Raspberry Pi

How to Install and Use Wireshark on Raspberry Pi

Wireshark is a widely used open-source application designed for monitoring the network traffic on several network interfaces. It provides different features through which you can monitor network traffic by analyzing the data packets that come from a network source. It’s pretty much helpful in network troubleshooting, analyzing and software development purposes. You can install and use Wireshark on your Raspberry Pi device using the instructions provided in this article.

How to Install and Use Wireshark on Raspberry Pi

Due to the growing demand for Wireshark, the Raspberry Pi developers include its repository into the official source list of your Raspberry Pi thus, it makes the installation process quite simple by using the following steps:

Step 1: Upgrade Raspberry Pi Packages

First, you must upgrade your current Raspberry Pi packages list through the following command so that you can install the latest version of software on your device.

$ sudo apt update && sudo apt upgrade -y

 

The above command successfully upgrades the packages on your system.

Step 2: Install Wireshark on Raspberry Pi

Once you successfully upgrade the Raspberry Pi system, you can apply the below-mentioned command to install Wireshark on your Raspberry Pi device:

$ sudo apt install wireshark -y

 

During the installation, a configuring window will appear on your Raspberry Pi terminal and to complete the installation, select the “NO” option as it is recommended.

Step 3: Run Wireshark on Raspberry Pi

After completing the installation of Wireshark on Raspberry Pi, you can run the application on your desktop using the following command:

$ sudo wireshark

 

The reason we are using “sudo” command is that Wireshark allows only the current Raspberry Pi user to perform the network-related activities.

Step 4: Using Wireshark on Raspberry Pi

Once you open the Wireshark application, the first thing you have to do is to select your network interface to monitor the traffic. In our case, we have a Wireless connection, so we are picking “wlan0”. After the selection, click on the shark’s fin icon to monitor network traffic.


You will see three different parts combined together on a single window. The first part shows you the packet list, where you will see all captured packets on the network. The second part shows the packet details in a readable text format. The third part shows you the packet contents in bytes and hexadecimal format.


You will need to open any packet in the first section by double clicking it and you will get the macroscopic information of the selected packet.


The above output shows the source and destination addresses of the packet, port and sequence numbers. If you want to stop the network traffic monitoring, you can click on the red stop button.

Conclusion

Wireshark is a robust platform to monitor network traffic on different network interfaces and you can analyze the data packet from a network source right onto the software. The Wireshark installation can easily be done using the simple installation command mentioned above, and after completing the installation, you must select your network interface to start monitoring the network traffic. However, before installing this application, you must have enough knowledge of the networking as this will be quite helpful in understanding the working of this application.

About the author

Awais Khan

I'm an Engineer and an academic researcher by profession. My interest for Raspberry Pi, embedded systems and blogging has brought me here to share my knowledge with others.