We can install and use Wireshark on Ubuntu. Wireshark is used to capture the network traffic and it’s free to use. Let’s see, how to install Wireshark on ubuntu.
How To Install and Use Wireshark On Ubuntu Linux:
You can install Wireshark on Ubuntu using the package available in-universe repository. if you don’t know how to install the Universe repository, you may follow these articles.
We can also install it using sudo apt-add-repository universe. Once you have installed it then we need to run the below command to install it.
[email protected]:~$ sudo apt install wireshark
After a few minutes, you will see the windows like as shown below and click on “yes“.
It will start the installation process and install all the dependencies itself.
You can check the version installed using the below command from the terminal.
[email protected]:~$ sudo apt show wireshark Package: wireshark Version: 3.2.3-1 Priority: optional Section: universe/net Origin: Ubuntu Maintainer: Balint Reczey <[email protected]> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 59.4 kB
Now open this packet capturing application from the terminal using “Wireshark” and press “Enter“.
Run Wireshark without Sudo:
If you have selected “No” while installing this application, run the below command as root.
sudo dpkg-reconfigure wireshark-common
Now the above window will appear, you have to select “Yes” and hit the enter. Once it’s done. you have allowed the non-root users to capture the packet.
We’ve to add a user in the Wireshark group using the below command.
sudo usermod -a -G wireshark $whoami
Reboot the system to take effect. you can capture the network packet using the Wireshark.
If you still face issue, try the below command.
sudo chmod +x /usr/bin/dumpcap
How To Use Wireshark On Ubuntu:
We have installed this application on Ubuntu and now we will see how to use it to capture the network traffic.
When you click on start capture the network traffic that’s “Blue shark button” then you face the below issue.
Error ”Couldn’t run /usr/bin/dumpcap in child process: Permission denied”;
To fix this issue, we will have to create a user to start the Wireshark.
[email protected]:~$ sudo usermod -a -G wireshark $USER
We will check the owner and group of dumpcap binary as shown below. if the group is not Wireshark, you can change it using
sudo chgrp wireshark /usr/bin/dumpcap
In our case, everything is all right.
[email protected]:~$ ls -ld /usr/bin/dumpcap -rwxr-xr-- 1 root wireshark 113112 Apr 19 14:04 /usr/bin/dumpcap
We will change the permission on this /usr/bin/dumpcap from 754 to 750.
sudo chmod 750 /usr/bin/dumpcap sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
You can also verify the above configuration using the below command.
[email protected]:~$ sudo getcap /usr/bin/dumpcap /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
Reboot the machine and Let’s try to capture the network traffic now.