Install TShark on Ubuntu 22.04

Install TShark on Ubuntu 22.04

TShark is a command line tool for analyzing network traffic. This tool enables to capture packets from a network and print them to the standard output. TShark is a command line version of Wireshark that can be used when a graphical user interface isn't available.

This tutorial demonstrates how to install TShark on Ubuntu 22.04.

Install TShark

Add the Wireshark and TShark repository:

sudo add-apt-repository -y ppa:wireshark-dev/stable

Install TShark:

sudo apt install -y tshark

During installation, you will be asked if you want to allow non-root users to be able to capture packets. Select the "Yes" option. It will add the wireshark group and anyone who is a member of this group will be able to capture packets without being root user.

Run the following command to add the current user to a wireshark group:

sudo usermod -a -G wireshark $USER

To make changes to take effect, logout and login to your machine. After reconnection, you can check TShark version:

tshark --version

Execute tshark command without any arguments to start capturing packets on default network interface:

tshark

We can find network interfaces which are available to the TShark with command:

tshark -D

The -i option allows capturing packets on a specific network interface.

tshark -i ens33

Uninstall TShark

If you wish to completely remove TShark and all related dependencies, execute the following command:

sudo apt purge --autoremove -y tshark

Remove GPG key and repository:

sudo rm -rf /etc/apt/trusted.gpg.d/wireshark-dev-ubuntu-stable.gpg*
sudo rm -rf /etc/apt/sources.list.d/wireshark-dev-ubuntu-stable-jammy.list

Leave a Comment

Cancel reply

Your email address will not be published.