How to Install and Configure Wireshark on Ubuntu: A Complete Guide
Wireshark is a powerful and widely-used network protocol analyzer. It’s an indispensable tool for network administrators, security professionals, and developers who need to inspect network traffic in real-time. Whether you are troubleshooting network issues, analyzing security threats, or simply understanding data traffic, installing Wireshark on your Ubuntu system is a crucial first step.
This guide provides a clear, step-by-step process for installing Wireshark on Ubuntu and, most importantly, configuring it correctly for secure and effective use.
Step 1: Update Your System’s Package Lists
Before installing any new software, it’s always a best practice to ensure your system’s package repository lists are up to date. This guarantees you are fetching the latest and most stable versions available.
Open your terminal and run the following command:
sudo apt update
Enter your password when prompted to proceed.
Step 2: Install the Wireshark Package
With your system updated, you can now install Wireshark using the apt package manager. The process is straightforward and handled by a single command.
In your terminal, execute the following:
sudo apt install wireshark
The system will calculate the required dependencies and ask for your confirmation. Press Y and then Enter to continue the installation.
Step 3: The Critical Configuration Step – Granting Capture Permissions
During the installation, a configuration window will pop up with a crucial question:
“Should non-superusers be able to capture packets?”
This is a security-related question. By default, capturing live network traffic requires administrator (root) privileges. However, running a complex application like Wireshark as root is a significant security risk.
For almost all use cases on a personal workstation or development machine, the recommended choice is wireshark user group. Members of this group are granted the necessary permissions to capture packets without needing to run the entire application with root privileges.
Use the Tab key to select Enter.
Step 4: Add Your User to the wireshark Group
Even though you selected “Yes” in the previous step, you still need to manually add your user account to the newly created wireshark group. This is the step that actually grants your account the packet capture capabilities.
To add your current user to the wireshark group, run this command:
sudo usermod -aG wireshark $USER
Let’s break down this command:
sudo: Executes the command with administrator privileges.usermod: A command to modify a user account.-aG: The flags to append (-a) the user to a supplementary group (-G).wireshark: The name of the group.$USER: A system variable that automatically inserts your current username.
This is the most secure and recommended way to run Wireshark.
Step 5: Apply the New Group Permissions
Changes to user group memberships don’t take effect immediately. For your system to recognize your new permissions as part of the wireshark group, you must apply the changes. You have two options:
- Log Out and Log Back In: This is the simplest method.
- Reboot Your System: A full reboot will also apply the new group membership.
After you have logged out and back in or rebooted, your user will have the necessary permissions.
Step 6: Launch and Verify Wireshark
You have now successfully installed and configured Wireshark. You can launch it from your system’s application menu or by typing the following command in your terminal:
wireshark
Upon launching, the Wireshark main screen will appear. You should see a list of available network interfaces (e.g., eth0, wlan0, any). If you can see these interfaces and are able to start a capture without any permission errors, your installation was successful.
A Note on Security and Best Practices
It’s vital to reiterate why the group permission method is used. You should avoid running Wireshark with sudo (e.g., sudo wireshark) for your daily analysis tasks. Running graphical applications as root is a security anti-pattern that can expose your system to unnecessary risks. The wireshark group configuration is designed specifically to prevent this while still providing the privileges needed for network capture.
By following this guide, you have not only installed a powerful tool but have also configured it according to modern security standards, ensuring you can analyze network traffic safely and efficiently.
Source: https://kifarunix.com/install-latest-wireshark-on-ubuntu-18-04/
