Network Analysis With Wireshark On Ubuntu 9.10

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2010-02-18 17:34. :: Ubuntu | Desktop | Monitoring

Network Analysis With Wireshark On Ubuntu 9.10

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 01/29/2010

Wireshark is a network protocol analyzer (or "packet sniffer") that can be used for network analysis, troubleshooting, software development, education, etc. This guide shows how to install and use it on an Ubuntu 9.10 desktop to analyze the traffic on the local network card.

This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!

 

1 Installing Wireshark

Go to Applications > Ubuntu Software Center...

... and search for wireshark:

Mark the Wireshark package and click on the arrow on the right:

On the next screen, click the Install button:

Type in your password:

Wireshark is now being downloaded and installed:

You can close the Ubuntu Software Center window afterwards:

 

2 Using Wireshark

We must run Wireshark with root privileges so that it has enough permissions to monitor the network interfaces. Because the default Wireshark launcher starts Wireshark with normal user privileges, we have to modify the launcher now. Right-click Applications and select Edit Menus:

In the Menu Editor, go to Internet > Wireshark and click the Properties button:

In the Launcher Properties window, add gksu in the Command field so that the command reads gksu wireshark. Click Close afterwards and leave the Menu Editor:

Open the Wireshark application (Applications > Internet > Wireshark):

Because we are running Wireshark with root privileges, you will see the following warning (Running as user "root" and group "root". This could be dangerous.). Click OK:

This is how Wireshark looks when you first start it:

Click the List the available capture interfaces... button:

A new window opens with a list of available network interfaces on your system. Normally you want to capture the traffic on your primary network device (eth0 in this example), so you click the Start button in the eth0 row to start an analysis of the traffic on that interface:

You can now see the captured packets for various protocols in the main window.

The capture goes on until you click the Stop button:

You can now browse the results, apply filters, find problems, etc.

To fine-tune future captures, you can click the Show the capture options... button:

A new window opens where you can set parameters for the next capture. Click Start afterwards to start the capture:

The result of a capture lists all found protocols by default. If you'd like to concentrate on a certain protocol (for example), you can apply a filter to the result. Go to Analyze > Display Filters...:

A new window opens where you can select your desired protocol (TCP for example). Click OK afterwards:

In the result window, you should now find TCP traffic only - all other protocols have been filtered out:

To learn more about Wireshark usage, how to read the results, etc., take a look at the Wireshark documentation.

 

3 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Ersun Warncke (not registered) on Sun, 2011-05-29 22:40.
I was wondering why Wireshark did not show any interfaces when I tried to use it. This tutorial made everything clear.
Submitted by Anonymous (not registered) on Wed, 2011-11-09 12:06.

if didnt show interface in capure in ubuntu 11.10

first : open terminal with ctrl+alt+t

then

type          sudo su

then

type          wireshark

and then open wireshark and then click ok in box and now click capture and click interface

now show interface

Submitted by zico (not registered) on Mon, 2011-11-21 11:11.
thnks very much... it works..
Submitted by Anonymous (not registered) on Fri, 2011-04-29 06:53.
Thans a lot. You saved my time :).
Submitted by borrel (not registered) on Fri, 2011-03-25 13:04.

wireshark sould not run as root

 so i have to vote down (sorry)

Submitted by Hari (not registered) on Tue, 2010-12-21 07:15.

The menu item for wireshark - launcher properties - edit prefix with gksu did the trick for me.

I had wireshark installed long time back but never got to work from the menu neither using "sudo wireshark" from terminal. The "gksu wireshark" did the trick. Thx again.

~hari

Submitted by AimenK (not registered) on Thu, 2010-08-19 20:48.

I tried to install it as in your procedure from ubuntu software center, it didn't work, don't know why!!

 

but i was able to make the installation from the package manager by installing the wireshark package.


Submitted by Anonymous (not registered) on Thu, 2010-06-24 17:02.
Worked the first time. Excellent. Thanks a lot.
Submitted by Anshul (not registered) on Tue, 2010-06-15 15:23.
Excellent. To the point and very well written. Thanks!
Submitted by Anonymous (not registered) on Thu, 2010-06-10 17:04.
Good job - just what I needed - fast. Tnx!
Submitted by mohave (not registered) on Mon, 2010-02-22 16:29.

Some weeks ago I installed wireshark without success. With your guide I was able to get it work.

 Thanks

Submitted by nicolargo (registered user) on Fri, 2010-02-19 11:26.

Nice tuto about this useful tools.

I also write a post about the use of Wireshark (in french).

Nicolas