{"id":12468,"date":"2022-05-01T13:27:14","date_gmt":"2022-05-01T10:27:14","guid":{"rendered":"https:\/\/kifarunix.com\/?p=12468"},"modified":"2024-03-09T14:52:04","modified_gmt":"2024-03-09T11:52:04","slug":"install-wireshark-on-ubuntu-22-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-wireshark-on-ubuntu-22-04\/","title":{"rendered":"Install Wireshark on Ubuntu 22.04"},"content":{"rendered":"\n<p>In this guide, you will learn how to install Wireshark on Ubuntu 22.04. <a href=\"https:\/\/www.wireshark.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wireshark<\/a> is the world\u2019s foremost and widely-used network protocol analyzer.  Note that it is a criminal act to scan or sniff on any network traffic without any authorization.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Install Wireshark on Ubuntu 22.04<\/h2>\n\n\n\n<p>Wireshark is available on the default Ubuntu 22.04 repositories. However, the available versions may not be the up-to-date. Wireshark 3.6.3 is the current stable release as of this writing.<\/p>\n\n\n\n<p>Well, to confirm this, run the commands below to check the available version of Wireshark on Ubuntu 22.04;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-cache policy wireshark<\/code><\/pre>\n\n\n\n<p>Command output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>wireshark:\n  Installed: (none)\n  Candidate: 3.6.2-2\n  Version table:\n     3.6.2-2 500\n        500 http:\/\/ke.archive.ubuntu.com\/ubuntu jammy\/universe amd64 Packages\n<\/code><\/pre>\n\n\n\n<p>As you can see, the latest version of Wireshark available onthe default Ubuntu 22.04 repositories is Wireshark 3.6.2<\/p>\n\n\n\n<p>To install this version, simply run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install wireshark<\/code><\/pre>\n\n\n\n<p>Otherwise, if you want to install the latest stable release version as per the <a href=\"https:\/\/www.wireshark.org\/docs\/relnotes\/\" target=\"_blank\" rel=\"noreferrer noopener\">release page<\/a>, currently 3.6.3 as of this writing, then you have to build from the source code.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Build and Install Wireshark from the Source Code<\/h3>\n\n\n\n<p>Before you can proceed with compilation and installation of Wireshark on Ubuntu 18.04, you need to install the required dependencies. Some of the dependencies are optional. You can see a list of all required dependencies for compiling and installing Wireshark on the&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.wireshark.org\/docs\/wsdg_html_chunked\/ChapterLibraries.html\" target=\"_blank\">Library reference page<\/a>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install qttools5-dev qttools5-dev-tools libqt5svg5-dev \\\nqtmultimedia5-dev build-essential automake autoconf \\\nlibgtk2.0-dev libglib2.0-dev flex bison libpcap-dev \\\nlibgcrypt20-dev cmake libc-ares-dev -y<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Download Wireshark latest source code from <a href=\"https:\/\/www.wireshark.org\/#download\" target=\"_blank\" rel=\"noreferrer noopener\">downloads page<\/a>.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/1.eu.dl.wireshark.org\/src\/wireshark-3.6.3.tar.xz<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Extract the Wireshark source code.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xJf wireshark-3.6.3.tar.xz<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Compile Wireshark source code<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cd wireshark-3.6.3<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cmake .<\/code><\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n...\n-- The following OPTIONAL packages have been found:\n\n * GMODULE2\n * Gettext\n * PCAP\n * ZLIB\n * BROTLI\n * LZ4, LZ4 is a fast lossless compression algorithm, <http:\/\/www.lz4.org>\n   LZ4 decompression in CQL and Kafka dissectors, read compressed capture files\n * LibXml2\n * SETCAP\n\n-- The following REQUIRED packages have been found:\n\n * GLIB2 (required version >= 2.38.0)\n * GTHREAD2\n * GCRYPT (required version >= 1.5.0)\n * CARES (required version >= 1.5.0), Library for asynchronous DNS requests, <https:\/\/c-ares.org\/>\n   DNS name resolution for captures\n * LEX\n * Perl\n * Python3 (required version >= 3.4)\n * M\n * Qt5Core\n * Qt5LinguistTools\n * Qt5Network (required version >= 5.15.3)\n * Qt5Gui (required version >= 5.15.3)\n * Qt5Multimedia\n * Qt5PrintSupport\n * Qt5Widgets\n\n-- The following OPTIONAL packages have not been found:\n\n * Git\n * LIBSSH (required version >= 0.6), Library for implementing SSH clients, <https:\/\/www.libssh.org\/>\n   extcap remote SSH interfaces (sshdump, ciscodump)\n * Systemd, System and Service Manager (libraries), <https:\/\/freedesktop.org\/wiki\/Software\/systemd\/>\n   Support for systemd journal extcap interface (sdjournal)\n * MaxMindDB, C library for the MaxMind DB file format, <https:\/\/github.com\/maxmind\/libmaxminddb>\n   Support for GeoIP lookup\n * SMI, Library to access SMI management information, <https:\/\/www.ibr.cs.tu-bs.de\/projects\/libsmi\/>\n   Support MIB and PIB parsing and OID resolution\n * GNUTLS (required version >= 3.3.0)\n * KERBEROS\n * Minizip, Mini zip and unzip based on zlib, <https:\/\/github.com\/madler\/zlib>\n   Support for profiles import\/export\n * SNAPPY, A fast compressor\/decompressor from Google, <https:\/\/google.github.io\/snappy\/>\n   Snappy decompression in CQL and Kafka dissectors\n * ZSTD (required version >= 1.0.0), A compressor\/decompressor from Facebook providing better compression than Snappy at a cost of speed, <https:\/\/facebook.github.io\/zstd\/>\n   Zstd decompression in Kafka dissector, read compressed capture files\n * NGHTTP2, HTTP\/2 C library and tools, <https:\/\/nghttp2.org>\n   Header decompression in HTTP2\n * LUA (required version >= 5.1)\n * NL, Libraries for using the Netlink protocol on Linux, <https:\/\/www.infradead.org\/~tgr\/libnl\/>\n   Support for managing wireless 802.11 interfaces\n * SBC, Bluetooth low-complexity, subband codec (SBC) decoder, <https:\/\/git.kernel.org\/pub\/scm\/bluetooth\/sbc.git>\n   Support for playing SBC codec in RTP player\n * SPANDSP, a library of many DSP functions for telephony, <https:\/\/www.soft-switch.org>\n   Support for G.722 and G.726 codecs in RTP player\n * BCG729, G.729 decoder, <https:\/\/www.linphone.org\/technical-corner\/bcg729>\n   Support for G.729 codec in RTP player\n * ILBC, iLBC decoder, <https:\/\/github.com\/TimothyGu\/libilbc>\n   Support for iLBC codec in RTP player\n * OPUS, opus decoder, <https:\/\/opus-codec.org\/>\n   Support for opus codec in RTP player\n * CAP, The Libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels, <https:\/\/sites.google.com\/site\/fullycapable\/>\n   Allow packet captures without running as root\n * DOXYGEN\n * SpeexDSP, SpeexDSP is a patent-free, Open Source\/Free Software DSP library, <https:\/\/www.speex.org\/>\n   RTP audio resampling\n * Asciidoctor (required version >= 1.5)\n * XSLTPROC\n\n-- Configuring done\n-- Generating done\n-- Build files have been written to: \/root\/wireshark-3.6.3\n<\/code><\/pre>\n\n\n\n<p>Fix any errors before you proceed, just in case there is any.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build Wireshark<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>make<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Wireshark<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>make install<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Running Wireshark on Ubuntu 22.04<\/h2>\n\n\n\n<p>You can now launch Wireshark either from command line or from the activities;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/ubuntu-22.04-wireshark.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1543\" height=\"429\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/ubuntu-22.04-wireshark.png\" alt=\"\" class=\"wp-image-12478\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/ubuntu-22.04-wireshark.png?v=1651400656 1543w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/ubuntu-22.04-wireshark-768x214.png?v=1651400656 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/ubuntu-22.04-wireshark-1536x427.png?v=1651400656 1536w\" sizes=\"(max-width: 1543px) 100vw, 1543px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Wireshark interface;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1093\" height=\"655\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky.png\" alt=\"Install Wireshark on Ubuntu 22.04\" class=\"wp-image-12201\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky.png?v=1649537305 1093w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky-768x460.png?v=1649537305 768w\" sizes=\"(max-width: 1093px) 100vw, 1093px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Tshark command line utility is also installed;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tshark --help<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nTShark (Wireshark) 3.6.3 (Git commit 6d348e4611e2)\nDump and analyze network traffic.\nSee https:\/\/www.wireshark.org for more information.\n\nUsage: tshark [options] ...\n\nCapture interface:\n  -i <interface>, --interface <interface>\n                           name or idx of interface (def: first non-loopback)\n  -f <capture filter>      packet filter in libpcap filter syntax\n  -s <snaplen>, --snapshot-length <snaplen>\n                           packet snapshot length (def: appropriate maximum)\n  -p, --no-promiscuous-mode\n                           don't capture in promiscuous mode\n  -I, --monitor-mode       capture in monitor mode, if available\n  -B <buffer size>, --buffer-size <buffer size>\n                           size of kernel buffer (def: 2MB)\n  -y <link type>, --linktype <link type>\n                           link layer type (def: first appropriate)\n  --time-stamp-type <type> timestamp method for interface\n  -D, --list-interfaces    print list of interfaces and exit\n  -L, --list-data-link-types\n                           print list of link-layer types of iface and exit\n  --list-time-stamp-types  print list of timestamp types for iface and exit\n\nCapture stop conditions:\n  -c <packet count>        stop after n packets (def: infinite)\n  -a <autostop cond.