How To Install Wireshark on Manjaro

Wireshark stands as one of the most powerful and widely-used network protocol analyzers available today. For Manjaro Linux users interested in network analysis, security testing, or troubleshooting connectivity issues, installing Wireshark provides essential capabilities for deep packet inspection and network monitoring. This comprehensive guide walks you through multiple installation methods, configuration steps, and basic usage techniques to get you started with Wireshark on Manjaro Linux.

Table of Contents

What is Wireshark?

Wireshark is a free, open-source network packet analyzer that allows you to examine network traffic in real-time. Originally known as Ethereal until a trademark issue prompted its rebranding in 2006, Wireshark has become the industry standard tool for network analysis across various platforms including Linux, Windows, and macOS.

The application captures network packets and displays them in a detailed format, allowing users to inspect individual packets at a microscopic level. This capability makes Wireshark invaluable for:

Network administrators monitoring and troubleshooting network issues
Security professionals analyzing potential network vulnerabilities or intrusions
Developers debugging network-related code
Students learning about network protocols
IT professionals investigating performance bottlenecks

Wireshark supports analysis of hundreds of protocols, with regular updates adding support for new and emerging network technologies. Its user-friendly interface combines with powerful filtering capabilities, making it accessible to beginners while providing the depth needed by experienced network analysts.

Why Use Wireshark on Manjaro?

Manjaro Linux offers several advantages when running Wireshark that make this combination particularly effective:

Rolling release model: Manjaro’s rolling release approach ensures you always have access to the latest Wireshark features and security updates
Performance optimization: Manjaro’s efficiency translates to smooth performance when capturing and analyzing large network traces
Package availability: Wireshark is readily available in Manjaro’s official repositories, simplifying installation
Integration with Linux networking tools: Seamlessly works alongside other Linux networking utilities like tcpdump, nmap, and iftop
Community support: Both Manjaro and Wireshark have active communities providing assistance and resources

Additionally, the open-source nature of both Wireshark and Manjaro aligns with the philosophy of transparency and community-driven development, making them natural companions for users who value these principles in their computing environment.

Prerequisites Before Installation

Before proceeding with Wireshark installation on your Manjaro system, ensure you have the following prerequisites in place:

System Requirements

A functioning Manjaro Linux installation (works on all desktop environments including GNOME, KDE, and Xfce)
At least 500MB of free disk space for the application and its dependencies
Minimum 4GB RAM recommended for analyzing larger capture files
Administrative access (sudo privileges) on your system
Working internet connection for downloading packages

Pre-Installation Steps

Check for Existing Installation

which wireshark

If the command returns a path, Wireshark is already installed.

Update Package Database
Always ensure your system is up-to-date before installing new software:

sudo pacman -Syu

This command synchronizes your package database and upgrades all installed packages to their latest versions, ensuring compatibility with new installations.

Backup Important Data
While not strictly necessary, it’s good practice to back up important data before installing major software packages, especially if you plan to use Wireshark for sensitive network analysis tasks.

Method 1: Installing Wireshark Using Terminal

The terminal method provides the most direct approach to installing Wireshark on Manjaro. Follow these steps for a clean installation:

Updating System Repositories

First, ensure your system’s package database is synchronized with the latest repositories:

sudo pacman -Syu

This command:

-S: Synchronizes the package databases
y: Downloads fresh package databases from the server
u: Upgrades all packages that can be upgraded

Wait for the system update process to complete before continuing. This step ensures you’ll be installing the latest version of Wireshark available in the repositories.

Installation Command

Now, install Wireshark using the following command:

sudo pacman -S wireshark-qt

During installation, you’ll be prompted to confirm the download and installation. Review the packages to be installed, which will include Wireshark and its dependencies, then press ‘Y’ to proceed.

The -qt suffix indicates you’re installing the version with the Qt graphical interface, which offers a more modern and user-friendly experience compared to the older GTK interface. If you prefer the GTK version instead, you can install it using:

sudo pacman -S wireshark-gtk

However, the Qt version is recommended for most users as it receives more active development and updates.

