Wireshark is a popular protocol analyzer used to capture and inspect packets on a network in real time. It’s an invaluable tool for network administrators, security experts and anyone who wants to understand the traffic on their network. In this tutorial, we’ll look at how to install Wireshark on Ubuntu step by step.
Step 1: System update
Before installing any new software on Ubuntu, it’s essential to make sure your system is up to date.
This ensures that you have the latest security fixes and the most recent versions of existing packages. This provides a solid foundation for the installation of new packages.
Here’s how you can update your Ubuntu system:
The first step is to update the list of available packages to ensure that you have the most up-to-date information on the latest versions of all packages.
Run the following command:
sudo apt update & sudo apt upgrade
Now that your Ubuntu system is up to date, you’ve established a solid, secure foundation for installing new software, like Wireshark.
Step 2: Install Wireshark
Here’s how to install Wireshark on your Ubuntu system.
To install Wireshark via the apt package manager, use the following command:
sudo apt install wireshark
A screen will appear asking if you wish to allow unprivileged users to capture packets.
This is an important safety decision. If you are the only user of the machine, or if you trust everyone who has access, you can choose ‘Yes’.
Otherwise, select ‘No’. If you choose ‘Yes’, you won’t have to use sudo every time you want to capture packages.
Once installation is complete, check that Wireshark is correctly installed by running the command :
This should display the version of Wireshark you have just installed.
You can start Wireshark directly from the terminal by typing wireshark, or by searching for it and clicking on its icon in the applications menu of your desktop environment.
Step 3: Add user to Wireshark group
To allow a specific user to capture packages without requiring root privileges. It is therefore advisable to add it to the Wireshark group.
This step ensures that the user has the appropriate permissions to run Wireshark and capture packets on network interfaces.
Here’s how to do it:
To add a specific user to the Wireshark group, use the usermod command. Replace “adam” with the username for which you wish to grant access to Wireshark.
For example, if your username is “adam”, the command will be :
sudo usermod -a -G wireshark adam
To ensure that the user has been correctly added to the group, you can use the groups command followed by the user’s name.
This will display all the groups to which “adam” belongs. Make sure that “wireshark” is one of them.
Here it is! You have now installed and configured Wireshark on Ubuntu. This powerful tool enables you to perform in-depth analysis of network traffic, diagnose problems, detect suspicious activity and much more.
Why do I need to add a user to the Wireshark group?
By adding a user to the Wireshark group, you enable him/her to capture network packets directly, without having to use root privileges. This improves security, as it’s not recommended to run applications in superuser mode if you don’t need to.
Can Wireshark be dangerous if misused?
Like any powerful tool, Wireshark can present risks if misused. Although Wireshark itself is secure, accidentally capturing and sharing sensitive information can pose security problems.
Are there any alternatives to Wireshark for Ubuntu?
Yes, there are other package analyzers for Linux, such as tcpdump, which is a command-line tool. However, Wireshark is one of the most popular, thanks to its powerful graphical interface and extensive functionality.
Does Wireshark show HTTPS traffic?
Wireshark can capture HTTPS traffic, but it will be encrypted. To view the content of decrypted HTTPS traffic, additional configurations and possession of the appropriate private key are required.