Shulou(Shulou.com)06/01 Report--

Editor to share with you how to install and use Wireshark on Ubuntu, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Install Wireshark on a Ubuntu-based Linux distribution

Wireshark works with all major Linux distributions. You should check the official installation instructions. Because in this tutorial, I will focus on installing the latest version of Wireshark on Ubuntu-based distributions only.

Wireshark can be found in Ubuntu's Universe repository. You can enable the universe repository and install it as follows:

Sudo add-apt-repository universesudo apt install wireshark

A small problem with this approach is that you may not always get the latest version of Wireshark.

For example, in Ubuntu 18.04, if you use the apt command to check the available version of Wireshark, the available version will be shown to be 2.6.

Abhishek@nuc:~$ apt show wiresharkPackage: wiresharkVersion: 2.6.10-1~ubuntu18.04.0Priority: optionalSection: universe/netOrigin: UbuntuMaintainer: Balint Reczey

However, the stable version of Wireshark 3.2 was released a few months ago. Of course, the new version has new features.

So what should you do in this case? Thankfully, Wireshark developers provide an official PPA way to install the latest stable version of Wireshark on Ubuntu and other Ubuntu-based distributions.

I hope you are familiar with PPA. If not, please read our excellent guide to PPA to fully understand it.

Open the terminal and use the following command one by one:

Sudo add-apt-repository ppa:wireshark-dev/stablesudo apt updatesudo apt install wireshark

Even if an old version of Wireshark is installed, it will be updated to a new version.

During installation, you will be asked if you want to allow non-superusers to capture packets. Select "Yes" to allow, select "No" to restrict non-superusers from capturing packets, and finally complete the installation.

Run Wireshark without using sudo

If "No" was selected in the previous installation, run the following command as root:

Sudo dpkg-reconfigure wireshark-common

Then press tab and use enter to select "No":

Since you allow a non-superuser to capture packets, you must add that user to the wireshark group. Use the usermod command to add yourself to the wireshark group.

Sudo usermod-aG wireshark $(whoami)

Finally, restart your Ubuntu system and make the necessary changes to your system.

Cold knowledge

Wireshark was first released in 1998 and was originally called Ethereal. In 2006, developers had to change their name to Wireshark because of trademark problems.

Start Wireshark

You can start the Wireshark application from the application launcher or from the command line.

If you start from the command line, just type wireshark in your console:

Wireshark

To launch from the graphical interface, search for the Wireshark app in the search bar and press enter.

Now, let's play Wireshark.

Capture packets using Wireshark

When you start Wireshark, you will see a list of interfaces that you can use to capture packets received and sent by this interface.

You can use Wireshark to monitor many types of interfaces, such as cables, peripherals, etc. Depending on your preference, you can select a specific type of interface to display on the welcome screen from the marked area in the image below.

Select interface

For example, I only listed wired network interfaces.

Next, to start capturing packets, you must select the interface (ens33 in my example), and then click the "Start capturing packets" icon, as shown in the following figure.

Start capturing packets with Wireshark

You can also capture packets from multiple interfaces at the same time. Just hold down the CTRL button, click the interface you want to capture, and then click the "Start capturing packets" icon, as shown in the following figure.

Next, I tried to use the ping google.com command in the terminal and, as you can see, captured a lot of packets.

Captured packets

Now you can select any packet to check that particular packet. After clicking on a specific package, you can see information about the different layers of the TCP/IP protocol associated with it.

Packet info

You can also see the raw data of that particular packet at the bottom, as shown in the following figure.

Check RAW data in the captured packets

This is why end-to-end encryption is important.

Suppose you are logging on to a website that does not use HTTPS. Anyone on the same network as you can sniff the packet and see the user name and password in the raw data.

This is why most chat applications now use end-to-end encryption, while most websites use https (instead of http).

Stop packet capture in Wireshark

You can click the red icon shown in the figure to stop capturing packets.

Stop packet capture in Wireshark

Save the captured packet to a file

You can click the icon marked in the following figure to save the captured packet to a file for future use.

Save captured packets by Wireshark

Note: the output can be exported as XML, PostScript, CSV, or plain text.

Next, select a destination folder, type the file name, and click Save.

Then select the file and click Open.

Now you can open and analyze saved packets at any time. To open the file, press\ + o, or go from Wireshark to "File > Open".

The captured packets will be loaded from the file.

The above is all the contents of the article "how to install and use Wireshark on Ubuntu". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.