> ..., --autostop <autostop cond.> ...\n                           duration:NUM - stop after NUM seconds\n                           filesize:NUM - stop this file after NUM KB\n                              files:NUM - stop after NUM files\n                            packets:NUM - stop after NUM packets\nCapture output:\n  -b <ringbuffer opt.> ..., --ring-buffer <ringbuffer opt.>\n                           duration:NUM - switch to next file after NUM secs\n                           filesize:NUM - switch to next file after NUM KB\n                              files:NUM - ringbuffer: replace after NUM files\n                            packets:NUM - switch to next file after NUM packets\n                           interval:NUM - switch to next file when the time is\n                                          an exact multiple of NUM secs\nInput file:\n  -r <infile>, --read-file <infile>\n                           set the filename to read from (or '-' for stdin)\n\nProcessing:\n  -2                       perform a two-pass analysis\n  -M <packet count>        perform session auto reset\n  -R <read filter>, --read-filter <read filter>\n                           packet Read filter in Wireshark display filter syntax\n                           (requires -2)\n  -Y <display filter>, --display-filter <display filter>\n                           packet displaY filter in Wireshark display filter\n                           syntax\n  -n                       disable all name resolutions (def: \"mNd\" enabled, or\n                           as set in preferences)\n  -N <name resolve flags>  enable specific name resolution(s): \"mnNtdv\"\n  -d <layer_type>==<selector>,<decode_as_protocol> ...\n                           \"Decode As\", see the man page for details\n                           Example: tcp.port==8888,http\n  -H <hosts file>          read a list of entries from a hosts file, which will\n                           then be written to a capture file. (Implies -W n)\n  --enable-protocol <proto_name>\n                           enable dissection of proto_name\n  --disable-protocol <proto_name>\n                           disable dissection of proto_name\n  --enable-heuristic <short_name>\n                           enable dissection of heuristic protocol\n  --disable-heuristic <short_name>\n                           disable dissection of heuristic protocol\nOutput:\n  -w <outfile|->           write packets to a pcapng-format file named \"outfile\"\n                           (or '-' for stdout)\n  --capture-comment <comment>\n                           add a capture file comment, if supported\n  -C <config profile>      start with specified configuration profile\n  -F <output file type>    set the output file type, default is pcapng\n                           an empty \"-F\" option will list the file types\n  -V                       add output of packet tree        (Packet Details)\n  -O <protocols>           Only show packet details of these protocols, comma\n                           separated\n  -P, --print              print packet summary even when writing to a file\n  -S <separator>           the line separator to print between packets\n  -x                       add output of hex and ASCII dump (Packet Bytes)\n  -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?\n                           format of text output (def: text)\n  -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected\n                           (e.g. \"ip ip.flags text\", filter does not expand child\n                           nodes, unless child is specified also in the filter)\n  -J <protocolfilter>      top level protocol filter if -T ek|pdml|json selected\n                           (e.g. \"http tcp\", filter which expands all child nodes)\n  -e <field>               field to print if -Tfields selected (e.g. tcp.port,\n                           _ws.col.Info)\n                           this option can be repeated to print multiple fields\n  -E<fieldsoption>=<value> set options for output when -Tfields selected:\n     bom=y|n               print a UTF-8 BOM\n     header=y|n            switch headers on and off\n     separator=\/t|\/s|<char> select tab, space, printable character as separator\n     occurrence=f|l|a      print first, last or all occurrences of