How to Install and Configure Wireshark on Ubuntu 20.04 Linux Tutorial

How to Install and Configure Wireshark on Ubuntu 20.04. In this guide we will introduce Wireshark with it’s uses cases and how this monitoring tool  works. After that we will move onto installation phase on Ubuntu 20.04.

If you are looking for the best tools for IT and network analysis, Wireshark stands out as one of the most outstanding solutions out there. Whether you are a system administrator or a security professional, Wireshark is a must have tool for analysing network protocols.

Let’s start this article blog about How to Install and Configure Wireshark on Ubuntu 20.04 Linux Tutorial

What is Wireshark?

Wireshark is a free and open source tool for analysing network traffic in real time on Windows, Linux, Unix, and Mac systems. It is a type of packet sniffer that captures data packets flowing through a network interface (like LAN, Ethernet, or SDRs). In addition it helps to translate the captured data into readable information for IT and cybersecurity professionals.

Previously known as ethereal, Wireshark offers a number of different display filters for transforming captured packets into readable data. You can use it to examine traffic details at various levels ranging from connection level down to the individual bit contained in each packet. An administrator can obtain packet level information from packet capture such as header data, transmit time, destination, source and protocol type. Using this information, you can evaluate security events and troubleshoot the issues of network security devices. As a result, users can identify the underlying cause of network security issues. In addition you can also uncover potential cybercrime activities.

Wireshark Functions

Wireshark is one of the most widely used packet sniffers in the world and is an essential tool for IT professionals. Wireshark mainly performs three primary functions, that are:

  • Packet Capture: By listening to a network connection in real time, Wireshark is able to capture the entire traffic stream, potentially thousands of packets at once.
  • Filtering: This random live data can be sliced and diced by Wireshark using filters. If you apply a filter, you will be able to see exactly the information that you need.
  • Visualization: Wireshark gives you access to the smallest details of a network packet. Also, you can view entire network streams and conversations.

What is Wireshark used for?

Interestingly Wireshark has a wide range of uses including troubleshooting performance problems on networks. It is often used by cybersecurity professionals to trace connections, inspect suspicious network traffic and detect network traffic bursts.

This monitoring tool can help you to troubleshoot common network problems, including latency issues, dropped packets and malicious network activity. In addition, it provides tools for filtering and drilling down into traffic to identify the root cause of the issue. Administrators can use it to detect faulty network devices that drop packets or cause latency issues because of machine routing traffic, even data exfiltration and hacking attempts can be identified.

Wireshark use cases

Benefits of Wireshark are often applied by organizations that need to monitor their network security such as IT businesses, governments and schools. Some of the common use cases of Wireshark are as follows:

  • Identifying the problem causing your internet connection to run slowly.
  • Investigating data packet losses.
  • Analysing network traffic for malicious activity.
  • Troubleshooting network latency issues.
  • Prevent unauthorized data leaks by detecting them as soon as possible.
  • Monitoring the usage of bandwidth.
  • Tracing VoIP (voice over internet) calls across various networks.
  • Protecting against MITM (Man in the Middle) attacks by monitoring them.

What does Wireshark Monitoring do?

Firstly Wireshark renders and translates binary traffic into readable formats, saving users the frustration of manually converting binary information. This information makes it easy to track the traffic that is crossing your network, also understand how frequently, how much of it, where it has latency, and so forth. It is all done in real time, so any detected problems are resolved quickly before they become service outages or data breaches.

Secondly due to the huge volume of traffic flowing across a usual business network, Wireshark’s tool filters this traffic. So this is particularly helpful. Interestingly with capture filters, only the traffic types you are interested in will be collected. Display filters will allow you to zoom in on that traffic for inspection purposes. With the search tool of the network protocol analyser, you have the option to search by coloured highlighting and regular expressions, which simplifies the task of finding what you need.

How to use Wireshark?

With Wireshark it has tools that allow you to create baseline statistics and therefore you are able to figure out what is abnormal by comparing it to what is normal. Although Wireshark is a network protocol analyzer tool and not an IDS (intrusion detection System), it still can prove to be highly effective for detecting malicious traffic once it has been flagged.

Additionally, Wireshark can be used for intercepting and analysing encrypted TLS traffic. The browser stores symmetric session keys and by using the appropriate settings (including permission and the user’s knowledge) it is possible for an administrator to import these session keys into Wireshark in order to examine unencrypted web traffic.

Moreover it provides graphical tools for visualizing statistics. By using this tool, managers with less technical backgrounds can easily identify general trends.

Follow  this post to show you how to install Wireshark on Ubuntu 20.04.

How to Install and Configure Wireshark on Ubuntu 20.04

Prerequisites

  • An Ubuntu 20.04 server or Desktop installed on your machine.
  • A root user or a user with sudo privileges.

Install Wireshark

The Wireshark package is available on all major Linux platforms. You can follow the below steps to install Wireshark on Ubuntu 20.04.

Firstly, update and upgrade the APT package index by running the following command:

				
					apt update -y
apt upgrade -y
				
			

Once the APT package index is updated, run the following command to install Wireshark on your system.

				
					apt install wireshark -y
				
			

During the installation, you will be asked for non-superusers to able to capture the packets:

Select yes and press the Enter key to start the installation. After the installation, verify the Wireshark version using the following command:

				
					wireshark --version
				
			

You will get the following output:

				
					Wireshark 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0)

Copyright 1998-2019 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with LZ4, with Snappy,
with libxml2 2.9.4, with QtMultimedia, with SBC, with SpanDSP, without bcg729.

Running on Linux 5.4.0-110-generic, with AMD A9-9425 RADEON R5, 5 COMPUTE CORES
2C+3G    (with SSE4.2), with 7402 MB of physical memory, with locale en_IN, with
libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with zlib 1.2.11,
binary plugins supported (0 loaded).

Built using gcc 7.4.0.
				
			

Configure Wireshark

If you are login as a normal user then you will need to add the user to the Wireshark group for capturing the packets as normal users. You can do it with the following command:

				
					sudo usermod -a -G wireshark $USER
				
			

Next, you will also need to modify the “dumcap” file permission. You can modify it with the following command:

				
					sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod +x /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
				
			

Launch Wireshark

To launch the Wireshark on Ubuntu desktop machine, search for Wireshark in the Ubuntu dash. You should see the following screen:

Now, click on the Wireshark icon to open the Wireshark. You should see the Wireshark interface in the following screen:

Next, click on the button named ‘Start capturing packets’ to test the capturing of packets. You should see live packet capture in the following screen:

Thank you for reading How to Install and Configure Wireshark on Ubuntu 20.04 Linux Tutorial

How to Install and Configure Wireshark on Ubuntu 20.04 Linux Tutorial Conclusion

In this post, we explained how to install Wireshark on Ubuntu 20.04. Wireshark is the best tool for network analysis and packet investigation. It is very useful tool if you are network analyst or security engineer. It allows you to see what is happening on the system in terms of network traffic. It also helps you to troubleshoot network problems and examine security problems.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x