Wireshark is a network analysis tool widely used in cyber security for malicious traffic monitoring or network performance troubleshooting. In this article, we will explain how to install Wireshark on Ubuntu. Let's get started.
First, we should update the packages on the Ubuntu operating system using the following command:
sudo apt-get update
Now, we are ready to install Wireshark.
Installing Wireshark on Ubuntu is quite easy, just use the following command:
sudo apt-get install wireshark -y
If you want to allow non-root users to use the Wireshark, you must allow them to do so:
To decide which interface you want to capture, type the following command to determine the list of network interfaces on the Ubuntu system:
ip a
In this case, we have two network interface cards on the system. We will capture the ens160 interface with Wireshark.
Now that we are ready to start Wireshark, just use the following command in the terminal or go to Show Applications and then type Wireshark in the GUI.
To capture the ens160 interface, select this interface and then select Capture > Start.
At last, we are ready to capture our first network packet. For this article, we will capture the ICMP traffic on the system.
Open a new terminal and send an ICMP echo request from the Ubuntu machine to the 8.8.8.8 IP address. We can use the display filter to show only the traffic we want to analyze.
ping 8.8.8.8
In this case, we send four ICMP echo requests to 8.8.8.8, and 8.8.8.8 responds with four ICMP echo reply packets, so we have successfully captured this traffic with Wireshark.
FYI: If you want to use Wireshark for malicious traffic analysis and don’t know where to start, we have the perfect course for you in our Malware Analysis Skill Path, register below and check it out!
In this article, we have explained how to install Wireshark on the Ubuntu system and how to capture network traffic with Wireshark. Keep in mind that learning more about Wireshark is essential for monitoring and visualizing the network.