Source Digit

Linux, Ubuntu Tutorials & News, Technology, Gadgets & Gizmos

Home / Ubuntu / Install Wireshark Network Protocol Analyzer on Ubuntu 16.04

Install Wireshark Network Protocol Analyzer on Ubuntu 16.04

By Sourabh /  Category: How To, Ubuntu

Install Wireshark on Ubuntu 16.04 Systems. Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level. It is widely used across many industries and educational institutions. Wireshark has a rich feature set which includes the following:

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utilit
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

2.2. New and Updated Features

The following features are new (or have been significantly updated) since version 2.1.0:

  • Added -d option for Decode As support in Wireshark (mimics TShark functionality)
  • The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.
  • The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
  • The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
  • The RTP player now allows up to 30 minutes of silence frames.
  • Packet bytes can now be displayed as EBCDIC.
  • The Qt UI loads captures faster on Windows.
  • proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within *Shark. There are no more individual “good” and “bad” filter fields, protocols now have a “checksum.status” field that records “Good”, “Bad” and “Unverified” (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated.

Install Wireshark 2.2.0 on Ubuntu

The latest release of Wireshark network protocol analyzer can be installed on Ubuntu 16.04, Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.10 and Ubuntu 14.04 Systems.

sudo apt-get update
sudo apt-get build-dep wireshark
wget https://1.na.dl.wireshark.org/src/wireshark-2.2.0.tar.bz2
tar -xvf wireshark-2.2.0.tar.bz2
cd wireshark*
./configure
make
sudo make install
sudo ldconfig
wireshark

Ubuntu users can also download and install Wireshark on Ubuntu via PPA:

sudo add-apt-repository ppa:nicola-onorata/desktop
sudo apt-get update
sudo apt-get install wireshark

Once installed it can be launched via Ubuntu Dash.