{"id":2680,"date":"2022-04-09T23:58:46","date_gmt":"2022-04-09T20:58:46","guid":{"rendered":"https:\/\/kifarunix.com\/?p=2680"},"modified":"2024-03-09T11:53:47","modified_gmt":"2024-03-09T08:53:47","slug":"install-wireshark-on-rocky-linux","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-wireshark-on-rocky-linux\/","title":{"rendered":"Install Wireshark on Rocky Linux"},"content":{"rendered":"\n<p>In this guide, you will learn how to install Wireshark on Rocky Linux. <a href=\"https:\/\/www.wireshark.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wireshark<\/a> is the world\u2019s foremost and widely-used network protocol analyzer. <\/p>\n\n\n\n<p>Some of the features of Wireshark include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deep inspection of hundreds of protocols, with more being added all the time<\/li>\n\n\n\n<li>Live capture and offline analysis<\/li>\n\n\n\n<li>Standard three-pane packet browser<\/li>\n\n\n\n<li>Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others<\/li>\n\n\n\n<li>Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility<\/li>\n\n\n\n<li>The most powerful display filters in the industry<\/li>\n\n\n\n<li>Rich VoIP analysis<\/li>\n\n\n\n<li>Read\/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor &#8230;<\/li>\n\n\n\n<li>Capture files compressed with gzip can be decompressed on the fly<\/li>\n\n\n\n<li>Live data can be read from Ethernet, IEEE 802.11, PPP\/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)<\/li>\n\n\n\n<li>Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL\/TLS, WEP, and WPA\/WPA2<\/li>\n\n\n\n<li>Coloring rules can be applied to the packet list for quick, intuitive analysis<\/li>\n\n\n\n<li>Output can be exported to XML, PostScript, CSV, or plain text<\/li>\n<\/ul>\n\n\n\n<p>Note that it is a criminal act to scan or sniff on any network traffic without any clearance to do so, otherwise using it may land you in jail.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Install Wireshark on Rocky Linux<\/h2>\n\n\n\n<p>Wireshark is available on the default Rocky Linux repositories. However, the available versions may not be the up-to-date. Wireshark 3.6.3 is the current stable release as of this writing.<\/p>\n\n\n\n<p>Well, to confirm this, run the commands below to check the available version of Wireshark on Rocky Linux;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf info wireshark<\/code><\/pre>\n\n\n\n<p>Command output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Available Packages\nName         : wireshark\nEpoch        : 1\nVersion      : 2.6.2\nRelease      : 14.el8\nArchitecture : x86_64\nSize         : 3.6 M\nSource       : wireshark-2.6.2-14.el8.src.rpm\nRepository   : appstream\nSummary      : Network traffic analyzer\nURL          : http:\/\/www.wireshark.org\/\nLicense      : GPL+\n<\/code><\/pre>\n\n\n\n<p>As you can see, the latest version of Wireshark is available on Rocky Linux.<\/p>\n\n\n\n<p>Hence, to install the latest release version of Wireshark on Rocky Linux, you need to build it from the source.<\/p>\n\n\n\n<p>To build Wireshark from the source on Rocky Linux;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install Required Build tools<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>dnf install qt5-devel gcc gcc-c++ bison flex libpcap-devel \\\ngtk3-devel rpm-build libtool c-ares-devel qt5-qtbase-devel \\\nqt5-qtmultimedia-devel qt5-linguist desktop-file-utils \\\ncreaterepo glib2-devel perl perl-devel tcpdump libcap-devel \\\nlibssh-devel krb5-devel perl-Parse-Yapp snappy-devel git\\\nminizip-devel lz4 libxml2-devel spandsp-devel systemd-devel -y<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Compile and Install Wireshark<\/h3>\n\n\n\n<p>Download Wireshark latest source code from <a href=\"https:\/\/www.wireshark.org\/#download\" target=\"_blank\" rel=\"noreferrer noopener\">downloads page<\/a>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/1.eu.dl.wireshark.org\/src\/wireshark-3.6.3.tar.xz<\/code><\/pre>\n\n\n\n<p>Extract the Wireshark source code.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xJf wireshark-3.6.3.tar.xz<\/code><\/pre>\n\n\n\n<p>Compile Wireshark source code<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd wireshark-3.6.3<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cmake .<\/code><\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n...