TShark is a command line tool for analyzing network traffic. This tool enables to capture packets from a network and print them to the standard output. TShark is a command line version of Wireshark that can be used when a graphical user interface isn't available.
This tutorial demonstrates how to install TShark on Ubuntu 24.04.
Install TShark
Add the Wireshark and TShark repository:
sudo add-apt-repository -y ppa:wireshark-dev/stableInstall TShark:
sudo apt install -y tsharkDuring installation, you will be asked if you want to allow non-root users to be able to capture packets. Select the "Yes" option. It will add the wireshark group and anyone who is a member of this group will be able to capture packets without being root user.
Run the following command to add the current user to a wireshark group:
sudo usermod -a -G wireshark $USERTo make changes to take effect, logout and login to your machine. After reconnection, you can check TShark version:
tshark --versionExecute tshark command without any arguments to start capturing packets on default network interface:
tsharkWe can find network interfaces which are available to the TShark with command:
tshark -DThe -i option allows capturing packets on a specific network interface.
tshark -i ens33Uninstall TShark
If you wish to completely remove TShark and all related dependencies, execute the following command:
sudo apt purge --autoremove -y tsharkRemove repository:
sudo rm -rf /etc/apt/sources.list.d/wireshark-dev-ubuntu-stable-noble.sources
Leave a Comment
Cancel reply