Linux Wireshark Guide - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Linux Wireshark Guide
Complete beginner-friendly guide to Wireshark on Linux, covering Arch Linux, CachyOS, and other distributions including network packet analysis, traffic inspection, and network debugging.
Table of Contents
Wireshark Installation
Install Wireshark
Arch/CachyOS:
# Install Wireshark
sudo pacman -S wireshark-qt
# Or CLI version
sudo pacman -S wireshark-cli
Debian/Ubuntu:
sudo apt install wireshark
Fedora:
sudo dnf install wireshark
Setup Permissions
Configure permissions:
# Add user to wireshark group
sudo usermod -aG wireshark $USER
# Log out and back in
Wireshark Basics
Launch Wireshark
Start Wireshark:
# Launch GUI
wireshark
# Or CLI
tshark
Interface
Wireshark display:
- Top: Menu and toolbar
- Middle: Packet list
- Bottom: Packet details
Capturing Packets
Start Capture
Capture packets:
- Select interface
- Click Start
- View packets in real-time
- Stop when done
Capture Options
Configure capture:
- Interface: Select network interface
- Filter: Apply capture filter
- Options: Set capture options
Analyzing Packets
Packet Details
View packet:
- Select packet
- View details in middle panel
- Inspect hex dump in bottom panel
Filters
Display filters:
# Filter by IP
ip.addr == 192.168.1.1
# Filter by port
tcp.port == 80
# Filter by protocol
http
Troubleshooting
Cannot Capture
Fix permissions:
# Add to wireshark group
sudo usermod -aG wireshark $USER
# Log out and back in
# Or use sudo
sudo wireshark
Summary
This guide covered Wireshark installation, packet capture, and network analysis for Arch Linux, CachyOS, and other distributions.
Next Steps
- tcpdump Guide - Command-line capture
- Network Utilities - Network tools
- Networking - Network setup
- Wireshark: https://www.wireshark.org/
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.