Wireshark is a free open source network sniffer - a tool for handling and analyzing network packets, are widely used worldwide. Wireshark can decode a huge number of agreements, the list goes on.
With Wireshark, you can real-time capture incoming and outgoing packets on the network, and network fault for their exclusion, packet analysis, software and communications protocol development.
It can be used on all major desktop operating systems (eg Windows, Linux, macOS, BSD, etc.).
In this tutorial, I will guide you to install Wireshark on Ubuntu and other Ubuntu-based distribution. I will also show you some information about setting up and configuring Wireshark to capture packets of information.
Installed on the Ubuntu-based Linux distribution Wireshark
Wireshark in all major Linux distributions available. You should check out the official installation instructions. Because in this tutorial, I will focus on only install the latest version of Wireshark on Ubuntu-based distribution.
Wireshark can be found in Ubuntu's Universe repository. Now Enable Universe repository and install it in the following way:
A small problem with this approach is that you may not always get the latest version of Wireshark.
For example, in Ubuntu 18.04, if a command to check Wireshark apt available version of 2.6.
The new version brings new features. Wiresshark developer has provided us with an official PPA, you can use it in Ubuntu and other latest stable version of Wireshark installation based on the release of Ubuntu.
Open a terminal, and one by one using the following command:
Even if you are an older version of Wireshark installed, it will be updated to the new version.
During installation, the system will ask whether you want to allow non-root users to capture packets. Selection is allowed to select whether to limit non-root capture packets and complete the installation.
Under no circumstances sudo to run Wireshark
If you select "No" in the previous installation, run the following command as root:
Then press the Tab key, select "Yes", then use the Enter key:
Since you have allowed non-root users to capture packets, so users must be added to the wireshark group. Use the usermod command to add yourself to wirehark group.
sudo usermod -aG wireshark $(whoami)
Finally, restart Ubuntu system to make the necessary changes to the system.
Wireshark was first released in 1998, it was originally called Ethereal. Due to trademark issues, developers had to change its name in 2006 Wireshark.
Start Wireshark
Wireshark can start the application from the application launcher or CLI.
CLI from the start, simply type wireshark on the console:
wireshark
Search Wireshark application in the search bar from the GUI, and then press Enter.
Now let's play Wireshark it.
Capturing packets using Wireshark
When you start Wireshark, you will see a list of interfaces that can be used to capture data packets back and forth.
You can use Wireshark to monitor many types of interfaces, such as cable, external equipment. Depending on your preferences, you can choose to mark a given area of the image to display a specific type of interface from below the Welcome screen.
Select Interface
For example, I just listed a wireless network interface.
Next, you want to start capturing packets, you must select the interface (in my case is wlp2s0), and then click the icon to start capturing packets, as shown below.
You can also capture data packets between multiple interfaces with the same time. On the interface you want to capture, click and hold down the CTRL key, and then click the icon to start capturing packets.
Now, you can choose any of the data packet to check if the particular packet. Click on a particular packet, you can view information about the different layers associated with TCP / IP protocol. You can also see the specific RAW data packet at the bottom.
This is why end encryption very important reason, imagine that you are logging on a Web site does not use HTTPS. Anyone with you on the same network can sniff packets and view the user name and password in the RAW data. This is why most chat applications use end to end encryption, and now the reason most sites use https (instead of http) is.
Stop packet capture in Wireshark
You can click on a given tag red icon to stop Wireshark packet capture.
Save the captured packets to a file
You can click on the icon labeled below the image, save the captured packets to a file for future use.
Save Wireshark captured packets
Note: The output can be exported to XML, PostScript®, CSV, or plain text.
Next, select a destination folder, and then type a file name, and then click "Save."
Then select the file and click "Open."
Now, you can open and analyze stored data packets at any time. To open a file, go to "File"> "Open from Wireshark".
The captured data packets should file loaded.
to sum up
Wireshark supports many different communication protocols. There are many options and features that enable you to capture and analyze network packets in a unique way. You can choose from Wireshark's official documentation for more information.
OK, so, this article details the process of how to install and use Wireshark on Ubuntu, I hope for your help.
Related: