Wireshark Terminal or TShark is a command utility for capturing packets using a terminal. TShark is equipped with many useful options that can be used for different purposes including investigating cyber attacks.
Moreover, it is mainly used to monitor, inspect network traffic, and troubleshoot network bugs on your Ubuntu system.
This educational guide covers how to install Wireshark Terminal (TShark) on your Ubuntu 22.04 system.
How To Install Wireshark Terminal on Ubuntu 22.04?
Execute the mentioned commands to install Wireshark Terminal and how to use it on the Ubuntu system.
Step 1: Upgrade Package List
Let’s begin with the command to update and upgrade the Ubuntu package lists:
sudo apt update && sudo apt upgrade
All packages are up to date, there is no need to upgrade your system.
Step 2: Install TShark (Wireshark Terminal)
TShark is similar to Wireshark, however, it is commonly used in terminal environments. The command presented in the following will install Wireshark Terminal on your Ubuntu 22.04:
sudo apt install tshark
During the installation process of TShark, a message will pop up on your screen prompting, “Should non-superusers be able to capture packets?”
Here, we chose “Yes”, which means all users, including non-root users, are also allowed to utilize TShark for capturing packets.
The Wireshark Terminal (TShark) is now configured on your Ubuntu 22.04 system.
Step 3: Check the TShark Version
After installation, you can check the version number of TShark using the following command:
tshark -v
Currently, TShark 3.6.2 is available for use on your Ubuntu machine.
How to Use Wireshark Terminal (TShark) on Ubuntu 22.04?
In the following, we will see how to use Wireshark Terminal (TShark) with some examples.
Example 1: List Network Interfaces
You can list all the available network interfaces using the TShark. For instance, use the “-D” option with tshark command to view the list of network interfaces currently available on your system:
sudo tshark -D
In response to the above command, there are fourteen (14) network interfaces available on our Ubuntu 22.04 system. Now, you can select among them for packet capturing.
Example 2: Capture Packets from All Interfaces
If you want to capture packets from all the available interfaces on your systems, simply add the “-i any” with the tshark command in your terminal:
sudo tshark -i any
The command started capturing packets regardless of the particular interfaces.
Example 3: Limit Capture Packets
With additional options such as “-c”, you can limit the count of packets captured. In the following example, it will stop capturing when it reaches ten (10) packets:
sudo tshark -i any -c 10
In the above screenshot, you can see the total number of packets captured is ten (10).
Example 4: Capture Packets on Particular Interface
For a particular network interface such as enp0s3, you can use the following command:
sudo tshark -i enp0s3 -c 5
In this command, the “-c 5” option is optional, which is used to stop packets capturing after reaching five (5) packets.
Example 5: Capture Packets in Verbose
In the TShark, the “-V” option is used to enable a verbose format, which provides more detailed information about each packet. For instance:
sudo tshark -V
You can easily inspect the detailed information about each packet, including interface ID (i.e. enp0s3), protocol types and size, and more.
How To Uninstall Wireshark Terminal on Ubuntu 22.04?
Perform the below commands to uninstall Wireshark Terminal (TShark) from your Ubuntu 22.04 system.
Step 1: Remove Wireshark Terminal (TShark)
Through the provided command, you can completely remove the Wireshark Terminal (TShark) from your Ubuntu system:
sudo apt purge tshark
All the files and dependencies associated with TShark have been removed from your Ubuntu 22.04 machine.
FAQs
Are the Wireshark Terminal and TShark the same?
TShark is the short name used for Wireshark Terminal. In terms of their functions, they are the same.
Can I use the terminal to set up TShark on my Ubuntu 22.04 system?
On your Ubuntu terminal window, simply run the command, “sudo apt install tshark” to install Wireshark Terminal (TShark).
What are the common purposes of Wireshark Terminal on Ubuntu systems?
Wireshark Terminal is a command tool for capturing packets on available network interfaces, troubleshooting network issues, inspecting traffic on your networks, and more.
Conclusion
To install Wireshark Terminal or TShark, execute the command “sudo apt install tshark” from your terminal window. You can utilize the Wireshark Terminal for various purposes, including capturing packets of available networks, analyzing network traffic, and troubleshooting network issues.
