How to Install the Latest Wireshark from Source on Debian or Ubuntu Linux

By | 2013/06/07

Wireshark unfortunately does not provide a .deb package for their releases. However, it is possible to create and install a .deb package from source. I’ll show you how!


First, grab the latest source code tarball from wireshark.org:

https://www.wireshark.org/download.html

-> Source Code


Next, install all wireshark dependencies:

$ sudo apt-get build-dep wireshark


Install some needed Debian packages if you have not already:

$ sudo apt-get install build-essential checkinstall libcurl4-openssl-dev


Next, extract the tarball you downloaded from wireshark.org:

$ tar xvf wireshark-*.tar.bz2

Now time to configure and install:

$ cd wireshark-*

$ ./configure --with-ssl --enable-setcap-install --with-dumpcap-group=wireshark

$ make -j4

And finally:

$ sudo checkinstall --fstrans=no

When prompted, enter y then name the package: wireshark.


stmiller@brahms:~/Downloads/wireshark-1.10.0$ sudo checkinstall 
[sudo] password for stmiller: 

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: y

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.
>> wireshark
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@brahms ]
1 -  Summary: [ wireshark ]
2 -  Name:    [ wireshark ]
3 -  Version: [ 1.10.0 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ amd64 ]
8 -  Source location: [ wireshark-1.10.0 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wireshark ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Enter a number to change any of them or press ENTER to continue: 

Installing with make install...

Some of the files created by the installation are inside the home directory: /home

You probably don't want them to be included in the package.
Do you want me to list them?  [n]: n
Should I exclude them from the package? (Saying yes is a good idea)  [n]: yes

Some of the files created by the installation are inside the build
directory: /home/stmiller/Downloads/wireshark-1.10.0

You probably don't want them to be included in the package,
especially if they are inside your home directory.
Do you want me to list them?  [n]: n
Should I exclude them from the package? (Saying yes is a good idea)  [y]: y

Copying files to the temporary directory...

Stripping ELF binaries and libraries...OK

Compressing man pages...OK

Building file list...OK

Building Debian package...OK

Installing Debian package...OK

Erasing temporary files...OK

Writing backup package...
OK

Deleting temp dir...OK


**********************************************************************

 Done. The new package has been installed and saved to

 /home/stmiller/Downloads/wireshark-1.10.0/wireshark_1.10.0-1_amd64.deb

 You can remove it from your system anytime using: 

      dpkg -r wireshark

**********************************************************************

stmiller@brahms:~/Downloads/wireshark-1.10.0$ 


Note: you may have to run this command:

$ sudo ldconfig


And finally, ‘sudo wireshark’ will run wireshark:

wireshark_source

Note you should be able to run wireshark as a regular user, but I am looking into why this is not currently working for me. Stay tuned….

12 thoughts on “How to Install the Latest Wireshark from Source on Debian or Ubuntu Linux

  1. flukz

    To run wireshark as non-priv user:

    sudo dpkg-reconfigure wireshark-common

    sudo usermod -a -G wireshark $USER

    After, log out of the window manager and log back in.

    Reply
      1. Pras

        Were you able to figure out how to set the access for non-privileged users ? I am having the same issue.

        Thanks in advance

        Reply
        1. Scott Miller Post author

          Debian Wheezy has a newer wireshark in backports now:

          $ sudo apt-get -t wheezy-backports install wireshark
          
          Reply
  2. Joe

    What I could go for is a tutorial, assuming no previous skill, on how to use Wireshark for practical purposes. I load it up, see packets flying everywhere, sometimes I can search some text in unencrypted packets, but I really have no idea what’s going on.

    Reply
  3. Edmond

    By the way,
    from a fresh install of 7.1 i had to manually install openssl-dev because of the error while configuring it with ssl:
    configure: error: SSL crypto library was requested, but is not available

    apt-get install libcurl4-openssl-dev

    Reply
    1. Scott Miller Post author

      Thanks! I added that to the post. Cheers,

      Reply
  4. Eyal

    FWIW here’s some adaptations for Ubuntu 12.10

    “sudo apt-get build-dep wireshark” fails with

    The following packages have unmet dependencies:
    portaudio19-dev : Depends: libjack-dev
    E: Build-dependencies for wireshark could not be satisfied.

    By default Ubuntu 12.10 has gtk3 installed. Installing these made configure happy:

    sudo apt-get install libpcap-dev libgtk2.0-dev

    Reply
  5. Paqueuc

    Hello,

    Thanks for the tutorial. On Debian Rpi, I get an error after

    make -j4

    make: *** No targets specified and no makefile found. Stop.

    Then I can’t finalize the last step.

    Have you got a solution, please ?

    Thanks

    Reply
  6. vincent

    I have installed wireshark on a ubuntu 12 server whit only CLI.
    How do i open wireshark?

    Reply
  7. camilo

    buen dia

    tengo una pregunta tecnica el .pcap me sale en .zip con contraseña el programa usa alguna contraseña por defecto o uno mismo se la coloca si es asi como se hace para quitar la o configurar lo con una contraseña colocada por mi agradezco de su ayuda

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.