Wireshark is a cross-platform network protocol analyzer that lets you interactively capture and view network packets. Although this is a rather advanced topic, for those in the know it allows them to capture network traffic as it travels across the network. You can even save those captures for later analytics. This tool may be utilized for reasons from network troubleshooting, cybersecurity, research, and more.
In this post, we will go over the basics of Wireshark Ubuntu from the background information you should know and how to install Wireshark on your Ubuntu machine.
⚠️ Warning
Before using a tool like this it’s recommended to get permission from the owner of the network, as acceptable use policies may forbid the use of packet capture software.
What Is A Packet?
In computer networking a packet is the final format before it is sent on towards the destination.
What Is Packet Capture?
Packet capture is when packets are captured for analysis. Something to keep in mind is that packets will vary based on the protocol being used.
Do I Need Special Permissions?
The answer is yes, additional permissions beyond standard user permissions are required to use packet capture software.
- First, before you get started be sure you have permissions from the administrator of the Network you want to run Wireshark on.
- You will need the right environment, some virtual technologies and containers can affect the ability to packet capture.
You will need more permissions than standard user permissions. For Linux, you need to be added to a user group, have superuser permissions, or root permissions.
Wireshark Installation
To download Wireshark and install Wireshark on newer versions of Ubuntu (18.04 and up) search using your preferred package manager for Wireshark. If you see other instructions saying you need to add an apt repository, be aware this is only if you are on an older Ubuntu version or if you need a version not provided by the standard repositories.
- On the command line, you would run:
sudo apt install wireshark
During the installation, you will be prompted if you would like non-superusers to be able to capture packets. Unless this is a feature you require I recommend selecting No.
If you do choose to use this option you will need to add the users you want to be able to use Wireshark to the Wireshark group.
Basic Usage
- After you open Wireshark it will ask what interface you want to capture traffic on. Select the interface you want to capture traffic onTroubleshooting tip: if you get an error message box that says “you don’t have permission to capture on that device” either close and reopen Wireshark with sudo or follow the directions provided to allow your user to capture packets without needing to elevate their permissions.
From here you will see traffic as it captured.
- When you are done capturing click on the red stop button. 🟥
- (Optional) To save the capture for later now go to file > Save then and provide a and click save.
Bonus
Need to capture packets on a server that doesn’t have a graphical environment? Use tcpdump as shown below, and you can open the packet capture for later.
sudo tcpdump -i eth0 -w capture.pcap
Make sure to replace eth0 with the correct interface for the system you are using.
Later on, you can open the file containing the captured packets, in Wireshark by going to File Open and selecting the file.
Conclusion
In this post we have covered background like what a packet is, why someone would use this software, and that packet capture requires additional permissions. Moving on we touched on how to install and basic usage. Wrapping things up with a way to capture packets on servers and then later be able to open the file with Wireshark.
Additional Links
Done reading and looking for additional information, why not check these out?
Embracing a lifelong passion for technology since childhood, CJ delved into the intricate workings of systems, captivated by the desire to understand the unknown. This innate curiosity led to his discovery of Linux, a revelation that resonated deeply. With more than 7 years of on the job experience, he’s honed his technical skills as a Geek and Senior Linux Systems Administrator.
Leave a Reply