RHEL BasedRocky Linux

How To Install Wireshark on Rocky Linux 10

r00t

Install Wireshark on Rocky Linux 10

Network analysis has become an essential component of modern IT infrastructure management. Whether you’re troubleshooting connectivity issues, monitoring traffic patterns, or conducting security audits, having the right tools can make all the difference. Wireshark stands as the industry standard for network protocol analysis, offering comprehensive packet capture and analysis capabilities that network administrators and cybersecurity professionals rely on daily.

Rocky Linux 10 provides an excellent enterprise-grade platform for running Wireshark, combining the stability and security features that organizations demand with the flexibility needed for effective network analysis. This comprehensive guide will walk you through the complete installation process, from initial system preparation to advanced configuration options, ensuring you have a fully functional Wireshark installation ready for professional use.

What is Wireshark?

Wireshark is a free, open-source network protocol analyzer that enables detailed inspection of network traffic in real-time. Originally developed as Ethereal, this powerful tool has evolved into the world’s most widely-used network analysis application, supporting hundreds of protocols and providing deep packet inspection capabilities.

The application excels at capturing and analyzing network packets across various interfaces, including wired, wireless, and virtual connections. Network professionals use Wireshark for troubleshooting network issues, security analysis, protocol development, and educational purposes. Its comprehensive protocol support covers everything from basic TCP/IP communications to complex application-layer protocols.

Wireshark’s strength lies in its ability to decode and present network data in human-readable formats. The tool provides detailed protocol breakdowns, timing information, and statistical analysis that help identify network bottlenecks, security vulnerabilities, and performance issues. Additionally, its powerful filtering capabilities allow users to focus on specific traffic types or communication patterns.

The application includes both graphical and command-line interfaces, with the tshark utility providing scriptable analysis capabilities for automated monitoring scenarios. This flexibility makes Wireshark suitable for both interactive troubleshooting sessions and long-term network monitoring deployments.

Why Use Wireshark on Rocky Linux 10?

Rocky Linux 10 offers several compelling advantages for running Wireshark in enterprise environments. As a community-driven, enterprise-grade Linux distribution, Rocky Linux provides the stability and security features that network analysis workloads demand while maintaining full compatibility with Red Hat Enterprise Linux ecosystem.

The distribution’s long-term support model ensures consistent operation and security updates, critical factors when deploying network analysis tools in production environments. Rocky Linux’s robust package management system through DNF simplifies Wireshark installation and maintenance, while its security-focused default configuration provides a secure foundation for network analysis activities.

Performance considerations make Rocky Linux particularly suitable for network analysis workloads. The distribution’s optimized kernel and system libraries provide efficient packet processing capabilities, essential when capturing high-volume network traffic. Additionally, Rocky Linux’s memory management and scheduling optimizations ensure Wireshark can handle intensive analysis tasks without system degradation.

Enterprise integration capabilities further enhance Rocky Linux’s suitability for Wireshark deployments. The distribution’s Active Directory integration, centralized logging support, and compliance features align well with organizational security policies and audit requirements that often govern network analysis activities.

Prerequisites for Installing Wireshark on Rocky Linux 10

Before beginning the Wireshark installation process, ensure your Rocky Linux 10 system meets the necessary requirements and has the appropriate permissions configured. A fresh installation of Rocky Linux 10 is recommended to avoid potential conflicts with existing software packages or custom configurations.

Administrative privileges are essential for the installation process. You’ll need either root access or a user account with sudo permissions to install packages and configure system settings. If you’re working with a newly deployed system, verify that your user account has been properly added to the sudo group.

Network connectivity is required for downloading packages and dependencies from Rocky Linux repositories. Ensure your system has stable internet access and can reach the configured package repositories. If you’re working in a corporate environment with proxy servers or firewall restrictions, verify that package manager traffic can reach the necessary repositories.

