How To Install Wireshark on Debian 11

This guide intends to teach you to Install Wireshark on Debian 11.

Wireshark is a free open-source tool that analyzes network traffic in real-time for Windows, Mac, Unix, and Linux systems. It captures data packets passing through a network interface (such as Ethernet, LAN, or SDRs) and translates that data into valuable information for IT professionals and cybersecurity teams.

Wireshark is a type of packet sniffer (also known as a network protocol analyzer, protocol analyzer, and network analyzer). Packet sniffers intercept network traffic to understand the activity being processed and harvest useful insights.

Steps To Install Wireshark on Debian 11

To install Wireshark, you need to log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Debian 11.

Install Wireshark Network Analyzer on Debian 11

The Wireshark package is available in the default Debian repository.

First, update your local package index with the command below:

sudo apt update

Now use the following command to install Wireshark:

sudo apt install wireshark -y

The system by default only lets users with sudo access capture network data, if you also want the non-root users to use the Wireshark to analyze the network then select the Yes option otherwise let the No be selected and simply press the Enter key.

When your installation is complete, verify it by checking the Wireshark version:

apt policy wireshark
Output
wireshark:
  Installed: 3.4.10-0+deb11u1
  Candidate: 3.4.10-0+deb11u1
  Version table:
 *** 3.4.10-0+deb11u1 500
        500 http://deb.debian.org/debian bullseye/main amd64 Packages
        500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages
        100 /var/lib/dpkg/status

How To Launch Wireshark on Debian 11

You can now launch Wireshark either from the command line or from the activities.

To start Wireshark, run the following command:

sudo wireshark &

You will see the Wireshark interface on Debian 11:

Wireshark interface
Wireshark

Now you can start using your Wireshark. For example, you can Capture the data from available network interfaces. To do this, click on the shark flipper icon in the top left corner to start recording.

Set up Wireshark Command Line Interface

Also, you can Wireshark from the command line, to see how it works, use the command below:

tshark --help
Output
Usage: tshark [options] ...

Capture interface:
  -i <interface>, --interface <interface>
                           name or idx of interface (def: first non-loopback)
  -f <capture filter>      packet filter in libpcap filter syntax
  -s <snaplen>, --snapshot-length <snaplen>
                           packet snapshot length (def: appropriate maximum)
  -p, --no-promiscuous-mode
                           don't capture in promiscuous mode
  -I, --monitor-mode       capture in monitor mode, if available
  -B <buffer size>, --buffer-size <buffer size>
                           size of kernel buffer (def: 2MB)
  -y <link type>, --linktype <link type>
                           link layer type (def: first appropriate)
  --time-stamp-type <type> timestamp method for interface
  -D, --list-interfaces    print list of interfaces and exit
  -L, --list-data-link-types
                           print list of link-layer types of iface and exit
  --list-time-stamp-types  print list of timestamp types for iface and exit

Capture stop conditions:
  -c <packet count>        stop after n packets (def: infinite)
....

If it doesn’t work, install it by using the command below:

sudo apt install tshark

Conclusion

At this point, you have learned to Install Wireshark on Debian 11.

Hope you enjoy it. You may be like these articles:

How To Install Plesk on Debian 11

Fix “apt-add-repository” Command Not Found on Debian 11

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Stay informed and not overwhelmed, subscribe now!