Wireshark is chosen by many users for network troubleshooting and communications protocol development. It is also applied for analysis, software development, and educational purposes.
Wireshark runs successfully on Mac OS, Microsoft Windows, Linux, BSD and Solaris. Following we will learn about the download, installation process and features of Wireshark on Ubuntu.
How to Download and Installation
The steps below are to determine the installation process for Wireshark 2.2.5.
- Download the official PPA (stable) for Wireshark. The PPA is for Ubuntu 16.10, Ubuntu 16.04, Ubuntu 14.04, Ubuntu 12.04 and subsequent processors.
- You can also read more about the PPA here.
- Once downloaded add the PPA by going to Unity Dash / App Launcher (shortcut: Ctrl+Alt+T), and run the command line: “sudo add-apt-repositoryppa:wireshark-dev/stable”
- When asked for “password for handbook” put down your password.
- Hit Enter to finish the process.
If the above doesn’t work out, you can also use the following steps:
- Download the official PPA (stable).
- Add the PPA by shortcuts “Ctrl+Alt+T” followed by the command line:
“sudo add-apt-repository ppa:wireshark-dev/”
3. Update the repository to latest version; command line
“sudo apt-get update”
4. Install Wireshark with command line:
“sudo apt-get install wireshark”
5. If Wireshark doesn’t run and an error occurs revisit terminal to put in the command line:
“sudo dpkg-reconfigure wireshark-common”
6. Click on “Yes”
Note: The function will create a Wireshark group. Add the user to this group by command line:
“sudo adduser $USER wireshark
7. Restart your system and enjoy Wireshark.
Test Run Wireshark
Once you have successfully downloaded wireshark do a test run.
- Open wireshark
- Find capture interface on the homepage (top left corner) and click.
3. A dialogue dialogue box would appear. With various input, output and options.
4. As you can see if your wireshark it’s working currently no interface will be seen. Click on “manage interface”.
5. Select any network in the “Input”. If Wireshark works you’ll find something like this.
6. Boom! You’ll be able to find all protocols and network options.
Wireshark 2.6 Features
- No support for GeoIP and GeoLite Legacy databases.
- Windows packers are now built with Microsoft Visual Studio 2017.
- HTTP Request sequences support.
- IP map feature (“Map” button in the “Endpoints” dialog) has been removed.
- Filter button can be edited, disabled, and removed.
- Start-up time diminished.
- TShark supports color using the –colour option now.
- Matches” display filter operator is now case-insensitive.
- Tcptrace” TCP Stream graph shows duplicate ACKS.
- No advertisements.
- RTP Player has G.729A codec which is now added via the bcg729 library.
- Personal plugins folder on Linux/Unix is now ~/.local/lib/wireshark/plugins.
- QUIC dissector has been renamed to Google QUIC (quic → gquic).
- “enterprises.tsv” configuration files now allow SMI private enterprise numbers to read from.
- The legacy interface is removed.
- Now, by default the Graphs save as PNG images.
- TShark’s -z option now uses the
syntax instead of
[-z <proto>, rtt]
for protocols that support service response time statistics.
Issues to look out for
- Incorrect delta times by Wireshark and TShark.
- Possibility of BER dissectors looping infinitely.
- Real-time option change can sometimes lead to the application crashing.
- Filtering tshark captures with read filters (-R) no longer works.
If you have downloaded the .tar.gz but an error like “couldn’t run /usr/bin/dumpcap in child process: Permission Deny” appears, this article will guide you.
Wireshark is amongst the most successful cross platform network protocol. It’s quite simple to use and installs quickly.
Planning to learn network protocols and software development? Wireshark is best for you. Stuck? Put down your queries below in the comment section.