System resource requirements include at least 4GB of RAM for comfortable GUI operation, though Wireshark can function with less memory for basic analysis tasks. Adequate disk space is necessary for package installation and captured packet storage. Plan for several gigabytes of free space, especially if you intend to capture and store large amounts of network traffic.

Network interface availability is crucial for packet capture functionality. Verify that your system has the appropriate network interfaces configured and accessible. Consider the types of network traffic you’ll be analyzing and ensure the necessary interfaces are available and properly configured.

Step 1: Update Your Rocky Linux 10 System

System updates form the foundation of a secure and stable Wireshark installation. Begin by refreshing your package manager’s cache and installing the latest security updates and system patches. This process ensures compatibility with Wireshark’s dependencies and resolves potential security vulnerabilities.

Execute the following commands to update your system:

sudo dnf check-update
sudo dnf makecache --refresh
sudo dnf update -y

The first command checks for available updates without installing them, providing visibility into what changes will be made. The second command refreshes the package metadata cache, ensuring you have the latest package information. The final command performs the actual system update, installing security patches and package updates.

Monitor the update process for any errors or conflicts. Pay particular attention to kernel updates, as these may require a system reboot to take effect. If kernel updates are installed, plan to reboot your system before proceeding with the Wireshark installation to ensure all changes are properly applied.

Verify the update completion by checking the system’s package status and ensuring no broken dependencies remain. This verification step prevents installation issues later in the process and ensures your system is in a clean state for Wireshark installation.

Step 2: Install Required Dependencies

Wireshark depends on several system libraries and development tools that must be installed before the main application. These dependencies provide the underlying functionality for packet capture, protocol analysis, and graphical interface operation.

Install the essential dependencies using the following commands:

sudo dnf install qt5-qtbase-devel
sudo dnf install libpcap-devel
sudo dnf install gcc
sudo dnf groupinstall "Development Tools"

The Qt5 development libraries provide the graphical user interface framework that Wireshark uses for its main application window. These libraries are essential for GUI functionality and must be installed before Wireshark can operate properly.

Libpcap development libraries enable packet capture functionality across various network interfaces. This library provides the low-level packet capture mechanisms that Wireshark relies on for network traffic analysis. Without these libraries, Wireshark cannot access network interfaces for packet capture operations.

GCC and development tools provide the compilation infrastructure needed for certain Wireshark components and plugins. While not always required for basic installations, these tools ensure compatibility with advanced features and custom configurations that may be needed in enterprise environments.

Additional dependencies may be automatically resolved during the Wireshark installation process. The DNF package manager will identify and install any missing dependencies, but installing these core components first ensures a smoother installation experience.

Step 3: Installing Wireshark Using DNF

The DNF package manager provides the most straightforward method for installing Wireshark on Rocky Linux 10. This approach leverages the distribution’s repositories to ensure compatibility and automatic dependency resolution.

Verify Wireshark’s availability in the repositories:

sudo dnf info wireshark

This command displays detailed information about the available Wireshark package, including version numbers, dependencies, and package size. Review this information to ensure the package version meets your requirements.

Install Wireshark using DNF:

sudo dnf install wireshark

The installation process will automatically resolve dependencies and download the necessary packages. DNF will present a summary of packages to be installed and request confirmation before proceeding. Review the package list to ensure all components are included.

Verify the installation by checking the installed version:

wireshark --version

This command confirms that Wireshark has been successfully installed and displays version information. A successful installation will show the Wireshark version number along with compilation details and supported features.

The DNF installation method provides several advantages, including automatic updates through the system’s package management system, integration with Rocky Linux’s security policies, and simplified removal if needed. This approach is recommended for most users and production environments.

Step 4: Installing Wireshark from Source (Optional)

Source code installation offers access to the latest Wireshark features and allows for custom compilation options. This method is particularly useful for development environments or when specific features not available in repository packages are required.

