How to install Wireshark in Debian

29/12/2020
Chưa phân loại
Wireshark is a packet analyzer that allows to configure the network device in promiscuous mode to see all traffic belonging to the scanned network. Wireshark can be used for troubleshooting detecting anomalies in traffic packets, for hacking purposes and protocols development. It is available for Linux, Unix, Mac and Windows.

This tutorial shows how to install Wireshark on Debian 10 Buster and some basic functions but doesn’t go deeper into its usage, yet it is useful for previous Debian versions and based distributions such as Ubuntu and Mint. While Wireshark can be installed from repositories through apt or aptitude it’s sources and versions for different OS (Operating Systems) are available at https://www.wireshark.org/download.html.

Installing Wireshark on Debian 10 Buster

To install Wireshark on Debian 10 Buster or previous Debian versions run:

$ apt install wireshark -y

Wireshark basics

To launch Wireshark, on the terminal just run:

$ wireshark

Note: don’t run Wireshark as root, execute it as unprivileged user only, you don’t need to be root user to capture packages over a network.

The following window will prompt

When launching Wireshark you’ll see two main menus:

And

On the first line you have menus with the following functionalities:

File: additionally to the usual options of any File menu, this one allows to export packets with different options, SSL session keys and objects.

Edit: this menu allows to copy and find specific content, to mark and ignore packets, manage timing options and packet comments. Through this menu you can also setup different configuration profiles and edit preferences such as visual preferences, mac and IP addresses resolutions and more.

View: this menu allows to configure different visual options such as menus, toolbars, zoom, expand and collapse among other estetic options.

Go: this menu contains options to browse packets.

Capture: from this menu you can launch Wireshark and configure options related to the capture of packages such as filters, name resolutions, interfaces and output options.

Analyze: from this menu you can enable and disable protocol dissectors, decode some packets and manage display filters.

Statistics: the Statistics menu allows to display the information in a variety of ways, including or discarding specific information.

Telephony: this menu contains options related to telephony such as VoIP, GSM, Osmux, RTP, SCTP and more.

Wireless: this menu contains options related to bluetooth and wlan.

Tools: here you’ll find options related to stateless firewall and Lua programming language.

Help: this menu contains helpful information on Wireshark.

The graphical menu below the explained above contains:

This button allows to launch Wireshark, it can also be found on the Capture menu described above.

This is the button to stop ongoing Wireshark analysis.

Here you can restart stopped capturing processes.

This button will open the Capture menu explained above.

This button will allow to open Capture files from previous sessions.

This button saves the current capture.

Close the current capture.

Reload a capture.

This button allows you to find packets.

This button allows to browse to the previous packet.

This button allows to browse to the next packet.

This allows to browse to a specific packet.

This button allows to move to the first packet.

This button allows to move to the last packet.

This button allows set automatic scroll to the last packet when Wireshark is working.

This button allows to color packets according to specified rules.

This button allows one to zoom in fonts.

This button allows to zoom out fonts.

This button allows to restore text font to the original size.

This button allows to resize columns to fit the content.

Conclusion:

Wireshark offers a considerable quantity of options to configure filters, timing and output formats, it has a very friendly and intuitive graphical environment but can be used from the command line too through TShark included in the package. It supports Ethernet, PPP, IEEE 802.11 and loopback network types. It can detect VoIP calls and in some cases can decode the content, it also allows to capture USB raw traffic, it allows to create plugins for dissecting new protocols and to filter Wireless connections if connected through a wired router or switch. Some interesting Wireshark alternatives include Ettercap, Kismet, EtherApe, SmartSniff, CloudShark and Omnipeek, additional alternatives can be found online.

Related articles

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Git: How to Revert Last Commit?

Git is an effective tool that keeps track of your code. And one of the great features of the tool is that you can easily...
28/12/2020

nmap flags and what they do

On LinuxHint nmap port scanning was already explained. This tutorial is the first of a series of introductory tutorials...
29/12/2020

How to Use GNOME Disk Utility

GNOME Disk Utility is the default graphical partitioning tool on the GNOME 3 desktop environment and other GNOME based...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Reliable IPv4 and IPv6 Subnet Rental Services: The Perfect Solution for Global Businesses
23/12/2024

Tìm Hiểu Về Thuê Proxy US – Lợi Ích và Cách Sử Dụng Hiệu Quả
11/12/2024

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024