How to Install Wireshark on Ubuntu 22.04

Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible.

You could think of a network packet analyzer as a measuring device for examining what’s happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside an electric cable (but at a higher level, of course).

What Wireshark is not

  • Wireshark isn’t an intrusion detection system. It will not warn you when someone does strange things on your network that he/she isn’t allowed to do. However, if strange things happen, Wireshark might help you figure out what is going on.

  • Wireshark will not manipulate things on the network, it will only “measure” things from it. Wireshark doesn’t send packets on the network or do other active things (except domain name resolution, but that can be disabled).

Prerequisites:

Ensure that the following dependencies are installed on the system.

  1. GLib development package which includes the headers, libraries, and other files necessary for development.

    💡
    GLib package comes pre-installed with Ubuntu 22.04. For earlier versions to install the package use the command: sudo apt-get install libglib2.0-dev
  2. The libpcap library for capturing live network data.

Install Wireshark

  1. Update the APT package index by running the following command:

     sudo apt update
    
  2. Once the APT package index is updated, install Wireshark on your system:

     sudo apt install wireshark
    

    Click yes button during the installation for non-superusers to able to capture the packets

  3. Verify the Wireshark version:

     wireshark --version
    

Configure Wireshark

  1. If you are logged as a normal user then add the user to the Wireshark group:

     sudo usermod -aG wireshark $USER
    

    This command adds the currently logged-in user to the wireshark group, giving them permissions associated with that group (like capturing network packets without needing to be the root user).

    💡
    If an error "wireshark group does not exist" appears during the execution of the command above, then create manually a "wireshark" group with the command sudo groupadd wireshark Only then, add the currently logged-in user to the wireshark group.
  2. Modify the “dumcap” file permission:

     sudo chgrp wireshark /usr/bin/dumpcap
    

    This command changes the group ownership of the dumpcap executable to the wireshark group.

     sudo chmod +x /usr/bin/dumpcap
    

    The command above grants execute permissions to the dumpcap file.

     sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
    

    The tool setcap assigns capabilities to executables.

    cap_net_raw: Allows the program to use RAW and PACKET sockets, which can be necessary for sniffing tools that need to capture raw packets directly from network interfaces.

    cap_net_admin: Provides various network-related privileges like interface configuration, administration, binding to privileged ports, setting packet filtering rules, etc.

    =eip indicates which set of capabilities to modify:

    • e stands for Effective. It means the capability is "activated".

    • i stands for Inherited. It means the capability can be inherited by child processes.

    • p stands for Permitted. It ensures the capability can be used by the process

By setting these capabilities, you're giving the dumpcap binary the ability to capture raw packets and conduct other network-related operations without needing to run as the root user.

References

  1. How to Install and Configure Wireshark on Ubuntu 20.04 Linux Tutorial

  2. Wireshark User’s Guide