linux

How to Install Wireshark on Ubuntu

Install Wireshark on Ubuntu with sudo apt install wireshark from universe, allow non-root capture via wireshark-common debconf, add your user to the wireshark group, and optionally install tshark for CLI-only capture on servers.

Published

Updated

Read time 5 min read

Reviewed byDeepak Prasad

Install Wireshark on Ubuntu banner with network capture icons and apt install command

Wireshark is the standard open-source tool for capturing and decoding network packets—troubleshooting DNS, HTTP, VPN issues, or learning how protocols behave on the wire. On Ubuntu it lives in the universe repository as the wireshark package (GUI) and optional tshark (CLI).

This guide shows how to install Wireshark on Ubuntu, fix the common “no interfaces” / permission denied errors after install, and run a first capture. I ran the steps on Ubuntu 25.04 with real terminal output below.

Tested on: Ubuntu 25.04 (Plucky Puffin); kernel 6.14.0-37-generic; amd64; Wireshark 4.4.5.

WARNING
Capture packets only on networks you own or are authorized to monitor. Wireshark sees unencrypted traffic in plain text on those interfaces.

Prerequisites

  • Ubuntu 22.04 LTS, 24.04 LTS, or newer (25.04 tested)—see check Ubuntu version.
  • sudo for package install and group changes.
  • universe enabled (sudo add-apt-repository universe on minimal images).
  • A user account you will add to the wireshark group for non-root capture.

Choose an install method

Method Best for Jump to
APT (wireshark from universe) Desktops and laptops—recommended Method 1
wireshark-dev PPA Newer upstream builds when universe lags Method 2
tshark only SSH servers, scripts, no GUI Method 3

Wireshark’s official documentation describes Debian/Ubuntu .deb installs the same way: use your distribution packages when they are current enough.

Update indexes and install the GUI metapackage:

bash 
sudo apt update
sudo apt install -y wireshark

On Ubuntu 25.04 the install pulled Wireshark 4.4.5 and dependencies; near the end:

text 
Setting up libwireshark18:amd64 (4.4.5-1) ...
Setting up wireshark-common (4.4.5-1) ...
Setting up wireshark (4.4.5-1) ...
Processing triggers for man-db (2.13.0-1) ...

Confirm version and packages:

bash 
wireshark --version
dpkg -l wireshark wireshark-common | grep '^ii'
text 
Wireshark 4.4.5.
text 
ii  wireshark         4.4.5-1  amd64  network traffic analyzer - graphical interface
ii  wireshark-common  4.4.5-1  amd64  network traffic analyzer - common files

Allow non-root packet capture

The installer asks whether non-superusers may capture packets. Choose Yes so members of the wireshark group can run captures without sudo wireshark every time (Ask Ubuntu, Microchip Wireshark setup notes).

Interactive reconfigure anytime:

bash 
sudo dpkg-reconfigure wireshark-common

For non-interactive installs (scripts, cloud images):

bash 
echo 'wireshark-common wireshark-common/install-setuid boolean true' | sudo debconf-set-selections
sudo apt install -y wireshark

After Yes, dumpcap gets network capture capabilities:

bash 
getcap /usr/bin/dumpcap
ls -l /usr/bin/dumpcap
text 
/usr/bin/dumpcap cap_net_admin,cap_net_raw=eip
-rwxr-x--- 1 root wireshark ... /usr/bin/dumpcap

You do not need sudo chmod +x /usr/bin/dumpcap—that was misleading advice in older tutorials. Permissions are handled by capabilities and the wireshark group.

Add your user to the wireshark group

bash 
sudo usermod -aG wireshark $USER

Verify:

bash 
getent group wireshark
text 
wireshark:x:131:yourusername

Log out and log back in (or reboot) so the new group membership applies. Until then, dumpcap may return Permission denied even after install—that caught me in the same shell session until I used sg wireshark.

Optional: some USB or serial adapters also need dialout:

bash 
sudo usermod -aG dialout $USER

List capture interfaces

After a fresh login (or sg wireshark for a quick test):

bash 
dumpcap -D
text 
1. enp0s3
2. enp0s8
3. any
4. lo (Loopback)
5. docker0
...

Launch the GUI:

bash 
wireshark

Or open Activities → Wireshark, pick an interface (for example enp0s3), and click the blue shark fin to start capture. Stop with the red square button.

Method 2: wireshark-dev PPA (optional)

Some guides (GeeksforGeeks) add ppa:wireshark-dev/stable when universe is older than you need. On Ubuntu 25.04, universe already ships 4.4.5—skip the PPA unless you have a specific upstream feature requirement.

IMPORTANT
PPAs are community-maintained. Prefer Method 1 unless you have verified the PPA supports your Ubuntu release and you accept third-party packaging risk.
bash 
sudo add-apt-repository -y ppa:wireshark-dev/stable
sudo apt update
sudo apt install -y wireshark

Then repeat the capture permission steps (dpkg-reconfigure wireshark-common, wireshark group, new login session).