Download the latest Wireshark source code from the official repository:

wget https://www.wireshark.org/download/src/wireshark-latest.tar.xz
tar -xf wireshark-latest.tar.xz
cd wireshark-*

Prepare the build environment by installing additional development dependencies:

sudo dnf install cmake ninja-build
sudo dnf install gtk3-devel
sudo dnf install glib2-devel

Configure the build using CMake:

cmake -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=/usr/local .

This configuration enables optimized compilation with debugging information, which is useful for troubleshooting issues. The installation prefix directs the build system to install Wireshark in the /usr/local directory structure.

Compile and install Wireshark:

ninja
sudo ninja install

The compilation process may take considerable time depending on your system’s performance. Monitor for any compilation errors that might indicate missing dependencies or configuration issues.

Source installation provides flexibility but requires more maintenance, as updates must be manually compiled and installed. Consider this approach only when repository packages don’t meet your specific requirements.

Step 5: Configuring Wireshark for Non-root Users

Security best practices dictate that Wireshark should not run with root privileges for routine operations. Configuring non-root access requires adjusting user permissions and group memberships to allow packet capture without elevated privileges.

Add your user to the wireshark group:

sudo usermod -aG wireshark $USER

This command adds the current user to the wireshark group, which has the necessary permissions for packet capture operations. The group membership enables non-root packet capture while maintaining security boundaries.

Configure the dumpcap binary with appropriate capabilities:

sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

These commands set the correct group ownership and permissions for the dumpcap utility, which handles the actual packet capture operations. The setcap command grants specific network capabilities without requiring full root privileges.

Verify the capability configuration:

getcap /usr/bin/dumpcap

This command should show that the dumpcap binary has the necessary network capabilities enabled. Proper configuration allows non-root users to capture packets while maintaining system security.

Log out and log back in to apply the group membership changes. Group memberships are applied at login time, so a new session is required for the changes to take effect.

Step 6: Launching Wireshark on Rocky Linux 10

Wireshark can be launched through multiple methods, depending on your preferred interface and working environment. The graphical interface provides the most comprehensive analysis capabilities, while command-line tools offer scriptable alternatives for automated tasks.

Launch Wireshark from the command line:

wireshark

This command starts the graphical Wireshark interface, which provides full access to all analysis features. The GUI will display available network interfaces and allow you to begin packet capture operations immediately.

Install Wireshark on Rocky Linux 10

Access Wireshark through the desktop environment by navigating to Applications > Internet > Wireshark, or search for “Wireshark” in your application launcher. Desktop integration provides convenient access and maintains consistency with other graphical applications.

Verify interface detection by checking the main window’s interface list. Wireshark should display all available network interfaces, including wired, wireless, and virtual connections. If interfaces are missing, review the non-root configuration steps to ensure proper permissions.

The tshark command-line utility provides scriptable analysis capabilities:

tshark --help

This command displays tshark’s extensive command-line options, enabling automated packet capture and analysis tasks. Tshark is particularly useful for remote systems or automated monitoring scripts.

Step 7: Basic Usage and Capturing Packets

Wireshark’s packet capture functionality begins with selecting the appropriate network interface for your analysis requirements. The interface selection depends on the type of traffic you want to analyze and the network topology you’re investigating.

Select a network interface from the main window’s interface list. Each interface shows real-time activity indicators, helping you identify active connections. Consider the following factors when choosing an interface:

  • Wired interfaces (eth0, enp0s3) for analyzing wired network traffic
  • Wireless interfaces (wlan0, wlp2s0) for wireless network analysis
  • Virtual interfaces (virbr0, docker0) for virtualized environment monitoring
  • Loopback interface (lo) for local system communication analysis

Configure capture filters to focus on specific traffic types:

host 192.168.1.1
port 80
tcp and port 443

These filters limit packet capture to specific hosts, ports, or protocols, reducing capture file size and improving analysis efficiency. Apply filters before starting capture to avoid collecting irrelevant traffic.

