TranslateProject/sources/tech/20230624.0 ⭐️⭐️ How to Install and Use Wireshark in Ubuntu 22.04.md

158 lines
6.9 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[#]: subject: "How to Install and Use Wireshark in Ubuntu 22.04"
[#]: via: "https://www.linuxtechi.com/install-use-wireshark-ubuntu/"
[#]: author: "Pradeep Kumar https://www.linuxtechi.com/author/pradeep/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
How to Install and Use Wireshark in Ubuntu 22.04
======
Hello techies, in this post we will cover how to install and use wireshark in Ubuntu 22.04.
Wiresharkis free and open source, cross platform, GUI based Network packet analyzer that is available for Linux, Windows, MacOS, Solaris etc. It captures network packets in real time & presents them in human readable format. It allows us to monitor the network packets up to microscopic level. It also has a command line utility called tshark that performs the same functions as Wireshark but through terminal & not through GUI.
Wireshark can be used for network troubleshooting, analyzing, software & communication protocol development & also for education purposed. Wireshark uses a library called pcap for capturing the network packets.
##### Wireshark Features
- Support for a hundreds of protocols for inspection,
- Ability to capture packets in real time & save them for later offline analysis,
- A number of filters to analyzing data,
- Data captured can be compressed & uncompressed on the fly,
- Various file formats for data analysis supported, output can also be saved to XML, CSV, plain text formats,
- data can be captured from a number of interfaces like ethernet, wifi, bluetooth, USB, Frame relay , token rings etc.
##### Prerequisites
- Pre Installed Ubuntu 22.04
- Local User with sudo rights
- Internet Connectivitiy
### Wireshark Installation Steps
Wireshark package is available with default Ubuntu repositories & can be simply installed using the following commands. But there might be chances that you will not get the latest version of wireshark.
```
$ sudo apt update
$ sudo apt install wireshark
```
![Apt-Command-Install-Wireshark-Ubuntu][1]
Choose Yes to allow non-superusers to capture packets using wireshare
![Allow-Non-SuperUsers-To-Capture-Packets-Wireshark-Ubuntu][2]
Post successfull installation, access Wireshare UI. Search wireshark from Activities and then click on its icon.
![Wireshark-UI-Ubuntu-Linux-Desktop][3]
Above confirms that your wireshark installation is completed successfully.
In order to install latest version of wireshark, we must enable official wireshark repository using following apt commands.
```
$ sudo add-apt-repository ppa:wireshark-dev/stable
$ sudo apt update
```
Now, Install latest version of wireshark, run
```
$ sudo apt install wireshark -y
```
Once the Wireshark is installed, verify its version,
```
$ wireshark --version
```
![Wireshark-Version-Check-Ubuntu-Linux][4]
To allow your regular user to use and capture packets using wireshark, run following command
```
$ sudo dpkg-reconfigure wireshark-common
```
Choose Yes  and hit enter
![Allow-Regular-User-Use-Wireshark-Ubuntu][5]
Add your local user to wireshark group using usermod command
```
$ sudo usermod -aG wireshark $USER
$ newgrp wireshark
```
To make above changes into the affect, reboot your system once.
```
$ sudo reboot
```
### Capture Packets Using Wireshark
Start the wireshark, from Activities > Search Wireshark
![Access-Wireshark-Ubuntu-Desktop][6]
Click on Wireshark icon,
![Choose-Interface-Wireshark-UI-Ubuntu][7]
All these are the interfaces from where we can capture the network packets. Based on the interfaces you have on your system, this screen might be different for you.
We are selecting enp0s3  for capturing the network traffic for that inteface. After selecting the inteface, network packets for all the devices on our network start to populate (refer to screenshot below)
![Capturing-Packets-WireShark-UI-Ubuntu][8]
First time we see this screen we might get overwhelmed by the data that is presented in this screen & might have thought how to sort out this data but worry not,  one the best features of Wireshark is its filters.
We can sort/filter out the data based on IP address, Port number, can also used source & destination filters, packet size etc & can also combine 2 or more filters together to create more comprehensive searches. We can either write our filters in Apply a Display Filter tab , or we can also select one of already created rules. To select pre-built filter, click on flag icon , next to Apply a Display Filter tab,
![IP-Based-Filtering-WireShark-UI-Ubuntu][9]
We can also filter data based on the color coding, By default, light purple is TCP traffic, light blue isUDP traffic, and black identifies packets with errors , to see what these codes mean, click View-> Coloring Rules, also we can change these codes.
![Coloring-Rules-WireShark-Ubuntu][10]
After we have the results that we need, we can then click on any of the captured packets to get more details about that packet, this will show all the data about that network packet.
To stop capruring the packet, click on Red button and then save the captured packets to a file.
![Save-Captured-Packets-Wireshark-Ubuntu][11]
##### Concusion
Wireshark is an extremely powerful tool takes some time to getting used to & make a command over it, this post will help you get started. Please feel free to drop in your queries or suggestions in the comment box below.
--------------------------------------------------------------------------------
via: https://www.linuxtechi.com/install-use-wireshark-ubuntu/
作者:[Pradeep Kumar][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxtechi.com/author/pradeep/
[b]: https://github.com/lkxed/
[1]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Apt-Command-Install-Wireshark-Ubuntu.png
[2]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Allow-Non-SuperUsers-To-Capture-Packets-Wireshark-Ubuntu.png
[3]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-UI-Ubuntu-Linux-Desktop.png
[4]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-Version-Check-Ubuntu-Linux.png
[5]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Allow-Regular-User-Use-Wireshark-Ubuntu.png
[6]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-Wireshark-Ubuntu-Desktop.png
[7]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Choose-Interface-Wireshark-UI-Ubuntu.png
[8]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Capturing-Packets-WireShark-UI-Ubuntu.png
[9]: https://www.linuxtechi.com/wp-content/uploads/2017/11/IP-Based-Filtering-WireShark-UI-Ubuntu.png
[10]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Coloring-Rules-WireShark-Ubuntu.png
[11]: https://www.linuxtechi.com/wp-content/uploads/2017/11/Save-Captured-Packets-Wireshark-Ubuntu.png