TShark is a command line tool for analyzing network traffic. This tool enables to capture packets from a network and print them to the standard output. TShark is a command line version of Wireshark that can be used when graphical user interface isn’t available.
This tutorial demonstrates how to install TShark on Ubuntu 20.04.
Add the Wireshark and TShark repository:
sudo add-apt-repository -y ppa:wireshark-dev/stable
sudo apt install -y tshark
During installation you will be asked if you want to allow non-root users to able to capture packets. Select the “Yes” option. It will add
wireshark group and anyone who is a member of this group will be able to capture packets without being root user.
Run the following command to add current user to a
sudo usermod -a -G wireshark $USER
In order to make changes to take effect, logout and login to your machine. After reconnection, you can check TShark version:
tshark command without any arguments to start capturing packets on default network interface:
We can find network interfaces which are available to the TShark with command:
-i option allows to capture packets on specific network interface.
tshark -i ens33
If you wish to completely remove TShark and all related dependencies, execute the following command:
sudo apt purge --autoremove -y tshark
Remove GPG key and repository:
sudo rm -rf /etc/apt/trusted.gpg.d/wireshark-dev_ubuntu_stable.gpg sudo rm -rf /etc/apt/sources.list.d/wireshark-dev-ubuntu-stable-focal.list