Install TShark on Raspberry Pi

Install TShark on Raspberry Pi

TShark is a command line tool that enables to analyze the network traffic. It allows to capture packets from a network and print them to the standard output. TShark is a command line version of Wireshark that can be used when graphical user interface isn't available.

This tutorial explains how to install TShark on Raspberry Pi.

Use SSH to connect to Raspberry Pi. Update the package lists and install TShark by using these commands:

sudo apt update
sudo apt install -y tshark

During installation you will be asked if you want to allow non-root users to able to capture packets. Select the "Yes" option. It will add wireshark group and anyone who is a member of this group will be able to capture packets without being root user.

Add current user to a wireshark group:

sudo usermod -a -G wireshark $USER

To make changes to take effect, logout and login to Raspberry Pi. After you're reconnected, check TShark version:

tshark --version

To start capturing packets on default network interface with TShark, simply execute this command:

tshark

To identify which network interfaces are available to the TShark, run the following command:

tshark -D

We can use -i option to capture packets on specific network interface.

tshark -i wlan0

If TShark is no longer needed and you want to completely remove it, run this command:

sudo apt purge --autoremove -y tshark

Leave a Comment

Cancel reply

Your email address will not be published.