How to Install Wireshark on Ubuntu

Ahmet Aytemiz
Posted:
April 29, 2024
Home
Posts
Cybersecurity
How to Install Wireshark on Ubuntu
Contents

How to Install Wireshark on Ubuntu

Wireshark is a network analysis tool widely used in cyber security for malicious traffic monitoring or network performance troubleshooting. In this article, we will explain how to install Wireshark on Ubuntu. Let's get started. 

Requirements:

  • Ubuntu operating system running on a physical or virtual machine
  • A stable internet connection to download the Wireshark packages.
  • Your best hypervisor if you use a virtual machine

Steps:

  • Get the latest list of packages with apt-get
  • Install Wireshark
  • Decide which interface to capture
  • Start Wireshark
  • Use Wireshark to capture your first traffic

Step 1: Get the Latest List of Packages 

First, we should update the packages on the Ubuntu operating system using the following command:

sudo apt-get update

Now, we are ready to install Wireshark.

Step 2: Install Wireshark

Installing Wireshark on Ubuntu is quite easy, just use the following command:

sudo apt-get install wireshark -y

If you want to allow non-root users to use the Wireshark, you must allow them to do so:

Step 3: Decide Which Interface to Capture

To decide which interface you want to capture, type the following command to determine the list of network interfaces on the Ubuntu system:

ip a

Type image caption here (optionl

In this case, we have two network interface cards on the system. We will capture the ens160 interface with Wireshark.

Step 4: Start Wireshark

Now that we are ready to start Wireshark, just use the following command in the terminal or go to Show Applications and then type Wireshark in the GUI.

To capture the ens160 interface, select this interface and then select Capture > Start.

Step 5: Use Wireshark to Capture Your First Traffic

At last, we are ready to capture our first network packet. For this article, we will capture the ICMP traffic on the system. 

Open a new terminal and send an ICMP echo request from the Ubuntu machine to the 8.8.8.8 IP address. We can use the display filter to show only the traffic we want to analyze.

ping 8.8.8.8

‍In this case, we send four ICMP echo requests to 8.8.8.8, and 8.8.8.8 responds with four ICMP echo reply packets, so we have successfully captured this traffic with Wireshark.

FYI: If you want to use Wireshark for malicious traffic analysis and don’t know where to start, we have the perfect course for you in our Malware Analysis Skill Path, register below and check it out!

Conclusion

In this article, we have explained how to install Wireshark on the Ubuntu system and how to capture network traffic with Wireshark. Keep in mind that learning more about Wireshark is essential for monitoring and visualizing the network.‍

Share
letsdefend description card

You might also be interested in ...

Start learning cybersecurity today