Verifying Installation

After the installation completes, verify that Wireshark installed correctly by running:

wireshark --version

This should display the version information for your newly installed Wireshark. To launch the application, simply type:

wireshark

If the installation was successful, Wireshark should start with its interface displayed. If you encounter any errors at this stage, try logging out and logging back in, as some system environment variables might need to be refreshed.

Method 2: Installing Wireshark Through GUI

For users who prefer graphical interfaces over command-line operations, Manjaro offers a straightforward way to install Wireshark through its package manager:

Opening Add/Remove Software

The steps may vary slightly depending on your desktop environment:

For GNOME:

Click on “Activities” in the top-left corner
Type “Add/Remove Software” in the search bar
Click on the Add/Remove Software application icon

For KDE Plasma:

Click on the application launcher (typically in the bottom-left corner)
Navigate to “Applications” > “System” or search for “Add/Remove Software”
Click on the Add/Remove Software application

For Xfce:

Click on the Whisker Menu (typically in the top-left or bottom-left corner)
Search for “Add/Remove Software”
Click on the Add/Remove Software application icon

Searching for Wireshark

Once the package manager is open:

Click on the search icon or directly use the search bar
Type “wireshark” and press Enter
The search results will display various Wireshark-related packages
Look for “Wireshark” (usually labeled as “Network Protocol Analyzer”) from the Official Repositories

Installation Process

To install Wireshark from the graphical interface:

Click on “Wireshark” from the search results to view details
Click the “Install” button next to the package name
Review any dependencies that will be installed
Click “Apply” at the bottom of the window
Enter your password when prompted for authentication
Wait for the installation to complete, which you can monitor via the progress bar

Post-Installation Options

After installation completes:

You’ll see “Launch,” “Remove,” and “Reinstall” buttons
Click “Launch” to start Wireshark immediately, or
Find Wireshark in your application menu later:
- In GNOME: Activities > Show Applications > Wireshark
- In KDE: Application Launcher > Internet or Network > Wireshark
- In Xfce: Whisker Menu > Internet > Wireshark

Method 3: Installing Wireshark Using Flatpak

Flatpak provides a universal packaging system that works across different Linux distributions. Installing Wireshark via Flatpak offers benefits like isolation from the system and automatic updates. Here’s how to do it:

Installing Flatpak

First, you need to install Flatpak if it’s not already available on your system:

sudo pacman -S flatpak

Confirm the installation when prompted by pressing ‘Y’.

Enabling Flathub Repository

After installing Flatpak, you need to add the Flathub repository, which hosts numerous applications including Wireshark:

sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

The --if-not-exists flag ensures the command won’t produce an error if you already have the repository added.

Installing Wireshark via Flatpak

Now you can install Wireshark using Flatpak with the following command:

flatpak install flathub org.wireshark.Wireshark

During this process:

You’ll be shown a list of packages to be installed, including Wireshark and its dependencies
Type ‘y’ to confirm the installation
Wait for the download and installation to complete

The Flatpak installation may take longer than the pacman method as it needs to download the application and all of its runtime dependencies.

Running Flatpak-installed Wireshark

To launch the Flatpak version of Wireshark, use:

flatpak run org.wireshark.Wireshark

Alternatively, you can find and launch it from your desktop environment’s application menu like any other application.

The Flatpak version runs in a sandbox environment, which provides additional security but may have limited access to certain system resources. This sandboxing is generally not a problem for most Wireshark functionalities, but be aware that accessing certain network interfaces might require additional permissions.

