Ubuntu-Server
Installing Wireshark on Ubuntu

Installing Wireshark on Ubuntu

This manual provides a step-by-step guide to installing Wireshark on an Ubuntu system, configuring it for non-root use, and troubleshooting interface issues during packet capture.

1. Install Wireshark

  1. Open the Terminal:

    • Press Ctrl+Alt+T on your keyboard to launch a terminal window.

  2. Update the Package List:

    • Run the following command to ensure the package list is up-to-date: 
      sudo apt update

  3. Install Wireshark:

    • Execute the command below to install Wireshark: 
      sudo apt install wireshark -y

  4. Configure Wireshark Permissions:

    • During the installation, you may be prompted to allow non-superusers to capture packets. If prompted:
      • Use the arrow keys to select Yes.
      • Press Enter to confirm.

2. Reconfigure Wireshark for Non-Root Access

If the permissions prompt was skipped or if interfaces are not visible during capture, follow these steps:

  1. Run the dpkg-reconfigure Command:

    • In the terminal, type: 
      sudo dpkg-reconfigure wireshark-common
    • When prompted:
      • Use the right arrow key to highlight Yes.
      • Press Enter.

  2. Set the Correct Permissions for dumpcap:

    • Assign the necessary permissions to the dumpcap utility to enable non-root access: 
      sudo chmod +x /usr/bin/dumpcap

  3. Add Your User to the Wireshark Group (if necessary):

    • Run the following command to add your user to the Wireshark group: 
      sudo usermod -aG wireshark $USER
    • Log out and back in for the group changes to take effect.

3. Verify the Installation

  1. Launch Wireshark:

    • Open Wireshark from your application menu or by typing wireshark in the terminal.

  2. Check Interfaces:

    • Verify that the available interfaces are listed under Capture.
    • If no interfaces are visible, confirm the dumpcap permissions.

4. Troubleshooting

  • Issue: No interfaces are available for capture.

    • Solution:
      1. Ensure dpkg-reconfigure wireshark-common was run and configured to Yes.
      2. Confirm the dumpcap file has executable permissions: 
        ls -l /usr/bin/dumpcap
        The output should show -rwxr-xr-x.

  • Issue: Capture requires root privileges.

    • Solution:
      1. Confirm your user is part of the wireshark group: 
        groups $USER
      2. If not listed, re-add your user to the group and re-login.

Reference

This guide was adapted from a solution shared on AskUbuntu:
There are no interfaces on which a capture can be done (opens in a new tab).

With these steps completed, you should now be able to run Wireshark without root privileges and successfully capture packets.

Find CommandLog Monitoring