "Start Capturing" buttom
Capture Packets from Multiple Interfaces

Viewing Packets with details

Next, I tried using ping google.com command in the terminal and as you can see, many packets were captured.

Packets captured, when a ping to google command is executed in terminal
Capture Packets in Real Time

Now you can select on any packet to check that particular packet. After clicking on a particular packet, you can see the information about different layers of TCP/IP Protocol associated with it. You can also see the RAW data of that particular packet at the bottom as shown in the image below.

Detailed information about the packets captured
Packets Details
๐Ÿ’ก
This is why end-to-end encryption is important

Imagine you are logging into a website that doesnโ€™t use HTTPS. Anyone on the same network as you can sniff the packets and see the username and password in the RAW data. This is why most chat applications use end-to-end encryption and most websites these days use HTTPS (instead of HTTP).

Stopping packet capture in Wireshark

You can click on the red icon as marked in the given image to stop capturing Wireshark packets.

Stop Packet Capture using the Stop button
Stop Packet Capture

Save captured packets to a file

You can click on the marked icon in the image below to save captured packets to a file for future use.

Use the Save button to save a packet to a file
Save Packets
๐Ÿ’ก
Output can be exported to XML, PostScriptยฎ, CSV, or plain text.

Next, select a destination folder, and type the file name and click on Save.

Save packet to a file by giving it a name and destination
Save the Packet to a file

Now you can open and analyze the saved packets anytime. To open the file, press CTRL + o or go to File > Open from Wireshark.

The captured packets should be loaded from the file.

Open a saved packet from file, by opening them from "File - Open". Or use CTRL + O to select file from file manager
Open a saved packet from file

More on networking...

Get insights into your network activity and connected devices.

Monitor Linux Network Usage And Devices With Nutty
See what devices are on your network and other network usage with this GUI tool.

Stay on top of your network bandwidth and speed.

Monitoring Network Bandwidth and Speed in Linux
Brief: In this article, we list some open source utilities to monitor the network traffic, bandwidth and internet speed in Linux. Monitoring internet speed can be a crucial step in understanding your connection and it can help you find possible problems. It will also help you troubleshoot any cโ€ฆ

Master Linux networking with these essential commands.

21 Basic Linux Networking Commands You Should Know
A list of basic Linux networking commands that will help you troubleshoot network issues, monitor packets, connect devices, and much more.

Wireshark supports many communication protocols. There are many options and features that provide you the power to capture and analyze the network packets uniquely. You can learn more about Wireshark from their official documentation.

I hope this tutorial helped you to install Wireshark on Ubuntu. Please let me know your questions and suggestions.

About the author
Community

Community

Written by a community member, a reader who is not part of the It's FOSS writing team. The views and opinions expressed are those of the authors and do not necessarily reflect that of It's FOSS.

Become a Better Linux User

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world

It's FOSS

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.