Share your love
How To Install Wireshark on Debian 11
This guide intends to teach you to Install Wireshark on Debian 11.
Wireshark is a free open-source tool that analyzes network traffic in real-time for Windows, Mac, Unix, and Linux systems. It captures data packets passing through a network interface (such as Ethernet, LAN, or SDRs) and translates that data into valuable information for IT professionals and cybersecurity teams.
Wireshark is a type of packet sniffer (also known as a network protocol analyzer, protocol analyzer, and network analyzer). Packet sniffers intercept network traffic to understand the activity being processed and harvest useful insights.
Steps To Install Wireshark on Debian 11
To install Wireshark, you need to log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Debian 11.
Install Wireshark Network Analyzer on Debian 11
The Wireshark package is available in the default Debian repository.
First, update your local package index with the command below:
sudo apt update
Now use the following command to install Wireshark:
sudo apt install wireshark -y
The system by default only lets users with sudo access capture network data, if you also want the non-root users to use the Wireshark to analyze the network then select the Yes option otherwise let the No be selected and simply press the Enter key.
When your installation is complete, verify it by checking the Wireshark version:
apt policy wireshark
Output
wireshark:
Installed: 3.4.10-0+deb11u1
Candidate: 3.4.10-0+deb11u1
Version table:
*** 3.4.10-0+deb11u1 500
500 http://deb.debian.org/debian bullseye/main amd64 Packages
500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages
100 /var/lib/dpkg/status
How To Launch Wireshark on Debian 11
You can now launch Wireshark either from the command line or from the activities.
To start Wireshark, run the following command:
sudo wireshark &
You will see the Wireshark interface on Debian 11:
Now you can start using your Wireshark. For example, you can Capture the data from available network interfaces. To do this, click on the shark flipper icon in the top left corner to start recording.
Set up Wireshark Command Line Interface
Also, you can Wireshark from the command line, to see how it works, use the command below:
tshark --help
Output
Usage: tshark [options] ...
Capture interface:
-i <interface>, --interface <interface>
name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen>, --snapshot-length <snaplen>
packet snapshot length (def: appropriate maximum)
-p, --no-promiscuous-mode
don't capture in promiscuous mode
-I, --monitor-mode capture in monitor mode, if available
-B <buffer size>, --buffer-size <buffer size>
size of kernel buffer (def: 2MB)
-y <link type>, --linktype <link type>
link layer type (def: first appropriate)
--time-stamp-type <type> timestamp method for interface
-D, --list-interfaces print list of interfaces and exit
-L, --list-data-link-types
print list of link-layer types of iface and exit
--list-time-stamp-types print list of timestamp types for iface and exit
Capture stop conditions:
-c <packet count> stop after n packets (def: infinite)
....
If it doesn’t work, install it by using the command below:
sudo apt install tshark
Conclusion
At this point, you have learned to Install Wireshark on Debian 11.
Hope you enjoy it. You may be like these articles: