Install Wireshark on Debian 10 - Step by step guide ?

Wireshark is a free and open-source packet analyzer. It allows the user to examine data from a live network, or from a capture file on disk. Wireshark can be used as a simple network troubleshooting tool, as well as for security analysis and software development.

Here at LinuxAPT, we shall look into how to install Wireshark on Debian 10. 

Steps to install Wireshark on Debian 10

1. Perform System Update

Wireshark depends on a number of open-source libraries. We need to make sure that these are up-to-date before we install the program itself. Debian 10 keeps all its packages updated through regular updates, so first we'll run an update:

$ sudo apt update -y

During installation, you'll be asked to allow non-superusers to capture data from your network interfaces. Select Yes to continue.

2. Install Wireshark on the system

After performing system update, we can proceed to download and install Wireshark.

Wireshark is distributed as a package .deb file. This means that there’s no need to download anything manually. Instead, we can just install it through apt, like any other program on Debian 10:

$ sudo apt install wireshark -y

During installation, you'll be asked to allow non-superusers to capture data from your network interfaces. Select Yes to continue.

Once you've installed Wireshark, run the sudo apt policy wireshark command to check the version of Wireshark you installed:

$ sudo apt policy wireshark

How to test Wireshark ?

Now that we've installed Wireshark, let's take it for a quick test drive.

1. First up, start the program by typing sudo wireshark. This opens Wireshark in its own window:

$ sudo wireshark

2. You can also open Wireshark from your desktop environment's menu system.

Wireshark has a graphical user interface (GUI) for capturing packets.

You'll be presented with a list of available network interfaces that Wireshark understands. If you want to monitor the interface where your web browser is receiving its Internet connection (for example, wlan0), select the interface and click the Start button.

However, you can also use it from the terminal by typing tshark, followed by a command to capture some traffic.

Tshark is a command line program for monitoring network traffic. Together with TShark, it's part of the Wireshark suite. Just like its GUI equivalent, it can capture packets and then show a description in a terminal window or save them to a file in binary format.

3. You can install tshark by typing the following command into your terminal window:

$ sudo apt install tshark -y

4. Run the tshark –help command to see the different options that tshark offers.

5. Run the tshark -D command below to check that your network interfaces are recognized by tshark:

$ tshark -D

You will get a list of your network interfaces like the one below. Note that some network interfaces may be in the "disabled" state. Not all network interfaces are active by default. You must find the active interfaces. In this demo, it’s interface ens3 and lo.

6.You can find out which interface is active by typing ifconfig in your terminal:

$ ifconfig

7. Once you've identified your desired capture interface, run the tshark -i <interface> command to start capturing packets. Where <interface> is the name of your desired capture interface:

$ tshark -i ens3

8. Once you're done capturing data, press Ctrl-C in your terminal window. This will stop the capture process and close tshark. You'll see the captured data displayed in your terminal window.

[Need help in fixing Linux system issues ? We can help you. ]

This article covers how to install Wireshark on Debian 10. In fact, Wireshark is a network "sniffer" - a tool that captures and analyzes packets off the wire. With Wireshark, you can capture incoming and outgoing packets of a network in real-time and use it for network troubleshooting, packet analysis, software and communication protocol development, and many more.

How To Uninstall wireshark on Ubuntu 21.04

To uninstall only the wireshark package we can use the following command:

$ sudo apt-get remove wireshark

We can use the following command to remove wireshark configurations, data and all of its dependencies, we can use the following command:

$ sudo apt-get -y autoremove --purge wireshark

Related Posts