Wireshark is one of the known network protocol analyzers that can be installed on various platforms including Windows, MacOS, and Linux distributions. It monitors the network traffic of the computer at the microscopic level.
It is used to inspect the network protocols at the microscopic level. Users can capture the live analysis and also in offline mode. Additionally, it supports decrypting protocols including IPsec, ISAKMP, and Kerberos. Moreover, the result of the output can be converted and saved in multiple formats including XML and simple text format.
This blog will demonstrate the installation methods of Wireshark on Debian and its basic usage following the outline:
- What is the Installation Method of Wireshark on Debian
- What is the Basic Usage of the Wireshark Software Application
- What is the Method to Capture Packets Using the Wireshark on Debian
- How to Uninstall and Remove Wireshark on Debian
Let’s start the post with the installation method of Wireshark on Debian 12.
What is the Installation Method of Wireshark on Debian?
The default package repository of Debian contains the installation package of Wireshark that can be installed following the steps mentioned below.
Step 1: Start the Terminal
First, open the terminal of Debian 12 with any of the mentioned methods in the post:
Step 2: Update the Packages
Use the next mentioned command to make sure all the packages are updated to the recent versions:
$ sudo apt update
Step 3: Find the Wireshark
Now find the available version of the “Wireshark” in Debian’s default repository:
$ sudo apt show wireshark
The version details of the “Wireshark” package present in Debian’s repository have been displayed on the screen.
Step 4: Install Wireshark on Debian
Finally, to install the Wireshark on Debian, run the command:
$ sudo apt install wireshark -y
Click on “Ok” to allow the members of the “Wireshark” group to capture packets:
Whether allow or restrict the usage of the “non-sudo” users to “Wireshark” as shown:
The package has been installed on Debian with the successful execution of the above command.
Step 5: Verify the Installation
Display the installed version of the Wireshark on Debian with the following command:
$ wireshark -v
The output validates the installation of the Wireshark on Debian using the terminal.
What is the Basic Usage of the Wireshark Software Application?
To understand the basic usage of the “Wireshark” on Debian, launch the application by searching it in the GNOME application’s menu as shown:
Now first understand the basic options of the Wireshark graphical user interface as explained in the table:
| Option Bars | Explanation |
|---|---|
| Menu | The menu bar contains different options including the File, View, Edit, Go, Capture, Analyze, and Tools. These options are used to save the captured file, edit the files, or view the already saved captured files |
| Toolbar | The options in this bar are used to manage the capturing process by starting, stopping, and restarting operations |
| Filter Toolbar | This contains the option to filter the packets that are supposed to be captured |
| Packet List | This displays the list of the captured packets |
| Packet Details | This displays the details of the captured packets |
| Packets Size | This is used to display the size details of the captured packets |
All the explained options have been demonstrated in the figure below:
What is the Method to Capture Packets Using the Wireshark on Debian?
First, click on the “Wireshark” icon and select the “Network Protocol” to capture the traffic of the packets on it:
To capture the network traffic using the terminal, run the command:
$ sudo wireshark -i enp0s3 -k
It will start capturing the packets on Debian 12.
How to Uninstall and Remove Wireshark on Debian?
The package of the “Wireshark” is installed using the apt package manager. Therefore, it can be uninstalled with the removal of its configuration file by executing the command:
$ sudo apt purge wireshark -y
Also, remove the unused dependencies with the following command:
$ sudo apt autoremove -y
This is all about the installation, usage, and uninstallation of the Wireshark on Debian 12.
Conclusion
To install the Wireshark on Debian 12, type the command “sudo apt install wireshark -y” in the terminal and execute it to complete Wireshark’s installation. Wireshark is the network analyzer tool that helps in monitoring the network traffic on Debian.
This blog explained the complete step-by-step guide to installing Wireshark on Debian 12 with its basic usage understanding.
