We’ll walk you through on How to install Wireshark on Rocky/Alma Linux & any other RHEL derivatives in this article.In case you were unaware, network administrators and security experts can record and examine network traffic using Wireshark, a potent and often utilized network protocol analyzer.
It is assumed that you are familiar with the shell, have a rudimentary understanding of Linux, and—most importantly—that your website is hosted on a virtual private server (VPS). It is assumed that you are running in the root account for the straightforward installation; if not, you might need to add “sudo” to the instructions in order to obtain root rights. I’ll walk you through installing Wireshark on Rocky Linux step-by-step.
Pre-requsite
- Rocky Linux 8/9 is one of the operating systems that can be used. Refer How to Install Rocky Linux
- It is advised that you perform a clean OS install in order to avoid any possible problems.
- SSH access to the server (if you’re on a desktop, simply launch Terminal).
- Internet connection – To download the required packages and dependencies for Wireshark, you’ll need an internet connection. You’ll also need enough disk space for the installation.
- a non-root sudo user with root user access, or both. However, if you’re not careful when operating as the root, you could damage your system, so we advise you to utilize sudo as a non-root user.
Installing Wireshark
Installing from Source
Preparing the Host
Make sure the system is updated to its latest version
sudo yum update -yIf the above results in the update of the kernel version please do a reboot of the system
There are requirements for Wireshark that must be installed first. On your Rocky Linux system, open the terminal and type the following commands:
sudo dnf install qt5-devel gcc gcc-c++ bison flex libpcap-devel \
gtk3-devel rpm-build libtool c-ares-devel qt5-qtbase-devel \
qt5-qtmultimedia-devel qt5-linguist desktop-file-utils \
createrepo glib2-devel perl perl-devel tcpdump libcap-devel \
libssh-devel krb5-devel perl-Parse-Yapp snappy-devel git\
minizip-devel lz4 libxml2-devel spandsp-devel systemd-devel -yDownloading source & installing
In this method we will see the installation using the Wireshark source code. The Wireshark source code can be downloaded from the official Wireshark website. After deciding which stable version is best for your setup, copy the download link:
wget https://2.na.dl.wireshark.org/src/wireshark-4.2.0.tar.xzLet us now untar the source file tar xvf wireshark-*.tar.xz
tar xvf wireshark-*.tar.xzChange the directory
cd wireshark-*/Check for any missing dependencies and configure the build environment accordingly
./configureCompile the Wireshark source code
makeNow you can install it on the system
sudo make installConfiguring Wireshark for Non-root user
By default, in order to collect network traffic, Wireshark needs root capabilities. It is advised to set it up so that its features can be used by non-root users without jeopardizing system security. In order to allow non-root users to capture packets, run the following command:
sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bin/dumpcapThis will make sure that necessary permissions is granted ti to the dumpcap binary for allowing it to be executed by non-root users.
Accessing the Wireshark
After the installation is finished, you may use the programs menu or the terminal to perform the following command to open the Wireshark client:
wiresharkPlease note that if you are using the minimal command line based installed server make sure that you are accessing it using any terminal tool which has X11 Forwarding enabled to access the Wireshark GUI. A good examaple would be Mobaxterm
Installing Wireshark from Package manager
Several packages are produced when RPMs are built from Wireshark’s source code (the majority of distributions use the same system):
- The main Wireshark libraries and command-line tools are included in the wireshark package.
- The Qt-based GUI is included in the wireshark or wireshark-qt package.
Use the following command to install Wireshark together with the Qt GUI:
sudo yum install wireshark wireshark-qtYou can also install your custom RPMs that you made using the Wireshark sources by executing, for instance:
rpm -ivh wireshark-2.0.0-1.x86_64.rpm wireshark-qt-2.0.0-1.x86_64.rpmBefore you perform the above commands make sure that you have already performed all the Steps mentioned in the above section except Downloading source & installing
Note : Using the package manager you will not be able to install the latest wireshark packages as they prefer stability and never take an update to newer versions throughout the life of the OS release.
Conclusion
We have successfully learnt installing Wireshark using both the methods . You can now use Wireshark In order to facilitate network troubleshooting, communication protocol development, packet analysis, and many other tasks. Wireshark allows users to record or capture incoming and outgoing network packets in a real-time environment. For additional help or useful information, we recommend you check the official Wireshark website.