\n-- The following OPTIONAL packages have been found:\n\n * Git\n * GMODULE2\n * Gettext\n * LIBSSH (required version >= 0.6), Library for implementing SSH clients, <https:\/\/www.libssh.org\/>\n   extcap remote SSH interfaces (sshdump, ciscodump)\n * PCAP\n * Systemd, System and Service Manager (libraries), <https:\/\/freedesktop.org\/wiki\/Software\/systemd\/>\n   Support for systemd journal extcap interface (sdjournal)\n * GNUTLS (required version >= 3.3.0)\n * KERBEROS\n * ZLIB\n * Minizip, Mini zip and unzip based on zlib, <https:\/\/github.com\/madler\/zlib>\n   Support for profiles import\/export\n * SNAPPY, A fast compressor\/decompressor from Google, <https:\/\/google.github.io\/snappy\/>\n   Snappy decompression in CQL and Kafka dissectors\n * SPANDSP, a library of many DSP functions for telephony, <https:\/\/www.soft-switch.org>\n   Support for G.722 and G.726 codecs in RTP player\n * LibXml2\n * CAP, The Libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels, <https:\/\/sites.google.com\/site\/fullycapable\/>\n   Allow packet captures without running as root\n * SETCAP\n * XSLTPROC\n\n-- The following REQUIRED packages have been found:\n\n * GLIB2 (required version >= 2.38.0)\n * GTHREAD2\n * GCRYPT (required version >= 1.5.0)\n * CARES (required version >= 1.5.0), Library for asynchronous DNS requests, <https:\/\/c-ares.org\/>\n   DNS name resolution for captures\n * LEX\n * Perl\n * Python3 (required version >= 3.4)\n * M\n * Qt5Core\n * Qt5LinguistTools\n * Qt5Network (required version >= 5.15.2)\n * Qt5Gui (required version >= 5.15.2)\n * Qt5Multimedia\n * Qt5PrintSupport\n * Qt5Widgets\n\n-- The following OPTIONAL packages have not been found:\n\n * MaxMindDB, C library for the MaxMind DB file format, <https:\/\/github.com\/maxmind\/libmaxminddb>\n   Support for GeoIP lookup\n * SMI, Library to access SMI management information, <https:\/\/www.ibr.cs.tu-bs.de\/projects\/libsmi\/>\n   Support MIB and PIB parsing and OID resolution\n * BROTLI\n * LZ4, LZ4 is a fast lossless compression algorithm, <http:\/\/www.lz4.org>\n   LZ4 decompression in CQL and Kafka dissectors, read compressed capture files\n * ZSTD (required version >= 1.0.0), A compressor\/decompressor from Facebook providing better compression than Snappy at a cost of speed, <https:\/\/facebook.github.io\/zstd\/>\n   Zstd decompression in Kafka dissector, read compressed capture files\n * NGHTTP2, HTTP\/2 C library and tools, <https:\/\/nghttp2.org>\n   Header decompression in HTTP2\n * LUA (required version >= 5.1)\n * NL, Libraries for using the Netlink protocol on Linux, <https:\/\/www.infradead.org\/~tgr\/libnl\/>\n   Support for managing wireless 802.11 interfaces\n * SBC, Bluetooth low-complexity, subband codec (SBC) decoder, <https:\/\/git.kernel.org\/pub\/scm\/bluetooth\/sbc.git>\n   Support for playing SBC codec in RTP player\n * BCG729, G.729 decoder, <https:\/\/www.linphone.org\/technical-corner\/bcg729>\n   Support for G.729 codec in RTP player\n * ILBC, iLBC decoder, <https:\/\/github.com\/TimothyGu\/libilbc>\n   Support for iLBC codec in RTP player\n * OPUS, opus decoder, <https:\/\/opus-codec.org\/>\n   Support for opus codec in RTP player\n * DOXYGEN\n * SpeexDSP, SpeexDSP is a patent-free, Open Source\/Free Software DSP library, <https:\/\/www.speex.org\/>\n   RTP audio resampling\n * Asciidoctor (required version >= 1.5)\n\nWe are on tag v3.6.3.\nvcs_version.h unchanged.\n-- Configuring done\n-- Generating done\n-- Build files have been written to: \/root\/wireshark-3.6.3\n<\/code><\/pre>\n\n\n\n<p>Fix any errors before you proceed, just in case there is any.<\/p>\n\n\n\n<p>Build Wireshark<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>make<\/code><\/pre>\n\n\n\n<p>Install Wireshark<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>make install<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Running Wireshark on Rocky Linux<\/h2>\n\n\n\n<p>You can now launch Wireshark either from command line or from the activities;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-rocky-linux.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1821\" height=\"632\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-rocky-linux.png\" alt=\"Install Wireshark on Rocky Linux\" class=\"wp-image-12200\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-rocky-linux.png?v=1649537263 1821w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-rocky-linux-768x267.png?v=1649537263 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-rocky-linux-1536x533.png?v=1649537263 1536w\" sizes=\"(max-width: 1821px) 100vw, 1821px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Wireshark interface;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1093\" height=\"655\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky.png\" alt=\"Install Wireshark on Rocky Linux\" class=\"wp-image-12201\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky.png?v=1649537305 1093w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/wireshark-packet-analyzer-rocky-768x460.png?v=1649537305 768w\" sizes=\"(max-width: 1093px) 100vw, 1093px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Tshark command line utility is also installed;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tshark --help<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nTShark (Wireshark) 3.6.3 (Git commit 6d348e4611e2)\nDump and analyze network traffic.\nSee https:\/\/www.wireshark.org for more information.\n\nUsage: tshark [options] ...\n\nCapture interface:\n  -i <interface>, --interface <interface>\n                           name or idx of interface (def: first non-loopback)\n  -f <capture filter>      packet filter in libpcap filter syntax\n  -s <snaplen>, --snapshot-length <snaplen>\n                           packet snapshot length (def: appropriate maximum)\n  -p, --no-promiscuous-mode\n                           don't capture in promiscuous mode\n  -I, --monitor-mode       capture in monitor mode, if available\n  -B <buffer size>, --buffer-size <buffer size>\n                           size of kernel buffer (def: 2MB)\n  -y <link type>, --linktype <link type>\n                           link layer type (def: first appropriate)\n  --time-stamp-type <type> timestamp method for interface\n  -D, --list-interfaces    print list of interfaces and exit\n  -L, --list-data-link-types\n                           print list of link-layer types of iface and exit\n  --list-time-stamp-types  print list of timestamp types for iface and exit\n\nCapture stop conditions:\n  -c <packet count>        stop after n packets (def: infinite)\n  -a <autostop cond.> ..., --autostop <autostop cond.> ...\n                           duration:NUM - stop after NUM seconds\n                           filesize:NUM - stop this file after NUM KB\n                              files:NUM - stop after NUM files\n                            packets:NUM - stop after NUM packets\nCapture output:\n  -b <ringbuffer opt.> ..., --ring-buffer <ringbuffer opt.>\n                           duration:NUM - switch to next file after NUM secs\n                           filesize:NUM - switch to next file after NUM KB\n                              files:NUM - ringbuffer: replace after NUM files\n                            packets:NUM - switch to next file after NUM packets\n                           interval:NUM - switch to next file when the time is\n                                          an exact multiple of NUM secs\nInput file:\n  -r <infile>, --read-file <infile>\n                           set the filename to read from (or '-' for stdin)\n\nProcessing:\n  -2                       perform a two-pass analysis\n  -M <packet count>        perform session auto reset\n  -R <read filter>, --read-filter <read filter>\n                           packet Read filter in Wireshark display filter syntax\n                           (requires -2)\n  -Y <display filter>, --display-filter <display filter>\n                           packet displaY filter in Wireshark display filter\n                           syntax\n  -n                       disable all name resolutions (def: \"mNd\" enabled, or\n                           as set in preferences)\n  -N <name resolve flags>  enable specific name resolution(s): \"mnNtdv\"\n  -d <layer_type>==<selector>,<decode_as_protocol> ...\n                           \"Decode As\", see the man page for details\n                           Example: tcp.port==8888,http\n  -H <hosts file>          read a list of entries from a hosts file, which will\n                           then be written to a capture file. (Implies -W n)\n  --enable-protocol <proto_name>\n                           enable dissection of proto_name\n  --disable-protocol <proto_name>\n                           disable dissection of proto_name\n  --enable-heuristic <short_name>\n                           enable dissection of heuristic protocol\n  --disable-heuristic <short_name>\n                           disable dissection of heuristic protocol\nOutput:\n  -w <outfile|->           write packets to a pcapng-format file named \"outfile\"\n                           (or '-' for stdout)\n  --capture-comment <comment>\n                           add a capture file comment, if supported\n  -C <config profile>      start with specified configuration profile\n  -F <output file type>    set the output file type, default is pcapng\n                           an empty \"-F\" option will list the file types\n  -V                       add output of packet tree        (Packet Details)\n  -O <protocols>           Only show packet details of these protocols, comma\n                           separated\n  -P, --print              print packet summary even when writing to a file\n  -S <separator>           the line separator to print between packets\n  -x                       add output of hex and ASCII dump (Packet Bytes)\n  -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?\n                           format of text output (def: text)\n  -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected\n                           (e.g. \"ip ip.flags text\", filter does not expand child\n                           nodes, unless child is specified also in the filter)\n  -J <protocolfilter>      top level protocol filter if -T ek|pdml|json selected\n                           (e.g. \"http tcp\", filter which expands all child nodes)\n  -e <field>               field to print if -Tfields selected (e.g. tcp.port,\n                           _ws.col.Info)\n                           this option can be repeated to print multiple fields\n  -E<fieldsoption>=<value> set options for output when -Tfields selected:\n     bom=y|n               print a UTF-8 BOM\n     