Installing WIRESHARK in UBUNTU

Wireshark is a popular program that allows you to analyze network traffic. The program allows the user to view the contents of network packets at different levels of network operation. In addition to directly analyzing traffic, the program has the ability to decrypt encrypted wireless network packets. Unlike the console utility tcpdump, Wireshark has a very convenient graphical interface.

Installation from the official website

An easy way to install Wireshark is to use the official repositories. To do this, run this command:

$ sudo apt install wireshark

During initialization, the program will ask if you want to allow Wireshark to run as a normal user. It is possible to analyze network packets by default only if you have superuser rights. However, it is not desirable to run graphical programs as superuser. If you answer Yes in this window, all users in the wireshark group will be able to access the program, not just the superuser:

After the installation is complete, the current user must be added to the wireshark group:

$ sudo usermod -aG wireshark $USER

To apply the changes you must restart your computer or log in. After that, you can run the program from the main menu or using the terminal:

Facing a difficulty, for example, Wireshark does not see Ubuntu interfaces, means that the utility is running from a regular user and he is not added to the Wireshark group. As a quick fix, try running it as superuser:

$ sudo wireshark

By opening the Help -> About Wireshark menu item you can find out the program version. In this case the version installed is 3.2.3:

Installation from PPA

While there is an outdated version in the official repositories, the developers have already released version 3.4.2. It can be obtained from the developers' PPA. To add a PPA repository to your system, run this command:

$ sudo add-apt-repository ppa:wireshark-dev/stable

After that, you can install Wireshark as described above:

$ sudo apt install wireshark

The installation proceeds similarly to what is described above. If your user is not added to the wireshark group, remember to add it to use the program as a normal user. You can also find out the version of the program using the terminal by executing:

Access Setup

If during installation, when asked by the installer if you should allow normal users to use Wireshark, you chose no, but then changed your mind, you can change this setting. To do so, run this command:

$ sudo dpkq-reconfigure wireshark-common

And this time already answer Yes. And don't forget to add the user to the wireshark group.

How to uninstall

In order to remove Wireshark from Ubuntu it is enough to execute the following command:

$ sudo apt remove wireshark 
wireshark --version

This completes the instruction.