Post-Installation Configuration

After installing Wireshark, additional configuration is necessary to use it effectively, particularly regarding permissions for capturing packets:

User Permissions Setup

By default, only the root user can capture packets on network interfaces in Linux. To allow your regular user account to capture packets without running Wireshark as root (which would be a security risk), you need to add your user to the “wireshark” group:

sudo usermod -aG wireshark $USER

This command:

usermod: Modifies a user account
-aG: Adds the user to a supplementary group without removing them from existing groups
wireshark: The group being added
$USER: Environment variable that represents your current username

After running this command, you must log out and log back in for the group changes to take effect. To verify your user has been added to the wireshark group:

groups $USER

Your output should include “wireshark” among the listed groups.

Fixing Permission Issues

If you encounter “Permission denied” errors when trying to capture packets, you may need to ensure the dumpcap utility (which Wireshark uses to capture packets) has the correct permissions:

sudo chmod +x /usr/bin/dumpcap

For more comprehensive permission fixing, you can also ensure the dumpcap binary has the necessary capabilities:

sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap

This grants dumpcap the capabilities needed to capture network traffic without requiring root privileges every time.

First Launch Configuration

When you launch Wireshark for the first time, you might encounter a setup wizard:

Network Interface Selection: Choose which network interfaces you want Wireshark to monitor
Color Rules Setup: Wireshark uses color coding to help identify different types of traffic
Profile Configuration: Choose between Default profile or create custom profiles for different analysis scenarios
Protocol Preferences: Set default behaviors for protocol analyzers

Take time to familiarize yourself with these settings, as they can significantly enhance your workflow when using Wireshark regularly.

Install Wireshark on Manjaro

Basic Usage Guide

After successful installation and configuration, here’s how to begin using Wireshark for basic packet capture and analysis:

Starting Packet Capture

To start capturing packets:

Launch Wireshark
The main interface will show all available network interfaces
Double-click on the interface you want to monitor (e.g., eth0, wlan0)
- Interfaces with activity show a graph indicating traffic levels
- Hover over interfaces to see additional details like IP addresses
Once you click an interface, Wireshark immediately begins capturing packets
To stop capturing, click the red square “Stop” button in the toolbar

For more controlled capture:

Instead of double-clicking, select the interface
Click the gear icon next to it or use Capture > Options
Configure capture parameters such as:
- Capture filter expressions
- Buffer size
- Name resolution options
- Output file settings
Click “Start” to begin capturing with these custom settings

Using Display Filters

Wireshark’s power comes from its filtering capabilities. The display filter bar is located below the toolbar:

Click in the filter bar and start typing
- The bar changes color to indicate valid (green) or invalid (red) filter syntax
- Autocomplete suggestions appear as you type
Some common filter examples:
- http: Show only HTTP traffic
- ip.addr == 192.168.1.1: Show only traffic to/from a specific IP
- tcp.port == 443: Show only HTTPS traffic
- !(arp or dns): Exclude ARP and DNS traffic
Press Enter or click “Apply” to activate the filter
Click the “X” to clear the filter and show all packets again

You can save frequently used filters by clicking the “+” button next to the filter bar.

Analyzing Network Traffic

To analyze the captured packets:

The packet list pane (top section) shows individual packets with summary information
Click on a packet to select it
The packet details pane (middle section) shows the protocol layers in an expandable tree
The packet bytes pane (bottom section) shows the raw hexadecimal and ASCII data
Use the packet details tree to drill down into specific protocol fields
Right-click on fields for additional options like:
- “Apply as Filter” to create a filter based on that field
- “Follow TCP Stream” to see the entire conversation
- “Create a Rule” to highlight similar packets

For overview analysis, check Statistics > Protocol Hierarchy to see a breakdown of protocols in your capture.