each field\n     aggregator=,|\/s|<char> select comma, space, printable character as\n                           aggregator\n     quote=d|s|n           select double, single, no quotes for values\n  -t a|ad|adoy|d|dd|e|r|u|ud|udoy\n                           output format of time stamps (def: r: rel. to first)\n  -u s|hms                 output format of seconds (def: s: seconds)\n  -l                       flush standard output after each packet\n  -q                       be more quiet on stdout (e.g. when using statistics)\n  -Q                       only log true errors to stderr (quieter than -q)\n  -g                       enable group read access on the output file(s)\n  -W n                     Save extra information in the file, if supported.\n                           n = write network address resolution information\n  -X <key>:<value>         eXtension options, see the man page for details\n  -U tap_name              PDUs export mode, see the man page for details\n  -z <statistics>          various statistics, see the man page for details\n  --export-objects <protocol>,<destdir>\n                           save exported objects for a protocol to a directory\n                           named \"destdir\"\n  --export-tls-session-keys <keyfile>\n                           export TLS Session Keys to a file named \"keyfile\"\n  --color                  color output text similarly to the Wireshark GUI,\n                           requires a terminal with 24-bit color support\n                           Also supplies color attributes to pdml and psml formats\n                           (Note that attributes are nonstandard)\n  --no-duplicate-keys      If -T json is specified, merge duplicate keys in an object\n                           into a single key with as value a json array containing all\n                           values\n  --elastic-mapping-filter <protocols> If -G elastic-mapping is specified, put only the\n                           specified protocols within the mapping file\nDiagnostic output:\n  --log-level <level>      sets the active log level (\"critical\", \"warning\", etc.)\n  --log-fatal <level>      sets level to abort the program (\"critical\" or \"warning\")\n  --log-domains <[!]list>  comma separated list of the active log domains\n  --log-debug <[!]list>    comma separated list of domains with \"debug\" level\n  --log-noisy <[!]list>    comma separated list of domains with \"noisy\" level\n  --log-file <path>        file to output messages to (in addition to stderr)\n\nMiscellaneous:\n  -h, --help               display this help and exit\n  -v, --version            display version info and exit\n  -o <name>:<value> ...    override preference setting\n  -K <keytab>              keytab file to use for kerberos decryption\n  -G [report]              dump one of several available reports and exit\n                           default report=\"fields\"\n                           use \"-G help\" for more help\n\nDumpcap can benefit from an enabled BPF JIT compiler if available.\nYou might want to enable it by executing:\n \"echo 1 > \/proc\/sys\/net\/core\/bpf_jit_enable\"\nNote that this can make your system less secure!\n<\/code><\/pre>\n\n\n\n<p>And there you go.<\/p>\n\n\n\n<p>Other Tutorials<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-wireshark-on-rocky-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Wireshark on Rocky Linux<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/analyze-network-traffic-using-zeek\/\" target=\"_blank\" rel=\"noreferrer noopener\">Analyze Network Traffic using Zeek<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install Wireshark on Ubuntu 22.04. Wireshark is the world\u2019s foremost and widely-used network protocol analyzer. Note that<\/p>\n","protected":false},"author":1,"featured_media":12213,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,63,34,1015],"tags":[4988,4986,4412,4989,1016,4987],"class_list":["post-12468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-networking","category-security","category-wireshark","tag-install-wireshark-on-ubuntu","tag-install-wireshark-ubuntu-22-04","tag-ubuntu-22-04","tag-ubuntu-install-wireshark","tag-wireshark","tag-wireshark-ubuntu-22-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/12468"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=12468"}],"version-history":[{"count":6,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/12468\/revisions"}],"predecessor-version":[{"id":20553,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/12468\/revisions\/20553"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/12213"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=12468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=12468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=12468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}