Install TShark on Ubuntu 20.04

TShark is a command line tool for analyzing network traffic. This tool enables to capture packets from a network and print them to the standard output. TShark is a command line version of Wireshark that can be used when graphical user interface isn’t available.

This tutorial demonstrates how to install TShark on Ubuntu 20.04.

Install TShark

Add the Wireshark and TShark repository:

sudo add-apt-repository -y ppa:wireshark-dev/stable

Install TShark:

sudo apt install -y tshark

During installation you will be asked if you want to allow non-root users to able to capture packets. Select the “Yes” option. It will add wireshark group and anyone who is a member of this group will be able to capture packets without being root user.

Run the following command to add current user to a wireshark group:

sudo usermod -a -G wireshark $USER

In order to make changes to take effect, logout and login to your machine. After reconnection, you can check TShark version:

tshark --version

Execute tshark command without any arguments to start capturing packets on default network interface:

tshark

We can find network interfaces which are available to the TShark with command:

tshark -D

The -i option allows to capture packets on specific network interface.

tshark -i ens33

Uninstall TShark

If you wish to completely remove TShark and all related dependencies, execute the following command:

sudo apt purge --autoremove -y tshark

Remove GPG key and repository:

sudo rm -rf /etc/apt/trusted.gpg.d/wireshark-dev_ubuntu_stable.gpg
sudo rm -rf /etc/apt/sources.list.d/wireshark-dev-ubuntu-stable-focal.list

Leave a Comment

Your email address will not be published. Required fields are marked *