header=y|n            switch headers on and off\n     separator=\/t|\/s|<char> select tab, space, printable character as separator\n     occurrence=f|l|a      print first, last or all occurrences of each field\n     aggregator=,|\/s|<char> select comma, space, printable character as\n                           aggregator\n     quote=d|s|n           select double, single, no quotes for values\n  -t a|ad|adoy|d|dd|e|r|u|ud|udoy\n                           output format of time stamps (def: r: rel. to first)\n  -u s|hms                 output format of seconds (def: s: seconds)\n  -l                       flush standard output after each packet\n  -q                       be more quiet on stdout (e.g. when using statistics)\n  -Q                       only log true errors to stderr (quieter than -q)\n  -g                       enable group read access on the output file(s)\n  -W n                     Save extra information in the file, if supported.\n                           n = write network address resolution information\n  -X <key>:<value>         eXtension options, see the man page for details\n  -U tap_name              PDUs export mode, see the man page for details\n  -z <statistics>          various statistics, see the man page for details\n  --export-objects <protocol>,<destdir>\n                           save exported objects for a protocol to a directory\n                           named \"destdir\"\n  --export-tls-session-keys <keyfile>\n                           export TLS Session Keys to a file named \"keyfile\"\n  --color                  color output text similarly to the Wireshark GUI,\n                           requires a terminal with 24-bit color support\n                           Also supplies color attributes to pdml and psml formats\n                           (Note that attributes are nonstandard)\n  --no-duplicate-keys      If -T json is specified, merge duplicate keys in an object\n                           into a single key with as value a json array containing all\n                           values\n  --elastic-mapping-filter <protocols> If -G elastic-mapping is specified, put only the\n                           specified protocols within the mapping file\nDiagnostic output:\n  --log-level <level>      sets the active log level (\"critical\", \"warning\", etc.)\n  --log-fatal <level>      sets level to abort the program (\"critical\" or \"warning\")\n  --log-domains <[!]list>  comma separated list of the active log domains\n  --log-debug <[!]list>    comma separated list of domains with \"debug\" level\n  --log-noisy <[!]list>    comma separated list of domains with \"noisy\" level\n  --log-file <path>        file to output messages to (in addition to stderr)\n\nMiscellaneous:\n  -h, --help               display this help and exit\n  -v, --version            display version info and exit\n  -o <name>:<value> ...    override preference setting\n  -K <keytab>              keytab file to use for kerberos decryption\n  -G [report]              dump one of several available reports and exit\n                           default report=\"fields\"\n                           use \"-G help\" for more help\n\nDumpcap can benefit from an enabled BPF JIT compiler if available.\nYou might want to enable it by executing:\n \"echo 1 > \/proc\/sys\/net\/core\/bpf_jit_enable\"\nNote that this can make your system less secure!\n<\/code><\/pre>\n\n\n\n<p>And there you go. Wireshark is now running on Rocky Linux.<\/p>\n\n\n\n<p>Other Tutorials<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-thunderbird-mail-client-on-rocky-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Thunderbird Mail Client on Rocky Linux<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-dokuwiki-on-rocky-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install DokuWiki on Rocky Linux<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install Wireshark on Rocky Linux. Wireshark is the world\u2019s foremost and widely-used network protocol analyzer. Some of<\/p>\n","protected":false},"author":1,"featured_media":12213,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,34],"tags":[4878,4875,4876,1016,4879,4877],"class_list":["post-2680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-security","tag-build-wireshark-from-source-rocky-linux","tag-install-wireshark-rocky-linux","tag-rocky-linux-wireshark","tag-wireshark","tag-wireshark-build-rpm","tag-wireshark-install-centos","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2680"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=2680"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2680\/revisions"}],"predecessor-version":[{"id":20467,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2680\/revisions\/20467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/12213"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=2680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=2680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=2680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}