Start packet capture by clicking the shark fin icon or pressing Ctrl+E. Wireshark will begin capturing packets immediately, displaying them in real-time in the main window. The capture process continues until manually stopped or system resources are exhausted.

Monitor capture statistics through the Status Bar, which displays packet counts, capture duration, and dropped packet information. This information helps assess capture performance and identify potential issues.

Stop packet capture using the red square icon or Ctrl+E. Wireshark will finalize the capture file and enable detailed analysis of the collected packets. Save important captures using File > Save As to preserve analysis results.

Apply display filters to analyze specific traffic patterns:

ip.addr == 192.168.1.100
tcp.port == 80
http.request.method == GET

Display filters operate on captured packets, allowing you to focus on specific communications without recapturing traffic. These filters are essential for analyzing large capture files effectively.

Troubleshooting Common Installation Issues

Installation problems can arise from various sources, including dependency conflicts, permission issues, or system configuration problems. Understanding common issues and their solutions helps ensure successful Wireshark deployment.

Dependency Resolution Failures

Missing dependencies often cause installation failures. Use the following commands to identify and resolve dependency issues:

sudo dnf check
sudo dnf makecache --refresh
sudo dnf install --assumeyes --skip-broken

These commands check for broken dependencies, refresh package metadata, and attempt to install packages while skipping problematic components.

Permission Denied Errors

Permission issues prevent proper packet capture functionality. Verify group membership and capabilities:

groups $USER
getcap /usr/bin/dumpcap
ls -l /usr/bin/dumpcap

If permissions are incorrect, repeat the non-root configuration steps outlined in Step 5.

Interface Detection Problems

Missing network interfaces in Wireshark may indicate permission or driver issues. Check interface availability:

tcpdump -D
ip link show

These commands display available interfaces from the system perspective. If interfaces are missing, verify network driver installation and configuration.

Qt5 GUI Issues

Graphical interface problems on GNOME desktop environments may require additional configuration. The Qt file picker dialog can become dysfunctional, showing erratic sizing behavior. Install gtk3-devel and related packages to improve Qt5 integration:

sudo dnf install gtk3-devel
sudo dnf install qt5-qtbase-gui

Library Compatibility Errors

Missing shared libraries can prevent Wireshark from starting. Check for missing libraries:

ldd /usr/bin/wireshark

This command identifies missing library dependencies that must be resolved through package installation.

Security Considerations When Using Wireshark

Network packet analysis involves significant security implications that must be carefully considered in enterprise environments. Proper security practices protect both the analysis system and the network infrastructure being monitored.

Principle of Least Privilege

Configure Wireshark to operate with minimal necessary privileges. Avoid running Wireshark as root except when absolutely required for specific analysis tasks. Use the non-root configuration described in Step 5 to maintain security boundaries while enabling packet capture functionality.

Data Privacy and Compliance

Packet capture activities may involve sensitive data that requires protection under various privacy regulations. Implement appropriate controls for:

  • Data encryption for stored capture files
  • Access controls limiting who can perform packet capture
  • Audit trails documenting analysis activities
  • Data retention policies governing capture file storage

Network Access Controls

Limit packet capture access to authorized personnel and systems. Consider implementing network segmentation to isolate analysis activities from production traffic. Use VLANs or dedicated analysis networks when possible to minimize security exposure.

Secure Storage and Analysis

Store capture files on encrypted file systems and implement secure deletion procedures for sensitive analysis data. Use dedicated analysis workstations isolated from production networks when analyzing potentially malicious traffic.

Monitoring and Auditing

Implement logging and monitoring for Wireshark usage to maintain visibility into analysis activities. Track who performs packet capture, what interfaces are monitored, and how long analysis sessions last. This information supports security audits and compliance requirements.

Congratulations! You have successfully installed Wireshark. Thanks for using this tutorial for installing Wireshark on your Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Wireshark website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button