Remove the PPA if you no longer need it:

bash 
sudo add-apt-repository --remove -y ppa:wireshark-dev/stable
sudo apt update

Method 3: Install tshark (CLI only)

On servers without a desktop, install the command-line tool:

bash 
sudo apt install -y tshark
text 
Setting up tshark (4.4.5-1) ...
bash 
tshark --version
text 
TShark (Wireshark) 4.4.5.

List interfaces (same group rules as the GUI):

bash 
sg wireshark -c 'tshark -D'
text 
1. enp0s3
2. enp0s8
3. any
4. lo (Loopback)

Example capture (5 packets on enp0s3—adjust interface name):

bash 
sudo tshark -i enp0s3 -c 5

Use sudo only if you have not finished group setup; after wireshark group + new session, capture without root is preferred.

Update Wireshark

bash 
sudo apt update
sudo apt install --only-upgrade wireshark wireshark-common tshark
wireshark --version

Uninstall Wireshark

bash 
sudo apt purge -y wireshark wireshark-common tshark
sudo apt autoremove -y

See remove unused packages on Ubuntu for reviewing what autoremove proposes and cleaning leftover apt cache or rc configs.

Troubleshooting

Symptom Likely cause Fix
No interfaces listed Not in wireshark group or debconf No sudo dpkg-reconfigure wireshark-common → Yes; sudo usermod -aG wireshark $USER; log out/in
dumpcap: Permission denied Group not active in current session Log out/in, or sg wireshark -c 'wireshark'
“Run as root” banner in GUI Launched without group privileges Fix permissions; avoid daily sudo wireshark
tshark: command not found Only GUI metapackage installed sudo apt install tshark
Empty capture on Wi‑Fi Adapter lacks monitor mode Use wired enp* for basic lab capture; Wi‑Fi monitor mode needs supported hardware
PPA upgrade breaks dependencies Mixed PPA + release upgrade Purge wireshark, remove PPA, reinstall from universe

Next steps

References

Summary

Install Wireshark on Ubuntu with sudo apt install wireshark from universe, allow non-superusers to capture during wireshark-common setup, and add your account to the wireshark group before you expect live capture to work. On Ubuntu 25.04 that gives Wireshark 4.4.5 with dumpcap capabilities—no PPA required for most users.

Use tshark on headless systems, log out after usermod, and capture only on networks you are allowed to monitor. When something fails, check getcap /usr/bin/dumpcap and dumpcap -D in a session where the wireshark group is active—not chmod on dumpcap.

Frequently Asked Questions

1. How do I install Wireshark on Ubuntu?

Run sudo apt update, then sudo apt install wireshark. During wireshark-common setup, allow non-superusers to capture packets (debconf Yes), add yourself to the wireshark group with sudo usermod -aG wireshark $USER, log out and back in, then launch wireshark from Activities or the terminal.

2. Is Wireshark in the Ubuntu repositories?

Yes. The wireshark metapackage is in universe on Ubuntu 22.04 LTS and newer. Ubuntu 25.04 ships Wireshark 4.4.5 as of this update—no PPA is required for most users.

3. Why does Wireshark say no interfaces or permission denied?

Packet capture needs privileges on dumpcap. Install wireshark-common, answer Yes to non-superuser capture, add your user to the wireshark group, and start a new login session. Running sudo wireshark works temporarily but is not recommended daily.

4. Should I use the wireshark-dev PPA on Ubuntu?

Only when you need a newer build than universe provides and accept third-party PPA risk. For Ubuntu 25.04, apt install wireshark from universe is the default recommendation per Wireshark and Ask Ubuntu guidance.

5. What is the difference between Wireshark and tshark?

wireshark is the Qt GUI application. tshark is the command-line capture and analysis tool from the same project—install with sudo apt install tshark on headless servers or SSH sessions.

6. Do I need chmod +x on dumpcap?

No. Modern Ubuntu sets Linux capabilities on /usr/bin/dumpcap when you allow non-superuser capture. After install, getcap /usr/bin/dumpcap should show cap_net_raw and cap_net_admin. chmod +x is not the fix for capture permission errors.

7. How do I uninstall Wireshark from Ubuntu?

Run sudo apt purge wireshark wireshark-common tshark, then sudo apt autoremove. Remove yourself from the wireshark group only if you added it manually and no longer need capture.

8. Is it legal to capture traffic with Wireshark?

Wireshark is legal software, but you may only capture networks you own or have explicit permission to monitor. Unauthorized sniffing can violate policy or law—use it on lab, home, or approved corporate networks only.
Omer Cakmak

Linux Administrator

Highly skilled at managing Debian, Ubuntu, CentOS, Oracle Linux, and Red Hat servers. Proficient in bash scripting, Ansible, and AWX central server management, he handles server operations on …

Related Articles

linux

How to Install NordVPN on Ubuntu

Install NordVPN on Ubuntu with the official install.sh script or Snap, add your user to the nordvpn group, log …

6 min readlinux

How to Install cURL on Ubuntu

Install cURL on Ubuntu with sudo apt install curl, verify with curl --version, fix curl not found and …

6 min readlinux

How to Install Jellyfin on Ubuntu

Install Jellyfin on Ubuntu with the official apt repository on 22.04 and 24.04 LTS, or run jellyfin/jellyfin …

9 min read