Advanced Configuration

As you become more familiar with Wireshark, you may want to customize its behavior for more efficient analysis:

Customizing Wireshark Interface

Wireshark’s interface is highly customizable:

Go to View > Appearance
Under “Layout”, you can choose different arrangements for the packet list, details, and bytes panes
Under “Columns,” modify what information is displayed in the packet list:
- Add columns like “Destination Port” or “Packet Length”
- Remove unnecessary columns
- Reorder columns by dragging them
Under “Font”, adjust the display font for better readability
Under “Colors”, configure coloring rules for packet types

Setting Up Profiles

Profiles allow you to maintain different configurations for different analysis scenarios:

Go to Edit > Configuration Profiles
Click “+” to create a new profile
Give it a descriptive name (e.g., “Wireless Analysis” or “HTTP Debugging”)
Configure display filters, coloring rules, and columns specific to that profile
Switch between profiles using the profile dropdown in the bottom right corner
Export profiles (Edit > Configuration Profiles > Export) to share with colleagues

Performance Optimization

When working with large capture files or on systems with limited resources:

Limit memory usage in Edit > Preferences > Advanced
Increase the capture buffer size to prevent packet drops during busy captures
Use capture filters (different from display filters) to reduce the amount of data captured
For very large captures, consider using command-line tools like tshark for initial processing
Enable name resolution only when needed, as it can slow down packet processing

Troubleshooting Common Issues

Even with careful installation and configuration, you might encounter issues. Here are solutions to the most common problems:

Installation Problems

Package Dependency Issues:

sudo pacman -Syyu

Perform a full system update and try reinstalling Wireshark.

Repository Connection Errors:

Check your internet connection
Try changing mirrors:
```
sudo pacman-mirrors -f 5
```

Then update and reinstall:

sudo pacman -Syyu
sudo pacman -S wireshark-qt

Incomplete Installation:
If Wireshark was partially installed:

sudo pacman -S --needed wireshark-qt

The --needed flag will install missing components while preserving existing ones.

Capture Permission Errors

“Dumpcap could not be executed” Error:

Verify your group membership:
```
groups $USER | grep wireshark
```
If the wireshark group is missing, add your user to it:
```
sudo usermod -aG wireshark $USER
```
Then log out and log back in.

“Permission denied” When Capturing:
Apply the necessary capabilities to dumpcap:

sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap

Interface Access Issues:
For wireless interfaces in monitor mode, you may need additional permissions:

sudo chmod o+x /usr/bin/dumpcap

Or temporarily run as root for testing purposes only:

sudo wireshark

(Not recommended for regular use)

Interface Detection Issues

Network Interfaces Not Showing:

Check if interfaces exist:
```
ip a
```
Verify interface drivers are loaded:
```
lsmod | grep your_network_driver
```
Try running Wireshark with elevated privileges (temporarily):
```
sudo wireshark
```

Virtual Interfaces Not Available:
For analyzing virtual interfaces (like docker0 or veth):

sudo ip link set docker0 promisc on

Replace “docker0” with your virtual interface name.

Updating and Maintaining Wireshark

Keeping Wireshark updated ensures you have the latest protocol support and security fixes:

Keeping Wireshark Updated

Update Wireshark along with your system:

sudo pacman -Syu

To check your current Wireshark version:

wireshark --version

For Flatpak installations:

flatpak update org.wireshark.Wireshark

Plugin Management

Wireshark’s functionality can be extended with plugins:

Install external dissectors (protocol analyzers):
```
sudo pacman -S wireshark-cli
```
Many dissectors come with the CLI package
Check loaded plugins in Wireshark:
Help > About Wireshark > Plugins
Custom plugins can be placed in:
- System-wide: /usr/lib/wireshark/plugins/
- User-specific: ~/.local/lib/wireshark/plugins/

Configuration Backup

Back up your Wireshark configuration before major updates:

Personal configuration files are stored in:
~/.config/wireshark/
Export your profiles:
Edit > Configuration Profiles > Export All
To reset to default settings:
```
rm -rf ~/.config/wireshark
```
(Use with caution as this deletes all custom settings)

Congratulations! You have successfully installed Wireshark. Thanks for using this tutorial for installing the Wireshark network protocol analyzer on your Manjaro Linux system. For additional or useful information, we recommend you check the official Wireshark website.

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!